[llvm-branch-commits] [llvm] 9f29c1e - [X86] Fix missing ByValTemporaries update in CopyViaTemp path for musttail calls (#190540)
Cullen Rhodes via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Mon Apr 20 08:44:59 PDT 2026
Author: Zile Xiong
Date: 2026-04-20T15:44:49Z
New Revision: 9f29c1e3fd8a81e7837c461b84008d5d51d3132c
URL: https://github.com/llvm/llvm-project/commit/9f29c1e3fd8a81e7837c461b84008d5d51d3132c
DIFF: https://github.com/llvm/llvm-project/commit/9f29c1e3fd8a81e7837c461b84008d5d51d3132c.diff
LOG: [X86] Fix missing ByValTemporaries update in CopyViaTemp path for musttail calls (#190540)
This fixes a miscompilation in musttail calls with byval arguments on
X86.
In the CopyViaTemp path, a temporary stack object is created and the
argument is copied into it.
However, the temporary is not recorded in ByValTemporaries,
so the final lowering phase does not emit the copy to the real outgoing
argument slot.
As a result, the callee may read incorrect values from the stack.
Fix this by recording the temporary in ByValTemporaries so that the
final lowering step correctly copies the argument to the expected stack
location.
Reproducer: https://github.com/llvm/llvm-project/issues/190429
(cherry picked from commit abd502a44e5ef19a302d943eeb017c29124b96e9)
Added:
Modified:
llvm/lib/Target/X86/X86ISelLoweringCall.cpp
llvm/test/CodeGen/X86/musttail-struct.ll
Removed:
################################################################################
diff --git a/llvm/lib/Target/X86/X86ISelLoweringCall.cpp b/llvm/lib/Target/X86/X86ISelLoweringCall.cpp
index 7e1c894655f3f..a5300d3e38ecc 100644
--- a/llvm/lib/Target/X86/X86ISelLoweringCall.cpp
+++ b/llvm/lib/Target/X86/X86ISelLoweringCall.cpp
@@ -2251,6 +2251,7 @@ X86TargetLowering::LowerCall(TargetLowering::CallLoweringInfo &CLI,
SDValue CopyChain =
CreateCopyOfByValArgument(Src, Temp, Chain, Flags, DAG, dl);
ByValCopyChains.push_back(CopyChain);
+ ByValTemporaries[ArgIdx] = Temp;
}
}
if (!ByValCopyChains.empty())
diff --git a/llvm/test/CodeGen/X86/musttail-struct.ll b/llvm/test/CodeGen/X86/musttail-struct.ll
index 735fd674a2ff1..22a2aedb6e213 100644
--- a/llvm/test/CodeGen/X86/musttail-struct.ll
+++ b/llvm/test/CodeGen/X86/musttail-struct.ll
@@ -104,8 +104,10 @@ define dso_local i32 @swapByValArguments(ptr byval(%struct.1xi32) %0, ptr byval(
; X32-NEXT: .cfi_def_cfa_offset 12
; X32-NEXT: mov eax, dword ptr [esp + 12]
; X32-NEXT: mov dword ptr [esp], eax
-; X32-NEXT: mov eax, dword ptr [esp + 16]
-; X32-NEXT: mov dword ptr [esp + 4], eax
+; X32-NEXT: mov ecx, dword ptr [esp + 16]
+; X32-NEXT: mov dword ptr [esp + 4], ecx
+; X32-NEXT: mov dword ptr [esp + 12], ecx
+; X32-NEXT: mov dword ptr [esp + 16], eax
; X32-NEXT: add esp, 8
; X32-NEXT: .cfi_def_cfa_offset 4
; X32-NEXT: jmp swap # TAILCALL
@@ -114,8 +116,10 @@ define dso_local i32 @swapByValArguments(ptr byval(%struct.1xi32) %0, ptr byval(
; X64: # %bb.0:
; X64-NEXT: mov eax, dword ptr [rsp + 8]
; X64-NEXT: mov dword ptr [rsp - 16], eax
-; X64-NEXT: mov eax, dword ptr [rsp + 16]
