http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50194
Bug #: 50194
Summary: wrong tail call optimization for mixed arm/thumb mode
Classification: Unclassified
Product: gcc
Version: 4.7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: target
AssignedTo: [email protected]
ReportedBy: [email protected]
Target: arm-unknown-linux-gnueabi
When I run dejagnu testing on arm qemu, I get a lot of qemu signal 11 error
with fdo enabled test cases. Following is an example
make check-gcc RUNTESTFLAGS="--target_board=arm-sim/thumb/arch=armv7-a
matrix.exp=transpose-2.c"
I got the following gcc.log
15 Running
/usr/local/google/home/carrot/trunk4/gcc/testsuite/gcc.dg/matrix/matrix.exp ...
16 Executing on host: /usr/local/google/home/carrot/disk2/armobj1/gcc/xgcc
-B/usr/local/google/home/carrot/disk2/armobj1/gcc/ -w -c -mthumb
-march=armv7-a -o /usr/lo
cal/google/home/carrot/disk2/armobj1/gcc/testsuite/gcc/gcc-testglue.o
/usr/share/dejagnu/testglue.c (timeout = 300)
17 spawn /usr/local/google/home/carrot/disk2/armobj1/gcc/xgcc
-B/usr/local/google/home/carrot/disk2/armobj1/gcc/ -w -c -mthumb -march=armv7-a
-o /usr/local/google/home/car
rot/disk2/armobj1/gcc/testsuite/gcc/gcc-testglue.o
/usr/share/dejagnu/testglue.c^M
18 Executing on host: /usr/local/google/home/carrot/disk2/armobj1/gcc/xgcc
-B/usr/local/google/home/carrot/disk2/armobj1/gcc/ tls_runtime30286.c gcc_tg.o
-DSTACK_SIZE=16
384 -Wl,-wrap,exit -Wl,-wrap,_exit -Wl,-wrap,main -Wl,-wrap,abort -lm
-mthumb -march=armv7-a -o tls_runtime30286.exe (timeout = 800)
19 spawn /usr/local/google/home/carrot/disk2/armobj1/gcc/xgcc
-B/usr/local/google/home/carrot/disk2/armobj1/gcc/ tls_runtime30286.c gcc_tg.o
-DSTACK_SIZE=16384 -Wl,-wrap,e
xit -Wl,-wrap,_exit -Wl,-wrap,main -Wl,-wrap,abort -lm -mthumb
-march=armv7-a -o tls_runtime30286.exe^M
20 spawn /usr/local/google/home/carrot/disk2/armobj1/sim/arm/run
./tls_runtime30286.exe^M
21 ^M
22 *** EXIT code 0^M 23 Executing on arm-sim/thumb/arch=armv7-a: rm -f
/usr/local/google/home/carrot/disk2/armobj1/gcc/testsuite/gcc/transpose-2.gcda
(timeout = 300) 24 spawn [open ...]^M
25 rsh: Could not resolve hostname arm-sim/thumb/arch=armv7-a: Name or service
not known^M 26 Executing on host:
/usr/local/google/home/carrot/disk2/armobj1/gcc/xgcc
-B/usr/local/google/home/carrot/disk2/armobj1/gcc/
/usr/local/google/home/carrot/trunk4/gcc/test
suite/gcc.dg/matrix/transpose-2.c gcc_tg.o -fprofile-generate -O3
-fno-tree-fre -DSTACK_SIZE=16384 -Wl,-wrap,exit -Wl,-wrap,_exit
-Wl,-wrap,main -Wl,-wrap,abor
t -lm -mthumb -march=armv7-a -o
/usr/local/google/home/carrot/disk2/armobj1/gcc/testsuite/gcc/transpose-2.x01
(timeout = 800)
27 spawn /usr/local/google/home/carrot/disk2/armobj1/gcc/xgcc
-B/usr/local/google/home/carrot/disk2/armobj1/gcc/
/usr/local/google/home/carrot/trunk4/gcc/testsuite/gcc.dg/
