[LLVMbugs] [Bug 19059] New: Generating 64-bit movd after cmpneqsd when targeting 32-bit mode

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Wed Mar 5 17:26:54 PST 2014 

http://llvm.org/bugs/show_bug.cgi?id=19059

            Bug ID: 19059
           Summary: Generating 64-bit movd after cmpneqsd when targeting
                    32-bit mode
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P
         Component: Backend: X86
          Assignee: hans at chromium.org
          Reporter: hans at chromium.org
                CC: llvmbugs at cs.uiuc.edu
            Blocks: 18887
    Classification: Unclassified

Created attachment 12195
  --> http://llvm.org/bugs/attachment.cgi?id=12195&action=edit
Preprocessed input

To reproduce:

  clang -cc1 -triple i386-pc-win32 -mstackrealign -target-cpu pentium4
-fms-extensions -S -o - b.ii

We're miscompiling this statement:

  updateAnimations(SMILTime(m_presetStartTime), m_presetStartTime ? true :
false);

In Clang's asm printout, we have this:

        movsd   32(%edx), %xmm0
        xorps   %xmm1, %xmm1
        cmpneqsd        %xmm0, %xmm1
        movd    %xmm1, %rsi

Note that the last instruction tries to move xmm1 to a 64-bit register, but
we're targeting i386.

Disassembling the object file shows different instructions:

  000000AE: F2 0F 10 42 20     movsd       xmm0,mmword ptr [edx+20h]
  000000B3: 0F 57 C9           xorps       xmm1,xmm1
  000000B6: F2 0F C2 C8 04     cmpneqsd    xmm1,xmm0
  000000BB: 66 0F 7E CE        movd        esi,xmm1

Turns out our 64-bit move to rsi becomes a 32-bit move into esi? But esi is
used as base pointer in this function; we have now clobbered it and will crash
a few lines down.

The 64-bit move looks like this (this is from "Before Expand ISel
Pseudo-instructions"):

    %vreg32<def> = FsFLD0SD; FR64:%vreg32
    %vreg33<def,tied1> = CMPSDrr %vreg32<tied0>, %vreg31<kill>, 4;
FR64:%vreg33,%vreg32,%vreg31
    %vreg34<def> = MOVSDto64rr %vreg33<kill>; GR64:%vreg34 FR64:%vreg33

after register allocation, we think we're moving into rsi:

    %XMM1<def> = FsFLD0SD
    %XMM1<def,tied1> = CMPSDrr %XMM1<tied0>, %XMM0<kill>, 4
    %RSI<def> = MOVSDto64rr %XMM1<kill>

There's something strange going on here :)


(This is reduced from WebCore::SMILTimeContainer::begin.)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20140306/ad0296cf/attachment.html>

More information about the llvm-bugs mailing list