https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98110
Bug ID: 98110
Summary: [11 Regression] dl-lookup.c in glibc is miscompiled by
r11-5029
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: critical
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: hjl.tools at gmail dot com
CC: jh at suse dot cz
Target Milestone: ---
Target: x86-64
Created attachment 49667
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=49667&action=edit
A testcase
On Linux/x86-64, r11-5029 miscompiled dl-lookup.c with
-O2 -std=gnu11 -fgnu89-inline -O2 -g -Wall -Wwrite-strings -Wundef -Werror
-fmerge-all-constants -frounding-math -fno-stack-protector -Wstrict-prototypes
-Wold-style-definition -fmath-errno -fPIC -fno-stack-protector -mno-mmx
-fexceptions -fasynchronous-unwind-tables -ftls-model=initial-exec
_dl_lookup_symbol_x:
.LVL199:
.LFB73:
.loc 1 835 1 view -0
.cfi_startproc
.loc 1 835 1 is_stmt 0 view .LVU632
pushq %r15
.cfi_def_cfa_offset 16
.cfi_offset 15, -16
pushq %r14
.cfi_def_cfa_offset 24
.cfi_offset 14, -24
pushq %r13
.cfi_def_cfa_offset 32
.cfi_offset 13, -32
pushq %r12
.cfi_def_cfa_offset 40
.cfi_offset 12, -40
movq %rdi, %r12
pushq %rbp
.cfi_def_cfa_offset 48
.cfi_offset 6, -48
movq %rdx, %rbp
pushq %rbx
.cfi_def_cfa_offset 56
.cfi_offset 3, -56
.LBB251:
.LBB252:
.LBB253:
.LBB254:
.LBB255:
.LBB256:
.loc 1 640 72 view .LVU633
#APP
# 640 "dl-lookup.c" 1
mov %fs:16,%rax
# 0 "" 2
#NO_APP
Source has
/* Make sure nobody can unload the object while we are at it. */
if (__glibc_unlikely (flags & DL_LOOKUP_GSCOPE_LOCK))
{
/* We can't just call __rtld_lock_lock_recursive (GL(dl_load_lock))
here, that can result in ABBA deadlock. */
THREAD_GSCOPE_RESET_FLAG ();
__rtld_lock_lock_recursive (GL(dl_load_lock));
/* While MAP value won't change, after THREAD_GSCOPE_RESET_FLAG ()
it can e.g. point to unallocated memory. So avoid the optimizer
treating the above read from MAP->l_serial as ensurance it
can safely dereference it. */
But the check is removed by GCC 11.
