[Bug rtl-optimization/91136] New: [MIPS] Incorrect move of instruction to delay slot causes application crash in exception handling
artur.koninski at nokia dot com
gcc-bugzilla@gcc.gnu.org
Wed Jul 10 16:55:00 GMT 2019
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91136
Bug ID: 91136
Summary: [MIPS] Incorrect move of instruction to delay slot
causes application crash in exception handling
Product: gcc
Version: 8.3.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: rtl-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: artur.koninski at nokia dot com
Target Milestone: ---
Target: mips64
Created attachment 46587
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=46587&action=edit
code that compiles wrong
Content of $a0 register containing __builtin_eh_pointer to be passed to
__cxa_begin_catch is overwritten by an incorrectly placed "ld $4,8($sp)"
instruction in delay branch of exception catch body selecting conditional jump:
.cfi_restore_state
li $2,1 # 0x1
beq $5,$2,.L4
move $16,$4
li $2,2 # 0x2
bne $5,$2,.L22
ld $4,8($sp) <- in case of no jump, $4 == $a0 is not
__builtin_eh_pointer anymore, but is still passed to __cxa_begin_catch
ld $25,%call16(__cxa_begin_catch)($28)
.reloc 1f,R_MIPS_JALR,__cxa_begin_catch
1: jalr $25
nop
The issue (in much more complex code) caused application crashes. Original
issue was found with g++ 6.4.1.
Looking at RTL dump of dbr phase the issue is alredy visible. I couldn't
recognize if anything is wrong in previous passes, but the issue seems to be
easily hidden by changes to previous passes, e.g. by using
-freorder-blocks-algorithm=simple.
To compile executable application and see the crash additional simple file is
needed with definitions of 3 functions (two empty and 1 throwing int)
More information about the Gcc-bugs
mailing list