Bug 32163 - Compiling with stack protector causes reigster spill failure
Summary: Compiling with stack protector causes reigster spill failure
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: target (show other bugs)
Version: 4.1.2
: P3 minor
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords: ice-on-valid-code
Depends on:
Blocks:
 
Reported: 2007-05-31 11:35 UTC by Valeriy E. Ushakov
Modified: 2007-06-08 05:58 UTC (History)
2 users (show)

See Also:
Host: i386--netbsdelf
Target: sh3--netbsdelf
Build: i386--netbsdelf
Known to work:
Known to fail: 4.1.2 4.2.0 4.3.0
Last reconfirmed: 2007-05-31 13:30:12


Attachments
Preprocessed source of the file that causes the error. (10.13 KB, text/plain)
2007-05-31 11:37 UTC, Valeriy E. Ushakov
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Valeriy E. Ushakov 2007-05-31 11:35:05 UTC
Building NetBSD/sh3 soruce tree with stack protector enabled fails with

/usr/nb-ssp/tools/bin/shle--netbsdelf-gcc -O -Wall -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wno-sign-compare -Wno-traditional -Wreturn-type -Wswitch -Wshadow -Wcast-qual -Wwrite-strings -Wextra -Wno-unused-parameter -std=gnu99 -Werror -fstack-protector -Wstack-protector --param ssp-buffer-size=1 -D_LIBC -DLIBC_SCCS -DSYSLIBC_SCCS -D_REENTRANT -DHESIOD -DINET6 -DNLS -DYP -I/usr/src/lib/libc/include -I/usr/src/lib/libc -DSOFTFLOAT -I/usr/src/lib/libc/arch/sh3/softfloat -I/usr/src/lib/libc/softfloat -DSOFTFLOAT_FOR_GCC -I/usr/src/sys -I/usr/src/lib/libc/compat/stdlib -I/usr/src/lib/libc/compat/../stdlib -I/usr/src/lib/libc/../../common/lib/libc/quad -I/usr/src/lib/libc/../../common/lib/libc/string -I/usr/src/lib/libc/../../common/lib/libc/arch/sh3/string -D__DBINTERFACE_PRIVATE -DI18NMODULE_MAJOR=4 -DCITRUS -I/usr/src/libexec/ld.elf_so -I/usr/src/lib/libc/dlfcn -I/usr/src/lib/libc/gdtoa -DNO_FENV_H -I/usr/src/lib/libc/arch/sh3/gdtoa -DCITRUS_ICONV -DWITH_RUNE -I/usr/src/lib/libc -DPOSIX_MISTAKE -DCOMPAT__RES -DUSE_POLL -DPORTMAP -DWIDE_DOUBLE -DALL_STATE -DUSG_COMPAT -nostdinc -isystem /usr/nb-ssp/distrib/landisk/usr/include -c -D_I18N_DYNAMIC -fPIC -DPIC /usr/src/lib/libc/stdio/asprintf.c -o asprintf.so

/usr/src/lib/libc/stdio/asprintf.c: In function '_asprintf':
/usr/src/lib/libc/stdio/asprintf.c:85: error: unable to find a register to spill in class 'R0_REGS'
/usr/src/lib/libc/stdio/asprintf.c:85: error: this is the insn:
(insn 191 211 210 7 (set (reg/f:SI 2 r2 [246])
        (mem/u/c:SI (plus:SI (reg:SI 12 r12)
                (reg/f:SI 1 r1 [247])) [0 S4 A32])) 171 {movsi_i} (insn_list:REG_DEP_TRUE 189 (nil))
    (expr_list:REG_DEAD (reg/f:SI 1 r1 [247])
        (expr_list:REG_EQUIV (symbol_ref:SI ("__stack_chk_guard") [flags 0x40] <var_decl 0xbb93de40 __stack_chk_guard>)
            (nil))))
/usr/src/lib/libc/stdio/asprintf.c:85: confused by earlier errors, bailing out


The compiler is gcc 4.1.2 as imported into the NetBSD tree:

shle--netbsdelf-gcc (GCC) 4.1.2 20070110 (prerelease) (NetBSD nb1 20070110)
Comment 1 Valeriy E. Ushakov 2007-05-31 11:37:24 UTC
Created attachment 13638 [details]
Preprocessed source of the file that causes the error.
Comment 2 Valeriy E. Ushakov 2007-05-31 11:44:27 UTC
Before failing to compile pic version of asprintf.o as reportde above,
non-pic version is successfully compiled.
Comment 3 Kazumoto Kojima 2007-05-31 13:30:12 UTC
I've confirmed that this fails with 4.1.2, 4.2.0 and 4.3.0
on sh4-unknown-linux-gnu.  A reduced testcase is:

--
int foo ()
{
  char *p;
  char fext[128];

  p = fext;
  bar (&p, (void *)0);
  if (p)
    free (p);
  return 0;
}
--
which fails with -O -fpic -fstack-protector.  Curiously the error
went away with -O2 -fpic -fstack-protector.

