This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug c/31898] New: Stack frame destructed too early with -O2

From: "reisinger at decomsys dot com" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: 11 May 2007 10:49:19 -0000
Subject: [Bug c/31898] New: Stack frame destructed too early with -O2
Reply-to: gcc-bugzilla at gcc dot gnu dot org

gcc accesses elements of a stack-frame after having destructed it.

Source-File:
---------------------------------------------------
typedef unsigned char uint8;
typedef unsigned short uint16;
typedef unsigned long uint32;

#define completeHeaderCRC(nHeaderCRC)                                 \
    ((nHeaderCRC) & ((1 << 11) - 1))

#define partialCRC_nibble(nHeaderCRC,nInput)                          \
    ((((nHeaderCRC) << 4) & 0x7ffU) ^                                 \
     headercrctable[(((nHeaderCRC) >> 7) & 0xffU) ^ (uint16)(nInput)] \
    )

uint16 CalcHeaderCRC(
    uint16 nFrameID,
    uint16 nPayloadLengthWords
    )
{
    const uint16 headercrctable[16] =
    {
        0x0000U, 0x0385U, 0x070AU, 0x048FU, 0x0591U, 0x0614U, 0x029BU, 0x011EU,
        0x00A7U, 0x0322U, 0x07ADU, 0x0428U, 0x0536U, 0x06B3U, 0x023CU, 0x01B9U
    };

    uint16 nHeaderCRC = 0x1a;
    uint32 nHeader = 0;
    uint8  nInput;

    nHeader |=
        ((nFrameID & 0x7ffU) << 7
        ) | (nPayloadLengthWords & 0x7fU);
    nInput = ((nHeader & 0xf0000U) >> 16);
    nHeaderCRC = partialCRC_nibble(nHeaderCRC, nInput);
    nInput = ((nHeader & 0x0f000U) >> 12);
    nHeaderCRC = partialCRC_nibble(nHeaderCRC, nInput);
    nInput = ((nHeader & 0x00f00U) >> 8);
    nHeaderCRC = partialCRC_nibble(nHeaderCRC, nInput);
    nInput = ((nHeader & 0x000f0U) >> 4);
    nHeaderCRC = partialCRC_nibble(nHeaderCRC, nInput);
    nInput = (nHeader & 0x0000fU);
    nHeaderCRC = partialCRC_nibble(nHeaderCRC, nInput);
    nHeaderCRC = completeHeaderCRC(nHeaderCRC);

    return nHeaderCRC;
}
-----------------------------------
Generated assembler output:
-----------------------------------
        .file   "StackFrameBug.c"
        .section        .rodata
        .align 1
.LC0:
        .short  0
        .short  901
        .short  1802
        .short  1167
        .short  1425
        .short  1556
        .short  667
        .short  286
        .short  167
        .short  802
        .short  1965
        .short  1064
        .short  1334
        .short  1715
        .short  572
        .short  441
        .section        ".text"
        .align 2
        .globl CalcHeaderCRC
        .type   CalcHeaderCRC, @function
CalcHeaderCRC:
        stwu %r1,-56(%r1)     # (1) <- construct stack frame
        lis %r11,.LC0@ha
        la %r9,.LC0@l(%r11)
        rlwinm %r4,%r4,0,25,31
        stw %r28,40(%r1)
        rlwinm %r3,%r3,7,14,24
        stw %r29,44(%r1)
        or %r3,%r3,%r4
        lwz %r29,.LC0@l(%r11)
        addi %r10,%r1,8
        lwz %r28,28(%r9)
        rlwinm %r4,%r3,17,29,30
        lwz %r0,20(%r9)
        rlwinm %r12,%r3,20,28,31
        lwz %r11,24(%r9)
        lwz %r5,4(%r9)
        lwz %r6,8(%r9)
        lwz %r7,12(%r9)
        lwz %r8,16(%r9)
        stw %r29,8(%r1)
        stw %r0,28(%r1)
        stw %r11,32(%r1)
        stw %r28,36(%r1)
        stw %r5,12(%r1)
        stw %r6,16(%r1)
        stw %r7,20(%r1)
        stw %r8,24(%r1)
        lwz %r28,40(%r1)
        lhzx %r9,%r4,%r10
        lwz %r29,44(%r1)
        addi %r1,%r1,56     # (2) <- destruct stack frame
        xori %r9,%r9,416
        rlwinm %r0,%r9,25,24,31
        rlwinm %r11,%r9,4,21,27
        xor %r0,%r0,%r12
        rlwinm %r12,%r3,24,28,31
        slwi %r0,%r0,1
        lhzx %r9,%r10,%r0   # (3) <- access data on stack frame
        xor %r9,%r9,%r11
        rlwinm %r0,%r9,25,24,31
        rlwinm %r11,%r9,4,21,27
        xor %r0,%r0,%r12
        rlwinm %r12,%r3,28,28,31
        slwi %r0,%r0,1
        lhzx %r9,%r10,%r0   # (3) <- access data on stack frame
        xor %r9,%r9,%r11
        rlwinm %r0,%r9,25,24,31
        rlwinm %r11,%r9,4,21,27
        xor %r0,%r0,%r12
        rlwinm %r12,%r3,0,28,31
        slwi %r0,%r0,1
        lhzx %r9,%r10,%r0   # (3) <- access data on stack frame
        xor %r9,%r9,%r11
        rlwinm %r0,%r9,25,24,31
        rlwinm %r11,%r9,4,21,27
        xor %r0,%r0,%r12
        slwi %r0,%r0,1
        lhzx %r9,%r10,%r0   # (3) <- access data on stack frame
        xor %r9,%r9,%r11
        rlwinm %r9,%r9,0,21,31
        mr %r3,%r9
        blr
        .size   CalcHeaderCRC, .-CalcHeaderCRC
        .ident  "GCC: (GNU) 3.3.1"
-------------------------------------
command-line: powerpc-eabi-gcc -c -save-temps -O2 -mregnames StackFrameBug.c
-------------------------------------
The bug does not occur with -O3


-- 
           Summary: Stack frame destructed too early with -O2
           Product: gcc
           Version: 3.3.1
            Status: UNCONFIRMED
          Severity: major
          Priority: P3
         Component: c
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: reisinger at decomsys dot com
  GCC host triplet: cygwin, linux-i386
GCC target triplet: powerpc-eabi


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31898

Follow-Ups:
- [Bug c/31898] Stack frame destructed too early with -O2
  - From: rguenth at gcc dot gnu dot org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]