[Bug c/81996] New: __builtin_return_address(0) does not work on powerpc in -fPIC mode and causes SIGSEGVs

slyfox at inbox dot ru gcc-bugzilla@gcc.gnu.org
Sun Aug 27 16:57:00 GMT 2017 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81996

            Bug ID: 81996
           Summary: __builtin_return_address(0) does not work on powerpc
                    in -fPIC mode and causes SIGSEGVs
           Product: gcc
           Version: 7.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: slyfox at inbox dot ru
  Target Milestone: ---

I've found a problem on glibc-2.25 where glibc crashes at startup.

Minimal reproducer does not crash the program but yields bad result:

  #include <stdio.h>

  static void * f(void) __attribute__((noinline));
  static void * f(void) {
      return __builtin_extract_return_addr (__builtin_return_address(0));
  }

  int main(void) {
    printf ("main    =%p\n", &main);
    printf ("ret_addr=%p\n", f());
    return 0;
  }

$ powerpc-unknown-linux-gnu-gcc-7.2.0 a.c -O2 -fno-PIC -o a && ./a
main    =0x100002e0
ret_addr=0x1000030c <- good!
$ powerpc-unknown-linux-gnu-gcc-7.2.0 a.c -O2 -fPIC -o a && ./a
main    =0x100002e0
ret_addr=0x4        <- bad!

[ In real example glibc crash happens at RETURN_ADDRESS(0) call here:
   
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=e3ff778113febdd0533aeea70f1a35f62259bcfd;hb=HEAD#l3061
]

Normally gcc should use 'lr' value in both cases but for some reason
it tries to spill 'lr' into stack and then reads it from wrong location:

-fno-PIC: a frame is buit, but good (master does even better than that):

10000410 <f>:
10000410:       94 21 ff f0     stwu    r1,-16(r1)
10000414:       7c 68 02 a6     mflr    r3
10000418:       38 21 00 10     addi    r1,r1,16
1000041c:       4e 80 00 20     blr

-fPIC (

10000420 <f>:
10000420:       94 21 ff e0     stwu    r1,-32(r1)
10000424:       7c 08 02 a6     mflr    r0
10000428:       90 01 00 24     stw     r0,36(r1) ; spill 'lr' into stack
1000042c:       93 c1 00 18     stw     r30,24(r1)
10000430:       81 21 00 10     lwz     r9,16(r1) ; step1 (uninitialized
garbage value)
10000434:       80 01 00 24     lwz     r0,36(r1)
10000438:       80 69 00 04     lwz     r3,4(r9) ; step2 (glibc SIGSEGVs here)
1000043c:       83 c1 00 18     lwz     r30,24(r1)
10000440:       38 21 00 20     addi    r1,r1,32
10000444:       7c 08 03 a6     mtlr    r0
10000448:       4e 80 00 20     blr

More information about the Gcc-bugs mailing list