From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 616A23858D37; Fri, 28 Apr 2023 10:16:58 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 616A23858D37 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1682677018; bh=YIavMOpMziuDpkAizoZxO3RUO/gxL3O6/P46aZQVUIg=; h=From:To:Subject:Date:From; b=M5rujObvgFe8cuKzQMd8FNtTfr6w2FFTe5Cpa2OpHSCf0HI/m3uvkHamZlisjUTLT dKHKFtVKmc34mIMLzEHo5ULXbWmxrz2bCS/EAi1nG2aWQ2XrUoOBzfvYJRJGZ8GqzR 7BfV1subOTvuoWFCD/TZsFqt0e5B2YKdaGpist00= From: "paul.groke at dynatrace dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/109665] New: Incorrect code generation for s390/s390x try-catch (__cxa_begin_catch), causing SIGSEGV Date: Fri, 28 Apr 2023 10:16:57 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Version: 12.2.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: paul.groke at dynatrace dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109665 Bug ID: 109665 Summary: Incorrect code generation for s390/s390x try-catch (__cxa_begin_catch), causing SIGSEGV Product: gcc Version: 12.2.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: paul.groke at dynatrace dot com Target Milestone: --- In certain situations, GCC generates incorrect s390x code for calling `__cxa_begin_catch`. The bogus code contains a `lghi %r2,0` right before calling `__cxa_begin_catch`. r2 is the register for the first and only argu= ment of `__cxa_begin_catch`, which is a pointer to some struct related to the exception. And when called with a nullptr, `__cxa_begin_catch` will crash (SIGSEGV). s390 (`-m31`) is also affected. To reproduce, compile the following on Linux/s390x with at least `-O1`: ``` void f2(int, int, int, int, int); void f1() { try { f2(42, 42, 42, 42, 0); // SIGSEGV } catch (...) { } } ``` The resulting code with GCC 12.2.0 is this: ``` f1(): stmg %r6,%r15,48(%r15) lghi %r5,42 aghi %r15,-160 lghi %r6,0 lghi %r4,42 lghi %r3,42 lghi %r2,42 brasl %r14,_Z2f2iiiii@PLT lg %r4,272(%r15) lmg %r6,%r15,208(%r15) br %r4 lghi %r2,0 brasl %r14,__cxa_begin_catch@PLT lmg %r6,%r15,208(%r15) jg __cxa_end_catch@PLT ``` See https://godbolt.org/z/TTYr63oM3 The correct code has an `lgr %r2,%r6` instead of the `lghi %r2,0`. The bug seems to be dependent on several factors: - The last thing in the try-catch is a function call with at least 5 parame= ters (Note that I only tested with parameter types that each fit into a general purpose register though) - The 5th argument must be a zero constant (0, false, ...) - The try-catch contains a "catch (...)" handler - At least `-O1` is used - The function call is not inlined/no constant propagation happens I found the bug with GCC 9.5.0 but it also happens with at least 11.2.0, 12= .1.0 and 12.2.0 (tested with godbolt.org). I don't have newer GCC versions for s= 390x handy, so I didn't test with those.=