https://bugzilla.novell.com/show_bug.cgi?id=683760
https://bugzilla.novell.com/show_bug.cgi?id=683760#c0
Summary: gcc (4.5.1 20101208) with -O3 generates broken code
Classification: openSUSE
Product: openSUSE 11.4
Version: Factory
Platform: i586
OS/Version: openSUSE 11.4
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Development
AssignedTo: pth@novell.com
ReportedBy: sebastian.witt@siemens.com
QAContact: qa@suse.de
Found By: ---
Blocker: ---
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0.0) Gecko/20100101
Firefox/4.0
Installed gcc packages:
gcc-4.5-19.1
gcc45-4.5.1_20101208-9.8
gcc -v:
====
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/i586-suse-linux/4.5/lto-wrapper
Target: i586-suse-linux
Configured with: ../configure --prefix=/usr --infodir=/usr/share/info
--mandir=/usr/share/man --libdir=/usr/lib --libexecdir=/usr/lib
--enable-languages=c,c++,objc,fortran,obj-c++,java,ada
--enable-checking=release --with-gxx-include-dir=/usr/include/c++/4.5
--enable-ssp --disable-libssp --disable-plugin
--with-bugurl=http://bugs.opensuse.org/ --with-pkgversion='SUSE Linux'
--disable-libgcj --disable-libmudflap --with-slibdir=/lib --with-system-zlib
--enable-__cxa_atexit --enable-libstdcxx-allocator=new --disable-libstdcxx-pch
--enable-version-specific-runtime-libs --program-suffix=-4.5
--enable-linux-futex --without-system-libunwind --enable-gold
--with-plugin-ld=/usr/bin/gold --with-arch-32=i586 --with-tune=generic
--build=i586-suse-linux
Thread model: posix
gcc version 4.5.1 20101208 [gcc-4_5-branch revision 167585] (SUSE Linux)
====
cmake uses -O3 when CMAKE_BUILD_TYPE is "Release".
The following source code leads to a segmentation fault due to invalid
generated code:
====
SLIAPI(SLI_STATUS) BDV2GetEntryConfig (IN BDV2_LIB_INSTANCE *Instance, IN
UINT32 Type, IN UINT32 Index, OUT BDV2_ENTRY_CONFIG **ConfigEntry)
{
if ((Instance == NULL) || (ConfigEntry == NULL))
return SLI_INVALID_PARAMETER;
// Check if entry exists
*ConfigEntry = NULL;
while (!SLI_ERROR(BDV2GetNext (Instance, BDV2_ENTRY_TYPE_CONFIG,
(BDV2_ENTRY **)ConfigEntry))) {
if (((*ConfigEntry)->Type == Type) && ((*ConfigEntry)->Index == Index))
return SLI_SUCCESS;
}
return SLI_NOT_FOUND;
}
====
This generates the following code with -O3:
====
08056460 <BDV2GetEntryConfig>:
8056460: 55 push %ebp
8056461: 89 e5 mov %esp,%ebp
8056463: 8b 4d 14 mov 0x14(%ebp),%ecx
8056466: 57 push %edi
8056467: 8b 7d 10 mov 0x10(%ebp),%edi
805646a: 56 push %esi
805646b: 8b 75 0c mov 0xc(%ebp),%esi
805646e: 53 push %ebx
805646f: 8b 5d 08 mov 0x8(%ebp),%ebx
8056472: 85 c9 test %ecx,%ecx
8056474: 74 76 je 80564ec
8056476: 85 db test %ebx,%ebx
8056478: 74 72 je 80564ec
805647a: c7 01 00 00 00 00 movl $0x0,(%ecx)
8056480: 8b 01 mov (%ecx),%eax
8056482: eb 24 jmp 80564a8
8056484: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
