This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug rtl-optimization/70526] New: GCC 6 miscompiles Firefox JIT compiler


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70526

            Bug ID: 70526
           Summary: GCC 6 miscompiles Firefox JIT compiler
           Product: gcc
           Version: 6.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: rtl-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: jandemooij+gccbugs at gmail dot com
  Target Milestone: ---

Created attachment 38175
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=38175&action=edit
Reduced testcase

See https://bugzilla.mozilla.org/show_bug.cgi?id=1245783

I managed to reduce it to the attached test case.

$ g++ --version
g++-6 (Ubuntu 6-20160319-0ubuntu11) 6.0.0 20160319 (experimental) [trunk
revision 234350]

$ g++-6 -O3 -Wall -o test test.cpp
$ ./test
Fail

It does not print "Fail" with -O0 or with g++ 5.3.1


The problem seems to be on this line:

    return TypedOrValueRegister(type, ToAnyRegister(value));

It looks like we read a bogus/uninitialized value from the stack and use that
instead of the result of the ToAnyRegister call.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]