[Issue 18794] Compiling with -O causes runtime segfault
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Tue Apr 24 20:42:18 UTC 2018
https://issues.dlang.org/show_bug.cgi?id=18794
ag0aep6g <ag0aep6g at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ag0aep6g at gmail.com
Blocks| |18750
--- Comment #1 from ag0aep6g <ag0aep6g at gmail.com> ---
Reduced:
----
bool method(size_t* p)
{
int bitIdx = 0;
func();
return (*p & (1UL << bitIdx)) != 0;
}
void func() {}
void prep()
{
asm {}
ulong[2] x = -1;
}
void main()
{
prep();
size_t s;
method(&s);
}
----
Generated code for `method`:
----
0: 55 push rbp
1: 48 8b ec mov rbp,rsp
4: 48 83 ec 10 sub rsp,0x10
8: 48 89 7d f8 mov QWORD PTR [rbp-0x8],rdi
c: c7 45 f0 00 00 00 00 mov DWORD PTR [rbp-0x10],0x0
13: e8 00 00 00 00 call 18 <_D4test6methodFPmZb+0x18>
14: R_X86_64_PLT32 _D4test4funcFZv-0x4
18: 48 8b 45 f8 mov rax,QWORD PTR [rbp-0x8]
1c: 48 8b 4d f0 mov rcx,QWORD PTR [rbp-0x10]
20: 48 0f a3 08 bt QWORD PTR [rax],rcx
24: 48 0f 92 c0 rex.W setb al
28: 48 8b e5 mov rsp,rbp
2b: 5d pop rbp
2c: c3 ret
----
bitIdx is a DWORD at rbp-0x10. But later a QWORD is read from there and used in
the bt instruction. So that reads garbage from the stack. The garbage can be
controlled by prep.
Looks like this is directly related to the generation of the bt instruction,
which is horribly broken. But it doesn't seem to be a duplicate of the known
issues. Adding to the tracker.
Referenced Issues:
https://issues.dlang.org/show_bug.cgi?id=18750
[Issue 18750] [Tracker] everything wrong with code generation for bt
instruction
--
More information about the Digitalmars-d-bugs
mailing list