This is the mail archive of the libffi-discuss@sourceware.org mailing list for the libffi project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Structure-return bug on powerpc32

From: Wim Lewis <wiml at hhhh dot org>
To: libffi-discuss at sources dot redhat dot com
Cc: Andreas Tobler <andreast-list at fgznet dot ch>
Date: Fri, 22 May 2009 15:24:16 -0700
Subject: Re: Structure-return bug on powerpc32
References: <E561F073-3673-497D-8816-2FC89616BC86@hhhh.org> <4A170322.30903@fgznet.ch>

On May 22, 2009, at 12:55 PM, Andreas Tobler wrote:

Wim Lewis wrote:
I've been looking into some libffi test failures on netbsd/ppc. To make a long story short, under some circumstances (returning a small aggregate that's not a multiple of 4 bytes), ffi_call() will write past the end of the buffer passed to rvalue. [....]
Which ABI does netbsd/ppc use? The original SYSV or the same as Linux? If it is the original SYSV you might try to build like FreeBSD does.

NetBSD uses the same ABI as FreeBSD, as far as I know --- in fact, it's building libffi with TARGET=POWERPC_FREEBSD. :) The other tests which depend on the difference between the SYSV and "GCC" ABIs (small aggregates returned in registers vs. a hidden pointer argument) all pass. And the actual returned value is correct --- it's just stomping on some nearby memory as well.

The bug is not with the procedure call convention itself, but with the way that the return value is copied from registers into the buffer passed to ffi_call(). Once I found the relevant code in powerpc/sysv.S, it was pretty clear that it will write past the end of its buffer in situations like this. I'm surprised that the bug doesn't occur on FreeBSD as well, but perhaps there's some subtle point I'm missing.

I've written up a test case which should detect the problem even if the compiler doesn't happen to put something important immediately after res_dbl. It fails in the expected way on my netbsd5/ppc machine, and passes on the other systems I have handy (openbsd4.4/ i386, darwin9/i386, darwin9/x86_64). It also passes on darwin8/ppc, apparently because the darwin calling convention is to return even small aggregates using a hidden pointer argument.

Here's the test program:
    http://www.hhhh.org/wiml/tmp/odd_struct.c

It'd be interesting to run it on an architecture with more strict alignment requirements as well, like MIPS or SPARC.


regards
   Wim Lewis / wiml@hhhh.org

Follow-Ups:
- Re: Structure-return bug on powerpc32 (patch)
  - From: Wim Lewis

References:
- Structure-return bug on powerpc32
  - From: Wim Lewis
- Re: Structure-return bug on powerpc32
  - From: Andreas Tobler

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]