[Bug inline-asm/71086] New: miscompiled inline-asm + alternative constraints + __builtin_expect + always_inline

Thu, 12 May 2016 05:31:16 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71086

            Bug ID: 71086
           Summary: miscompiled inline-asm + alternative constraints +
                    __builtin_expect + always_inline
           Product: gcc
           Version: 4.9.3
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: inline-asm
          Assignee: unassigned at gcc dot gnu.org
          Reporter: mirq-gccboogs at rere dot qmqm.pl
  Target Milestone: ---

Created attachment 38474
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=38474&action=edit
test case source

The attached code get's miscompiled when -DNO_EXPECT is not passed. With
__builtin_expect used, the operand to inline asm in inc_overflow() get's
replaced with uninitialized stack entry. This happens only with exact
combination of: -O1, inline-asm has multiple alternative constraints,
__builtin_expect is used in inc_overflow(), there are other not-optimized-out
variables on stack.

gcc versions 4.9.2 (-10 Debian) and 4.9.3 (-13ubuntu2) miscompile, gcc 5.3.1
generates correct code.

--- good: g++ -O1 -S -DNO_EXCEPT bug_inline.cc -o -
+++ bad:  g++ -O1 -S             bug_inline.cc -o -
@@ -5,55 +5,49 @@
 _Z6test_smj:
 .LFB2: 
        .cfi_startproc
-       pushq   %rbp
-       .cfi_def_cfa_offset 16
-       .cfi_offset 6, -16
        pushq   %rbx
-       .cfi_def_cfa_offset 24
-       .cfi_offset 3, -24
-       subq    $40, %rsp
+       .cfi_def_cfa_offset 16
+       .cfi_offset 3, -16
+       subq    $48, %rsp
        .cfi_def_cfa_offset 64
-       movq    %rdi, %rbp
+       movq    %rdi, 8(%rsp)
        movq    %fs:40, %rax
-       movq    %rax, 24(%rsp)
+       movq    %rax, 40(%rsp)
        xorl    %eax, %eax
        cmpl    $10, %esi
        jbe     .L2
        movl    %esi, %ebx
-       leaq    8(%rsp), %rdi
+       leaq    24(%rsp), %rdi
        call    _Z3xdoRm
-.L5:
-       movq    %rbp, %rdi
+.L4:
 #APP
 # 18 "bug_inline.cpp" 1
-       add %rbx, %rdi
+       add %rbx, 32(%rsp)            <--- 32(%rsp) is not initialized, but
should be with 'v' (saved at 8(%rsp), or in %rbp in good code)
        setc %sil
 # 0 "" 2
 #NO_APP
        testb   %sil, %sil
-       movq    $-1, %rax
-       cmovne  %rax, %rdi
-       movq    %rdi, 16(%rsp)
-       leaq    16(%rsp), %rdi
+       je      .L3
+       movq    $-1, 32(%rsp)
+.L3:
+       leaq    32(%rsp), %rdi
        call    _Z3xdoRm
-       movq    8(%rsp), %rax
-       movq    24(%rsp), %rdx
+       movq    24(%rsp), %rax
+       movq    40(%rsp), %rdx
        xorq    %fs:40, %rdx
-       je      .L6
-       jmp     .L7
+       je      .L5
+       jmp     .L6
 .L2:
-       leaq    8(%rsp), %rdi
+       leaq    24(%rsp), %rdi
        call    _Z3xdoRm
        movl    $4294967295, %ebx
-       jmp     .L5
-.L7:
-       call    __stack_chk_fail
+       jmp     .L4
 .L6:
-       addq    $40, %rsp
-       .cfi_def_cfa_offset 24
-       popq    %rbx
+       call    __stack_chk_fail
+.L5:
+       addq    $48, %rsp
        .cfi_def_cfa_offset 16
-       popq    %rbp
+       popq    %rbx
        .cfi_def_cfa_offset 8
        ret
        .cfi_endproc

# Debian 4.9.2
$ gcc -v
Using built-in specs.
COLLECT_GCC=/usr/bin/gcc-4.9.real
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.9/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 4.9.2-10'
--with-bugurl=file:///usr/share/doc/gcc-4.9/README.Bugs
--enable-languages=c,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr
--program-suffix=-4.9 --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--with-gxx-include-dir=/usr/include/c++/4.9 --libdir=/usr/lib --enable-nls
--with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug
--enable-libstdcxx-time=yes --enable-gnu-unique-object --disable-vtable-verify
--enable-plugin --with-system-zlib --disable-browser-plugin
--enable-java-awt=gtk --enable-gtk-cairo
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64/jre --enable-java-home
--with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64
--with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-4.9-amd64
--with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar
--enable-objc-gc --enable-multiarch --with-arch-32=i586 --with-abi=m64
--with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic
--enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu
--target=x86_64-linux-gnu
Thread model: posix
gcc version 4.9.2 (Debian 4.9.2-10) 

# Ubuntu 4.9.3
$ g++-4.9 -v
Using built-in specs.
COLLECT_GCC=g++-4.9
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.9/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 4.9.3-13ubuntu2'
--with-bugurl=file:///usr/share/doc/gcc-4.9/README.Bugs
--enable-languages=c,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr
--program-suffix=-4.9 --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--with-gxx-include-dir=/usr/include/c++/4.9 --libdir=/usr/lib --enable-nls
--with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug
--enable-libstdcxx-time=yes --enable-gnu-unique-object --disable-vtable-verify
--enable-plugin --with-system-zlib --disable-browser-plugin
--enable-java-awt=gtk --enable-gtk-cairo
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64/jre --enable-java-home
--with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64
--with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-4.9-amd64
--with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar
--enable-objc-gc --enable-multiarch --disable-werror --with-arch-32=i686
--with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib
--with-tune=generic --enable-checking=release --build=x86_64-linux-gnu
--host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 4.9.3 (Ubuntu 4.9.3-13ubuntu2)

Reply via email to