[Bug ipa/65236] New: [5 Regression]: IPA ICF causes miscompilation in Chromium built with -Os
marxin at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Fri Feb 27 13:49:00 GMT 2015
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65236
Bug ID: 65236
Summary: [5 Regression]: IPA ICF causes miscompilation in
Chromium built with -Os
Product: gcc
Version: 5.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: ipa
Assignee: marxin at gcc dot gnu.org
Reporter: marxin at gcc dot gnu.org
Starting from r221040 ICF introduced new wrapper (thunk) created for a couple
of symbols in chromium (protoc binary).
Semantic equality hit:std::__cxx11::string
google::protobuf::MessageLite::SerializePartialAsString()
const->std::__cxx11::string google::protobuf::MessageLite::SerializeAsString()
const
Assembler symbol
names:_ZNK6google8protobuf11MessageLite24SerializePartialAsStringEv->_ZNK6google8protobuf11MessageLite17SerializeAsStringEv
std::__cxx11::string google::protobuf::MessageLite::SerializePartialAsString()
const (const struct MessageLiteD.25422 * const thisD.27459)
{
<bb 2>:
_9 = &MEM[(struct basic_string *)output_3(D)].D.16928._M_local_buf;
MEM[(struct _Alloc_hider *)output_3(D)]._M_p = _9;
MEM[(size_type *)output_3(D) + 8B] = 0;
MEM[(char_type &)output_3(D) + 16] = 0;
_7 = google::protobuf::MessageLite::AppendPartialToString (this_5(D),
output_3(D));
if (_7 != 0)
goto <bb 4>;
else
goto <bb 3>;
<bb 3>:
MEM[(size_type *)output_3(D) + 8B] = 0;
_4 = MEM[(const struct basic_string *)output_3(D)];
MEM[(char_type &)_4] = 0;
<bb 4>:
return output_3(D);
}
std::__cxx11::string google::protobuf::MessageLite::SerializeAsString() const
(const struct MessageLiteD.25422 * const thisD.27454)
{
<bb 2>:
_8 = &MEM[(struct basic_string *)output_3(D)].D.16928._M_local_buf;
MEM[(struct _Alloc_hider *)output_3(D)]._M_p = _8;
MEM[(size_type *)output_3(D) + 8B] = 0;
MEM[(char_type &)output_3(D) + 16] = 0;
_4 = google::protobuf::MessageLite::AppendPartialToString (this_5(D),
output_3(D));
if (_4 != 0)
goto <bb 4>;
else
goto <bb 3>;
<bb 3>:
MEM[(size_type *)output_3(D) + 8B] = 0;
_6 = MEM[(const struct basic_string *)output_3(D)];
MEM[(char_type &)_6] = 0;
<bb 4>:
return output_3(D);
}
Unified; Wrapper has been created.
Optimized dump:
Removing basic block 5
std::__cxx11::string google::protobuf::MessageLite::SerializePartialAsString()
const (const struct MessageLite * const this)
{
char * const _4;
bool _7;
char[16] * _9;
<bb 2>:
_9 = &MEM[(struct basic_string *)output_3(D)].D.16928._M_local_buf;
MEM[(struct _Alloc_hider *)output_3(D)]._M_p = _9;
MEM[(size_type *)output_3(D) + 8B] = 0;
MEM[(char_type &)output_3(D) + 16] = 0;
_7 = google::protobuf::MessageLite::AppendPartialToString (this_5(D),
output_3(D));
if (_7 != 0)
goto <bb 4>;
else
goto <bb 3>;
<bb 3>:
MEM[(size_type *)output_3(D) + 8B] = 0;
_4 = MEM[(const struct basic_string *)output_3(D)];
MEM[(char_type &)_4] = 0;
<bb 4>:
return output_3(D);
}
;; Function std::__cxx11::string
google::protobuf::MessageLite::SerializeAsString() const
(_ZNK6google8protobuf11MessageLite17SerializeAsStringEv, funcdef_no=1252,
decl_uid=25508, cgraph_uid=355, symbol_order=356)
std::__cxx11::string google::protobuf::MessageLite::SerializeAsString() const
(const struct MessageLite * const this)
{
<bb 2>:
*output_2(D) = google::protobuf::MessageLite::SerializePartialAsString
(this_3(D)); [tail call]
return output_2(D);
}
Unfortunately, emitted assembly is miscompiled with double free (memory
corruption) error.
I'm going to attach RTL dumps.
Martin
More information about the Gcc-bugs
mailing list