[Bug c/100163] New: -falign-loops sometimes produces invalid code for SH-2

vluchits at gmail dot com gcc-bugzilla@gcc.gnu.org
Tue Apr 20 19:44:17 GMT 2021 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100163

            Bug ID: 100163
           Summary: -falign-loops sometimes produces invalid code for SH-2
           Product: gcc
           Version: 9.3.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: vluchits at gmail dot com
  Target Milestone: ---

Hello,

relocating functions to .data segment causes gcc to produce invalid code for
'nop' instruction on SH2 architecture when -O2 optimization flag is specified
or -falign-loops is enabled explicitly.

Here's disassembly of a C function R_SegCommand that demonstrates the code that
works:
0000050c <_R_SegCommands>:
 50c:   2f 86           mov.l   r8,@-r15
 50e:   2f 96           mov.l   r9,@-r15
 510:   2f a6           mov.l   r10,@-r15
 512:   2f b6           mov.l   r11,@-r15
 514:   2f c6           mov.l   r12,@-r15
 516:   2f d6           mov.l   r13,@-r15
 518:   2f e6           mov.l   r14,@-r15
 51a:   91 b1           mov.w   680 <_R_SegCommands+0x174>,r1   ! 258
 51c:   4f 22           sts.l   pr,@-r15
 51e:   d2 5a           mov.l   688 <_R_SegCommands+0x17c>,r2   ! 20004024
 520:   3f 18           sub     r1,r15
 522:   00 09           nop
 524:   60 21           mov.w   @r2,r0
 526:   64 0d           extu.w  r0,r4
 528:   24 48           tst     r4,r4
 52a:   8f fb           bf.s    524 <_R_SegCommands+0x18>
 52c:   e7 03           mov     #3,r7
...

Please note the 'nop' command at offset 522, which is encoded as 00 09, which
is the correct opcode for nop on SH2.

Now if -O2 or -Os -align-loops are specified and R_SegCommands is relocated to
the .data segment and aligned to 16-byte boundary:
void R_SegCommands(void) __attribute__((section(".data"), aligned(16)));

the following code is produced:

000000d0 <_R_SegCommands>:
  d0:   2f 86           mov.l   r8,@-r15
  d2:   2f 96           mov.l   r9,@-r15
  d4:   2f a6           mov.l   r10,@-r15
  d6:   2f b6           mov.l   r11,@-r15
  d8:   2f c6           mov.l   r12,@-r15
  da:   2f d6           mov.l   r13,@-r15
  dc:   2f e6           mov.l   r14,@-r15
  de:   91 b1           mov.w   244 <_R_SegCommands+0x174>,r1   ! 258
  e0:   4f 22           sts.l   pr,@-r15
  e2:   d2 5a           mov.l   24c <_R_SegCommands+0x17c>,r2   ! 20004024
  e4:   3f 18           sub     r1,r15
  e6:   00 00           .word 0x0000
  e8:   60 21           mov.w   @r2,r0
  ea:   64 0d           extu.w  r0,r4
  ec:   24 48           tst     r4,r4
  ee:   8f fb           bf.s    e8 <_R_SegCommands+0x18>
  f0:   e7 03           mov     #3,r7
  f2:   d5 57           mov.l   250 <_R_SegCommands+0x180>,r5   ! 0
<_R_DrawTexture>
  f4:   e3 01           mov     #1,r3
...

Note the opcode at offset e6, which is a nop instruction and was 00 09 in the
previous version and which is 00 00 now. When this opcode is encountered during
the program's execution, it an causes immediate crash.

Replacing all occurrences of 00 00 in the binary code with 00 09 makes the
makes the program run fine again.

More information about the Gcc-bugs mailing list