Bug 10768 - invalid code generated (affects modutils-2.4.27-alt8)
Summary: invalid code generated (affects modutils-2.4.27-alt8)
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: gcc4.1 (show other bugs)
Version: unstable
Hardware: all Linux
: P2 major
Assignee: Dmitry V. Levin
QA Contact: qa-sisyphus
URL: http://gcc.gnu.org/bugzilla/show_bug....
Keywords:
Depends on:
Blocks:
 
Reported: 2007-02-04 19:35 MSK by Sergey Vlasov
Modified: 2008-10-18 16:34 MSD (History)
1 user (show)

See Also:

Attachments
obj_reloc.c - example code (668 bytes, text/plain)
2007-02-04 19:36 MSK, Sergey Vlasov 		no flags Details
obj_reloc.i - preprocessor output (1.89 KB, text/plain)
2007-02-04 19:36 MSK, Sergey Vlasov 		no flags Details
obj_reloc.s - compiler output on x86_64 (3.97 KB, text/plain)
2007-02-04 19:39 MSK, Sergey Vlasov 		no flags Details
obj_reloc.c (339 bytes, text/plain)
2007-02-05 00:13 MSK, Dmitry V. Levin 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sergey Vlasov 2007-02-04 19:35:26 MSK 
The attached code (reduced version of modutils-2.4.27/obj/obj_reloc.c:
obj_allocate_commons()) is miscompiled by gcc4.1-4.1.1-alt11 (both on x86_64 and
i586):

 - the common_head = NULL initialization is lost, therefore the code uses
uninitialized stack variables (this manifests in depmod crashes at runtime);

 - in the example the last block with calls to do_something() is optimized out
completely.

Compiled with: gcc -S -O2 -Wall -W -fverbose-asm -save-temps obj_reloc.c
Comment 1 Sergey Vlasov 2007-02-04 19:36:27 MSK 
Created attachment 1775 [details]
obj_reloc.c - example code
Comment 2 Sergey Vlasov 2007-02-04 19:36:57 MSK 
Created attachment 1776 [details]
obj_reloc.i - preprocessor output
Comment 3 Sergey Vlasov 2007-02-04 19:39:11 MSK 
Created attachment 1777 [details]
obj_reloc.s - compiler output on x86_64

Notice these problems:

1) The first usage of common head:

	movq	-16(%rbp), %rdx # common_head, temp.33
	testq	%rdx, %rdx	# temp.33
	je	.L14	#,

comes before its initialization (in fact, common_head initialization is not
present in the generated code at all).

2) There are no calls to do_something() - the second loop was optimized out
completely.
Comment 4 Sergey Vlasov 2007-02-04 20:53:35 MSK 
gcc4.1-4.1.1-alt4 on i586 also had the same bug - the result of compiling
modutils-2.4.27-alt8 is:

000003c5 <obj32_allocate_commons>:
 3c5:   55                      push   %ebp
 3c6:   89 e5                   mov    %esp,%ebp
 3c8:   57                      push   %edi
 3c9:   56                      push   %esi
 3ca:   53                      push   %ebx
 3cb:   83 ec 2c                sub    $0x2c,%esp
 3ce:   31 ff                   xor    %edi,%edi
 3d0:   8b 45 08                mov    0x8(%ebp),%eax
 3d3:   8b 4c b8 5c             mov    0x5c(%eax,%edi,4),%ecx
 3d7:   85 c9                   test   %ecx,%ecx
 3d9:   75 08                   jne    3e3 <obj32_allocate_commons+0x1e>
 3db:   eb 53                   jmp    430 <obj32_allocate_commons+0x6b>
 3dd:   8b 09                   mov    (%ecx),%ecx
 3df:   85 c9                   test   %ecx,%ecx
 3e1:   74 4d                   je     430 <obj32_allocate_commons+0x6b>
 3e3:   81 79 10 f2 ff 00 00    cmpl   $0xfff2,0x10(%ecx)
 3ea:   75 f1                   jne    3dd <obj32_allocate_commons+0x18>
 3ec:   8b 55 f0                mov    0xfffffff0(%ebp),%edx
 3ef:   85 d2                   test   %edx,%edx
 3f1:   0f 84 26 01 00 00       je     51d <obj32_allocate_commons+0x158>
...

0xfffffff0(%ebp) is used, but never initialized.

==30744== Conditional jump or move depends on uninitialised value(s)
==30744==    at 0x8057511: obj32_allocate_commons (obj_reloc.c:146)
==30744==    by 0x804A7B2: loadobj (depmod.c:977)
==30744==    by 0x804C680: depmod_main_32 (depmod.c:1727)
==30744==    by 0x804FC02: main (depmod.c:1750)
Comment 5 Dmitry V. Levin 2007-02-05 00:13:50 MSK 
Created attachment 1779 [details]
obj_reloc.c

Even more reduced sample which still gets miscompiled:

$ gcc -S -O2 -Wall -W -fno-stack-protector -fverbose-asm obj_reloc.c
$ fgrep head obj_reloc.s 
	movl	-8(%ebp), %eax	# head, temp.31
$ gcc -S -O1 -Wall -W -fno-stack-protector -fverbose-asm obj_reloc.c
$ fgrep head obj_reloc.s 
	movl	$0, -8(%ebp)	#, head
	movl	-8(%ebp), %eax	# head, temp.29
Comment 6 Dmitry V. Levin 2008-10-18 16:34:01 MSD 
wontfix for gcc4.1
fixed upstream, available in gcc4.3-4.3.2-alt1