#2211 stm8 genCmpEQorNE fails to properly pop A

closed-fixed
None
STM8
7
2013-09-05
2013-09-04
Erik Petrich
No

In revision 8834, regression test bug-136564 fails with an invalid instruction on stm8. Register A has a live value and so is pushed when it is also needed for a comparison. However, it is only popped on one of the execution paths which leads to local variable corruption, stack overflow, and eventually the invalid instruction.

; gen/stm8/bug-136564/bug-136564.c: 40: while (c != 'x' && i < 9 )
; genLabel
00120$:
; genAssign
clr a
; genLabel
00104$:
; genCmpEQorNE
push a
ld a, _foo_c_1_7+0
cp a, #0x78
jrne 00151$
pop a
jra 00123$
; peephole j5 changed absolute to relative unconditional jump.
00151$:
; skipping generated iCode
; genCmp
cp a, #0x09

Related

Bugs: #2211

Discussion

    • assigned_to: Philipp Klaus Krause
    • Priority: 5 --> 7
     
  • Interestingly, it doesn't fail for me (maybe the path isn't executed) or in the snapshot regression testing. But I can see that the generated code is broken and In eed to fix genCmpEQorNE().

    Philipp

     
  • Erik Petrich
    Erik Petrich
    2013-09-05

    I suppose this is one of the reasons that we have the regression tests running on so many different platforms. One of the things I noticed when the hc08 backend was switched over to your register allocator was that the generated code was not the same on all the systems of our DCF. When there are several register assignment alternatives that have equal cost, the one that is actually used depends on the internal implementation of the data structure class.

    I have found it useful to occasionally temporarily modify the dry run cost computation to add small random numbers to the actual cost. Of course, this makes the generated code less optimal, but it has helped me find some cases that the code generator had not been handling correctly that were not detected during normal operation because the trickier cases tend to have a somewhat higher cost and so are normally avoided (and thus left untested).

    Erik


    From: Philipp Klaus Krause [spth@users.sf.net]
    Sent: Thursday, September 05, 2013 3:00 AM
    To: [sdcc:bugs]
    Subject: [sdcc:bugs] #2211 stm8 genCmpEQorNE fails to properly pop A

    Interestingly, it doesn't fail for me (maybe the path isn't executed) or in the snapshot regression testing. But I can see that the generated code is broken and In eed to fix genCmpEQorNE().

    Philipp


    [bugs:#2211]http://sourceforge.net/p/sdcc/bugs/2211/ stm8 genCmpEQorNE fails to properly pop A

    Status: open
    Created: Wed Sep 04, 2013 10:08 PM UTC by Erik Petrich
    Last Updated: Wed Sep 04, 2013 10:08 PM UTC
    Owner: Philipp Klaus Krause

    In revision 8834, regression test bug-136564 fails with an invalid instruction on stm8. Register A has a live value and so is pushed when it is also needed for a comparison. However, it is only popped on one of the execution paths which leads to local variable corruption, stack overflow, and eventually the invalid instruction.

    ; gen/stm8/bug-136564/bug-136564.c: 40: while (c != 'x' && i < 9 )
    ; genLabel
    00120$:
    ; genAssign
    clr a
    ; genLabel
    00104$:
    ; genCmpEQorNE
    push a
    ld a, _foo_c_1_7+0
    cp a, #0x78
    jrne 00151$
    pop a
    jra 00123$
    ; peephole j5 changed absolute to relative unconditional jump.
    00151$:
    ; skipping generated iCode
    ; genCmp
    cp a, #0x09


    Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/sdcc/bugs/2211/

    To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/

     

    Related

    Bugs: #2211

    • status: open --> closed-fixed
     
  • Fixed in revision #8835.

    Philipp

    P.S.: I have found that trying different values for --max-allocs-per-node and --opt-code-size/--opt-code-speed also helps with testing corner cases in code generation.