public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "joel.bertrand at systella dot fr" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug c/101188] New: [AVR] Miscompilation and function pointers Date: Thu, 24 Jun 2021 07:36:26 +0000 [thread overview] Message-ID: <bug-101188-4@http.gcc.gnu.org/bugzilla/> (raw) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101188 Bug ID: 101188 Summary: [AVR] Miscompilation and function pointers Product: gcc Version: 11.1.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: joel.bertrand at systella dot fr Target Milestone: --- Hello, I'm writing a firmware that runs on an ATmega1284. To build this bare metal firmware, I have used avr-gcc 5.4.0 and I have seen a strange pointer corruption. Thus, I have built from scratch a new gcc (11.1.0) that triggers the same bug. In a first time, my code is downloadable at https://hilbert.systella.fr/public/firmware.tar.gz I have tried to make a simple testcase, but when I remove some unused code, sometimes, firmware runs as expected. That being said, a lot of code is not executed. In main.c, I only initialize my board and I only try to send LoRaWAN packets. In lorawan/ldl_mac.c, you will find the following code : #if defined(LDL_FIX_GCC_BUG) void app_handler(void *app, enum ldl_mac_response_type type, const union ldl_mac_response_arg *arg); if (self->handler != app_handler) for(;;); #endif self->handler(self->app, LDL_MAC_DEV_NONCE_UPDATED, &arg); If I undefined LDL_FIX_GCC_BUG, firmware crashes as self->handler seems to be nullified. With LDL_FIX_GCC_BUG, firmware never stalls in for(;;) and runs as expected. Of course, self->handler should be equal to app_handler. If I replace self->handler(self->app, LDL_MAC_DEV_NONCE_UPDATED, &arg) by app_handler(self->app, LDL_MAC_DEV_NONCE_UPDATED, &arg), even if I delete code between #if and #endif, firmware runs also as expected. Thus, I have checked assembly output. good_2.S : (https://hilbert.systella.fr/public/good_2.S) a318: f6 01 movw r30, r12 ... a33c: e3 50 subi r30, 0x03 ; 3 a33e: ff 4f sbci r31, 0xFF ; 255 a340: 01 90 ld r0, Z+ a342: f0 81 ld r31, Z a344: e0 2d mov r30, r0 This loads Z with R13:R12, and then later offsets it by -0xFF03 to obtain the address of self->handler, which is then used by the icall instruction. bad.S : (https://hilbert.systella.fr/public/bad.S) a31c: f6 01 movw r30, r12 ... a340: 68 01 movw r12, r16 a342: ff e4 ldi r31, 0x4F ; 79 a344: cf 1a sub r12, r31 a346: fe ef ldi r31, 0xFE ; 254 a348: df 0a sbc r13, r31 a34a: e3 50 subi r30, 0x03 ; 3 a34c: ff 4f sbci r31, 0xFF ; 255 a34e: 01 90 ld r0, Z+ a350: f0 81 ld r31, Z a352: e0 2d mov r30, r0 Note the clobbering of R31:R30 with immediate values *before* the offsetting is done. I think this is a codegen bug - the compiler should have either picked a different set of regs to subtract R13:R12 from, or should have restored Z with a movw r30, r12 before 0xa34a. Regards, JN
next reply other threads:[~2021-06-24 7:36 UTC|newest] Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-06-24 7:36 joel.bertrand at systella dot fr [this message] 2021-06-25 8:09 ` [Bug target/101188] " saaadhu at gcc dot gnu.org 2023-05-24 6:56 ` gjl at gcc dot gnu.org 2023-05-24 7:21 ` [Bug rtl-optimization/101188] " gjl at gcc dot gnu.org 2023-05-24 7:44 ` gjl at gcc dot gnu.org 2023-05-24 11:07 ` gjl at gcc dot gnu.org 2023-05-24 19:07 ` gjl at gcc dot gnu.org 2023-05-25 9:47 ` gjl at gcc dot gnu.org 2023-05-28 9:24 ` [Bug rtl-optimization/101188] [postreload] Uses content of a clobbered register gjl at gcc dot gnu.org 2023-05-28 19:26 ` gjl at gcc dot gnu.org 2023-05-29 19:35 ` gjl at gcc dot gnu.org 2023-05-30 19:05 ` gjl at gcc dot gnu.org 2023-06-02 10:36 ` uweigand at gcc dot gnu.org 2023-06-02 11:27 ` gjl at gcc dot gnu.org 2023-06-02 15:35 ` uweigand at gcc dot gnu.org 2023-06-12 18:55 ` cvs-commit at gcc dot gnu.org 2023-06-13 11:42 ` gjl at gcc dot gnu.org 2023-06-13 11:45 ` gjl at gcc dot gnu.org 2023-08-09 18:57 ` gjl at gcc dot gnu.org 2024-02-09 11:23 ` [Bug rtl-optimization/101188] [11/12/13 Regression] " gjl at gcc dot gnu.org 2024-02-09 13:02 ` rguenth at gcc dot gnu.org 2024-05-08 11:47 ` rguenth at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-101188-4@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).