This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: Bug fix for a29k ELIGIBLE_FOR_EPILOGUE_DELAY
- To: kenner at vlsi1 dot ultra dot nyu dot edu (Richard Kenner)
- Subject: Re: Bug fix for a29k ELIGIBLE_FOR_EPILOGUE_DELAY
- From: Joern Rennecke <amylaar at cygnus dot co dot uk>
- Date: Fri, 19 Sep 1997 19:56:25 +0100 (BST)
- Cc: egcs at cygnus dot com
> I need a reminder of what this is all about. I'm still quite skeptical
> about it.
>From amylaar@cygnus.co.uk Tue Oct 22 16:45:57 1996
Received: from phal.cygnus.co.uk (phal.cygnus.co.uk [194.130.39.5]) by cygnus.co.uk (8.6.12/8.6.9) with ESMTP id QAA27606 for <amylaar@mailhost.cygnus.co.uk>; Tue, 22 Oct 1996 16:45:56 +0100
Received: (from amylaar@localhost) by phal.cygnus.co.uk (8.7.1/8.7.1) id QAA12944; Tue, 22 Oct 1996 16:44:38 +0100
From: Joern Rennecke <amylaar@cygnus.co.uk>
Message-Id: <199610221544.QAA12944@phal.cygnus.co.uk>
Subject: Bug fix for a29k ELIGIBLE_FOR_EPILOGUE_DELAY
To: kenner@vlsi1.ultra.nyu.edu (Richard Kenner)
Date: Tue, 22 Oct 1996 16:44:37 +0100 (BST)
Content-Type: text
Status: RO
The a29k port allows loads from memory in the epilogue delay slot.
Such a load might load a stack slot into the return register.
If an interrupt/exception is serviced just before or while the
instruction in the delay slot is executed, the contents of this
stack slot might be clobbered.
Here is a patch:
Thu Oct 17 21:50:21 1996 J"orn Rennecke <amylaar@cygnus.co.uk>
a29k.h (ELIGIBLE_FOR_EPILOGUE_DELAY):
avoid loading sheduling a load from a stack slot.
*** a29k.h.95q4 Sun Aug 6 22:36:41 1995
--- a29k.h Thu Oct 17 21:47:24 1996
*************** extern char *a29k_function_name;
*** 984,996 ****
On the 29k, we must be able to place it in a delay slot, it must
not use sp if the frame pointer cannot be eliminated, and it cannot
! use local regs if we need to push the register stack. */
#define ELIGIBLE_FOR_EPILOGUE_DELAY(INSN,N) \
(get_attr_in_delay_slot (INSN) == IN_DELAY_SLOT_YES \
&& ! (frame_pointer_needed \
&& reg_mentioned_p (stack_pointer_rtx, PATTERN (INSN))) \
! && ! (needs_regstack_p () && uses_local_reg_p (PATTERN (INSN))))
�
/* Output assembler code for a block containing the constant parts
of a trampoline, leaving space for the variable parts.
--- 984,1001 ----
On the 29k, we must be able to place it in a delay slot, it must
not use sp if the frame pointer cannot be eliminated, and it cannot
! use local regs if we need to push the register stack.
! If this is a SET with a memory as source, it might load from
! a stack slot, unless the address is constant. */
#define ELIGIBLE_FOR_EPILOGUE_DELAY(INSN,N) \
(get_attr_in_delay_slot (INSN) == IN_DELAY_SLOT_YES \
&& ! (frame_pointer_needed \
&& reg_mentioned_p (stack_pointer_rtx, PATTERN (INSN))) \
! && ! (needs_regstack_p () && uses_local_reg_p (PATTERN (INSN))) \
! && (GET_CODE (PATTERN (INSN)) != SET \
! || GET_CODE (SET_SRC (PATTERN (INSN))) != MEM \
! || ! rtx_varies_p (XEXP (SET_SRC (PATTERN (INSN)), 0))))
�
/* Output assembler code for a block containing the constant parts
of a trampoline, leaving space for the variable parts.
