<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/75998>75998</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
In the -Oz optimization mode, when enabling -mbranch-protection=standard, the program encounters an error.
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
zhou-shan
</td>
</tr>
</table>
<pre>
1. The code that caused the error is as follows:(test.c)
`struct i3c_dev_desc;
struct i3c_master_controller_ops {
int (*f1)(void);
int (*f2)(void);
int (*f3)(void);
int (*f4)(void);
int (*f5)(void);
int (*f6)(void);
int (*f7)(void);
int (*f8)(void);
int (*priv_xfers)(struct i3c_dev_desc *dev, char *xfers, int nxfers);
};
struct i3c_master_controller {
int a;
int b;
int c;
unsigned long d;
struct i3c_master_controller_ops *ops;
};
struct i3c_i2c_dev_desc {
char *a;
char *b;
struct i3c_master_controller *master;
void *master_priv;
};
struct i3c_dev_desc {
struct i3c_i2c_dev_desc common;
};
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wincompatible-pointer-types"
int i3c_dev_do_priv_xfers_locked(struct i3c_dev_desc *dev,
char *xfers,
int nxfers)
{
struct i3c_master_controller *master;
if (!dev)
{
return -2;
}
master = dev->common.master;
if (!master || !xfers)
{
return -22;
}
if (!master->ops->priv_xfers)
{
return -138;
}
return master->ops->priv_xfers(dev, xfers, nxfers);
}
#pragma GCC diagnostic pop`
2. Compile options using clang 15.0.2 or 17.0.1 are as follows:
clang -c --target=armv8.1-m.main -mcpu=cortex-m85 -mfloat-abi=soft -mthumb -mpure-code -mbranch-protection=standard -Wall -Oz -fno-builtin -fshort-enums -fno-common -fsigned-char -fomit-frame-pointer -ffunction-sections -fdata-sections -fstack-protector-strong -fno-unroll-loops -std=c99 -g test.c -o test.o
3. Problem Description:
When executing "bx r12" to jump to "master->ops->priv_xfers", the value of r12 (which holds the PAC) was modified due to PAC verification earlier, causing an unexpected behavior of "bx r12" instruction and the program to run out of control. (In fact, PAC verification was not necessary before the "bx" instruction, considering the semantics of this function.)
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJycVs2Sm7wSfRp50yUKhDH2wgvHvnMrq5vFrcrSJaQGlCCJ0o9nkqf_SuCf8SQzTr6NMajV53T36Za496oziFtSfSLVYcFj6K3b_uxtpL7nZtFY-WNbZPD_HkFYiRB6HkDw6FFC6BHQOetAeeAeWjsM9tmTckfYOqAPmSBsQ_IDyXdklfvgogigSnGUeDpK9IKUn87L0-8rC819QHcU1gRnhwHd0Y4eSH22VyYAYWvCdm2RMNj6ZJVM_8pfLdhDi_KhxfKhRfXQYvXQon5osX5kMTp1Or606Pxs-ZusA2E7iSfC9iB67tLrecMekiNz3X4tT334i1Ldl4nfkWzu3m4CiGZSooTBmg7kXwuD7ezo_4yvYq9TcaF6ycSN7uXLjfLHQbPd_PFqnop0-3xMlfkzhr-ye4--sFpb84FXwsrR8U5z-O9-D1LxzlgflIAx-v6BieqMdZhCYPSrMsLqkQfVDEhHq0xAR8OPET1h7FbRK317vCnxOFjxHeUjNd6n_SLJm--bLs_B_ruynB22c8MUE_Zblw5DdAYou0vtq-2zTyDlASSeKCn_M5ciewN2hblsqPek3gNhxTvBXJHfhX7jMmHb0afHfe__3m9Rrt9zfDb50O36PDiuA-P3w-KB9uxIVvlraJbB3upRDQh2DMoaD9Er04EYuOmgqLI8Y2AdFHWWZwVwh29OnFk7kzUVQGngrsNAygN3-rTOCqozzZUBqsUYSXkQ1gV8oXpdAdXtYHmgvFGkPHjbBqA69FE3QPUYHdLp6KO6cdyIno7OBhSJZTIP3EjuJNCvfBiA_u8n0NZY2kQ1hITX-t66QNFE7eelWSlpZRp5dFI8ba1WgbaO62t_AW3baCYk6mfE5ELywF-_-8DF9wsr66gPLg3RCSua1Ad0sGlKUh9kCn2zAdrBfEIDtfM_-7oeZQZfnG0G1HBAL5wa53CvU6Ug1SeleYekOhC27kMY54P_ibCnToU-NpmwmrCnYThdHonjNxSBsCfuPQZP2FOxWq7Zuq4JeypxteRyI2neVkiXm6KmnCGjtSwahuU6L4vlVdhfezSALyhiSDohjDUv4ApGGINg4VvUY3oSxj7UM0saTheZEx8igm2Tj9Rfz70SPfR2kH5a_7LbE7aBZ-5BW6lahRJkxITxZbeHEzrVKsFTmgC5GxS66YDls465gWjwZUQRUEKDPT8p6xLeHXNl5mGWvHAzX7FGZzvHdUJy0YCNIW07j7gscf1soOUprftfuSTCxgYwKNB77n5Ag611OLmesN_gTqyt8UqiS8yTnUfNTVDCJ-TQKw8XXWaEbRZyW8pNueEL3BZ1XubLfJWvFv22yEvEfClL2VRsJWvMmw0XVYsblLJYyoXaspyVBWN5zqo8X2VCYl1X65XIm6ot24Isc9RcDVmST2Zdt1DeR9zW1WazXgy8wcFPl1fGDD7DtJiKWh0WbjtJromdJ8t8UD74m5egwoDbz2aKLvVsmjpa_Zxzpq3ElIbnSWOGN0NKxMf9f9HRpVpohI2piX2q_XRNzmAR3bD9616Zokq9MkX9TwAAAP__LFWjFw">