https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90245
Bug ID: 90245
Summary: A data race with a segmentation fault handler
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: marxin at gcc dot gnu.org
Target Milestone: ---
Created attachment 46241
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=46241&action=edit
test-case
It's follow up of:
https://bugzilla.opensuse.org/show_bug.cgi?id=1133245
For the attached conftest we end up with:
56 /* Check that the handler was called only once. */
57 if (handler_called != 1) <--- problematic condition
58 {
59 __builtin_printf ("handler_called == 1\n");
60 exit (1);
61 }
62 /* Test passed! */
63 return 0;
64 }
$ gcc conftest.c -O2 -S -o/dev/stdout
main:
...
movq page(%rip), %rax
movl $42, 1656(%rax) <--- segfault happens here
cmpl $1, handler_called(%rip) <- comparison after that
jne .L16
While using LTO:
Disassembly of section .text:
0000000000401090 <main>:
...
401118: 83 3d 41 2f 00 00 01 cmpl $0x1,0x2f41(%rip) #
404060 <handler_called>
40111f: c7 83 78 06 00 00 2a movl $0x2a,0x678(%rbx)
401126: 00 00 00
401129: 75 15 jne 401140 <main+0xb0>
So here we first do 'handler_called != 1' comparison and next instruction
triggers the segfault handler. I tried:
--param allow-store-data-races=0, but it does not help.
Solution is to add a barrier I guess. I guess the transformation is valid?
