c/5370: gcc 3.0: certain i386 %ebp used before set

public inbox for gcc-prs@sourceware.org
help / color / mirror / Atom feed

* c/5370: gcc 3.0: certain i386 %ebp used before set
@ 2002-01-13 15:26 Kevin Ryde
  0 siblings, 0 replies; 2+ messages in thread
From: Kevin Ryde @ 2002-01-13 15:26 UTC (permalink / raw)
  To: gcc-gnats


>Number:         5370
>Category:       c
>Synopsis:       gcc 3.0: certain i386 %ebp used before set
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          wrong-code
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 13 15:26:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        3.0 (Debian) (Debian testing/unstable)
>Organization:
>Environment:
System: Linux blah 2.2.15 #1 Tue Apr 25 17:13:48 EST 2000 i586 unknown
Architecture: i586
	<machine, os, target, libraries (multiple lines)>
host: i386-pc-linux-gnu
build: i386-pc-linux-gnu
target: i386-pc-linux-gnu
configured with: ../src/configure -v --enable-languages=c,c++,java,f77,proto,objc --prefix=/usr --infodir=/share/info --mandir=/share/man --enable-shared --with-gnu-as --with-gnu-ld --with-system-zlib --enable-long-long --enable-nls --without-included-gettext --disable-checking --enable-threads=posix --enable-java-gc=boehm --with-cpp-install-dir=bin --enable-objc-gc i386-linux

>Description:
i386 assembler code generated for a certain bit of C seems to use %ebp
before a value has been stored to that register.

>How-To-Repeat:
The file foo.c attached below compiled with

        gcc-3.0 -fPIC -O2 -fomit-frame-pointer -S foo.c

produces

        refmpn_divmod_1c:
                pushl   %ebp
                pushl   %edi
                pushl   %esi
                pushl   %ebx
                subl    $12, %esp
                call    .L20
        .L20:
                popl    %ebx
                addl    $_GLOBAL_OFFSET_TABLE_+[.-.L20], %ebx
                movl    12(%ebp), %edi
                pushl   %ecx
                pushl   %edi
                pushl   8(%ebp)
                pushl   4(%ebp)
                call    refmpn_overlap_fullonly_p@PLT
                ...

I believe the load and two pushes using %ebp are being done before a
value has been stored to that register.

In one actual program, a seg fault resulted from the first of those
loads, due to garbage in %ebp.

For interest, this code is a GMP reference function, supposed to be
implemented in a simple and safe fashion.  Somewhat ironic that it
should provoke a problem where other hairy stuff doesn't :-).


--=-=-=
Content-Type: text/x-csrc
Content-Disposition: attachment; filename=foo.c

unsigned *refmpn_memdup_limbs ();
unsigned *refmpn_malloc_limbs ();


unsigned
refmpn_divmod_1c (unsigned *rp, const unsigned *sp, long size,
                  unsigned divisor, unsigned carry)
{
  unsigned  *sp_orig;
  unsigned  *prod;
  unsigned  carry_orig;
  long      i;

  do {
    if (!( refmpn_overlap_fullonly_p (rp, sp, size) ))
      __gmp_assert_fail ("foo.c", 20,
                         "refmpn_overlap_fullonly_p (rp, sp, size)");
  } while (0);

  do {
    if (!( size >= 0 ))
      __gmp_assert_fail ("foo.c", 21, "size >= 0");
  } while (0);

  do {
    if (!( carry < divisor ))
      __gmp_assert_fail ("foo.c", 22, "carry < divisor");
  } while (0);

  if (size == 0)
    return carry;

  sp_orig = refmpn_memdup_limbs (sp, size);
  prod = refmpn_malloc_limbs (size);
  carry_orig = carry;

  for (i = size-1; i >= 0; i--)
    refmpn_udiv_qrnnd (&rp[i], &carry, carry, sp[i], divisor);

  do {
    if (!( refmpn_mul_1c (prod, rp, size, divisor, carry) == carry_orig ))
      __gmp_assert_fail ("foo.c", 34,
                         "refmpn_mul_1c (prod, rp, size, divisor, carry) == carry_orig");
  } while (0);

  do {
    if (!( refmpn_cmp (prod, sp_orig, size) == 0 ))
      __gmp_assert_fail ("foo.c", 35,
                         "refmpn_cmp (prod, sp_orig, size) == 0");
  } while (0);
  
  free (sp_orig);
  free (prod);

  return carry;
}

--=-=-=--
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
 --=-=-=
 


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: c/5370: gcc 3.0: certain i386 %ebp used before set
@ 2002-01-13 17:05 rodrigc
  0 siblings, 0 replies; 2+ messages in thread
From: rodrigc @ 2002-01-13 17:05 UTC (permalink / raw)
  To: gcc-bugs, gcc-prs, nobody, user42

Synopsis: gcc 3.0: certain i386 %ebp used before set

State-Changed-From-To: open->closed
State-Changed-By: rodrigc
State-Changed-When: Sun Jan 13 17:05:57 2002
State-Changed-Why:
    Duplicate of PR 3323:
    http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=3323

http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=5370


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2002-01-14  1:05 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-01-13 15:26 c/5370: gcc 3.0: certain i386 %ebp used before set Kevin Ryde
2002-01-13 17:05 rodrigc

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).