matrix/transpose-2.c gcc_tg.o -fprofile-generate -O3 -fno-tree-fre
-DSTACK_SIZE=16384 -Wl,-wrap,exit -Wl,-wrap,_exit -Wl,-wrap,main
-Wl,-wrap,abort -lm -mthumb -march=a
rmv7-a -o
/usr/local/google/home/carrot/disk2/armobj1/gcc/testsuite/gcc/transpose-2.x01^M
28 PASS: gcc.dg/matrix/transpose-2.c compilation, -fprofile-generate -O3
-fno-tree-fre
29 spawn /usr/local/google/home/carrot/disk2/armobj1/sim/arm/run
/usr/local/google/home/carrot/disk2/armobj1/gcc/testsuite/gcc/transpose-2.x01^M
30 qemu: uncaught target signal 11 (Segmentation fault) - core dumped^M
31 FAIL: gcc.dg/matrix/transpose-2.c execution, -fprofile-generate -O3
-fno-tree-fre
32 UNRESOLVED: gcc.dg/matrix/transpose-2.c compilation, -fprofile-use
-fipa-matrix-reorg -fdump-ipa-matrix-reorg -O3 -fwhole-program -fno-tree-fre
33 UNRESOLVED: gcc.dg/matrix/transpose-2.c execution, -fprofile-use
-fipa-matrix-reorg -fdump-ipa-matrix-reorg -O3 -fwhole-program -fno-tree-fre
At the end of the thumb function _GLOBAL__sub_I_65535_0_main is a call to
another function __gcov_init, it has been optimized to a branch function,
781 .thumb
782 .thumb_func
783 .type _GLOBAL__sub_I_65535_0_main, %function
784 _GLOBAL__sub_I_65535_0_main:
785 @ args = 0, pretend = 0, frame = 0
786 @ frame_needed = 0, uses_anonymous_args = 0
787 @ link register save eliminated.
788 movw r0, #:lower16:.LANCHOR2
789 movt r0, #:upper16:.LANCHOR2
790 b __gcov_init
791 .size _GLOBAL__sub_I_65535_0_main, .-_GLOBAL__sub_I_65535_0_main
But the implementation of __gcov_init is actually in arm mode, after linking, I
get the following
915 00009388 <_GLOBAL__sub_I_65535_0_main>:
916 9388: f243 00ac movw r0, #12460 ; 0x30ac
917 938c: f2c0 0001 movt r0, #1 ; 0x1
918 9390: f001 bb30 b.w a9f4 <____gcov_init_from_thumb>
...
2469 0000a9f4 <____gcov_init_from_thumb>:
2470 a9f4: 0000 lsls r0, r0, #0
2471 ...
2472
2473 0000a9f8 <____gcov_init_change_to_arm>:
2474 a9f8: 00000000 andeq r0, r0, r0
2475
2476 0000a9fc <____wrap_abort_from_arm>:
2477 ...
2478
2479 Disassembly of section .fini:
2480
2481 0000aa04 <_fini>:
2482 aa04: e52de004 push {lr} ; (str lr, [sp,
#-4]!)
2483 aa08: e24dd004 sub sp, sp, #4 ; 0x4
2484 aa0c: e28dd004 add sp, sp, #4 ; 0x4
2485 aa10: e49de004 pop {lr} ; (ldr lr, [sp],
#4)
2486 aa14: e12fff1e bx lr
branch to __gcov_init has been changed to branch to ____gcov_init_from_thumb. I
guess ____gcov_init_from_thumb is used to change the arm/thumb mode and
transfer control to the real target. But obviously it failed to do so. The code
at ____gcov_init_from_thumb is meaningless, program will crash at there.
This case is a thumb function call arm function, the reverse may also occur. So
we can only do the tail call optimization when we are sure the caller and
callee are in the same arm/thumb mode.
This bug is in 4.6 branch too.
