https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113795
Bug ID: 113795
Summary: armv8.1m-m.main+pacbti -mbranch-protection=standard
-O2 compile error
Product: gcc
Version: 13.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: keithp at keithp dot com
Target Milestone: ---
Created attachment 57348
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57348&action=edit
Reasonably short test case.
A tail-call indirect branch is miscompiled in the attached example.
Without -mbranch-protection=standard:
```
.L2:
ldr r4, .L25+4
movs r0, #0
ldr r4, [r4, #24]
mov ip, r4
str r4, [sp, #4]
add sp, sp, #28
@ sp needed
pop {r4, r5, r6, r7, r8, r9, r10, fp, lr}
bx ip
```
With -mbranch-protection=standard:
```
.L2:
movs r0, #0
ldr r4, .L25+4
ldr r4, [r4, #24]
str r4, [sp, #4]
add sp, sp, #24
@ sp needed
pop {r4, r5, r6, r7, r8, r9, r10, fp, ip, lr}
aut ip, lr, sp
bx ip
```
Note that in the latter example, the `ip` register doesn't get copied from
`r4`, presumably because `ip` gets clobbered by the PAC operation. That leaves
the indirect branch at the end jumping to a random address.
