From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 49DDA3858C55; Thu, 13 Oct 2022 13:21:17 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 49DDA3858C55 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1665667277; bh=h5VtbVPshXJ//kIAYGeQ4xp7Ax9FfOU3SdIHv1RCowo=; h=From:To:Subject:Date:From; b=n5iit1qgHAl3QhvxW8TZQJ9l1xuunqkiEqnOnHV3FmVc6dInBLqTSjnFRelZyT3oH JHDioNSfu65duLewE40pJsnex8PgEWtv8YVqtXBs1UtwH8pEiSfTNVx7kc00bshtxU Wb0aUGOmJcEL1oFywOl5YXY/meEZMn0ZvJ7J+Bts= From: "dennis.borde at ohb dot de" To: gcc-bugs@gcc.gnu.org Subject: [Bug rtl-optimization/107248] New: Sparc V8 Invalid Stack Pointer Code Date: Thu, 13 Oct 2022 13:21:16 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: rtl-optimization X-Bugzilla-Version: 7.1.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: dennis.borde at ohb dot de X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D107248 Bug ID: 107248 Summary: Sparc V8 Invalid Stack Pointer Code Product: gcc Version: 7.1.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: rtl-optimization Assignee: unassigned at gcc dot gnu.org Reporter: dennis.borde at ohb dot de Target Milestone: --- Created attachment 53700 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=3D53700&action=3Dedit source code to trigger the bug Environment: GCC V7.1.0, Sparc V8, RTEMS V4.8.0 When compiling with optimization level -O2 (including -fschedule-insns2) the compiler generates code like this: (1) add %sp, 0x50, %g1 (2) add %sp, 0x50, %sp (3) add %g1, %o0, %o0 (4) ld [ %o0 + -8 ], %o0 In line (2) the stack pointer is moved by 80 bytes forward, which means mem= ory is "freed". In line (4) it accesses the "freed" stack memory. When an interrupt occurs in between line (2) and (4) it will overwrite the stack data and "corrupt" it for the reading in line (4). E.g.: As part of the RTEMS _ISR_Handler() the interrupt stack frame is stor= ed (see label symbol save_isf). For more information see RTEMS source code. However, this is just one example to show the order of instructions above is not safe. It is not important for the bug itself. Work-around: Compile with -fno-schedule-insns2 With the work-around the generated code looks like this: (1) add %sp, 0x50, %g1 (2) add %g1, %o0, %o0 (3) ld [ %o0 + -8 ], %o0 (4) add %sp, 0x50, %sp=20 Here the stack memory is "freed" (4) after the access (3). It seems to be related to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D38644=