[llvm-bugs] [Bug 48080] New: x86_64: force_align_arg_pointer fails to realign stack before spilling SSE registers

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Nov 4 17:21:34 PST 2020 

https://bugs.llvm.org/show_bug.cgi?id=48080

            Bug ID: 48080
           Summary: x86_64: force_align_arg_pointer fails to realign stack
                    before spilling SSE registers
           Product: clang
           Version: trunk
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: bshanks at codeweavers.com
                CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org,
                    neeilans at live.com, richard-llvm at metafoo.co.uk

In the prologue of a function marked with ms_abi and force_align_arg_pointer,
which calls a sysv_abi function, Clang aligns %rsp but then uses the unaligned
%rbp to spill %xmm6-15 to the stack. This causes a crash. 
I've seen this cause a real-world game to crash under Wine, where
force_align_arg_pointer is used on all ms_abi functions called by Windows
application code, since only 4 byte alignment is guaranteed.

Here's a test app that misaligns the stack and then calls the ms_abi function.
Crashes with clang 11.0 but succeeds with gcc.

Godbolt: https://godbolt.org/z/rY7nhq

#include <stdio.h>

int b(int num) {
    printf("%d", num*num);
    return num * num;
}

extern int  __attribute__((ms_abi)) __attribute__((force_align_arg_pointer))
a(int num) {
    return b(num);
}

int main()
{
    //a(4);
    asm( "subq $4, %%rsp\n"
         "movl %0, %%ecx\n"
         "call %P1\n"
         "addq $4, %%rsp\n"
         :
         : "r" (4), "i"(a)
    );
    return 0;
}


Compiled by Clang into:

a(int):                                  # @a(int)
        pushq   %rbp
        movq    %rsp, %rbp
        pushq   %rsi
        pushq   %rdi
        andq    $-16, %rsp                      <== %rsp aligned
        subq    $176, %rsp
        movaps  %xmm15, -32(%rbp)               # 16-byte Spill    <== but %rbp
used for spill
        movaps  %xmm14, -48(%rbp)               # 16-byte Spill
        movaps  %xmm13, -64(%rbp)               # 16-byte Spill
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20201105/592ba458/attachment.html>

More information about the llvm-bugs mailing list