public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c++/16568] New: 3.5: wrong code for conditional in initializer
@ 2004-07-15 16:12 gcc-bugzilla at gcc dot gnu dot org
2004-07-15 17:06 ` [Bug c++/16568] [3.5 regression] " bangerth at dealii dot org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: gcc-bugzilla at gcc dot gnu dot org @ 2004-07-15 16:12 UTC (permalink / raw)
To: gcc-bugs
In the example below, the C constructor is miscompiled.
I compile like this:
$ g++ -S x.cc
Here is the generated code for the constructor (eliding labels used for EH):
_ZN1CC2EP4ystr:
pushl %ebp
movl %esp, %ebp
subl $24, %esp
cmpl $0, 12(%ebp)
jne .L2
movl 8(%ebp), %eax
movl %eax, -4(%ebp)
movl $0, 4(%esp)
movl -4(%ebp), %eax
movl %eax, (%esp)
call _ZN4ystrC1Ei ; ystr::ystr[in-charge](int)
jmp .L1
.L2:
movl 12(%ebp), %eax
movl %eax, 4(%esp)
movl -4(%ebp), %eax ; !!! read of uninitialized memory
movl %eax, (%esp)
call _ZN4ystrC1ERKS_ ; ystr::ystr[in-charge](ystr const&)
.L1:
leave
ret
In the case that the jne to .L2 is taken, we reference the value
at -4(%ebp). However, this location is only initialized in the
other branch of the conditional. Thus, we end up passing an invalid
pointer as the this argument of the constructor.
This problem is seen already in the -original tree dump:
;; Function C::C(ystr*) (_ZN1CC2EP4ystr)
;; enabled by -tree-original
{
struct ystr * this.0;
if (value == 0B)
{
this.0 = (struct ystr *)this;
__comp_ctor (this.0, 0);
}
else
{
__comp_ctor (this.0, value);
}
}
Environment:
System: Linux karma 2.6.7 #18 Wed Jul 14 03:27:01 EDT 2004 i686 i686 i386 GNU/Linux
Architecture: i686
<machine, os, target, libraries (multiple lines)>
host: i686-pc-linux-gnu
build: i686-pc-linux-gnu
target: i686-pc-linux-gnu
configured with: /home/sss/gcc/gcc/configure --prefix=/usr/local/gcc --enable-threads=posix --enable-long-long --enable-languages=c,c++,f95
How-To-Repeat:
-------------------------------------
struct ystr {
ystr (int);
ystr (const ystr&);
};
struct C
{
C(ystr* value);
ystr _object;
};
C::C(ystr* value)
: _object(value == 0 ? 0 : *value)
{
}
-------------------------------------
------- Additional Comments From snyder at fnal dot gov 2004-07-15 16:11 -------
Fix:
<how to correct or work around the problem, if known (multiple lines)>
--
Summary: 3.5: wrong code for conditional in initializer
Product: gcc
Version: 3.5.0
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: c++
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: snyder at fnal dot gov
CC: gcc-bugs at gcc dot gnu dot org
GCC build triplet: i686-pc-linux-gnu
GCC host triplet: i686-pc-linux-gnu
GCC target triplet: i686-pc-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=16568
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c++/16568] 3.5: wrong code for conditional in initializer
2004-07-15 16:12 [Bug c++/16568] New: 3.5: wrong code for conditional in initializer gcc-bugzilla at gcc dot gnu dot org
2004-07-15 17:06 ` [Bug c++/16568] [3.5 regression] " bangerth at dealii dot org
@ 2004-07-15 17:06 ` bangerth at dealii dot org
2004-07-15 17:21 ` [Bug c++/16568] [3.5 regression] " bangerth at dealii dot org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: bangerth at dealii dot org @ 2004-07-15 17:06 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From bangerth at dealii dot org 2004-07-15 17:06 -------
Confirmed, a regression on mainline. No optimization is needed.
W.
--
What |Removed |Added
----------------------------------------------------------------------------
Known to fail| |3.5.0
Known to work| |3.4.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=16568
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c++/16568] [3.5 regression] wrong code for conditional in initializer
2004-07-15 16:12 [Bug c++/16568] New: 3.5: wrong code for conditional in initializer gcc-bugzilla at gcc dot gnu dot org
@ 2004-07-15 17:06 ` bangerth at dealii dot org
2004-07-15 17:06 ` [Bug c++/16568] 3.5: " bangerth at dealii dot org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: bangerth at dealii dot org @ 2004-07-15 17:06 UTC (permalink / raw)
To: gcc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever Confirmed| |1
Keywords| |wrong-code
Last reconfirmed|0000-00-00 00:00:00 |2004-07-15 17:06:36
date| |
Summary|3.5: wrong code for |[3.5 regression] wrong code
|conditional in initializer |for conditional in
| |initializer
Target Milestone|--- |3.5.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=16568
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c++/16568] [3.5 regression] wrong code for conditional in initializer
2004-07-15 16:12 [Bug c++/16568] New: 3.5: wrong code for conditional in initializer gcc-bugzilla at gcc dot gnu dot org
2004-07-15 17:06 ` [Bug c++/16568] [3.5 regression] " bangerth at dealii dot org
2004-07-15 17:06 ` [Bug c++/16568] 3.5: " bangerth at dealii dot org
@ 2004-07-15 17:21 ` bangerth at dealii dot org
2004-07-15 17:40 ` snyder at fnal dot gov
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: bangerth at dealii dot org @ 2004-07-15 17:21 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From bangerth at dealii dot org 2004-07-15 17:21 -------
Hm, I tried to construct a testcase where this uninitialized value
would actually do harm. So I tried this:
------------------
void show_address (const void *);
struct ystr {
ystr (int) {};
ystr (const ystr& y) { show_address(this); show_address(&y); };
};
struct C
{
C(ystr* value);
ystr _object;
};
C::C(ystr* value)
: _object(value == 0 ? 0 : *value)
{
}
------------------------
C::C is compiled to the same as before, i.e. we end up with an
uninitialize value in (%esp). But then, this is ystr::ystr (const ystr&):
------------------------
_ZN4ystrC1ERKS_:
pushl %ebp
movl %esp, %ebp
subl $8, %esp
movl 8(%ebp), %eax
movl %eax, (%esp)
call _Z12show_addressPKv
movl 12(%ebp), %eax
movl %eax, (%esp)
call _Z12show_addressPKv
leave
ret
---------------
Whatever used to be in %(esp) isn't used here at all, i.e. both
the addresses of the argument as well as of *this are unaffected.
