[Bug jit/64722] New: On 2nd time libgccjit is run in-process on i686, generated code clobbers %ebx register

[dmalcolm at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64722

            Bug ID: 64722
           Summary: On 2nd time libgccjit is run in-process on i686,
                    generated code clobbers %ebx register
           Product: gcc
           Version: 5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: jit
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: dmalcolm at gcc dot gnu.org
             Build: i686-pc-linux-gnu

I'm seeing a crash on i686 for various test cases, each
within "main", getting ready to begin the *3rd* iteration of the test.

  FAIL: test-array-as-pointer.c.exe killed: 37097 exp8 0 0 CHILDKILLED SIGSEGV
{segmentation violation}
  FAIL: test-calling-external-function.c.exe killed: 37185 exp8 0 0 CHILDKILLED
SIGSEGV {segmentation violation}
  FAIL: test-combination.c.exe killed: 37273 exp8 0 0 CHILDKILLED SIGSEGV
{segmentation violation}
  FAIL: test-expressions.c.exe killed: 38499 exp8 0 0 CHILDKILLED SIGSEGV
{segmentation violation}
  FAIL: test-fibonacci.c.exe killed: 38587 exp8 0 0 CHILDKILLED SIGSEGV
{segmentation violation}
  FAIL: test-functions.c.exe killed: 38627 exp8 0 0 CHILDKILLED SIGSEGV
{segmentation violation}
  FAIL: test-hello-world.c.exe killed: 38695 exp8 0 0 CHILDKILLED SIGSEGV
{segmentation violation}
  FAIL: test-nested-contexts.c.exe killed: 38831 exp8 0 0 CHILDKILLED SIGSEGV
{segmentation violation}
  FAIL: test-operator-overloading.cc.exe killed: 38919 exp8 0 0 CHILDKILLED
SIGSEGV {segmentation violation}
  FAIL: test-quadratic.c.exe killed: 38959 exp8 0 0 CHILDKILLED SIGSEGV
{segmentation violation}
  FAIL: test-quadratic.cc.exe killed: 39000 exp8 0 0 CHILDKILLED SIGSEGV
{segmentation violation}
  FAIL: test-reading-struct.c.exe killed: 39040 exp8 0 0 CHILDKILLED SIGSEGV
{segmentation violation}
  FAIL: test-threads.c.exe killed: 39176 exp8 0 0 CHILDKILLED SIGSEGV
{segmentation violation}

All of them crash here in main, trying to read "argv", apparently something has
trashed %ebx:

(gdb) disassemble main
Dump of assembler code for function main:
   0x080499c0 <+0>:    lea    0x4(%esp),%ecx
   0x080499c4 <+4>:    and    $0xfffffff0,%esp
   0x080499c7 <+7>:    pushl  -0x4(%ecx)
   0x080499ca <+10>:    push   %ebp
   0x080499cb <+11>:    mov    %esp,%ebp
   0x080499cd <+13>:    push   %ebx
   0x080499ce <+14>:    push   %ecx
   0x080499cf <+15>:    sub    $0x10,%esp
   0x080499d2 <+18>:    mov    %ecx,%ebx
   0x080499d4 <+20>:    movl   $0x1,-0xc(%ebp)
   0x080499db <+27>:    jmp    0x8049a25 <main+101>
=> 0x080499dd <+29>:    mov    0x4(%ebx),%eax
   0x080499e0 <+32>:    mov    (%eax),%eax
   0x080499e2 <+34>:    sub    $0xc,%esp
   0x080499e5 <+37>:    push   %eax
   0x080499e6 <+38>:    call   0x8049982 <extract_progname>
   0x080499eb <+43>:    add    $0x10,%esp
   0x080499ee <+46>:    sub    $0x8,%esp
   0x080499f1 <+49>:    push   $0x5
   0x080499f3 <+51>:    pushl  -0xc(%ebp)
   0x080499f6 <+54>:    push   %eax
   0x080499f7 <+55>:    push   $0x804a06b
   0x080499fc <+60>:    push   $0x400
   0x08049a01 <+65>:    push   $0x804c340
   0x08049a06 <+70>:    call   0x8048fc0 <snprintf@plt>
   0x08049a0b <+75>:    add    $0x20,%esp
   0x08049a0e <+78>:    mov    0x4(%ebx),%eax
   0x08049a11 <+81>:    mov    (%eax),%eax
   0x08049a13 <+83>:    sub    $0x8,%esp
   0x08049a16 <+86>:    push   $0x0
   0x08049a18 <+88>:    push   %eax
   0x08049a19 <+89>:    call   0x80498be <test_jit>
   0x08049a1e <+94>:    add    $0x10,%esp
   0x08049a21 <+97>:    addl   $0x1,-0xc(%ebp)
   0x08049a25 <+101>:    cmpl   $0x5,-0xc(%ebp)
   0x08049a29 <+105>:    jle    0x80499dd <main+29>
   0x08049a2b <+107>:    call   0x8049335 <totals>
   0x08049a30 <+112>:    mov    $0x0,%eax
   0x08049a35 <+117>:    lea    -0x8(%ebp),%esp
   0x08049a38 <+120>:    pop    %ecx
   0x08049a39 <+121>:    pop    %ebx
   0x08049a3a <+122>:    pop    %ebp
   0x08049a3b <+123>:    lea    -0x4(%ecx),%esp
   0x08049a3e <+126>:    ret
End of assembler dump.

