<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - fetestexcept reordered with floating point operation"

   href="https://bugs.llvm.org/show_bug.cgi?id=35233">35233</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>fetestexcept reordered with floating point operation

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>clang

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>4.0

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>-New Bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedclangbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>peter@trailofbits.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=19381" name="attach_19381" title="C++11 file exhibiting the bug">attachment 19381</a> <a href="attachment.cgi?id=19381&action=edit" title="C++11 file exhibiting the bug">[details]</a></span>

C++11 file exhibiting the bug

A static_cast of a uint64_t to a double on Clang 4.0 and AArch64 is reordered

with a fettestexcept, resulting in the wrong floating point state being tested.

Example output from GCC 6.0: <a href="https://godbolt.org/g/pbAW4J">https://godbolt.org/g/pbAW4J</a>

Here's Clang's output:

oot@mcsema-aarch64:~/remill# ../remill-build/libraries/llvm/bin/clang++

-std=c++11 -O3 -c /tmp/convert.cc -S -o /tmp/convert.S

root@mcsema-aarch64:~/remill# cat /tmp/convert.S

    .text

    .file    "/tmp/convert.cc"

    .globl    _Z9to_doubleR5flagsm

    .p2align    2

    .type    _Z9to_doubleR5flagsm,@function

_Z9to_doubleR5flagsm:                   // @_Z9to_doubleR5flagsm

// BB#0:

    stp    x20, x19, [sp, #-32]!   // 8-byte Folded Spill

    mov     x19, x0

    orr    w0, wzr, #0x1f

    stp    x29, x30, [sp, #16]     // 8-byte Folded Spill

    add    x29, sp, #16            // =16

    mov     x20, x1

    bl    feclearexcept

    orr    w0, wzr, #0x1f

    bl    fetestexcept

    tbz    w0, #4, .LBB0_2

// BB#1:

    orr    w8, wzr, #0x1

    str        w8, [x19]

.LBB0_2:

    tbz    w0, #2, .LBB0_4

// BB#3:

    orr    w8, wzr, #0x1

    str    w8, [x19, #4]

.LBB0_4:

    tbz    w0, #3, .LBB0_6

// BB#5:

    orr    w8, wzr, #0x1

    str    w8, [x19, #8]

.LBB0_6:

    ucvtf    d0, x20

    tbz    w0, #0, .LBB0_8

// BB#7:

    orr    w8, wzr, #0x1

    str    w8, [x19, #12]

.LBB0_8:

    ldp    x29, x30, [sp, #16]     // 8-byte Folded Reload

    ldp    x20, x19, [sp], #32     // 8-byte Folded Reload

    ret

.Lfunc_end0:

    .size    _Z9to_doubleR5flagsm, .Lfunc_end0-_Z9to_doubleR5flagsm</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>