<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Windows on Arm: x8 corrupted by virtual thunk"
   href="https://bugs.llvm.org/show_bug.cgi?id=41997">41997</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Windows on Arm: x8 corrupted by virtual thunk
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>clang
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Windows NT
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>LLVM Codegen
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedclangbugs@nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>Richard.Townsend@arm.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>llvm-bugs@lists.llvm.org, neeilans@live.com, richard-llvm@metafoo.co.uk
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=21994" name="attach_21994" title="Reproducer">attachment 21994</a> <a href="attachment.cgi?id=21994&action=edit" title="Reproducer">[details]</a></span>
Reproducer

When compiling the attached reproducer, Clang emits a vtable thunk (called from
the GetStats method) which looks like this:

A::`vcall'{0}':
00007FF7124C10FC  sub         sp,sp,#0x40  
00007FF7124C1100  stp         x1,x2,[sp,#8]  
00007FF7124C1104  stp         x3,x4,[sp,#0x18]  
00007FF7124C1108  stp         x5,x6,[sp,#0x28]  
00007FF7124C110C  str         x7,[sp,#0x38]  
00007FF7124C1110  ldr         x8,[x0]  
00007FF7124C1114  ldr         x8,[x8]  
00007FF7124C1118  add         sp,sp,#0x40  
00007FF7124C111C  br          x8  

This doesn't work when the function expects to return something via x8.
Attempting to do so will result in a crash.

For contrast, this is what MSVC produces:
00007FF6C59F1080  ldr         xip0,[x0]  
00007FF6C59F1084  ldr         xip0,[xip0]  
00007FF6C59F1088  br          xip0  

Full arguments are:
 "clang-cl.exe" "-cc1" "-triple" "aarch64-pc-windows-msvc19.16.27030"
"-emit-obj" "-mincremental-linker-compatible" "-disable-free" "-main-file-name"
"Clang-Reproducer-x8.cpp" "-mrelocation-model" "static" "-mthread-model"
"posix" "-relaxed-aliasing" "-fmath-errno" "-masm-verbose"
"-mconstructor-aliases" "-munwind-tables" "-target-cpu" "generic"
"-target-feature" "+neon" "-target-abi" "aapcs"
"-fallow-half-arguments-and-returns" "-D_MT" "-flto-visibility-public-std"
"--dependent-lib=libcmt" "--dependent-lib=oldnames" "-stack-protector" "2"
"-fdiagnostics-format" "msvc" "-gcodeview" "-debug-info-kind=limited"
"-momit-leaf-frame-pointer" "-ffunction-sections" "-O2" "-fdeprecated-macro"
"-ferror-limit" "19" "-fmessage-length" "120" "-fno-use-cxa-atexit"
"-fms-extensions" "-fms-compatibility" "-fms-compatibility-version=19.16.27030"
"-std=c++14" "-fdelayed-template-parsing" "-fobjc-runtime=gcc"
"-fdiagnostics-show-option" "-fcolor-diagnostics" "-vectorize-loops"
"-vectorize-slp" "-x" "c++" "Clang-Reproducer-x8.cpp" "-faddrsig"</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>