<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - unaligned access in 32-bit SSE PIC code"

   href="https://bugs.llvm.org/show_bug.cgi?id=41612">41612</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>unaligned access in 32-bit SSE PIC code

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Backend: X86

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>jay.foad@gmail.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>craig.topper@gmail.com, llvm-bugs@lists.llvm.org, llvm-dev@redking.me.uk, spatel+llvm@rotateright.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>I'm using Clang 8 on Ubuntu 19.04. I believe the bug affects at least clang 7

and 8 and trunk, according to godbolt.org.

$ clang --version

clang version 8.0.0-3 (tags/RELEASE_800/final)

Target: x86_64-pc-linux-gnu

Thread model: posix

InstalledDir: /usr/bin

To reproduce:

 cat h.c

typedef __attribute__((aligned)) struct { long long a[2]; } T;

T b(void);

int e(void);

void c(T *g) {

  *g = b();

}

T h(T g) {

  if (e())

    c(&g);

  return g;

}

$ cat main.c

typedef __attribute__((aligned)) struct { long long a[2]; } T;

T h(T);

T b(void) {

  T x = {0};

  return x;

}

int e(void) {

  return 1;

}

int main() {

  T x = {0};

  (void)h(x);

  return 0;

}

$ clang -m32 -O -march=pentium4 -mfpmath=sse -fPIC main.c h.c -o main -Wall

$ ./main

Segmentation fault (core dumped)

The problem seems to be that when c() is inlined into h(), it assigns to g

using a movapd instruction, even though g is an argument on the stack and is

not 16-byte aligned.

Here's a godbolt link: <a href="https://godbolt.org/z/LrgIXg">https://godbolt.org/z/LrgIXg</a>

You can see that the disassembly of h() includes:

        lea     edi, [esp + 52]

        ...

        movaps  xmmword ptr [edi], xmm0

Assuming that esp was 16-byte aligned at this point, this does an unaligned

store to esp + 52.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>