<html>

    <head>

      <base href="https://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - Crash on converting int128 to float"

   href="https://llvm.org/bugs/show_bug.cgi?id=26559">26559</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Crash on converting int128 to float

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>Other

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Backend: SystemZ

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>koriakin@0x04.net

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>$ cat bug.c

typedef unsigned tu_int __attribute__ ((mode (TI)));

tu_int a = 1;

float b;

int main() {

        b = a;

        return 0;

}

$ clang bug.c -O3

$ ./a.out

Segmentation fault (core dumped)

(-O3 is not necessary, but simplifies the emitted assembly)

This is a backend bug - clang simply emits a uitofp:

; Function Attrs: norecurse nounwind

define signext i32 @main() #0 {

entry:

  %0 = load i128, i128* @a, align 16, !tbaa !1

  %conv = uitofp i128 %0 to float

  store float %conv, float* @b, align 4, !tbaa !5

  ret i32 0

}

It seems __floatuntis is incorrectly called with the argument in %r2:%r3, when

it should be called with pointer to argument in %r2:

main:                                   # @main

# BB#0:                                 # %entry

        stmg    %r14, %r15, 112(%r15)

        aghi    %r15, -160

        lgrl    %r2, a

        lgrl    %r3, a+8

        brasl   %r14, __floatuntisf@PLT

        larl    %r1, b

        ste     %f0, 0(%r1)

        lghi    %r2, 0

        lmg     %r14, %r15, 272(%r15)

        br      %r14

gcc gets that right:

main:

.LFB0:

        .cfi_startproc

        stmg    %r14,%r15,112(%r15)

        larl    %r1,a

        lmg     %r4,%r5,0(%r1)

        .cfi_offset 14, -48

        .cfi_offset 15, -40

        lay     %r15,-176(%r15)

        .cfi_def_cfa_offset 336

        la      %r2,160(%r15)

        stmg    %r4,%r5,160(%r15)

        brasl   %r14,__floatuntisf

        lghi    %r2,0

        larl    %r5,b

        lmg     %r14,%r15,288(%r15)

        .cfi_restore 15

        .cfi_restore 14

        .cfi_def_cfa_offset 160

        ste     %f0,0(%r5)

        br      %r14

        .cfi_endproc

Found when attempting to port UBSan to SystemZ

(compiler-rt/test/ubsan/TestCases/Float/cast-overflow.cpp triggers it).</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>