Bug 8988 - [3.2 regression] gcc3.2 and 3.2.1 with -O2 and -mcpu=i386 generates code that segfaults
Summary: [3.2 regression] gcc3.2 and 3.2.1 with -O2 and -mcpu=i386 generates code that...
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: rtl-optimization (show other bugs)
Version: 3.2.1
: P3 normal
Target Milestone: ---
Assignee: Eric Botcazou
URL:
Keywords: wrong-code
: 9218 (view as bug list)
Depends on:
Blocks:
 
Reported: 2002-12-18 04:36 UTC by kevin
Modified: 2003-07-25 17:33 UTC (History)
4 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:


Attachments
smeg.i (194 bytes, text/x-c)
2003-05-21 15:17 UTC, kevin
Details

Note You need to log in before you can comment on or make changes to this bug.
Description kevin 2002-12-18 04:36:02 UTC
When the attached correct code is compiled with gcc 3.2 or 3.2.1, with -mcpu=i386 (anything up to -mcpu=i586 will reproduce it), and -O2 optimisation level (both lower and higher optimisation levels do not produce the bug), it segfaults.

The assembly code produced attempts to read from memory location 0x00000001.

Even modifications as small as removing the function call that does nothing will stop the bug from happening.

Release:
gcc version 3.2.1

Environment:
Reading specs from /home/kevin/lib/gcc-lib/i686-pc-linux-gnu/3.2.1/specs
Configured with: ./configure --prefix=/home/kevin
Thread model: posix
gcc version 3.2.1

How-To-Repeat:
gcc -Wall -O2 -mcpu=i386 -g gcc-bug.c -o gcc-bug
[kevin@indy cutdown]$ gdb ./gcc-bug
...
Program received signal SIGSEGV, Segmentation fault.
0x0804835a in main (argc=1, argv=0xbffffad4) at gcc-bug.c:12
12              ptr++;
Comment 1 kevin 2002-12-18 04:36:02 UTC
Fix:
Compiling with -fno-strength-reduce -O2 fixes the problem, compiling with -O1 or lower fixes the problem, compiling with -O2 -mcpu=i686 or higher fixes the problem.  The latest gcc 3.3 snapshot does not exhibit the problem.
Comment 2 Paolo Carlini 2002-12-18 04:54:38 UTC
State-Changed-From-To: open->feedback
State-Changed-Why: For some reason, the attachment got lost. Could you possibly
    provide it again?
    Thanks, Paolo.
Comment 3 Volker Reichelt 2002-12-18 06:49:38 UTC
State-Changed-From-To: feedback->analyzed
State-Changed-Why: Confirmed.
    
    The whole 3.2 branch is affected (also with -mcpu=i486 and i586).
Comment 4 Eric Botcazou 2002-12-18 13:50:28 UTC
Responsible-Changed-From-To: unassigned->ebotcazou
Responsible-Changed-Why: Loop optimizer bug. Fix in progress.
Comment 5 caf 2002-12-19 00:37:16 UTC
From: caf@guarana.org
To: paolo@gcc.gnu.org, gcc-bugs@gcc.gnu.org, gcc-prs@gcc.gnu.org,
	kevin@sylandro.com, nobody@gcc.gnu.org, gcc-gnats@gcc.gnu.org
Cc:  
Subject: Re: optimization/8988: gcc3.2 and 3.2.1 with -O2 and -mcpu=i386 generates code that segfaults
Date: Thu, 19 Dec 2002 00:37:16 +1100

 On Wed, Dec 18, 2002 at 12:54:39PM -0000, paolo@gcc.gnu.org wrote:
 > Synopsis: gcc3.2 and 3.2.1 with -O2 and -mcpu=i386 generates code that segfaults
 > 
 > State-Changed-From-To: open->feedback
 > State-Changed-By: paolo
 > State-Changed-When: Wed Dec 18 04:54:38 2002
 > State-Changed-Why:
 >     For some reason, the attachment got lost. Could you possibly
 >     provide it again?
 >     Thanks, Paolo.
 > 
 > http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=8988
 
 Preprocessed output attached.
 
 By the way, the bad assembly that causes the crash is:
 
 .L8:
         leal    1(%ecx), %edx
         xorl    %ecx, %ecx		; %ecx is 0
         .p2align 2,,3
 .L7:
         movl    %edx, %eax
         movl    %edx, -28(%ebp)
         leal    2(%ecx), %edx		; %edx is 2
         movl    %eax, %ecx
         movb    -1(%edx), %al		; we try to read from 0x00000001
 
 	- Kevin.
 
