http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49618
Summary: When building uClibc with GCC 4.6.1 old_atexit is miscompiled Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization AssignedTo: unassig...@gcc.gnu.org ReportedBy: sedat.di...@gmail.com Created attachment 24661 --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=24661 Preprocessed file "old_atexit.i" Hi, this issue kept me UP for several weeks. It first occured when generating a mipsel target-toolchain based on gcc-4.6.0 with uClibc-0.9.32 for a router project called freetz. Finally, I could track the problem with the assistance from Edwin Török. A big thank you, Edwin. ### Problem description: When building uClibc with GCC 4.6.1 old_atexit is miscompiled, which causes this testprogram to crash when calling old_atexit: #include <stdlib.h> void foo() {} int main() { return atexit(foo);} This is a regression from GCC 4.5.3 which compiled old_atexit() fine. Attached is the preprocessed file old_atexit.i. Commandline to create old_atexit.os: mipsel-linux-uclibc-gcc -S old_atexit.i -o old_atexit.os -funsigned-char -fno-builtin -fno-asm -msoft-float -std=gnu99 -march=4kc -mtune=4kc -mabi=32 -fno-stack-protector -Os -funit-at-a-time -fmerge-all-constants -fstrict-aliasing -fno-tree-loop-optimize -fno-tree-dominator-opts -fno-strength-reduce -mno-split-addresses -fPIC As seen below with GCC 4.6.1 &__dso_handle is assumed to be non-NULL and the branch (beqz) eliminated, but it is in fact NULL at runtime which causes the crash. With GCC 4.5.3 there is a beqz that tests for &__dso_handle == NULL: 000537d0 <old_atexit>: 537d0: 3c1c0003 lui gp,0x3 537d4: 279c8d10 addiu gp,gp,-29424 537d8: 0399e021 addu gp,gp,t9 537dc: 8f828a2c lw v0,-30164(gp) 537e0: 8f9989ac lw t9,-30292(gp) 537e4: 8c460000 lw a2,0(v0) ^^^^^^^^^^ SIGSEGV here, with a NULL dereference 537e8: 00002821 move a1,zero 537ec: 03200008 jr t9 537f0: 0002300a movz a2,zero,v0 old_atexit.os with GCC 4.6.1: .file 1 "old_atexit.c" .section .mdebug.abi32 .previous .gnu_attribute 4, 3 .abicalls .text .align 2 .globl old_atexit .set nomips16 .ent old_atexit .type old_atexit, @function old_atexit: .frame $sp,0,$31 # vars= 0, regs= 0/0, args= 0, gp= 0 .mask 0x00000000,0 .fmask 0x00000000,0 .set noreorder .cpload $25 .set nomacro lw $2,%got(__dso_handle)($28) lw $25,%call16(__cxa_atexit)($28) lw $6,0($2) move $5,$0 .reloc 1f,R_MIPS_JALR,__cxa_atexit 1: jr $25 movz $6,$0,$2 .set macro .set reorder .end old_atexit .size old_atexit, .-old_atexit .weak atexit atexit = old_atexit .weak __dso_handle .ident "GCC: (GNU) 4.6.1" old_atexit.os with GCC 4.5.3: .file 1 "old_atexit.c" .section .mdebug.abi32 .previous .gnu_attribute 4, 3 .abicalls .text .align 2 .globl old_atexit .set nomips16 .ent old_atexit .type old_atexit, @function old_atexit: .frame $sp,0,$31 # vars= 0, regs= 0/0, args= 0, gp= 0 .mask 0x00000000,0 .fmask 0x00000000,0 .set noreorder .cpload $25 .set nomacro lw $2,%got(__dso_handle)($28) beq $2,$0,$L2 move $6,$0 lw $6,0($2) $L2: lw $25,%call16(__cxa_atexit)($28) .reloc 1f,R_MIPS_JALR,__cxa_atexit 1: jr $25 move $5,$0 .set macro .set reorder .end old_atexit .size old_atexit, .-old_atexit .weak atexit atexit = old_atexit .weak __dso_handle .ident "GCC: (GNU) 4.5.3" ### GCC versions (with gcc -v output) for target and host: $ /mnt/sdb3/freetz/freetz-trunk_gcc-4.6.1/toolchain/build/mipsel_gcc-4.6.1_uClibc-0.9.32/mipsel-linux-uclibc/bin/mipsel-linux-uclibc-gcc -v Using built-in specs. COLLECT_GCC=/mnt/sdb3/freetz/freetz-trunk_gcc-4.6.1/toolchain/build/mipsel_gcc-4.6.1_uClibc-0.9.32/mipsel-linux-uclibc/bin/mipsel-linux-uclibc-gcc COLLECT_LTO_WRAPPER=/mnt/sdb3/freetz/freetz-trunk_gcc-4.6.1/toolchain/build/mipsel_gcc-4.6.1_uClibc-0.9.32/mipsel-linux-uclibc/bin/../libexec/gcc/mipsel-linux-uclibc/4.6.1/lto-wrapper Target: mipsel-linux-uclibc Configured with: /mnt/sdb3/freetz/freetz-trunk/source/toolchain-mipsel_gcc-4.6.1_uClibc-0.9.32/gcc-4.6.1/configure --prefix=/mnt/sdb3/freetz/freetz-trunk/toolchain/build/mipsel_gcc-4.6.1_uClibc-0.9.32/mipsel-linux-uclibc --with-sysroot=/mnt/sdb3/freetz/freetz-trunk/toolchain/build/mipsel_gcc-4.6.1_uClibc-0.9.32/mipsel-linux-uclibc/usr/ --build=i386-pc-linux-gnu --host=i386-pc-linux-gnu --target=mipsel-linux-uclibc --enable-languages=c,c++ --enable-shared --enable-threads --with-gmp=/mnt/sdb3/freetz/freetz-trunk/tools/build --with-mpfr=/mnt/sdb3/freetz/freetz-trunk/tools/build --with-mpc=/mnt/sdb3/freetz/freetz-trunk/tools/build --with-gnu-ld --disable-__cxa_atexit --disable-libgomp --disable-libmudflap --disable-multilib --disable-tls --disable-fixed-point --with-float=soft --enable-cxx-flags=-msoft-float --disable-libssp --with-march=4kc --disable-nls --with-mips-plt --disable-decimal-float Thread model: posix gcc version 4.6.1 (GCC) $ /mnt/sdb3/freetz/freetz-trunk_gcc-4.5.3/toolchain/build/mipsel_gcc-4.5.3_uClibc-0.9.32/mipsel-linux-uclibc/bin/mipsel-linux-uclibc-gcc -v Using built-in specs. COLLECT_GCC=/mnt/sdb3/freetz/freetz-trunk_gcc-4.5.3/toolchain/build/mipsel_gcc-4.5.3_uClibc-0.9.32/mipsel-linux-uclibc/bin/mipsel-linux-uclibc-gcc COLLECT_LTO_WRAPPER=/mnt/sdb3/freetz/freetz-trunk_gcc-4.5.3/toolchain/build/mipsel_gcc-4.5.3_uClibc-0.9.32/mipsel-linux-uclibc/bin/../libexec/gcc/mipsel-linux-uclibc/4.5.3/lto-wrapper Target: mipsel-linux-uclibc Configured with: /mnt/sdb3/freetz/freetz-trunk/source/toolchain-mipsel_gcc-4.5.3_uClibc-0.9.32/gcc-4.5.3/configure --prefix=/mnt/sdb3/freetz/freetz-trunk/toolchain/build/mipsel_gcc-4.5.3_uClibc-0.9.32/mipsel-linux-uclibc --with-sysroot=/mnt/sdb3/freetz/freetz-trunk/toolchain/build/mipsel_gcc-4.5.3_uClibc-0.9.32/mipsel-linux-uclibc/usr/ --build=i386-pc-linux-gnu --host=i386-pc-linux-gnu --target=mipsel-linux-uclibc --enable-languages=c,c++ --enable-shared --enable-threads --with-gmp=/mnt/sdb3/freetz/freetz-trunk/tools/build --with-mpfr=/mnt/sdb3/freetz/freetz-trunk/tools/build --with-mpc=/mnt/sdb3/freetz/freetz-trunk/tools/build --with-gnu-ld --disable-__cxa_atexit --disable-libgomp --disable-libmudflap --disable-multilib --disable-tls --disable-fixed-point --with-float=soft --enable-cxx-flags=-msoft-float --disable-libssp --with-march=4kc --disable-nls --with-mips-plt --disable-decimal-float Thread model: posix gcc version 4.5.3 (GCC) $ gcc -v Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/i386-linux-gnu/gcc/i486-linux-gnu/4.6.1/lto-wrapper Target: i486-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Debian 4.6.1-1' --with-bugurl=file:///usr/share/doc/gcc-4.6/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++,go --prefix=/usr --program-suffix=-4.6 --enable-shared --enable-multiarch --with-multiarch-defaults=i386-linux-gnu --enable-linker-build-id --with-system-zlib --libexecdir=/usr/lib/i386-linux-gnu --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.6 --libdir=/usr/lib/i386-linux-gnu --enable-nls --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-plugin --enable-objc-gc --enable-targets=all --with-arch-32=i586 --with-tune=generic --enable-checking=release --build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu Thread model: posix gcc version 4.6.1 (Debian 4.6.1-1) ### Target is a Speedport W701V router: # uname -a Linux fritz.fonwlan.box 2.6.13.1-ohio #1 Thu Jun 30 17:59:33 CEST 2011 mips GNU/Linux # cat /proc/version Linux version 2.6.13.1-ohio () (gcc version 3.4.6) #1 Thu Jun 30 17:59:33 CEST 2011 ### Host is a Debian/sid i386 system: $ uname -a Linux seduxbox 2.6.39-2-686-pae #1 SMP Wed Jun 8 11:33:14 UTC 2011 i686 GNU/Linux $ cat /proc/version Linux version 2.6.39-2-686-pae (Debian 2.6.39-2) (b...@decadent.org.uk) (gcc version 4.4.6 (Debian 4.4.6-3) ) #1 SMP Wed Jun 8 11:33:14 UTC 2011 Hope this helps to kill that BUG. Kind Regards, - Sedat -