[Bug c/101469] New: wrong code with "-O2 -fPIE" for SH

Fri Jul 16 09:48:24 GMT 2021

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101469

            Bug ID: 101469
           Summary: wrong code with "-O2 -fPIE" for SH
           Product: gcc
           Version: 10.3.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: rin at NetBSD dot org
                CC: rin at NetBSD dot org
  Target Milestone: ---
            Target: shle--netbsdelf

This Bug is for GCC 10.3 for shle:

----
$ shle--netbsdelf-gcc -v
Using built-in specs.
COLLECT_GCC=/build/gcc10/tools/bin/shle--netbsdelf-gcc
COLLECT_LTO_WRAPPER=/build/gcc10/tools/libexec/gcc/shle--netbsdelf/10.3.0/lto-wrapper
Target: shle--netbsdelf
Configured with: /usr/src/tools/gcc/../../external/gpl3/gcc/dist/configure
--target=shle--netbsdelf --enable-long-long --enable-threads
--with-bugurl=http://www.NetBSD.org/support/send-pr.html
--with-pkgversion='NetBSD nb1 20210411' --with-system-zlib --without-isl
--enable-__cxa_atexit --enable-libstdcxx-time=rt --enable-libstdcxx-threads
--with-diagnostics-color=auto-if-env --with-default-libstdcxx-abi=new
--with-sysroot=/build/gcc10/dest/landisk --with-mpc=/build/gcc10/tools
--with-mpfr=/build/gcc10/tools --with-gmp=/build/gcc10/tools --disable-nls
--disable-multilib --program-transform-name='s,^,shle--netbsdelf-,'
--enable-languages='c c++ objc' --prefix=/build/gcc10/tools
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 10.3.0 (NetBSD nb1 20210411)
----

GCC miscompile this code with "-O2 -fPIE":

----
typedef struct {
        int pad[16];
        int i;
        int *p;
} struct_t;

struct_t *sp;

void *ptr(void);

void func(void) {
        sp = ptr();
        sp->p = &sp->i;
}
----

The following is objdump with comments:

----
00000000 <func>:
   0:   mov.l   r12,@-r15
   2:   mova    24 <func+0x24>,r0
   4:   mov.l   24 <func+0x24>,r12
   6:   sts.l   pr,@-r15
   8:   add     r0,r12                  ! r12 = .got
   a:   mov.l   28 <func+0x28>,r1
   c:   bsrf    r1                      ! r0 = ptr()
   e:   nop
  10:   mov.l   2c <func+0x2c>,r1
  12:   mov     r0,r2                   ! r2 = r0
  14:   mov     r12,r0
  16:   mov.l   r2,@(r0,r1)             ! @(.got, 2c) = sp = r2
  18:   add     #64,r2                  ! r2 = &sp->i
  1a:   mov.l   r2,@(4,r12)             ! XXX
  1c:   lds.l   @r15+,pr
  1e:   rts
  20:   mov.l   @r15+,r12
  22:   nop
  24:   .word 0x0000
  26:   .word 0x0000
  28:   sett
  2a:   .word 0x0000
  2c:   .word 0x0000
----

The problem is marked by XXX in comment; if this line were

----
  1a:   mov.l   r2,@(4,r2)
----

it would make sense, i.e.,

----
  @(4, &sp->i) = sp->p = r2 = &sp->i
----

However, unfortunately, GCC somehow mistakes r12 (= .got) with r2.
As a result, sp->p is not correctly set, and .got gets corrupted.

Note that generated code is almost same for "-Os -fPIE". And the
problem occurs also for GCC 9.3.