[Bug sanitizer/65400] New: tsan mis-compiles inlineable C functions

Thu, 12 Mar 2015 04:17:31 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65400

            Bug ID: 65400
           Summary: tsan mis-compiles inlineable C functions
           Product: gcc
           Version: 5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: bernd.edlinger at hotmail dot de
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org

Created attachment 35018
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=35018&action=edit
stripped down test case

Hi,

I am not sure when this started, probably in february where I was
busy with other tasks, but current trunk miscompiles numerous
simple C functions if optimizations are enabled.  I isolated one example
in the OPC UA ANSI-C stack, and crated a small test case from it.

It mis-compiles with these set of options:

gcc -O2 -fsanitize=thread,undefined -c opcua_string.c

the problem is here:

00000000000004b0 <OpcUa_String_Clear>:
 4b0:   53                      push   %rbx
 4b1:   48 89 fb                mov    %rdi,%rbx
 4b4:   48 8b 7c 24 08          mov    0x8(%rsp),%rdi
 4b9:   e8 00 00 00 00          callq  4be <OpcUa_String_Clear+0xe>
                        4ba: R_X86_64_PC32      __tsan_func_entry-0x4
 4be:   48 85 db                test   %rbx,%rbx
 4c1:   74 1d                   je     4e0 <OpcUa_String_Clear+0x30>
 4c3:   48 89 df                mov    %rbx,%rdi
 4c6:   e8 00 00 00 00          callq  4cb <OpcUa_String_Clear+0x1b>
                        4c7: R_X86_64_PC32      __tsan_read1-0x4
 4cb:   80 3b 00                cmpb   $0x0,(%rbx)
 4ce:   75 10                   jne    4e0 <OpcUa_String_Clear+0x30>
 4d0:   48 89 df                mov    %rbx,%rdi
 4d3:   5b                      pop    %rbx
 4d4:   e9 27 fb ff ff          jmpq   0 <OpcUa_String_Clear.part.0>
 4d9:   0f 1f 80 00 00 00 00    nopl   0x0(%rax)
 4e0:   5b                      pop    %rbx
 4e1:   e9 00 00 00 00          jmpq   4e6 <OpcUa_String_Clear+0x36>
                        4e2: R_X86_64_PC32      __tsan_func_exit-0x4


a call to __tsan_func_exit is missing before jmpq <OpcUa_String_Clear.part.0>

note that OpcUa_String_Clear.part.0 also call __tsan_func_entry
thus the call stack is completely scrambled:

0000000000000000 <OpcUa_String_Clear.part.0>:
   0:   55                      push   %rbp
   1:   53                      push   %rbx
   2:   48 89 fb                mov    %rdi,%rbx
   5:   48 83 ec 08             sub    $0x8,%rsp
   9:   48 8b 7c 24 18          mov    0x18(%rsp),%rdi
   e:   e8 00 00 00 00          callq  13 <OpcUa_String_Clear.part.0+0x13>
                        f: R_X86_64_PC32        __tsan_func_entry-0x4


The with other optimization levels or without -fsanitize=undefined,
this example compiles correctly, but some other function start
to have problems.

Reply via email to