From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id AEA11385840F; Mon, 25 Jul 2022 17:12:54 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AEA11385840F From: "amonakov at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug ipa/106437] New: Glibc marks functions that resume a returns_twice call as leaf Date: Mon, 25 Jul 2022 17:12:54 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: ipa X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: wrong-code X-Bugzilla-Severity: normal X-Bugzilla-Who: amonakov at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status keywords bug_severity priority component assigned_to reporter cc target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jul 2022 17:12:54 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D106437 Bug ID: 106437 Summary: Glibc marks functions that resume a returns_twice call as leaf Product: gcc Version: 13.0 Status: UNCONFIRMED Keywords: wrong-code Severity: normal Priority: P3 Component: ipa Assignee: unassigned at gcc dot gnu.org Reporter: amonakov at gcc dot gnu.org CC: amonakov at gcc dot gnu.org, asolokha at gmx dot com, dcb314 at hotmail dot com, hubicka at gcc dot gnu.org, marxin at gcc dot gnu.org, rguenth at gcc dot gnu.org, unassigned at gcc dot gnu.org Target Milestone: --- In tree-cfg.cc:call_can_make_abnormal_goto GCC implements an assumption that any function with the 'leaf' attribute will not transfer control to a returns_twice function. This behavior is from day 1 since attribute-leaf introduction, but the documentation says: > leaf functions are not allowed to call callback function passed to it from > current compilation unit or directly call functions exported by the unit = or > longjmp into the unit So the manual was talking about longjmp exclusively, even though probably it meant resumption of returns_twice calls in general. Today Glibc headers are marking function that can resume vfork as leaf, exe= cve being the biggest problem since it resumes vfork without being technically = UB; functions such as 'raise' and 'kill' can also resume vfork by terminating t= he current process (but pedantically it is UB to invoke them in vfork context). (there's also the point that 'raise' can invoke signal handlers synchronous= ly, and I agree with Richard that it makes it non-leaf; it's been discussed as Glibc issue previously, the most recent instance seems to be here: https://sourceware.org/bugzilla/show_bug.cgi?id=3D26802 ; ISTR there was a discussion on GCC side also, earlier) Presence of attribute-leaf makes GCC omit modeling of control flow transfer= via ABNORMAL_DISPATCHER, potentially causing miscompilation. Testcase with execve, notice absence of abnormal edges on GIMPLE: #include #include int main() { if (!vfork()) for (;;) execve("/bin/false", 0, 0); }=