public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "amonakov at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug ipa/106437] New: Glibc marks functions that resume a returns_twice call as leaf
Date: Mon, 25 Jul 2022 17:12:54 +0000 [thread overview]
Message-ID: <bug-106437-4@http.gcc.gnu.org/bugzilla/> (raw)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106437
Bug ID: 106437
Summary: Glibc marks functions that resume a returns_twice call
as leaf
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Keywords: wrong-code
Severity: normal
Priority: P3
Component: ipa
Assignee: unassigned at gcc dot gnu.org
Reporter: amonakov at gcc dot gnu.org
CC: amonakov at gcc dot gnu.org, asolokha at gmx dot com,
dcb314 at hotmail dot com, hubicka at gcc dot gnu.org,
marxin at gcc dot gnu.org, rguenth at gcc dot gnu.org,
unassigned at gcc dot gnu.org
Target Milestone: ---
In tree-cfg.cc:call_can_make_abnormal_goto GCC implements an assumption that
any function with the 'leaf' attribute will not transfer control to a
returns_twice function. This behavior is from day 1 since attribute-leaf
introduction, but the documentation says:
> leaf functions are not allowed to call callback function passed to it from
> current compilation unit or directly call functions exported by the unit or
> longjmp into the unit
So the manual was talking about longjmp exclusively, even though probably it
meant resumption of returns_twice calls in general.
Today Glibc headers are marking function that can resume vfork as leaf, execve
being the biggest problem since it resumes vfork without being technically UB;
functions such as 'raise' and 'kill' can also resume vfork by terminating the
current process (but pedantically it is UB to invoke them in vfork context).
(there's also the point that 'raise' can invoke signal handlers synchronously,
and I agree with Richard that it makes it non-leaf; it's been discussed as
Glibc issue previously, the most recent instance seems to be here:
https://sourceware.org/bugzilla/show_bug.cgi?id=26802 ; ISTR there was a
discussion on GCC side also, earlier)
Presence of attribute-leaf makes GCC omit modeling of control flow transfer via
ABNORMAL_DISPATCHER, potentially causing miscompilation.
Testcase with execve, notice absence of abnormal edges on GIMPLE:
#include <unistd.h>
#include <signal.h>
int main()
{
if (!vfork())
for (;;) execve("/bin/false", 0, 0);
}
next reply other threads:[~2022-07-25 17:12 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-25 17:12 amonakov at gcc dot gnu.org [this message]
2022-07-25 17:25 ` [Bug ipa/106437] " amonakov at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-106437-4@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).