[Bug target/58854] New: [ARM 4.8 regression] "sub sp, fp, #40" hoisted above frame accesses

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "bccheng at android dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug target/58854] New: [ARM 4.8 regression] "sub sp, fp, #40" hoisted above frame accesses
Date: Wed, 23 Oct 2013 17:40:00 -0000	[thread overview]
Message-ID: <bug-58854-4@http.gcc.gnu.org/bugzilla/> (raw)

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854

            Bug ID: 58854
           Summary: [ARM 4.8 regression] "sub sp, fp, #40" hoisted above
                    frame accesses
           Product: gcc
           Version: 4.8.1
            Status: UNCONFIRMED
          Severity: major
          Priority: P3
         Component: target
          Assignee: unassigned at gcc dot gnu.org
          Reporter: bccheng at android dot com

With GCC 4.8.1 we encountered a regression in linux 3.4 kernel code on ARM
devices. The problematic instruction sequence is below:

    sub sp, fp, #40      << fp-48 is above sp now
    ldr r3, [fp, #-60]
    ldr r0, [fp, #-56]
    str r6, [r2]
    ldr r2, [fp, #-48]   << clobbered by handler
    str r3, [r2]         << trying to load from 0xffffffff
    ldmfd   sp, {r4, r5, r6, r7, r8, r9, r10, fp, sp, pc}

A read-only pointer value is passed to the function and stored at [fp-48]. But
later it is found that the value has been clobbered and become 0xffffffff. If I
manually move the "sub sp, fp, #40" instruction right before the ldmfd
instruction, the kernel becomes stable again.

I can reproduce the regression on 4.8.1 and 4.8.2, but not on 4.7. The
compilation command is

arm-eabi-gcc -O2  -marm -fno-omit-frame-pointer -mapcs  -march=armv7-a 
-mabi=aapcs-linux -S test.c

and GCC is configured as
Target: arm-eabi
Configured with: /tmp/AOSP-toolchain/build/../gcc/gcc-4.8/configure
--prefix=/tmp/toolchain-build-eabi/prefix --target=arm-eabi
--host=x86_64-linux-gnu --build=x86_64-linux-gnu --with-gnu-as --with-gnu-ld
--enable-languages=c,c++ --with-gmp=/tmp/toolchain-build-eabi/temp-install
--with-mpfr=/tmp/toolchain-build-eabi/temp-install
--with-mpc=/tmp/toolchain-build-eabi/temp-install
--with-cloog=/tmp/toolchain-build-eabi/temp-install
--with-isl=/tmp/toolchain-build-eabi/temp-install
--with-ppl=/tmp/toolchain-build-eabi/temp-install --disable-ppl-version-check
--disable-cloog-version-check --disable-isl-version-check
--enable-cloog-backend=isl --with-host-libstdcxx='-static-libgcc
-Wl,-Bstatic,-lstdc++,-Bdynamic -lm' --disable-libssp --enable-threads
--disable-nls --disable-libmudflap --disable-libgomp --disable-libstdc__-v3
--disable-sjlj-exceptions --disable-shared --disable-tls --disable-libitm
--with-float=soft --with-fpu=vfp --with-arch=armv5te --enable-target-optspace
--with-abi=aapcs --enable-initfini-array --disable-nls
--prefix=/tmp/toolchain-build-eabi/prefix
--with-sysroot=/tmp/toolchain-build-eabi/prefix/sysroot
--with-binutils-version=2.23 --with-mpfr-version=3.1.1 --with-mpc-version=1.0.1
--with-gmp-version=5.0.5 --with-gcc-version=4.8 --with-gdb-version=7.6
--with-gxx-include-dir=/tmp/toolchain-build-eabi/prefix/include/c++/4.8
--with-bugurl=http://source.android.com/source/report-bugs.html
--disable-bootstrap --disable-libquadmath --enable-plugins
--disable-libsanitizer --enable-gold --enable-graphite=yes
--with-cloog-version=0.18.0 --with-isl-version=0.11.1
--enable-eh-frame-hdr-for-static --with-arch=armv5te --disable-gold
--program-transform-name='s&^&arm-eabi-&'
Thread model: single
gcc version 4.8 (GCC)

next             reply	other threads:[~2013-10-23 17:40 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-10-23 17:40 bccheng at android dot com [this message]
2013-10-23 17:42 ` [Bug target/58854] " bccheng at android dot com
2013-10-23 17:51 ` [Bug target/58854] [4.8 " pinskia at gcc dot gnu.org
2013-10-24 22:50 ` mikpelinux at gmail dot com
2013-10-29 13:40 ` ramana at gcc dot gnu.org
2013-10-29 13:46 ` ramana at gcc dot gnu.org
2013-10-29 14:53 ` ramana at gcc dot gnu.org
2013-10-29 22:33 ` bccheng at android dot com
2013-10-30 10:54 ` ramana at gcc dot gnu.org
2013-11-11  9:38 ` ramana at gcc dot gnu.org
2014-01-01  2:57 ` minktee at hotmail dot com
2014-01-01  3:59 ` minktee at hotmail dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-58854-4@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).