This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug middle-end/37889] New: SEGV, conditional execution proactively executed the false arm.

From: "hp at gcc dot gnu dot org" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: 22 Oct 2008 02:25:05 -0000
Subject: [Bug middle-end/37889] New: SEGV, conditional execution proactively executed the false arm.
Reply-to: gcc-bugzilla at gcc dot gnu dot org

The following executable testcase, reduced from the CRIS port of an old
3.2.x-based version of gcc, is miscompiled at -O2 with
"gcc-4_3-branch revision 141262" and
"trunk revision 141281" configured with --prefix=/usr --enable-languages=c
--with-cpu=generic.  When run, it catches a SEGV.  It is known to work with at
least the Fedora "gcc-4.1.2-33" release.

gcc.c-torture/execute/prNNNNN-1.c:
int flag_pic;
const char * reg_names[(16 + 1 + 1 + 1)] = {"x", "y", "z"};
extern void abort (void) __attribute__ ((__noreturn__));
extern void exit (int) __attribute__ ((__noreturn__));
void __attribute__ ((__noinline__)) asm_fprintf (void *a, const char *b, const
char *c, const char *d)
{
  if (a == 0 || *c != 'x' || *d != 'x' || b == 0)
    abort ();
  asm volatile ("");
}

void __attribute__ ((__noinline__))
cris_target_asm_function_prologue (void *file, long got_really_used)
{
  if (got_really_used)
    {
      asm_fprintf (file, "%s %s\n",
       reg_names[(flag_pic ? 0 : (~(unsigned int) 0))],
       reg_names[(flag_pic ? 0 : (~(unsigned int) 0))]);
    }
  asm_fprintf (file, "", "x", "x");
}

int main (void)
{
  flag_pic = 2;
  cris_target_asm_function_prologue ("", 1);
  exit (0);
}

There's a spurious warning emitted with -Wall:
x.c: In function 'cris_target_asm_function_prologue':
x.c:17: warning: array subscript is above array bounds
and a tell-tale SEGV-causing instruction:
 movabsq reg_names+34359738360, %rax
(corresponding to a read of reg_names[~(unsigned int) 0] into %rax)
which is wrongly moved *before* the flag_pic test.


-- 
           Summary: SEGV, conditional execution proactively executed the
                    false arm.
           Product: gcc
           Version: 4.3.3
            Status: UNCONFIRMED
          Keywords: wrong-code
          Severity: normal
          Priority: P3
         Component: middle-end
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: hp at gcc dot gnu dot org
  GCC host triplet: x86_64-unknown-linux-gnu


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

Follow-Ups:
- [Bug middle-end/37889] SEGV, conditional execution proactively executed the false arm.
  - From: hp at gcc dot gnu dot org
- [Bug middle-end/37889] SEGV, conditional execution proactively executed the false arm.
  - From: hp at gcc dot gnu dot org
- [Bug middle-end/37889] SEGV, conditional execution proactively executed the false arm.
  - From: hp at gcc dot gnu dot org
- [Bug rtl-optimization/37889] [4.3 Regression] SEGV, conditional execution proactively executed the false arm.
  - From: rguenth at gcc dot gnu dot org
- [Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.
  - From: rguenth at gcc dot gnu dot org
- [Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.
  - From: jakub at gcc dot gnu dot org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]