public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/27192] New: call through function pointer goes to wrong address
@ 2006-04-18 5:32 regehr at cs dot utah dot edu
2007-03-30 18:55 ` [Bug target/27192] " eweddington at cso dot atmel dot com
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: regehr at cs dot utah dot edu @ 2006-04-18 5:32 UTC (permalink / raw)
To: gcc-bugs
The program below confuses gcc in such a way that it generates code loading the
byte-address of bar() into the Z register, which causes icall to jump off to
neverneverland. Rather, the double-byte address of bar() should be loaded into
Z before the indirect call.
This bug is also present in gcc 4.0.3 and 3.4.3.
avr-gcc -v gives:
Target: avr
Configured with: ../gcc-4.1.0/configure --prefix=/home/regehr/gcc-4.1.0-avr-bin
--disable-libssp --disable-nls --target=avr
Thread model: single
gcc version 4.1.0
Compile with:
avr-gcc -Os -Wall shifty.c -o shifty.elf
Program:
struct fseqp_void
{
void (*p) (void);
char *e;
};
struct fseqp_void c[2];
void bar (void)
{
}
void foo (void)
{
int i;
for (i=0; i<32; i++);
}
int main (void)
{
c[0].e = (char *)bar + 2;
c[0].p = bar;
foo ();
struct fseqp_void x = c[0];
void (*start) (void) = x.p;
(*start)();
return 0;
}
--
Summary: call through function pointer goes to wrong address
Product: gcc
Version: 4.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: regehr at cs dot utah dot edu
GCC host triplet: i686-linux-gnu
GCC target triplet: avr
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=27192
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/27192] call through function pointer goes to wrong address
2006-04-18 5:32 [Bug c/27192] New: call through function pointer goes to wrong address regehr at cs dot utah dot edu
@ 2007-03-30 18:55 ` eweddington at cso dot atmel dot com
2007-04-03 23:24 ` eweddington at cso dot atmel dot com
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: eweddington at cso dot atmel dot com @ 2007-03-30 18:55 UTC (permalink / raw)
To: gcc-bugs
------- Comment #1 from eweddington at cso dot atmel dot com 2007-03-30 19:55 -------
Dr. John,
Can you provide additional information:
- What AVR processor was this compiled for? You don't have the required -mmcu=
flag in your command line.
- Can you provide a disassembly listing showing the problem?
I don't necessarily see the problem with my 4.1.1 compiler, -mmcu=atmega128.
Maybe I'm just dense.
Eric
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=27192
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/27192] call through function pointer goes to wrong address
2006-04-18 5:32 [Bug c/27192] New: call through function pointer goes to wrong address regehr at cs dot utah dot edu
2007-03-30 18:55 ` [Bug target/27192] " eweddington at cso dot atmel dot com
@ 2007-04-03 23:24 ` eweddington at cso dot atmel dot com
2007-04-03 23:25 ` eweddington at cso dot atmel dot com
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: eweddington at cso dot atmel dot com @ 2007-04-03 23:24 UTC (permalink / raw)
To: gcc-bugs
------- Comment #2 from eweddington at cso dot atmel dot com 2007-04-04 00:24 -------
Created an attachment (id=13324)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=13324&action=view)
Pre-processed testcase.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=27192
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/27192] call through function pointer goes to wrong address
2006-04-18 5:32 [Bug c/27192] New: call through function pointer goes to wrong address regehr at cs dot utah dot edu
2007-03-30 18:55 ` [Bug target/27192] " eweddington at cso dot atmel dot com
2007-04-03 23:24 ` eweddington at cso dot atmel dot com
@ 2007-04-03 23:25 ` eweddington at cso dot atmel dot com
2007-04-03 23:38 ` eweddington at cso dot atmel dot com
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: eweddington at cso dot atmel dot com @ 2007-04-03 23:25 UTC (permalink / raw)
To: gcc-bugs
------- Comment #3 from eweddington at cso dot atmel dot com 2007-04-04 00:25 -------
Created an attachment (id=13325)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=13325&action=view)
Disassembly of the shifty3.i test case.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=27192
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/27192] call through function pointer goes to wrong address
2006-04-18 5:32 [Bug c/27192] New: call through function pointer goes to wrong address regehr at cs dot utah dot edu
` (2 preceding siblings ...)
