https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70526
Bug ID: 70526
Summary: GCC 6 miscompiles Firefox JIT compiler
Product: gcc
Version: 6.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: rtl-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: jandemooij+gccbugs at gmail dot com
Target Milestone: ---
Created attachment 38175
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=38175&action=edit
Reduced testcase
See https://bugzilla.mozilla.org/show_bug.cgi?id=1245783
I managed to reduce it to the attached test case.
$ g++ --version
g++-6 (Ubuntu 6-20160319-0ubuntu11) 6.0.0 20160319 (experimental) [trunk
revision 234350]
$ g++-6 -O3 -Wall -o test test.cpp
$ ./test
Fail
It does not print "Fail" with -O0 or with g++ 5.3.1
The problem seems to be on this line:
return TypedOrValueRegister(type, ToAnyRegister(value));
It looks like we read a bogus/uninitialized value from the stack and use that
instead of the result of the ToAnyRegister call.
