From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-prs-return-21270-listarch-gcc-prs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 24517 invoked by alias); 21 Aug 2002 13:46:05 -0000
Mailing-List: contact gcc-prs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Archive: <http://gcc.gnu.org/ml/gcc-prs/>
List-Post: <mailto:gcc-prs@gcc.gnu.org>
List-Help: <mailto:gcc-prs-help@gcc.gnu.org>
Sender: gcc-prs-owner@gcc.gnu.org
Received: (qmail 24497 invoked by uid 71); 21 Aug 2002 13:46:03 -0000
Resent-Date: 21 Aug 2002 13:46:03 -0000
Resent-Message-ID: <20020821134603.24495.qmail@sources.redhat.com>
Resent-From: gcc-gnats@gcc.gnu.org (GNATS Filer)
Resent-Cc: gcc-prs@gcc.gnu.org, gcc-bugs@gcc.gnu.org, wxf@start.com.cn
Resent-Reply-To: gcc-gnats@gcc.gnu.org, lium@i-net.com.cn
Received: (qmail 19343 invoked by uid 61); 21 Aug 2002 13:31:55 -0000
Message-Id: <20020821133155.19336.qmail@sources.redhat.com>
Date: Wed, 21 Aug 2002 08:36:00 -0000
From: lium@i-net.com.cn
Reply-To: lium@i-net.com.cn
To: gcc-gnats@gcc.gnu.org
Cc: wxf@start.com.cn
X-Send-Pr-Version: gnatsweb-2.9.3 (1.1.1.1.2.31)
X-GNATS-Notify: wxf@start.com.cn
Subject: c/7677: Gcc 3.2 generate the wrong target machine code, TOO, making the target crash
X-SW-Source: 2002-08/txt/msg00441.txt.bz2
List-Id: <gcc-prs.sourceware.org>


>Number:         7677
>Category:       c
>Synopsis:       Gcc 3.2 generate the wrong target machine code, TOO, making the target crash
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          wrong-code
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 21 06:46:02 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Start network, int.
>Release:        GCC v3.2
>Organization:
>Environment:
Host: x86-cygwin
Target: ARM7TDMI
>Description:
the Gcc generate wrong target machine code, which cause unexpected error. and the target machine code was logical error. 

you can get the detail from my attached file.

the following is the file:
/* begin of module */
/*
 * hi, 
 * 	i'm a programmer for a embedded system project, 
 * i am using the gcc as the compiler. my host is x86, and target machine
 * is ARM.
 * the follwing is my bug report. would you tell me is it a bug, and if it 
 * was a bug, how can i avoid facing it.
 * thanks in advanced.
 * 
 * BTW, i upgrade to Gcc v3.2, but i faced the same bug.
 *
 * GCC BUG REPORT
 * when i complid the following source code, 
 * the gcc complier will generate a big bug, 
 * which may cause the local variable len get a invalid value.
 * it is terrible for me. 
 * i found it when i disassemble the obj file.
 * So, you can disamble the .o file and you will touch the bug.
 * the following is the example disassemble  

.text:00000000                 EXPORT test
.text:00000000 test
.text:00000000                 MOV     R12, SP
.text:00000004                 STMFD   SP!, {R4-R7,R11,R12,LR,PC}
.text:00000008                 LDR     R7, [R0,#0x6C]
.text:0000000C                 CMP     R7, #0
.text:00000010                 SUB     R11, R12, #4
.text:00000014                 MOV     R6, R0
.text:00000018                 BEQ     loc_0_88
.text:0000001C 
.text:0000001C loc_0_1C                                ; CODE XREF: test+84j
.text:0000001C                 LDR     R4, [R7,#4]
.text:00000020                 MOV     R1, R6
.text:00000024                 MOV     R0, R4
.text:00000028                 BL      get_tcp_header
.text:0000002C                 LDR     R5, [R6,#4]
.text:00000030                 LDRB    R1, [R0,#0xC]
.text:00000034                 LDRB    R2, [R0,#0xD]
.text:00000038                 CMP     R5, #0
.text:0000003C                 MOV     LR, R1,LSR#4
.text:00000040                 MOV     R12, LR,LSL#2
	//// error machine code /////
.text:00000044                 ANDS    LR, R2, #3

