https://gcc.gnu.org/bugzilla/show_bug.cgi?id=121121
Bug ID: 121121
Summary: [15/16 regression] [RISC-V] Wrong unwind info with
-fstack-clash-protection
Product: gcc
Version: 15.1.1
Status: UNCONFIRMED
Keywords: wrong-code
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: sch...@linux-m68k.org
Target Milestone: ---
Target: riscv*-*-*
$ cat stack-clash.c
void g (void *);
void f ()
{
void *a[10000];
g (a);
}
$ gcc -fstack-clash-protection -fomit-frame-pointer -c stack-clash.c
$ readelf -wF stack-clash.o
Contents of the .eh_frame section:
00000000 0000000000000010 00000000 CIE "zR" cf=1 df=-4 ra=1
LOC CFA
0000000000000000 sp+0
00000014 0000000000000028 00000018 FDE cie=00000000
pc=0000000000000000..000000000000004e
LOC CFA ra
0000000000000000 sp+0 u
0000000000000002 sp+16 u
000000000000000a t0+77840 c-8
0000000000000018 sp+77840 c-8
0000000000000022 sp+80016 c-8
0000000000000048 sp+16 c-8
000000000000004a sp+16 u
000000000000004c sp+0 u
That unwind info claims that the CFA is t0+77824 during the stack probe but the
adjusted copy of the stack pointer actually resides in t1.
$ objdump -dr stack-clash.o
stack-clash.o: file format elf64-littleriscv
Disassembly of section .text:
0000000000000000 <f>:
0: 1141 addi sp,sp,-16
2: e406 sd ra,8(sp)
4: 634d lui t1,0x13
6: 40610333 sub t1,sp,t1
a: 6285 lui t0,0x1
000000000000000c <.L2>:
c: 40510133 sub sp,sp,t0
10: 40013023 sd zero,1024(sp)
14: fe611ce3 bne sp,t1,c <.L2>
14: R_RISCV_BRANCH .L2
