Bug#663654: /usr/bin/gcc: gcc tree optimizer generates incorrect vector load instructions for x86_64, app crashes
Package: gcc-4.6
Version: 4.6.3-1
File: /usr/bin/gcc
Severity: important
Dear Maintainer,
The following versions of gcc:
Debian gcc-4.6.3-1,
Debain gcc-4.4.6-14,
Debian gcc-4.6.2-14,
Debian gcc-4.4.6-15,
Ubuntu 4.4.3-4ubuntu5
generates *wrong* code - aligned vector loads instead of unaligned vector loads
for x86_64 arch. This causes the compiled code to crash with
SIGSEGV(General Protection Fault).
Bug *not* present on Debian gcc-snapshot(gcc-4.7.0-20120228-1) and gcc-4.5.3-12.
Consider the following program:
void foo(int* __restrict ia, int n){
int i;
for(i=0;i<n;i++){
ia[i]=ia[i]*ia[i];
}
}
int main(){
int a[9];
int sum=0,i;
for(i=0;i<9;i++){
a[i]=(i*i)%128;
}
foo((int*)((char*)a+2), 8);
for(i=0;i<9;i++){
sum+=a[i];
}
return sum;
}
In x86 and x86_64, unaligned word access are valid
- *((int*)<unaligned memory address>)
But x86_64 SSE has two kinds of vector instructions
- aligned vector move (movdqa)
- unaligned vector move (movdqu)
Use of aligned vector move with an unaligned vector address,
will trigger the application to crash.
When compiled with any of the following command lines:
gcc -O3 foo.c
g++ -O3 foo.c
gcc -m64 -O2 -ftree-vectorize gcc_bug.c
g++ -m64 -O2 -ftree-vectorize gcc_bug.c
gcc generates an aligned vector load
movdqa -54(%rsp,%rax), %xmm0
instead of unaligned vector load - movdqu.
This result in above application to crash with
SIGSEGV(General Protection Fault).
gcc-snapshot correctly generates
movdqu -54(%rsp), %xmm0
Details:
bash$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.6/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian
4.6.3-1' --with-bugurl=file:///usr/share/doc/gcc-4.6/README.Bugs
--enable-languages=c,c++,fortran,objc,obj-c++,go --prefix=/usr
--program-suffix=-4.6 --enable-shared --enable-linker-build-id
--with-system-zlib --libexecdir=/usr/lib --without-included-gettext
--enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.6
--libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-plugin
--enable-objc-gc --with-arch-32=i586 --with-tune=generic
--enable-checking=release --build=x86_64-linux-gnu
--host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 4.6.3 (Debian 4.6.3-1)
gcc version: 4.6.3
Target architecture: x86_64
Host arch: x86_64
Command line that triggered the bug: gcc -O3 foo.c
Compiler output: none
Full Source code to reproduce:
void foo(int* __restrict ia, int n){
int i;
for(i=0;i<n;i++){
ia[i]=ia[i]*ia[i];
}
}
int main(){
int a[9];
int sum=0,i;
for(i=0;i<9;i++){
a[i]=(i*i)%128;
}
foo((int*)((char*)a+2), 8);
for(i=0;i<9;i++){
sum+=a[i];
}
return sum;
}
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gcc-4.6 depends on:
ii binutils 2.22-5
ii cpp-4.6 4.6.3-1
ii gcc-4.6-base 4.6.3-1
ii libc6 2.13-26
ii libgcc1 1:4.6.3-1
ii libgmp10 2:5.0.4+dfsg-1
ii libgomp1 4.6.3-1
ii libmpc2 0.9-4
ii libmpfr4 3.1.0-3
ii libquadmath0 4.6.3-1
ii zlib1g 1:1.2.3.4.dfsg-3
Versions of packages gcc-4.6 recommends:
ii libc6-dev 2.13-26
Versions of packages gcc-4.6 suggests:
pn binutils-gold <none>
pn gcc-4.6-doc <none>
pn gcc-4.6-locales <none>
pn gcc-4.6-multilib 4.6.3-1
pn libgcc1-dbg <none>
pn libgomp1-dbg <none>
pn libmudflap0-4.6-dev <none>
pn libmudflap0-dbg <none>
pn libquadmath0-dbg <none>
-- no debconf information
--
Regards,
Deepak Ravi
Reply to: