[llvm-bugs] [Bug 28431] New: Invalid reuse of stack slot due to returntwice function

via llvm-bugs llvm-bugs at lists.llvm.org
Tue Jul 5 18:50:09 PDT 2016


https://llvm.org/bugs/show_bug.cgi?id=28431

            Bug ID: 28431
           Summary: Invalid reuse of stack slot due to returntwice
                    function
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Backend: X86
          Assignee: unassignedbugs at nondot.org
          Reporter: yyc1992 at gmail.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

The following program should print 4 four times and then 0 once. When compiling
with clang 3.8 and current trunk (r274592) it prints 4 five times instead.

AFAICT the issue is caused by reused of the stack spill slot for `a` in the
first branch for `a + 4`. Even though the slot `a` is dead in this branch, the
return twice means that the other branch could still be executed and the slot
shouldn't be reused.

Marked as x86 backend since I couldn't reproduce on aarch64 even when adding
more code between the printf. It's entirely possible (likely?) that the problem
exists too but it is just harder to reproduce since there are many more callee
save registers.

Ref https://github.com/JuliaLang/julia/issues/17288#issuecomment-230644464


```
//

#include <setjmp.h>
#include <stdio.h>
#include <stdlib.h>

jmp_buf env;

__attribute__((noinline)) int f2(int v)
{
    __asm__ volatile("":::"memory");
    return v * v;
}

int gk = 0;

__attribute__((noinline)) int f(int a)
{
    int b = random();
    int c = random();
    int d = random();
    int e = random();
    int f = random();
    int g = random();
    int h = random();
    int i = random();
    double k = f2(b) + f2(c + f2(d + f2(e + f2(f + f2(g + f2(h + i))))));
    k *= b;
    k -= c;
    k += i;
    if (setjmp(env) == 0) {
        printf("%d\n", a + 4);
        b = random();
        c = random();
        d = random();
        e = random();
        f = random();
        g = random();
        h = random();
        i = random();
        k += f2(b) + f2(c + f2(d + f2(e + f2(f + f2(g + f2(h + i))))));
        k *= b;
        k -= c;
        k += i;
        printf("%d\n", a + 4);
        b = random();
        c = random();
        d = random();
        e = random();
        f = random();
        g = random();
        h = random();
        i = random();
        k += f2(b) + f2(c + f2(d + f2(e + f2(f + f2(g + f2(h + i))))));
        k *= b;
        k -= c;
        k += i;
        printf("%d\n", a + 4);
        b = random();
        c = random();
        d = random();
        e = random();
        f = random();
        g = random();
        h = random();
        i = random();
        k += f2(b) + f2(c + f2(d + f2(e + f2(f + f2(g + f2(h + i))))));
        k *= b;
        k -= c;
        k += i;
        printf("%d\n", a + 4);
        gk = k > 0;
        longjmp(env, 1);
    }
    else {
        printf("%d\n", a);
    }
    return a;
}

int main()
{
    return f(0);
}
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160706/addde817/attachment.html>


More information about the llvm-bugs mailing list