This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
snapshot 20010527 generates code which reads from below %esp (on i686-pc-linux-gnu)
- To: <gcc-bugs at gcc dot gnu dot org>
- Subject: snapshot 20010527 generates code which reads from below %esp (on i686-pc-linux-gnu)
- From: "Julian Seward (Intl Vendor)" <v-julsew at microsoft dot com>
- Date: Fri, 1 Jun 2001 07:29:04 -0700
--------------------------------- DESCRIPTION
------------------------------
When compiled with g++ shown below, with -O2 -mcpu=i686, the resulting
code for BandMatrix::ReSize(int n, int lb, int ub) reads memory below
%esp towards the end of the function, which is potentially fatal if
the stack is trashed by a signal delivery at that precise moment.
This is very sensitive to flags. The problem does not appear for any
of the following flags:
-O2 -mcpu=i586
-O
-O -mcpu=i686
-O -mcpu=i586
I can only reproduce it with -O2 -mcpu=i686.
Attached: version info
preprocessed source
-v log of compilation
gdb session fragment showing register values at offending insn
.s with indication of offending insn (search for OFFENDING)
Platform is i686-pc-linux-gnu.
--------------------------------- VERSIONS
---------------------------------
localhost:~/newmat10$ /home/sewardj/Gcc30/Inst/bin/g++ -v
Reading specs from
/home/sewardj/Gcc30/Inst/lib/gcc-lib/i686-pc-linux-gnu/3.0/specs
Configured with: ../gcc-3.0-20010527/configure
--prefix=/home/sewardj/Gcc30/Inst --enable-languages=c++
Thread model: single
gcc version 3.0 20010526 (prerelease)
localhost:~/newmat10$ uname -a
Linux localhost.localdomain 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686
unknown
(RedHat 7.1)
--------------------------------- PREPROCESSED
SOURCE-----------------------
# 2 "bogon.cpp"
class Tracer
{
const char* entry;
Tracer* previous;
public:
Tracer(const char*);
~Tracer();
void ReName(const char*);
static void PrintTrace();
static void AddTrace();
};
static Tracer* last;
inline Tracer::Tracer(const char* e)
: entry(e), previous(last) { last = this; }
inline Tracer::~Tracer() { last = previous; }
inline void Tracer::ReName(const char* e) { entry=e; }
class GeneralMatrix {
int wurble;
public:
void ReSize(int,int,int);
void CornerClear() const;
GeneralMatrix();
};
class BandMatrix : public GeneralMatrix {
public:
void ReSize(int,int,int);
void CornerClear() const;
};
void BandMatrix::ReSize(int n, int lb, int ub)
{
Tracer tr("BandMatrix::ReSize");
int lower = (lb<=n) ? lb : n-1;
int upper = (ub<=n) ? ub : n-1;
GeneralMatrix::ReSize(n,n,n*(lower+1+upper));
CornerClear();
}
void BandMatrix::CornerClear() const
{
}
void GeneralMatrix::ReSize(int n, int lb, int ub)
{
}
GeneralMatrix::GeneralMatrix() : wurble(42)
{
}
int main ( void )
{
BandMatrix zzz;
zzz.ReSize(0,0,0);
return 0;
}
--------------------------------- COMPILATION
------------------------------
localhost:~/newmat10$ /home/sewardj/Gcc30/Inst/bin/g++ -o bogon
bogon.cpp -O2 -mcpu=i686 -save-temps -v
Reading specs from
