Tamar Christina <tamar.christ...@arm.com> writes:
> + HOST_WIDE_INT guard_used_by_caller = STACK_CLASH_CALLER_GUARD;
> + /* When doing the final adjustment for the outgoing argument size we can't
> + assume that LR was saved at position 0. So subtract it's offset from
> the
> + ABI safe buffer so that we don't accidentally allow an adjustment that
> + would result in an allocation larger than the ABI buffer without
> + probing. */
> + HOST_WIDE_INT min_probe_threshold
> + = final_adjustment_p
> + ? guard_used_by_caller - cfun->machine->frame.reg_offset[LR_REGNUM]
> + : guard_size - guard_used_by_caller;
[...]
> + if (residual)
> + {
> + aarch64_sub_sp (temp1, temp2, residual, frame_related_p);
> + if (residual >= min_probe_threshold)
> + {
> + if (dump_file)
> + fprintf (dump_file,
> + "Stack clash AArch64 prologue residuals: "
> + HOST_WIDE_INT_PRINT_DEC " bytes, probing will be required."
> + "\n", residual);
> + emit_stack_probe (plus_constant (Pmode, stack_pointer_rtx,
> + STACK_CLASH_CALLER_GUARD));
reg_offsets are nonnegative, so if LR_REGNUM isn't saved at position 0,
min_probe_threshold will be less than STACK_CLASH_CALLER_GUARD. It looks
like the probe would then write above the region.
Using >= rather than > means that the same thing could happen when
LR_REGNUM is at position 0, if the residual is exactly
STACK_CLASH_CALLER_GUARD.
Thanks,
Richard
