This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug c/71051] New: incorrect sparc64 code generated, inevitable jump to null function pointer
- From: "martin at netbsd dot org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Tue, 10 May 2016 20:25:12 +0000
- Subject: [Bug c/71051] New: incorrect sparc64 code generated, inevitable jump to null function pointer
- Auto-submitted: auto-generated
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71051
Bug ID: 71051
Summary: incorrect sparc64 code generated, inevitable jump to
null function pointer
Product: gcc
Version: 5.3.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: martin at netbsd dot org
Target Milestone: ---
Created attachment 38464
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=38464&action=edit
striped down example C code
Attached is a reduced example of code that is part of the NetBSD C startup, it
is used to call all destructors in a shared binary before unloading the module.
There is some linker magic used to fill the dtor pointer array.
We hit the issue in the wild, but the stripped attached example shows the
invalid code. We have seen similar issues on other architectures, so it is
likely not sparc64 specific, but this case has been analyzed best.
The loop over the dtors is terminated when the current dtor pointer is >=
__DTOR_LIST_END__, and the generated asm code goes like:
or %i4, %l44(__DTOR_LIST_END__), %i4
cmp %i5, %i4
blu,pt %xcc, .LL5
mov 0, %g1
If the branch to .LL5 is taken, %g1 will always be NULL. So not surprisingly we
crash by jumping to 0:
.LL5:
call %g1, 0
add %i5, 8, %i5
This is with the 5.3 version integrated in NetBSD-current:
> cc -v
Using built-in specs.
COLLECT_GCC=cc
COLLECT_LTO_WRAPPER=/usr/libexec/lto-wrapper
Target: sparc64--netbsd
Configured with: /usr/src/tools/gcc/../../external/gpl3/gcc/dist/configure
--target=sparc64--netbsd --enable-long-long --enable-threads
--with-bugurl=http://www.NetBSD.org/Misc/send-pr.html --with-pkgversion='NetBSD
nb1 20160317' --with-system-zlib --enable-__cxa_atexit
--enable-libstdcxx-threads --enable-libstdcxx-time=rt
--with-mpc-lib=/var/obj/mknative/sparc64/usr/src/external/lgpl3/mpc/lib/libmpc
--with-mpfr-lib=/var/obj/mknative/sparc64/usr/src/external/lgpl3/mpfr/lib/libmpfr
--with-gmp-lib=/var/obj/mknative/sparc64/usr/src/external/lgpl3/gmp/lib/libgmp
--with-mpc-include=/usr/src/external/lgpl3/mpc/dist/src
--with-mpfr-include=/usr/src/external/lgpl3/mpfr/dist/src
--with-gmp-include=/usr/src/external/lgpl3/gmp/lib/libgmp/arch/sparc64
--enable-tls --disable-multilib --disable-symvers --disable-libstdcxx-pch
--build=x86_64-unknown-netbsd7.0. --host=sparc64--netbsd
--with-sysroot=/var/obj/mknative/sparc64/usr/src/destdir.sparc64
Thread model: posix
gcc version 5.3.0 (nb1 20160317)
and the compiler invocation w.as
cc -Wall -Wextra -O2 -fno-strict-aliasing -fwrapv -c -S example.c