From patchwork Sat Mar 23 14:27:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ajit Agarwal X-Patchwork-Id: 1915168 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=jn9cdrPo; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4V21kJ2lYkz1yXy for ; Sun, 24 Mar 2024 01:27:34 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 93ACB3858403 for ; Sat, 23 Mar 2024 14:27:31 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by sourceware.org (Postfix) with ESMTPS id 6D9F43858D28 for ; Sat, 23 Mar 2024 14:27:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6D9F43858D28 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linux.ibm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6D9F43858D28 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1711204034; cv=none; b=Vx7O2okn5HbuzcnuxdJTlaLTInnIaw2XQSNyXsg4RPl0qqdZOniF2doUToz5VBHu1z2qhYMsDEEK1I7a7WmTciMs9DOqVThcjR46k9fM+lpWzc4eQ/SBtLBtfCRCoEKtwiRzmKSTTbiRXnJ+YG8gFRWyiADLM80uyd3Z6D2idto= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1711204034; c=relaxed/simple; bh=JOxo+f+b3vDGxKkAZ8fiTJcBvrmu1B6Zq+O7DhyDweE=; h=DKIM-Signature:Message-ID:Date:MIME-Version:To:From:Subject; b=kDV0BvPr/6KhQAUKe7GOaaKmRk0r7S/1fOwfY0cIl7w7iUb7ktDmqDXtsDcgauxBxga9SApmulQ+0cZ1CG2IBhRUwW7BV0cccNoK0D8+uMmlrl8aYc1x4jDzuEPFG1iuFM7KKtfeCFetid2/1Cak7g5ntUDbx+OHYqOXzktwwHw= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 42NE99TO002404; Sat, 23 Mar 2024 14:27:11 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date : mime-version : to : from : subject : content-type : content-transfer-encoding; s=pp1; bh=9wxLGPDyu5Oyi8l6Og3e0xoJUBJKUik0kidk+4DvIdw=; b=jn9cdrPoGofYtAEJG2MJxVzeFcR11C3eevChIiI5xxBEKDmR7Dqg+FzQlBfcvqJLdzs+ cNE2zncboPc6e4qgWayxZtHsiJQh9cilD0Xs7dNSn92Ari/b29VpT85pTHrqyuX275mg V262LE60Ikg3shsuDwxv/O7uVzWB1HOyTTkEQ5vFHvm0J7kQgnqQmyhuVepNHSqcRd93 RvPP6PR8WKGLsSN8ksMKkaYFZ1JUU2/RxLVdlbN4gACXL9+EtXb0X56tjQa15sBf5WGm OS9FG5ppRKT9doCjqjinUPW2JEcbnVHGNWbWuEBWNhzH2kmOE5begkfECjMgXRLu7yUL /w== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3x1wv8095n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 23 Mar 2024 14:27:11 +0000 Received: from m0360072.ppops.net (m0360072.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 42NERARY028944; Sat, 23 Mar 2024 14:27:10 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3x1wv8095h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 23 Mar 2024 14:27:10 +0000 Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 42NDJrag009098; Sat, 23 Mar 2024 14:27:08 GMT Received: from smtprelay06.wdc07v.mail.ibm.com ([172.16.1.73]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 3x0x15mjeh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 23 Mar 2024 14:27:08 +0000 Received: from smtpav01.wdc07v.mail.ibm.com (smtpav01.wdc07v.mail.ibm.com [10.39.53.228]) by smtprelay06.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 42NER5J214877342 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sat, 23 Mar 2024 14:27:07 GMT Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6B0F65804B; Sat, 23 Mar 2024 14:27:05 +0000 (GMT) Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6961F58055; Sat, 23 Mar 2024 14:27:02 +0000 (GMT) Received: from [9.43.18.241] (unknown [9.43.18.241]) by smtpav01.wdc07v.mail.ibm.com (Postfix) with ESMTP; Sat, 23 Mar 2024 14:27:01 +0000 (GMT) Message-ID: <617b4a76-914c-4fff-b0db-d23e633ac444@linux.ibm.com> Date: Sat, 23 Mar 2024 19:57:00 +0530 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Peter Bergner , Jakub Jelinek , "Kewen.Lin" , Segher Boessenkool , Michael Meissner , David Edelsohn , gcc-patches From: Ajit Agarwal Subject: [PATCH v3] rs6000: Stackoverflow in optimized code on PPC [PR100799] X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 90Qj83DREejff5tirjyJkCzo8_WMPxH5 X-Proofpoint-ORIG-GUID: lXxgY9XwFcV2Zxy_UlljjuigTQwiYUIK X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-23_10,2024-03-21_02,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 adultscore=0 suspectscore=0 phishscore=0 mlxlogscore=999 priorityscore=1501 spamscore=0 impostorscore=0 mlxscore=0 clxscore=1015 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2403210000 definitions=main-2403230098 X-Spam-Status: No, score=-12.