[Bug ld/34217] New: [RISC-V] GNU ld.bfd relax ignores local norvc state

Sun, 07 Jun 2026 08:22:40 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=34217

            Bug ID: 34217
           Summary: [RISC-V] GNU ld.bfd relax ignores local norvc state
           Product: binutils
           Version: 2.45
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: l784896635 at gmail dot com
  Target Milestone: ---

I ran into this while reducing a RISC-V linker testcase. The reproducer is
already quite small, and I have been seeing the same result consistently across
three reruns.

Summary
=======
GNU ld.bfd relaxes the call sequence in the local norvc region into the 16-bit
encoding 0xa021 (disassembled as j), producing an RVC jump where local code
generation state explicitly disabled RVC.

Expected behavior
=================
A mixed rvc/norvc object uses a non-compressed tail call inside a local .option
norvc region. Linker relaxation must not emit a compressed jump there.

Environment
===========
- product: binutils
- component: ld
- toolchain route: gas+ld.bfd
- march: rv64imac
- mabi: lp64
- first failing stage: link

Reduced testcase
================
--- case.S ---
.option rvc
.globl _start
_start:
  add a0, a0, a1
  add a1, a1, a2
  .balign 4

.option norvc
  add a0, a1, a2
  tail foo
  .space 4
  .balign 8
foo:
  ret

Reproduction notes
==================
- This packaged root does not have a single canonical `run.ps1` wrapper.
- Use the reduced inputs under `case/` and follow the commands documented in
`case/README.md`.
- Stable witness outputs, when present, are preserved under
`verify/run1..run3/`.

What I checked
==============
- Reduced inputs are preserved under case/.
- Stable witness outputs are preserved under verify/run1..run3/.
- The strict recheck says stable normalized run signatures across three runs:
True.
- Tracker guidance link:
https://sourceware.org/binutils/docs/ld/Bug-Reporting.html
- evidence summary: 3 clean reproductions under
hunt/verify/local_rvc_state_relax/run1..run3 show the input object contains an
auipc+jr call sequence at offset 0xA, but the final ld.bfd output contains the
16-bit j encoding at the corresponding site; the unbuffered sibling variant
also fails at link time with an alignment-padding error caused by the same
unexpected shrink.

Notes
=====
https://maskray.me/blog/2021-03-14-the-dark-side-of-riscv-linker-relaxation

Root key: bfd.riscv.relax_ignores_local_norvc_state
Case id: 20260525-bfd-rv64-local-rvc-state-relax

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to