This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug c/31898] New: Stack frame destructed too early with -O2
- From: "reisinger at decomsys dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: 11 May 2007 10:49:19 -0000
- Subject: [Bug c/31898] New: Stack frame destructed too early with -O2
- Reply-to: gcc-bugzilla at gcc dot gnu dot org
gcc accesses elements of a stack-frame after having destructed it.
Source-File:
---------------------------------------------------
typedef unsigned char uint8;
typedef unsigned short uint16;
typedef unsigned long uint32;
#define completeHeaderCRC(nHeaderCRC) \
((nHeaderCRC) & ((1 << 11) - 1))
#define partialCRC_nibble(nHeaderCRC,nInput) \
((((nHeaderCRC) << 4) & 0x7ffU) ^ \
headercrctable[(((nHeaderCRC) >> 7) & 0xffU) ^ (uint16)(nInput)] \
)
uint16 CalcHeaderCRC(
uint16 nFrameID,
uint16 nPayloadLengthWords
)
{
const uint16 headercrctable[16] =
{
0x0000U, 0x0385U, 0x070AU, 0x048FU, 0x0591U, 0x0614U, 0x029BU, 0x011EU,
0x00A7U, 0x0322U, 0x07ADU, 0x0428U, 0x0536U, 0x06B3U, 0x023CU, 0x01B9U
};
uint16 nHeaderCRC = 0x1a;
uint32 nHeader = 0;
uint8 nInput;
nHeader |=
((nFrameID & 0x7ffU) << 7
) | (nPayloadLengthWords & 0x7fU);
nInput = ((nHeader & 0xf0000U) >> 16);
nHeaderCRC = partialCRC_nibble(nHeaderCRC, nInput);
nInput = ((nHeader & 0x0f000U) >> 12);
nHeaderCRC = partialCRC_nibble(nHeaderCRC, nInput);
nInput = ((nHeader & 0x00f00U) >> 8);
nHeaderCRC = partialCRC_nibble(nHeaderCRC, nInput);
nInput = ((nHeader & 0x000f0U) >> 4);
nHeaderCRC = partialCRC_nibble(nHeaderCRC, nInput);
nInput = (nHeader & 0x0000fU);
nHeaderCRC = partialCRC_nibble(nHeaderCRC, nInput);
nHeaderCRC = completeHeaderCRC(nHeaderCRC);
return nHeaderCRC;
}
-----------------------------------
Generated assembler output:
-----------------------------------
.file "StackFrameBug.c"
.section .rodata
.align 1
.LC0:
.short 0
.short 901
.short 1802
.short 1167
.short 1425
.short 1556
.short 667
.short 286
.short 167
.short 802
.short 1965
.short 1064
.short 1334
.short 1715
.short 572
.short 441
.section ".text"
.align 2
.globl CalcHeaderCRC
.type CalcHeaderCRC, @function
CalcHeaderCRC:
stwu %r1,-56(%r1) # (1) <- construct stack frame
lis %r11,.LC0@ha
la %r9,.LC0@l(%r11)
rlwinm %r4,%r4,0,25,31
stw %r28,40(%r1)
rlwinm %r3,%r3,7,14,24
stw %r29,44(%r1)
or %r3,%r3,%r4
lwz %r29,.LC0@l(%r11)
addi %r10,%r1,8
lwz %r28,28(%r9)
rlwinm %r4,%r3,17,29,30
lwz %r0,20(%r9)
rlwinm %r12,%r3,20,28,31
lwz %r11,24(%r9)
lwz %r5,4(%r9)
lwz %r6,8(%r9)
lwz %r7,12(%r9)
lwz %r8,16(%r9)
stw %r29,8(%r1)
stw %r0,28(%r1)
stw %r11,32(%r1)
stw %r28,36(%r1)
stw %r5,12(%r1)
stw %r6,16(%r1)
stw %r7,20(%r1)
stw %r8,24(%r1)
lwz %r28,40(%r1)
lhzx %r9,%r4,%r10
lwz %r29,44(%r1)
addi %r1,%r1,56 # (2) <- destruct stack frame
xori %r9,%r9,416
rlwinm %r0,%r9,25,24,31
rlwinm %r11,%r9,4,21,27
xor %r0,%r0,%r12
rlwinm %r12,%r3,24,28,31
slwi %r0,%r0,1
lhzx %r9,%r10,%r0 # (3) <- access data on stack frame
xor %r9,%r9,%r11
rlwinm %r0,%r9,25,24,31
rlwinm %r11,%r9,4,21,27
xor %r0,%r0,%r12
rlwinm %r12,%r3,28,28,31
slwi %r0,%r0,1
lhzx %r9,%r10,%r0 # (3) <- access data on stack frame
xor %r9,%r9,%r11
rlwinm %r0,%r9,25,24,31
rlwinm %r11,%r9,4,21,27
xor %r0,%r0,%r12
rlwinm %r12,%r3,0,28,31
slwi %r0,%r0,1
lhzx %r9,%r10,%r0 # (3) <- access data on stack frame
xor %r9,%r9,%r11
rlwinm %r0,%r9,25,24,31
rlwinm %r11,%r9,4,21,27
xor %r0,%r0,%r12
slwi %r0,%r0,1
lhzx %r9,%r10,%r0 # (3) <- access data on stack frame
xor %r9,%r9,%r11
rlwinm %r9,%r9,0,21,31
mr %r3,%r9
blr
.size CalcHeaderCRC, .-CalcHeaderCRC
.ident "GCC: (GNU) 3.3.1"
-------------------------------------
command-line: powerpc-eabi-gcc -c -save-temps -O2 -mregnames StackFrameBug.c
-------------------------------------
The bug does not occur with -O3
--
Summary: Stack frame destructed too early with -O2
Product: gcc
Version: 3.3.1
Status: UNCONFIRMED
Severity: major
Priority: P3
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: reisinger at decomsys dot com
GCC host triplet: cygwin, linux-i386
GCC target triplet: powerpc-eabi
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31898