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_EF, GIT_PATCH_0, KAM_MANYTO, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org Hello All: When using FlexiBLAS with OpenBLAS, we noticed corruption of the caller stack frame when calling OpenBLAS functions. This was caused by the FlexiBLAS C/C++ caller and OpenBLAS Fortran callee disagreeing on the number of function parameters in the callee due to hidden Fortran parameters. This can cause problems when the callee believes the caller has allocated a parameter save area when the caller has not done so. That means any writes by the callee into the non-existent parameter save area will corrupt the caller stack frame. The workaround implemented here, is for the callee to determine whether the caller has allocated a parameter save area or not, by ignoring any unused hidden parameters when counting the number of parameters. Bootstrapped and regtested on powerpc64-linux-gnu. Thanks & Regards Ajit rs6000: Stackoverflow in optimized code on PPC [PR100799] When using FlexiBLAS with OpenBLAS, we noticed corruption of the caller stack frame when calling OpenBLAS functions. This was caused by the FlexiBLAS C/C++ caller and OpenBLAS Fortran callee disagreeing on the number of function parameters in the callee due to hidden Fortran parameters. This can cause problems when the callee believes the caller has allocated a parameter save area when the caller has not done so. That means any writes by the callee into the non-existent parameter save area will corrupt the caller stack frame. The workaround implemented here, is for the callee to determine whether the caller has allocated a parameter save area or not, by ignoring any unused hidden parameters when counting the number of parameters. 2024-03-23 Ajit Kumar Agarwal gcc/ChangeLog: PR rtl-optimization/100799 * config/rs6000/rs6000-calls.cc (rs6000_function_arg): Don't assume a parameter save area has been allocated if the number of formal parameters, excluding unused hidden parameters, is less than or equal to GP_ARG_NUM_REG (8). (init_cumulative_args): Check for unused hidden Fortran parameters and set hidden_string_length and actual_parm_length. * config/rs6000/rs6000.h (rs6000_args): Add new field hidden_string_length and actual_parm_length. --- gcc/config/rs6000/rs6000-call.cc | 38 ++++++++++++++++++++++++++++++-- gcc/config/rs6000/rs6000.h | 4 ++++ 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/gcc/config/rs6000/rs6000-call.cc b/gcc/config/rs6000/rs6000-call.cc index 1f8f93a2ee7..656735aebaf 100644 --- a/gcc/config/rs6000/rs6000-call.cc +++ b/gcc/config/rs6000/rs6000-call.cc @@ -64,7 +64,7 @@ #include "ppc-auxv.h" #include "targhooks.h" #include "opts.h" - +#include "tree-dfa.h" #include "rs6000-internal.h" #ifndef TARGET_PROFILE_KERNEL @@ -584,6 +584,32 @@ init_cumulative_args (CUMULATIVE_ARGS *cum, tree fntype, if (incoming || cum->prototype) cum->nargs_prototype = n_named_args; + /* When the buggy C/C++ wrappers call the function with fewer arguments + than it actually has. Check whether this function contains any unused + hidden parameters and record how many there are for use in + rs6000_function_arg() to determine whether its callers + have allocated a parameter save area or not. See PR100799 for + details. */ + unsigned int num_args = 0; + unsigned int hidden_length = 0; + + for (tree arg = DECL_ARGUMENTS (current_function_decl); + arg; arg = DECL_CHAIN (arg)) + { + num_args++; + if (DECL_HIDDEN_STRING_LENGTH (arg)) + { + tree parmdef = ssa_default_def (cfun, arg); + if (parmdef == NULL || has_zero_uses (parmdef)) + { + cum->hidden_string_length = 1; + hidden_length++; + } + } + } + + cum->actual_parm_length = num_args - hidden_length; + /* Check for a longcall attribute. */ if ((!fntype && rs6000_default_long_calls) || (fntype @@ -1857,7 +1883,15 @@ rs6000_function_arg (cumulative_args_t cum_v, const function_arg_info &arg) return rs6000_finish_function_arg (mode, rvec, k); } - else if (align_words < GP_ARG_NUM_REG) + /* When the buggy C/C++ wrappers call the function with fewer arguments + than it actually has. Check whether this function contains any unused + hidden parameters and record how many there are for use in + rs6000_function_arg() to determine whether its callers + have allocated a parameter save area or not. See PR100799 for + details. */ + else if (align_words < GP_ARG_NUM_REG + || (cum->hidden_string_length + && cum->actual_parm_length <= GP_ARG_NUM_REG)) { if (TARGET_32BIT && TARGET_POWERPC64) return rs6000_mixed_function_arg (mode, type, align_words); diff --git a/gcc/config/rs6000/rs6000.h b/gcc/config/rs6000/rs6000.h index 68bc45d65ba..a8f91301852 100644 --- a/gcc/config/rs6000/rs6000.h +++ b/gcc/config/rs6000/rs6000.h @@ -1490,6 +1490,10 @@ typedef struct rs6000_args int named; /* false for varargs params */ int escapes; /* if function visible outside tu */ int libcall; /* If this is a compiler generated call. */ + /* Actual parameter count ignoring unused hidden parameters. */ + unsigned int actual_parm_length; + /* Set if there is hidden unused parameters. */ + unsigned int hidden_string_length : 1; } CUMULATIVE_ARGS; /* Initialize a variable CUM of type CUMULATIVE_ARGS