[Bug c++/22260] New: -fPIC -fno-delayed-branch miscompiles MI this_adjusting thunks

[Bug c++/22260] New: -fPIC -fno-delayed-branch miscompiles MI this_adjusting thunks

[scp at predict dot com]

When compiling PIC code for the this-adjusting thunk for a method of a class
with two or more base classes, the sparc_output_mi_thunk() function fails to
preserve the pic register itself (%l7) when using load_pic_register() to find
the address of the thunk's target. If the thunk is invoked from a different load
object (with a different GOT) than the one in which the thunk is emitted, the
pic register %l7 of the caller of the thunk is clobbered, causing subsequent use
of the GOT in the caller to fail. In order to make the problem evident, the
source code file below is compiled into two modules, one a shared library which
contains the non-virtual thunk to the destructor of the MI class, and the other
one as the executable main which demonstrates that the pic register has changed
unexpectedly by the call to the destructor via a base class pointer.

% uname -a
SunOS mambo 5.8 Generic_117350-25 sun4u sparc SUNW,Sun-Blade-100

% cat bug.cpp
class B1
{
   public:
   virtual ~B1();
};

class B2
{
   public:
   virtual ~B2();
};

class MI : public B1, public B2
{
   public:
   virtual ~MI();
};

#ifdef LIB
int i = 0;

B1::~B1() {}

B2::~B2() {}

MI::~MI() {}
#endif

#ifdef MAIN
extern int i;

int main(int, char**)
{
   int* ip = &i;

   B2* b2 = new MI;

   delete b2;

   if (ip != &i) return 1;

   return 0;
}
#endif

% gcc -v -shared -fPIC -fno-delayed-branch -DLIB bug.cpp -o libbug.so
Reading specs from /usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/specs
Target: sparc-sun-solaris2.8
Configured with: ../gcc-4.0.0/configure --prefix=/usr/local/pkg/gcc-4.0.0
--enable-languages=c,c++ : (reconfigured) ../gcc-4.0.0/configure
--prefix=/usr/local/pkg/gcc-4.0.0
--with-gcc-version-trigger=/usr/local/src/gcc-4.0.0/gcc/version.c
--enable-languages=c,c++ --with-gnu-as
--with-as=/usr/local/pkg/binutils-2.16/bin/as --with-gnu-ld
--with-ld=/usr/local/pkg/binutils-2.16/bin/ld
Thread model: posix
gcc version 4.0.0
 /usr/local/pkg/gcc-4.0.0/libexec/gcc/sparc-sun-solaris2.8/4.0.0/cc1plus -quiet
-v -DLIB bug.cpp -quiet -dumpbase bug.cpp -mcpu=v7 -auxbase bug -version -fPIC
-fno-delayed-branch -o /var/tmp//ccsoPzrP.s
ignoring duplicate directory "/usr/local/pkg/gcc-4.0.0/include"
ignoring nonexistent directory
"/usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/../../../../sparc-sun-solaris2.8/include"
#include "..." search starts here:
#include <...> search starts here:
 /usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/../../../../include/c++/4.0.0
 /usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/../../../../include/c++/4.0.0/sparc-sun-solaris2.8
 /usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/../../../../include/c++/4.0.0/backward
 /usr/local/pkg/gcc-4.0.0/include
 /usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/include
 /usr/include
End of search list.
GNU C++ version 4.0.0 (sparc-sun-solaris2.8)
        compiled by GNU C version 4.0.0.
GGC heuristics: --param ggc-min-expand=82 --param ggc-min-heapsize=98304
 /usr/local/pkg/binutils-2.16/bin/as -V -Qy -s -K PIC -xarch=v8 -o
/var/tmp//ccOSt3MC.o /var/tmp//ccsoPzrP.s
GNU assembler version 2.16 (sparc-sun-solaris2.8) using BFD version 2.16
 /usr/local/pkg/gcc-4.0.0/libexec/gcc/sparc-sun-solaris2.8/4.0.0/collect2 -V -G
-dy -z text -Y P,/usr/ccs/lib:/usr/lib -rpath-link /usr/lib -Qy -o libbug.so
/usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/crti.o
/usr/ccs/lib/values-Xa.o
/usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/crtbegin.o
-L/usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0 -L/usr/ccs/bin
-L/usr/ccs/lib
-L/usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/../../..
/var/tmp//ccOSt3MC.o -lgcc_s -lgcc_s -R/usr/local/pkg/gcc-4.0.0/lib
/usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/crtend.o
/usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/crtn.o
GNU ld version 2.16
  Supported emulations:
   elf32_sparc
   elf64_sparc