>From kenner@vlsi1.ultra.nyu.edu Sat Oct 26 19:20:19 1996
Received: from vlsi1.ultra.nyu.edu (VLSI1.ULTRA.NYU.EDU [128.122.129.7]) by cygnus.co.uk (8.6.12/8.6.9) with SMTP id TAA19563 for <amylaar@cygnus.co.uk>; Sat, 26 Oct 1996 19:20:17 +0100
Received: by vlsi1.ultra.nyu.edu (5.61/1.34)
id AA05163; Sat, 26 Oct 96 14:28:57 -0400
Date: Sat, 26 Oct 96 14:28:57 -0400
From: kenner@vlsi1.ultra.nyu.edu (Richard Kenner)
Message-Id: <9610261828.AA05163@vlsi1.ultra.nyu.edu>
To: amylaar@cygnus.co.uk
Subject: Re: Bug fix for a29k ELIGIBLE_FOR_EPILOGUE_DELAY
Status: RO
The a29k port allows loads from memory in the epilogue delay slot.
Such a load might load a stack slot into the return register. If an
interrupt/exception is serviced just before or while the instruction
in the delay slot is executed, the contents of this stack slot might
be clobbered.
I don't understand. Can you give a detailed example?
>From amylaar@cygnus.co.uk Wed Oct 30 23:14:45 1996
Received: from phal.cygnus.co.uk (phal.cygnus.co.uk [194.130.39.5]) by cygnus.co.uk (8.6.12/8.6.9) with ESMTP id XAA02936 for <amylaar@cygnus.co.uk>; Wed, 30 Oct 1996 23:14:44 GMT
Received: (from amylaar@localhost) by phal.cygnus.co.uk (8.7.1/8.7.1) id XAA01147; Wed, 30 Oct 1996 23:14:37 GMT
From: Joern Rennecke <amylaar@cygnus.co.uk>
Message-Id: <199610302314.XAA01147@phal.cygnus.co.uk>
Subject: Re: Bug fix for a29k ELIGIBLE_FOR_EPILOGUE_DELAY
To: kenner@vlsi1.ultra.nyu.edu (Richard Kenner)
Date: Wed, 30 Oct 1996 23:14:35 +0000 (GMT)
Cc: amylaar@cygnus.co.uk
In-Reply-To: <9610261828.AA05163@vlsi1.ultra.nyu.edu> from "Richard Kenner" at Oct 26, 96 02:28:57 pm
Content-Type: text
Status: RO
> The a29k port allows loads from memory in the epilogue delay slot.
> Such a load might load a stack slot into the return register. If an
> interrupt/exception is serviced just before or while the instruction
> in the delay slot is executed, the contents of this stack slot might
> be clobbered.
>
> I don't understand. Can you give a detailed example?
The original code gets optimized differently by the current snapshots, so
I made up a new example that shows the problem.
int
f(double d)
{
int i, j = 0;
for (i=0; i < 10; i++)
(*(&j))++;
return j;
}
compiled with ss-961023 for a29k with ./cc1 -O2 -fno-exceptions t.c gives:
.file "t.c"
.sect .lit,lit
gcc2_compiled.:
___gnu_compiled_c:
.text
.align 4
.global _f
.word 0x40008
_f:
sub gr125,gr125,8
add gr117,gr125,4
const gr116,0
store 0,0,gr116,gr117
const gr118,0
L5:
load 0,0,gr116,gr117
add gr118,gr118,1
add gr116,gr116,1
store 0,0,gr116,gr117
cple gr116,gr118,9
jmpt gr116,L5
add gr116,gr125,4
add gr125,gr125,8
jmpi lr0
load 0,0,gr96,gr116
The last two instructions are the crucial ones. If an interrupt occurs
immediately after the jumpi instruction, the stackslot the return
value is about to be read from might be overwritten.
Here is the patch again:
Thu Oct 17 21:50:21 1996 J"orn Rennecke <amylaar@cygnus.co.uk>
a29k.h (ELIGIBLE_FOR_EPILOGUE_DELAY):
avoid loading sheduling a load from a stack slot.
*** a29k.h.95q4 Sun Aug 6 22:36:41 1995
--- a29k.h Thu Oct 17 21:47:24 1996
*************** extern char *a29k_function_name;
*** 984,996 ****
On the 29k, we must be able to place it in a delay slot, it must
not use sp if the frame pointer cannot be eliminated, and it cannot
! use local regs if we need to push the register stack. */
#define ELIGIBLE_FOR_EPILOGUE_DELAY(INSN,N) \
(get_attr_in_delay_slot (INSN) == IN_DELAY_SLOT_YES \
&& ! (frame_pointer_needed \
&& reg_mentioned_p (stack_pointer_rtx, PATTERN (INSN))) \
! && ! (needs_regstack_p () && uses_local_reg_p (PATTERN (INSN))))
�
/* Output assembler code for a block containing the constant parts
of a trampoline, leaving space for the variable parts.
