public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug target/94697] New: aarch64: bti j at function start instead of bti c
@ 2020-04-21 15:13 nsz at gcc dot gnu.org
2020-04-22 10:01 ` [Bug target/94697] " rearnsha at gcc dot gnu.org
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: nsz at gcc dot gnu.org @ 2020-04-21 15:13 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
Bug ID: 94697
Summary: aarch64: bti j at function start instead of bti c
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: nsz at gcc dot gnu.org
Target Milestone: ---
function that may be indirectly called does not start with bti c:
void bar(int *);
void *addr;
int foo(int x)
{
label:
addr=&&label;
bar(&x);
return x;
}
with -O2 -mbranch-protection=bti+pac-ret
foo:
.L2:
hint 36 // bti j
hint 25 // paciasp
adrp x1, .L2
stp x29, x30, [sp, -32]!
add x1, x1, :lo12:.L2
adrp x2, .LANCHOR0
mov x29, sp
str x1, [x2, #:lo12:.LANCHOR0]
str w0, [sp, 28]
add x0, sp, 28
bl bar
ldr w0, [sp, 28]
ldp x29, x30, [sp], 32
hint 29 // autiasp
ret
.set .LANCHOR0,. + 0
addr:
.zero 8
happens if function starts with a label that may be indirect
jump target so a bti j is inserted, but there is a paciasp
at the beginning which would normally act as implicit bti c
when it's the first instruction.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/94697] aarch64: bti j at function start instead of bti c
2020-04-21 15:13 [Bug target/94697] New: aarch64: bti j at function start instead of bti c nsz at gcc dot gnu.org
@ 2020-04-22 10:01 ` rearnsha at gcc dot gnu.org
2020-04-23 15:15 ` cvs-commit at gcc dot gnu.org
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: rearnsha at gcc dot gnu.org @ 2020-04-22 10:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
Richard Earnshaw <rearnsha at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2020-04-22
Ever confirmed|0 |1
Status|UNCONFIRMED |NEW
--- Comment #1 from Richard Earnshaw <rearnsha at gcc dot gnu.org> ---
Jumping to the label is not the same as calling the function indirectly. But
yes, the code here is clearly incorrect.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/94697] aarch64: bti j at function start instead of bti c
2020-04-21 15:13 [Bug target/94697] New: aarch64: bti j at function start instead of bti c nsz at gcc dot gnu.org
2020-04-22 10:01 ` [Bug target/94697] " rearnsha at gcc dot gnu.org
@ 2020-04-23 15:15 ` cvs-commit at gcc dot gnu.org
2020-04-23 18:22 ` nsz at gcc dot gnu.org
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-04-23 15:15 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Szabolcs Nagy <nsz@gcc.gnu.org>:
https://gcc.gnu.org/g:f7e4641afba7c348a7e7c8655e537a953c416bb3
commit r10-7918-gf7e4641afba7c348a7e7c8655e537a953c416bb3
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Fri Apr 17 16:54:12 2020 +0100
aarch64: ensure bti c is emitted at function start [PR94697]
The bti pass currently first emits bti c at function start
if there is no paciasp (which also acts as indirect call
landing pad), then bti j is emitted at jump labels, however
if there is a label right before paciasp then the function
start can end up like
foo:
label:
bti j
paciasp
...
This patch is a minimal fix that just moves the bti c handling
after the bti j handling so we end up with
foo:
bti c
label:
bti j
paciasp
...
This could be improved by emitting bti jc in this case, or by
detecting that the label is not in fact an indirect jump target
and then this situation would be much less common.
Needs to be backported to gcc-9 branch.
gcc/ChangeLog:
PR target/94697
* config/aarch64/aarch64-bti-insert.c (rest_of_insert_bti): Swap
bti c and bti j handling.
gcc/testsuite/ChangeLog:
PR target/94697
* gcc.target/aarch64/pr94697.c: New test.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/94697] aarch64: bti j at function start instead of bti c
2020-04-21 15:13 [Bug target/94697] New: aarch64: bti j at function start instead of bti c nsz at gcc dot gnu.org
2020-04-22 10:01 ` [Bug target/94697] " rearnsha at gcc dot gnu.org
2020-04-23 15:15 ` cvs-commit at gcc dot gnu.org
@ 2020-04-23 18:22 ` nsz at gcc dot gnu.org
2020-04-27 11:13 ` clyon at gcc dot gnu.org
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: nsz at gcc dot gnu.org @ 2020-04-23 18:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
nsz at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |10.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/94697] aarch64: bti j at function start instead of bti c
2020-04-21 15:13 [Bug target/94697] New: aarch64: bti j at function start instead of bti c nsz at gcc dot gnu.org
` (2 preceding siblings ...)
2020-04-23 18:22 ` nsz at gcc dot gnu.org
@ 2020-04-27 11:13 ` clyon at gcc dot gnu.org
2020-04-27 17:18 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: clyon at gcc dot gnu.org @ 2020-04-27 11:13 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
Christophe Lyon <clyon at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |clyon at gcc dot gnu.org
--- Comment #3 from Christophe Lyon <clyon at gcc dot gnu.org> ---
> PR target/94697
> * gcc.target/aarch64/pr94697.c: New test.
The new test fails with -mabi=ilp32
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/94697] aarch64: bti j at function start instead of bti c
2020-04-21 15:13 [Bug target/94697] New: aarch64: bti j at function start instead of bti c nsz at gcc dot gnu.org
` (3 preceding siblings ...)