Comment 4 Kazumoto Kojima 2007-06-01 00:17:25 UTC
In the faulty case, stack protector inserts PIC codes after the result
is set to R0 register.  It looks like

  rX = __stack_chk_guard@GOT
  A = rX + r12
  B = mem[A]

and combine optimization pass makes this turn into

  rX = __stack_chk_guard@GOT
  B = mem[rX + r12]

Unfortunately, the last insn requires R0 which is already used and we
see the famous R0 spill failure.  We didn't get this error on SH4 with
-O2 because the first insn scheduling and other optimizations move
the insn which set the result to R0 after these protector codes.
But it looks to be fragile even on SH4 -O2.  I'm testing the patch
below on the trunk.

	* config/sh/sh.md (symGOT_load): Don't schedule insns when
	the symbol is generated with the stack protector.

--- ORIG/trunk/gcc/config/sh/sh.md	2007-04-27 21:30:47.000000000 +0900
+++ LOCAL/trunk/gcc/config/sh/sh.md	2007-06-01 08:21:18.000000000 +0900
@@ -8502,6 +8502,20 @@ label:
 					     operands[2],
 					     gen_rtx_REG (Pmode, PIC_REG)));
 
+  /* When stack protector inserts codes after the result is set to
+     R0, @(rX, r12) will cause a spill failure for R0.  Don't schedule
+     insns to avoid combining (set A (plus rX r12)) and (set op0 (mem A))
+     when rX is a GOT address for the guard symbol.  Ugly but doesn't
+     matter because this is a rare situation.  */
+  if (!TARGET_SHMEDIA
+      && flag_stack_protect
+      && GET_CODE (operands[1]) == CONST
+      && GET_CODE (XEXP (operands[1], 0)) == UNSPEC
+      && GET_CODE (XVECEXP (XEXP (operands[1], 0), 0, 0)) == SYMBOL_REF
+      && strcmp (XSTR (XVECEXP (XEXP (operands[1], 0), 0, 0), 0),
+		 \"__stack_chk_guard\") == 0)
+    emit_insn (gen_blockage ());
+
   /* N.B. This is not constant for a GOTPLT relocation.  */
   mem = gen_rtx_MEM (Pmode, operands[3]);
   MEM_NOTRAP_P (mem) = 1;
Comment 5 Kazumoto Kojima 2007-06-03 04:39:05 UTC
Subject: Bug 32163

Author: kkojima
Date: Sun Jun  3 04:38:52 2007
New Revision: 125292

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=125292
Log:
	PR target/32163
	* config/sh/sh.md (symGOT_load): Don't schedule insns when
	the symbol is generated with the stack protector.


Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/config/sh/sh.md

Comment 6 Kazumoto Kojima 2007-06-08 05:54:07 UTC
Subject: Bug 32163

Author: kkojima
Date: Fri Jun  8 05:53:57 2007
New Revision: 125558

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=125558
Log:
	PR target/32163
	Backport from mainline.
	* config/sh/sh.md (symGOT_load): Don't schedule insns when
	the symbol is generated with the stack protector.


Modified:
    branches/gcc-4_2-branch/gcc/ChangeLog
    branches/gcc-4_2-branch/gcc/config/sh/sh.md

Comment 7 Kazumoto Kojima 2007-06-08 05:56:38 UTC
Subject: Bug 32163

Author: kkojima
Date: Fri Jun  8 05:56:28 2007
New Revision: 125559

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=125559
Log:
	PR target/32163
	Backport from mainline.
	* config/sh/sh.md (symGOT_load): Don't schedule insns when
	the symbol is generated with the stack protector.


Modified:
    branches/gcc-4_1-branch/gcc/ChangeLog
    branches/gcc-4_1-branch/gcc/config/sh/sh.md

Comment 8 Kazumoto Kojima 2007-06-08 05:58:19 UTC
Fixed.