[LLVMbugs] [Bug 7608] New: ARMv4 JIT forgets to set the lr register when making a indirect function call

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Fri Jul 9 06:45:13 PDT 2010 

http://llvm.org/bugs/show_bug.cgi?id=7608

           Summary: ARMv4 JIT forgets to set the lr register when making a
                    indirect function call
           Product: libraries
           Version: trunk
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Backend: ARM
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: xerxes at zafena.se
                CC: llvmbugs at cs.uiuc.edu


ARMv4 JIT forgets to set lr when making a indirect function call
this makes the called function fail to return properly.

Testcase:
; RUN: llvm-as %s -o %t.bc
; RUN: lli %t.bc > /dev/null

@.LC0 = internal global [12 x i8] c"Hello World\00"        ; <[12 x i8]*>
[#uses=1]

declare i32 @puts(i8*)

define i32 @main() {
        ; program prints Hello World two times using two differnt ways of
calling puts.

        call i32 @puts(i8* getelementptr ([12 x i8]* @.LC0, i64 0, i64 0))

        ; second call to puts, this time using a indirect call
        ; calling puts this way triggers a sigsegv on armv4 when puts return.
        ; change 1085233504 to match the real address to puts 
        call i32 inttoptr (i32 1085233504 to i32 (i8*)*)(i8* getelementptr ([12
x i8]* @.LC0, i64 0, i64 0))   

    ret i32 0
}

Output:
xerxes at xerxes:~/bug.bx$ lli mtest.bc
Hello World
Hello World
0  libLLVM-2.8svn.so 0x407d7d28
Stack dump:
0.    Program arguments: lli mtest.bc 
Segmentation fault

(disassembled jited armv4 code that fail)
0x410b4010:    push    {r4, lr}
0x410b4014:    ldr    r4, [pc, #24]    ; 0x410b4034
0x410b4018:    mov    r0, r4
0x410b401c:    bl    0x41134008
0x410b4020:    ldr    r1, [pc, #16]    ; 0x410b4038
0x410b4024:    mov    r0, r4
0x410b4028:    bx    r1           <--------- calling puts through a register
0x410b402c:    mov    r0, #0    ; 0x0
0x410b4030:    pop    {r4, pc}

testcase passes when enabeling armv5 instructions
xerxes at xerxes:~/bug.bx$ lli -mattr=+v5t mtest.bc
Hello World
Hello World

(disassembled jited armv5 code that works)
0x410b4010:    push    {r4, lr}
0x410b4014:    ldr    r4, [pc, #24]    ; 0x410b4034
0x410b4018:    mov    r0, r4
0x410b401c:    bl    0x41134008
0x410b4020:    ldr    r1, [pc, #16]    ; 0x410b4038 
0x410b4024:    mov    r0, r4
0x410b4028:    blx    r1          <-------- on armv5 the code works because blx
sets lr before the branch.
0x410b402c:    mov    r0, #0    ; 0x0
0x410b4030:    pop    {r4, pc}

(statically compiled armv4 code using llc that works) 
    stmdb    sp!, {r4, lr}
    ldr    r4, .LCPI0_0
    mov    r0, r4
    bl    puts
    ldr    r1, .LCPI0_1
    mov    r0, r4
    mov    lr, pc   <----------- here lr gets set before the bx call.
    bx    r1
    mov    r0, #0
    ldmia    sp!, {r4, pc}

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list