public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug target/41900] New: call *%esp shouldn't be generated because of CPU errata
@ 2009-11-01 23:05 mikulas at artax dot karlin dot mff dot cuni dot cz
2009-11-02 9:37 ` [Bug target/41900] " ubizjak at gmail dot com
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: mikulas at artax dot karlin dot mff dot cuni dot cz @ 2009-11-01 23:05 UTC (permalink / raw)
To: gcc-bugs
Hi
Intel P6 family of processors (Pentium Pro, 2, 3) have a bug in call *%esp
instruction. The instruction should put current EIP to stack, decrement ESP by
4 and jump to a value of ESP before the decrement. P6 processors will jump to
the address after the decrement (so the will execute return address as code).
See Pentium Pro errata 70, Pentium 2 errata A33, Pentium 3 errata E17.
Gcc generates call *%esp for this example, when compiled with -O2
-fomit-frame-pointer -mpreferred-stack-boundary=2:
int main()
{
volatile unsigned code = 0x000000c3;
((void (*)(void))&code)();
return 0;
}
The code crashes when executed on P6 processor and executes correctly on other
processors.
GCC shouldn't allow direct %esp register for call instruction. (addressing
using %esp is fine).
---
Note: this bug comes from a piece of code used to call an arbitrary interrupt.
I coded it as this. The "call *%esp" bug looks weird but is not an artifical
example, it comes from a real code that was written and used.
static void INTR(unsigned int_no)
{
volatile unsigned code = 0xc300cd | (int_no << 8);
((void (*)(void))&code)();
}
--
Summary: call *%esp shouldn't be generated because of CPU errata
Product: gcc
Version: 4.4.2
Status: UNCONFIRMED
Severity: minor
Priority: P3
Component: target
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: mikulas at artax dot karlin dot mff dot cuni dot cz
GCC build triplet: i486-linux-gnu
GCC host triplet: i486-linux-gnu
GCC target triplet: i486-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41900
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug target/41900] call *%esp shouldn't be generated because of CPU errata
2009-11-01 23:05 [Bug target/41900] New: call *%esp shouldn't be generated because of CPU errata mikulas at artax dot karlin dot mff dot cuni dot cz
@ 2009-11-02 9:37 ` ubizjak at gmail dot com
2009-11-03 7:53 ` uros at gcc dot gnu dot org
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: ubizjak at gmail dot com @ 2009-11-02 9:37 UTC (permalink / raw)
To: gcc-bugs
------- Comment #1 from ubizjak at gmail dot com 2009-11-02 09:36 -------
This prototype patch should reject %esp from call operand:
Index: predicates.md
===================================================================
--- predicates.md (revision 153803)
+++ predicates.md (working copy)
@@ -561,7 +561,8 @@
;; Test for a valid operand for a call instruction.
(define_predicate "call_insn_operand"
(ior (match_operand 0 "constant_call_address_operand")
- (ior (match_operand 0 "register_no_elim_operand")
+ (ior (and (match_operand 0 "register_no_elim_operand")
+ (match_operand 0 "index_register_operand"))
(match_operand 0 "memory_operand"))))
;; Similarly, but for tail calls, in which we cannot allow memory references.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41900
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug target/41900] call *%esp shouldn't be generated because of CPU errata
2009-11-01 23:05 [Bug target/41900] New: call *%esp shouldn't be generated because of CPU errata mikulas at artax dot karlin dot mff dot cuni dot cz
2009-11-02 9:37 ` [Bug target/41900] " ubizjak at gmail dot com
@ 2009-11-03 7:53 ` uros at gcc dot gnu dot org
2009-11-04 14:15 ` uros at gcc dot gnu dot org
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: uros at gcc dot gnu dot org @ 2009-11-03 7:53 UTC (permalink / raw)
To: gcc-bugs
------- Comment #2 from uros at gcc dot gnu dot org 2009-11-03 07:53 -------
Subject: Bug 41900
Author: uros
Date: Tue Nov 3 07:53:05 2009
New Revision: 153838
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=153838
Log:
PR target/41900
* config/i386/i386.h (ix86_arch_indices) <X86_ARCH_CALL_ESP>: New.