 

Comment 6 caf 2002-12-19 00:38:19 UTC
From: caf@guarana.org
To: paolo@gcc.gnu.org, gcc-bugs@gcc.gnu.org, gcc-prs@gcc.gnu.org,
	kevin@sylandro.com, nobody@gcc.gnu.org, gcc-gnats@gcc.gnu.org
Cc:  
Subject: Re: optimization/8988: gcc3.2 and 3.2.1 with -O2 and -mcpu=i386 generates code that segfaults
Date: Thu, 19 Dec 2002 00:38:19 +1100

 --y0ulUmNC+osPPQO6
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 On Wed, Dec 18, 2002 at 12:54:39PM -0000, paolo@gcc.gnu.org wrote:
 > Synopsis: gcc3.2 and 3.2.1 with -O2 and -mcpu=i386 generates code that segfaults
 > 
 > State-Changed-From-To: open->feedback
 > State-Changed-By: paolo
 > State-Changed-When: Wed Dec 18 04:54:38 2002
 > State-Changed-Why:
 >     For some reason, the attachment got lost. Could you possibly
 >     provide it again?
 >     Thanks, Paolo.
 
 *Oops* :)
 
 Preprocessed output *really* attached this time.  Sorry about that :)
 
 	- Kevin.
 
 
 --y0ulUmNC+osPPQO6
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="smeg.i"
 
 # 1 "smeg.c"
 # 1 "<built-in>"
 # 1 "<command line>"
 # 1 "smeg.c"
 void next_arg(char *p1, char **p2)
 {
 }
 
 int main(int argc, char *argv[])
 {
     char str[] = "foo { xx }";
     char *ptr = str + 5;
 
     next_arg(ptr, &ptr);
     while (*ptr && (*ptr == 13 || *ptr == 32))
         ptr++;
     return 0;
 }
 
 --y0ulUmNC+osPPQO6--
Comment 7 Eric Botcazou 2002-12-19 13:05:54 UTC
State-Changed-From-To: analyzed->closed
State-Changed-Why: Fixed.
Comment 9 Eric Botcazou 2002-12-19 20:38:07 UTC
From: ebotcazou@gcc.gnu.org
To: gcc-gnats@gcc.gnu.org
Cc:  
Subject: optimization/8988
Date: 19 Dec 2002 20:38:07 -0000

 CVSROOT:	/cvs/gcc
 Module name:	gcc
 Branch: 	gcc-3_3-branch
 Changes by:	ebotcazou@gcc.gnu.org	2002-12-19 12:38:07
 
 Modified files:
 	gcc            : ChangeLog loop.c 
 	gcc/testsuite  : ChangeLog 
 Added files:
 	gcc/testsuite/gcc.c-torture/execute: 20021219-1.c 
 
 Log message:
 	PR optimization/8988
 	* loop.c (maybe_eliminate_biv): Kill REG_EQUAL notes mentioning
 	the biv when eliminating.
 
 Patches:
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=1.16114.2.7&r2=1.16114.2.8
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/loop.c.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=1.433&r2=1.433.2.1
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=1.2261.2.3&r2=1.2261.2.4
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/gcc.c-torture/execute/20021219-1.c.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=NONE&r2=1.1.4.1
 

Comment 10 Eric Botcazou 2002-12-19 20:47:13 UTC
From: ebotcazou@gcc.gnu.org
To: gcc-gnats@gcc.gnu.org
Cc:  
Subject: optimization/8988
Date: 19 Dec 2002 20:47:13 -0000

 CVSROOT:	/cvs/gcc
 Module name:	gcc
 Changes by:	ebotcazou@gcc.gnu.org	2002-12-19 12:47:12
 
 Modified files:
 	gcc            : ChangeLog loop.c 
 	gcc/testsuite  : ChangeLog 
 Added files:
 	gcc/testsuite/gcc.c-torture/execute: 20021219-1.c 
 
 Log message:
 	PR optimization/8988
 	* loop.c (maybe_eliminate_biv): Kill REG_EQUAL notes mentioning
 	the biv when eliminating.
 
 Patches:
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/ChangeLog.diff?cvsroot=gcc&r1=1.16152&r2=1.16153
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/loop.c.diff?cvsroot=gcc&r1=1.434&r2=1.435
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/ChangeLog.diff?cvsroot=gcc&r1=1.2268&r2=1.2269
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/gcc.c-torture/execute/20021219-1.c.diff?cvsroot=gcc&r1=1.1&r2=1.2