public inbox for gcc-prs@sourceware.org
help / color / mirror / Atom feed
* c/9065: FAIL with gcc.c-torture/execute/loop-2e.c test with gcc-3.2.1 (wrong instruction generation)
@ 2002-12-27 5:56 bsg
0 siblings, 0 replies; 2+ messages in thread
From: bsg @ 2002-12-27 5:56 UTC (permalink / raw)
To: gcc-gnats
>Number: 9065
>Category: c
>Synopsis: FAIL with gcc.c-torture/execute/loop-2e.c test with gcc-3.2.1 (wrong instruction generation)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: unassigned
>State: open
>Class: wrong-code
>Submitter-Id: net
>Arrival-Date: Fri Dec 27 05:56:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Igor Zhbanov
>Release: 2.3.1
>Organization:
>Environment:
GCC version is: gcc-3.2.1 (GNU CPP version 3.2.1 (cpplib) (i386 Linux/ELF))
My system is Linux-2.2.19 on i586 (i586-pc-linux-gnu) with glibc-2.2.3.
Options to comile gcc:
../gcc-3.2.1/configure --enable-shared --prefix=/usr --enable-threads
>Description:
I have found a bug when compiling test file gcc.c-torture/execute/loop-2e.c
This is a minimalized version of test file
gcc/testsuite/gcc.c-torture/execute/loop-2e.c:
--- begin
void f (int *p, int **q)
{
/* Correct behaviour with: */
unsigned int i;
/* Incorrect behaviour with: */
/* int i; */
for (i = 0; i < 40; i++)
*q++ = &p[i];
}
--- end
GCC command line: /root/tmp/compile/gcc/gcc/cc1 exp.c -Os -Wall -W -o exp.s
If you set type of variable `i' to signed int (instead of unsigned)
in function `f()' and use optimization for size (`-Os' option)
then the compiler will produce wrong assembly output as shown below:
--- begin
.file "exp.c"
.text
.globl f
.type f,@function
f:
pushl %ebp
movl %esp, %ebp
movl 8(%ebp), %eax # p, p
movl 12(%ebp), %ecx # q, q
movl %eax, %edx # p, p
addl $156, %eax
.L6:
movl %edx, (%ecx) # p, * q
addl $4, %ecx # q
addl $4, %edx # p
cmpl %eax, %edx # p
# Here is a bug.
# Correct instruction:
jbe .L6
# Incorrect instruction:
# jle .L6
popl %ebp
ret
.Lfe1:
.size f,.Lfe1-f
--- end
This bug happens when gcc decided to eliminate
induction variable `i' and replace it with pointers comparison.
The bug consts in unexpected loop termination when one of
the pointers `*p' or `*q' (function arguments) is above 0x80000000
while another pointer is below 0x80000000.
The problem is that the type of jump instruction (`jbe' or `jle')
depends on the type of variable `i' (unsigned or signed). That is wrong
because in the example above we use instruction `cmpl %eax, %edx'
to compare pointers, not integers. And the pointers should always be compared
as unsigned numbers (i.e. `jbe' instruction should be used).
This example fails when one of the pointers `*p' or `*q' is above 0x8000000
while another pointer is below 0x80000000. Such a values can not be compared
correctly as signed integers.
>How-To-Repeat:
void f (int *p, int **q)
{
/* Incorrect behaviour with: */
int i;
for (i = 0; i < 40; i++)
*q++ = &p[i];
}
GCC command line: /root/tmp/compile/gcc/gcc/cc1 exp.c -Os -Wall -W -o exp.s
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: c/9065: FAIL with gcc.c-torture/execute/loop-2e.c test with gcc-3.2.1 (wrong instruction generation)
@ 2002-12-27 8:33 paolo
0 siblings, 0 replies; 2+ messages in thread
From: paolo @ 2002-12-27 8:33 UTC (permalink / raw)
To: bsg, gcc-bugs, gcc-prs, nobody
Synopsis: FAIL with gcc.c-torture/execute/loop-2e.c test with gcc-3.2.1 (wrong instruction generation)
State-Changed-From-To: open->closed
State-Changed-By: paolo
State-Changed-When: Fri Dec 27 08:33:39 2002
State-Changed-Why:
Exact duplicate of c/9064.
http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=9065
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-12-27 16:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-12-27 5:56 c/9065: FAIL with gcc.c-torture/execute/loop-2e.c test with gcc-3.2.1 (wrong instruction generation) bsg
2002-12-27 8:33 paolo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).