-; X64-NEXT: mov dword ptr [rsp - 8], eax
+; X64-NEXT: mov ecx, dword ptr [rsp + 16]
+; X64-NEXT: mov dword ptr [rsp - 8], ecx
+; X64-NEXT: mov dword ptr [rsp + 8], ecx
+; X64-NEXT: mov dword ptr [rsp + 16], eax
; X64-NEXT: jmp swap # TAILCALL
%r = musttail call i32 @swap(ptr byval(%struct.1xi32) %1, ptr byval(%struct.1xi32) %0)
ret i32 %r
@@ -218,22 +222,50 @@ define void @swap_byvals(%twenty_bytes* byval(%twenty_bytes) align 4 %a, %twenty
; X32-NEXT: mov ecx, dword ptr [esp + 68]
; X32-NEXT: mov dword ptr [esp + 24], ecx
; X32-NEXT: mov dword ptr [esp + 20], eax
+; X32-NEXT: mov eax, dword ptr [esp + 16]
+; X32-NEXT: mov dword ptr [esp + 80], eax
+; X32-NEXT: mov eax, dword ptr [esp + 12]
+; X32-NEXT: mov dword ptr [esp + 76], eax
+; X32-NEXT: mov eax, dword ptr [esp + 8]
+; X32-NEXT: mov dword ptr [esp + 72], eax
+; X32-NEXT: mov eax, dword ptr [esp]
+; X32-NEXT: mov ecx, dword ptr [esp + 4]
+; X32-NEXT: mov dword ptr [esp + 68], ecx
+; X32-NEXT: mov dword ptr [esp + 64], eax
+; X32-NEXT: mov eax, dword ptr [esp + 36]
+; X32-NEXT: mov dword ptr [esp + 60], eax
+; X32-NEXT: mov eax, dword ptr [esp + 32]
+; X32-NEXT: mov dword ptr [esp + 56], eax
+; X32-NEXT: mov eax, dword ptr [esp + 28]
+; X32-NEXT: mov dword ptr [esp + 52], eax
+; X32-NEXT: mov eax, dword ptr [esp + 20]
+; X32-NEXT: mov ecx, dword ptr [esp + 24]
+; X32-NEXT: mov dword ptr [esp + 48], ecx
+; X32-NEXT: mov dword ptr [esp + 44], eax
; X32-NEXT: add esp, 40
; X32-NEXT: .cfi_def_cfa_offset 4
; X32-NEXT: jmp two_byvals_callee at PLT # TAILCALL
;
; X64-LABEL: swap_byvals:
; X64: # %bb.0: # %entry
-; X64-NEXT: mov eax, dword ptr [rsp + 24]
-; X64-NEXT: mov dword ptr [rsp - 8], eax
; X64-NEXT: movaps xmm0, xmmword ptr [rsp + 8]
-; X64-NEXT: movaps xmmword ptr [rsp - 24], xmm0
-; X64-NEXT: mov eax, dword ptr [rsp + 48]
-; X64-NEXT: mov dword ptr [rsp - 32], eax
-; X64-NEXT: mov rax, qword ptr [rsp + 32]
-; X64-NEXT: mov rcx, qword ptr [rsp + 40]
-; X64-NEXT: mov qword ptr [rsp - 40], rcx
-; X64-NEXT: mov qword ptr [rsp - 48], rax
+; X64-NEXT: movaps xmmword ptr [rsp - 56], xmm0
+; X64-NEXT: mov eax, dword ptr [rsp + 24]
+; X64-NEXT: mov dword ptr [rsp - 40], eax
+; X64-NEXT: mov ecx, dword ptr [rsp + 48]
+; X64-NEXT: mov dword ptr [rsp - 8], ecx
+; X64-NEXT: mov rdx, qword ptr [rsp + 32]
+; X64-NEXT: mov rsi, qword ptr [rsp + 40]
+; X64-NEXT: mov qword ptr [rsp - 16], rsi
+; X64-NEXT: mov qword ptr [rsp - 24], rdx
+; X64-NEXT: mov qword ptr [rsp + 8], rdx
+; X64-NEXT: mov qword ptr [rsp + 16], rsi
+; X64-NEXT: mov dword ptr [rsp + 24], ecx
+; X64-NEXT: mov dword ptr [rsp + 48], eax
+; X64-NEXT: mov rax, qword ptr [rsp - 56]
+; X64-NEXT: mov rcx, qword ptr [rsp - 48]
+; X64-NEXT: mov qword ptr [rsp + 32], rax
+; X64-NEXT: mov qword ptr [rsp + 40], rcx
; X64-NEXT: jmp two_byvals_callee at PLT # TAILCALL
entry:
musttail call void @two_byvals_callee(%twenty_bytes* byval(%twenty_bytes) align 4 %b, %twenty_bytes* byval(%twenty_bytes) align 4 %a)
More information about the llvm-branch-commits
mailing list