<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Tail merging causes mismatched CFA offset for stack adjustments"

   href="https://bugs.llvm.org/show_bug.cgi?id=40012">40012</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Tail merging causes mismatched CFA offset for stack adjustments

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Backend: X86

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>martin@martin.st

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>craig.topper@gmail.com, llvm-bugs@lists.llvm.org, llvm-dev@redking.me.uk, spatel+llvm@rotateright.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=21220" name="attach_21220" title="LLVM IR for reproducing the issue">attachment 21220</a> <a href="attachment.cgi?id=21220&action=edit" title="LLVM IR for reproducing the issue">[details]</a></span>

LLVM IR for reproducing the issue

In cases where the X86CallFrameOptimization has run on a function, the stack

pointer is adjusted within functions when doing a function call. This leads to

output that looks like this:

        pushl   $72

        .cfi_adjust_cfa_offset 4

        calll   __Znwj

        addl    $4, %esp

        .cfi_adjust_cfa_offset -4

If multiple blocks within a function share the same tail, tail merging can end

up merging the stack pointer restoration from multiple blocks. This leads to

the CFA offset from interpreting the dwarf CFI being incorrect:

LBB622_99:

Ltmp2253:

        movl    %eax, %ebx

        .cfi_escape 0x2e, 0x04

        pushl   $__ZGVZNSt3__16locale7classicEvE1c

        .cfi_adjust_cfa_offset 4

        calll   ___cxa_guard_abort

        jmp     LBB622_158

...

LBB622_155:

        pushl   %edi

        .cfi_adjust_cfa_offset 4

LBB622_156:

        calll   __ZdlPv

LBB622_157:

        addl    $4, %esp

        .cfi_adjust_cfa_offset -4

        jmp     LBB622_158

When scanning the DWARF CFI linearly, the CFA offset ends up at +4 after this

section, even though the stack pointer actually always is back where it

started.

If the "addl $4, %esp; .cfi_adjust_cfa_offset -4" is moved back into both

branches, the CFA offset from scanning DWARF CFI ends up correct.

The attached (zipped) LLVM IR, when compiled with "llc locale.ll", shows off

the issue.

This results in broken DWARF unwinding on x86 platforms, in particular on

platforms where X86CallFrameOptimization actually does transformations (which

seems to mostly be on x86_32 platforms with a 4 byte aligned stack). It seems

that the issue can be avoided by either -enable-tail-merge=0 or

-no-x86-call-frame-opt.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>