<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - wrong ASM for attribute naked with build option O0"
href="https://bugs.llvm.org/show_bug.cgi?id=35477">35477</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>wrong ASM for attribute naked with build option O0
</td>
</tr>
<tr>
<th>Product</th>
<td>new-bugs
</td>
</tr>
<tr>
<th>Version</th>
<td>5.0
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>new bugs
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>yejun.guo@intel.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>I narrowed down this issue on ubuntu 16.04 x64 on Intel CPU.
the issue only happens with build option -O0, there is no issue with -O1/O2.
Here is the source code, please ignore the meaning of code, it is just used to
show the issue.
fun.cpp:
void __attribute__((naked,noinline)) myfun(int a, int b, int* c, char* d)
{
__asm__ volatile( \
"mov %%fs:0, %%rax\n"
\
"mov %P[tls](%%rax), %%rax\n" \
"test %%rax, %%rax\n" \
"je 1f\n" \
"jmp *%P[api](%%rax)\n" \
"1:\n" \
"retq\n"
\
: \
: [tls] "i" (5),
\
[api] "i" (6)
\
: "cc", "%rdi", "%rsi", "%rdx", "%rcx", "%r8", "%r9", \
"%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", \
"%xmm6", "%xmm7" \
);
}
And build the code with:
/work/llvm_dist/llvm50/bin/clang++ -g -O0 -shared -fPIC -o libfun.so fun.cpp
Then, run:
objdump -d libfun.so
We can see the asm of myfun:
0000000000000620 <_Z5myfuniiPiPc>:
620: 89 7d fc mov %edi,-0x4(%rbp)
623: 89 75 f8 mov %esi,-0x8(%rbp)
626: 48 89 55 f0 mov %rdx,-0x10(%rbp)
62a: 48 89 4d e8 mov %rcx,-0x18(%rbp)
62e: 64 48 8b 04 25 00 00 mov %fs:0x0,%rax
635: 00 00
637: 48 8b 40 05 mov 0x5(%rax),%rax
63b: 48 85 c0 test %rax,%rax
63e: 0f 84 03 00 00 00 je 647 <_Z5myfuniiPiPc+0x27>
644: ff 60 06 jmpq *0x6(%rax)
647: c3 retq
When myfun is called, the %rbp and %rsp are not saved, it is still in the stack
of the caller function, so the first 4 instructions overwrite the data in the
stack. This is not correct.
As with -O2 build option, the first 4 instructions are not generated, and so it
works.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>