Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Function calls can be inlined in naked functions, leading to crashes / memory corruption #7286

Closed
BinaryWarlock opened this issue Dec 3, 2020 · 2 comments
Closed

Function calls can be inlined in naked functions, leading to crashes / memory corruption #7286

BinaryWarlock opened this issue Dec 3, 2020 · 2 comments
Labels
bug Observed behavior contradicts documented or intended behavior miscompilation The compiler reports success but produces semantically incorrect code. stage1 The process of building from source via WebAssembly and the C backend.
Milestone
0.11.0

Comments

@BinaryWarlock
Copy link

Say you have code like:

inline fn f(x: u32) u32 {
    return x;
}

fn testfn() callconv(.Naked) void {
    _ = f(0);

    asm volatile ("ret");
}

If the call f is inlined (as is the case here), it generates code using %rbp assuming there were a stack frame, when there is none.

If it's not inlined, it emits a call instruction which then sets up f's own new stack frame.

Does Zig want to define what behavior happens here? Right now it doesn't even error or warn, it just miscompiles it.

I think there are two ways to approach this:

  • Never inline calls in naked functions
  • Throw an error when calling functions from a naked function

In either case it should always error if the call involves an argument on the stack (pertinent to #72).

And yes, I ran into this in real code. GCC/Clang doesn't let you call functions from naked functions, but Zig let me so I thought it might work -- until I compiled in release mode and my callee was inlined.
@Vexu Vexu added bug Observed behavior contradicts documented or intended behavior stage1 The process of building from source via WebAssembly and the C backend. miscompilation The compiler reports success but produces semantically incorrect code. labels Dec 3, 2020
@Vexu Vexu added this to the 0.8.0 milestone Dec 3, 2020
@leecannon
Copy link
Contributor

leecannon commented Dec 7, 2020
edited

As part of approach 2 (although I prefer approach 1) the compiler could error unless all calls to non-naked functions from a naked function be invocations of @call() with an explicit stack given.

@andrewrk andrewrk modified the milestones: 0.8.0, 0.10.0 May 19, 2021
@andrewrk andrewrk modified the milestones: 0.14.0, 0.11.0 Jul 22, 2023
@andrewrk andrewrk added stage1 The process of building from source via WebAssembly and the C backend. and removed stage1 The process of building from source via WebAssembly and the C backend. labels Jul 27, 2023
@andrewrk
Copy link
Member

Works with the new inline semantics:

0000000000000000 <testfn>:
   0:	c3                   	ret
   1:	c3                   	ret

@xtexChooser xtexChooser mentioned this issue Dec 2, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Observed behavior contradicts documented or intended behavior miscompilation The compiler reports success but produces semantically incorrect code. stage1 The process of building from source via WebAssembly and the C backend.
Projects
None yet
Milestone
0.11.0
Development

No branches or pull requests
4 participants
@andrewrk @leecannon @Vexu @BinaryWarlock