https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80968
Bug ID: 80968 Summary: [SPARC] Stack frame reference allowed in delay slot of return instruction. Product: gcc Version: 8.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: target Assignee: unassigned at gcc dot gnu.org Reporter: davem at gcc dot gnu.org Target Milestone: --- Created attachment 41467 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41467&action=edit Distilled test case exhibiting return delay slot bug. When alloca() is used, gcc can allow a reference to that memory in the delay slot of a return instruction which deallocates that stack frame. This was seen in lib/libcrc32c.c:crc32c() in the Linux kernel. If an interrupt arrives exactly at that delay slot load instruction the value can be corrupted. A distilled version of that code is attached. When compiled with "-m64 -O2" you will see something like: sub %sp, %g1, %sp add %sp, 2230, %i5 and %i5, -8, %i5 ... return %i7+8 lduw [%o5+16], %o0 Seems like we need something like stack tie pattern like other backends use to block code movement like this, and emit it right before the epilogue sequence.