[Bug c/101188] New: [AVR] Miscompilation and function pointers

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "joel.bertrand at systella dot fr" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c/101188] New: [AVR] Miscompilation and function pointers
Date: Thu, 24 Jun 2021 07:36:26 +0000	[thread overview]
Message-ID: <bug-101188-4@http.gcc.gnu.org/bugzilla/> (raw)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101188

            Bug ID: 101188
           Summary: [AVR] Miscompilation and function pointers
           Product: gcc
           Version: 11.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: joel.bertrand at systella dot fr
  Target Milestone: ---

Hello,

I'm writing a firmware that runs on an ATmega1284. To build this bare metal
firmware, I have used avr-gcc 5.4.0 and I have seen a strange pointer
corruption. Thus, I have built from scratch a new gcc (11.1.0) that triggers
the same bug.

In a first time, my code is downloadable at
https://hilbert.systella.fr/public/firmware.tar.gz

I have tried to make a simple testcase, but when I remove some unused code,
sometimes, firmware runs as expected. That being said, a lot of code is not
executed. In main.c, I only initialize my board and I only try to send LoRaWAN
packets.

In lorawan/ldl_mac.c, you will find the following code :

#if defined(LDL_FIX_GCC_BUG)
            void app_handler(void *app, enum ldl_mac_response_type type,
                    const union ldl_mac_response_arg *arg);
            if (self->handler != app_handler) for(;;);
#endif

            self->handler(self->app, LDL_MAC_DEV_NONCE_UPDATED, &arg);

If I undefined LDL_FIX_GCC_BUG, firmware crashes as self->handler seems to be
nullified. With LDL_FIX_GCC_BUG, firmware never stalls in for(;;) and runs as
expected. Of course, self->handler should be equal to app_handler.

If I replace self->handler(self->app, LDL_MAC_DEV_NONCE_UPDATED, &arg) by
app_handler(self->app, LDL_MAC_DEV_NONCE_UPDATED, &arg), even if I delete code
between #if and #endif, firmware runs also as expected.

Thus, I have checked assembly output.

good_2.S : (https://hilbert.systella.fr/public/good_2.S)

    a318: f6 01       movw r30, r12
...
    a33c: e3 50       subi r30, 0x03 ; 3
    a33e: ff 4f       sbci r31, 0xFF ; 255
    a340: 01 90       ld r0, Z+
    a342: f0 81       ld r31, Z
    a344: e0 2d       mov r30, r0

This loads Z with R13:R12, and then later offsets it by -0xFF03 to
obtain the address of self->handler, which is then used by the icall
instruction.

bad.S : (https://hilbert.systella.fr/public/bad.S)

    a31c: f6 01       movw r30, r12
...
    a340: 68 01       movw r12, r16
    a342: ff e4       ldi r31, 0x4F ; 79
    a344: cf 1a       sub r12, r31
    a346: fe ef       ldi r31, 0xFE ; 254
    a348: df 0a       sbc r13, r31
    a34a: e3 50       subi r30, 0x03 ; 3
    a34c: ff 4f       sbci r31, 0xFF ; 255
    a34e: 01 90       ld r0, Z+
    a350: f0 81       ld r31, Z
    a352: e0 2d       mov r30, r0

Note the clobbering of R31:R30 with immediate values *before* the offsetting is
done. I think this is a codegen bug - the compiler should have either picked a
different set of regs to subtract R13:R12 from, or should have restored Z with
a movw r30, r12 before 0xa34a.

Regards,

JN

next             reply	other threads:[~2021-06-24  7:36 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-24  7:36 joel.bertrand at systella dot fr [this message]
2021-06-25  8:09 ` [Bug target/101188] " saaadhu at gcc dot gnu.org
2023-05-24  6:56 ` gjl at gcc dot gnu.org
2023-05-24  7:21 ` [Bug rtl-optimization/101188] " gjl at gcc dot gnu.org
2023-05-24  7:44 ` gjl at gcc dot gnu.org
2023-05-24 11:07 ` gjl at gcc dot gnu.org
2023-05-24 19:07 ` gjl at gcc dot gnu.org
2023-05-25  9:47 ` gjl at gcc dot gnu.org
2023-05-28  9:24 ` [Bug rtl-optimization/101188] [postreload] Uses content of a clobbered register gjl at gcc dot gnu.org
2023-05-28 19:26 ` gjl at gcc dot gnu.org
2023-05-29 19:35 ` gjl at gcc dot gnu.org
2023-05-30 19:05 ` gjl at gcc dot gnu.org
2023-06-02 10:36 ` uweigand at gcc dot gnu.org
2023-06-02 11:27 ` gjl at gcc dot gnu.org
2023-06-02 15:35 ` uweigand at gcc dot gnu.org
2023-06-12 18:55 ` cvs-commit at gcc dot gnu.org
2023-06-13 11:42 ` gjl at gcc dot gnu.org
2023-06-13 11:45 ` gjl at gcc dot gnu.org
2023-08-09 18:57 ` gjl at gcc dot gnu.org
2024-02-09 11:23 ` [Bug rtl-optimization/101188] [11/12/13 Regression] " gjl at gcc dot gnu.org
2024-02-09 13:02 ` rguenth at gcc dot gnu.org
2024-05-08 11:47 ` rguenth at gcc dot gnu.org

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-101188-4@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).