<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/67787>67787</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
Assembly Bugs in Clang
</td>
</tr>
<tr>
<th>Labels</th>
<td>
clang
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
witbring
</td>
</tr>
</table>
<pre>
When I tested clang 16.0.0 for my research, I found several interesting bug cases.
# ARMv8
### Discard assembly lines
Clang silently ignores the given instruction. Specifically, when I try to compile ARMv8 assembly code with the following instructions, it does not emit any machine code for it. We found such cases from `dsb`, `dmb`, and `isb` instructions.
```
$ ./bin/clang --version
clang version 16.0.0
Target: x86_64-unknown-linux-gnu
Thread model: posix
$ cat buggy.s
lsr r5, r5, #3
dsb [R3,#1]
dmb [R8]
isb [R1,#1]
lsr r5, r5, #3
$ bin/clang -c --target=armv8-linux-eabi buggy.s -o buggy.o
$ bin/arm-linux-gnueabi-objdump -d buggy.o
Disassembly of section .text:
00000000 <.text>:
0: e1a051a5 lsr r5, r5, #3
4: e1a051a5 lsr r5, r5, #3
```
# Aarch64
### Change registers
Also, clang takes incorrect arm syntax and silently change registers.
```
$ cat buggy2.s
sxtw X0, X2
sxth X0, X4
sxtb X0, X6
$ ./bin/clang -c --target=aarch64-linux-eabi buggy2.s -o buggy2.o
$ objdump -d buggy2.o
Disassembly of section .text:
0000000000000000 <.text>:
0: 93407c40 sxtw x0, w2
4: 93403c80 sxth x0, w4
8: 93401cc0 sxtb x0, w6
```
In case of S2, D2 registers, clang properly produces error message.
```
$ cat buggy2.s
sxtw X0, X2
sxth X0, S2
sxtb X0, D2
$/bin/clang -c --target=aarch64-linux-eabi buggy2.s -o buggy2.o
buggy2.s:2:14: error: invalid operand for instruction
sxth X0, S2
^
buggy2.s:3:14: error: invalid operand for instruction
sxtb X0, D2
^
```
# MIPS
Clang transforms a memory operand as an immediate value in the case of `bc1tl`, `bc1fl`, `jal`, `jalx` and `j` instructions.
```
$ cat buggy3.s
bc1tl (1)
bc1fl (2)
jal (3)
jalx (4)
j (5)
$ ./bin/clang -c --target=mips buggy3.s -o buggy3.o
$ objdump -d buggy3.o
00000000 <.text>:
0: 45030000 bc1tl 0x4
4: 00000000 nop
8: 45020000 bc1fl 0xc
c: 00000000 nop
10: 0c000000 jal 0x0
14: 00000000 nop
18: 74000001 jalx 0x4
1c: 00000000 nop
20: 08000001 j 0x4
24: 00000000 nop
```
# x86/x86-64
### Transform register
Also, we found that clang silently changes the size of registers without any WARNING message.
We found such cases from `tpause` and `umwait` instructions.
```
$ cat buggy4.s
.intel_syntax noprefix
tpause RDX
umwait RBP
$ ./bin/clang -c buggy4.s -o buggy4.o
$ ./bin/objdump -d -M intel buggy4.o
buggy4.o: file format elf64-x86-64
Disassembly of section .text:
0000000000000000 <.text>:
0: 66 0f ae f2 tpause edx
4: f2 0f ae f5 umwait ebp
```
### Different memory operand.
Lastly, we found that clang changes a memory operand to a different format.
