http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49618
Summary: When building uClibc with GCC 4.6.1 old_atexit is
miscompiled
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
AssignedTo: [email protected]
ReportedBy: [email protected]
Created attachment 24661
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=24661
Preprocessed file "old_atexit.i"
Hi,
this issue kept me UP for several weeks. It first occured when generating a
mipsel target-toolchain based on gcc-4.6.0 with uClibc-0.9.32 for a router
project called freetz. Finally, I could track the problem with the assistance
from Edwin Török. A big thank you, Edwin.
### Problem description:
When building uClibc with GCC 4.6.1 old_atexit is miscompiled, which causes
this testprogram to crash when calling old_atexit:
#include <stdlib.h>
void foo() {}
int main() { return atexit(foo);}
This is a regression from GCC 4.5.3 which compiled old_atexit() fine.
Attached is the preprocessed file old_atexit.i.
Commandline to create old_atexit.os:
mipsel-linux-uclibc-gcc -S old_atexit.i -o old_atexit.os -funsigned-char
-fno-builtin -fno-asm -msoft-float -std=gnu99 -march=4kc -mtune=4kc -mabi=32
-fno-stack-protector -Os -funit-at-a-time
-fmerge-all-constants -fstrict-aliasing -fno-tree-loop-optimize
-fno-tree-dominator-opts -fno-strength-reduce -mno-split-addresses -fPIC
As seen below with GCC 4.6.1 &__dso_handle is assumed to be non-NULL
and the branch (beqz) eliminated, but it is in fact NULL at runtime
which causes the crash.
With GCC 4.5.3 there is a beqz that tests for &__dso_handle == NULL:
000537d0 <old_atexit>:
537d0: 3c1c0003 lui gp,0x3
537d4: 279c8d10 addiu gp,gp,-29424
537d8: 0399e021 addu gp,gp,t9
537dc: 8f828a2c lw v0,-30164(gp)
537e0: 8f9989ac lw t9,-30292(gp)
537e4: 8c460000 lw a2,0(v0)
^^^^^^^^^^ SIGSEGV here, with a NULL dereference
537e8: 00002821 move a1,zero
537ec: 03200008 jr t9
537f0: 0002300a movz a2,zero,v0
old_atexit.os with GCC 4.6.1:
.file 1 "old_atexit.c"
.section .mdebug.abi32
.previous
.gnu_attribute 4, 3
.abicalls
.text
.align 2
.globl old_atexit
.set nomips16
.ent old_atexit
.type old_atexit, @function
old_atexit:
.frame $sp,0,$31 # vars= 0, regs= 0/0, args= 0, gp= 0
.mask 0x00000000,0
.fmask 0x00000000,0
.set noreorder
.cpload $25
.set nomacro
lw $2,%got(__dso_handle)($28)
lw $25,%call16(__cxa_atexit)($28)
lw $6,0($2)
move $5,$0
.reloc 1f,R_MIPS_JALR,__cxa_atexit
1: jr $25
movz $6,$0,$2
.set macro
.set reorder
.end old_atexit
.size old_atexit, .-old_atexit
.weak atexit
atexit = old_atexit
.weak __dso_handle
.ident "GCC: (GNU) 4.6.1"
old_atexit.os with GCC 4.5.3:
.file 1 "old_atexit.c"
.section .mdebug.abi32
.previous
.gnu_attribute 4, 3
.abicalls
.text
.align 2
.globl old_atexit
.set nomips16
.ent old_atexit
.type old_atexit, @function
old_atexit:
.frame $sp,0,$31 # vars= 0, regs= 0/0, args= 0, gp= 0
.mask 0x00000000,0
.fmask 0x00000000,0
.set noreorder
.cpload $25
.set nomacro
lw $2,%got(__dso_handle)($28)
beq $2,$0,$L2
move $6,$0
lw $6,0($2)
$L2:
lw $25,%call16(__cxa_atexit)($28)
.reloc 1f,R_MIPS_JALR,__cxa_atexit
1: jr $25
move $5,$0
.set macro
.set reorder
.end old_atexit
.size old_atexit, .-old_atexit
.weak atexit
atexit = old_atexit
.weak __dso_handle
.ident "GCC: (GNU) 4.5.3"
### GCC versions (with gcc -v output) for target and host:
$
/mnt/sdb3/freetz/freetz-trunk_gcc-4.6.1/toolchain/build/mipsel_gcc-4.6.1_uClibc-0.9.32/mipsel-linux-uclibc/bin/mipsel-linux-uclibc-gcc
-v
Using built-in specs.
