https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77966
Bug ID: 77966
Summary: Corrupt function with -fsanitize-coverage=trace-pc
Product: gcc
Version: 6.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: jpoimboe at redhat dot com
Target Milestone: ---
In the Linux kernel, we found another case (other than bug 70646) where a
couple of functions are getting corrupted. Arnd Bergmann reduced it down to a
simple test case, and I've reduced it slightly further:
$ cat test.c
typedef int spinlock_t;
extern unsigned int ioread32(void *);
struct vnic_wq_ctrl {
unsigned int error_status;
};
struct vnic_wq {
struct vnic_wq_ctrl *ctrl;
} mempool_t;
struct snic {
unsigned int wq_count;
__attribute__ ((__aligned__)) struct vnic_wq wq[1];
spinlock_t wq_lock[1];
};
unsigned int snic_log_q_error_err_status;
void snic_log_q_error(struct snic *snic)
{
unsigned int i;
for (i = 0; i < snic->wq_count; i++)
snic_log_q_error_err_status =
ioread32(&snic->wq[i].ctrl->error_status);
}
$ gcc -O2 -fno-reorder-blocks -fsanitize-coverage=trace-pc -c test.c -o test.o
$ objdump -dr test.o
test.o: file format elf64-x86-64
Disassembly of section .text:
0000000000000000 <snic_log_q_error>:
0: 53 push %rbx
1: 48 89 fb mov %rdi,%rbx
4: e8 00 00 00 00 callq 9 <snic_log_q_error+0x9>
5: R_X86_64_PC32 __sanitizer_cov_trace_pc-0x4
9: 8b 03 mov (%rbx),%eax
b: 85 c0 test %eax,%eax
d: 75 09 jne 18 <snic_log_q_error+0x18>
f: 5b pop %rbx
10: e9 00 00 00 00 jmpq 15 <snic_log_q_error+0x15>
11: R_X86_64_PC32 __sanitizer_cov_trace_pc-0x4
15: 0f 1f 00 nopl (%rax)
18: e8 00 00 00 00 callq 1d <snic_log_q_error+0x1d>
19: R_X86_64_PC32 __sanitizer_cov_trace_pc-0x4
1d: 48 8b 7b 10 mov 0x10(%rbx),%rdi
21: e8 00 00 00 00 callq 26 <snic_log_q_error+0x26>
22: R_X86_64_PC32 ioread32-0x4
26: 83 3b 01 cmpl $0x1,(%rbx)
29: 89 05 00 00 00 00 mov %eax,0x0(%rip) # 2f
<snic_log_q_error+0x2f>
2b: R_X86_64_PC32 snic_log_q_error_err_status-0x4
2f: 76 de jbe f <snic_log_q_error+0xf>
31: e8 00 00 00 00 callq 36 <snic_log_q_error+0x36>
32: R_X86_64_PC32 __sanitizer_cov_trace_pc-0x4
Notice how the function ends unexpectedly after the last call to
__sanitizer_cov_trace_pc().
$ gcc -v
Using built-in specs.
COLLECT_GCC=/usr/bin/gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/6.2.1/lto-wrapper
Target: x86_64-redhat-linux
Configured with: ../configure --enable-bootstrap
--enable-languages=c,c++,objc,obj-c++,fortran,ada,go,lto --prefix=/usr
--mandir=/usr/share/man --infodir=/usr/share/info
--with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared
--enable-threads=posix --enable-checking=release --enable-multilib
--with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions
--enable-gnu-unique-object --enable-linker-build-id
--with-linker-hash-style=gnu --enable-plugin --enable-initfini-array
--disable-libgcj --with-isl --enable-libmpx --enable-gnu-indirect-function
--with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
Thread model: posix
gcc version 6.2.1 20160916 (Red Hat 6.2.1-2) (GCC)