```
$ cat buggy6.s
.intel_syntax noprefix
enqcmd SP, ZMMWORD PTR [EAX+1]
enqcmds SP, [EAX]
movdir64b SP, [EAX+1]
$ ./bin/clang -c -m32 buggy6.s -o buggy6.o
$ ./bin/objdump -d buggy6.o -M intel
buggy6.o: file format elf32-i386
Disassembly of section .text:
00000000 <.text>:
0: 67 f2 0f 38 f8 60 01 enqcmd sp,[bx+si+0x1]
7: 67 f3 0f 38 f8 20 enqcmds sp,[bx+si]
d: 67 66 0f 38 f8 60 01 movdir64b sp,[bx+si+0x1]
```
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJy0WEtv4zgS_jX0pWCDoh6WDj44cWcRYDPbSBroxl4GlETJzEikl6T82F-_oES9nMSd2ekRDMcqFj8Wq76qIkO15qVgbIPCOxTuFrQxe6k2J25SxUW5SGV-2XzfMwGPYJg2LIesoqIEL1rhFYZCKqgvoJhmVGV7RO7hEQrZiBw0OzJFK-DCMMW04aKEtCkho5rpFcI7hLfum_iwfX46xlfC7gM7rjOqcqBaszqtLlBxwXSndd8ao3nFhKkuwEshFdNg9gxKfmQCuNBGNZnhUqzg5cAyXvCMVtXFmnpyG1MXMBIyWR94xTpTxtUymTM4cbNvUQtZVfJk9zJB1haMG8gl0yCkAVZzA1RcoKbZngvWgVhncbOC76x3UZPtO39AoWQNKMK5TlGELZ59qfsXKnIr4O3obOm5JyPsPs6HAawQeUi5QOShC9xyeWRKcyk6lU7oRC6q3cg3qkpmkL-Fcxz9HgXLRvwh5EksKy6a87IUjdPbK0ZzqGXOKqt9kJqf55EMIKPGBr-8rFzgAAAqrUCFdnvdNyK-P47mOgUU3j37iNwj4nso3E0G624wHqXc6Xvv6X-81GjjzEsZLJfGeWBHVX2M3b4ZTXm_FVhK91O-D0ZVPbrLzlzK9DVv6gMs8_dm7rgeeCcL0KyNMawMO9tITFWxewD59278y6ACALh9SZhHcejREBBOKq0QTj7wePDn9K-ZNiayrQNR8H4q3--pKBkoVnJtmNJTrW2lpV2jC4ChfzANXGRSKZYZoKoGfRGGnttcGDI-u0JcfZgIAwXJlIP6bE7wo82xH2Qm3vditxcrS3tZdB3vN2k2J1DnlCmFBlsGEpG3LLpmC_nLdPkkbRI_wOsswJYG1kUIJ-d25ycy54tV9LO4V9wjnIB73IRgwI7HKV6W9VPSETu6Vcva70fR1ku72xdi5-zIhE0Dew5KHpiqLvZH3mRMA1PKtiqmNS3ZryfJy1zc82RHriL6Z1nyMUkGK_0tQf7Ws_Hodml_cHGkFc_BusHmS9t6xq7x0z0MDwq_vFnP_2vrXTtnXOP9ojKUlqfHry9TWdf8jaJCF1LVGijUrJbqMphBNVABvK5ZzqlhcKRVw4CLtpX3REIRTjPPVGPfTTOvmLy-0vnL2fZg15FfP-rHN7jlT7nVLg2IxB4iyUxctGIyil9pK_FnitYeKw3mUisKB9Fn61TND3qwceCc__PCdKXyySoThNjv1HDShQAn-DwWDFdjRjScCHlww_GAQSYYRYeRDRjZLQzwnCU4G4dtuC0GHpRu2gGes2QdtKOewzjPNuPdtoP0dsQTjLk3yC0rfpI55zhC5OEcR8uPOvO3PouGcvpebz71J1ezp8bV2qtW3B2-Nf9vm1tDbW5P0LLpTsXft8-_Pf72j6EcQ7fKrXOxOdBGs0niNfWJcvN_ZF_QZ9_K3kyq392pQsiDYkV_crU51C0Jz7sfo6xbFZ7vvn4isfrlhkQK3ibSOG2SUsun9tZUvTtrkPlbKOx9xUaNGmBVEQXLtzH--w4JUQS4AMqgIJaMzl8sP18ncEF6xXDSWXDivMnSmyyeXASLgikmzFWZn12B_km1cbe7d8jac_RNpzASKOTDAp1PP8Gm6LNsYuI_WZ3Dy1dr2r-fnr7_63kHX7892zvLl-0PRO7mN5ZOX7sJTmlQqOUx5yoK0vn4FOSjal_7ZDB9YGb0SWb2ygNF3zAz6phpnyt2-mTJ_Th6W6F-_a0nWkPHOT-GIoYIQ1dSXRD0wd4Rw7v0jMid5ojc4fPM--sRxh9hCHa87WNzjTNByAeELkuuDBnjd9uWgXqLfOPniZ_QBdt4URImcRhFwWK_Cf048inN_cBPcy8J0zxbZ_k6yElQJCQkC74hmPg4IYnn4XXgr7zYj9YJ86I0ZDiNchRgVlNerarqWK-kKhdc64ZtovU6Xi8qmrJKt_8fIqRlESIEhbuF2lj9ZdqUGgW44troEcFwU7HNto_qXVPayxy0J7ZFo6rN3piDPUsi8oDIQ8nNvklXmawRebAg7s_yoOQrywwiD61NGpGH1qz_BQAA__9E_Td2">