public inbox for gcc-prs@sourceware.org help / color / mirror / Atom feed
From: bsg@uniyar.ac.ru To: gcc-gnats@gcc.gnu.org Subject: c/9065: FAIL with gcc.c-torture/execute/loop-2e.c test with gcc-3.2.1 (wrong instruction generation) Date: Fri, 27 Dec 2002 05:56:00 -0000 [thread overview] Message-ID: <20021227135532.22205.qmail@sources.redhat.com> (raw) >Number: 9065 >Category: c >Synopsis: FAIL with gcc.c-torture/execute/loop-2e.c test with gcc-3.2.1 (wrong instruction generation) >Confidential: no >Severity: serious >Priority: medium >Responsible: unassigned >State: open >Class: wrong-code >Submitter-Id: net >Arrival-Date: Fri Dec 27 05:56:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Igor Zhbanov >Release: 2.3.1 >Organization: >Environment: GCC version is: gcc-3.2.1 (GNU CPP version 3.2.1 (cpplib) (i386 Linux/ELF)) My system is Linux-2.2.19 on i586 (i586-pc-linux-gnu) with glibc-2.2.3. Options to comile gcc: ../gcc-3.2.1/configure --enable-shared --prefix=/usr --enable-threads >Description: I have found a bug when compiling test file gcc.c-torture/execute/loop-2e.c This is a minimalized version of test file gcc/testsuite/gcc.c-torture/execute/loop-2e.c: --- begin void f (int *p, int **q) { /* Correct behaviour with: */ unsigned int i; /* Incorrect behaviour with: */ /* int i; */ for (i = 0; i < 40; i++) *q++ = &p[i]; } --- end GCC command line: /root/tmp/compile/gcc/gcc/cc1 exp.c -Os -Wall -W -o exp.s If you set type of variable `i' to signed int (instead of unsigned) in function `f()' and use optimization for size (`-Os' option) then the compiler will produce wrong assembly output as shown below: --- begin .file "exp.c" .text .globl f .type f,@function f: pushl %ebp movl %esp, %ebp movl 8(%ebp), %eax # p, p movl 12(%ebp), %ecx # q, q movl %eax, %edx # p, p addl $156, %eax .L6: movl %edx, (%ecx) # p, * q addl $4, %ecx # q addl $4, %edx # p cmpl %eax, %edx # p # Here is a bug. # Correct instruction: jbe .L6 # Incorrect instruction: # jle .L6 popl %ebp ret .Lfe1: .size f,.Lfe1-f --- end This bug happens when gcc decided to eliminate induction variable `i' and replace it with pointers comparison. The bug consts in unexpected loop termination when one of the pointers `*p' or `*q' (function arguments) is above 0x80000000 while another pointer is below 0x80000000. The problem is that the type of jump instruction (`jbe' or `jle') depends on the type of variable `i' (unsigned or signed). That is wrong because in the example above we use instruction `cmpl %eax, %edx' to compare pointers, not integers. And the pointers should always be compared as unsigned numbers (i.e. `jbe' instruction should be used). This example fails when one of the pointers `*p' or `*q' is above 0x8000000 while another pointer is below 0x80000000. Such a values can not be compared correctly as signed integers. >How-To-Repeat: void f (int *p, int **q) { /* Incorrect behaviour with: */ int i; for (i = 0; i < 40; i++) *q++ = &p[i]; } GCC command line: /root/tmp/compile/gcc/gcc/cc1 exp.c -Os -Wall -W -o exp.s >Fix: >Release-Note: >Audit-Trail: >Unformatted:
next reply other threads:[~2002-12-27 13:56 UTC|newest] Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top 2002-12-27 5:56 bsg [this message] 2002-12-27 8:33 paolo
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20021227135532.22205.qmail@sources.redhat.com \ --to=bsg@uniyar.ac.ru \ --cc=gcc-gnats@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).