https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67037
Bug ID: 67037
Summary: [4.9 Regression] Wrong code at -O1 and above on ARM
Product: gcc
Version: 4.9.3
Status: UNCONFIRMED
Keywords: wrong-code
Severity: normal
Priority: P3
Component: rtl-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: notasas at gmail dot com
Target Milestone: ---
Target: arm-unknown-linux-gnueabi, arm-linux-gnueabihf
Created attachment 36076
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=36076&action=edit
testcase
The reduced testcase (based on "real" code from wine sources) crashes:
notaz@evm:/tmp/t$ cc -Wall -O0 testcase.c && ./a.out
notaz@evm:/tmp/t$ cc -Wall -O1 testcase.c && ./a.out
Segmentation fault
notaz@evm:/tmp/t$ cc -Wall -O2 testcase.c && ./a.out
Segmentation fault
notaz@evm:/tmp/t$ cc -Wall -Os testcase.c && ./a.out
notaz@evm:/tmp/t$ cc -Wall -O1 testcase.c -mcpu=arm920t -marm && ./a.out
Segmentation fault
notaz@evm:/tmp/t$ cc -Wall -O1 testcase.c -mcpu=cortex-a15 && ./a.out
Segmentation fault
gcc 4.7.2 and 4.8.2 seem to be ok.
It looks like this chunk
while ((count > 1) && *s)
{
count--;
*d++ = *s++;
}
is compiled to
add r3, sp, #5312
add r3, r3, #52
ldr r3, [r3] @ count
cmp r3, #1
bls .L6
movw r2, #:lower16:.LANCHOR0
mov r3, #78
movt r2, #:upper16:.LANCHOR0
b .L8
.L18:
ldrh r3, [r2, #2]!
cmp r3, #0
beq .L9
.L8:
add r1, sp, #5312
add r1, r1, #52
ldr r0, [r1]
sub r0, r0, #1
str r0, [r1]
ldr r1, [r3] @ <-- crash
cmp r0, #1
strh r3, [r1], #2 @ movhi
add r3, sp, #5312
add r3, r3, #48
str r1, [r3]
bne .L18
.L9:
so it thinks r3 contains pointer to count, even though it loaded *s there?
The conditions for this bug seem to be large stack frame that load/store
offsets can't reach and enough register pressure.
