From 6db41e4816965cddce245c30e073db68e9f56a44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicol=C3=A1s=20Ojeda=20B=C3=A4r?= <n.oje.bar@gmail.com>
Date: Tue, 8 Sep 2020 09:55:19 +0200
Subject: [PATCH] riscv: fix register usage (#9890)

---
 Changes               |  5 +++
 asmcomp/riscv/proc.ml |  7 ++--
 runtime/riscv.S       | 75 +++++++++++++++++++++----------------------
 3 files changed, 46 insertions(+), 41 deletions(-)

diff --git a/Changes b/Changes
index 892e8df25..195240445 100644
--- a/Changes
+++ b/Changes
@@ -113,6 +113,11 @@ Working version
    Doligez, Anil Madhavapeddy, Guillaume Munch-Maccagnoni and Jacques-
    Henri Jourdan)
 
+- #9888, #9890: Fixes a bug in the `riscv` backend where register t0 was not
+  saved/restored when performing a GC. This could potentially lead to a
+  segfault.
+  (Nicolás Ojeda Bär, report by Xavier Leroy, review by Xavier Leroy)
+
 ### Code generation and optimizations:
 
 - #9551: ocamlc no longer loads DLLs at link time to check that
diff --git a/asmcomp/riscv/proc.ml b/asmcomp/riscv/proc.ml
index 502cbb158..ce190a721 100644
--- a/asmcomp/riscv/proc.ml
+++ b/asmcomp/riscv/proc.ml
@@ -36,7 +36,8 @@ let word_addressed = false
     a0-a7        0-7       arguments/results
     s2-s9        8-15      arguments/results (preserved by C)
     t2-t6        16-20     temporary
-    t0-t1        21-22     temporary (used by code generator)
+    t0           21        temporary
+    t1           22        temporary (used by code generator)
     s0           23        domain pointer (preserved by C)
     s1           24        trap pointer (preserved by C)
     s10          25        allocation pointer (preserved by C)
@@ -55,8 +56,8 @@ let word_addressed = false
   Additional notes
   ----------------
 
-    - t0-t1 are used by the assembler and code generator, so
-      not available for register allocation.
+    - t1 is used by the code generator, so not available for register
+      allocation.
 
     - t0-t6 may be used by PLT stubs, so should not be used to pass
       arguments and may be clobbered by [Ialloc] in the presence of dynamic
diff --git a/runtime/riscv.S b/runtime/riscv.S
index 48e690e44..d3a5a794b 100644
--- a/runtime/riscv.S
+++ b/runtime/riscv.S
@@ -63,9 +63,8 @@ FUNCTION(caml_call_gc)
         /* Record lowest stack address */
         STORE   sp, Caml_state(bottom_of_stack)
         /* Set up stack space, saving return address */
-        /* (1 reg for RA, 1 reg for FP, 21 allocatable int regs,
+        /* (1 reg for RA, 1 reg for FP, 22 allocatable int regs,
             20 caller-save float regs) * 8 */
-        /* + 1 for alignment */
         addi    sp, sp, -0x160
         STORE   ra, 0x8(sp)
         STORE   s0, 0x0(sp)
@@ -92,26 +91,26 @@ FUNCTION(caml_call_gc)
         STORE   t4, 0xa0(sp)
         STORE   t5, 0xa8(sp)
         STORE   t6, 0xb0(sp)
+        STORE   t0, 0xb8(sp)
         /* Save caller-save floating-point registers on the stack
            (callee-saves are preserved by caml_garbage_collection) */
-        fsd     ft0, 0xb8(sp)
-        fsd     ft1, 0xc0(sp)
-        fsd     ft2, 0xc8(sp)
-        fsd     ft3, 0xd0(sp)
-        fsd     ft4, 0xd8(sp)
-        fsd     ft5, 0xe0(sp)
-        fsd     ft6, 0xe8(sp)
-        fsd     ft7, 0xf0(sp)
-        fsd     fa0, 0xf8(sp)
-        fsd     fa1, 0x100(sp)
-        fsd     fa2, 0x108(sp)
-        fsd     fa3, 0x110(sp)
-        fsd     fa4, 0x118(sp)
-        fsd     fa5, 0x120(sp)
-        fsd     fa6, 0x128(sp)
-        fsd     fa7, 0x130(sp)
-        fsd     ft8, 0x138(sp)
-        fsd     ft9, 0x140(sp)
+        fsd     ft0, 0xc0(sp)
+        fsd     ft1, 0xc8(sp)
+        fsd     ft2, 0xd0(sp)
+        fsd     ft3, 0xd8(sp)
+        fsd     ft4, 0xe0(sp)
+        fsd     ft5, 0xe8(sp)
+        fsd     ft6, 0xf0(sp)
+        fsd     ft7, 0xf8(sp)
+        fsd     fa0, 0x100(sp)
+        fsd     fa1, 0x108(sp)
+        fsd     fa2, 0x110(sp)
+        fsd     fa3, 0x118(sp)
+        fsd     fa4, 0x120(sp)
+        fsd     fa5, 0x128(sp)
+        fsd     fa6, 0x130(sp)
+        fsd     fa7, 0x138(sp)
+        fsd     ft8, 0x140(sp)
         fsd     ft9, 0x148(sp)
         fsd     ft10, 0x150(sp)
         fsd     ft11, 0x158(sp)
@@ -146,24 +145,24 @@ FUNCTION(caml_call_gc)
         LOAD    t4, 0xa0(sp)
         LOAD    t5, 0xa8(sp)
         LOAD    t6, 0xb0(sp)
-        fld     ft0, 0xb8(sp)
-        fld     ft1, 0xc0(sp)
-        fld     ft2, 0xc8(sp)
-        fld     ft3, 0xd0(sp)
-        fld     ft4, 0xd8(sp)
-        fld     ft5, 0xe0(sp)
-        fld     ft6, 0xe8(sp)
-        fld     ft7, 0xf0(sp)
-        fld     fa0, 0xf8(sp)
-        fld     fa1, 0x100(sp)
-        fld     fa2, 0x108(sp)
-        fld     fa3, 0x110(sp)
-        fld     fa4, 0x118(sp)
-        fld     fa5, 0x120(sp)
-        fld     fa6, 0x128(sp)
-        fld     fa7, 0x130(sp)
-        fld     ft8, 0x138(sp)
-        fld     ft9, 0x140(sp)
+        LOAD    t0, 0xb8(sp)
+        fld     ft0, 0xc0(sp)
+        fld     ft1, 0xc8(sp)
+        fld     ft2, 0xd0(sp)
+        fld     ft3, 0xd8(sp)
+        fld     ft4, 0xe0(sp)
+        fld     ft5, 0xe8(sp)
+        fld     ft6, 0xf0(sp)
+        fld     ft7, 0xf8(sp)
+        fld     fa0, 0x100(sp)
+        fld     fa1, 0x108(sp)
+        fld     fa2, 0x110(sp)
+        fld     fa3, 0x118(sp)
+        fld     fa4, 0x120(sp)
+        fld     fa5, 0x128(sp)
+        fld     fa6, 0x130(sp)
+        fld     fa7, 0x138(sp)
+        fld     ft8, 0x140(sp)
         fld     ft9, 0x148(sp)
         fld     ft10, 0x150(sp)
         fld     ft11, 0x158(sp)