(TARGET_CALL_ESP): New define.
* config/i386/i386.c (initial_ix86_tune_features): Initialize
X86_ARCH_CALL_ESP.
* config/i386/i386.md
(*call_pop_1_esp, *call_1_esp, *call_value_pop_1_esp,
*call_value_1_esp): Rename from *call_pop_1, *call_1,
*call_value_pop_1 and *call_value_1. Depend on TARGET_CALL_ESP.
(*call_pop_1, *call_1, *call_value_pop_1, *call_value_1):
New patterns, use "lsm" as operand 1 constraint.
* config/i386/predicates.md (call_insn_operand): Depend on
index_register_operand for !TARGET_CALL_ESP to avoid %esp register.
testsuite/ChangeLog:
PR target/41900
* gcc.target/i386/pr41900.c: New test.
Added:
trunk/gcc/testsuite/gcc.target/i386/pr41900.c
Modified:
trunk/gcc/ChangeLog
trunk/gcc/config/i386/i386.c
trunk/gcc/config/i386/i386.h
trunk/gcc/config/i386/i386.md
trunk/gcc/config/i386/predicates.md
trunk/gcc/testsuite/ChangeLog
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41900
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug target/41900] call *%esp shouldn't be generated because of CPU errata
2009-11-01 23:05 [Bug target/41900] New: call *%esp shouldn't be generated because of CPU errata mikulas at artax dot karlin dot mff dot cuni dot cz
2009-11-02 9:37 ` [Bug target/41900] " ubizjak at gmail dot com
2009-11-03 7:53 ` uros at gcc dot gnu dot org
@ 2009-11-04 14:15 ` uros at gcc dot gnu dot org
2009-11-05 8:01 ` uros at gcc dot gnu dot org
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: uros at gcc dot gnu dot org @ 2009-11-04 14:15 UTC (permalink / raw)
To: gcc-bugs
------- Comment #3 from uros at gcc dot gnu dot org 2009-11-04 14:15 -------
Subject: Bug 41900
Author: uros
Date: Wed Nov 4 14:14:49 2009
New Revision: 153896
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=153896
Log:
PR target/41900
* config/i386/i386.h (ix86_arch_indices) <X86_ARCH_CALL_ESP>: New.
(TARGET_CALL_ESP): New define.
* config/i386/i386.c (initial_ix86_tune_features): Initialize
X86_ARCH_CALL_ESP.
* config/i386/i386.md
(*call_pop_1_esp, *call_1_esp, *call_value_pop_1_esp,
*call_value_1_esp): Rename from *call_pop_1, *call_1,
*call_value_pop_1 and *call_value_1. Depend on TARGET_CALL_ESP.
(*call_pop_1, *call_1, *call_value_pop_1, *call_value_1):
New patterns, use "lsm" as operand 1 constraint.
* config/i386/predicates.md (call_insn_operand): Depend on
index_register_operand for !TARGET_CALL_ESP to avoid %esp register.
testsuite/ChangeLog:
PR target/41900
* gcc.target/i386/pr41900.c: New test.
Added:
branches/gcc-4_4-branch/gcc/testsuite/gcc.target/i386/pr41900.c
Modified:
branches/gcc-4_4-branch/gcc/ChangeLog
branches/gcc-4_4-branch/gcc/config/i386/i386.c
branches/gcc-4_4-branch/gcc/config/i386/i386.h
branches/gcc-4_4-branch/gcc/config/i386/i386.md
branches/gcc-4_4-branch/gcc/config/i386/predicates.md
branches/gcc-4_4-branch/gcc/testsuite/ChangeLog
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41900
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug target/41900] call *%esp shouldn't be generated because of CPU errata
2009-11-01 23:05 [Bug target/41900] New: call *%esp shouldn't be generated because of CPU errata mikulas at artax dot karlin dot mff dot cuni dot cz
` (2 preceding siblings ...)