% gcc -v -fPIC -fno-delayed-branch -DMAIN bug.cpp -L. -R. -lbug -lsupc++ -o bug
Reading specs from /usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/specs
Target: sparc-sun-solaris2.8
Configured with: ../gcc-4.0.0/configure --prefix=/usr/local/pkg/gcc-4.0.0
--enable-languages=c,c++ : (reconfigured) ../gcc-4.0.0/configure
--prefix=/usr/local/pkg/gcc-4.0.0
--with-gcc-version-trigger=/usr/local/src/gcc-4.0.0/gcc/version.c
--enable-languages=c,c++ --with-gnu-as
--with-as=/usr/local/pkg/binutils-2.16/bin/as --with-gnu-ld
--with-ld=/usr/local/pkg/binutils-2.16/bin/ld
Thread model: posix
gcc version 4.0.0
 /usr/local/pkg/gcc-4.0.0/libexec/gcc/sparc-sun-solaris2.8/4.0.0/cc1plus -quiet
-v -DMAIN bug.cpp -quiet -dumpbase bug.cpp -mcpu=v7 -auxbase bug -version -fPIC
-fno-delayed-branch -o /var/tmp//ccaIczQW.s
ignoring duplicate directory "/usr/local/pkg/gcc-4.0.0/include"
ignoring nonexistent directory
"/usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/../../../../sparc-sun-solaris2.8/include"
#include "..." search starts here:
#include <...> search starts here:
 /usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/../../../../include/c++/4.0.0
 /usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/../../../../include/c++/4.0.0/sparc-sun-solaris2.8
 /usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/../../../../include/c++/4.0.0/backward
 /usr/local/pkg/gcc-4.0.0/include
 /usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/include
 /usr/include
End of search list.
GNU C++ version 4.0.0 (sparc-sun-solaris2.8)
        compiled by GNU C version 4.0.0.
GGC heuristics: --param ggc-min-expand=82 --param ggc-min-heapsize=98304
 /usr/local/pkg/binutils-2.16/bin/as -V -Qy -s -K PIC -xarch=v8 -o
/var/tmp//ccwjroiT.o /var/tmp//ccaIczQW.s
GNU assembler version 2.16 (sparc-sun-solaris2.8) using BFD version 2.16
 /usr/local/pkg/gcc-4.0.0/libexec/gcc/sparc-sun-solaris2.8/4.0.0/collect2 -V -R.
-Y P,/usr/ccs/lib:/usr/lib -rpath-link /usr/lib -Qy -o bug
/usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/crt1.o
/usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/crti.o
/usr/ccs/lib/values-Xa.o
/usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/crtbegin.o -L.
-L/usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0 -L/usr/ccs/bin
-L/usr/ccs/lib
-L/usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/../../..
/var/tmp//ccwjroiT.o -lbug -lsupc++ -lgcc -lgcc_eh -lc -lgcc -lgcc_eh -lc
-R/usr/local/pkg/gcc-4.0.0/lib
/usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/crtend.o
/usr/local/pkg/gcc-4.0.0/lib/gcc/sparc-sun-solaris2.8/4.0.0/crtn.o
GNU ld version 2.16
  Supported emulations:
   elf32_sparc
   elf64_sparc

% ./bug || echo bad
bad

As shown by the execution of the program above, the apparent address of global
variable 'i' has changed after the destructor is invoked via the thunk. In
non-trivial use, a segv or other nasty is more likely to occur when the wrong
GOT is indexed.

The problem is easily worked around by specifying -fdelayed-branch (or using an
optimization level which does so implicitly) in which case the normal sibcall
instruction sequence is generated.

The problem appears to be that in sparc_output_mi_thunk(), the following code
sequence for a no delayed branch pic thunk protects %o7 (which is clobbered by
the call to the pic helper), but fails to protect the pic register %l7 itself
which is obviously altered by the pic helper. Since the register window has not
been saved at this point, %l7 will be left altered upon the eventual return to
the caller of the thunk. Looks like the code should protect (and restore before
the jump) both %o7 and %l7.

