------- Comment #21 from ubizjak at gmail dot com 2008-11-22 12:33 ------- This is a trace what happens in the testcase, from .expand dump:
(2) [frame + 8 ] <- si (3) [frame + 16] <- dx (4) r62 <- di (8) r63 <- virtual-incoming-args + 0 (9) r64 <- virtual-stack-vars - 64 (10) [r64] <- 8 ;; gp_offset (11) r65 <- virtual-stack-vars - 64 (12) [r65 + 8 ] <- virtual-incoming-args ;; overflow_arg_area (13) r66 <- virtual-stack-vars - 64 (14) [r66 + 16] <- frame ;; reg_save_area (15) r61 <- [virtual-stack-vars - 64] ;; gp_offset if (r61 > 39) goto label 27 (19) r67 <- virtual-stack-vars - 32 (20) r68 <- zext (r61) (21) r69 <- [virtual-stack-vars - 48] ;; reg_save_area (22) r70 <- [r69 + r68] (23) [r67] <- r70 (24) r58 <- virtual-stack-vars - 32 goto label 32 label 27: (29) r72 <- [virtual-stack-vars - 56] ;; overflow_arg_area (30) r71 <- r72 + 15 (31) r58 <- r71 & -16 label 32: (34) r73 <- [r58] (35) [virtual-stack-vars - 16] <- r73 (36) r74 <- [r58 + 8] (37) [virtual-stack-vars - 8 ] <- r74 (38) r60 <- [virual-stack-vars - 12] ;; arg$b$real (39) r59 <- [virual-stack-vars - 8 ] ;; arg$b$imag So, around insn (22), gcc forgets to copy dx register to reg_save_area. r74 is then read from uninitialized reg_save_area slot. I'm looking at va-arg handling implementation in i386.c. But I'm not familiar with this code, so a bit of help would be most welcome here. -- ubizjak at gmail dot com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|ubizjak at gmail dot com |unassigned at gcc dot gnu | |dot org Status|ASSIGNED |NEW http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38151