[llvm-bugs] [Bug 37472] New: Shrink wrapping on AArch64 violates AAPCS (access below SP)
via llvm-bugs
llvm-bugs at lists.llvm.org
Tue May 15 10:59:09 PDT 2018
https://bugs.llvm.org/show_bug.cgi?id=37472
Bug ID: 37472
Summary: Shrink wrapping on AArch64 violates AAPCS (access
below SP)
Product: libraries
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: Backend: AArch64
Assignee: unassignedbugs at nondot.org
Reporter: eugeni.stepanov at gmail.com
CC: llvm-bugs at lists.llvm.org
AAPCS says,
A process may only access (for reading or writing) the closed interval of the
entire stack delimited by [SP, stack-base – 1].
Shrink wrapping analysis only cares that FI operands are post-dominated by
epilogue. It is possible for an address of a stack variable to be computed
before epilogue, but for the actual access to be done after it, violating the
condition above.
# cat 1.c
typedef struct {
int a, b;
} S;
int f(S *s, unsigned z)
{
if (z > 4)
return 1;
volatile unsigned char arr[4] = {1, 2, 3, 4};
s->a = arr[z];
if (z < 3) {
s->b = arr[z];
}
return 0;
}
$ bin/clang 1.c -O3 -target aarch64-linux-gnueabi -c && bin/llvm-objdump -d
-no-show-raw-insn 1.o
1.o: file format ELF64-aarch64-little
Disassembly of section .text:
f:
0: cmp w1, #4
4: b.ls #12
8: orr w0, wzr, #0x1
c: ret
10: sub sp, sp, #16
14: mov w9, #513
18: movk w9, #1027, lsl #16
1c: mov w8, w1
20: str w9, [sp, #12]
24: add x9, sp, #12 <-- address computation
28: ldrb w10, [x9, x8]
2c: cmp w1, #2
30: str w10, [x0]
34: add sp, sp, #16 <-- epilogue
38: b.hi #12
3c: ldrb w8, [x9, x8] <-- stack frame access
40: str w8, [x0, #4]
44: mov w0, wzr
48: ret
This is LLVM r331830. I'm not aware of this causing any practical issues.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180515/bff84cc6/attachment.html>
More information about the llvm-bugs
mailing list