/home/sewardj/Gcc30/Inst/lib/gcc-lib/i686-pc-linux-gnu/3.0/specs
Configured with: ../gcc-3.0-20010527/configure
--prefix=/home/sewardj/Gcc30/Inst --enable-languages=c++
Thread model: single
gcc version 3.0 20010526 (prerelease)
/home/sewardj/Gcc30/Inst/lib/gcc-lib/i686-pc-linux-gnu/3.0/cpp0
-lang-c++ -D_GNU_SOURCE -D__GNUG__=3 -D__GXX_DEPRECATED -D__EXCEPTIONS
-D__GXX_ABI_VERSION=100 -v -D__GNUC__=3 -D__GNUC_MINOR__=0
-D__GNUC_PATCHLEVEL__=0 -D__ELF__ -Dunix -Dlinux -D__ELF__ -D__unix__
-D__linux__ -D__unix -D__linux -Asystem=posix -D__OPTIMIZE__
-D__STDC_HOSTED__=1 -Acpu=i386 -Amachine=i386 -Di386 -D__i386 -D__i386__
-D__tune_i686__ -D__tune_pentiumpro__ bogon.cpp bogon.ii
GNU CPP version 3.0 20010526 (prerelease) (cpplib) (i386 Linux/ELF)
ignoring nonexistent directory
"/home/sewardj/Gcc30/Inst/i686-pc-linux-gnu/include"
#include "..." search starts here:
#include <...> search starts here:
/home/sewardj/Gcc30/Inst/include/g++-v3
/home/sewardj/Gcc30/Inst/include/g++-v3/i686-pc-linux-gnu
/home/sewardj/Gcc30/Inst/include/g++-v3/backward
/usr/local/include
/home/sewardj/Gcc30/Inst/lib/gcc-lib/i686-pc-linux-gnu/3.0/include
/usr/include
End of search list.
/home/sewardj/Gcc30/Inst/lib/gcc-lib/i686-pc-linux-gnu/3.0/cc1plus
-fpreprocessed bogon.ii -quiet -dumpbase bogon.cpp -mcpu=i686 -O2
-version -o bogon.s
GNU CPP version 3.0 20010526 (prerelease) (cpplib) (i386 Linux/ELF)
GNU C++ version 3.0 20010526 (prerelease) (i686-pc-linux-gnu)
compiled by GNU C version 3.0 20010526 (prerelease).
as --traditional-format -V -Qy -o bogon.o bogon.s
GNU assembler version 2.10.91 (i386-redhat-linux) using BFD version
2.10.91.0.2
/home/sewardj/Gcc30/Inst/lib/gcc-lib/i686-pc-linux-gnu/3.0/collect2 -m
elf_i386 -dynamic-linker /lib/ld-linux.so.2 -o bogon /usr/lib/crt1.o
/usr/lib/crti.o
/home/sewardj/Gcc30/Inst/lib/gcc-lib/i686-pc-linux-gnu/3.0/crtbegin.o
-L/home/sewardj/Gcc30/Inst/lib/gcc-lib/i686-pc-linux-gnu/3.0
-L/home/sewardj/Gcc30/Inst/lib/gcc-lib/i686-pc-linux-gnu/3.0/../../..
bogon.o -lstdc++ -lm -lgcc_s -lc -lgcc_s
/home/sewardj/Gcc30/Inst/lib/gcc-lib/i686-pc-linux-gnu/3.0/crtend.o
/usr/lib/crtn.o
--------------------------------- GDB SESSION NEAR OFFENDING INSN
----------
0x08048727 44 GeneralMatrix::ReSize(n,n,n*(lower+1+upper));
1: x/i $eip 0x8048727 <_ZN10BandMatrix6ReSizeEiii+71>: call 0x8048770
<_ZN13GeneralMatrix6ReSizeEiii>
(gdb)
45 CornerClear();
1: x/i $eip 0x804872c <_ZN10BandMatrix6ReSizeEiii+76>: mov
%esi,(%esp,1)
(gdb)
0x0804872f 45 CornerClear();
1: x/i $eip 0x804872f <_ZN10BandMatrix6ReSizeEiii+79>: call 0x8048760
<_ZNK10BandMatrix11CornerClearEv>
(gdb)
0x08048734 45 CornerClear();
1: x/i $eip 0x8048734 <_ZN10BandMatrix6ReSizeEiii+84>: add
$0x10,%esp
(gdb)
46 }
1: x/i $eip 0x8048737 <_ZN10BandMatrix6ReSizeEiii+87>: lea
0xfffffff8(%ebp),%esp
(gdb)
45 CornerClear();
1: x/i $eip 0x804873a <_ZN10BandMatrix6ReSizeEiii+90>: mov
0x4(%ebx),%eax
(gdb) p/x $esp
$1 = 0xbffff930
(gdb) p/x (4 + $ebx)
$2 = 0xbffff92c
(gdb)
-- %ebx + 4 < %esp !!!
