public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug target/100211] New: aarch64: OOB accesses in aarch64_{save,restore}_callee_saves
@ 2021-04-22 14:28 acoplan at gcc dot gnu.org
2021-07-19 7:51 ` [Bug target/100211] [9/10/11/12 Regression] " pinskia at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: acoplan at gcc dot gnu.org @ 2021-04-22 14:28 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100211
Bug ID: 100211
Summary: aarch64: OOB accesses in
aarch64_{save,restore}_callee_saves
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: acoplan at gcc dot gnu.org
Target Milestone: ---
Bootstrapping on aarch64 --with-build-config=bootstrap-ubsan shows OOB accesses
in aarch64_{save,restore}_callee_saves with the following SVE testcase (reduced
from gcc.target/aarch64/sve/acle/general/cpy_1.c).
$ cat sve_test.c
#include <arm_sve.h>
svuint64_t a() {
register svbool_t b asm("p15");
asm("" : "=Upa"(b));
}
$ gcc/xgcc -B gcc sve_test.c -c -march=armv8.2-a+sve
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.c:7754:57: runtime
error: index 83 out of bounds for type 'bool [83]'
#0 0x2de50e4 in aarch64_save_callee_saves
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.c:7754
#1 0x2e25d48 in aarch64_expand_prologue()
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.c:8776
#2 0x3bdfad4 in gen_prologue()
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.md:852
#3 0x2da1610 in target_gen_prologue
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.md:7444
#4 0x11d210c in make_prologue_seq
/home/alecop01/toolchain/src/gcc/gcc/function.c:5801
#5 0x11d27bc in thread_prologue_and_epilogue_insns()
/home/alecop01/toolchain/src/gcc/gcc/function.c:6019
#6 0x11d4a24 in rest_of_handle_thread_prologue_and_epilogue
/home/alecop01/toolchain/src/gcc/gcc/function.c:6510
#7 0x11d4a24 in execute
/home/alecop01/toolchain/src/gcc/gcc/function.c:6586
#8 0x1b5ec1c in execute_one_pass(opt_pass*)
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2567
#9 0x1b623b8 in execute_pass_list_1
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2656
#10 0x1b623f0 in execute_pass_list_1
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2657
#11 0x1b623f0 in execute_pass_list_1
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2657
#12 0x1b624d4 in execute_pass_list(function*, opt_pass*)
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2667
#13 0xc7b2a4 in cgraph_node::expand()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:1830
#14 0xc7fa90 in output_in_order
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2137
#15 0xc7fa90 in symbol_table::compile()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2355
#16 0xc8b81c in symbol_table::compile()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2271
#17 0xc8b81c in symbol_table::finalize_compilation_unit()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2539
#18 0x1f97478 in compile_file
/home/alecop01/toolchain/src/gcc/gcc/toplev.c:482
#19 0x68d9b0 in do_compile
/home/alecop01/toolchain/src/gcc/gcc/toplev.c:2201
#20 0x68d9b0 in toplev::main(int, char**)
/home/alecop01/toolchain/src/gcc/gcc/toplev.c:2340
#21 0x6910d0 in main /home/alecop01/toolchain/src/gcc/gcc/main.c:39
#22 0xffff881b66dc in __libc_start_main
(/lib/aarch64-linux-gnu/libc.so.6+0x206dc)
#23 0x691b2c (/data/alecop01/builds/bstrap-ubsan/gcc/cc1+0x691b2c)
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.c:7855:57: runtime
error: index 83 out of bounds for type 'bool [83]'
#0 0x2de26e8 in aarch64_restore_callee_saves
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.c:7855
#1 0x2de363c in aarch64_expand_epilogue(bool)
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.c:8888
#2 0x3bdfb4c in gen_epilogue()
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.md:861
#3 0x2da14bc in target_gen_epilogue
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.md:7193
#4 0x11d2338 in make_epilogue_seq
/home/alecop01/toolchain/src/gcc/gcc/function.c:5938
#5 0x11d27c4 in thread_prologue_and_epilogue_insns()
/home/alecop01/toolchain/src/gcc/gcc/function.c:6020
#6 0x11d4a24 in rest_of_handle_thread_prologue_and_epilogue
/home/alecop01/toolchain/src/gcc/gcc/function.c:6510
#7 0x11d4a24 in execute
/home/alecop01/toolchain/src/gcc/gcc/function.c:6586
#8 0x1b5ec1c in execute_one_pass(opt_pass*)
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2567
#9 0x1b623b8 in execute_pass_list_1
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2656
#10 0x1b623f0 in execute_pass_list_1
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2657
#11 0x1b623f0 in execute_pass_list_1
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2657
#12 0x1b624d4 in execute_pass_list(function*, opt_pass*)
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2667
#13 0xc7b2a4 in cgraph_node::expand()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:1830
#14 0xc7fa90 in output_in_order
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2137
#15 0xc7fa90 in symbol_table::compile()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2355
#16 0xc8b81c in symbol_table::compile()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2271
#17 0xc8b81c in symbol_table::finalize_compilation_unit()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2539
#18 0x1f97478 in compile_file
/home/alecop01/toolchain/src/gcc/gcc/toplev.c:482
#19 0x68d9b0 in do_compile
/home/alecop01/toolchain/src/gcc/gcc/toplev.c:2201
#20 0x68d9b0 in toplev::main(int, char**)
/home/alecop01/toolchain/src/gcc/gcc/toplev.c:2340
#21 0x6910d0 in main /home/alecop01/toolchain/src/gcc/gcc/main.c:39
#22 0xffff881b66dc in __libc_start_main
(/lib/aarch64-linux-gnu/libc.so.6+0x206dc)
#23 0x691b2c (/data/alecop01/builds/bstrap-ubsan/gcc/cc1+0x691b2c)
^ permalink raw reply [flat|nested] 6+ messages in thread* [Bug target/100211] [9/10/11/12 Regression] aarch64: OOB accesses in aarch64_{save,restore}_callee_saves
2021-04-22 14:28 [Bug target/100211] New: aarch64: OOB accesses in aarch64_{save,restore}_callee_saves acoplan at gcc dot gnu.org
@ 2021-07-19 7:51 ` pinskia at gcc dot gnu.org
2022-01-21 12:18 ` rguenth at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2021-07-19 7:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100211
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2021-07-19
Summary|aarch64: OOB accesses in |[9/10/11/12 Regression]
|aarch64_{save,restore}_call |aarch64: OOB accesses in
|ee_saves |aarch64_{save,restore}_call
| |ee_saves
Known to work| |6.0
Status|UNCONFIRMED |NEW
Target Milestone|--- |9.5
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
The loop does:
for (regno = aarch64_next_callee_save (start, limit);
regno <= limit;
regno = aarch64_next_callee_save (regno + 1, limit))
Really this:
bool reg_is_wrapped_separately[LAST_SAVED_REGNUM];
Should be:
bool reg_is_wrapped_separately[LAST_SAVED_REGNUM + 1];
In aarch64.h. It has been wrong since r7-5127 .
