[llvm-bugs] [Bug 27043] New: [SSP] llc crashes on llvm.stackprotectorcheck() call when the argument is a complicated expression

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Mar 23 14:48:44 PDT 2016 

https://llvm.org/bugs/show_bug.cgi?id=27043

            Bug ID: 27043
           Summary: [SSP] llc crashes on llvm.stackprotectorcheck() call
                    when the argument is a complicated expression
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Common Code Generator Code
          Assignee: unassignedbugs at nondot.org
          Reporter: timshen91 at gmail.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

Created attachment 16075
  --> https://llvm.org/bugs/attachment.cgi?id=16075&action=edit
Input that crashes trunk llc

llvm.stackprotectorcheck works only when its argument is a "simple" expression,
e.g. global variable access. If user manages to load an address and pass it
into it, llc crashes.

The reason behind this is SelectionDAG handles llvm.stackprotectorcheck in both
SelectBasicBlock and FinishBasicBlock.

llvm.stackprotectorcheck call is intentionally not handled in
SelectionBasicBlock, because we like to pick up tail call update later in
FinishBasicBlock. However, the user code that's calculating its argument gets
generated in SelectionBasicBlock and eliminated in DAG combining (because it's
not used). Later in FinishBasicBlock SSP handler refers to a register that is
populated by no one.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160323/5a491377/attachment.html>

More information about the llvm-bugs mailing list