--------------------------------- ASSEMBLY
---------------------------------
.file "bogon.ii"
.globl _Unwind_Resume
.section .rodata
.LC0:
.string "BandMatrix::ReSize"
.text
.align 16
.globl _ZN10BandMatrix6ReSizeEiii
.type _ZN10BandMatrix6ReSizeEiii,@function
_ZN10BandMatrix6ReSizeEiii:
.LFB1:
pushl %ebp
.LCFI0:
movl %esp, %ebp
.LCFI1:
movl last, %eax
pushl %esi
.LCFI2:
pushl %ebx
.LCFI3:
subl $16, %esp
.LCFI4:
movl 16(%ebp), %edx
movl %eax, -12(%ebp)
leal -16(%ebp), %ebx
movl 12(%ebp), %ecx
movl $.LC0, -16(%ebp)
movl 8(%ebp), %esi
movl %ebx, last
cmpl %ecx, %edx
jle .L4
leal -1(%ecx), %edx
.L4:
movl 20(%ebp), %eax
cmpl %ecx, %eax
jle .L6
leal -1(%ecx), %eax
.L6:
leal 1(%eax,%edx), %edx
movl %ecx, %eax
imull %edx, %eax
pushl %eax
pushl %ecx
pushl %ecx
pushl %esi
.LEHB0:
.LCFI5:
call _ZN13GeneralMatrix6ReSizeEiii
movl %esi, (%esp)
call _ZNK10BandMatrix11CornerClearEv
.LEHE0:
addl $16, %esp
leal -8(%ebp), %esp
# THIS IS THE OFFENDING INSN
movl 4(%ebx), %eax
popl %ebx
movl %eax, last
popl %esi
popl %ebp
ret
.p2align 4,,7
.L18:
movl 4(%ebx), %edx
subl $12, %esp
pushl %eax
movl %edx, last
.LEHB1:
call _Unwind_Resume
.LEHE1:
.LFE1:
.Lfe1:
.size
_ZN10BandMatrix6ReSizeEiii,.Lfe1-_ZN10BandMatrix6ReSizeEiii
.section .gcc_except_table,"aw",@progbits
.LLSDA1:
.byte 0xff
.byte 0xff
.byte 0x3
.byte 0x1a
.long .LEHB0-.LFB1
.long .LEHE0-.LEHB0
.long .L18-.LFB1
.byte 0x0
.long .LEHB1-.LFB1
.long .LEHE1-.LEHB1
.long 0x0
.byte 0x0
.text
.align 16
.globl _ZNK10BandMatrix11CornerClearEv
.type _ZNK10BandMatrix11CornerClearEv,@function
_ZNK10BandMatrix11CornerClearEv:
.LFB2:
pushl %ebp
.LCFI6:
movl %esp, %ebp
.LCFI7:
popl %ebp
ret
.LFE2:
.Lfe2:
.size
_ZNK10BandMatrix11CornerClearEv,.Lfe2-_ZNK10BandMatrix11CornerClearEv
.align 16
.globl _ZN13GeneralMatrix6ReSizeEiii
.type _ZN13GeneralMatrix6ReSizeEiii,@function
_ZN13GeneralMatrix6ReSizeEiii:
.LFB3:
pushl %ebp
.LCFI8:
movl %esp, %ebp
.LCFI9:
popl %ebp
ret
.LFE3:
.Lfe3:
.size
_ZN13GeneralMatrix6ReSizeEiii,.Lfe3-_ZN13GeneralMatrix6ReSizeEiii
.align 16
.globl _ZN13GeneralMatrixC2Ev
