[Bug 240116] New: On ppc32, g++ generates code that accesses below the stack pointer
https://bugzilla.novell.com/show_bug.cgi?id=240116 Summary: On ppc32, g++ generates code that accesses below the stack pointer Product: openSUSE 10.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Development AssignedTo: pth@novell.com ReportedBy: jseward@acm.org QAContact: qa@suse.de openSUSE 10.2 on ppc32 contains libraries that contain code which occasionally access below the stack pointer (r1), which I believe is in violation of the ELF 32-bit ppc ABI spec. Having looked at a couple of these, it looks like a bug in gcc's code generation for procedure epilogues - callee save registers are restored from the stack after r1 has been moved back up. Note this is a ppc32 specific problem. See disassembly below. SuSE gcc devs appear to agree such behaviour would constitute a bug. See comments #17, #18, #19 in https://bugzilla.novell.com/show_bug.cgi?id=234347 for details. How to reproduce: unfortunately I do not have a small C fragment to demo the problem. I can only say how to demo it. - get valgrind-3.2.3, install on ppc32-linux openSUSE 10.2 - run 'valgrind konqueror' - You get a bunch of messages like this: Invalid read of size 4 at 0xD92AAEC: (within /opt/kde3/lib/libkhtml.so.4.2.0) by 0xD98263C: (within /opt/kde3/lib/libkhtml.so.4.2.0) by 0xD8742D0: KHTMLView::layout() (in /opt/kde3/lib/libkhtml.so.4.2.0) by 0xD875BF0: KHTMLView::viewportResizeEvent(QResizeEvent*) (in /opt/kde3/lib/libkhtml.so.4.2.0) by 0xECB8320: QScrollView::updateScrollBars() (in /usr/lib/qt3/lib/libqt-mt.so.3.3.7) by 0xECB8C78: QScrollView::resizeEvent(QResizeEvent*) (in /usr/lib/qt3/lib/libqt-mt.so.3.3.7) by 0xD822934: KHTMLView::resizeEvent(QResizeEvent*) (in /opt/kde3/lib/libkhtml.so.4.2.0) by 0xEBB8B58: QWidget::event(QEvent*) (in /usr/lib/qt3/lib/libqt-mt.so.3.3.7) by 0xEB0181C: QApplication::internalNotify(QObject*, QEvent*) (in /usr/lib/qt3/lib/libqt-mt.so.3.3.7) by 0xEB02C5C: QApplication::notify(QObject*, QEvent*) (in /usr/lib/qt3/lib/libqt-mt.so.3.3.7) by 0xF33F320: KApplication::notify(QObject*, QEvent*) (in /opt/kde3/lib/libkdecore.so.4.2.0) by 0xEB034D8: QApplication::sendPostedEvents(QObject*, int) (in /usr/lib/qt3/lib/libqt-mt.so.3.3.7) Address 0x7EEEF228 is just below the stack ptr. To suppress, use: --workaround-gcc296-bugs=yes objdump -d on gives this for the relevant section of libkhtml.so.4.2.0: 20bac0: 41 9c 00 08 blt- cr7,20bac8 <_ZThn40_N3DOM20HTMLEmbedElementImplD0Ev+0x25df8> 20bac4: 39 21 00 08 addi r9,r1,8 // r9 == r1+8 20bac8: 90 61 00 08 stw r3,8(r1) 20bacc: 80 01 00 34 lwz r0,52(r1) 20bad0: 83 61 00 1c lwz r27,28(r1) 20bad4: 83 81 00 20 lwz r28,32(r1) 20bad8: 83 a1 00 24 lwz r29,36(r1) 20badc: 83 c1 00 28 lwz r30,40(r1) 20bae0: 83 e1 00 2c lwz r31,44(r1) 20bae4: 38 21 00 30 addi r1,r1,48 // r9 == r1-40 20bae8: 7c 08 03 a6 mtlr r0 20baec: 80 69 00 00 lwz r3,0(r9) // EA == r1-40 (!) 20baf0: 4e 80 00 20 blr It is not correct for the instruction at 20bae4 to be before the one at 20baec. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=240116 rguenther@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|rguenther@novell.com |matz@novell.com ------- Comment #1 from rguenther@novell.com 2007-01-30 04:01 MST ------- Maybe micha had a testcase. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=240116 rguenther@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |234347 nThis| | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=240116 dmueller@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO|234347 | nThis| | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=240116 matz@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Comment #2 from matz@novell.com 2007-02-05 05:52 MST ------- No, I don't. But it seems we can extract one from libkhtml sources. From the looks at it I would speculate that this introduction if the r9 access is done by late code which tries to limit the range of immediates in all instructions, and by that suddenly break the obvious dependency of insns using r1 and those setting it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=240116 ------- Comment #3 from matz@novell.com 2007-02-05 13:06 MST ------- Yeah, for instance the khtml::RenderCanvas::docWidth() function has this problem. It's actually the second schedule pass, which reorders the load (for the return value) from some memory (which happens to be on stack) to after the adjustment of the stack pointer. Ugh. I'll try to create an easier testcase. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com