gcc 4.2 miscompilation with -O2 -fno-omit-frame-pointer on amd64

Chris Rees utisoft at gmail.com
Fri Dec 9 18:45:13 UTC 2011


On 9 Dec 2011 17:51, "Arnaud Lacombe" <lacombar at gmail.com> wrote:
>
> Hi,
>
> On Fri, Dec 9, 2011 at 10:15 AM, Rafal Jaworowski <raj at semihalf.com>
wrote:
> >
> > On 2011-12-08, at 17:53, Nathan Whitehorn wrote:
> >
> >> On 12/08/11 03:01, Piotr Nowak wrote:
> >>> We're working on PowerPC target using GCC 4.2.1
> >>> and FreeBSD 6.1. It seems like we have similar
> >>> problem. In our case GCC sometimes very unfortunately
> >>> optimize code with -fno-omit-frame-pointer.
> >>>
> >>> Example shown below covers file sys/powerc/booke/pmap.c
> >>> and function pmap_kenter. If we disassemble kernel binary
> >>> we have:
> >>>
> >>> c019998c:   4b ec 6a ed     bl      c0060478<_mtx_unlock_spin_flags>
> >>> c0199990:   81 61 00 00     lwz     r11,0(r1)
> >>> c0199994:   80 0b 00 04     lwz     r0,4(r11)
> >>> c0199998:   7d 61 5b 78     mr      r1,r11
> >>> c019999c:   82 ab ff d4     lwz     r21,-44(r11)
> >>> c01999a0:   7c 08 03 a6     mtlr    r0
> >>> c01999a4:   82 cb ff d8     lwz     r22,-40(r11)
> >>> c01999a8:   82 eb ff dc     lwz     r23,-36(r11)
> >>> c01999ac:   83 0b ff e0     lwz     r24,-32(r11)
> >>> c01999b0:   83 2b ff e4     lwz     r25,-28(r11)
> >>> c01999b4:   83 4b ff e8     lwz     r26,-24(r11)
> >>> c01999b8:   83 6b ff ec     lwz     r27,-20(r11)
> >>>
> >>> As you can see stack pointer on R1 is being updated
> >>> before stashed data were pulled off stack. (mr r1,r11)
> >>> As a result of this we have chance to get crash when
> >>> any interrupt hit shortly after stack pointer update.
> >>> The interrupt prologue will override not yet pulled off
> >>> pmap_kenter function data.
> >>>
> >>> The problem occures only with -fno-omit-frame-pointer
> >>> and not every branch returns are beeing corrupted.
> >>>
> >>> Do you think this issue may be somehow related to yours?
> >>> Are there any patches/solutions to fix it?
> >>
> >> Should we turn off -fno-omit-frame-frame-pointer on PPC then? It's
enabled in default kernel builds.
> >
> > I think that's a good idea. Even though we have managed to trigger this
only in rare cases, the problem is real and the code generated is broken
i.e. leads to corruption and panics.
> >
> How can you make any conclusion without having seen a single line of
> code actually triggering the problem ? That sounds very
> irresponsible...
>

However, if he's right it's very clever.

Chris


More information about the freebsd-hackers mailing list