public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug c++/46317] New: Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance
@ 2010-11-05 16:50 end3er at gmail dot com
2010-11-05 16:55 ` [Bug c++/46317] " pinskia at gcc dot gnu.org
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: end3er at gmail dot com @ 2010-11-05 16:50 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46317
Summary: Incorrect construction vtable on ARM in case of
diamond shaped virtual inheritance
Product: gcc
Version: 4.2.1
Status: UNCONFIRMED
Severity: major
Priority: P3
Component: c++
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: end3er@gmail.com
Created attachment 22295
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=22295
Code that triggers the issue on ARM
This problem appears on ARM (not x86), with -O > 0.
The register R1 holding the pointer to the construction vtable for the
Parent-in-Child is actually pointing to the wrong Parent-in-Child vtable:
Let's assume we have a virtual base class A, two derived class B and C
virtually inheriting from A and a final class D derived virtually from B and
normally from C.
When instantiating D, the CTOR for B is called with R1 pointing to the
construction vtable for B-in-D instead of the one for C-in-D, which thus make
the program crash since it tries to access an uninitialized element of the
vtable for B when trying to access elements in C.
A work-around for this issue is to compile with -fno-toplevel-reorder. It fixes
the problem for all optimizations level
This issue seems to be linked to #41354.
^ permalink raw reply [flat|nested] 9+ messages in thread* [Bug c++/46317] Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance 2010-11-05 16:50 [Bug c++/46317] New: Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance end3er at gmail dot com @ 2010-11-05 16:55 ` pinskia at gcc dot gnu.org 2010-11-05 17:07 ` end3er at gmail dot com ` (6 subsequent siblings) 7 siblings, 0 replies; 9+ messages in thread From: pinskia at gcc dot gnu.org @ 2010-11-05 16:55 UTC (permalink / raw) To: gcc-bugs http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46317 --- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> 2010-11-05 16:55:29 UTC --- Does -fno-tree-sink fixes the issue? ^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug c++/46317] Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance 2010-11-05 16:50 [Bug c++/46317] New: Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance end3er at gmail dot com 2010-11-05 16:55 ` [Bug c++/46317] " pinskia at gcc dot gnu.org @ 2010-11-05 17:07 ` end3er at gmail dot com 2011-01-28 10:49 ` ibolton at gcc dot gnu.org ` (5 subsequent siblings) 7 siblings, 0 replies; 9+ messages in thread From: end3er at gmail dot com @ 2010-11-05 17:07 UTC (permalink / raw) To: gcc-bugs http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46317 --- Comment #2 from end3er at gmail dot com 2010-11-05 17:06:49 UTC --- (In reply to comment #1) > Does -fno-tree-sink fixes the issue? No it doesn't. The only flags that works are: -O0 or -fno-inline or -fno-unit-at-a-time or -fno-toplevel-reorder I can also make it work more or less by deactivating a certain number of optimisation flag, but the output code does not really work... (I have tried something like 58 different flags...) ^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug c++/46317] Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance 2010-11-05 16:50 [Bug c++/46317] New: Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance end3er at gmail dot com 2010-11-05 16:55 ` [Bug c++/46317] " pinskia at gcc dot gnu.org 2010-11-05 17:07 ` end3er at gmail dot com @ 2011-01-28 10:49 ` ibolton at gcc dot gnu.org 2011-01-28 22:22 ` end3er at gmail dot com ` (4 subsequent siblings) 7 siblings, 0 replies; 9+ messages in thread From: ibolton at gcc dot gnu.org @ 2011-01-28 10:49 UTC (permalink / raw) To: gcc-bugs http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46317 Ian Bolton <ibolton at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |WAITING Last reconfirmed| |2011.01.28 10:19:03 CC| |ibolton at gcc dot gnu.org Ever Confirmed|0 |1 --- Comment #3 from Ian Bolton <ibolton at gcc dot gnu.org> 2011-01-28 10:19:03 UTC --- (In reply to comment #2) > (In reply to comment #1) > > Does -fno-tree-sink fixes the issue? > > No it doesn't. The only flags that works are: > -O0 or > -fno-inline or > -fno-unit-at-a-time or > -fno-toplevel-reorder > > I can also make it work more or less by deactivating a certain number of > optimisation flag, but the output code does not really work... (I have tried > something like 58 different flags...) Out of interest, did you try any newer releases of gcc? ^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug c++/46317] Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance 2010-11-05 16:50 [Bug c++/46317] New: Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance end3er at gmail dot com ` (2 preceding siblings ...) 