[Bug target/78936] New: Interprocedural constant propagation miscompiles C++ methods on i686 Windows

rnk at google dot com gcc-bugzilla@gcc.gnu.org
Tue Dec 27 23:45:00 GMT 2016 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78936

            Bug ID: 78936
           Summary: Interprocedural constant propagation miscompiles C++
                    methods on i686 Windows
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: target
          Assignee: unassigned at gcc dot gnu.org
          Reporter: rnk at google dot com
  Target Milestone: ---

The following test case has an issue where some interprocedural optimziation in
GCC 6.2.0 appears to have mixed up the calling convention of a C++ thiscall
method:
https://drive.google.com/open?id=0B5-KodWdXF4YZ1pVczVQX0tiOGM

When I compile the linked file like so, I get the following assembly snippets,
which seem to corrupt the stack pointer:
$ g++ -O2 llvm-subtarget-emitter.cpp -S -o t.s

$ c++filt < t.s | less
...
(anonymous namespace)::SubtargetEmitter::EmitProcessorProp(llvm::raw_ostream&,
llvm::Record const*, llvm::StringRef, char) [clone .constprop.544]:
...
        addl    $28, %esp
        .cfi_remember_state
        .cfi_def_cfa_offset 20
        popl    %ebx
        .cfi_restore 3
        .cfi_def_cfa_offset 16
        popl    %esi
        .cfi_restore 6
        .cfi_def_cfa_offset 12
        popl    %edi
        .cfi_restore 7
        .cfi_def_cfa_offset 8
        popl    %ebp
        .cfi_restore 5
        .cfi_def_cfa_offset 4
        ret
        .p2align 4,,10
...
(anonymous namespace)::SubtargetEmitter::EmitSchedModel(llvm::raw_ostream&):
...
        call    (anonymous
namespace)::SubtargetEmitter::EmitProcessorProp(llvm::raw_ostream&,
llvm::Record const*, llvm::StringRef, char) [clone .constprop.544]
        movl    28(%edi), %edx
        movl    8(%ebp), %eax
        subl    $8, %esp
        movl    $LC170, (%esp)
        movl    $17, 4(%esp)
        call    (anonymous
namespace)::SubtargetEmitter::EmitProcessorProp(llvm::raw_ostream&,
llvm::Record const*, llvm::StringRef, char) [clone .constprop.544]
        movl    28(%edi), %edx
        movl    8(%ebp), %eax
        subl    $8, %esp
...

Note that the "ret" instruction doesn't match the "sub $8, %esp" instructions
after the call sites of SubtargetEmitter::EmitProcessorProp. The callee-cleanup
property of the EmitProcessorProp clone seems to have been lost, or the call
site hasn't been updated to treat it as a caller cleanup call.

This issue was encountered while building LLVM with the latest GCC provided by
mingw-w64: http://lists.llvm.org/pipermail/cfe-dev/2016-December/051980.html

$ g++ --version
g++.exe (i686-posix-dwarf-rev1, Built by MinGW-W64 project) 6.2.0
Copyright (C) 2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

More information about the Gcc-bugs mailing list