https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80968
Bug ID: 80968
Summary: [SPARC] Stack frame reference allowed in delay slot of
return instruction.
Product: gcc
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: davem at gcc dot gnu.org
Target Milestone: ---
Created attachment 41467
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41467&action=edit
Distilled test case exhibiting return delay slot bug.
When alloca() is used, gcc can allow a reference to that memory
in the delay slot of a return instruction which deallocates that
stack frame.
This was seen in lib/libcrc32c.c:crc32c() in the Linux kernel.
If an interrupt arrives exactly at that delay slot load instruction
the value can be corrupted.
A distilled version of that code is attached. When compiled
with "-m64 -O2" you will see something like:
sub %sp, %g1, %sp
add %sp, 2230, %i5
and %i5, -8, %i5
...
return %i7+8
lduw [%o5+16], %o0
Seems like we need something like stack tie pattern like other
backends use to block code movement like this, and emit it right
before the epilogue sequence.