2011-01-28 10:49 ` ibolton at gcc dot gnu.org @ 2011-01-28 22:22 ` end3er at gmail dot com 2011-01-28 22:36 ` end3er at gmail dot com ` (3 subsequent siblings) 7 siblings, 0 replies; 9+ messages in thread From: end3er at gmail dot com @ 2011-01-28 22:22 UTC (permalink / raw) To: gcc-bugs http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46317 --- Comment #4 from end3er at gmail dot com 2011-01-28 21:04:45 UTC --- (In reply to comment #3) > (In reply to comment #2) > > (In reply to comment #1) > > > Does -fno-tree-sink fixes the issue? > > > > No it doesn't. The only flags that works are: > > -O0 or > > -fno-inline or > > -fno-unit-at-a-time or > > -fno-toplevel-reorder > > > > I can also make it work more or less by deactivating a certain number of > > optimisation flag, but the output code does not really work... (I have tried > > something like 58 different flags...) > > Out of interest, did you try any newer releases of gcc? I finally took the time to compile gcc-4.5, and the issue is still there: Using built-in specs. COLLECT_GCC=arm-none-eabi-c++ Target: arm-none-eabi Configured with: ../configure --prefix=/opt/gcc-4.5/arm-none-eabi --target=arm-none-eabi --enable-interwork --enable-multilib --enable-languages=c,c++ --with-newlib --disable-nls --disable-shared --disable-threads --with-gnu-as --with-gnu-ld --with-gmp=/home/build/gcc-4.5_arm/gmp --with-mpfr=/home/build/gcc-4.5_arm/mpfr --with-mpc=/home/build/gcc-4.5_arm/mpc Thread model: single gcc version 4.5.0 (GCC) 00008268 <D::D(int)>: 8268: e92d4038 push {r3, r4, r5, lr} 826c: e1a04000 mov r4, r0 8270: e1a02001 mov r2, r1 8274: e1a03000 mov r3, r0 8278: e59f103c ldr r1, [pc, #60] ; 82bc <D::D(int)+0x54> 827c: e4831008 str r1, [r3], #8 8280: e59f5038 ldr r5, [pc, #56] ; 82c0 <D::D(int)+0x58> 8284: e595102c ldr r1, [r5, #44] ; 0x2c 8288: e5801008 str r1, [r0, #8] 828c: e5111010 ldr r1, [r1, #-16] 8290: e595c030 ldr ip, [r5, #48] ; 0x30 8294: e783c001 str ip, [r3, r1] 8298: e285101c add r1, r5, #28 829c: ebffffca bl 81cc <C::C(int)> ... 82bc: 0001d3e8 82c0: 0001d418 ... r1 = [0x1d418, #44] 1d444: 0001d4b0 ... r1 = 0x1d4b0, #-16 0001d4a0 <construction vtable for B-in-D>: 1d4a0: fffffff8 ... 000081cc <C::C(int)>: 81cc: e591c000 ldr ip, [r1] the correct r1 value should be: 0001d488 <construction vtable for C-in-D>: ... 1d494: 0001d4f8 strdeq sp, [r1], -r8 1d498: 000081b8 undefined instruction 0x000081b8 1d49c: 00000000 andeq r0, r0, r0 When compiling with -O0, r1 is set to a correct address belonging to C-in-D: 00008448 <D::D(int)>: 8448: e92d4800 push {fp, lr} 844c: e28db004 add fp, sp, #4 8450: e24dd008 sub sp, sp, #8 8454: e50b0008 str r0, [fp, #-8] 8458: e50b100c str r1, [fp, #-12] 845c: e51b3008 ldr r3, [fp, #-8] 8460: e1a00003 mov r0, r3 8464: eb000100 bl 886c <A::A()> 8468: e51b3008 ldr r3, [fp, #-8] 846c: e2832008 add r2, r3, #8 8470: e59f3070 ldr r3, [pc, #112] ; 84e8 <D::D(int)+0xa0> 8474: e2833014 add r3, r3, #20 8478: e1a00002 mov r0, r2 847c: e1a01003 mov r1, r3 8480: eb000106 bl 88a0 <B::B()> 8484: e51b2008 ldr r2, [fp, #-8] 8488: e59f3058 ldr r3, [pc, #88] ; 84e8 <D::D(int)+0xa0> 848c: e2833004 add r3, r3, #4 8490: e1a00002 mov r0, r2 8494: e1a01003 mov r1, r3 8498: e51b200c ldr r2, [fp, #-12] 849c: ebffff45 bl 81b8 <C::C(int)> ... 84e8: 0001d950 ... 0001d950, #4 1d954: 0001d980 ... 0001d970 <construction vtable for C-in-D>: ... 1d97c: 0001d9f4 strdeq sp, [r1], -r4 1d980: 00008374 andeq r8, r0, r4, ror r3 ^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug c++/46317] Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance 2010-11-05 16:50 [Bug c++/46317] New: Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance end3er at gmail dot com ` (3 preceding siblings ...) 