Hey guys from KEIL, sorry but I have to report this. Here is a simple code that shows the bug:
typedef unsigned char byte; byte code zzz[4]; void fff(byte,byte); void keil_bug(byte flag) { byte ep = 1; fff(ep, flag ? 0 : zzz[ep]); }
and here is compiler output
; FUNCTION _keil_bug (BEGIN) ; SOURCE LINE # 4 ;---- Variable 'flag' assigned to Register 'R6' ---- MOV R6,AR7 ; SOURCE LINE # 5 ;---- Variable 'ep' assigned to Register 'R7' ---- MOV R7,#01H ; SOURCE LINE # 6 MOV A,R6 xJZ ?C0001 MOV R5,#00H xJMP ?C0002 ?C0001: MOV A,R7 MOV DPTR,#zzz MOVC A,@A+DPTR MOV R7,A MOV R5,A ?C0002: CALL _fff ; SOURCE LINE # 7 RET ; FUNCTION _keil_bug (END)
first parameter [ep] to function fff() which has to be passed via R7 overwritten by fetched zzz[ep] two instructions before the call :(
This happens on optimization level 7. On level 6 fetched value is moved to R6 which is at least harmless.
I checked evaluation version 8.05 (I'm using 8.02) but it has the same problem.