[Bug c++/26378] New: register aliasing causes stale data to be used
john dot spelis at 3dlabs dot com
gcc-bugzilla@gcc.gnu.org
Mon Feb 20 10:43:00 GMT 2006
>Description:
We are targetting the compilers for a system-on-chip solution we are
developing based on an ARM 926 which is without an FPU so we have
defaulted on SOFTWARE FLOATING POINT.
#define TARGET_DEFAULT (ARM_FLAG_SOFT_FLOAT | ARM_FLAG_APCS_32 | \
ARM_FLAG_APCS_FRAME | ARM_FLAG_MMU_TRAPS)
We run the executables either on a third party (ARM 926) development
board or
an our chip simulator. However the bug can be shown in the assembler
output.
We have come across a problem which is present in 3.4.1 compiler and
when we investigated (by quickly building) a 3.4.5 compiler we came
across the same bug. The samllest program which illustrates the bug is
brokenPointer.cxx;
/* ----- START ---- */
#ifdef DEBUG
#include <stdio.h>
#endif
typedef unsigned int uint32_t;
typedef uint32_t Data[2];
void dump( Data *data, uint32_t count )
{
uint32_t i;
for( i = 0; i < count; i++ )
#ifdef DEBUG
printf( "0x%08X <- 0x%08X\n", data[i][0], data[i][1] );
#else
data[i][0] += data[i][1] ;
#endif
}
float sx, sy;
void moo( float fx[2], float fy[2], uint32_t size[2], uint32_t params[2] )
{
sx = (fx[1] - fx[0]) / size[0];
sy = (fy[1] - fy[0]) / size[1];
Data data[] = {
{ 0, 0xAA55AA55 },
{ 1, 0 },
{ 2, 1 },
{ 3, 2 },
{ 6, 16 },
{ 7, params[0] },
{ 8, params[1] },
{ 9, *((uint32_t *) &sx) },
{ 10, *((uint32_t *) &sy) },
};
dump( data, sizeof(data) / sizeof(*data) );
}
int main( int argc, char *argv[] )
{
float fx[2] = { -2, 2 };
float fy[2] = { -2, 2 };
uint32_t size[2] = {64, 64};
uint32_t params[2] = {16, 4};
moo( fx, fy, size, params );
}
/* ----- END ---- */
The program we compile, brokenPointer.cxx, produces the output:
# arm-3d-linux-g++ -Os -DDEBUG brokenPointer.cxx
0x00000000 <- 0xAA55AA55
0x00000001 <- 0x00000000
0x00000002 <- 0x00000001
0x00000003 <- 0x00000002
0x00000006 <- 0x00000010
0x00000007 <- 0x00000010
0x00000008 <- 0x00000004
0x00000009 <- 0x3D800000
0x0000000A <- 0x00000000
When compiled and run on an (x86,say) host the final line is
correctly output as:
:: ::
0x0000000A <- 0x3D800000
We can illustrate the bug in the assembler code
arm-3d-linux-g++ -S -Os brokenPointer.cxx
illustrates the bug in brokenPointer.s
The source code section going wrong is:
-- extract start --
sy = (fy[1] - fy[0]) / size[1]; /* true value computed */
Data data[] = {
::
{ 10, *((uint32_t *) &sy) }, /* wrong value saved
here */
-- extract finish --
::
bl __divsf3 /* sy = (fy[1] - fy[0]) / size[1]; */
ldr r3, .L13+8
ldr r6, [r5, #4]
ldr r7, [r7, #0]
ldr r5, [r5, #0]
str r3, [fp, #-104]
mov r3, #3
str r3, [fp, #-84]
add r3, r3, r3
str r3, [fp, #-76]
add r3, r3, #10
mov ip, #1
str r3, [fp, #-72]
sub r3, r3, #9
mov lr, #2
mov r4, #9
ldr r8, [sl, #0] /* BUG: this is "early" y being
loaded */
str r3, [fp, #-68]
add r3, r3, ip
mov r2, #0
str r0, [sl, #0] @ float /* r0 is the __divsf3 result so is
the true "y" result */
str r3, [fp, #-60]
mov r1, r4
add r3, r3, lr
sub r0, fp, #108
str r2, [fp, #-96]
str ip, [fp, #-88]
str lr, [fp, #-80]
str r3, [fp, #-44]
str r5, [fp, #-64]
str r6, [fp, #-56]
str r7, [fp, #-48]
str r8, [fp, #-40] /* BUG: "*((uint32_t *) &sy" is taking the
"early" value */
str r2, [fp, #-108]
What happens is that the compiler has not stored the reult of the
"__divsf3"
which is in r0 until very late in the day. In the meantime it loads r8
from where it thinks the result is but at the time r8 is loaded it has not
yet stored r0 !
