gcc ARM compiler produce invalid opcode

Bug #1586033 reported by jdobry on 2016-05-26
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNU Arm Embedded Toolchain
Undecided
Unassigned

Bug Description

Hello,

I found, that in special conditions compiler create invalid ARM opcode. It happen on code with (invalid) reference to NULL pointer content. See bellow. I made this test on the latest 5.3 2016q1; 5.2 2015q4 and 4.9 2015q3. Results are same.

Test source file fail.c:

struct test {
  int x;
};
void * foo (int x) {
  struct test *p = (struct test *)0;
  int z = p->x - x;
  void *retPtr;
  if (z < 8)
    retPtr = (void *)p;
  else
    retPtr = (int *)p + 4;
  return retPtr;
}

compilation: "arm-none-eabi-gcc -c -S fail.c -O2 -mcpu=cortex-m4 -mthumb"

This produce this ASM:
foo:
 movs r3, #0
 ldr r3, [r3]
 .inst 0xdeff ; <<< ?????? what ??????

PS: I know that this usage of pointer is invalid. It can be used (theoreticaly) to read start or interrupt vectors, but it is crazy unreal example.

Hi,

.inst oxdeff is a udf (undefined) instruction. It is probably output in this way for historical reasons because GAS did not support that mnemonic yet. GCC outputs this because dereferencing a NULL pointing in undefined behavior. You will have expected code if compiling with -fno-delete-null-pointer-checks.

Best regards.

I forgot to mention that udf is output to ensure that the code will trap when executed.

Best regards

Changed in gcc-arm-embedded:
status: New → Invalid
jdobry (jdobry) wrote :

I understand motivation to use undefined instruction.
Problem is that compiler create invalid opcode SILENTLY. This technique to enforce run-time error is possible but NEWER without any warning.
For clarification bug isn't UDF instruction itself. It is caused by code. Garbage in, garbage out. Problem is no message about it during compilation.

Sadly I could not find a warning to enable to catch these and implementing this would take a significant amount of resources.

Best regards.

Hi,

It was pointed out to me by a colleague, GCC 6 provides -Wnull-dereference that catches this error. You will therefore be able to catch this error once we provide a GCC 6 based toolchain or by building one yourself now.

Best regards.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers