https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81996
Bug ID: 81996
Summary: __builtin_return_address(0) does not work on powerpc
in -fPIC mode and causes SIGSEGVs
Product: gcc
Version: 7.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: slyfox at inbox dot ru
Target Milestone: ---
I've found a problem on glibc-2.25 where glibc crashes at startup.
Minimal reproducer does not crash the program but yields bad result:
#include <stdio.h>
static void * f(void) __attribute__((noinline));
static void * f(void) {
return __builtin_extract_return_addr (__builtin_return_address(0));
}
int main(void) {
printf ("main =%p\n", &main);
printf ("ret_addr=%p\n", f());
return 0;
}
$ powerpc-unknown-linux-gnu-gcc-7.2.0 a.c -O2 -fno-PIC -o a && ./a
main =0x100002e0
ret_addr=0x1000030c <- good!
$ powerpc-unknown-linux-gnu-gcc-7.2.0 a.c -O2 -fPIC -o a && ./a
main =0x100002e0
ret_addr=0x4 <- bad!
[ In real example glibc crash happens at RETURN_ADDRESS(0) call here:
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=e3ff778113febdd0533aeea70f1a35f62259bcfd;hb=HEAD#l3061
]
Normally gcc should use 'lr' value in both cases but for some reason
it tries to spill 'lr' into stack and then reads it from wrong location:
-fno-PIC: a frame is buit, but good (master does even better than that):
10000410 <f>:
10000410: 94 21 ff f0 stwu r1,-16(r1)
10000414: 7c 68 02 a6 mflr r3
10000418: 38 21 00 10 addi r1,r1,16
1000041c: 4e 80 00 20 blr
-fPIC (
10000420 <f>:
10000420: 94 21 ff e0 stwu r1,-32(r1)
10000424: 7c 08 02 a6 mflr r0
10000428: 90 01 00 24 stw r0,36(r1) ; spill 'lr' into stack
1000042c: 93 c1 00 18 stw r30,24(r1)
10000430: 81 21 00 10 lwz r9,16(r1) ; step1 (uninitialized
garbage value)
10000434: 80 01 00 24 lwz r0,36(r1)
10000438: 80 69 00 04 lwz r3,4(r9) ; step2 (glibc SIGSEGVs here)
1000043c: 83 c1 00 18 lwz r30,24(r1)
10000440: 38 21 00 20 addi r1,r1,32
10000444: 7c 08 03 a6 mtlr r0
10000448: 4e 80 00 20 blr
