https://bugzilla.novell.com/show_bug.cgi?id=240116 Summary: On ppc32, g++ generates code that accesses below the stack pointer Product: openSUSE 10.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Development AssignedTo: pth@novell.com ReportedBy: jseward@acm.org QAContact: qa@suse.de openSUSE 10.2 on ppc32 contains libraries that contain code which occasionally access below the stack pointer (r1), which I believe is in violation of the ELF 32-bit ppc ABI spec. Having looked at a couple of these, it looks like a bug in gcc's code generation for procedure epilogues - callee save registers are restored from the stack after r1 has been moved back up. Note this is a ppc32 specific problem. See disassembly below. SuSE gcc devs appear to agree such behaviour would constitute a bug. See comments #17, #18, #19 in https://bugzilla.novell.com/show_bug.cgi?id=234347 for details. How to reproduce: unfortunately I do not have a small C fragment to demo the problem. I can only say how to demo it. - get valgrind-3.2.3, install on ppc32-linux openSUSE 10.2 - run 'valgrind konqueror' - You get a bunch of messages like this: Invalid read of size 4 at 0xD92AAEC: (within /opt/kde3/lib/libkhtml.so.4.2.0) by 0xD98263C: (within /opt/kde3/lib/libkhtml.so.4.2.0) by 0xD8742D0: KHTMLView::layout() (in /opt/kde3/lib/libkhtml.so.4.2.0) by 0xD875BF0: KHTMLView::viewportResizeEvent(QResizeEvent*) (in /opt/kde3/lib/libkhtml.so.4.2.0) by 0xECB8320: QScrollView::updateScrollBars() (in /usr/lib/qt3/lib/libqt-mt.so.3.3.7) by 0xECB8C78: QScrollView::resizeEvent(QResizeEvent*) (in /usr/lib/qt3/lib/libqt-mt.so.3.3.7) by 0xD822934: KHTMLView::resizeEvent(QResizeEvent*) (in /opt/kde3/lib/libkhtml.so.4.2.0) by 0xEBB8B58: QWidget::event(QEvent*) (in /usr/lib/qt3/lib/libqt-mt.so.3.3.7) by 0xEB0181C: QApplication::internalNotify(QObject*, QEvent*) (in /usr/lib/qt3/lib/libqt-mt.so.3.3.7) by 0xEB02C5C: QApplication::notify(QObject*, QEvent*) (in /usr/lib/qt3/lib/libqt-mt.so.3.3.7) by 0xF33F320: KApplication::notify(QObject*, QEvent*) (in /opt/kde3/lib/libkdecore.so.4.2.0) by 0xEB034D8: QApplication::sendPostedEvents(QObject*, int) (in /usr/lib/qt3/lib/libqt-mt.so.3.3.7) Address 0x7EEEF228 is just below the stack ptr. To suppress, use: --workaround-gcc296-bugs=yes objdump -d on gives this for the relevant section of libkhtml.so.4.2.0: 20bac0: 41 9c 00 08 blt- cr7,20bac8 <_ZThn40_N3DOM20HTMLEmbedElementImplD0Ev+0x25df8> 20bac4: 39 21 00 08 addi r9,r1,8 // r9 == r1+8 20bac8: 90 61 00 08 stw r3,8(r1) 20bacc: 80 01 00 34 lwz r0,52(r1) 20bad0: 83 61 00 1c lwz r27,28(r1) 20bad4: 83 81 00 20 lwz r28,32(r1) 20bad8: 83 a1 00 24 lwz r29,36(r1) 20badc: 83 c1 00 28 lwz r30,40(r1) 20bae0: 83 e1 00 2c lwz r31,44(r1) 20bae4: 38 21 00 30 addi r1,r1,48 // r9 == r1-40 20bae8: 7c 08 03 a6 mtlr r0 20baec: 80 69 00 00 lwz r3,0(r9) // EA == r1-40 (!) 20baf0: 4e 80 00 20 blr It is not correct for the instruction at 20bae4 to be before the one at 20baec. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.