Investigating test-hello-world.c and the generated "hello_world":
(gdb) break hello_world

On iteration 1:
(gdb) disassemble hello_world
Dump of assembler code for function hello_world:
   0xf671a510 <+0>:    push   %ebp
   0xf671a511 <+1>:    mov    %esp,%ebp
   0xf671a513 <+3>:    push   %ebx
=> 0xf671a514 <+4>:    sub    $0x4,%esp
   0xf671a517 <+7>:    call   0xf671a53d <__x86.get_pc_thunk.ax>
   0xf671a51c <+12>:    add    $0x1ae4,%eax
   0xf671a521 <+17>:    sub    $0x8,%esp
   0xf671a524 <+20>:    pushl  0x8(%ebp)
   0xf671a527 <+23>:    lea    -0x1aa8(%eax),%edx
   0xf671a52d <+29>:    push   %edx
   0xf671a52e <+30>:    mov    %eax,%ebx
   0xf671a530 <+32>:    call   0xf671a3b0 <printf@plt>
   0xf671a535 <+37>:    add    $0x10,%esp
   0xf671a538 <+40>:    mov    -0x4(%ebp),%ebx
   0xf671a53b <+43>:    leave  
   0xf671a53c <+44>:    ret    
End of assembler dump.

but on iteration 2:
(gdb) cont
ITERATION 2
Breakpoint 1, 0xf671a516 in hello_world (name=0x804a35a "world") from
/tmp/libgccjit-9zApb1/fake.so
(gdb) disassemble 
Dump of assembler code for function hello_world:
   0xf671a510 <+0>:    push   %ebp
   0xf671a511 <+1>:    mov    %esp,%ebp
   0xf671a513 <+3>:    sub    $0x8,%esp
=> 0xf671a516 <+6>:    call   0xf671a539 <__x86.get_pc_thunk.ax>
   0xf671a51b <+11>:    add    $0x1ae5,%eax
   0xf671a520 <+16>:    sub    $0x8,%esp
   0xf671a523 <+19>:    pushl  0x8(%ebp)
   0xf671a526 <+22>:    lea    -0x1aac(%eax),%edx
   0xf671a52c <+28>:    push   %edx
   0xf671a52d <+29>:    mov    %eax,%ebx
   0xf671a52f <+31>:    call   0xf671a3b0 <printf@plt>
   0xf671a534 <+36>:    add    $0x10,%esp
   0xf671a537 <+39>:    leave  
   0xf671a538 <+40>:    ret    
End of assembler dump.

If I'm reading this right, iteration 1's generated "hello_world" saves and
restores %ebx, but iteration 2's version of it is clobbering %ebx.