* [Bug target/58854] [ARM 4.8 regression] "sub sp, fp, #40" hoisted above frame accesses
2013-10-23 17:40 [Bug target/58854] New: [ARM 4.8 regression] "sub sp, fp, #40" hoisted above frame accesses bccheng at android dot com
@ 2013-10-23 17:42 ` bccheng at android dot com
2013-10-23 17:51 ` [Bug target/58854] [4.8 " pinskia at gcc dot gnu.org
` (9 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: bccheng at android dot com @ 2013-10-23 17:42 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854
--- Comment #1 from bccheng at android dot com ---
Created attachment 31083
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=31083&action=edit
stripped from kernel 3.4 fs/dcache.c
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug target/58854] [4.8 regression] "sub sp, fp, #40" hoisted above frame accesses
2013-10-23 17:40 [Bug target/58854] New: [ARM 4.8 regression] "sub sp, fp, #40" hoisted above frame accesses bccheng at android dot com
2013-10-23 17:42 ` [Bug target/58854] " bccheng at android dot com
@ 2013-10-23 17:51 ` pinskia at gcc dot gnu.org
2013-10-24 22:50 ` mikpelinux at gmail dot com
` (8 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: pinskia at gcc dot gnu.org @ 2013-10-23 17:51 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |wrong-code
Target| |arm-linux-gnueabi
Target Milestone|--- |4.8.3
Summary|[ARM 4.8 regression] "sub |[4.8 regression] "sub sp,
|sp, fp, #40" hoisted above |fp, #40" hoisted above
|frame accesses |frame accesses
Severity|major |normal
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug target/58854] [4.8 regression] "sub sp, fp, #40" hoisted above frame accesses
2013-10-23 17:40 [Bug target/58854] New: [ARM 4.8 regression] "sub sp, fp, #40" hoisted above frame accesses bccheng at android dot com
2013-10-23 17:42 ` [Bug target/58854] " bccheng at android dot com
2013-10-23 17:51 ` [Bug target/58854] [4.8 " pinskia at gcc dot gnu.org
@ 2013-10-24 22:50 ` mikpelinux at gmail dot com
2013-10-29 13:40 ` ramana at gcc dot gnu.org
` (7 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: mikpelinux at gmail dot com @ 2013-10-24 22:50 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854
Mikael Pettersson <mikpelinux at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mikpelinux at gmail dot com
--- Comment #2 from Mikael Pettersson <mikpelinux at gmail dot com> ---
Started with r188742. The code generation difference at that revision is:
@@ -115,16 +115,17 @@
bne .L6
.L9:
ldr r3, [fp, #-56]
+ sub sp, fp, #40
ldr r2, [fp, #-60]
+ mov r0, sl
str r6, [r3, #0]
ldr r3, [fp, #-52]
str r2, [r3, #0]
- b .L8
+ ldmfd sp, {r4, r5, r6, r7, r8, r9, sl, fp, sp, pc}
.L2:
+ sub sp, fp, #40
mov sl, #0
-.L8:
mov r0, sl
- sub sp, fp, #40
ldmfd sp, {r4, r5, r6, r7, r8, r9, sl, fp, sp, pc}
.L28:
b .L23
Hoisting "sub sp, fp, #40" causes several loads, via FP minus an offset, to
access locations below SP, and thus be vulnerable to clobbers from asynchronous
calls (signal handles in user-space, exception handlers in the kernel as is the
case here).
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug target/58854] [4.8 regression] "sub sp, fp, #40" hoisted above frame accesses
2013-10-23 17:40 [Bug target/58854] New: [ARM 4.8 regression] "sub sp, fp, #40" hoisted above frame accesses bccheng at android dot com
` (2 preceding siblings ...)