--- 984,1001 ----
On the 29k, we must be able to place it in a delay slot, it must
not use sp if the frame pointer cannot be eliminated, and it cannot
! use local regs if we need to push the register stack.
! If this is a SET with a memory as source, it might load from
! a stack slot, unless the address is constant. */
#define ELIGIBLE_FOR_EPILOGUE_DELAY(INSN,N) \
(get_attr_in_delay_slot (INSN) == IN_DELAY_SLOT_YES \
&& ! (frame_pointer_needed \
&& reg_mentioned_p (stack_pointer_rtx, PATTERN (INSN))) \
! && ! (needs_regstack_p () && uses_local_reg_p (PATTERN (INSN))) \
! && (GET_CODE (PATTERN (INSN)) != SET \
! || GET_CODE (SET_SRC (PATTERN (INSN))) != MEM \
! || ! rtx_varies_p (XEXP (SET_SRC (PATTERN (INSN)), 0))))
�
/* Output assembler code for a block containing the constant parts
of a trampoline, leaving space for the variable parts.
>From kenner@vlsi1.ultra.nyu.edu Tue Nov 12 19:30:38 1996
Received: from vlsi1.ultra.nyu.edu (VLSI1.ULTRA.NYU.EDU [128.122.129.7]) by cygnus.co.uk (8.6.12/8.6.9) with SMTP id TAA11830 for <amylaar@cygnus.co.uk>; Tue, 12 Nov 1996 19:30:36 GMT
Received: by vlsi1.ultra.nyu.edu (5.61/1.34)
id AA18206; Tue, 12 Nov 96 14:38:54 -0500
Date: Tue, 12 Nov 96 14:38:54 -0500
From: kenner@vlsi1.ultra.nyu.edu (Richard Kenner)
Message-Id: <9611121938.AA18206@vlsi1.ultra.nyu.edu>
To: amylaar@cygnus.co.uk
Subject: Re: Bug fix for a29k ELIGIBLE_FOR_EPILOGUE_DELAY
Status: RO
jmpi lr0
load 0,0,gr96,gr116
The last two instructions are the crucial ones. If an interrupt
occurs immediately after the jumpi instruction, the stackslot the
return value is about to be read from might be overwritten.
I don't see how. Can you explain how this might occur?
>From amylaar@cygnus.co.uk Wed Nov 13 18:36:27 1996
Received: from phal.cygnus.co.uk (phal.cygnus.co.uk [194.130.39.5]) by cygnus.co.uk (8.6.12/8.6.9) with ESMTP id SAA01873 for <amylaar@mailhost.cygnus.co.uk>; Wed, 13 Nov 1996 18:36:26 GMT
Received: (from amylaar@localhost) by phal.cygnus.co.uk (8.7.1/8.7.1) id SAA17211; Wed, 13 Nov 1996 18:36:11 GMT
From: Joern Rennecke <amylaar@cygnus.co.uk>
Message-Id: <199611131836.SAA17211@phal.cygnus.co.uk>
Subject: Re: Bug fix for a29k ELIGIBLE_FOR_EPILOGUE_DELAY
To: kenner@vlsi1.ultra.nyu.edu (Richard Kenner)
Date: Wed, 13 Nov 1996 18:36:11 +0000 (GMT)
In-Reply-To: <9611121938.AA18206@vlsi1.ultra.nyu.edu> from "Richard Kenner" at Nov 12, 96 02:38:54 pm
Content-Type: text
Status: RO
> The last two instructions are the crucial ones. If an interrupt
> occurs immediately after the jumpi instruction, the stackslot the
> return value is about to be read from might be overwritten.
>
> I don't see how. Can you explain how this might occur?
int
f(double d)
{
int i, j = 0;
for (i=0; i < 10; i++)
(*(&j))++;
return j;
}
.file "t.c"
.sect .lit,lit
gcc2_compiled.:
___gnu_compiled_c:
.text
.align 4
.global _f
.word 0x40008
_f:
sub gr125,gr125,8
add gr117,gr125,4
gr117 is initialized to &j, which is gr125 + 4
const gr116,0
store 0,0,gr116,gr117
const gr118,0
L5:
load 0,0,gr116,gr117
add gr118,gr118,1
add gr116,gr116,1
store 0,0,gr116,gr117
cple gr116,gr118,9
jmpt gr116,L5
The value to be returned is now in j, which is *(int*)(gr125 + 4).
add gr116,gr125,4
Its address has been computed into gr116.
add gr125,gr125,8
Due to this stack adjustment, j is now in the supposedly free region of the
stack.
