<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/66338>66338</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [AArch64] Miscompilation when stack tagging is enabled in AArch64
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          kartcq
      </td>
    </tr>
</table>

<pre>
    Here is the reduced test : [https://godbolt.org/](https://godbolt.org/)
There is a **br** instruction (line 16) at end of the **entry** block which is suppose to **read the NZCV flag** edited by previous **cmp** instruction (line 14) and branch accordingly. But the **stg loop** gets in the way and edits the **nzcv flag** which is not handled properly.

This results in mis compiled assembly
```
  cmp     w0, #10  
LBB0_1: 
  st2g    x9, [x9], #32  
  subs    x8, x8, #32   
  b.ne .LBB0_1
  b.ge    .LBB0_4
```
        
Here b.ge jumps based on NZCV edited by subs instruction rather than from cmp instruction.

Run Command
```
llc -mtriple=aarch64 -mattr=+mte -aarch64-order-frame-objects=0 settag.ll
```
settag.ll
```
declare void @llvm.aarch64.settag(ptr %p, i64 %a)
; Function Attrs: nounwind
declare i32 @printf(ptr, ...) #0

@.str = private unnamed_addr constant [4 x i8] c"%d\0A\00", align 1

define i32 @stg_func(i32 %in) {
entry:

  %a = alloca i8, i32 16, align 16
  %b = alloca i8, i32 512, align 16
  %c = alloca i8, i32 16, align 16
  call void @llvm.aarch64.settag(ptr %a, i64 16)
 call void @llvm.aarch64.settag(ptr %b, i64 512)
  %cmp = icmp slt i32 %in, 10
  call void @llvm.aarch64.settag(ptr %c, i64 16)
  br i1 %cmp, label %return0, label %return1

return0: ; preds = %entry
  %call = call i32 (ptr, ...) @printf(ptr @.str, i32 10) #1
  ret i32 0

return1:
  ret i32 1
}
```

This is observed after the patch : [5e612bc](https://github.com/llvm/llvm-project/commit/5e612bc291347d364f1d47c37f0d34eb6474b9b5)
As this patch expands stg loops to b.ne instead of Bcc used earlier

</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJyUVsuO47YS_Rp6U2hBIiXZWnhht9G4i5ssgiCLbAZ8lCTOUKRCUv3I1wekZLcn6RnMGIZNkaeqDquKh-Ih6MEiHklzJs1lx5c4On_8wn2Uf-2EU2_H_6FH0AHiiOBRLRIVRAwRCDsBac5jjHMg7EToE6FPg1PCmVg4P6SJ5kLo4bsI2pHyQsrT7-MWhwOhJ0JPwq__oG2IfpFROwuEHoy2CFVLaAc8AloFrs_kVjja6N82S2Gc_AIvo5Zj8hyWeXYBIboN65GrbPrrn49_QG_4sBmi0hEViDeYPT5rt4TNQk7z91jVmZVVIDy3cgQupfNK28G8FXBe4h3PEAcwzl3dDRgDaJsBL_wtO0kswp2J_Vs-37O8bcy6CCO3yqCC2bsZvXkr1rRek6sDeAyLWaNMOoB006yTBQ8BJ2HeNoO23L75EUBOM6TPS0noIxDKqhJgXfz_-Vx-qnIfbOAQ6ZDAr10GN-fXLvdANmQU3oGLCBl4SIvr7wa5YURhEYotyG1uwGS3Ttff4Lx-1qfcv9ns8zLNAQQPqMDZtejvlc6M7qvqeRzRQxy5hd67KWfiDvBVhn9bLDy6aeJWfcjJGAkPU_R6NkjYhXMvx7aGh4nH6Am7EHqeIsLDtvDgvEL_0Hs-4YMTn1HGQNilhIAx8qEw5sMo319VKA33CM9OKyB1aczzVGwBi9WU0MMcPRDazKkiuq3TmN9OKWFneFrsmqBTjD6da7BusS_6uvNrGM1oijJ7bWO_Ok4-i6JIp4RQVt4nkNRlEVJodoHZ62ceERZr-YTqE1fKg3Q2RG5j6qoaXkEfSHMBSSgltFGkeSxP6afME4_AjR4sVPchFPbplG68Qhw-9YuVhB7yDG20zcT25xW-Kgk73buAnI5MkhvjJE80UqIYzZp0i9ve4cXH-Kai3zCQPxNAcmN-rKT8WtKsnpv9j5uLq3km3t3znebMWKdBMBHuEvoIVfnzVOVHVEF40NUWMAEMF2jSs8e4eFt-MPdVA1xhSbDYOWm7Cpk4oc1a7bs9Ja5pLQ_WDf27hb9ubtha-Faucuvzm3h5XFNT_pdUdWu0d9iV-_7y4XG-k3YdwImA_jnJeR-zaiHMPMrxek032FZUyA9vZB3HRRTSTYQ-pbJsfw-zd0l5CH2Sbpp0GmxuaFexeq9YW_eVqveS7ftSsRpFW-9r0YnmVrVTusF02Mjg68ytCnC9_UK6jLPOJ2FN17Hr4SwlLEmkkXuj0a-OdurIVMc6vsNj1XZ1u-9Y2e7Go0DeNk0lur2UZbNXtRKCYdd1tO36fS93-khLysquqstD1ZRtUav2wCj2JWOHlh16Upc4cW2K3JPODzsdwoLHtmXssMsdFfIbEqUWXyAvJplpLjt_zJkSyxBST-sQw7uXqKPJr1anU27zJFi_6LDevDxr6MuIFkLk8gtEPgzaDqmYaLlIV7O2sJnuFm-OP122zDQQ-pR38k8AAAD__4tq5HI">