From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id DC0163858001; Fri, 25 Jun 2021 08:09:36 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DC0163858001 From: "saaadhu at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug target/101188] [AVR] Miscompilation and function pointers Date: Fri, 25 Jun 2021 08:09:36 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: target X-Bugzilla-Version: 11.1.0 X-Bugzilla-Keywords: wrong-code X-Bugzilla-Severity: normal X-Bugzilla-Who: saaadhu at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status cc everconfirmed cf_reconfirmed_on Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jun 2021 08:09:37 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D101188 Senthil Kumar Selvaraj changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW CC| |saaadhu at gcc dot gnu.org Ever confirmed|0 |1 Last reconfirmed| |2021-06-25 --- Comment #1 from Senthil Kumar Selvaraj --- Confirmed with 12.0.0 20210625 Here's a reduced testcase that hangs indefinitely with avrtest - the log sh= ows call to address 0. $ cat fail.c #include #include typedef uint8_t (*fn1)(void *a); typedef void (*fn2)(void *a, const uint32_t *arg); struct S { uint8_t buffer[64]; uint16_t n; fn2 f2; void *a; fn1 f1; }; volatile uint16_t x; void __attribute__((noinline)) foo(uint16_t n) { x =3D n; } void __attribute__((noinline)) testfn(struct S *self) { uint32_t arg; foo(self->n); self->n++; self->f2(self->a, &arg); self->buffer[0] =3D self->f1(self->a); } static unsigned char myfn2_called =3D 0; static void myfn2(void *a, const uint32_t * arg) { myfn2_called =3D 1;=20=20 } static uint8_t myfn1(void *a) { } int main() { struct S s; s.n =3D 0; s.f2 =3D myfn2; s.f1 =3D myfn1; testfn(&s); if (myfn2_called !=3D 1) abort(); return 0; } $ avr-gcc -mmcu=3Datmega128 fail.c -O2 ~/code/avrtest/exit-atmega128.o --ve= rsion avr-gcc (GCC) 12.0.0 20210625 (experimental) Copyright (C) 2021 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. $ ~/code/avrtest/avrtest -mmcu=3Davr51 a.out=20 ^C The below code is at fault - there's an ldi to r31, followed by a load to Z using R31:R30, and then an icall. The clobbering of r31 at 0x138 causes junk values (0) to be read into Z, and icall calls address 0.=20 138: f4 e4 ldi r31, 0x44 ; 68 13a: ef 0e add r14, r31 13c: f1 1c adc r15, r1 13e: 32 96 adiw r30, 0x02 ; 2 140: 01 90 ld r0, Z+ 142: f0 81 ld r31, Z 144: e0 2d mov r30, r0 146: be 01 movw r22, r28 148: 6f 5f subi r22, 0xFF ; 255 14a: 7f 4f sbci r23, 0xFF ; 255 14c: d7 01 movw r26, r14 14e: 8d 91 ld r24, X+ 150: 9c 91 ld r25, X 152: 09 95 icall=