If an interrupts occurs at this point, this will cause problems too, however,
this was not was what observed.
jmpi lr0
An interrupt can occur here. If it uses any stack, it will overwrite the
return value in j, which is now in *(int*)(gr125 - 4).
load 0,0,gr96,gr116
Come to think of it, with the bugfix patch in place, output_epilog could
avoid the nop in this case with a little extra code.
In the else clause of the if (size >= 256), it could test for
(! a29k_regstack_size && ! current_function_epilogue_delay_list) ; if
only a stack adjust and the jmpi are needed, it can place the jmpi first.
Here is the bugfix patch again:
Thu Oct 17 21:50:21 1996 J"orn Rennecke <amylaar@cygnus.co.uk>
a29k.h (ELIGIBLE_FOR_EPILOGUE_DELAY):
avoid loading sheduling a load from a stack slot.
*** a29k.h.95q4 Sun Aug 6 22:36:41 1995
--- a29k.h Thu Oct 17 21:47:24 1996
*************** extern char *a29k_function_name;
*** 984,996 ****
On the 29k, we must be able to place it in a delay slot, it must
not use sp if the frame pointer cannot be eliminated, and it cannot
! use local regs if we need to push the register stack. */
#define ELIGIBLE_FOR_EPILOGUE_DELAY(INSN,N) \
(get_attr_in_delay_slot (INSN) == IN_DELAY_SLOT_YES \
&& ! (frame_pointer_needed \
&& reg_mentioned_p (stack_pointer_rtx, PATTERN (INSN))) \
! && ! (needs_regstack_p () && uses_local_reg_p (PATTERN (INSN))))
�
/* Output assembler code for a block containing the constant parts
of a trampoline, leaving space for the variable parts.
--- 984,1001 ----
On the 29k, we must be able to place it in a delay slot, it must
not use sp if the frame pointer cannot be eliminated, and it cannot
! use local regs if we need to push the register stack.
! If this is a SET with a memory as source, it might load from
! a stack slot, unless the address is constant. */
#define ELIGIBLE_FOR_EPILOGUE_DELAY(INSN,N) \
(get_attr_in_delay_slot (INSN) == IN_DELAY_SLOT_YES \
&& ! (frame_pointer_needed \
&& reg_mentioned_p (stack_pointer_rtx, PATTERN (INSN))) \
! && ! (needs_regstack_p () && uses_local_reg_p (PATTERN (INSN))) \
! && (GET_CODE (PATTERN (INSN)) != SET \
! || GET_CODE (SET_SRC (PATTERN (INSN))) != MEM \
! || ! rtx_varies_p (XEXP (SET_SRC (PATTERN (INSN)), 0))))
�
/* Output assembler code for a block containing the constant parts
of a trampoline, leaving space for the variable parts.
>From kenner@vlsi1.ultra.nyu.edu Wed Nov 13 18:39:14 1996
Received: from vlsi1.ultra.nyu.edu (VLSI1.ULTRA.NYU.EDU [128.122.129.7]) by cygnus.co.uk (8.6.12/8.6.9) with SMTP id SAA01878 for <amylaar@cygnus.co.uk>; Wed, 13 Nov 1996 18:39:13 GMT
Received: by vlsi1.ultra.nyu.edu (5.61/1.34)
id AA21484; Wed, 13 Nov 96 13:47:35 -0500
Date: Wed, 13 Nov 96 13:47:35 -0500
From: kenner@vlsi1.ultra.nyu.edu (Richard Kenner)
Message-Id: <9611131847.AA21484@vlsi1.ultra.nyu.edu>
To: amylaar@cygnus.co.uk
Subject: Re: Bug fix for a29k ELIGIBLE_FOR_EPILOGUE_DELAY
Status: RO
If an interrupts occurs at this point, this will cause problems too,
In other words, this has nothing whatsoever to do with the epilogue per se.
The point is that you can't schedule an insn that uses that stack at that
point.
