https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69648

            Bug ID: 69648
           Summary: wrong code with -O -mtune=winchip-c6 -fPIC
                    -fexpensive-optimizations -msse4 @ i686
           Product: gcc
           Version: 6.0
            Status: UNCONFIRMED
          Keywords: wrong-code
          Severity: normal
          Priority: P3
         Component: target
          Assignee: unassigned at gcc dot gnu.org
          Reporter: zsojka at seznam dot cz
  Target Milestone: ---
              Host: x86_64-pc-linux-gnu
            Target: i686-pc-linux-gnu

Created attachment 37563
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=37563&action=edit
reduced testcase

Output:
$ i686-pc-linux-gnu-gcc -v                                                      
Using built-in specs.
COLLECT_GCC=/repo/gcc-trunk/binary-latest-i686/bin/i686-pc-linux-gnu-gcc
COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-233030-checking-yes-rtl-df-nographite-i686/bin/../libexec/gcc/i686-pc-linux-gnu/6.0.0/lto-wrapper
Target: i686-pc-linux-gnu
Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++
--enable-checking=yes,rtl,df --without-cloog --without-ppl --without-isl
--build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu
--target=i686-pc-linux-gnu --with-ld=/usr/bin/i686-pc-linux-gnu-ld
--with-as=/usr/bin/i686-pc-linux-gnu-as --with-sysroot=/usr/i686-pc-linux-gnu
--disable-libstdcxx-pch
--prefix=/repo/gcc-trunk//binary-trunk-233030-checking-yes-rtl-df-nographite-i686
Thread model: posix
gcc version 6.0.0 20160201 (experimental) (GCC) 
$ i686-pc-linux-gnu-gcc -O -mtune=winchip-c6 -fPIC -fexpensive-optimizations
-msse4 testcase.c -static            
$ ./a.out 
Segmentation fault

(gdb) disassemble
...
   0x08048d6d <+369>:   movd   %eax,%xmm0
   0x08048d71 <+373>:   mov    0x3c(%esp),%eax
=> 0x08048d75 <+377>:   pinsrw $0x1,-0x28514(%eax),%xmm0
   0x08048d7e <+386>:   pextrd $0x3,%xmm1,%eax
   0x08048d84 <+392>:   movd   -0x2851c(%ecx),%xmm1
...
(gdb) info reg
eax            0x2      2

The value at 0x3c(%esp) is used uninitialised.
The failure sometimes disappears, because even though the stack contains
garbage, it can be dereferenced (it seems so).

Reply via email to