>How-To-Repeat:
Any arm target compiler should reproduce the bug with "-Os" and
SOFTWARE
floating point ( -mfpu=softvfp ) which allows the problem to be
identified by assembler output.
arm-3d-linux-gcc -v -save-temps -Os -S brokenPointer.cxx
Reading specs from
/homes/spelis2/3.4.5gcc/lib/gcc/arm-3d-linux/3.4.5/specs
Configured with: /homes/spelis/dopt/gnu/gcc-3.4.5/configure
--prefix=/homes/spelis2/3.4.5gcc --with-gnu-as --with-gnu-ld
--with-as=/opt/s2tools/lx/bin/arm-3d-linux-as
--with-ld=/opt/s2tools/lx/bin/arm-3d-linux-ld
--srcdir=/homes/spelis/dopt/gnu/gcc-3.4.5 --target=arm-3d-linux
--with-cpu=arm926ejs --enable-languages=c,c++ --disable-shared --without-newlib
--disable-threads
Thread model: single
gcc version 3.4.5
/homes/spelis2/3.4.5gcc/libexec/gcc/arm-3d-linux/3.4.5/cc1plus -E -quiet -v
-D_GNU_SOURCE brokenPointer.cxx -mcpu=arm926ejs -Os -o brokenPointer.ii
ignoring nonexistent directory
"/homes/spelis2/3.4.5gcc/lib/gcc/arm-3d-linux/3.4.5/../../../../include/c++/3.4.5"
ignoring nonexistent directory
"/homes/spelis2/3.4.5gcc/lib/gcc/arm-3d-linux/3.4.5/../../../../include/c++/3.4.5/arm-3d-linux"
ignoring nonexistent directory
"/homes/spelis2/3.4.5gcc/lib/gcc/arm-3d-linux/3.4.5/../../../../include/c++/3.4.5/backward"
ignoring nonexistent directory
"/homes/spelis2/3.4.5gcc/lib/gcc/arm-3d-linux/3.4.5/../../../../arm-3d-linux/sys-include"
ignoring nonexistent directory
"/homes/spelis2/3.4.5gcc/lib/gcc/arm-3d-linux/3.4.5/../../../../arm-3d-linux/include"
#include "..." search starts here:
#include <...> search starts here:
/homes/spelis2/3.4.5gcc/lib/gcc/arm-3d-linux/3.4.5/include
End of search list.
brokenPointer.cxx:1:19: stdio.h: No such file or directory
federation!spelis 19 ^Cm-3d-linux-gcc -v -save-temps -Os -S brokenPointer.cxx >
federation!spelis 19 vi brokenPointer.cxx
federation!spelis 20 arm-3d-linux-gcc -v -save-temps -Os -S brokenPointer.cxx >
Reading specs from /homes/spelis2/3.4.5gcc/lib/gcc/arm-3d-linux/3.4.5/specs
Configured with: /homes/spelis/dopt/gnu/gcc-3.4.5/configure
--prefix=/homes/spelis2/3.4.5gcc --with-gnu-as --with-gnu-ld
--with-as=/opt/s2tools/lx/bin/arm-3d-linux-as
--with-ld=/opt/s2tools/lx/bin/arm-3d-linux-ld
--srcdir=/homes/spelis/dopt/gnu/gcc-3.4.5 --target=arm-3d-linux
--with-cpu=arm926ejs --enable-languages=c,c++ --disable-shared --without-newlib
--disable-threads
Thread model: single
gcc version 3.4.5
/homes/spelis2/3.4.5gcc/libexec/gcc/arm-3d-linux/3.4.5/cc1plus -E -quiet -v
-D_GNU_SOURCE brokenPointer.cxx -mcpu=arm926ejs -Os -o brokenPointer.ii
ignoring nonexistent directory
"/homes/spelis2/3.4.5gcc/lib/gcc/arm-3d-linux/3.4.5/../../../../include/c++/3.4.5"
ignoring nonexistent directory
"/homes/spelis2/3.4.5gcc/lib/gcc/arm-3d-linux/3.4.5/../../../../include/c++/3.4.5/arm-3d-linux"
ignoring nonexistent directory
"/homes/spelis2/3.4.5gcc/lib/gcc/arm-3d-linux/3.4.5/../../../../include/c++/3.4.5/backward"
ignoring nonexistent directory
"/homes/spelis2/3.4.5gcc/lib/gcc/arm-3d-linux/3.4.5/../../../../arm-3d-linux/sys-include"
ignoring nonexistent directory
"/homes/spelis2/3.4.5gcc/lib/gcc/arm-3d-linux/3.4.5/../../../../arm-3d-linux/include"
#include "..." search starts here:
#include <...> search starts here:
/homes/spelis2/3.4.5gcc/lib/gcc/arm-3d-linux/3.4.5/include
End of search list.
/homes/spelis2/3.4.5gcc/libexec/gcc/arm-3d-linux/3.4.5/cc1plus -fpreprocessed
brokenPointer.ii -quiet -dumpbase brokenPointer.cxx -mcpu=arm926ejs -auxbase
brokenPointer -Os -version -o brokenPointer.s
GNU C++ version 3.4.5 (arm-3d-linux)
compiled by GNU C version 3.4.1.
GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072
>Fix:
Our workarounds include (i) not using the optimiser, or (ii) using a
union instead of the "*((uint32_t *) &sy" style to obtain the
floating point (result) pattern.
--
Summary: register aliasing causes stale data to be used
Product: gcc
Version: 3.4.5
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: john dot spelis at 3dlabs dot com
GCC build triplet: i686-pc-linux-gnu
GCC host triplet: i686-pc-linux-gnu
GCC target triplet: arm-3d-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26378
More information about the Gcc-bugs
mailing list