[Bug c/38052] New: genautomata segfaults when -O2 is enabled
r0bertz at gentoo dot org
gcc-bugzilla@gcc.gnu.org
Fri Nov 7 15:33:00 GMT 2008
I have done some detailed research on this problem. It is after the needed
information. Please do have a look.
The source is checked out on 2008-11-07
The system is using O32 abi.
The configure option is
var/tmp/portage/sys-devel/gcc-4.4.0_pre9999/work/gcc-4.4.0-9999/gcc/configure
--cache-file=./config.cache --with-stabs --prefix=/usr
--bindir=/usr/mipsel-unknown-linux-gnu/gcc-bin/4.4.0-pre9999
--includedir=/usr/lib/gcc/mipsel-unknown-linux-gnu/4.4.0-pre9999/include
--datadir=/usr/share/gcc-data/mipsel-unknown-linux-gnu/4.4.0-pre9999
--mandir=/usr/share/gcc-data/mipsel-unknown-linux-gnu/4.4.0-pre9999/man
--infodir=/usr/share/gcc-data/mipsel-unknown-linux-gnu/4.4.0-pre9999/info
--with-gxx-include-dir=/usr/lib/gcc/mipsel-unknown-linux-gnu/4.4.0-pre9999/include/g++-v4
--disable-altivec --disable-fixed-point --enable-nls --without-included-gettext
--with-system-zlib --disable-checking --disable-werror --enable-secureplt
--disable-multilib --enable-libmudflap --disable-libssp --disable-libgomp
--enable-cld --disable-libgcj --enable-shared --enable-threads=posix
--enable-__cxa_atexit --enable-clocale=gnu
--with-bugurl=http://bugs.gentoo.org/ --with-pkgversion= --enable-linux-futex
--enable-languages=c,c++ --program-transform-name=s,y,y,
--build=mipsel-unknown-linux-gnu --host=mipsel-unknown-linux-gnu
--target=mipsel-unknown-linux-gnu
--srcdir=/var/tmp/portage/sys-devel/gcc-4.4.0_pre9999/work/gcc-4.4.0-9999/gcc
--with-build-libsubdir=.
The command to build genautomata is:
/var/tmp/portage/sys-devel/gcc-4.4.0_pre9999/work/build/./prev-gcc/xgcc
-B/var/tmp/portage/sys-devel/gcc-4.4.0_pre9999/work/build/./prev-gcc/
-B/usr/mipsel-unknown-linux-gnu/bin/ -c -O2 -g -pipe -DIN_GCC -W -Wall
-Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wcast-qual
-Wold-style-definition -Wc++-compat -Wmissing-format-attribute -pedantic
-Wno-long-long -Wno-variadic-macros -Wno-overlength-strings -DHAVE_CONFIG_H
-DGENERATOR_FILE -I. -Ibuild
-I/var/tmp/portage/sys-devel/gcc-4.4.0_pre9999/work/gcc-4.4.0-9999/gcc
-I/var/tmp/portage/sys-devel/gcc-4.4.0_pre9999/work/gcc-4.4.0-9999/gcc/build
-I/var/tmp/portage/sys-devel/gcc-4.4.0_pre9999/work/gcc-4.4.0-9999/gcc/../include
-I/var/tmp/portage/sys-devel/gcc-4.4.0_pre9999/work/gcc-4.4.0-9999/gcc/../libcpp/include
-I/var/tmp/portage/sys-devel/gcc-4.4.0_pre9999/work/gcc-4.4.0-9999/gcc/../libdecnumber
-I/var/tmp/portage/sys-devel/gcc-4.4.0_pre9999/work/gcc-4.4.0-9999/gcc/../libdecnumber/dpd
-I../libdecnumber -DCLOOG_PPL_BACKEND -o build/genautomata.o
/var/tmp/portage/sys-devel/gcc-4.4.0_pre9999/work/gcc-4.4.0-9999/gcc/genautomata.c
/var/tmp/portage/sys-devel/gcc-4.4.0_pre9999/work/build/./prev-gcc/xgcc
-B/var/tmp/portage/sys-devel/gcc-4.4.0_pre9999/work/build/./prev-gcc/
-B/usr/mipsel-unknown-linux-gnu/bin/ -O2 -g -pipe -DIN_GCC -W -Wall
-Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wcast-qual
-Wold-style-definition -Wc++-compat -Wmissing-format-attribute -pedantic
-Wno-long-long -Wno-variadic-macros -Wno-overlength-strings -DHAVE_CONFIG_H
-DGENERATOR_FILE -o build/genautomata \
build/genautomata.o build/rtl.o build/read-rtl.o build/ggc-none.o
build/vec.o build/min-insn-modes.o build/gensupport.o build/print-rtl.o
build/errors.o .././libiberty/libiberty.a -lm
The command segfaulted:
build/genautomata
/var/tmp/portage/sys-devel/gcc-4.4.0_pre9999/work/gcc-4.4.0-9999/gcc/config/mips/mips.md
insn-conditions.md
I have debugged this executable with gdb. And I found the exact instruction
which caused the segfaults. It has something to do with the manipulation of $gp
register.
>From readelf -a genautomata, the Canonical gp value of Primary GOT: 00440090
Normally before calling an function, the gp register must be loaded with this
value. This can be observed it compiled with no optimization option.
However if -O2 is enabled, the following code in genautomata.c:
6975 fprintf (output_file, "static const ");
6976 output_range_type (output_file, 0, automaton->insn_equiv_classes_num);
6977 fprintf (output_file, " ");
6978 output_translate_vect_name (output_file, automaton);
becomes(this is generated with -S option):
lw $28,16($sp)
lw $7,%lo(output_file)($17)
lw $25,%call16(fwrite)($28)
lui $4,%hi($LC171)
addiu $4,$4,%lo($LC171)
li $5,1 # 0x1
jalr $25
li $6,13 # 0xd
lw $6,16($18)
lw $4,%lo(output_file)($17)
.option pic0
jal output_range_type
.option pic2
move $5,$0
lw $28,16($sp)
lw $5,%lo(output_file)($17)
lw $25,%call16(fputc)($28)
nop
jalr $25
li $4,32 # 0x20
lw $4,%lo(output_file)($17)
.option pic0
jal output_translate_vect_name
.option pic2
move $5,$18
We can see there is no "lw $28,16($sp)" before "jal output_range_type"
or "jal output_translate_vect_name"
In the case of output_range_type, there is no problem, because inside the
function, the only access to GOT is to find "fwrite"'s GOT entry. And the entry
already contains the resolved address, since immediately before the call to
output_range_type, there is a call to fwrite.
The problem with output_translate_vect_name is this function has two calls to
fprintf, and they are called for the first time in this program. So we need to
call the lazy resolver. And that's exactly where the program segfaults. Since
gp's value is incorrect, neither will be the resolver's address.
That's what I have got so far. Hope this could help to solve the problem.
--
Summary: genautomata segfaults when -O2 is enabled
Product: gcc
Version: 4.4.0
Status: UNCONFIRMED
Severity: major
Priority: P3
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: r0bertz at gentoo dot org
GCC build triplet: mipsel-unknown-linux-gnu
GCC host triplet: mipsel-unknown-linux-gnu
GCC target triplet: mipsel-unknown-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38052
More information about the Gcc-bugs
mailing list