optimization/7690: gcc 2.95.3: argument destroyed under -O2 on IA32

torek@bsdi.com torek@bsdi.com
Thu Aug 22 15:06:00 GMT 2002


>Number:         7690
>Category:       optimization
>Synopsis:       gcc 2.95.3: argument destroyed under -O2 on IA32
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Aug 22 15:06:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     torek@bsdi.com
>Release:        gcc 2.95.3
>Organization:
>Environment:
BSD/OS 4.3
>Description:
The stripped-down C code below generates IA32 assembly that destroys the "name" parameter before making another call, but only when using -O2.

This code is simplified from a real program (squid) and no longer does anything useful on its own, so you must look at the generated assembly.

I was hoping this is a known bug with a known fix that I can find somewhere so as to patch it.
>How-To-Repeat:
typedef unsigned long long off_t;
typedef unsigned int size_t;

off_t f1(char *buf, size_t sz, const char *name);
void f2(int);

void bug(char *buf, size_t sz, const char *name, unsigned type)
{
    off_t off;

    off = f1(buf, sz, name);
    memcpy(buf + off, &type, sizeof(type));
    f2(off <= sz);
}

compile with -O2, examine assembly, note this section:

        movl 8(%ebp),%edi
        movl 12(%ebp),%eax
        xorl %edx,%edx
        movl %eax,12(%ebp)
        movl %edx,16(%ebp)

note that 16(%ebp) used to hold the parameter "name" before this last movl, which (since %edx is now 0) clobbers it.

Using -O1 -fexpensive-optimizations appears to suffice to trigger the problem (but -O1 alone does not).
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:



More information about the Gcc-bugs mailing list