[Bug c/52444] gcc.dg/tree-prof/pr44777.c execution, -fprofile-generate -D_PROFILE_GENERATE fails at -m32

howarth at nitro dot med.uc.edu gcc-bugzilla@gcc.gnu.org
Sat Dec 15 14:02:00 GMT 2012


--- Comment #1 from Jack Howarth <howarth at nitro dot med.uc.edu> 2012-12-15 14:02:23 UTC ---
This issue doesn't occur under darwin10 but when object files, created under
darwin10, are linked under darwin12 this runtime failure occurs. I opened
radar://12875171 in case this was a darwin linker bug. The darwin linker
developer looked at this crash and had the following comments...

This is a (gcc) compiler bug.  The crash is because register EBX is wrong in
function x() after returning from the call to function y().  Function y() has
some fancy jumps to labels.  After recursing 1000 times, it returns but does so
via messing with the stack frame:

        movl    %ecx, %eax
        leal    L5-L00000000001$pb(%ebx), %edx
        movl    (%eax), %ebp
        movl    4(%eax), %esp
        jmp         *%edx

This code does not restore EBX.  On runtimes in which EBX is the same for all
functions (e.g pointer to GOT), not restoring EBX will work.  But on Mac OS X,
EBX is different in every function.  Once it is trashed upon returning to x(),
x stores some memory values via EBX.  It is doing the stores to the wrong
location, causing a later crash.

It worked with the SL linker by luck.  The smashers happened to be written to
non-critical areas (__gcov_var).

More information about the Gcc-bugs mailing list