Segher Boessenkool <seg...@kernel.crashing.org> writes: > On Mon, Sep 14, 2020 at 05:33:33PM +0100, Richard Sandiford wrote: >> > However, for the cases on Power as Segher mentioned, there are also some >> > scratch registers used for >> > Other purpose, not sure whether we can correctly generate zeroing in >> > middle-end for Power? >> >> Segher would be better placed to answer that, but I think the process >> above has to give a conservatively-accurate list of live registers. >> If it misses a register, the other late rtl passes could clobber >> that same register. > > It will zero a whole bunch of registers that are overwritten later, that > are not parameter passing registers either.
This thread has covered two main issues: correctness and cost. The question above was about correctness, but your reply seems to be about cost. The correctness question was instead: would the process described in my previous message lead the compiler to think that a register wasn't live before a Power return instruction when the register actually was live? (And if so, how do we get around that for other post prologue-epilogue passes that use df?) On the cost issue: when you say some registers are “overwritten later”: which registers do you mean, and who would be doing the overwriting? We were talking about inserting zeroing instructions immediately before returns that already exist. It looks like the main Power return pattern is: (define_insn "<return_str>return" [(any_return)] "<return_pred>" "blr" [(set_attr "type" "jmpreg")]) Does this overwrite anything other than the PC? If not, it doesn't look like anything in the function itself would clobber other registers later (i.e. later than the inserted zeroing instructions). And of course, if an attacker is performing a ROP attack, the attacker controls which address the BLR returns to. Thanks, Richard
