The following code fragment accesses a variable X (at fixed virtual address
0xcffff000) which is only guaranteed to be mapped in virtual memory if esp is
within a specific 4K range (from 0xcfcf0000 to 0xcfcf0fff).
extern char _KERN_STACK;
register mword __esp asm ("esp");
printf ("[%d]\n",
(__esp - 1 & ~0xfff) == reinterpret_cast<mword>(&_KERN_STACK) ? X : -1);
The following code is generated by gcc:
100242: 8d 44 24 ff lea 0xffffffff(%esp),%eax
100246: 83 cb ff or $0xffffffff,%ebx
100249: 25 00 f0 ff ff and $0xfffff000,%eax
10024e: 3d 00 00 cf cf cmp $0xcfcf0000,%eax
100253: 89 d8 mov %ebx,%eax
100255: 0f 44 05 00 f0 ff cf cmove 0xcffff000,%eax
10025c: 50 push %eax
10025d: 68 30 0f 00 c0 push $0xc0000f30
100262: e8 af 0c f0 bf call c0000f16 <printf(char const*, ..
The ternary statement in the source code forbids to access the memory at
0xcffff000 if the condition does not hold. However, CMOVE is reading from it.
Using built-in specs.
Target: i486-slackware-linux
Configured with: ../gcc-cvs/configure --prefix=/usr --enable-shared
--enable-threads=posix --enable-__cxa_atexit --enable-languages=c,c++
--disable-checking --with-gnu-ld --verbose --target=i486-slackware-linux
--host=i486-slackware-linux
Thread model: posix
gcc version 4.2.0 20060806 (experimental)
--
Summary: CMOV accessing unmapped memory
Product: gcc
Version: 4.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: us15 at os dot inf dot tu-dresden dot de
GCC build triplet: i486-slackware-linux
GCC host triplet: i486-slackware-linux
GCC target triplet: i486-slackware-linux
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28633
