https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116597
Bug ID: 116597
Summary: [arm] indirect tailcalls with incomplete prototypes
generate wrong code when using PACM
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Keywords: wrong-code
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: rearnsha at gcc dot gnu.org
Target Milestone: ---
void (*f)(); // Or void (*f)(int, ...};
void g () { return f (1, 2, 3, 4); }
when compiled with -mcpu=cortex-m85 -O2 -mbranch-protection=pac+leaf
Generates:
...
aut ip, lr, sp
bx ip
that is, it tries to jump to the result of the authentication, rather than the
indirect function call.
The issue is that without a full prototype we fail to detect that all the
parameter passing registers have been used and assume that one of them can be
used for the tailcall address. In reality, that doesn't happen and the
compiler then tries to allocate IP for the address, even though that will
eventually be clobbered by the AUT instruction.
The problem also exists on gcc-13, but that requires an additional change (the
fix for PR113780
