http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854
Bug ID: 58854
Summary: [ARM 4.8 regression] "sub sp, fp, #40" hoisted above
frame accesses
Product: gcc
Version: 4.8.1
Status: UNCONFIRMED
Severity: major
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: bccheng at android dot com
With GCC 4.8.1 we encountered a regression in linux 3.4 kernel code on ARM
devices. The problematic instruction sequence is below:
sub sp, fp, #40 << fp-48 is above sp now
ldr r3, [fp, #-60]
ldr r0, [fp, #-56]
str r6, [r2]
ldr r2, [fp, #-48] << clobbered by handler
str r3, [r2] << trying to load from 0xffffffff
ldmfd sp, {r4, r5, r6, r7, r8, r9, r10, fp, sp, pc}
A read-only pointer value is passed to the function and stored at [fp-48]. But
later it is found that the value has been clobbered and become 0xffffffff. If I
manually move the "sub sp, fp, #40" instruction right before the ldmfd
instruction, the kernel becomes stable again.
I can reproduce the regression on 4.8.1 and 4.8.2, but not on 4.7. The
compilation command is
arm-eabi-gcc -O2 -marm -fno-omit-frame-pointer -mapcs -march=armv7-a
-mabi=aapcs-linux -S test.c
and GCC is configured as
Target: arm-eabi
Configured with: /tmp/AOSP-toolchain/build/../gcc/gcc-4.8/configure
--prefix=/tmp/toolchain-build-eabi/prefix --target=arm-eabi
--host=x86_64-linux-gnu --build=x86_64-linux-gnu --with-gnu-as --with-gnu-ld
--enable-languages=c,c++ --with-gmp=/tmp/toolchain-build-eabi/temp-install
--with-mpfr=/tmp/toolchain-build-eabi/temp-install
--with-mpc=/tmp/toolchain-build-eabi/temp-install
--with-cloog=/tmp/toolchain-build-eabi/temp-install
--with-isl=/tmp/toolchain-build-eabi/temp-install
--with-ppl=/tmp/toolchain-build-eabi/temp-install --disable-ppl-version-check
--disable-cloog-version-check --disable-isl-version-check
--enable-cloog-backend=isl --with-host-libstdcxx='-static-libgcc
-Wl,-Bstatic,-lstdc++,-Bdynamic -lm' --disable-libssp --enable-threads
--disable-nls --disable-libmudflap --disable-libgomp --disable-libstdc__-v3
--disable-sjlj-exceptions --disable-shared --disable-tls --disable-libitm
--with-float=soft --with-fpu=vfp --with-arch=armv5te --enable-target-optspace
--with-abi=aapcs --enable-initfini-array --disable-nls
--prefix=/tmp/toolchain-build-eabi/prefix
--with-sysroot=/tmp/toolchain-build-eabi/prefix/sysroot
--with-binutils-version=2.23 --with-mpfr-version=3.1.1 --with-mpc-version=1.0.1
--with-gmp-version=5.0.5 --with-gcc-version=4.8 --with-gdb-version=7.6
--with-gxx-include-dir=/tmp/toolchain-build-eabi/prefix/include/c++/4.8
--with-bugurl=http://source.android.com/source/report-bugs.html
--disable-bootstrap --disable-libquadmath --enable-plugins
--disable-libsanitizer --enable-gold --enable-graphite=yes
--with-cloog-version=0.18.0 --with-isl-version=0.11.1
--enable-eh-frame-hdr-for-static --with-arch=armv5te --disable-gold
--program-transform-name='s&^&arm-eabi-&'
Thread model: single
gcc version 4.8 (GCC)
