Under certain circumstances an inline function called from another function has a parameter on the stack overwritten by another parameter.
In my test case (taken from TinyUSB), _ff_pull
is the inline function, and _tu_fifo_peek
is the caller. The third argument to _ff_pull
is the same as the fourth parameter to _tu_fifo_peek
and it acquires an invalid value if there is no reference to either before the call to memcpy
in its body.
When I print the values of the parameters it's easy to see that rd_idx
and rel
have acquired portions of the p_buffer
/ app_buf
argument values.
To run:
sdcc --model-large --stack-auto --fomit-frame-pointer repro3.c && s51 -t 8052 -X 12M -b -S out=- -e repro3.ihx
Version tested: 4.2.14 #13904 (Linux) but 4.0.0 and 4.2.0 also exhibit this behavior.
Expected output:
rel=0000
app_buf=E21D
rd_idx=0000
p_buffer=E21D
Actual output:
rel=1D00
app_buf=E21D
rd_idx=E21D
p_buffer=E21D
I uploaded the version with the workaround applied, my apologies. Wish I could edit this. Correct version (showing problem) attached.
I can reproduce the problem in current SDCC on Debian GNU/Linux testing.
It apparently affects the mcs51 port with --stack-auto only.
There now is a test for this bug in the regression test suite (currently disabled for mcs51 as the bug is not yet fixed), that I derived from your code sample.
Where is that test in the repo?
https://sourceforge.net/p/sdcc/code/HEAD/tree/trunk/sdcc/support/regression/tests/bug-3563.c
Could it be related to the recent [#3607]?
Related
Bugs:
#3607Last edit: Maarten Brock 2023-08-19