[Bug c/85260] New: 8.0: python-2.7.14 miscompiled at -O3

manuel.lauss at googlemail dot com gcc-bugzilla@gcc.gnu.org
Fri Apr 6 14:02:00 GMT 2018 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85260

            Bug ID: 85260
           Summary: 8.0: python-2.7.14 miscompiled at -O3
           Product: gcc
           Version: 8.0.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: manuel.lauss at googlemail dot com
  Target Milestone: ---

python-2.7.14 seems to be miscompiled at -O3, while -O2 is fine.
gcc-8 as of 20180405. gcc-7.3.1 -O3 is fine as well.

build # LD_LIBRARY_PATH=$PWD ./python 
Segmentation fault (core dumped)

#0  0x00007f784416d43a in PyInstance_NewRaw (klass=klass@entry=0x7f78439209a8,
dict=0x7f7843d66910, dict@entry=0x0) at
/tmp-ram/portage/dev-lang/python-2.7.14-r1/work/Python-2.7.14/Objects/classobject.c:544
544         inst->in_dict = dict;

(gdb) list
539             return NULL;
540         }
541         inst->in_weakreflist = NULL;
542         Py_INCREF(klass);
543         inst->in_class = (PyClassObject *)klass;
544         inst->in_dict = dict;
545         _PyObject_GC_TRACK(inst);
546         return (PyObject *)inst;
547     }

Dump of assembler code for function PyInstance_NewRaw:
   0x00007f784416d3d0 <+0>:     push   %rbp
   0x00007f784416d3d1 <+1>:     push   %rbx
   0x00007f784416d3d2 <+2>:     sub    $0x18,%rsp
   0x00007f784416d3d6 <+6>:     mov    0x149b9b(%rip),%rax        #
0x7f78442b6f78
   0x00007f784416d3dd <+13>:    cmp    %rax,0x8(%rdi)
   0x00007f784416d3e1 <+17>:    jne    0x7f784416d490 <PyInstance_NewRaw+192>
   0x00007f784416d3e7 <+23>:    mov    %rdi,%rbx
   0x00007f784416d3ea <+26>:    mov    %rsi,%rbp
   0x00007f784416d3ed <+29>:    test   %rsi,%rsi
   0x00007f784416d3f0 <+32>:    je     0x7f784416d4b0 <PyInstance_NewRaw+224>
   0x00007f784416d3f6 <+38>:    mov    0x8(%rsi),%rax
   0x00007f784416d3fa <+42>:    testb  $0x20,0xab(%rax)
   0x00007f784416d401 <+49>:    je     0x7f784416d4d0 <PyInstance_NewRaw+256>
   0x00007f784416d407 <+55>:    incq   (%rsi)
   0x00007f784416d40a <+58>:    mov    0x1496cf(%rip),%rdi        #
0x7f78442b6ae0
   0x00007f784416d411 <+65>:    callq  0x7f784414a390 <_PyObject_GC_New@plt>
   0x00007f784416d416 <+70>:    test   %rax,%rax
   0x00007f784416d419 <+73>:    je     0x7f784416d4e8 <PyInstance_NewRaw+280>
   0x00007f784416d41f <+79>:    vmovq  %rbx,%xmm1
   0x00007f784416d424 <+84>:    movq   $0x0,0x20(%rax)
   0x00007f784416d42c <+92>:    vpinsrq $0x1,%rbp,%xmm1,%xmm0
   0x00007f784416d432 <+98>:    incq   (%rbx)
   0x00007f784416d435 <+101>:   cmpq   $0xfffffffffffffffe,-0x10(%rax)
=> 0x00007f784416d43a <+106>:   vmovaps %xmm0,0x10(%rax)
   0x00007f784416d43f <+111>:   lea    -0x20(%rax),%rbx
   0x00007f784416d443 <+115>:   jne    0x7f784416d478 <PyInstance_NewRaw+168>
   0x00007f784416d445 <+117>:   mov    0x149834(%rip),%rdx        #
0x7f78442b6c80
   0x00007f784416d44c <+124>:   movq   $0xfffffffffffffffd,-0x10(%rax)
   0x00007f784416d454 <+132>:   mov    (%rdx),%rcx
   0x00007f784416d457 <+135>:   mov    %rcx,-0x20(%rax)
   0x00007f784416d45b <+139>:   mov    0x8(%rcx),%rcx
   0x00007f784416d45f <+143>:   mov    %rcx,-0x18(%rax)
   0x00007f784416d463 <+147>:   mov    %rbx,(%rcx)
   0x00007f784416d466 <+150>:   mov    (%rdx),%rdx
   0x00007f784416d469 <+153>:   mov    %rbx,0x8(%rdx)
   0x00007f784416d46d <+157>:   add    $0x18,%rsp
   0x00007f784416d471 <+161>:   pop    %rbx
   0x00007f784416d472 <+162>:   pop    %rbp
   0x00007f784416d473 <+163>:   retq   
   0x00007f784416d474 <+164>:   nopl   0x0(%rax)
   0x00007f784416d478 <+168>:   lea    0xf4d1d(%rip),%rdi        #
0x7f784426219c
   0x00007f784416d47f <+175>:   mov    %rax,0x8(%rsp)
   0x00007f784416d484 <+180>:   callq  0x7f784414b980 <Py_FatalError@plt>
   0x00007f784416d489 <+185>:   mov    0x8(%rsp),%rax
   0x00007f784416d48e <+190>:   jmp    0x7f784416d445 <PyInstance_NewRaw+117>
   0x00007f784416d490 <+192>:   mov    $0x209,%esi
   0x00007f784416d495 <+197>:   lea    0xf6184(%rip),%rdi        #
0x7f7844263620
   0x00007f784416d49c <+204>:   callq  0x7f784414c090
<_PyErr_BadInternalCall@plt>
   0x00007f784416d4a1 <+209>:   add    $0x18,%rsp
   0x00007f784416d4a5 <+213>:   xor    %eax,%eax
   0x00007f784416d4a7 <+215>:   pop    %rbx
   0x00007f784416d4a8 <+216>:   pop    %rbp
   0x00007f784416d4a9 <+217>:   retq   
   0x00007f784416d4aa <+218>:   nopw   0x0(%rax,%rax,1)
   0x00007f784416d4b0 <+224>:   callq  0x7f784414be40 <PyDict_New@plt>
   0x00007f784416d4b5 <+229>:   mov    %rax,%rbp
[...]

configured with
CFLAGS="-O3 -march=haswell -mtune=haswell -pipe"
./configure --prefix=/usr --build=x86_64-pc-linux-gnu
--host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info
--datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib
--libdir=/usr/lib64 --with-fpectl --enable-shared --enable-ipv6 --with-threads
--enable-unicode=ucs4 --infodir=${prefix}/share/info
--mandir=${prefix}/share/man --with-computed-gotos --with-dbmliborder=gdbm
--with-libc= --enable-loadable-sqlite-extensions --with-system-expat
--with-system-ffi --without-ensurepip


Thanks,
     Manuel

More information about the Gcc-bugs mailing list