COLLECT_GCC=/mnt/sdb3/freetz/freetz-trunk_gcc-4.6.1/toolchain/build/mipsel_gcc-4.6.1_uClibc-0.9.32/mipsel-linux-uclibc/bin/mipsel-linux-uclibc-gcc
COLLECT_LTO_WRAPPER=/mnt/sdb3/freetz/freetz-trunk_gcc-4.6.1/toolchain/build/mipsel_gcc-4.6.1_uClibc-0.9.32/mipsel-linux-uclibc/bin/../libexec/gcc/mipsel-linux-uclibc/4.6.1/lto-wrapper
Target: mipsel-linux-uclibc
Configured with:
/mnt/sdb3/freetz/freetz-trunk/source/toolchain-mipsel_gcc-4.6.1_uClibc-0.9.32/gcc-4.6.1/configure
--prefix=/mnt/sdb3/freetz/freetz-trunk/toolchain/build/mipsel_gcc-4.6.1_uClibc-0.9.32/mipsel-linux-uclibc
--with-sysroot=/mnt/sdb3/freetz/freetz-trunk/toolchain/build/mipsel_gcc-4.6.1_uClibc-0.9.32/mipsel-linux-uclibc/usr/
--build=i386-pc-linux-gnu --host=i386-pc-linux-gnu --target=mipsel-linux-uclibc
--enable-languages=c,c++ --enable-shared --enable-threads
--with-gmp=/mnt/sdb3/freetz/freetz-trunk/tools/build
--with-mpfr=/mnt/sdb3/freetz/freetz-trunk/tools/build
--with-mpc=/mnt/sdb3/freetz/freetz-trunk/tools/build --with-gnu-ld
--disable-__cxa_atexit --disable-libgomp --disable-libmudflap
--disable-multilib --disable-tls --disable-fixed-point --with-float=soft
--enable-cxx-flags=-msoft-float --disable-libssp --with-march=4kc --disable-nls
--with-mips-plt --disable-decimal-float
Thread model: posix
gcc version 4.6.1 (GCC)
$
/mnt/sdb3/freetz/freetz-trunk_gcc-4.5.3/toolchain/build/mipsel_gcc-4.5.3_uClibc-0.9.32/mipsel-linux-uclibc/bin/mipsel-linux-uclibc-gcc
-v
Using built-in specs.
COLLECT_GCC=/mnt/sdb3/freetz/freetz-trunk_gcc-4.5.3/toolchain/build/mipsel_gcc-4.5.3_uClibc-0.9.32/mipsel-linux-uclibc/bin/mipsel-linux-uclibc-gcc
COLLECT_LTO_WRAPPER=/mnt/sdb3/freetz/freetz-trunk_gcc-4.5.3/toolchain/build/mipsel_gcc-4.5.3_uClibc-0.9.32/mipsel-linux-uclibc/bin/../libexec/gcc/mipsel-linux-uclibc/4.5.3/lto-wrapper
Target: mipsel-linux-uclibc
Configured with:
/mnt/sdb3/freetz/freetz-trunk/source/toolchain-mipsel_gcc-4.5.3_uClibc-0.9.32/gcc-4.5.3/configure
--prefix=/mnt/sdb3/freetz/freetz-trunk/toolchain/build/mipsel_gcc-4.5.3_uClibc-0.9.32/mipsel-linux-uclibc
--with-sysroot=/mnt/sdb3/freetz/freetz-trunk/toolchain/build/mipsel_gcc-4.5.3_uClibc-0.9.32/mipsel-linux-uclibc/usr/
--build=i386-pc-linux-gnu --host=i386-pc-linux-gnu --target=mipsel-linux-uclibc
--enable-languages=c,c++ --enable-shared --enable-threads
--with-gmp=/mnt/sdb3/freetz/freetz-trunk/tools/build
--with-mpfr=/mnt/sdb3/freetz/freetz-trunk/tools/build
--with-mpc=/mnt/sdb3/freetz/freetz-trunk/tools/build --with-gnu-ld
--disable-__cxa_atexit --disable-libgomp --disable-libmudflap
--disable-multilib --disable-tls --disable-fixed-point --with-float=soft
--enable-cxx-flags=-msoft-float --disable-libssp --with-march=4kc --disable-nls
--with-mips-plt --disable-decimal-float
Thread model: posix
gcc version 4.5.3 (GCC)
$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/i386-linux-gnu/gcc/i486-linux-gnu/4.6.1/lto-wrapper
Target: i486-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 4.6.1-1'
--with-bugurl=file:///usr/share/doc/gcc-4.6/README.Bugs
--enable-languages=c,c++,fortran,objc,obj-c++,go --prefix=/usr
--program-suffix=-4.6 --enable-shared --enable-multiarch
--with-multiarch-defaults=i386-linux-gnu --enable-linker-build-id
--with-system-zlib --libexecdir=/usr/lib/i386-linux-gnu
--without-included-gettext --enable-threads=posix
--with-gxx-include-dir=/usr/include/c++/4.6 --libdir=/usr/lib/i386-linux-gnu
--enable-nls --enable-clocale=gnu --enable-libstdcxx-debug
--enable-libstdcxx-time=yes --enable-plugin --enable-objc-gc
--enable-targets=all --with-arch-32=i586 --with-tune=generic
--enable-checking=release --build=i486-linux-gnu --host=i486-linux-gnu
--target=i486-linux-gnu
Thread model: posix
gcc version 4.6.1 (Debian 4.6.1-1)
### Target is a Speedport W701V router:
# uname -a
Linux fritz.fonwlan.box 2.6.13.1-ohio #1 Thu Jun 30 17:59:33 CEST 2011 mips
GNU/Linux
# cat /proc/version
Linux version 2.6.13.1-ohio () (gcc version 3.4.6) #1 Thu Jun 30 17:59:33 CEST
2011
### Host is a Debian/sid i386 system:
$ uname -a
Linux seduxbox 2.6.39-2-686-pae #1 SMP Wed Jun 8 11:33:14 UTC 2011 i686
GNU/Linux
$ cat /proc/version
Linux version 2.6.39-2-686-pae (Debian 2.6.39-2) ([email protected]) (gcc
version 4.4.6 (Debian 4.4.6-3) ) #1 SMP Wed Jun 8 11:33:14 UTC 2011
Hope this helps to kill that BUG.
Kind Regards,
- Sedat -
