New options have been added to the compiler to add support for stack protection:
--protect_stack - Enables stack protection for functions with vulnerable types ( char / wchar_t arrays).
--protect_stack_all - Enables stack protection unconditionally for all functions.
[SDCOMP-14360]
A number of improvements have been made to the inline assembler's diagnostics. New error messages from #3050 to #3082 are used in cases that were previously not as well-explained, particularly deprecated and unpredictable instructions, out-of-range immediates and syntax errors. [SDCOMP-13909]
The inline assembler now supports Thumb-state code, with some limitations:
It can be used only when targeting v6T2, v6-M, and v7 cores.
The TBB, TBH, CBZ and CBNZ instructions are not supported.
As with previous versions, some system instructions such as SETEND are not permitted.
While not limitations, the following points are noteworthy changes:
Existing code that relies on the compiler automatically switching to ARM state on inline assembly in Thumb functions will still compile and behave as before, but is deprecated and will produce warnings #3042-D and #3043-D. This feature may be removed in future releases.
In some cases the compiler may exchange IT blocks in inline assembly for equivalent branched code.
Be aware when using the .N qualifier that transformations the compiler performs on code can make it less efficient to generate a 16-bit instruction encoding. In some cases, the compiler will ignore the qualifier and produce a 32-bit encoding instead.
[SDCOMP-12920]
Since the previous patch, the compiler has been erroneously reporting #1132 on writeback STM instructions in inline assembly where the base is at the beginning of the register list. This is now fixed. [SDCOMP-265]
The inline assembler now supports all v7 instructions except VFPv3 and NEON. Previous restrictions regarding instructions that affect processor state, such as BX, SETEND, still apply. [SDCOMP-16383]
Libraries
The function clock_t clock(void) has been added to ARM C micro-library. [SDCOMP-13343]
Others
The version-specific environment variables in ARM Compiler 5 have changed. They are specifc to ARM Compiler 5, and are:
When assembling an empty section with –exceptions, the assembler could generate incorrect exception information for sections after the empty one. [SDCOMP-15595]
The assembler would not fault a Thumb ADD instruction in an IT block that writes to the PC even if it is not the last instruction in the IT block. This UNPREDICTABLE instruction is now correctly diagnosed with error A1603E. [SDCOMP-15594]
A defect has been fixed in the assembler where invalid data size specifiers on VLDM/VSTM were silently accepted and ignored, and some valid data size specifiers for these instruction were faulted. Using invalid data-type specifiers on VLDM/VSTM will now result in error A1837E being reported. This error can be downgraded if the old behaviour is relied upon. [SDCOMP-14210]
A defect has been fixed in the assembler where VLDR and VSTR instructions with invalid data size specifiers were not faulted. Error A1836E is now reported when this occurs, but can be suppressed if the old behaviour is relied upon. [SDCOMP-14209]
Compiler (armcc)
When compiling a file with --use_frame_pointer at optimisation level "-O3 -Otime", non-terminating functions did not create a frame pointer. This has been corrected. [SDCOMP-16056]
In rare circumstances, when reading an element of a structure after a full copy to this structure, the compiler could generate incorrect code that would read the incorrect offset into the structure. This has been corrected. [SDCOMP-16028]
If RRX shift producing code (for example a 64bit left shift of 1) was used as an operand to an ALU operation, where the other operand could corrupt PSR, the compiler could produce incorrect results. [SDCOMP-16007]
A defect has been fixed in the compiler where the use of a postincrement operator in a comparison against zero in a loop could be incorrectly optimized to be true on every iteration. [SDCOMP-15882]
The compiler would previously always use a shared return sequence from a function when --no_conditionalize was used. It will now use multiple return sequences when this will reduce the number of branches executed at runtime. [SDCOMP-15736]
__builtin_frame_address(0) would previously return the value of the stack pointer, even if the frame pointer was available. It now returns the value of the frame pointer if there is one, and the stack pointer otherwise. [SDCOMP-15648]
A defect has been fixed where the volatile qualifier is not respected in inline assembly load and store instructions. [SDCOMP-14219]
A defect has been fixed in the assembler where invalid data size specifiers on VLDM/VSTM were silently accepted and ignored, and some valid data size specifiers for these instruction were faulted. Using invalid data-type specifiers on VLDM/VSTM will now result in error A1837E being reported. This error can be downgraded if the old behaviour is relied upon. [SDCOMP-14210]
A defect has been fixed in the assembler where VLDR and VSTR instructions with invalid data size specifiers were not faulted. Error A1836E is now reported when this occurs, but can be suppressed if the old behaviour is relied upon. [SDCOMP-14209]
When compiling for Thumb, loads and stores could be incorrectly scheduled after a NOP scheduling barrier. This has been fixed. [SDCOMP-12764]
Linker (armlink)
In rare circumstances the linker could corrupt branch instructions when using a combination of:
RW compression
--callgraph or --feedback options
references to the linker generated Load Address Symbols of an Execution Region that is dependent on the effect of compression. For example Load$$ER_RW$$Base and Load$$ER_RW$$Limit
The Section making references to the Linker generated symbols does not have all of its branch relocations before any non-branch relocation
This has now been fixed. [SDCOMP-15979]
The linker could generate the error Execution interrupted due to an illegal storage access. when an execution region has a larger than predicted number of veneers. This has been fixed. [SDCOMP-15977]
A compiler may place read-only strings in string merge sections. These sections have flags that include SHF_MERGE and SHF_STRINGS. A linker is permitted to share strings that are present in string merge sections. When strings are merged the linker must account for the changes in the instructions and data that reference the original string. The linker may incorrectly account for the merging process when:
The instructions that access the shared string are MOVT and MOVW
The relocations on the MOVT and MOVW are present in a relocation section with type SHT_REL. The ARM tools do not generate these relocations. Third party tools such as the GNU tools may generate these relocations.
A string in section S1 is merged to a string in section S2 where the string in S2 is at a non-zero offset from the base
A certain combination of the final base address of S2 and the offset occurs
The result will be that the combination of MOVT and MOVW instructions is 0x10000 below where it should be.
This has now been fixed. The linker will correctly handle MOVT and MOVW relocations to sections with flags including SHF_MERGE and SHF_STRINGS. When the relocation section has type SHT_REL [SDCOMP-15763]