<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/113218>113218</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [X86] Large stack frames are miscompiled with -fstack-clash-protection
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          mconst
      </td>
    </tr>
</table>

<pre>
    On x86-64 with `-fstack-clash-protection`, the following code compiles to an infinite loop that consumes all physical memory:

    void foo() {
        char x[0xa0000000];
 }

It works fine on other architectures (including 32-bit x86), and it works without `-fstack-clash-protection`.

Here's the incorrect stack probe loop it produces:

            mov     r11, rsp
 sub     r11, -1610616832
    .LBB0_1:
            sub     rsp, 4096
 mov     qword ptr [rsp], 0
            cmp     rsp, r11
 jne     .LBB0_1

(Note that if you look at LLVM's assembly output, it displays the second instruction misleadingly as `sub r11, 2684350464`, which makes it look correct.  But in fact that's not a valid instruction; both llvm-mc and GNU as correctly refuse to assemble it.  64-bit SUB takes a 32-bit *sign-extended* immediate, so it's not possible to encode 2684350464.)

I've got a fix, which I'll submit shortly.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJyEVEuP4zYT_DX0pWFDpB6WDjqMP2O-BJhsDsEGuQUU1bK4Q5EK2fLj3wek5bWDJAgPFgw2q6uqHzIEfbKILSsPrDxu5EKj8-2knA206Vx_a3-2cK2rbVXARdMIrMq2QyCpPrfKyDBuZ-8IFWlnWZUx8T-gEWFwxriLtidQrkdQbpq1wQDkQFrQdtBWE4JxbgYaJUFMuEwYQBoD83gLWkkDE07O31j-xrIjy9ZfAICz0z0MzjFRM9EA2x-ed_GoUXq4svKQXWV2P6w8svwRxvbHV8gfCS7OfwYYtEVwFhyN6EF6NeoobvEYgIlaW2WWPsrKxbbTFJ1hoomqpe1BP2CiU26h_zBr90rhB_TIxD4k-7RVzntUBOkxzN51q1ua4r9-URj-wZfHmdw5fT3nkZwP8xoTlu71YssrnlW8qnPxBNl9HA7Z7_w7_Cvw9_dhju-LrKnWoEfKPy7O9zCTB1YeYlh5jJHZ37HUNL9iRUr3mG8W4ZXIi0gm6i-O8N40eoCbW6IvnyAJPj5-_SlZKEPAqTM3cAvNC0VwTdDrMBt5uzscULlYMRvIL6kgMOlgUMbqmhvIEIsX1a5Oiaou8jIrqmJt88uo1QiT_MQQ0ROJtWo7gMNCoC0MUlHimnhZRyDhLI3-S2aWH6BzNIIx52k7qdRL___yNZJYEc0NPA5LwDRBd3kIOmaqitSJv3w9ACUy8tGcTLzF6d7ildD22DPxBnqasNeSMEoIDvST2exC0BGWHKBNc_sUvYtt_joxTOzPCKekaNDXpyPxxpjYKJMmCKPzZG67Td_mfZM3coMt34umLHLBy83Y8qrZZ105qKrqG57vsW_yrKmx4j32e9ltdCsyUfBMcJEVGS93qLqC832NvK473ktWZDhJbXbRvp3zp40OYcGW81zwemNkhyakBSeExQukWyZE3He-TZ53yymwIjM6UHjCkCaTNuNvdcXKI3xIf8J1Igcv07byGPtm3W_9fUX-28hvFm_akWhOkyvemXg_aRqXbqfcxMR7TLx-4qtvqIiJ90Q3MPG-6jm34s8AAAD__zQjwsA">