2013-10-24 22:50 ` mikpelinux at gmail dot com
@ 2013-10-29 13:40 ` ramana at gcc dot gnu.org
2013-10-29 13:46 ` ramana at gcc dot gnu.org
` (6 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: ramana at gcc dot gnu.org @ 2013-10-29 13:40 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854
Ramana Radhakrishnan <ramana at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |ASSIGNED
Last reconfirmed| |2013-10-29
CC| |ramana at gcc dot gnu.org
Known to work| |4.7.3
Ever confirmed|0 |1
Known to fail| |4.8.0, 4.8.1, 4.9.0
--- Comment #3 from Ramana Radhakrishnan <ramana at gcc dot gnu.org> ---
Confirmed. The problem appears to show up with the use of mapcs on the command
line. Mine.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug target/58854] [4.8 regression] "sub sp, fp, #40" hoisted above frame accesses
2013-10-23 17:40 [Bug target/58854] New: [ARM 4.8 regression] "sub sp, fp, #40" hoisted above frame accesses bccheng at android dot com
` (3 preceding siblings ...)
2013-10-29 13:40 ` ramana at gcc dot gnu.org
@ 2013-10-29 13:46 ` ramana at gcc dot gnu.org
2013-10-29 14:53 ` ramana at gcc dot gnu.org
` (5 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: ramana at gcc dot gnu.org @ 2013-10-29 13:46 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854
--- Comment #4 from Ramana Radhakrishnan <ramana at gcc dot gnu.org> ---
(In reply to Ramana Radhakrishnan from comment #3)
> Confirmed. The problem appears to show up with the use of mapcs on the
> command line. Mine.
sched2 moves this ahead - smells familiar.
Ramana
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug target/58854] [4.8 regression] "sub sp, fp, #40" hoisted above frame accesses
2013-10-23 17:40 [Bug target/58854] New: [ARM 4.8 regression] "sub sp, fp, #40" hoisted above frame accesses bccheng at android dot com
` (4 preceding siblings ...)
2013-10-29 13:46 ` ramana at gcc dot gnu.org
@ 2013-10-29 14:53 ` ramana at gcc dot gnu.org
2013-10-29 22:33 ` bccheng at android dot com
` (4 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: ramana at gcc dot gnu.org @ 2013-10-29 14:53 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854
--- Comment #5 from Ramana Radhakrishnan <ramana at gcc dot gnu.org> ---
Created attachment 31105
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=31105&action=edit
lightly tested patch.
completely untested but appears to fix the problem - Ben, can you please try
this patch and see if fixes your issues ?
regards
Ramana
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug target/58854] [4.8 regression] "sub sp, fp, #40" hoisted above frame accesses
2013-10-23 17:40 [Bug target/58854] New: [ARM 4.8 regression] "sub sp, fp, #40" hoisted above frame accesses bccheng at android dot com
` (5 preceding siblings ...)
2013-10-29 14:53 ` ramana at gcc dot gnu.org
@ 2013-10-29 22:33 ` bccheng at android dot com
2013-10-30 10:54 ` ramana at gcc dot gnu.org
` (3 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: bccheng at android dot com @ 2013-10-29 22:33 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854
--- Comment #6 from bccheng at android dot com ---
Patch appears to be working:
c012c7ec: e51b3034 ldr r3, [fp, #-52] ; 0x34
c012c7f0: e51b203c ldr r2, [fp, #-60] ; 0x3c
c012c7f4: e51b0038 ldr r0, [fp, #-56] ; 0x38
c012c7f8: e5836000 str r6, [r3]
c012c7fc: e51b3030 ldr r3, [fp, #-48] ; 0x30
c012c800: e5832000 str r2, [r3]
c012c804: e24bd028 sub sp, fp, #40 ; 0x28
c012c808: e89daff0 ldm sp, {r4, r5, r6, r7, r8, r9, sl, fp,
sp, pc}
Thanks!
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug target/58854] [4.8 regression] "sub sp, fp, #40" hoisted above frame accesses
2013-10-23 17:40 [Bug target/58854] New: [ARM 4.8 regression] "sub sp, fp, #40" hoisted above frame accesses bccheng at android dot com
` (6 preceding siblings ...)
