Don't clobber the frame pointer

submited by
Style Pass
2025-01-03 07:30:15

Recently I diagnosed and fixed two frame pointer unwinding crashes in Go. The root causes were two flavors of the same problem: buggy assembly code clobbered a frame pointer. By "clobbered" I mean wrote over the value without saving & restoring it. One bug clobbered the frame pointer register. The other bug clobbered a frame pointer saved on the stack. This post explains the bugs, talks a bit about ABIs and calling conventions, and makes some recommendations for how to avoid the bugs.

Here's the short version of what you should do when writing assembly for Go to avoid the problems discussed in this post: First, read the Go assembly guide. Prefer an assembly generator like Avo. Tools like Avo are aware of the underlying rules for using registers and manipulating the stack, and generally make writing non-trivial amounts of assembly easier. If your assembly function calls Go functions, prefer not to use the frame pointer registers at all (BP for AMD64, R29 for ARM64). Leaving a non-frame pointer value in those registers prior to calling a Go function can crash the runtime execution tracer and profilers. Otherwise, if your function has a non-zero frame size, the assembler will correctly make a stack frame for you, growing the stack if needed, and properly save and restore the frame pointer. The means the frame pointer will be safe to use. Consider giving your function a small, non-zero frame size even if you don't need to if you want to use the frame pointer. [1] Otherwise, if you need to use the frame pointer and don't want to have a frame, save the original frame pointer on the stack yourself and restore it when the function returns. Take care on ARM64: Go compiled functions will save the frame pointer one word below their stack frame, so the first 8 bytes of stack frame are off-limits, and the stack pointer must be 16-byte aligned.

The first issue was reported at go.dev/issue/69629. After upgrading to Go 1.23, and building with profile-guided optimization (PGO), the block profiler consistently crashed when the program was under load. The crash happened when collecting a call stack via frame pointer unwinding. This affected the program when built for the amd64 architecture, but not when it was built for arm64. I had contributed frame pointer unwinding for the block and mutex profilers for Go 1.23, so I took a look at the issue.

Leave a Comment