.type _ZN13GeneralMatrixC2Ev,@function
_ZN13GeneralMatrixC2Ev:
.LFB4:
pushl %ebp
.LCFI10:
movl %esp, %ebp
.LCFI11:
movl 8(%ebp), %eax
movl $42, (%eax)
popl %ebp
ret
.LFE4:
.Lfe4:
.size _ZN13GeneralMatrixC2Ev,.Lfe4-_ZN13GeneralMatrixC2Ev
.align 16
.globl _ZN13GeneralMatrixC1Ev
.type _ZN13GeneralMatrixC1Ev,@function
_ZN13GeneralMatrixC1Ev:
.LFB5:
pushl %ebp
.LCFI12:
movl %esp, %ebp
.LCFI13:
movl 8(%ebp), %eax
movl $42, (%eax)
popl %ebp
ret
.LFE5:
.Lfe5:
.size _ZN13GeneralMatrixC1Ev,.Lfe5-_ZN13GeneralMatrixC1Ev
.align 16
.globl main
.type main,@function
main:
.LFB6:
pushl %ebp
.LCFI14:
movl %esp, %ebp
.LCFI15:
pushl %ebx
.LCFI16:
subl $16, %esp
.LCFI17:
leal -8(%ebp), %ebx
pushl %ebx
.LCFI18:
call _ZN13GeneralMatrixC2Ev
addl $16, %esp
pushl $0
pushl $0
pushl $0
pushl %ebx
call _ZN10BandMatrix6ReSizeEiii
movl -4(%ebp), %ebx
movl %ebp, %esp
xorl %eax, %eax
popl %ebp
ret
.LFE6:
.Lfe6:
.size main,.Lfe6-main
.local last
.comm last,4,4
.section .eh_frame,"aw",@progbits
__FRAME_BEGIN__:
.long .LECIE1-.LSCIE1
.LSCIE1:
.long 0x0
.byte 0x1
.string "zPL"
.byte 0x1
.byte 0x7c
.byte 0x8
.byte 0x6
.byte 0x0
.long __gxx_personality_v0
.byte 0x0
.byte 0xc
.byte 0x4
.byte 0x4
.byte 0x88
.byte 0x1
.align 4
.LECIE1:
.LSFDE1:
.long .LEFDE1-.LASFDE1
.LASFDE1:
.long .LASFDE1-__FRAME_BEGIN__
.long .LFB1
.long .LFE1-.LFB1
.byte 0x4
.long .LLSDA1
.byte 0x4
.long .LCFI0-.LFB1
.byte 0xe
.byte 0x8
.byte 0x85
.byte 0x2
.byte 0x4
.long .LCFI1-.LCFI0
.byte 0xd
.byte 0x5
.byte 0x4
.long .LCFI4-.LCFI1
.byte 0x83
.byte 0x4
.byte 0x86
.byte 0x3
.byte 0x4
.long .LCFI5-.LCFI4
.byte 0x2e
.byte 0x10
.align 4
.LEFDE1:
.LSFDE11:
.long .LEFDE11-.LASFDE11
.LASFDE11:
.long .LASFDE11-__FRAME_BEGIN__
.long .LFB6
.long .LFE6-.LFB6
.byte 0x4
.long 0x0
.byte 0x4
.long .LCFI14-.LFB6
.byte 0xe
.byte 0x8
.byte 0x85
.byte 0x2
.byte 0x4
.long .LCFI15-.LCFI14
.byte 0xd
.byte 0x5
.byte 0x4
.long .LCFI17-.LCFI15
.byte 0x83
.byte 0x3
.byte 0x4
.long .LCFI18-.LCFI17
.byte 0x2e
.byte 0x10
.align 4
.LEFDE11:
.ident "GCC: (GNU) 3.0 20010526 (prerelease)"