From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id DD7DF3858C5F; Tue, 12 Mar 2024 05:10:57 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DD7DF3858C5F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1710220257; bh=qwzy5exWBy0CVbb2qMJ01g+atHNRQ9jv0NkFRNSkTpI=; h=From:To:Subject:Date:In-Reply-To:References:From; b=wqMEmppE7Y4v5Vp3IQy9gXAYmEcqqh8W55dTdzzm1YCvjNKJjCGFgV9FanG+jZZCy FIQh2slE/tNMNmijQ9bBpItdgyRTcIqk5BsDHny619QKnkjQg9SxCoGIaz5wyO+SiI xwe5x/nW7pGnYYqSjRLgffJaKqHHAffQh0jh6KYg= From: "liuhongt at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug target/110027] [11/12/13/14 regression] Misaligned vector store on detect_stack_use_after_return Date: Tue, 12 Mar 2024 05:10:55 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: target X-Bugzilla-Version: 13.1.1 X-Bugzilla-Keywords: wrong-code X-Bugzilla-Severity: normal X-Bugzilla-Who: liuhongt at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D110027 --- Comment #13 from Hongtao Liu --- So the stack is like ----------- stack top -32 --------- (offset -32) -64 (32 bytes redzone) --------- (offset -64) -128 (64 bytes __m512) -------- (offset -128) (32-bytes redzone) -------(offset -160) <--- __asan_stack_malloc_128 try to allocate an buff= er=20 /* Emit the prologue sequence. */ if (asan_frame_size > 32 && asan_frame_size <=3D 65536 && pbase && param_asan_use_after_return) { use_after_return_class =3D floor_log2 (asan_frame_size - 1) - 5; /* __asan_stack_malloc_N guarantees alignment N < 6 ? (64 << N) : 4096 bytes. */ if (alignb > (use_after_return_class < 6 ? (64U << use_after_return_class) : 4096U)) use_after_return_class =3D -1; else if (alignb > ASAN_RED_ZONE_SIZE && (asan_frame_size & (alignb - = 1))) base_align_bias =3D ((asan_frame_size + alignb - 1) & ~(alignb - HOST_WIDE_INT_1)) - asan_frame_size; } /* Align base if target is STRICT_ALIGNMENT. */ if (STRICT_ALIGNMENT) { const HOST_WIDE_INT align =3D (GET_MODE_ALIGNMENT (SImode) / BITS_PER_UNIT) << ASAN_SHADOW_SH= IFT; base =3D expand_binop (Pmode, and_optab, base, gen_int_mode (-align, Pmode), NULL_RTX, 1, OPTAB_DIRECT); } if (use_after_return_class =3D=3D -1 && pbase) emit_move_insn (pbase, base); base =3D expand_binop (Pmode, add_optab, base, gen_int_mode (base_offset - base_align_bias, Pmode), NULL_RTX, 1, OPTAB_DIRECT); ---------- suspicious add orig_base =3D NULL_RTX; if (use_after_return_class !=3D -1) { ... ret =3D emit_library_call_value (ret, NULL_RTX, LCT_NORMAL, ptr_mode, GEN_INT (asan_frame_size + base_align_bias), TYPE_MODE (pointer_sized_int_node)); /* __asan_stack_malloc_[n] returns a pointer to fake stack if succeed= ed and NULL otherwise. Check RET value is NULL here and jump over the BASE reassignment in this case. Otherwise, reassign BASE to RET. = */ emit_cmp_and_jump_insns (ret, const0_rtx, EQ, NULL_RTX, VOIDmode, 0, lab, profile_probability:: very_unlikely ()); ret =3D convert_memory_address (Pmode, ret); emit_move_insn (base, ret); emit_label (lab); emit_move_insn (pbase, expand_binop (Pmode, add_optab, base, gen_int_mode (base_align_bias - base_offset, Pmo= de), NULL_RTX, 1, OPTAB_DIRECT)); base_align_bias is calculated to make (asan_frame_size(128) + base_align_bias(0)) be multiple of alignb (64), but didn't make `base_offs= et (160) - base_align_bias (0)` be multiple of 64, so when __asan_stack_malloc= _128 return an address aligned to 64, and then plus (base_offset (160) - base_align_bias (0)), it's misaligned.=