      /* The hoops we have to jump through in order to generate a sibcall
	 without using delay slots...  */
      rtx spill_reg, seq, scratch = gen_rtx_REG (Pmode, 1);

      if (flag_pic)
        {
	  spill_reg = gen_rtx_REG (word_mode, 15);  /* %o7 */
	  start_sequence ();
	  /* Delay emitting the PIC helper function because it needs to
	     change the section and we are emitting assembly code.  */
	  load_pic_register (true);  /* clobbers %o7 */
	  scratch = legitimize_pic_address (funexp, Pmode, scratch);
	  seq = get_insns ();
	  end_sequence ();
	  emit_and_preserve (seq, spill_reg);
	}

-- 
           Summary: -fPIC -fno-delayed-branch miscompiles MI this_adjusting
                    thunks
           Product: gcc
           Version: 4.0.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: c++
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: scp at predict dot com
                CC: gcc-bugs at gcc dot gnu dot org
 GCC build triplet: 4.0.0
  GCC host triplet: sparc-sun-solaris2.8
GCC target triplet: sparc-sun-solaris2.8


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22260

[Bug target/22260] -fPIC -fno-delayed-branch miscompiles MI this_adjusting thunks

[pinskia at gcc dot gnu dot org]

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|c++                         |target
           Keywords|                            |wrong-code


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22260

[Bug target/22260] -fPIC -fno-delayed-branch miscompiles MI this_adjusting thunks

[ebotcazou at gcc dot gnu dot org]

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ebotcazou at gcc dot gnu dot
                   |                            |org


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22260

[Bug target/22260] -fPIC -fno-delayed-branch miscompiles MI this_adjusting thunks

[ebotcazou at gcc dot gnu dot org]

------- Additional Comments From ebotcazou at gcc dot gnu dot org  2005-06-30 23:15 -------
Thanks for the very detailed bug report.  Embarassing thinko...


-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever Confirmed|                            |1
   Last reconfirmed|0000-00-00 00:00:00         |2005-06-30 23:15:21
               date|                            |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22260

[Bug target/22260] -fPIC -fno-delayed-branch miscompiles MI this_adjusting thunks

[ebotcazou at gcc dot gnu dot org]

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|ebotcazou at gcc dot gnu dot|
                   |org                         |
         AssignedTo|unassigned at gcc dot gnu   |ebotcazou at gcc dot gnu dot
                   |dot org                     |org
             Status|NEW                         |ASSIGNED
   Last reconfirmed|2005-06-30 23:15:21         |2005-06-30 23:15:43
               date|                            |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22260

[Bug target/22260] -fPIC -fno-delayed-branch miscompiles MI this_adjusting thunks

[cvs-commit at gcc dot gnu dot org]

------- Additional Comments From cvs-commit at gcc dot gnu dot org  2005-07-01 00:15 -------
Subject: Bug 22260

CVSROOT:	/cvs/gcc
Module name:	gcc
Changes by:	ebotcazou@gcc.gnu.org	2005-07-01 00:15:04

Modified files:
	gcc            : ChangeLog 
	gcc/config/sparc: sparc.c 

Log message:
	PR target/22260
	* config/sparc/sparc.c (emit_and_preserve): Add 2nd register.
	Preserve the 2nd register too, if present.
	(sparc_output_mi_thunk) <PIC case>: Preserve the PIC register too.
	Adjust call to emit_and_preserve.

Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/ChangeLog.diff?cvsroot=gcc&r1=2.9302&r2=2.9303
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/config/sparc/sparc.c.diff?cvsroot=gcc&r1=1.379&r2=1.380



-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22260

[Bug target/22260] -fPIC -fno-delayed-branch miscompiles MI this_adjusting thunks

[cvs-commit at gcc dot gnu dot org]

------- Additional Comments From cvs-commit at gcc dot gnu dot org  2005-07-01 00:17 -------
Subject: Bug 22260

CVSROOT:	/cvs/gcc
Module name:	gcc
Branch: 	gcc-4_0-branch
Changes by:	ebotcazou@gcc.gnu.org	2005-07-01 00:17:33

Modified files:
	gcc            : ChangeLog 
	gcc/config/sparc: sparc.c 

Log message:
	PR target/22260
	* config/sparc/sparc.c (emit_and_preserve): Add 2nd register.
	Preserve the 2nd register too, if present.
	(sparc_output_mi_thunk) <PIC case>: Preserve the PIC register too.
	Adjust call to emit_and_preserve.

Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-4_0-branch&r1=2.7592.2.293&r2=2.7592.2.294
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/config/sparc/sparc.c.diff?cvsroot=gcc&only_with_tag=gcc-4_0-branch&r1=1.354.8.5&r2=1.354.8.6



-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22260

[Bug target/22260] -fPIC -fno-delayed-branch miscompiles MI this_adjusting thunks

[ebotcazou at gcc dot gnu dot org]

------- Additional Comments From ebotcazou at gcc dot gnu dot org  2005-07-01 00:23 -------
Fixed in upcoming 4.0.1.


-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|                            |http://gcc.gnu.org/ml/gcc-
                   |                            |patches/2005-
                   |                            |07/msg00000.html
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED
   Target Milestone|---                         |4.0.1


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22260