From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-341486-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 23847 invoked by alias); 22 Dec 2010 00:55:53 -0000
Received: (qmail 23836 invoked by uid 22791); 22 Dec 2010 00:55:49 -0000
X-SWARE-Spam-Status: No, hits=-2.8 required=5.0	tests=ALL_TRUSTED,AWL,BAYES_00,TW_CP,TW_OV
X-Spam-Check-By: sourceware.org
Received: from localhost (HELO gcc.gnu.org) (127.0.0.1)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 22 Dec 2010 00:55:44 +0000
From: "changpeng.fang at amd dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug regression/47037] 465.tonto Segmentation Fault in memset
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: regression
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: changpeng.fang at amd dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Changed-Fields:
Message-ID: <bug-47037-4-mjXBunYS0b@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-47037-4@http.gcc.gnu.org/bugzilla/>
References: <bug-47037-4@http.gcc.gnu.org/bugzilla/>
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
Content-Type: text/plain; charset="UTF-8"
MIME-Version: 1.0
Date: Wed, 22 Dec 2010 00:55:00 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
X-SW-Source: 2010-12/txt/msg02469.txt.bz2

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47037

--- Comment #1 from Changpeng Fang <changpeng.fang at amd dot com> 2010-12-22 00:55:35 UTC ---
Initially I thought it is a glibc bug, but seems it is not:

(1) A workaround flag is -fno-caller-saves
(2) The compile binary (NOTE: with -static) runs correctly on other systems

The bad code is in atom.fppized:

 subroutine set_label_and_atomic_number(self,label)
    type(atom_type) :: self
    !Set an type(atom_type) "label" and extract the atomic number from it.
      character(*) :: label
      integer(kind=kind(1)) :: lensym,z
      character(128) :: symbol
      logical(kind=kind(.true.)) :: error

      self%label = label


The memset is for the label copy:

.LBB633:
        .loc 1 967 0 discriminator 2
        movq    %r13, %rdx
        movq    %rbx, %rsi
        movq    %rsp, %rdi
        call    memcpy
        movl    $128, %edx
        leaq    (%rsp,%r13), %rdi ## <---- bad address
        movl    $32, %esi
        subq    %r13, %rdx
        movq    %rsp, %r12
        call    memset
        jmp     .L707
.LVL646:
        .p2align 4,,10
        .p2align 3
.L717:


Looks like %rsp value is not correct (stack corrupted).