https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77966
Bug ID: 77966 Summary: Corrupt function with -fsanitize-coverage=trace-pc Product: gcc Version: 6.2.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: jpoimboe at redhat dot com Target Milestone: --- In the Linux kernel, we found another case (other than bug 70646) where a couple of functions are getting corrupted. Arnd Bergmann reduced it down to a simple test case, and I've reduced it slightly further: $ cat test.c typedef int spinlock_t; extern unsigned int ioread32(void *); struct vnic_wq_ctrl { unsigned int error_status; }; struct vnic_wq { struct vnic_wq_ctrl *ctrl; } mempool_t; struct snic { unsigned int wq_count; __attribute__ ((__aligned__)) struct vnic_wq wq[1]; spinlock_t wq_lock[1]; }; unsigned int snic_log_q_error_err_status; void snic_log_q_error(struct snic *snic) { unsigned int i; for (i = 0; i < snic->wq_count; i++) snic_log_q_error_err_status = ioread32(&snic->wq[i].ctrl->error_status); } $ gcc -O2 -fno-reorder-blocks -fsanitize-coverage=trace-pc -c test.c -o test.o $ objdump -dr test.o test.o: file format elf64-x86-64 Disassembly of section .text: 0000000000000000 <snic_log_q_error>: 0: 53 push %rbx 1: 48 89 fb mov %rdi,%rbx 4: e8 00 00 00 00 callq 9 <snic_log_q_error+0x9> 5: R_X86_64_PC32 __sanitizer_cov_trace_pc-0x4 9: 8b 03 mov (%rbx),%eax b: 85 c0 test %eax,%eax d: 75 09 jne 18 <snic_log_q_error+0x18> f: 5b pop %rbx 10: e9 00 00 00 00 jmpq 15 <snic_log_q_error+0x15> 11: R_X86_64_PC32 __sanitizer_cov_trace_pc-0x4 15: 0f 1f 00 nopl (%rax) 18: e8 00 00 00 00 callq 1d <snic_log_q_error+0x1d> 19: R_X86_64_PC32 __sanitizer_cov_trace_pc-0x4 1d: 48 8b 7b 10 mov 0x10(%rbx),%rdi 21: e8 00 00 00 00 callq 26 <snic_log_q_error+0x26> 22: R_X86_64_PC32 ioread32-0x4 26: 83 3b 01 cmpl $0x1,(%rbx) 29: 89 05 00 00 00 00 mov %eax,0x0(%rip) # 2f <snic_log_q_error+0x2f> 2b: R_X86_64_PC32 snic_log_q_error_err_status-0x4 2f: 76 de jbe f <snic_log_q_error+0xf> 31: e8 00 00 00 00 callq 36 <snic_log_q_error+0x36> 32: R_X86_64_PC32 __sanitizer_cov_trace_pc-0x4 Notice how the function ends unexpectedly after the last call to __sanitizer_cov_trace_pc(). $ gcc -v Using built-in specs. COLLECT_GCC=/usr/bin/gcc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/6.2.1/lto-wrapper Target: x86_64-redhat-linux Configured with: ../configure --enable-bootstrap --enable-languages=c,c++,objc,obj-c++,fortran,ada,go,lto --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared --enable-threads=posix --enable-checking=release --enable-multilib --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-linker-hash-style=gnu --enable-plugin --enable-initfini-array --disable-libgcj --with-isl --enable-libmpx --enable-gnu-indirect-function --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux Thread model: posix gcc version 6.2.1 20160916 (Red Hat 6.2.1-2) (GCC)