2013-10-29 22:33 ` bccheng at android dot com
@ 2013-10-30 10:54 ` ramana at gcc dot gnu.org
2013-11-11 9:38 ` ramana at gcc dot gnu.org
` (2 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: ramana at gcc dot gnu.org @ 2013-10-30 10:54 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854
--- Comment #7 from Ramana Radhakrishnan <ramana at gcc dot gnu.org> ---
Author: ramana
Date: Wed Oct 30 10:54:04 2013
New Revision: 204203
URL: http://gcc.gnu.org/viewcvs?rev=204203&root=gcc&view=rev
Log:
Fix PR target/58854
2013-10-30 Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
PR target/58854
* config/arm/arm.c (arm_expand_epilogue_apcs_frame): Emit blockage.
Modified:
trunk/gcc/ChangeLog
trunk/gcc/config/arm/arm.c
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug target/58854] [4.8 regression] "sub sp, fp, #40" hoisted above frame accesses
2013-10-23 17:40 [Bug target/58854] New: [ARM 4.8 regression] "sub sp, fp, #40" hoisted above frame accesses bccheng at android dot com
` (7 preceding siblings ...)
2013-10-30 10:54 ` ramana at gcc dot gnu.org
@ 2013-11-11 9:38 ` ramana at gcc dot gnu.org
2014-01-01 2:57 ` minktee at hotmail dot com
2014-01-01 3:59 ` minktee at hotmail dot com
10 siblings, 0 replies; 12+ messages in thread
From: ramana at gcc dot gnu.org @ 2013-11-11 9:38 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854
Ramana Radhakrishnan <ramana at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #9 from Ramana Radhakrishnan <ramana at gcc dot gnu.org> ---
Now fixed.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug target/58854] [4.8 regression] "sub sp, fp, #40" hoisted above frame accesses
2013-10-23 17:40 [Bug target/58854] New: [ARM 4.8 regression] "sub sp, fp, #40" hoisted above frame accesses bccheng at android dot com
` (8 preceding siblings ...)
2013-11-11 9:38 ` ramana at gcc dot gnu.org
@ 2014-01-01 2:57 ` minktee at hotmail dot com
2014-01-01 3:59 ` minktee at hotmail dot com
10 siblings, 0 replies; 12+ messages in thread
From: minktee at hotmail dot com @ 2014-01-01 2:57 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854
--- Comment #11 from minktee <minktee at hotmail dot com> ---
Comment on attachment 31083
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=31083
stripped from kernel 3.4 fs/dcache.c
Created attachment 31083 [details]
stripped from kernel 3.4 fs/dcache.c
2013-10-23 17:42 UTC, bccheng@android.com
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug target/58854] [4.8 regression] "sub sp, fp, #40" hoisted above frame accesses
2013-10-23 17:40 [Bug target/58854] New: [ARM 4.8 regression] "sub sp, fp, #40" hoisted above frame accesses bccheng at android dot com
` (9 preceding siblings ...)
2014-01-01 2:57 ` minktee at hotmail dot com
@ 2014-01-01 3:59 ` minktee at hotmail dot com
10 siblings, 0 replies; 12+ messages in thread
From: minktee at hotmail dot com @ 2014-01-01 3:59 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854
--- Comment #12 from minktee <minktee at hotmail dot com> ---
Comment on attachment 31105
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=31105
lightly tested patch.
>diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c
>index 212a4bc..23dfc0e 100644
>--- a/gcc/config/arm/arm.c
>+++ b/gcc/config/arm/arm.c
>@@ -26547,6 +26547,7 @@ arm_expand_epilogue_apcs_frame (bool really_return)
> num_regs = bit_count (saved_regs_mask);
> if ((offsets->outgoing_args != (1 + num_regs)) || cfun->calls_alloca)
> {
>+1 emit_insn (gen_blockage ());
> /* Unwind the stack to just below the saved registers. */
> emit_insn (gen_addsi3 (stack_pointer_rtx,
> hard_frame_pointer_rtx,
^ permalink raw reply [flat|nested] 12+ messages in thread