8056488: 83 78 04 ff cmpl $0xffffffff,0x4(%eax)
805648c: 74 3a je 80564c8
805648e: 81 38 42 44 56 32 cmpl $0x32564442,(%eax)
8056494: 75 32 jne 80564c8
8056496: 03 40 10 add 0x10(%eax),%eax
8056499: 8b 50 04 mov 0x4(%eax),%edx
805649c: 89 01 mov %eax,(%ecx)
805649e: 83 fa ff cmp $0xffffffff,%edx
80564a1: 74 25 je 80564c8
80564a3: 83 fa 04 cmp $0x4,%edx
80564a6: 74 30 je 80564d8
80564a8: 85 c0 test %eax,%eax
80564aa: 75 dc jne 8056488
80564ac: 8b 03 mov (%ebx),%eax
80564ae: 03 40 0c add 0xc(%eax),%eax
80564b1: 8b 50 04 mov 0x4(%eax),%edx
80564b4: 89 01 mov %eax,(%ecx)
80564b6: 83 fa ff cmp $0xffffffff,%edx
80564b9: 74 0d je 80564c8
80564bb: 81 38 42 44 56 32 cmpl $0x32564442,(%eax)
80564c1: 74 e0 je 80564a3
80564c3: 90 nop
80564c4: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
80564c8: b8 0e 00 00 80 mov $0x8000000e,%eax
80564cd: 5b pop %ebx
80564ce: 5e pop %esi
80564cf: 5f pop %edi
80564d0: 5d pop %ebp
80564d1: c3 ret
80564d2: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
80564d8: 39 35 20 00 00 00 cmp %esi,0x20
80564de: 75 a0 jne 8056480
80564e0: 39 3d 24 00 00 00 cmp %edi,0x24
80564e6: 75 98 jne 8056480
80564e8: 31 c0 xor %eax,%eax
80564ea: eb e1 jmp 80564cd
80564ec: b8 02 00 00 80 mov $0x80000002,%eax
80564f1: 5b pop %ebx
80564f2: 5e pop %esi
80564f3: 5f pop %edi
80564f4: 5d pop %ebp
80564f5: c3 ret
====
The failing position is 80564d8: cmp %esi,0x20 (and 80564e0: cmp
%edi,0x24) which corresponds with:
(((*ConfigEntry)->Type == Type) && ((*ConfigEntry)->Index == Index))
However the pointer was optimized away (I suspect because it was initialized
with NULL) and only
the offsets are used.
With -O2 it generates the following correct code:
====
00000c10 <BDV2GetEntryConfig>:
c10: 55 push %ebp
c11: 89 e5 mov %esp,%ebp
c13: 57 push %edi
c14: 56 push %esi
c15: 53 push %ebx
c16: 83 ec 0c sub $0xc,%esp
c19: 8b 5d 14 mov 0x14(%ebp),%ebx
c1c: 8b 75 08 mov 0x8(%ebp),%esi
c1f: 8b 7d 0c mov 0xc(%ebp),%edi
c22: 85 db test %ebx,%ebx
c24: 74 4a je c70
c26: 85 f6 test %esi,%esi
c28: 74 46 je c70
c2a: c7 03 00 00 00 00 movl $0x0,(%ebx)
c30: 89 5c 24 08 mov %ebx,0x8(%esp)
c34: c7 44 24 04 04 00 00 movl $0x4,0x4(%esp)
c3b: 00
c3c: 89 34 24 mov %esi,(%esp)
c3f: e8 fc ff ff ff call c40
c44: 85 c0 test %eax,%eax
c46: 78 18 js c60
c48: 8b 03 mov (%ebx),%eax
c4a: 39 78 20 cmp %edi,0x20(%eax)
c4d: 75 e1 jne c30
c4f: 8b 55 10 mov 0x10(%ebp),%edx
c52: 39 50 24 cmp %edx,0x24(%eax)
c55: 75 d9 jne c30
c57: 31 c0 xor %eax,%eax
c59: eb 0a jmp c65
c5b: 90 nop
c5c: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
c60: b8 0e 00 00 80 mov $0x8000000e,%eax
c65: 83 c4 0c add $0xc,%esp
c68: 5b pop %ebx
c69: 5e pop %esi
c6a: 5f pop %edi
c6b: 5d pop %ebp
c6c: c3 ret
c6d: 8d 76 00 lea 0x0(%esi),%esi
c70: 83 c4 0c add $0xc,%esp
