From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id DA97F3857034 for ; Thu, 26 Nov 2020 17:46:30 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org DA97F3857034 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7081831B; Thu, 26 Nov 2020 09:46:30 -0800 (PST) Received: from [192.168.1.19] (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id F01D13F23F; Thu, 26 Nov 2020 09:46:29 -0800 (PST) Subject: Re: AArch64 ILP32 strcmp bug To: Kinsey Moore , "newlib@sourceware.org" References: <58625577-97a0-80eb-2d1f-626d5f89abf9@foss.arm.com> From: Richard Earnshaw Message-ID: <1af9a42d-f224-47af-66f7-4f27c4774e0f@foss.arm.com> Date: Thu, 26 Nov 2020 17:46:20 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3492.5 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, NICE_REPLY_A, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: newlib@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Newlib mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Nov 2020 17:46:32 -0000 On 25/11/2020 17:31, Kinsey Moore wrote: > -----Original Message----- > From: Richard Earnshaw > Sent: Wednesday, November 25, 2020 05:29 > To: Kinsey Moore ; newlib@sourceware.org > Subject: Re: AArch64 ILP32 strcmp bug > >> On 20/07/2020 14:52, Kinsey Moore wrote: >>> Hi, >>> It appears that the hand-coded assembly in AArch64 strcmp does not sanitize the incoming address parameters in x0 and x1 when compiled for AArch64 ILP32. Based on my reading of the AArch64 Procedure Call Specification and GCC's output for similar function signatures, the callee is responsible for sanitization of the pointer addresses. I encountered this because I have a struct containing a pointer and length returned from another function that happens to get packed into a single register (x0) and GCC passes this unmodified into strcmp as the first argument. >>> >>> According to the aapcs64: "Any part of a register or a stack slot that is not used for an argument (padding bits) has unspecified content at the callee entry point." >>> >>> I suspect this is a problem for the majority of hand-written AArch64 assembly in newlib. >>> >>> Please let me know if I missed something. >> >> Apologies, somehow this message got marked as read although it never received a response. >> >> I don't think we've really added support for ILP32 to newlib. This may just be one corner of a fairly large can of worms. >> >> The Arm/AArch64 optimized assembly routines are really just copies (provided that they've been kept up-to-date) of the code that Arm publishes as part of its Arm Optimized Routines package (https://github.com/ARM-software/optimized-routines); but even those do not have ILP32 support at this time. The best place to address this is to raise an issue there. > > Thanks for taking a look at this. I did see some flags related to ILP32 elsewhere in newlib which made me think it was supported but, as you mention, none of the assembly is setup for it. In the interim, I've been working around this by adding -DPREFER_SIZE_OVER_SPEED to the newlib CFLAGS to force use of compiled C sources instead of hand-written assembly. The patch to automatically specify this for RTEMS is attached, but I suspect that this may be applicable for all AArch64 targets that wish to take advantage of ILP32. I'll create an issue upstream. > > Kinsey > + + # The hand-written assembly in newlib does not currently support AArch64/ILP32 ABI + # Build from C source instead + case "${host}" in + aarch64*-*-rtems*) + newlib_cflags="${newlib_cflags} -DPREFER_SIZE_OVER_SPEED" + ;; + *) + ;; + esac I have a number of issues with that: 1) It's specific to rtems - what about other users? There really should be a way of detecting that ilp32 is being built so that it works for all. 2) It assumes that rtems will only be used for ILP32 (or that even if you don't have ILP32 you'll get the small rather than the optimal code, some of which is very sub-optimal). 3) It's very poorly targeted, there may well be other places in the code that this affects and also no guarantee that it will prevent use of assembler functions in all cases. R.