From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-313709-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 13704 invoked by alias); 4 Apr 2010 21:08:38 -0000
Received: (qmail 13647 invoked by uid 48); 4 Apr 2010 21:08:11 -0000
Date: Sun, 04 Apr 2010 21:08:00 -0000
Subject: [Bug target/43643]  New: gcc -m64 -pg corrupts %rdx / %rcx register
X-Bugzilla-Reason: CC
Message-ID: <bug-43643-18999@http.gcc.gnu.org/bugzilla/>
Reply-To: gcc-bugzilla@gcc.gnu.org
To: gcc-bugs@gcc.gnu.org
From: "jrgn dot keil at googlemail dot com" <gcc-bugzilla@gcc.gnu.org>
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
X-SW-Source: 2010-04/txt/msg00349.txt.bz2

When profiling a 64bit binary compiled from the following source,
the resulting binary crashes in strdup() / strlen(), 
gcc's 64bit x86 profiling code corrupts the contents of the
%rcx / %rdx register.

% /tmp/gcc4/bin/gcc --version
gcc (GCC) 4.5.0 20100401 (experimental)

% cat test.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

void
func(char *a, char *b, char *c)
{
        strdup(a);
        strdup(b);
        strdup(c);
}

int
main(int argc, char **argv)
{
        func("a", "b", "c");
        exit(0);
}

% /tmp/gcc4/bin/gcc -m64 -pg -o test test.c

% file test
test:           ELF 64-bit LSB executable AMD64 Version 1, dynamically linked,
not stripped

% ./test                                                           
Memory fault(coredump)

% pstack core                                                      
core 'core' of 19120:   ./test
 fffffd7fff23fb94 strlen () + 14
 000000000040184c func () + 44
 000000000040187d main () + 2f
 0000000000401138 _start () + 98


gmon-sol2.c:

260      "\tmovq\t%rax,(%rsp)\n"
261     "\tmovq\t%rcx,0x08(%rsp)\n"
262     "\tmovq\t%rdx,0x10(%rsp)\n" 
...
277      "\tmovq\t0x10(%rsp),%rdx\n"
278     "\tmovq\t0x08(%rsp),%rdx\n"   <<<<<<<<<<<<<<
279     "\tmovq\t(%rsp),%rax\n" 

Line 278 must restore to %rcx !


-- 
           Summary: gcc -m64 -pg corrupts %rdx / %rcx register
           Product: gcc
           Version: 4.5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: target
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: jrgn dot keil at googlemail dot com
 GCC build triplet: i386-pc-solaris2.11
  GCC host triplet: i386-pc-solaris2.11
GCC target triplet: i386-pc-solaris2.11


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43643