2007-04-03 23:25 ` eweddington at cso dot atmel dot com
@ 2007-04-03 23:38 ` eweddington at cso dot atmel dot com
2007-04-09 20:17 ` eweddington at cso dot atmel dot com
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: eweddington at cso dot atmel dot com @ 2007-04-03 23:38 UTC (permalink / raw)
To: gcc-bugs
------- Comment #4 from eweddington at cso dot atmel dot com 2007-04-04 00:38 -------
Confirmed bug.
shifty3.i is a test case showing the problem. Compiled with avr-gcc 4.1.2,
with:
avr-gcc -Os shifty.c -o shifty.o
shifty3.dis is a disassembly of shifty.o (with avr-objdump -d shifty.o).
The problem is exhibited here:
0000005a <main>:
5a: 89 e2 ldi r24, 0x29 ; 41
5c: 90 e0 ldi r25, 0x00 ; 0
5e: 90 93 61 00 sts 0x0061, r25
62: 80 93 60 00 sts 0x0060, r24
66: 82 e5 ldi r24, 0x52 ; 82
68: 92 e0 ldi r25, 0x02 ; 2
6a: 90 93 64 00 sts 0x0064, r25
6e: 80 93 63 00 sts 0x0063, r24
72: e0 91 60 00 lds r30, 0x0060
76: f0 91 61 00 lds r31, 0x0061
7a: 09 95 icall
7c: e0 91 63 00 lds r30, 0x0063
80: f0 91 64 00 lds r31, 0x0064
84: 09 95 icall
The correct word address of the function foo is taken and stored (address 5a to
62), but then the *byte* address of the function foo is taken, and an offset
added, and stored (address 66 to 6e). The following indirect call (address 7c
to 84) is then incorrect. The PC has to be a *word* address.
Adding a fixed offset to a function pointer, and then doing an indirect call,
is valid in an AVR application as it is possible to copy or place functions at
fixed offsets like this.
Please mark this bug as NEW.
Known to fail: 4.1.1, 4.1.2
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=27192
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/27192] call through function pointer goes to wrong address
2006-04-18 5:32 [Bug c/27192] New: call through function pointer goes to wrong address regehr at cs dot utah dot edu
` (3 preceding siblings ...)
2007-04-03 23:38 ` eweddington at cso dot atmel dot com
@ 2007-04-09 20:17 ` eweddington at cso dot atmel dot com
2007-05-30 19:23 ` eweddington at cso dot atmel dot com
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: eweddington at cso dot atmel dot com @ 2007-04-09 20:17 UTC (permalink / raw)
To: gcc-bugs
--
eweddington at cso dot atmel dot com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever Confirmed|0 |1
Known to fail| |4.1.0 4.1.1 4.1.2
Last reconfirmed|0000-00-00 00:00:00 |2007-04-09 21:17:42
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=27192
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/27192] call through function pointer goes to wrong address
2006-04-18 5:32 [Bug c/27192] New: call through function pointer goes to wrong address regehr at cs dot utah dot edu
` (4 preceding siblings ...)
2007-04-09 20:17 ` eweddington at cso dot atmel dot com
@ 2007-05-30 19:23 ` eweddington at cso dot atmel dot com
2008-01-20 20:18 ` wvangulik at xs4all dot nl
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: eweddington at cso dot atmel dot com @ 2007-05-30 19:23 UTC (permalink / raw)
To: gcc-bugs
------- Comment #5 from eweddington at cso dot atmel dot com 2007-05-30 19:23 -------
Bug still present in 4.2.0, and 4.3-20070525.
To test bug (fixed from last comment):
avr-gcc -Os shifty3.i -o shifty3.o
avr-objdump -d shifty3.o > shifty3.dis
Compare output.
--
eweddington at cso dot atmel dot com changed:
What |Removed |Added
----------------------------------------------------------------------------
Known to fail|4.1.0 4.1.1 4.1.2 |4.1.0 4.1.1 4.1.2 4.2.0
Last reconfirmed|2007-04-09 21:17:42 |2007-05-30 19:23:35
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=27192
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/27192] call through function pointer goes to wrong address
2006-04-18 5:32 [Bug c/27192] New: call through function pointer goes to wrong address regehr at cs dot utah dot edu
` (5 preceding siblings ...)