2011-01-28 22:22 ` end3er at gmail dot com @ 2011-01-28 22:36 ` end3er at gmail dot com 2011-01-29 18:27 ` mikpe at it dot uu.se ` (2 subsequent siblings) 7 siblings, 0 replies; 9+ messages in thread From: end3er at gmail dot com @ 2011-01-28 22:36 UTC (permalink / raw) To: gcc-bugs http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46317 end3er at gmail dot com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |end3er at gmail dot com --- Comment #5 from end3er at gmail dot com 2011-01-28 21:15:19 UTC --- oops, I missed some lines from the C CTOR: 000081cc <C::C(int)>: 81cc: e591c000 ldr ip, [r1] 81d0: e580c000 str ip, [r0] 81d4: e51cc010 ldr ip, [ip, #-16] ([r1] is equal to [0x1d4a0] = 0xfffffff8 instead of [0x1d498]=0x81b8 which is mapped) ^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug c++/46317] Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance 2010-11-05 16:50 [Bug c++/46317] New: Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance end3er at gmail dot com ` (4 preceding siblings ...) 2011-01-28 22:36 ` end3er at gmail dot com @ 2011-01-29 18:27 ` mikpe at it dot uu.se 2011-01-30 17:51 ` end3er at gmail dot com 2011-04-18 16:11 ` rearnsha at gcc dot gnu.org 7 siblings, 0 replies; 9+ messages in thread From: mikpe at it dot uu.se @ 2011-01-29 18:27 UTC (permalink / raw) To: gcc-bugs http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46317 Mikael Pettersson <mikpe at it dot uu.se> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mikpe at it dot uu.se --- Comment #6 from Mikael Pettersson <mikpe at it dot uu.se> 2011-01-29 17:40:42 UTC --- This test case works for me on armv5tel-linux-gnueabi with gcc 4.4.5, 4.5.2, and 4.6-20110122. ^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug c++/46317] Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance 2010-11-05 16:50 [Bug c++/46317] New: Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance end3er at gmail dot com ` (5 preceding siblings ...) 2011-01-29 18:27 ` mikpe at it dot uu.se @ 2011-01-30 17:51 ` end3er at gmail dot com 2011-04-18 16:11 ` rearnsha at gcc dot gnu.org 7 siblings, 0 replies; 9+ messages in thread From: end3er at gmail dot com @ 2011-01-30 17:51 UTC (permalink / raw) To: gcc-bugs http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46317 end3er at gmail dot com changed: What |Removed |Added ---------------------------------------------------------------------------- Version|4.5.0 |4.2.1 --- Comment #7 from end3er at gmail dot com 2011-01-30 17:35:32 UTC --- (In reply to comment #6) > This test case works for me on armv5tel-linux-gnueabi with gcc 4.4.5, 4.5.2, > and 4.6-20110122. Oops, you are right actually, I missed one line in my static analysis (I didn't have an ARM target to live test...): 8298: e285101c add r1, r5, #28 This line actually correctly sets r1 to <construction vtable for C-in-D>+0x10 when compiling with GCC 4.5.0 So the bug is actually only seen with GCC 4.2.1 Sorry for the false positive... ^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug c++/46317] Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance 2010-11-05 16:50 [Bug c++/46317] New: Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance end3er at gmail dot com ` (6 preceding siblings ...) 2011-01-30 17:51 ` end3er at gmail dot com @ 2011-04-18 16:11 ` rearnsha at gcc dot gnu.org 7 siblings, 0 replies; 9+ messages in thread From: rearnsha at gcc dot gnu.org @ 2011-04-18 16:11 UTC (permalink / raw) To: gcc-bugs http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46317 Richard Earnshaw <rearnsha at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|WAITING |RESOLVED CC| |rearnsha at gcc dot gnu.org Resolution| |FIXED Target Milestone|--- |4.3.0 --- Comment #8 from Richard Earnshaw <rearnsha at gcc dot gnu.org> 2011-04-18 16:10:01 UTC --- gcc-4.2 is no-longer being maintained. Closing as fixed. ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2011-04-18 16:11 UTC | newest] Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2010-11-05 16:50 [Bug c++/46317] New: Incorrect construction vtable on ARM in case of diamond shaped virtual inheritance end3er at gmail dot com 2010-11-05 16:55 ` [Bug c++/46317] " pinskia at gcc dot gnu.org 2010-11-05 17:07 ` end3er at gmail dot com 2011-01-28 10:49 ` ibolton at gcc dot gnu.org 2011-01-28 22:22 ` end3er at gmail dot com 2011-01-28 22:36 ` end3er at gmail dot com 2011-01-29 18:27 ` mikpe at it dot uu.se 2011-01-30 17:51 ` end3er at gmail dot com 2011-04-18 16:11 ` rearnsha at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).