[Bug target/63360] New: Does not retore f31 at -O0 across function calls

[Bug target/63360] New: Does not retore f31 at -O0 across function calls

[camm at debian dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63360

            Bug ID: 63360
           Summary: Does not retore f31 at -O0 across function calls
           Product: gcc
           Version: 4.9.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: target
          Assignee: unassigned at gcc dot gnu.org
          Reporter: camm at debian dot org

Created attachment 33551
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33551&action=edit
invert.c, invert.cpp, and invert.gdb gdb session

Register variable stored in f31 is stored on the stack, but not restored and
thus clobbered, after a function call.

Compiled with 

gcc -c -g  -Wall -fsigned-char -Wno-unused-but-set-variable -pipe -g -mlongcall

[Bug target/63360] Does not retore f31 at -O0 across function calls

[bergner at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63360

--- Comment #1 from Peter Bergner <bergner at gcc dot gnu.org> ---
(In reply to camm from comment #0)
> Created attachment 33551 [details]
> invert.c, invert.cpp, and invert.gdb gdb session
> 
> Register variable stored in f31 is stored on the stack, but not restored and
> thus clobbered, after a function call.

Camm and I  discussed this offline and I mentioned that the gdb disassembly
doesn't show any of the functions called by L2(), so we cannot determine which
function is clobbering f31.  Camm is going to rerun the debugger and determine
which calle is clobbering f31 and get the disassemb;y for that.

[Bug target/63360] Does not retore f31 at -O0 across function calls

[camm at debian dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63360

--- Comment #2 from camm at debian dot org ---
Created attachment 33563
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33563&action=edit
gdb transcript showing longjmp clobbering of f31

[Bug target/63360] Does not retore f31 at -O0 across function calls

[camm at debian dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63360

--- Comment #3 from camm at debian dot org ---
Additional transcript showing the 0 f31 value is transmitted to the return of
the original call through Lnk23 in L2.

[Bug target/63360] Does not retore f31 at -O0 across function calls

[camm at debian dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63360

--- Comment #4 from camm at debian dot org ---
Created attachment 33564
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33564&action=edit
additional gdb transcript showing 0 f31 transmitted to return of Lnk23 in L2

[Bug target/63360] Does not retore f31 at -O0 across function calls

[schwab@linux-m68k.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63360

--- Comment #5 from Andreas Schwab <schwab@linux-m68k.org> ---
Please make sure all functions are called exactly as they are defined.

[Bug target/63360] Does not retore f31 at -O0 across function calls

[camm at debian dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63360

--- Comment #6 from camm at debian dot org ---
Here is another transcript showing the innermost setjmp/longjmp pair corrupting
the f31 register.  It is a little complicated as there is an inner call to the
same code which proceeds successfully.

[Bug target/63360] Does not retore f31 at -O0 across function calls

[camm at debian dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63360

--- Comment #7 from camm at debian dot org ---
Created attachment 33567
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33567&action=edit
gdb transcript showing innermost setjmp/longjmp f31 clobber

[Bug target/63360] Does not retore f31 at -O0 across function calls

[bergner at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63360

--- Comment #8 from Peter Bergner <bergner at gcc dot gnu.org> ---
(In reply to camm from comment #6)
> Here is another transcript showing the innermost setjmp/longjmp pair
> corrupting the f31 register.

I've looked at the longjmp code and it seems fine to me.  Since you said
offline that your code works correctly when compiled with optimization and
fails without optimization, that too would clear setjmp/longjmp from being the
guilty party, since both runs are using the same setjmp/longjmp glibc library
code.

That said, if longjmp() is indeed returning a clobbered value for f31, then it
is my guess that the jmpbuf being passed to longjmp is being clobbered
somewhere between the setjmp call and the longjmp call.  Can you set a watch
point on the jmpbuf and try and track down where it is being clobbered?

[Bug target/63360] Does not retore f31 at -O0 across function calls

[camm at debian dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63360

--- Comment #9 from camm at debian dot org ---
Created attachment 33570
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33570&action=edit
the setjmp buffer does not appear to be clobbered

[Bug target/63360] Does not retore f31 at -O0 across function calls

[bergner at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63360

Peter Bergner <bergner at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |uweigand at gcc dot gnu.org

--- Comment #10 from Peter Bergner <bergner at gcc dot gnu.org> ---
Adding Uli to the bugzilla, since he implemented all of the ELFv2 ABI call
changes.

Uli, any ideas on what might be going on here?  It looks to me, that ELFv1 and
ELFv2 use the same exact jmpbuf layout and setjmp/longjmp code, so that looks
to be correct and not buggy.

[Bug target/63360] Does not retore f31 at -O0 across function calls

[camm at debian dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63360

--- Comment #11 from camm at debian dot org ---
Created attachment 33571
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33571&action=edit
gdb transcript showing jmp_buf is unchanged across setjmp && longjmp

[Bug target/63360] Does not retore f31 at -O0 across function calls

[camm at debian dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63360

--- Comment #12 from camm at debian dot org ---
Created attachment 33572
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33572&action=edit
setjmp does write to jmp_buf, but not at the end of the buffer.

[Bug target/63360] Does not retore f31 at -O0 across function calls

[camm at debian dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63360

--- Comment #13 from camm at debian dot org ---
Created attachment 33573
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33573&action=edit
gdb transcript shoinwg f31 is correct on entry to setjmp

[Bug target/63360] Does not retore f31 at -O0 across function calls

[camm at debian dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63360

--- Comment #14 from camm at debian dot org ---
Created attachment 33574
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33574&action=edit
continuation of gdb.7 showing no stfd fp31,((39)*8)(3) executed

[Bug target/63360] Does not retore f31 at -O0 across function calls

[camm at debian dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63360

--- Comment #15 from camm at debian dot org ---
Created attachment 33575
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33575&action=edit
setjmp saves f31, then zeroes out the result with stvx    v3,0,r5