I'll build a cross-compiler and take a look at it.
>From amylaar@cygnus.co.uk Wed Feb 19 19:07:08 1997
Return-Path: amylaar@cygnus.co.uk
Received: from phal.cygnus.co.uk (phal.cygnus.co.uk [194.130.39.5]) by cygnus.co.uk (8.6.12/8.6.9) with ESMTP id TAA00398 for <amylaar@mailhost.cygnus.co.uk>; Wed, 19 Feb 1997 19:07:07 GMT
Received: (from amylaar@localhost) by phal.cygnus.co.uk (8.7.1/8.7.1) id TAA15133; Wed, 19 Feb 1997 19:05:39 GMT
From: Joern Rennecke <amylaar@cygnus.co.uk>
Message-Id: <199702191905.TAA15133@phal.cygnus.co.uk>
Subject: Re: Bug fix for a29k ELIGIBLE_FOR_EPILOGUE_DELAY
To: kenner@vlsi1.ultra.nyu.edu (Richard Kenner)
Date: Wed, 19 Feb 1997 19:05:39 +0000 (GMT)
In-Reply-To: <9611131847.AA21484@vlsi1.ultra.nyu.edu> from "Richard Kenner" at Nov 13, 96 01:47:35 pm
Content-Type: text
Status: RO
> If an interrupts occurs at this point, this will cause problems too,
>
> In other words, this has nothing whatsoever to do with the epilogue per se.
> The point is that you can't schedule an insn that uses that stack at that
> point.
Well, if you like to put it that way. But the reason why you can't
schedule an insn that uses the stack at that point is because that point
is inside the epilogue, where the stack frame is already deallocated,
as far as interrupts are concerned.
> I'll build a cross-compiler and take a look at it.
Well, what did you see?
>From kenner@vlsi1.ultra.nyu.edu Sun Mar 16 13:56:10 1997
Return-Path: kenner@vlsi1.ultra.nyu.edu
Received: from vlsi1.ultra.nyu.edu (VLSI1.ULTRA.NYU.EDU [128.122.129.7]) by cygnus.co.uk (8.6.12/8.6.9) with SMTP id NAA22011 for <amylaar@cygnus.co.uk>; Sun, 16 Mar 1997 13:56:08 GMT
Received: by vlsi1.ultra.nyu.edu (4.1/1.34)
id AA23859; Sun, 16 Mar 97 08:59:32 EST
Date: Sun, 16 Mar 97 08:59:32 EST
From: kenner@vlsi1.ultra.nyu.edu (Richard Kenner)
Message-Id: <9703161359.AA23859@vlsi1.ultra.nyu.edu>
To: amylaar@cygnus.co.uk
Subject: Re: Bug fix for a29k ELIGIBLE_FOR_EPILOGUE_DELAY
Status: RO
I need a reminder of what this is all about. I'm still quite skeptical
about it.
>From amylaar@cygnus.co.uk Wed Feb 19 14:07:44 1997
Received: from [194.130.39.5] by vlsi1.ultra.nyu.edu (5.61/1.34)
id AA17395; Wed, 19 Feb 97 14:07:42 -0500
Received: (from amylaar@localhost) by phal.cygnus.co.uk (8.7.1/8.7.1) id TAA15133; Wed, 19 Feb 1997 19:05:39 GMT
From: Joern Rennecke <amylaar@cygnus.co.uk>
Message-Id: <199702191905.TAA15133@phal.cygnus.co.uk>
Subject: Re: Bug fix for a29k ELIGIBLE_FOR_EPILOGUE_DELAY
To: kenner@vlsi1.ultra.nyu.edu (Richard Kenner)
Date: Wed, 19 Feb 1997 19:05:39 +0000 (GMT)
In-Reply-To: <9611131847.AA21484@vlsi1.ultra.nyu.edu> from "Richard Kenner" at Nov 13, 96 01:47:35 pm
Content-Type: text
Status: RO
> If an interrupts occurs at this point, this will cause problems too,
>
> In other words, this has nothing whatsoever to do with the epilogue per se.
> The point is that you can't schedule an insn that uses that stack at that
> point.
Well, if you like to put it that way. But the reason why you can't
schedule an insn that uses the stack at that point is because that point
is inside the epilogue, where the stack frame is already deallocated,
as far as interrupts are concerned.
> I'll build a cross-compiler and take a look at it.
Well, what did you see?