2007-05-30 19:23 ` eweddington at cso dot atmel dot com
@ 2008-01-20 20:18 ` wvangulik at xs4all dot nl
2009-12-24 20:01 ` hutchinsonandy at gcc dot gnu dot org
2009-12-29 21:25 ` eric dot weddington at atmel dot com
8 siblings, 0 replies; 10+ messages in thread
From: wvangulik at xs4all dot nl @ 2008-01-20 20:18 UTC (permalink / raw)
To: gcc-bugs
------- Comment #6 from wvangulik at xs4all dot nl 2008-01-20 19:30 -------
Bug is still present in 4.2.2.
Some more info:
I rewrote the example to (atleast for me) little more clear example.
struct fseqp_void
{
void (*p) (void);
char *e;
};
struct fseqp_void c;
void bar (void){}
int main (void)
{
c.e = (char *)bar + 2;
c.p = bar;
c.p();
return 0;
}
The problem is the re-use after loading bar into the struct:
ldi r24,lo8(bar+2) <<Hmm this should need gs() I guess
ldi r25,hi8(bar+2)
sts (c+2)+1,r25
sts c+2,r24
sbiw r24,2 <<Sub 2, but we also need a shift!
sts (c)+1,r25
sts c,r24
However if comment out the dump the load off the variable e, then all is well
int main (void)
{
//c.e = (char *)bar + 2;
c.p = bar;
c.p();
return 0;
}
ldi r24,lo8(gs(bar))
ldi r25,hi8(gs(bar))
sts (c)+1,r25
sts c,r24
ldi r24,lo8(0)
ldi r25,hi8(0)
And if the order of assigment is reverted then all is well also
c.e = (char *)bar + 2;
c.p = bar;
c.p();
return 0;
ldi r24,lo8(gs(bar))
ldi r25,hi8(gs(bar))
sts (c)+1,r25
sts c,r24
adiw r24,2
sts (c+2)+1,r25
sts c+2,r24
ldi r24,lo8(0)
ldi r25,hi8(0)
So the problem is the optimizer, which forget that the 16-bit program address
is different from the data address.
--
wvangulik at xs4all dot nl changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |wvangulik at xs4all dot nl
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=27192
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/27192] call through function pointer goes to wrong address
2006-04-18 5:32 [Bug c/27192] New: call through function pointer goes to wrong address regehr at cs dot utah dot edu
` (6 preceding siblings ...)
2008-01-20 20:18 ` wvangulik at xs4all dot nl
@ 2009-12-24 20:01 ` hutchinsonandy at gcc dot gnu dot org
2009-12-29 21:25 ` eric dot weddington at atmel dot com
8 siblings, 0 replies; 10+ messages in thread
From: hutchinsonandy at gcc dot gnu dot org @ 2009-12-24 20:01 UTC (permalink / raw)
To: gcc-bugs
------- Comment #7 from hutchinsonandy at gcc dot gnu dot org 2009-12-24 20:01 -------
Fixed 4.5
--
hutchinsonandy at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=27192
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/27192] call through function pointer goes to wrong address
2006-04-18 5:32 [Bug c/27192] New: call through function pointer goes to wrong address regehr at cs dot utah dot edu
` (7 preceding siblings ...)
2009-12-24 20:01 ` hutchinsonandy at gcc dot gnu dot org
@ 2009-12-29 21:25 ` eric dot weddington at atmel dot com
8 siblings, 0 replies; 10+ messages in thread
From: eric dot weddington at atmel dot com @ 2009-12-29 21:25 UTC (permalink / raw)
To: gcc-bugs
--
eric dot weddington at atmel dot com changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |4.5.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=27192
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2009-12-29 21:25 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-04-18 5:32 [Bug c/27192] New: call through function pointer goes to wrong address regehr at cs dot utah dot edu
2007-03-30 18:55 ` [Bug target/27192] " eweddington at cso dot atmel dot com
2007-04-03 23:24 ` eweddington at cso dot atmel dot com
2007-04-03 23:25 ` eweddington at cso dot atmel dot com
2007-04-03 23:38 ` eweddington at cso dot atmel dot com
2007-04-09 20:17 ` eweddington at cso dot atmel dot com
2007-05-30 19:23 ` eweddington at cso dot atmel dot com
2008-01-20 20:18 ` wvangulik at xs4all dot nl
2009-12-24 20:01 ` hutchinsonandy at gcc dot gnu dot org
2009-12-29 21:25 ` eric dot weddington at atmel dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).