[Bug middle-end/45312] GCC 4.4.4 miscompiles (?) the Linux kernel, makes kernel unusable

Tue, 24 Aug 2010 03:19:13 -0700 


------- Comment #9 from jakub at gcc dot gnu dot org  2010-08-24 10:18 -------
Created an attachment (id=21554)
 --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=21554&action=view)
pageattr.i

Compiling this on x86_64-linux (and likely i?86-linux) with 4.4 branch
(r163492) using
./cc1 -fno-strict-aliasing -fno-common -fno-delete-null-pointer-checks -O2 -m32
-msoft-float -mregparm=3 -freg-struct-return -mpreferred-stack-boundary=2
-march=i686 -mtune=core2 -ffreestanding -fno-asynchronous-unwind-tables
-mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-stack-protector
-fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-strict-overflow
-fconserve-stack

results in broken second cmpxchg8b arguments:
.L74:
        movl    -108(%ebp), %eax
        xorl    %edx, %edx
        subl    mem_map, %eax
        movl    __supported_pte_mask, %ecx
        sarl    $5, %eax
        andl    $99, %ecx
        shldl   $12, %eax, %edx
        movl    -100(%ebp), %edi
        sall    $12, %eax
        movl    %edx, %ebx
        orl     %eax, %ecx
        movl    %edx, -28(%ebp)
        movl    %ecx, -32(%ebp)
        movl    %edx, %ecx
#APP
# 72 "/mnt/b1/src/linux/set64/arch/x86/include/asm/cmpxchg_32.h" 1

1:      movl (%edi), %eax
        movl 4(%edi), %edx
        .section .smp_locks,"a"
.balign 4
.long 671f - .
.previous
671:
        lock; cmpxchg8b (%edi)
        jnz 1b
# 0 "" 2
#NO_APP

*.optimized has:
<bb 77>:
  D.29689 = (long long unsigned int) (long unsigned int) (((int) base - (int)
mem_map) /[ex] 32) << 12 | __supported_pte_mask & 99;
  D.29693 = {};
  D.29693.pte = D.29689;
  D.29686 = D.29693;
  D.29718 = D.29686;
  pte = D.29718;
  pte = pte;
  pte = pte;
  ptep.249 = (long long unsigned int *) kpte;
  value = pte.pte;
  value.59 = (unsigned int *) &value;
  __asm__ __volatile__("
1:      movl (%1), %%eax
        movl 4(%1), %%edx
        .section .smp_locks,"a"
.balign 4
.long 671f - .
.previous
671:
        lock; cmpxchg8b (%1)
        jnz 1b" : "=m" *ptep.249 : "D" ptep.249 : "b" *value.59 : "c"
*(value.59 + 4) : "memory", "dx", "ax", "dx", "ax", "ax");

so ebx should contain lower 32 bits of D.29689 (i.e. the same as -32(%ebp)) and
ecx should contain upper 32 bits of D.29689 (i.e. the same as -28(%ebp)).
But as can be seen in the assembly, that's not the case, %ebx instead contains
the same value as %ecx, i.e. the upper 32 bits of D.29689.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45312

Reply via email to