2009-11-04 14:15 ` uros at gcc dot gnu dot org
@ 2009-11-05 8:01 ` uros at gcc dot gnu dot org
2009-11-05 8:06 ` ubizjak at gmail dot com
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: uros at gcc dot gnu dot org @ 2009-11-05 8:01 UTC (permalink / raw)
To: gcc-bugs
------- Comment #4 from uros at gcc dot gnu dot org 2009-11-05 08:01 -------
Subject: Bug 41900
Author: uros
Date: Thu Nov 5 08:01:18 2009
New Revision: 153932
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=153932
Log:
PR target/41900
* config/i386/i386.h (ix86_arch_indices) <X86_ARCH_CALL_ESP>: New.
(TARGET_CALL_ESP): New define.
* config/i386/i386.c (initial_ix86_tune_features): Initialize
X86_ARCH_CALL_ESP.
* config/i386/i386.md (*call_pop_1_esp, *call_1_esp,
*call_value_pop_1_esp, *call_value_1_esp): Rename from *call_pop_1,
*call_1, *call_value_pop_1 and *call_value_1. Depend on
TARGET_CALL_ESP.
(*call_pop_1, *call_1, *call_value_pop_1, *call_value_1):
New patterns, use "lsm" as operand 1 constraint.
* config/i386/predicates.md (call_insn_operand): Depend on
index_register_operand for !TARGET_CALL_ESP to avoid %esp register.
testsuite/ChangeLog:
PR target/41900
* gcc.target/i386/pr41900.c: New test.
Added:
branches/gcc-4_3-branch/gcc/testsuite/gcc.target/i386/pr41900.c
Modified:
branches/gcc-4_3-branch/gcc/ChangeLog
branches/gcc-4_3-branch/gcc/config/i386/i386.c
branches/gcc-4_3-branch/gcc/config/i386/i386.h
branches/gcc-4_3-branch/gcc/config/i386/i386.md
branches/gcc-4_3-branch/gcc/config/i386/predicates.md
branches/gcc-4_3-branch/gcc/testsuite/ChangeLog
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41900
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug target/41900] call *%esp shouldn't be generated because of CPU errata
2009-11-01 23:05 [Bug target/41900] New: call *%esp shouldn't be generated because of CPU errata mikulas at artax dot karlin dot mff dot cuni dot cz
` (3 preceding siblings ...)
2009-11-05 8:01 ` uros at gcc dot gnu dot org
@ 2009-11-05 8:06 ` ubizjak at gmail dot com
2009-11-13 18:34 ` uros at gcc dot gnu dot org
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: ubizjak at gmail dot com @ 2009-11-05 8:06 UTC (permalink / raw)
To: gcc-bugs
------- Comment #5 from ubizjak at gmail dot com 2009-11-05 08:06 -------
Fixed, but please also read [1] about executable stack.
[1] http://gcc.gnu.org/ml/gcc-patches/2009-11/msg00126.html
--
ubizjak at gmail dot com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |FIXED
Target Milestone|--- |4.3.5
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41900
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug target/41900] call *%esp shouldn't be generated because of CPU errata
2009-11-01 23:05 [Bug target/41900] New: call *%esp shouldn't be generated because of CPU errata mikulas at artax dot karlin dot mff dot cuni dot cz
` (4 preceding siblings ...)
