This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug rtl-optimization/67037] New: [4.9 Regression] Wrong code at -O1 and above on ARM

From: "notasas at gmail dot com" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Mon, 27 Jul 2015 22:24:25 +0000
Subject: [Bug rtl-optimization/67037] New: [4.9 Regression] Wrong code at -O1 and above on ARM
Auto-submitted: auto-generated

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67037

            Bug ID: 67037
           Summary: [4.9 Regression] Wrong code at -O1 and above on ARM
           Product: gcc
           Version: 4.9.3
            Status: UNCONFIRMED
          Keywords: wrong-code
          Severity: normal
          Priority: P3
         Component: rtl-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: notasas at gmail dot com
  Target Milestone: ---
            Target: arm-unknown-linux-gnueabi, arm-linux-gnueabihf

Created attachment 36076
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=36076&action=edit
testcase

The reduced testcase (based on "real" code from wine sources) crashes:

notaz@evm:/tmp/t$ cc -Wall -O0 testcase.c && ./a.out
notaz@evm:/tmp/t$ cc -Wall -O1 testcase.c && ./a.out
Segmentation fault
notaz@evm:/tmp/t$ cc -Wall -O2 testcase.c && ./a.out
Segmentation fault
notaz@evm:/tmp/t$ cc -Wall -Os testcase.c && ./a.out
notaz@evm:/tmp/t$ cc -Wall -O1 testcase.c -mcpu=arm920t -marm && ./a.out
Segmentation fault
notaz@evm:/tmp/t$ cc -Wall -O1 testcase.c -mcpu=cortex-a15 && ./a.out
Segmentation fault

gcc 4.7.2 and 4.8.2 seem to be ok.

It looks like this chunk

    while ((count > 1) && *s)
    {
        count--;
        *d++ = *s++;
    }

is compiled to

        add     r3, sp, #5312
        add     r3, r3, #52
        ldr     r3, [r3]        @ count
        cmp     r3, #1
        bls     .L6
        movw    r2, #:lower16:.LANCHOR0
        mov     r3, #78
        movt    r2, #:upper16:.LANCHOR0
        b       .L8
.L18:
        ldrh    r3, [r2, #2]!
        cmp     r3, #0
        beq     .L9
.L8:
        add     r1, sp, #5312
        add     r1, r1, #52
        ldr     r0, [r1]
        sub     r0, r0, #1
        str     r0, [r1]
        ldr     r1, [r3]        @ <-- crash
        cmp     r0, #1
        strh    r3, [r1], #2    @ movhi
        add     r3, sp, #5312
        add     r3, r3, #48
        str     r1, [r3]
        bne     .L18
.L9:

so it thinks r3 contains pointer to count, even though it loaded *s there?
The conditions for this bug seem to be large stack frame that load/store
offsets can't reach and enough register pressure.

Follow-Ups:
- [Bug target/67037] [4.9 Regression] Wrong code at -O1 and above on ARM
  - From: rguenth at gcc dot gnu.org
- [Bug target/67037] [4.9 Regression] Wrong code at -O1 and above on ARM
  - From: mikpelinux at gmail dot com
- [Bug target/67037] [4.9 Regression] Wrong code at -O1 and above on ARM
  - From: ktkachov at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]