From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 30279 invoked by alias); 2 Aug 2013 23:12:02 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 30216 invoked by uid 48); 2 Aug 2013 23:11:58 -0000 From: "ppluzhnikov at google dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug c/58066] New: GCC mis-compiles access to TLS variable with -fPIC on x86_64 Date: Fri, 02 Aug 2013 23:12:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c X-Bugzilla-Version: unknown X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: ppluzhnikov at google dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2013-08/txt/msg00168.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58066 Bug ID: 58066 Summary: GCC mis-compiles access to TLS variable with -fPIC on x86_64 Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: ppluzhnikov at google dot com Google ref: b/10151411 Reproduced with current trunk, but is broken since at least gcc-4.3.1. On Linux/x86_64, libstdc++.so.6 __cxa_get_globals looks like so: Dump of assembler code for function __cxa_get_globals: 0x00000000000cb430 <+0>: lea 0x233131(%rip),%rdi 0x00000000000cb437 <+7>: callq 0x4f570 <__tls_get_addr@plt> 0x00000000000cb43c <+12>: add $0x0,%rax 0x00000000000cb442 <+18>: retq This calls external function __tls_get_addr with mis-aligned stack. __tls_get_addr may itself call malloc, and malloc is user-replaceable, and may assume that stack is properly aligned (and crash when it isn't). Trivial test case: static __thread char ccc; extern "C" void* __cxa_get_globals() throw() { return &ccc; } g++ -fPIC -S -O2 t.cc results in: __cxa_get_globals: leaq _ZL3ccc@tlsld(%rip), %rdi call __tls_get_addr@PLT addq $_ZL3ccc@dtpoff, %rax ret Ian Lance Taylor says: There is code in the i386 backend that is designed to avoid this. However, it appears to have only been fully implemented for the GNU2 TLS descriptor style ... I suspect that the right fix is to add the line ix86_tls_descriptor_calls_expanded_in_cfun = true; to tls_global_dynamic_64_ and tls_local_dynamic_base_64_ in gcc/config/i386/i386.md.