Or do I miss something? Do you have a testcase where the uninitializedness
actually hurts you?
W.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=16568
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c++/16568] [3.5 regression] wrong code for conditional in initializer
2004-07-15 16:12 [Bug c++/16568] New: 3.5: wrong code for conditional in initializer gcc-bugzilla at gcc dot gnu dot org
` (2 preceding siblings ...)
2004-07-15 17:21 ` [Bug c++/16568] [3.5 regression] " bangerth at dealii dot org
@ 2004-07-15 17:40 ` snyder at fnal dot gov
2004-07-15 18:09 ` bangerth at dealii dot org
2004-07-15 18:55 ` pinskia at gcc dot gnu dot org
5 siblings, 0 replies; 7+ messages in thread
From: snyder at fnal dot gov @ 2004-07-15 17:40 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From snyder at fnal dot gov 2004-07-15 17:40 -------
Subject: Re: [3.5 regression] wrong code for conditional in initializer
> pushl %ebp
> movl %esp, %ebp
> subl $8, %esp
> movl 8(%ebp), %eax
> movl %eax, (%esp)
> call _Z12show_addressPKv
>Whatever used to be in %(esp) isn't used here at all, i.e. both
>the addresses of the argument as well as of *this are unaffected.
Sure it is. After the call and push of bp, it's at bp+8 --- which
is what we read for the call to show_address.
Here's a complete program that shows this.
When i compile and run this, it prints `0', then segfaults.
------------------------------------------------
extern "C" int printf (...);
struct ystr {
ystr (int) {}
ystr (const ystr&) { printf ("%x\n", this); x = 0;}
int x;
};
struct C
{
C(ystr* value);
ystr _object;
};
C::C(ystr* value)
: _object(value == 0 ? 0 : *value)
{
}
int main() {
ystr y (0);
C c (&y);
return 0;
}
------------------------------------------------
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=16568
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c++/16568] [3.5 regression] wrong code for conditional in initializer
2004-07-15 16:12 [Bug c++/16568] New: 3.5: wrong code for conditional in initializer gcc-bugzilla at gcc dot gnu dot org
` (3 preceding siblings ...)
2004-07-15 17:40 ` snyder at fnal dot gov
@ 2004-07-15 18:09 ` bangerth at dealii dot org
2004-07-15 18:55 ` pinskia at gcc dot gnu dot org
5 siblings, 0 replies; 7+ messages in thread
From: bangerth at dealii dot org @ 2004-07-15 18:09 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From bangerth at dealii dot org 2004-07-15 18:09 -------
Hm, it doesn't segfault for me, but the address (0x40016f18) is still
clear bogus (with 3.4 I get 0xbfffea80).
As for the change in ebp -- I missed the call and push changes to esp
and was only looking for adds and subs. Seems my assembler times are
too long gone already, thanks for correcting me :-(
W.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=16568
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c++/16568] [3.5 regression] wrong code for conditional in initializer
2004-07-15 16:12 [Bug c++/16568] New: 3.5: wrong code for conditional in initializer gcc-bugzilla at gcc dot gnu dot org
` (4 preceding siblings ...)
2004-07-15 18:09 ` bangerth at dealii dot org
@ 2004-07-15 18:55 ` pinskia at gcc dot gnu dot org
5 siblings, 0 replies; 7+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2004-07-15 18:55 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2004-07-15 18:55 -------
*** This bug has been marked as a duplicate of 16277 ***
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |DUPLICATE
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=16568
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2004-07-15 18:55 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-07-15 16:12 [Bug c++/16568] New: 3.5: wrong code for conditional in initializer gcc-bugzilla at gcc dot gnu dot org
2004-07-15 17:06 ` [Bug c++/16568] [3.5 regression] " bangerth at dealii dot org
2004-07-15 17:06 ` [Bug c++/16568] 3.5: " bangerth at dealii dot org
2004-07-15 17:21 ` [Bug c++/16568] [3.5 regression] " bangerth at dealii dot org
2004-07-15 17:40 ` snyder at fnal dot gov
2004-07-15 18:09 ` bangerth at dealii dot org
2004-07-15 18:55 ` pinskia at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).