.text:00000048                 MOVNE   LR, #1
.text:0000004C                 LDREQ   R2, =bytes
.text:00000050                 LDR     R1, [R4,#0x10]
.text:00000054                 LDREQB  R3, [R2]
.text:00000058                 LDRNE   R3, [R5,#8]
.text:0000005C                 RSB     R3, R3, R1
.text:00000060                 RSB     R2, R12, R3
.text:00000064                 LDR     R1, [R0,#4]
.text:00000068                 SUB     R3, R2, #0x14
.text:0000006C                 LDR     R2, [R6,#0xBC]
.text:00000070                 ADD     R12, R1, R3
.text:00000074                 SUB     R0, R2, #0x1E
.text:00000078                 ADD     R1, R12, LR
.text:0000007C                 BL      haha
.text:00000080                 CMP     R0, #0
.text:00000084                 BEQ     loc_0_1C
.text:00000088 
.text:00000088 loc_0_88                                ; CODE XREF: test+18j
.text:00000088                 MOV     R0, #0
.text:0000008C                 LDMDB   R11, {R4-R7,R11,SP,PC}
.text:0000008C ; End of function test


 * thanks in advanced.

 */

/* 
 * host: cygwin x86 
 */

/* 
 * target machine: ARM7TDMI
 */
 
/*
 * gcc version shown by command 'arm-elf-gcc -v':
 * 
 *******************************************************************************************************
Reading specs from /usr/local/cross-gcc/arm-elf-gcc.3.2//lib/gcc-lib/arm-elf/3.2/specs
Configured with: ./configure --prefix=/usr/local/cross-gcc/arm-elf-gcc.3.2/ --target=arm-elf --with-
newlib --enable-multilib --with-gnu-as --with-gnu-ld
Thread model: single
gcc version 3.2
 *******************************************************************************************************
 */
 
/* compiling command */
/* arm-elf-gcc -c -nostdinc -O3 -fno-builtin -fno-inline-functions -fsigned-char -Wa,--EB -mbig-endian -pipe -Wall -Wpointer-arith -Wstrict-prototypes -Wno-format */

/* the following is the source code which will touch the big bug */

typedef struct ele_ {
	struct ele_ *next;
	void *data;
} ele;

typedef struct queue_{
	struct queue_ *next;
	void *qhead;
	void *qtail;
	unsigned long size;
}queue;

typedef struct options_{
	struct options_ *next;
	void *data;
	unsigned long pad_len;
}options;

#define QUEUECOUNT	10

typedef struct ch_control_ {
	struct ch_control_ *next;
	options *option;
	unsigned long tiemout;
	unsigned window_size;
	unsigned send_window_size;
	unsigned segment_size;
	queue q[QUEUECOUNT];
	unsigned int ch_inited;
	unsigned int nak;
}ch_control;

typedef struct tcp_hdr_type_ {
    unsigned short sport;
    unsigned short dport;
    unsigned long snumber;
    unsigned long acknumber;
	
    unsigned dataoffset: 4;
    unsigned reserved: 6;
    unsigned urg: 1;
    unsigned ack: 1;
    unsigned psh: 1;
    unsigned rst: 1;
    unsigned syn: 1;
    unsigned fin: 1;

    unsigned short window;
    unsigned short checksum;
    unsigned short urgentpointer;
    unsigned char data[4];
}tcp_hdr_type;


typedef struct packet_type_{
	struct packet_type_ *next;
	unsigned char *datastart;
	unsigned char *network_start;
	unsigned char *transport_start;
	unsigned int length;
}packet_type;

typedef int boolean;

unsigned char bytes;
#define MINBYTES 20

#define HEADERLENGTH(opt) (((opt) ? (opt)->pad_len + MINBYTES : (MINBYTES + bytes)))

extern ch_control *get_tcp_header(packet_type *, ch_control *);
extern int haha(int, int, int);

int test(ch_control *cc)
{
	packet_type *packet;
	packet_type *header;
	tcp_hdr_type *tp;
	int del, len;
	ele *element, *next_element;
	boolean snext, get, noe, diu;

	len = 0;
	snext = 0;
	get = 0;
	noe = 0;
	diu = 0;
	element = (ele *)cc->q[5].qhead;
	header = element ? element->data:0; 
	if (element)
		noe = 1;
	while (element) {
		next_element = element->next;
		packet = (packet_type *)element->data;
		tp = get_tcp_header(packet, cc);
		del = (tp->syn || tp->fin)? 1:0;
		len = packet->length - HEADERLENGTH(cc->option) - (tp->dataoffset << 2);
		if (haha(cc->nak - 30, 
			tp->snumber + len + del, cc->nak)) {
			break;
			return 1;
		}
	}
	return 0;
		
}

/* end of module */
>How-To-Repeat:
compile the file, and then read the target machie code file.
>Fix:
UP side down the two comparation instruction which cause the error.
>Release-Note:
>Audit-Trail:
>Unformatted: