<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/70849>70849</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [x86] Musttail + ext_vector_type miscompilation when AddressSanitizer is on
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          johnstiles-google
      </td>
    </tr>
</table>

<pre>
    Reproducer: https://godbolt.org/z/r9aM735vb

This generates incorrect code when compiled with `-O1 -fsanitize=address` or `-O1 -fsanitize=memory`:

```
#include <cstdio>

   #define MUSTTAIL [[clang::musttail]]    // <-- PROGRAM BREAKS
// #define MUSTTAIL // <-- PROGRAM WORKS

#pragma clang attribute push(__attribute__((target("avx2,f16c"))), apply_to=function)

using F = float __attribute__((ext_vector_type(8)));

// We can't declare StageFn as a function pointer which takes a pointer to StageFns; that would be
// a circular dependency. To avoid this, StageFn is wrapped in a `struct StageList` which forward-
// declare here.
struct StageList;
using StageFn = void (*)(StageList stages, int* d, F f);
struct StageList {
    const StageFn* fn;
};

void Exec_store_8888(StageList list, int* d, F f)  {
    fprintf(stderr, "store: %p\n", d);
    *d = 42;
}

void Exec_load_8888(StageList list, int* d, F f)  {
    fprintf(stderr, "load: %p\n", d);
    ++list.fn;
    MUSTTAIL return (*list.fn)(list, d, f);
}

int main(int argc, const char* argv[]) {
    StageFn stages[2] = {&Exec_load_8888, &Exec_store_8888};

    // Prevent Clang from just computing everything at compile time.
    if (argc == 1234567) {
        stages[0] = &Exec_store_8888;
    }
    
    int dst = 0;
    stages[0]({stages}, &dst, 1.0f);
    printf("%d", dst);

    return 0;
}

#pragma clang attribute pop
```

When running correctly, the variable `d` should be passed as-is from one function to the next, so you will see a printout like this:
```
load: 0x7ffd5afffeac
store: 0x7ffd5afffeac
```

When miscompiled, vector values will end up in `d` instead, so you will see output like this:
```
load: 0x7f322b500080
store: 0x3f8000003f800000
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x55dc9e020738 bp 0x7fff3f460eb0 sp 0x7fff3f460e40 T0)
==1==The signal is caused by a READ memory access.
==1==Hint: this fault was caused by a dereference of a high value address (see register values below).  Disassemble the provided pc to learn which register was used.
    #0 0x55dc9e020738 in Exec_store_8888(StageList, int*, float vector[8]) /app/example.cpp:21:8
 #1 0x55dc9e020bf8 in main /app/example.cpp:39:5
    #2 0x7f322d8bf082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #3 0x55dc9df5f2ed in _start (/app/output.s+0x212ed)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /app/example.cpp:21:8 in Exec_store_8888(StageList, int*, float vector[8])
==1==ABORTING
```

Possible workarounds I have found: removing `[[clang::musttail]]`, disabling sanitizers, or adding `-march=haswell` to the command line options.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzUWE2P4rrS_jXuTQkUHPLBohfQNPOO3unTI7rPHZ0VcuIK8UywI9sB-vz6q8oHDTTTulc6m4sQhMSueqrqqQ8jnFNbjXjPogWLlnei8aWx9z9NqZ1XFbrR1phthXeZkW_3a6ytkU2OloVzKL2vHQvnjK8YX22NzEzlx8ZuGV_9zfjKzsRTEkb7jAVLFsy7z9dSOdiiRis8OlA6N9Zi7iE3EuFQoobc7GpVoYSD8iWwOBg9T2BUOKGVV38jC5dCSovOsTgAY2-u2OHO2DcWB4TvTD3d6d7dTx4qnVeNRGDhQ-68VIaFj-c7AIDxUGKhNMLTny-vr_Ov36B11yKvhN6ShnC-a5z3QlUsWrJoCe0ucgvJHY3g-_r5y3r-BIv14_z_Xwbl3YIb0m9t_fG8Pu0cwNdWbHcCWhwgvLcqazxC3biS8XSzOd3abBhPGU-9sFv07TUX-yNn_KGYxDnjnPHZ8H4AUdfV28YbFi6LRudeGU1PzpQ3TuktEMYlFJURHm5ow6Pf7DH3xm78W42Mp-m7mnBxaUxr8g-EXGjGEw8S80pYhBcvtrjSIBwIGNBAbZT2aOFQqrwEL34hPR7uejNscyxcgC-Fh4NpKgkZXugTkCubN5WwILFGLVHnb2N4NSD2RknwpXLkkAGEcnCwoq5RgtIgiHvO2yb33YpvynliZYeqMPYgrBxdaBzMKtHiuHvyQcLgms7Jg25ydQuqde68dWN62gSOrlqwSnvG5yDpegXFubOvVQFLFieeQ26084M-ElHo9zAly6uQtVgej5hvnDcWN2lK4T1DVJEtN_HApd6itkr7gvHUeYnW0kLGeSuWKg3jUc2iB93S9IEEvVvUpdpctu6Z8gu8N8FWRsh_HitJ_c-gLhhfkLbxmXPpySn7LfrG6j7Kw8o22APIFt1FXK-sVdrDTijNeEqXwm5z2tLFNy-FJRuF3e67sk9WXhg5UK7nVLTgVNTIw7SMx9eOJBfE11T4QJizqvjd4h61h4e2chXW7OBnQ9jMrm48sR73aN98qdrCNvQE8Go3ZA1JUwW5icwjcIRvwsNpFCcfLKLXyZrgZM1H1BfBGrza_njXqj1Iyp1wCcHFhgsNFMBk0d9Klr2XZBfCyTgorrlxYlZLnkgOHKId1_WS1vdECX7Hgk8ahKlv98P28wd1YdtoTc7v-3P1RlB8ibAXVomsQqp9koqdK_vKCrVwDiUIN1KuC6rR-F6zvWkFaDy2LnAG3kwDB1VV4BCpfJMDTEPZ-Au72hvebtxDugXHpChkJIqiQJEPNa4vG7ce_t7gnXLD5EHour4Fe1E16DqQqCU0NRX-wXSlnUchb1ljGl__t5aEnGdREARp8MGSsEgDeg3f3YJ5Nwi99IMPjWXLx_ny218vX7_8Mf_WK2wz43_7fWbIpPt6XK-f1-SbGz6Al8cv_wKjodG_tDlo6AdGKhZ1DsEximQ-w4AHSZhCVndMKcJiGgeYBeAu70wDeA3e559zFK8lAk3QoqLRIBcN8T97AwHrx_kSujEURJ6jc-Mb-_-P-k04bxkChWgqDwdxKUiixQIt6hzBFCCgVNuy4-W5XcQ5i1vlaP7pWZthZQ6Mz8YAS-UoOXeUuJSEtTV7JVFCnVNeViis7seWkxRCQjjG5-U7DK79p_RnU8B7U22bVjsqdrnFokU6NB--EnXN-AqPYldXOM7rmoVzPmHhPO21Mx5OzlVnRaua2tzv9oczFs6jC_R8SDSZZkWQchKx2VQqI_zC-k0vL2V8VamM8dUxjTfxdFQp3RxHW910D_KxM-OY8UVw5NMg5Z0V6aJRlfzaJvQkTVKMs2kSJTzIkzyazOIZxjORccmTuBAYy4lEPBGrRxgORsoiKng3aHbYelidpV19GbsOwoSjvJrQr_OCBmvQxg-hJ_IoqsvEXV2YPsovfz49zdd_fZpZn4brH-DDjUSZL57Xr1__-PJJFf9unFPE74Oxv4Q1jZYOvkIp9ggF_SL8FndmT32NNn9-iKMV1H6VE1lFW4bzpW2nbGNbD3aiRjth85KFy1K4A1YVNYe-3eVmtxNaQkVHPFOTx934Tt6HchbOxB3eT-JZmqRBGMR35X0y49Ocz4osLcIgyxKRTTLkURhNeVhEcnan7nnAw0kQTiYzHgXxmKeRzJIEk3Ai4khKNg1wJ1Q1rqr9jo7jd8q5Bu-TIJ3O7iqRYeXa4z7nGg_QPqRJI1re2XvaM8qarWPTgKZN9y7FK1-1_xMc05jmp6feWTTSwtVJ772Zirbzt-f6D4RUDoy-a2x1f_VXgvJlk41zs6Ncq_bD16i25ifmnvFVi9oxvmqt-ncAAAD__5Yr6UU">