From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 5E3EB389443A; Thu, 22 Apr 2021 14:28:57 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5E3EB389443A
From: "acoplan at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug target/100211] New: aarch64: OOB accesses in
 aarch64_{save,restore}_callee_saves
Date: Thu, 22 Apr 2021 14:28:57 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: target
X-Bugzilla-Version: 11.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: acoplan at gcc dot gnu.org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
Message-ID: <bug-100211-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Apr 2021 14:28:57 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D100211

            Bug ID: 100211
           Summary: aarch64: OOB accesses in
                    aarch64_{save,restore}_callee_saves
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: target
          Assignee: unassigned at gcc dot gnu.org
          Reporter: acoplan at gcc dot gnu.org
  Target Milestone: ---

Bootstrapping on aarch64 --with-build-config=3Dbootstrap-ubsan shows OOB ac=
cesses
in aarch64_{save,restore}_callee_saves with the following SVE testcase (red=
uced
from gcc.target/aarch64/sve/acle/general/cpy_1.c).

$ cat sve_test.c
#include <arm_sve.h>
svuint64_t a() {
  register svbool_t b asm("p15");
  asm("" : "=3DUpa"(b));
}
$ gcc/xgcc -B gcc sve_test.c -c -march=3Darmv8.2-a+sve
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.c:7754:57: runt=
ime
error: index 83 out of bounds for type 'bool [83]'
    #0 0x2de50e4 in aarch64_save_callee_saves
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.c:7754
    #1 0x2e25d48 in aarch64_expand_prologue()
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.c:8776
    #2 0x3bdfad4 in gen_prologue()
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.md:852
    #3 0x2da1610 in target_gen_prologue
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.md:7444
    #4 0x11d210c in make_prologue_seq
/home/alecop01/toolchain/src/gcc/gcc/function.c:5801
    #5 0x11d27bc in thread_prologue_and_epilogue_insns()
/home/alecop01/toolchain/src/gcc/gcc/function.c:6019
    #6 0x11d4a24 in rest_of_handle_thread_prologue_and_epilogue
/home/alecop01/toolchain/src/gcc/gcc/function.c:6510
    #7 0x11d4a24 in execute
/home/alecop01/toolchain/src/gcc/gcc/function.c:6586
    #8 0x1b5ec1c in execute_one_pass(opt_pass*)
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2567
    #9 0x1b623b8 in execute_pass_list_1
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2656
    #10 0x1b623f0 in execute_pass_list_1
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2657
    #11 0x1b623f0 in execute_pass_list_1
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2657
    #12 0x1b624d4 in execute_pass_list(function*, opt_pass*)
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2667
    #13 0xc7b2a4 in cgraph_node::expand()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:1830
    #14 0xc7fa90 in output_in_order
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2137
    #15 0xc7fa90 in symbol_table::compile()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2355
    #16 0xc8b81c in symbol_table::compile()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2271
    #17 0xc8b81c in symbol_table::finalize_compilation_unit()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2539
    #18 0x1f97478 in compile_file
/home/alecop01/toolchain/src/gcc/gcc/toplev.c:482
    #19 0x68d9b0 in do_compile
/home/alecop01/toolchain/src/gcc/gcc/toplev.c:2201
    #20 0x68d9b0 in toplev::main(int, char**)
/home/alecop01/toolchain/src/gcc/gcc/toplev.c:2340
    #21 0x6910d0 in main /home/alecop01/toolchain/src/gcc/gcc/main.c:39
    #22 0xffff881b66dc in __libc_start_main
(/lib/aarch64-linux-gnu/libc.so.6+0x206dc)
    #23 0x691b2c  (/data/alecop01/builds/bstrap-ubsan/gcc/cc1+0x691b2c)

/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.c:7855:57: runt=
ime
error: index 83 out of bounds for type 'bool [83]'
    #0 0x2de26e8 in aarch64_restore_callee_saves
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.c:7855
    #1 0x2de363c in aarch64_expand_epilogue(bool)
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.c:8888
    #2 0x3bdfb4c in gen_epilogue()
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.md:861
    #3 0x2da14bc in target_gen_epilogue
/home/alecop01/toolchain/src/gcc/gcc/config/aarch64/aarch64.md:7193
    #4 0x11d2338 in make_epilogue_seq
/home/alecop01/toolchain/src/gcc/gcc/function.c:5938
    #5 0x11d27c4 in thread_prologue_and_epilogue_insns()
/home/alecop01/toolchain/src/gcc/gcc/function.c:6020
    #6 0x11d4a24 in rest_of_handle_thread_prologue_and_epilogue
/home/alecop01/toolchain/src/gcc/gcc/function.c:6510
    #7 0x11d4a24 in execute
/home/alecop01/toolchain/src/gcc/gcc/function.c:6586
    #8 0x1b5ec1c in execute_one_pass(opt_pass*)
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2567
    #9 0x1b623b8 in execute_pass_list_1
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2656
    #10 0x1b623f0 in execute_pass_list_1
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2657
    #11 0x1b623f0 in execute_pass_list_1
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2657
    #12 0x1b624d4 in execute_pass_list(function*, opt_pass*)
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2667
    #13 0xc7b2a4 in cgraph_node::expand()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:1830
    #14 0xc7fa90 in output_in_order
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2137
    #15 0xc7fa90 in symbol_table::compile()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2355
    #16 0xc8b81c in symbol_table::compile()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2271
    #17 0xc8b81c in symbol_table::finalize_compilation_unit()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2539
    #18 0x1f97478 in compile_file
/home/alecop01/toolchain/src/gcc/gcc/toplev.c:482
    #19 0x68d9b0 in do_compile
/home/alecop01/toolchain/src/gcc/gcc/toplev.c:2201
    #20 0x68d9b0 in toplev::main(int, char**)
/home/alecop01/toolchain/src/gcc/gcc/toplev.c:2340
    #21 0x6910d0 in main /home/alecop01/toolchain/src/gcc/gcc/main.c:39
    #22 0xffff881b66dc in __libc_start_main
(/lib/aarch64-linux-gnu/libc.so.6+0x206dc)
    #23 0x691b2c  (/data/alecop01/builds/bstrap-ubsan/gcc/cc1+0x691b2c)=