From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-patches-return-399746-listarch-gcc-patches=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 80199 invoked by alias); 3 Jun 2015 08:31:01 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Received: (qmail 80187 invoked by uid 89); 3 Jun 2015 08:31:01 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.2
X-HELO: eu-smtp-delivery-143.mimecast.com
Received: from eu-smtp-delivery-143.mimecast.com (HELO eu-smtp-delivery-143.mimecast.com) (207.82.80.143) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 03 Jun 2015 08:30:59 +0000
Received: from cam-owa2.Emea.Arm.com (fw-tnat.cambridge.arm.com [217.140.96.140]) by uk-mta-28.uk.mimecast.lan; Wed, 03 Jun 2015 09:30:55 +0100
Received: from [10.2.207.50] ([10.1.2.79]) by cam-owa2.Emea.Arm.com with Microsoft SMTPSVC(6.0.3790.3959);	 Wed, 3 Jun 2015 09:30:55 +0100
Message-ID: <556EBB3F.7090603@arm.com>
Date: Wed, 03 Jun 2015 08:36:00 -0000
From: Kyrill Tkachov <kyrylo.tkachov@arm.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Shiva Chen <shiva0217@gmail.com>,  GCC Patches <gcc-patches@gcc.gnu.org>, "nickc@redhat.com" <nickc@redhat.com>,  Richard Earnshaw <Richard.Earnshaw@arm.com>, Ramana Radhakrishnan <Ramana.Radhakrishnan@arm.com>
Subject: Re: [GCC, ARM] armv8 linux toolchain asan testcase fail due to stl missing conditional code
References: <CAH=PD7ZegqZCA8gMy+7X1gBqx6w9HS5fnGSxkzVp61Uwn8c8Jg@mail.gmail.com>
In-Reply-To: <CAH=PD7ZegqZCA8gMy+7X1gBqx6w9HS5fnGSxkzVp61Uwn8c8Jg@mail.gmail.com>
X-MC-Unique: eIkAYw1FSgmXTiwSjzJG9Q-1
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-IsSubscribed: yes
X-SW-Source: 2015-06/txt/msg00281.txt.bz2

Hi Shiva,

On 03/06/15 05:12, Shiva Chen wrote:
> Hi,
>
> I noticed that armv8(32 bit target) linux toolchain
>
> run asan testcase would get the following message:
>
>
> FAIL: c-c++-common/asan/heap-overflow-1.c -O0 output pattern test, is
> Executing on host:
> /home/gccbuilder-x86/test/mgcc5.0/testsuite/../tools/x86_64/install/bin/q=
emu-arm
> -E LD_LIBRARY_PATH=3D/home/gccbuilder-x86/test/mgcc5.0/Release/install/ar=
mv8-marvell-linux-gnueabihf-hard-5.1.1_x86_64/bin/../arm-linux-gnueabihf/li=
bc/lib/arm-linux-gnueabihf:/home/gccbuilder-x86/test/mgcc5.0/Release/instal=
l/armv8-marvell-linux-gnueabihf-hard-5.1.1_x86_64/bin/../arm-linux-gnueabih=
f/libc/usr/lib/arm-linux-gnueabihf
> -L/home/gccbuilder-x86/test/mgcc5.0/Release/install/armv8-marvell-linux-g=
nueabihf-hard-5.1.1_x86_64/bin/../arm-linux-gnueabihf/libc
> ./heap-overflow-1.exe
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> =3D=3D2182=3D=3DERROR: AddressSanitizer: heap-buffer-overflow on address
> 0xf4a007fa at pc 0x000108a0 bp 0xf6ffc264 sp 0xf6ffc25c
> READ of size 1 at 0xf4a007fa thread T0
> ASAN:SIGSEGV
>
>
> sanitizer library use the source in gcc-src/libbacktrace to allocate memo=
ry.
>
> The error cause by null pointer reference in libbacktrace/mmap.c
>
>
> void
> backtrace_free (struct backtrace_state *state, void *addr, size_t size,
>                  backtrace_error_callback error_callback ATTRIBUTE_UNUSED,
>                  void *data ATTRIBUTE_UNUSED)
> ...
>    if (locked)
>      {
>        backtrace_free_locked (state, addr, size);
>
>        if (state->threaded) <=3D line 201
>          __sync_lock_release (&state->lock_alloc); <=3D line 202
>      }
> }
>
> .loc 1 201 0
> cmp r3, #0 <=3D r3 contain the value of state->threaded
> .loc 1 202 0
> addne r3, r5, #32
> movne r2, #0
> stl r2, [r3] <=3D should be conditional execution

I think you're right.

>
> when r3 is 0, line 202 should not execute.
>
> It seems that stl should generate as stlne.
>
> Otherwise, slt will get null reference when r3 is 0.
>
>
> To fix the issue, add %? when output stl assembly pattern in sync.md.
>
> Is this patch ok for trunk?
>
> Thanks,
> Shiva
>
> Fix_slt_lda_missing_conditional_code.diff
>
>
> diff --git a/gcc/config/arm/sync.md b/gcc/config/arm/sync.md
> index 44cda61..79b039e 100644
> --- a/gcc/config/arm/sync.md
> +++ b/gcc/config/arm/sync.md
> @@ -75,9 +75,9 @@
>     {
>       enum memmodel model =3D memmodel_from_int (INTVAL (operands[2]));
>       if (is_mm_relaxed (model) || is_mm_consume (model) || is_mm_release=
 (model))
> -      return \"ldr<sync_sfx>\\t%0, %1\";
> +      return \"ldr<sync_sfx>%?\\t%0, %1\";
>       else
> -      return \"lda<sync_sfx>\\t%0, %1\";
> +      return \"lda<sync_sfx>%?\\t%0, %1\";
>     }
>   )

This pattern is not predicable though, i.e. it doesn't have the "predicable=
" attribute set to "yes".
Therefore the compiler should be trying to branch around here rather than t=
ry to do a cond_exec.
Why does the generated code above look like it's converted to conditional e=
xecution?
Could you produce a self-contained reduced testcase for this?

Thanks,
Kyrill

>=20=20=20
> @@ -91,9 +91,9 @@
>     {
>       enum memmodel model =3D memmodel_from_int (INTVAL (operands[2]));
>       if (is_mm_relaxed (model) || is_mm_consume (model) || is_mm_acquire=
 (model))
> -      return \"str<sync_sfx>\t%1, %0\";
> +      return \"str<sync_sfx>%?\t%1, %0\";
>       else
> -      return \"stl<sync_sfx>\t%1, %0\";
> +      return \"stl<sync_sfx>%?\t%1, %0\";
>     }
>   )
>=20=20=20