2009-11-05 8:06 ` ubizjak at gmail dot com
@ 2009-11-13 18:34 ` uros at gcc dot gnu dot org
2009-11-13 19:13 ` uros at gcc dot gnu dot org
2009-11-13 19:52 ` uros at gcc dot gnu dot org
7 siblings, 0 replies; 9+ messages in thread
From: uros at gcc dot gnu dot org @ 2009-11-13 18:34 UTC (permalink / raw)
To: gcc-bugs
------- Comment #6 from uros at gcc dot gnu dot org 2009-11-13 18:33 -------
Subject: Bug 41900
Author: uros
Date: Fri Nov 13 18:33:37 2009
New Revision: 154160
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=154160
Log:
2009-11-13 Uros Bizjak <ubizjak@gmail.com>
PR target/41900
(*call_pop_1, *call_1, *call_value_pop_1, *call_value_1): Use "lsm"
as operand 1 constraint.
* config/i386/predicates.md (call_insn_operand): Depend on
index_register_operand to avoid %esp register.
2009-11-13 Uros Bizjak <ubizjak@gmail.com>
Revert:
2009-11-03 Uros Bizjak <ubizjak@gmail.com>
PR target/41900
* config/i386/i386.h (ix86_arch_indices) <X86_ARCH_CALL_ESP>: New.
(TARGET_CALL_ESP): New define.
* config/i386/i386.c (initial_ix86_tune_features): Initialize
X86_ARCH_CALL_ESP.
* config/i386/i386.md (*call_pop_1_esp, *call_1_esp,
*call_value_pop_1_esp, *call_value_1_esp): Rename from *call_pop_1,
*call_1, *call_value_pop_1 and *call_value_1. Depend on
TARGET_CALL_ESP.
(*call_pop_1, *call_1, *call_value_pop_1, *call_value_1):
New patterns, use "lsm" as operand 1 constraint.
* config/i386/predicates.md (call_insn_operand): Depend on
index_register_operand for !TARGET_CALL_ESP to avoid %esp register.
Modified:
trunk/gcc/ChangeLog
trunk/gcc/config/i386/i386.c
trunk/gcc/config/i386/i386.h
trunk/gcc/config/i386/i386.md
trunk/gcc/config/i386/predicates.md
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41900
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug target/41900] call *%esp shouldn't be generated because of CPU errata
2009-11-01 23:05 [Bug target/41900] New: call *%esp shouldn't be generated because of CPU errata mikulas at artax dot karlin dot mff dot cuni dot cz
` (5 preceding siblings ...)
2009-11-13 18:34 ` uros at gcc dot gnu dot org
@ 2009-11-13 19:13 ` uros at gcc dot gnu dot org
2009-11-13 19:52 ` uros at gcc dot gnu dot org
7 siblings, 0 replies; 9+ messages in thread
From: uros at gcc dot gnu dot org @ 2009-11-13 19:13 UTC (permalink / raw)
To: gcc-bugs
------- Comment #7 from uros at gcc dot gnu dot org 2009-11-13 19:13 -------
Subject: Bug 41900
Author: uros
Date: Fri Nov 13 19:13:16 2009
New Revision: 154169
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=154169
Log:
2009-11-13 Uros Bizjak <ubizjak@gmail.com>
PR target/41900
(*call_pop_1, *call_1, *call_value_pop_1, *call_value_1): Use "lsm"
as operand 1 constraint.
* config/i386/predicates.md (call_insn_operand): Depend on
index_register_operand to avoid %esp register.
2009-11-13 Uros Bizjak <ubizjak@gmail.com>
Revert:
2009-11-04 Uros Bizjak <ubizjak@gmail.com>
PR target/41900
* config/i386/i386.h (ix86_arch_indices) <X86_ARCH_CALL_ESP>: New.
(TARGET_CALL_ESP): New define.
* config/i386/i386.c (initial_ix86_tune_features): Initialize
X86_ARCH_CALL_ESP.
* config/i386/i386.md (*call_pop_1_esp, *call_1_esp,
*call_value_pop_1_esp, *call_value_1_esp): Rename from *call_pop_1,
*call_1, *call_value_pop_1 and *call_value_1. Depend on
TARGET_CALL_ESP.
