<html>

    <head>

      <base href="https://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW " title="NEW --- - [Win64] Indirect tail calls on non-Windows can use clobbered non-volatile register" href="https://urldefense.proofpoint.com/v2/url?u=https-3A__llvm.org_bugs_show-5Fbug.cgi-3Fid-3D23710&d=AwMBaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=pF93YEPyB-J_PERP4DUZOJDzFVX5ZQ57vQk33wu0vio&m=GSgYrFhif84zZvh-16fXk6PdanZuWRw3n184rZEix7g&s=IEcGvOE8dk6pRV5_2UCGU1DMx4wkiLzioctHOjqS2Ag&e=">23710</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>[Win64] Indirect tail calls on non-Windows can use clobbered non-volatile register

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Backend: X86

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>cdavis5x@gmail.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvmbugs@cs.uiuc.edu

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=14406" name="attach_14406" title="Failing test case that demonstrates Win64 indirect tail-call bug">attachment 14406</a> <a href="attachment.cgi?id=14406&action=edit" title="Failing test case that demonstrates Win64 indirect tail-call bug">[details]</a></span>

Failing test case that demonstrates Win64 indirect tail-call bug

When compiling a Win64 function on non-Windows (e.g. Linux, Mac OS X) that does

the following:

1) calculates some address to call

2) saves that address in a non-volatile register (e.g. to preserve it across a

call)

3) tail-calls that address

the tail call goes through the non-volatile register. Unfortunately, this being

a tail call, the non-volatiles were all restored from the stack by the time the

jump happens, so we lose the address to be called.

Test case attached. Here's what LLVM produces (as of this writing) from it for

x86-64-linux, cleaned up and annotated by me:

win64_tailcall:

    pushq    %rsi

    pushq    %rdi         # Non-volatile RDI saved to stack

    subq    $40, %rsp

    movl    %ecx, %esi

    callq    win64_callee # Returns address to call

    movq    %rax, %rdi   # Saved to RDI here...

    xorl    %ecx, %ecx

    callq    win64_other  # ...because of this call

    movl    %esi, %ecx   # Getting ready to make the tail call

        #movq   %rdi, %rax   # Missing instruction that should've been inserted

    addq    $40, %rsp

    popq    %rdi         # RDI restored (uh oh...)

    popq    %rsi

    jmpq    *%rdi        # KABOOM

I suspect that somewhere where it matters for tail call lowering, we're still

assuming that RDI is volatile (because in the System V AMD64 ABI, it is), but I

haven't been able to figure out where yet.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>