[Tinycc-devel] Jupm Optimizations regession bug

tinycc-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Tinycc-devel] Jupm Optimizations regession bug

From:	Kyryl Melekhin
Subject:	[Tinycc-devel] Jupm Optimizations regession bug
Date:	Tue, 02 Feb 2021 14:20:17 +0000
User-agent:	Heirloom mailx 12.4 7/29/08

Hello Grischka and Tcc community,

I have found a regression bug in Tcc code gen (X86_64).
Caused by this commit: 8227db3a23fd3cf11840eaa25eab5f3f5f813ac7
Sadly I don't have a small test case to reproduce it. But it is
caused by stack allocation (unknown compile time alloca but in
C99). You have to compile my text editor project, I get a crash 
in vfprintf in MuslC. The rsp pointer is corrupted. What is funny
that crash is completely unrelated to the code that causes it, the
reason I am 100% sure this is not a bug in any of my code is because
first, I don't have any invalid accesses, tcc version compiled 
1 commit behind from the commit above never crashes like that and 
also obviously it does not crash with any other compiler, gcc, clang, etc.


Here is the 2 lines that cause invalid rsp instruction code gen.

https://github.com/kyx0r/neatvi/blob/f6c46e9e8bdd8b1d4011d08019115936268e8536/vi.c#L1727
https://github.com/kyx0r/neatvi/blob/f6c46e9e8bdd8b1d4011d08019115936268e8536/vi.c#L1737


Why nobody had this dynamic array crashes before? As you can see the
input for compiler is pretty complicated, there is a enclosed switch 
into if statements, and even more if statements everywhere. This is why
I can't test the bug in more simple way, because it is unclear where
the undefined behavior occurs in tcc. But from what I saw in that
regression commit that if statements code gen was changed. Probably
what happens now is the compiler places rsp restore instructions in the
wrong places perhaps they are placed before the if statement inside
switch. Also the code I linked does not have to run at all for it to crash,
the only thing that has to happen is to be any of the cases of enclosing
switch be true and execute.

I can fix my code by simply not using the C99 stack allocated arrays
in those spots, but that does not solve the obvious compiler bug.

I will take a look into that commit more closely sometime later
and maybe find a fix, but since grischka wrote it he may solve
the bug before I do.

Regards,
Kyryl

[Prev in Thread]

Current Thread

[Next in Thread]

[Tinycc-devel] Jupm Optimizations regession bug, Kyryl Melekhin <=
- Re: [Tinycc-devel] Jupm Optimizations regession bug, Michael Matz, 2021/02/02
- Re: [Tinycc-devel] Jupm Optimizations regession bug, Christian Jullien, 2021/02/03

Prev by Date: [Tinycc-devel] Do we need some options to enable/disable "additional feature" in tcc
Next by Date: Re: [Tinycc-devel] Jupm Optimizations regession bug
Previous by thread: [Tinycc-devel] Do we need some options to enable/disable "additional feature" in tcc
Next by thread: Re: [Tinycc-devel] Jupm Optimizations regession bug
Index(es):
- Date
- Thread