This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug middle-end/47893] New: [4.6 Regression] 4.6 miscompiles mesa on i686
- From: "jakub at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Fri, 25 Feb 2011 12:09:45 +0000
- Subject: [Bug middle-end/47893] New: [4.6 Regression] 4.6 miscompiles mesa on i686
- Auto-submitted: auto-generated
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47893
Summary: [4.6 Regression] 4.6 miscompiles mesa on i686
Product: gcc
Version: 4.6.0
Status: UNCONFIRMED
Keywords: wrong-code
Severity: blocker
Priority: P3
Component: middle-end
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: jakub@gcc.gnu.org
Target: i686-linux
Created attachment 23466
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=23466
mesa.c
The following testcase (distilled from http://bugzilla.redhat.com/679924 )
is miscompiled on i?86 (and x86_64 -m32).
The problem is that struct S is 20 bytes long (why doesn't mesa pack the
bitfield structs better is beyond me) and is returned indirectly via caller
provided memory. The assembly shows:
call fn1 #
testl %eax, %eax #
movl %eax, -4664(%ebp) #, %sfp
...
leal -4680(%ebp), %eax #,
call fn2 #
...
cmpl %ebx, -4664(%ebp) # i, %sfp
i.e. the return value from fn1 (variable c) is spilled into %ebp-4664, but
fn2 is given as struct S return slot %ebp-4680, so when it returns it
overwrites
some 16 bytes reserved for the return value and the variable c as well.