<html>
<head>
<base href="https://llvm.org/bugs/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW --- - Invalid reuse of stack slot due to returntwice function"
href="https://llvm.org/bugs/show_bug.cgi?id=28431">28431</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Invalid reuse of stack slot due to returntwice function
</td>
</tr>
<tr>
<th>Product</th>
<td>libraries
</td>
</tr>
<tr>
<th>Version</th>
<td>trunk
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>Backend: X86
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>yyc1992@gmail.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr></table>
<p>
<div>
<pre>The following program should print 4 four times and then 0 once. When compiling
with clang 3.8 and current trunk (r274592) it prints 4 five times instead.
AFAICT the issue is caused by reused of the stack spill slot for `a` in the
first branch for `a + 4`. Even though the slot `a` is dead in this branch, the
return twice means that the other branch could still be executed and the slot
shouldn't be reused.
Marked as x86 backend since I couldn't reproduce on aarch64 even when adding
more code between the printf. It's entirely possible (likely?) that the problem
exists too but it is just harder to reproduce since there are many more callee
save registers.
Ref <a href="https://github.com/JuliaLang/julia/issues/17288#issuecomment-230644464">https://github.com/JuliaLang/julia/issues/17288#issuecomment-230644464</a>
```
//
#include <setjmp.h>
#include <stdio.h>
#include <stdlib.h>
jmp_buf env;
__attribute__((noinline)) int f2(int v)
{
__asm__ volatile("":::"memory");
return v * v;
}
int gk = 0;
__attribute__((noinline)) int f(int a)
{
int b = random();
int c = random();
int d = random();
int e = random();
int f = random();
int g = random();
int h = random();
int i = random();
double k = f2(b) + f2(c + f2(d + f2(e + f2(f + f2(g + f2(h + i))))));
k *= b;
k -= c;
k += i;
if (setjmp(env) == 0) {
printf("%d\n", a + 4);
b = random();
c = random();
d = random();
e = random();
f = random();
g = random();
h = random();
i = random();
k += f2(b) + f2(c + f2(d + f2(e + f2(f + f2(g + f2(h + i))))));
k *= b;
k -= c;
k += i;
printf("%d\n", a + 4);
b = random();
c = random();
d = random();
e = random();
f = random();
g = random();
h = random();
i = random();
k += f2(b) + f2(c + f2(d + f2(e + f2(f + f2(g + f2(h + i))))));
k *= b;
k -= c;
k += i;
printf("%d\n", a + 4);
b = random();
c = random();
d = random();
e = random();
f = random();
g = random();
h = random();
i = random();
k += f2(b) + f2(c + f2(d + f2(e + f2(f + f2(g + f2(h + i))))));
k *= b;
k -= c;
k += i;
printf("%d\n", a + 4);
gk = k > 0;
longjmp(env, 1);
}
else {
printf("%d\n", a);
}
return a;
}
int main()
{
return f(0);
}
```</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>