https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69648
Bug ID: 69648 Summary: wrong code with -O -mtune=winchip-c6 -fPIC -fexpensive-optimizations -msse4 @ i686 Product: gcc Version: 6.0 Status: UNCONFIRMED Keywords: wrong-code Severity: normal Priority: P3 Component: target Assignee: unassigned at gcc dot gnu.org Reporter: zsojka at seznam dot cz Target Milestone: --- Host: x86_64-pc-linux-gnu Target: i686-pc-linux-gnu Created attachment 37563 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=37563&action=edit reduced testcase Output: $ i686-pc-linux-gnu-gcc -v Using built-in specs. COLLECT_GCC=/repo/gcc-trunk/binary-latest-i686/bin/i686-pc-linux-gnu-gcc COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-233030-checking-yes-rtl-df-nographite-i686/bin/../libexec/gcc/i686-pc-linux-gnu/6.0.0/lto-wrapper Target: i686-pc-linux-gnu Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++ --enable-checking=yes,rtl,df --without-cloog --without-ppl --without-isl --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --target=i686-pc-linux-gnu --with-ld=/usr/bin/i686-pc-linux-gnu-ld --with-as=/usr/bin/i686-pc-linux-gnu-as --with-sysroot=/usr/i686-pc-linux-gnu --disable-libstdcxx-pch --prefix=/repo/gcc-trunk//binary-trunk-233030-checking-yes-rtl-df-nographite-i686 Thread model: posix gcc version 6.0.0 20160201 (experimental) (GCC) $ i686-pc-linux-gnu-gcc -O -mtune=winchip-c6 -fPIC -fexpensive-optimizations -msse4 testcase.c -static $ ./a.out Segmentation fault (gdb) disassemble ... 0x08048d6d <+369>: movd %eax,%xmm0 0x08048d71 <+373>: mov 0x3c(%esp),%eax => 0x08048d75 <+377>: pinsrw $0x1,-0x28514(%eax),%xmm0 0x08048d7e <+386>: pextrd $0x3,%xmm1,%eax 0x08048d84 <+392>: movd -0x2851c(%ecx),%xmm1 ... (gdb) info reg eax 0x2 2 The value at 0x3c(%esp) is used uninitialised. The failure sometimes disappears, because even though the stack contains garbage, it can be dereferenced (it seems so).