^ permalink raw reply [flat|nested] 6+ messages in thread* [Bug target/100211] [9/10/11/12 Regression] aarch64: OOB accesses in aarch64_{save,restore}_callee_saves
2021-04-22 14:28 [Bug target/100211] New: aarch64: OOB accesses in aarch64_{save,restore}_callee_saves acoplan at gcc dot gnu.org
2021-07-19 7:51 ` [Bug target/100211] [9/10/11/12 Regression] " pinskia at gcc dot gnu.org
@ 2022-01-21 12:18 ` rguenth at gcc dot gnu.org
2022-05-27 9:45 ` [Bug target/100211] [10/11/12/13 " rguenth at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-01-21 12:18 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100211
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |internal-improvement
Priority|P3 |P2
^ permalink raw reply [flat|nested] 6+ messages in thread* [Bug target/100211] [10/11/12/13 Regression] aarch64: OOB accesses in aarch64_{save,restore}_callee_saves
2021-04-22 14:28 [Bug target/100211] New: aarch64: OOB accesses in aarch64_{save,restore}_callee_saves acoplan at gcc dot gnu.org
2021-07-19 7:51 ` [Bug target/100211] [9/10/11/12 Regression] " pinskia at gcc dot gnu.org
2022-01-21 12:18 ` rguenth at gcc dot gnu.org
@ 2022-05-27 9:45 ` rguenth at gcc dot gnu.org
2022-06-28 10:44 ` jakub at gcc dot gnu.org
2023-07-07 10:39 ` [Bug target/100211] [11/12/13/14 " rguenth at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-05-27 9:45 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100211
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|9.5 |10.4
--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 9 branch is being closed
^ permalink raw reply [flat|nested] 6+ messages in thread* [Bug target/100211] [10/11/12/13 Regression] aarch64: OOB accesses in aarch64_{save,restore}_callee_saves
2021-04-22 14:28 [Bug target/100211] New: aarch64: OOB accesses in aarch64_{save,restore}_callee_saves acoplan at gcc dot gnu.org
` (2 preceding siblings ...)
2022-05-27 9:45 ` [Bug target/100211] [10/11/12/13 " rguenth at gcc dot gnu.org
@ 2022-06-28 10:44 ` jakub at gcc dot gnu.org
2023-07-07 10:39 ` [Bug target/100211] [11/12/13/14 " rguenth at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: jakub at gcc dot gnu.org @ 2022-06-28 10:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100211
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|10.4 |10.5
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
GCC 10.4 is being released, retargeting bugs to GCC 10.5.
^ permalink raw reply [flat|nested] 6+ messages in thread* [Bug target/100211] [11/12/13/14 Regression] aarch64: OOB accesses in aarch64_{save,restore}_callee_saves
2021-04-22 14:28 [Bug target/100211] New: aarch64: OOB accesses in aarch64_{save,restore}_callee_saves acoplan at gcc dot gnu.org
` (3 preceding siblings ...)
2022-06-28 10:44 ` jakub at gcc dot gnu.org
@ 2023-07-07 10:39 ` rguenth at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-07-07 10:39 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100211
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|10.5 |11.5
--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 10 branch is being closed.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-07-07 10:39 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-22 14:28 [Bug target/100211] New: aarch64: OOB accesses in aarch64_{save,restore}_callee_saves acoplan at gcc dot gnu.org
2021-07-19 7:51 ` [Bug target/100211] [9/10/11/12 Regression] " pinskia at gcc dot gnu.org
2022-01-21 12:18 ` rguenth at gcc dot gnu.org
2022-05-27 9:45 ` [Bug target/100211] [10/11/12/13 " rguenth at gcc dot gnu.org
2022-06-28 10:44 ` jakub at gcc dot gnu.org
2023-07-07 10:39 ` [Bug target/100211] [11/12/13/14 " rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).