[Bug target/96892] New: wrong __stack_chk_guard for comparison

[Bug target/96892] New: wrong __stack_chk_guard for comparison

[dongjianqiang2 at huawei dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96892

            Bug ID: 96892
           Summary: wrong __stack_chk_guard for comparison
           Product: gcc
           Version: 10.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: target
          Assignee: unassigned at gcc dot gnu.org
          Reporter: dongjianqiang2 at huawei dot com
  Target Milestone: ---

Simpile testcase:

#include<stdio.h>
int main ()
{
  int i;
  char buf[20];
  for (i = 0; i < 20; i++)
  {
    buf[i] = 'a';
    printf("%c ,%d", buf[i], i);
  }
  return 0;
}

Compile with following command:
arm-linux-gnueabi-gcc -static -fno-PIE -no-pie main.c -fstack-protector-all -g3

gdb ./a.out

   0x000105f8 <+124>:   mov     r3, #0
   0x000105fc <+128>:   movw    r2, #11800      ; 0x2e18
   0x00010600 <+132>:   movt    r2, #6
   0x00010604 <+136>:   ldr     r1, [r2]
   0x00010608 <+140>:   ldr     r2, [r11, #-8]
=> 0x0001060c <+144>:   eors    r1, r2, r1
   0x00010610 <+148>:   beq     0x10618 <main+156>
   0x00010614 <+152>:   bl      0x3257c <__stack_chk_fail>
   0x00010618 <+156>:   mov     r0, r3
   0x0001061c <+160>:   sub     sp, r11, #4
   0x00010620 <+164>:   pop     {r11, pc}
End of assembler dump.
(gdb) p __stack_chk_guard
$8 = 3363780352      // this is canary value
(gdb) p /x $r1
$9 = 0x8ab20   // Comparing the address of __stack_chk_guard ???
(gdb) p /x $r2
$10 = 0x8ab20
(gdb) p &__stack_chk_guard   // address of __stack_chk_guard
$11 = (uintptr_t *) 0x8ab20 <__stack_chk_guard>

Confirmed as a 7.5 regression. The most likely change of those comparison is
pr85434.

[Bug target/96892] [ARM]Wrong __stack_chk_guard for comparison

[thomas.preudhomme at celest dot fr]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96892

--- Comment #1 from Thomas Preud'homme <thomas.preudhomme at celest dot fr> ---
Confirmed on GCC 11.0.0 20200908

[Bug target/96892] [ARM]Wrong __stack_chk_guard for comparison

[thomas.preudhomme at celest dot fr]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96892

--- Comment #2 from Thomas Preud'homme <thomas.preudhomme at celest dot fr> ---
Wouldn't it be enough to add:

"emit_move_insn (operands[3], gen_rtx_MEM(SImode, operands[3]));"

just before the line "if (TARGET_32BIT)" in stack_protect_combined_test_insn
insn pattern?

[Bug target/96892] [ARM]Wrong __stack_chk_guard for comparison

[dongjianqiang2 at huawei dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96892

--- Comment #3 from John Dong <dongjianqiang2 at huawei dot com> ---
(In reply to Thomas Preud'homme from comment #2)
> Wouldn't it be enough to add:
> 
> "emit_move_insn (operands[3], gen_rtx_MEM(SImode, operands[3]));"
> 
> just before the line "if (TARGET_32BIT)" in stack_protect_combined_test_insn
> insn pattern?

but adding two ldr instructions may significantly harm performance ;(

[Bug target/96892] [ARM]Wrong __stack_chk_guard for comparison

[dongjianqiang2 at huawei dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96892

--- Comment #4 from John Dong <dongjianqiang2 at huawei dot com> ---
diff --git a/gcc/config/arm/arm.md b/gcc/config/arm/arm.md
index 1a8e498ba4c..97c2f6a1174 100644
--- a/gcc/config/arm/arm.md
+++ b/gcc/config/arm/arm.md
@@ -9301,6 +9301,7 @@ (define_insn_and_split
"*stack_protect_combined_test_insn"
          emit_move_insn (operands[3], mem);
        }
     }
+  emit_move_insn (operands[3], gen_rtx_MEM(SImode, operands[3]));
   if (TARGET_32BIT)
     {
       emit_insn (gen_arm_stack_protect_test_insn (operands[4], operands[0],
@@ -9333,8 +9334,8 @@ (define_insn "arm_stack_protect_test_insn"
    (clobber (match_operand:SI 0 "register_operand" "=&l,&r"))
    (clobber (match_dup 2))]
   "TARGET_32BIT"
-  "ldr\t%0, [%2]\;ldr\t%2, %1\;eors\t%0, %2, %0\;mov\t%2, #0"
-  [(set_attr "length" "12,16")
+  "ldr\t%0, [%2]\;ldr\t%2, %1\;ldr\t%2, [%2]\;eors\t%0, %2, %0\;mov\t%2, #0"
+  [(set_attr "length" "16,20")
    (set_attr "conds" "set")
    (set_attr "type" "multiple")
    (set_attr "arch" "t,32")]
diff --git a/gcc/config/arm/thumb1.md b/gcc/config/arm/thumb1.md
index 56705c9f1eb..31466405fae 100644
--- a/gcc/config/arm/thumb1.md
+++ b/gcc/config/arm/thumb1.md
@@ -2035,8 +2035,8 @@ (define_insn "thumb1_stack_protect_test_insn"
         UNSPEC_SP_TEST))
    (clobber (match_dup 2))]
   "TARGET_THUMB1"
-  "ldr\t%0, [%2]\;ldr\t%2, %1\;eors\t%0, %2, %0\;movs\t%2, #0"
-  [(set_attr "length" "10")
+  "ldr\t%0, [%2]\;ldr\t%2, %1\;ldr\t%2, [%2]\;eors\t%0, %2, %0\;movs\t%2, #0"
+  [(set_attr "length" "12")
    (set_attr "conds" "clob")
    (set_attr "type" "multiple")]
 )

a simple patch as suggested by Thomas

[Bug target/96892] [ARM]Wrong __stack_chk_guard for comparison

[dongjianqiang2 at huawei dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96892

John Dong <dongjianqiang2 at huawei dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #5 from John Dong <dongjianqiang2 at huawei dot com> ---
Fixed after e94797250b403d66cb3624a594e41faf0dd76617

[Bug target/96892] [ARM]Wrong __stack_chk_guard for comparison

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96892

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |11.0

--- Comment #6 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to John Dong from comment #5)
> Fixed after e94797250b403d66cb3624a594e41faf0dd76617

r11-3427

[Bug target/96892] [ARM]Wrong __stack_chk_guard for comparison

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96892

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|11.0                        |10.4
           Keywords|                            |wrong-code

--- Comment #7 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Fixed in GCC 10.4 by r10-8823

[Bug target/96892] [ARM]Wrong __stack_chk_guard for comparison

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96892

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|10.4                        |10.3

--- Comment #8 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Andrew Pinski from comment #7)
> Fixed in GCC 10.4 by r10-8823

Sorry 10.3.0

[Bug target/96892] [ARM]Wrong __stack_chk_guard for comparison

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96892

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sylw.bar at gmail dot com

--- Comment #9 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
*** Bug 103009 has been marked as a duplicate of this bug. ***

[Bug target/96892] [ARM]Wrong __stack_chk_guard for comparison

[sylw.bar at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96892

--- Comment #10 from Sylwester Baranski <sylw.bar at gmail dot com> ---
(In reply to Andrew Pinski from comment #9)
> *** Bug 103009 has been marked as a duplicate of this bug. ***

OK. Thank you for connecting those problems.
Sylwester