------- Comment #21 from zsojka at seznam dot cz 2010-05-02 13:45 -------
Created an attachment (id=20534)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=20534&action=view)
reduced testcase, from lto-section-out.c
Miscompiled function is lto-section-out.c:lto_output_fn_decl_index()
lto_output_fn_decl_index:
mov rax, rdi # decl_state, decl_state
lea rcx, [rsp-12] # tmp62,
mov rdi, rsi # obs, obs
lea rsi, [rax+48] # tmp63,
jmp lto_output_decl_index #
tmp62 is &index, but it is allocated under the stack pointer. Later, when
lto_output_decl_index() executes "*this_index = index;", it overwrites
registers stored on stack:
lto_output_decl_index:
... # r15 is saved:
mov QWORD PTR [rsp-8], r15 #,
... # saved r15 is overwritten:
mov DWORD PTR [r15], ebx # *this_index_24(D), index
... # wrong r15 is reloaded:
mov r15, QWORD PTR [rsp+80] #,
The testcase works only on x86_64, with command line:
$ gcc -O[2s] -fipa-pta pr43879-3.c
$ gcc -O1 -fipa-pta -foptimize-sibling-calls pr43879-3.c
$ ./a.out
Aborted
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43879
