<html>

    <head>

      <base href="http://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - rep;movsl clashes with dynamic stack realignment"

   href="http://llvm.org/bugs/show_bug.cgi?id=15249">15249</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>rep;movsl clashes with dynamic stack realignment

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Backend: X86

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>benny.kra@gmail.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>dimitry@andric.com, llvmbugs@cs.uiuc.edu

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=10005" name="attach_10005" title="bad asm">attachment 10005</a> <a href="attachment.cgi?id=10005&action=edit" title="bad asm">[details]</a></span>

bad asm

This caused a miscompile in firefox for reasons not entirely clear to me.

===

#include <stdio.h>

struct foo {

  char x[22];

};

__attribute__((noinline)) void bar(int *x, struct foo y) {

  printf("%p %d\n", x, y.x[0]);

}

__attribute__((noinline)) int foo(struct foo *x, int y) {

  int a = x->x[0];              // Force a spill.

  bar(__builtin_alloca(y), *x); // Make realignment harder with alloca.

  return a;

}

int main() {

  struct foo x = { { 42 } };

  printf("the answer to life the universe and everything is: %d\n",

         foo(&x, 11));

  return 0;

}

===

$ clang -Os foo.c -march=i486 -fomit-frame-pointer -mstackrealign && ./a.out

0xbfe7c220 42

the answer to life the universe and everything is: -1075330360

$ gcc -Os foo.c -march=i486 -fomit-frame-pointer && ./a.out

0xbfcdbf50 42

the answer to life the universe and everything is: 42

In the assembly we have this:

        movl    %esp, %esi

...

        leal    16(%esi), %eax

        movl    %eax, %esi

        rep;movsl

        movl    %ebx, (%esp)

        movw    36(%esi), %ax

        movw    %ax, 24(%esp)

        calll   bar

        addl    $32, %esp

        movl    12(%esi), %eax          # 4-byte Reload

rep;movsl demands %esi but it's not restored after the copy, and the spill

reload loads some random value instead of a stack address.

I failed to reproduce this on darwin so far because it always inlines the copy

at any optimization level. You can see the bad asm with -target

i386-unknown-freebsd though. It also reproduced on 32 bit linux given the flags

above.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>