This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug c/36775] New: Incorrect code generated - value tested before it is set.

From: "sfalco at harris dot com" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: 9 Jul 2008 20:48:38 -0000
Subject: [Bug c/36775] New: Incorrect code generated - value tested before it is set.
Reply-to: gcc-bugzilla at gcc dot gnu dot org

I have found a bug in the gcc cross-compiler supplied in eldk-4.2 for
ppc_4xxFP-gcc.  (Available from http://denx.de)

I noticed that the dumpe2fs program segfaulted on my sequoia powerpc evaluation
board (running Linux with nfs as the rootfs).  After a lot of detective work, I
have produced a small program that illustrates the problem.

I'll attach the .i file along with the -v output.  I'll also attach a dump of
the executable.

The bug is that the compiler collapses two "if" tests together, but in doing
so, it tests a value before assigning to it.

The two "if" statements are:

        if (!*pp)               /* function ext2fs_get_mem */
        if (!bb->list) {        /* function make_u32_list */

The following section of the dump shows the problem (this correlates to the
second malloc in routine make_u32_list():

100004c4:       48 04 05 d5     bl      10040a98 <malloc@plt>
100004c8:       81 61 00 08     lwz     r11,8(r1)
100004cc:       7c 60 fe 70     srawi   r0,r3,31
100004d0:       7c 09 1a 78     xor     r9,r0,r3
100004d4:       83 eb 00 0c     lwz     r31,12(r11)     /* copies bb->list into
r31 too early */
100004d8:       7d 29 00 50     subf    r9,r9,r0
100004dc:       3c 00 80 d4     lis     r0,-32556
100004e0:       7d 3d fe 70     srawi   r29,r9,31
100004e4:       60 00 48 ba     ori     r0,r0,18618
100004e8:       2f 9f 00 00     cmpwi   cr7,r31,0       /* tests uninitialized
version of bb->list */
100004ec:       7f bd 00 38     and     r29,r29,r0
100004f0:       3d 3d 7f 2c     addis   r9,r29,32556
100004f4:       90 7c 00 0c     stw     r3,12(r28)      /* bb->list finally
receives malloc pointer here */

At 100004c4 we call malloc, and the return value is in r3.  The "if"
test appears at 100004e8 and checks r31.  Looking back at 100004d4 we
see bb->list is loaded into r31.  However, r3 is not loaded into bb->list
until 100004f4, long after bb->list has been used.


-- 
           Summary: Incorrect code generated - value tested before it is
                    set.
           Product: gcc
           Version: 4.2.2
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: sfalco at harris dot com
  GCC host triplet: i686-host_pc-linux-gnu
GCC target triplet: powerpc-linux


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=36775

Follow-Ups:
- [Bug c/36775] Incorrect code generated - value tested before it is set.
  - From: sfalco at harris dot com
- [Bug c/36775] Incorrect code generated - value tested before it is set.
  - From: sfalco at harris dot com
- [Bug c/36775] Incorrect code generated - value tested before it is set.
  - From: sfalco at harris dot com
- [Bug middle-end/36775] Incorrect code generated - value tested before it is set.
  - From: pinskia at gcc dot gnu dot org
- [Bug middle-end/36775] Incorrect code generated - value tested before it is set.
  - From: sfalco at harris dot com
- [Bug middle-end/36775] Incorrect code generated - value tested before it is set.
  - From: schwab at suse dot de
- [Bug middle-end/36775] Incorrect code generated - value tested before it is set.
  - From: pinskia at gcc dot gnu dot org
- [Bug middle-end/36775] Incorrect code generated - value tested before it is set.
  - From: sfalco at harris dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]