2020-04-27 11:13 ` clyon at gcc dot gnu.org
@ 2020-04-27 17:18 ` cvs-commit at gcc dot gnu.org
2020-05-07 11:56 ` jakub at gcc dot gnu.org
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-04-27 17:18 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Szabolcs Nagy <nsz@gcc.gnu.org>:
https://gcc.gnu.org/g:562bfb1f0e64aa6398bdf4baa0a8b205f4b617ab
commit r10-7992-g562bfb1f0e64aa6398bdf4baa0a8b205f4b617ab
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Mon Apr 27 18:07:59 2020 +0100
aarch64: disable test on ilp32 [PR94697]
branch-protection=pac-ret is not supported on ilp32 now and
the test requires it via branch-protection=standard.
committed as obvious.
gcc/testsuite/ChangeLog:
PR target/94697
* gcc.target/aarch64/pr94697.c: Require lp64.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/94697] aarch64: bti j at function start instead of bti c
2020-04-21 15:13 [Bug target/94697] New: aarch64: bti j at function start instead of bti c nsz at gcc dot gnu.org
` (4 preceding siblings ...)
2020-04-27 17:18 ` cvs-commit at gcc dot gnu.org
@ 2020-05-07 11:56 ` jakub at gcc dot gnu.org
2020-05-07 12:01 ` nsz at gcc dot gnu.org
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: jakub at gcc dot gnu.org @ 2020-05-07 11:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|10.0 |10.2
--- Comment #5 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
GCC 10.1 has been released.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/94697] aarch64: bti j at function start instead of bti c
2020-04-21 15:13 [Bug target/94697] New: aarch64: bti j at function start instead of bti c nsz at gcc dot gnu.org
` (5 preceding siblings ...)
2020-05-07 11:56 ` jakub at gcc dot gnu.org
@ 2020-05-07 12:01 ` nsz at gcc dot gnu.org
2020-05-14 15:17 ` cvs-commit at gcc dot gnu.org
2020-05-14 15:53 ` nsz at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: nsz at gcc dot gnu.org @ 2020-05-07 12:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
--- Comment #6 from nsz at gcc dot gnu.org ---
this is fixed for gcc 10.1, just not backported yet so i kept the bug open
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/94697] aarch64: bti j at function start instead of bti c
2020-04-21 15:13 [Bug target/94697] New: aarch64: bti j at function start instead of bti c nsz at gcc dot gnu.org
` (6 preceding siblings ...)
2020-05-07 12:01 ` nsz at gcc dot gnu.org
@ 2020-05-14 15:17 ` cvs-commit at gcc dot gnu.org
2020-05-14 15:53 ` nsz at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-05-14 15:17 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
--- Comment #7 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-9 branch has been updated by Szabolcs Nagy <nsz@gcc.gnu.org>:
https://gcc.gnu.org/g:f6e42cdee5de2b3441afc88c8888c1166bdffe57
commit r9-8594-gf6e42cdee5de2b3441afc88c8888c1166bdffe57
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Fri Apr 17 16:54:12 2020 +0100
aarch64: ensure bti c is emitted at function start [PR94697]
The bti pass currently first emits bti c at function start
if there is no paciasp (which also acts as indirect call
landing pad), then bti j is emitted at jump labels, however
if there is a label right before paciasp then the function
start can end up like
foo:
label:
bti j
paciasp
...
This patch is a minimal fix that just moves the bti c handling
after the bti j handling so we end up with
foo:
bti c
label:
bti j
paciasp
...
This could be improved by emitting bti jc in this case, or by
detecting that the label is not in fact an indirect jump target
and then this situation would be much less common.
Needs to be backported to gcc-9 branch.
Backported without the testcase because of missing infrastructure
for check-function-bodies.
gcc/ChangeLog:
Backport from mainline.
2020-04-23 Szabolcs Nagy <szabolcs.nagy@arm.com>
PR target/94697
* config/aarch64/aarch64-bti-insert.c (rest_of_insert_bti): Swap
bti c and bti j handling.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/94697] aarch64: bti j at function start instead of bti c
2020-04-21 15:13 [Bug target/94697] New: aarch64: bti j at function start instead of bti c nsz at gcc dot gnu.org
` (7 preceding siblings ...)
2020-05-14 15:17 ` cvs-commit at gcc dot gnu.org
@ 2020-05-14 15:53 ` nsz at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: nsz at gcc dot gnu.org @ 2020-05-14 15:53 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
nsz at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #8 from nsz at gcc dot gnu.org ---
fixed for gcc-10.1 and on the gcc-9 branch.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2020-05-14 15:53 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-21 15:13 [Bug target/94697] New: aarch64: bti j at function start instead of bti c nsz at gcc dot gnu.org
2020-04-22 10:01 ` [Bug target/94697] " rearnsha at gcc dot gnu.org
2020-04-23 15:15 ` cvs-commit at gcc dot gnu.org
2020-04-23 18:22 ` nsz at gcc dot gnu.org
2020-04-27 11:13 ` clyon at gcc dot gnu.org
2020-04-27 17:18 ` cvs-commit at gcc dot gnu.org
2020-05-07 11:56 ` jakub at gcc dot gnu.org
2020-05-07 12:01 ` nsz at gcc dot gnu.org
2020-05-14 15:17 ` cvs-commit at gcc dot gnu.org
2020-05-14 15:53 ` nsz at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).