https://issues.dlang.org/show_bug.cgi?id=11435

--- Comment #4 from safety0ff.bugz <safety0ff.bugz@gmail.com> ---
(In reply to monarchdodra from comment #1)
>
> Have you been unable to reproduce locally, or do you just have no access to 32 bit machines? I had tried to reproduce locally before, but failed. I'll try again with your reduced code though.

Today I set up a FreeBSD VM (GhostBSD via virtual box,) and I can finally
reproduce the bug.

--

https://issues.dlang.org/show_bug.cgi?id=11435

safety0ff.bugz <safety0ff.bugz@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Nondeterministic 32bit      |-O optimization flag causes
                   |release mode access         |invalid codegen
                   |violation                   |
           Severity|normal                      |critical

--- Comment #5 from safety0ff.bugz <safety0ff.bugz@gmail.com> ---
I've managed to reduce it to a test that consistently fails.
The reduced test case is posix only (posix with MAP_ANON extension,) but the
bug manifests itself on all 32 bit x86 platforms.

Disassembly snippet:
Here is part of the loop in S.foo(), DMD creates a 4 byte read on <+85>, but it
is only valid to read one byte. This causes the segfault.
ebx is the loop index and ecx is the pointer to the array.
   <+80>:    mov    -0x4(%ebp),%ecx
   <+83>:    mov    %esi,%eax
=> <+85>:    pushl  (%ebx,%ecx,1)
   <+88>:    push   %ebx
   <+89>:    call   0x8070f70 <_D6_114351S13opIndexAssignMFbkZb>
   <+94>:    inc    %ebx
   <+95>:    cmp    0x8(%ebp),%ebx
   <+98>:    jb     0x8070f41 <_D6_114351S3fooMFAbZv+65>

--

https://issues.dlang.org/show_bug.cgi?id=11435

--- Comment #6 from safety0ff.bugz <safety0ff.bugz@gmail.com> ---
Created attachment 1358
  --> https://issues.dlang.org/attachment.cgi?id=1358&action=edit
Posix reduced test

--

https://issues.dlang.org/show_bug.cgi?id=11435

safety0ff.bugz <safety0ff.bugz@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|-O optimization flag causes |-O optimization flag causes
                   |invalid codegen             |invalid 32 bit codegen

--

https://issues.dlang.org/show_bug.cgi?id=11435

Lionello Lunesu <lio+bugzilla@lunesu.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |lio+bugzilla@lunesu.com

--- Comment #7 from Lionello Lunesu <lio+bugzilla@lunesu.com> ---
I can confirm this is an issue on OSX as well,

$ dmd -g -m32 -O _11435.d
$ ./_11435
249000
Bus error: 10

--

https://issues.dlang.org/show_bug.cgi?id=11435

--- Comment #8 from safety0ff.bugz <safety0ff.bugz@gmail.com> ---
I managed to work around this issue by modifying the following code from src/backend/cod1.c: (line ~3573)

    if (sz <= REGSIZE)
    {   // Watch out for single byte quantities being up
        // against the end of a segment or in memory-mapped I/O
        if (!(config.exe & EX_flat) && szb == 1)
            break;
        goto L1;            // can handle it with loadea()
    }

I changed the condition to:
    if (szb < REGSIZE)
        break;

I did not test further fixes since this was good enough for me. This should be enough information to create a "proper" fix.

--

https://issues.dlang.org/show_bug.cgi?id=11435

yebblies <yebblies@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |wrong-code
                 CC|                            |yebblies@gmail.com

--

https://issues.dlang.org/show_bug.cgi?id=11435

--- Comment #9 from yebblies <yebblies@gmail.com> ---
Windows test case:


import core.sys.windows.windows;
import core.stdc.string;

extern(C) int printf(in char*, ...);

alias T = byte;

void fun(T c, T b, T a)
{
    printf("%d %d %d\n", a, b, c);
}

void abc(T[] b, size_t index)
{
    fun(b[index+1], b[index+2], b[index+3]);
}

void main()
{
    auto p = VirtualAlloc(null, 4096, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
    assert(p);
    memset(p, 0, 4096);
    abc((cast(T*)(p + 4090))[0..4], 0);
}

--

https://issues.dlang.org/show_bug.cgi?id=11435

--- Comment #10 from yebblies <yebblies@gmail.com> ---

And the same thing for short (I think)

import core.sys.windows.windows;
import core.stdc.string;

extern(C) int printf(in char*, ...);

alias T = short;

void fun(T c, T b, int v)
{
    printf("%d %d\n", b);
}

void abc(T[] b, size_t index)
{
    fun(b[0], b[1], 0);
}

void main()
{
    auto p = VirtualAlloc(null, 4096, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
    assert(p);
    memset(p, 0, 4096);
    auto px = (cast(T*)(p + 4096 - 2 * T.sizeof));
    printf("%p\n", px+1);
    abc(px[0..2], 0);
}

--

https://issues.dlang.org/show_bug.cgi?id=11435

yebblies <yebblies@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |pull
           Assignee|nobody@puremagic.com        |yebblies@gmail.com

--- Comment #11 from yebblies <yebblies@gmail.com> ---
https://github.com/D-Programming-Language/dmd/pull/3806

--