<html>

    <head>

      <base href="https://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - Using cmpxchg[8|16]b produces incorrect code with dynamically allocated stack"

   href="https://llvm.org/bugs/show_bug.cgi?id=26883">26883</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Using cmpxchg[8|16]b produces incorrect code with dynamically allocated stack

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Backend: X86

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>qcolombet@apple.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=16011" name="attach_16011" title="Reproducer">attachment 16011</a> <a href="attachment.cgi?id=16011&action=edit" title="Reproducer">[details]</a></span>

Reproducer

cmpxchg[8|16]b uses RBX as one of its argument.

In other words, using this instruction clobbers RBX as it defined to hold one

the input.

When the backend uses dynamically allocated stack, RBX is used as a reserved

register for the base pointer.

Reserved registers have special semantic that only the target understands and

enforces, because of that, the register allocator don’t use them, but also,

don’t try to make sure they are used properly (remember it does not know how

they are supposed to be used).

Therefore, when RBX is used as a reserved register but defined by something

that is not compatible with that use, the register allocator will not fix the

surrounding code to make sure it gets saved and restored properly around the

broken code. This is the responsibility of the target to do the right thing

with its reserved register.

The attached bitcode file demonstrates such bad code generation.

To reproduce:

llc -mattr=+cx16 -x86-use-base-pointer=true -stackrealign -stack-alignment=32

-o - ../test/CodeGen/X86/base-pointer-and-cmpxchg.ll

Result:

    movq    %rdx, %rbx ; <— RBX gets defined for the instruction cmpxchg16b

    movq    %rsp, %rax

    movq    %rax, 32(%rbx) ; <— as a result we spill in random place.

        […]

    movq    40(%rbx), %rax ; <— and reload garbage

        [...]

    lock        cmpxchg16b    (%rsi)

I have tried to fix that in r262759 by falling back to the lib call 

__sync_val_compare_and_swap when we need RBX as base pointer. Turns out this

function is not available in compiler-rt unlike what I thought.

We may want to add it for x86.

Anyhow, filing this to keep track of the problem.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>