c73: b8 02 00 00 80 mov $0x80000002,%eax
c78: 5b pop %ebx
c79: 5e pop %esi
c7a: 5f pop %edi
c7b: 5d pop %ebp
c7c: c3 ret
====
(cmp %edi,0x20(%eax) and cmp %edx,0x24(%eax))
A second workaround is to modify the source code to:
====
SLIAPI(SLI_STATUS) BDV2GetEntryConfig (IN BDV2_LIB_INSTANCE *Instance, IN
UINT32 Type, IN UINT32 Index, OUT BDV2_ENTRY_CONFIG **ConfigEntry)
{
BDV2_ENTRY *NextEntry;
if ((Instance == NULL) || (ConfigEntry == NULL))
return SLI_INVALID_PARAMETER;
// Check if entry exists
NextEntry = NULL;
while (!SLI_ERROR(BDV2GetNext (Instance, BDV2_ENTRY_TYPE_CONFIG,
&NextEntry))) {
*ConfigEntry = (BDV2_ENTRY_CONFIG *)NextEntry;
if (((*ConfigEntry)->Type == Type) && ((*ConfigEntry)->Index == Index))
return SLI_SUCCESS;
}
return SLI_NOT_FOUND;
}
====
This generates with -O3:
====
080563b0 <BDV2GetEntryConfig>:
80563b0: 55 push %ebp
80563b1: 89 e5 mov %esp,%ebp
80563b3: 57 push %edi
80563b4: 8b 4d 08 mov 0x8(%ebp),%ecx
80563b7: 56 push %esi
80563b8: 8b 7d 10 mov 0x10(%ebp),%edi
80563bb: 53 push %ebx
80563bc: 8b 5d 14 mov 0x14(%ebp),%ebx
80563bf: 8b 75 0c mov 0xc(%ebp),%esi
80563c2: 85 db test %ebx,%ebx
80563c4: 74 62 je 8056428
80563c6: 85 c9 test %ecx,%ecx
80563c8: 74 5e je 8056428
80563ca: 31 c0 xor %eax,%eax
80563cc: eb 20 jmp 80563ee
80563ce: 66 90 xchg %ax,%ax
80563d0: 83 78 04 ff cmpl $0xffffffff,0x4(%eax)
80563d4: 74 32 je 8056408
80563d6: 81 38 42 44 56 32 cmpl $0x32564442,(%eax)
80563dc: 75 2a jne 8056408
80563de: 03 40 10 add 0x10(%eax),%eax
80563e1: 8b 50 04 mov 0x4(%eax),%edx
80563e4: 83 fa ff cmp $0xffffffff,%edx
80563e7: 74 1f je 8056408
80563e9: 83 fa 04 cmp $0x4,%edx
80563ec: 74 2a je 8056418
80563ee: 85 c0 test %eax,%eax
80563f0: 75 de jne 80563d0
80563f2: 8b 01 mov (%ecx),%eax
80563f4: 03 40 0c add 0xc(%eax),%eax
80563f7: 8b 50 04 mov 0x4(%eax),%edx
80563fa: 83 fa ff cmp $0xffffffff,%edx
80563fd: 74 09 je 8056408
80563ff: 81 38 42 44 56 32 cmpl $0x32564442,(%eax)
8056405: 74 e2 je 80563e9
8056407: 90 nop
8056408: b8 0e 00 00 80 mov $0x8000000e,%eax
805640d: 5b pop %ebx
805640e: 5e pop %esi
805640f: 5f pop %edi
8056410: 5d pop %ebp
8056411: c3 ret
8056412: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
8056418: 39 70 20 cmp %esi,0x20(%eax)
805641b: 89 03 mov %eax,(%ebx)
805641d: 75 cf jne 80563ee
805641f: 39 78 24 cmp %edi,0x24(%eax)
8056422: 75 ca jne 80563ee
8056424: 31 c0 xor %eax,%eax
8056426: eb e5 jmp 805640d
8056428: b8 02 00 00 80 mov $0x80000002,%eax
805642d: 5b pop %ebx
805642e: 5e pop %esi
805642f: 5f pop %edi
8056430: 5d pop %ebp
8056431: c3 ret
====
Reproducible: Always
Steps to Reproduce:
1. Compile code with -O3
2. Check disassembly
Actual Results:
Pointer optimized away.
Segmentation fault when generated code is executed.
Expected Results:
Correct code even with -O3.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.