(*call_pop_1, *call_1, *call_value_pop_1, *call_value_1):
New patterns, use "lsm" as operand 1 constraint.
* config/i386/predicates.md (call_insn_operand): Depend on
index_register_operand for !TARGET_CALL_ESP to avoid %esp register.
Modified:
branches/gcc-4_4-branch/gcc/ChangeLog
branches/gcc-4_4-branch/gcc/config/i386/i386.c
branches/gcc-4_4-branch/gcc/config/i386/i386.h
branches/gcc-4_4-branch/gcc/config/i386/i386.md
branches/gcc-4_4-branch/gcc/config/i386/predicates.md
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41900
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug target/41900] call *%esp shouldn't be generated because of CPU errata
2009-11-01 23:05 [Bug target/41900] New: call *%esp shouldn't be generated because of CPU errata mikulas at artax dot karlin dot mff dot cuni dot cz
` (6 preceding siblings ...)
2009-11-13 19:13 ` uros at gcc dot gnu dot org
@ 2009-11-13 19:52 ` uros at gcc dot gnu dot org
7 siblings, 0 replies; 9+ messages in thread
From: uros at gcc dot gnu dot org @ 2009-11-13 19:52 UTC (permalink / raw)
To: gcc-bugs
------- Comment #8 from uros at gcc dot gnu dot org 2009-11-13 19:52 -------
Subject: Bug 41900
Author: uros
Date: Fri Nov 13 19:51:52 2009
New Revision: 154171
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=154171
Log:
2009-11-13 Uros Bizjak <ubizjak@gmail.com>
PR target/41900
(*call_pop_1, *call_1, *call_value_pop_1, *call_value_1): Use "lsm"
as operand 1 constraint.
* config/i386/predicates.md (call_insn_operand): Depend on
index_register_operand to avoid %esp register.
2009-11-13 Uros Bizjak <ubizjak@gmail.com>
Revert:
2009-11-05 Uros Bizjak <ubizjak@gmail.com>
PR target/41900
* config/i386/i386.h (ix86_arch_indices) <X86_ARCH_CALL_ESP>: New.
(TARGET_CALL_ESP): New define.
* config/i386/i386.c (initial_ix86_tune_features): Initialize
X86_ARCH_CALL_ESP.
* config/i386/i386.md (*call_pop_1_esp, *call_1_esp,
*call_value_pop_1_esp, *call_value_1_esp): Rename from *call_pop_1,
*call_1, *call_value_pop_1 and *call_value_1. Depend on
TARGET_CALL_ESP.
(*call_pop_1, *call_1, *call_value_pop_1, *call_value_1):
New patterns, use "lsm" as operand 1 constraint.
* config/i386/predicates.md (call_insn_operand): Depend on
index_register_operand for !TARGET_CALL_ESP to avoid %esp register.
Modified:
branches/gcc-4_3-branch/gcc/ChangeLog
branches/gcc-4_3-branch/gcc/config/i386/i386.c
branches/gcc-4_3-branch/gcc/config/i386/i386.h
branches/gcc-4_3-branch/gcc/config/i386/i386.md
branches/gcc-4_3-branch/gcc/config/i386/predicates.md
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41900
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2009-11-13 19:52 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-11-01 23:05 [Bug target/41900] New: call *%esp shouldn't be generated because of CPU errata mikulas at artax dot karlin dot mff dot cuni dot cz
2009-11-02 9:37 ` [Bug target/41900] " ubizjak at gmail dot com
2009-11-03 7:53 ` uros at gcc dot gnu dot org
2009-11-04 14:15 ` uros at gcc dot gnu dot org
2009-11-05 8:01 ` uros at gcc dot gnu dot org
2009-11-05 8:06 ` ubizjak at gmail dot com
2009-11-13 18:34 ` uros at gcc dot gnu dot org
2009-11-13 19:13 ` uros at gcc dot gnu dot org
2009-11-13 19:52 ` uros at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).