[LLVMbugs] [Bug 13862] New: An ECX register is forgotten to recover cause JIT code crashed.
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Tue Sep 18 02:35:56 PDT 2012
http://llvm.org/bugs/show_bug.cgi?id=13862
Bug #: 13862
Summary: An ECX register is forgotten to recover cause JIT code
crashed.
Product: libraries
Version: trunk
Platform: PC
OS/Version: Windows NT
Status: NEW
Severity: enhancement
Priority: P
Component: Backend: X86
AssignedTo: unassignedbugs at nondot.org
ReportedBy: wuye9036 at gmail.com
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
Hi,
I found that fp to ui will be crashed if argument is less than zero.
on Windows 7 + VS2010 + x86. LLVM version is svn trunk 161010.
IR code is
define void @"Mtest_explicit_cast_f2u@@QM32F@@"(%uint.m32.c* %.ret,
%float.m32.c* %v) {
.body:
%0 = load %float.m32.c* %v
%1 = extractvalue %float.m32.c %0, 0
%2 = extractvalue %float.v3.c %1, 0
%3 = fptoui float %2 to i32
%4 = insertvalue %uint.v3.c undef, i32 %3, 0
%5 = extractvalue %float.v3.c %1, 1
%6 = fptoui float %5 to i32
%7 = insertvalue %uint.v3.c %4, i32 %6, 1
%8 = extractvalue %float.v3.c %1, 2
%9 = fptoui float %8 to i32
%10 = insertvalue %uint.v3.c %7, i32 %9, 2
%11 = insertvalue %uint.m32.c undef, %uint.v3.c %10, 0
%12 = extractvalue %float.m32.c %0, 1
%13 = extractvalue %float.v3.c %12, 0
%14 = fptoui float %13 to i32
%15 = insertvalue %uint.v3.c undef, i32 %14, 0
%16 = extractvalue %float.v3.c %12, 1
%17 = fptoui float %16 to i32
%18 = insertvalue %uint.v3.c %15, i32 %17, 1
%19 = extractvalue %float.v3.c %12, 2
%20 = fptoui float %19 to i32
%21 = insertvalue %uint.v3.c %18, i32 %20, 2
%22 = insertvalue %uint.m32.c %11, %uint.v3.c %21, 1
store %uint.m32.c %22, %uint.m32.c* %.ret
ret void
}
And generated ASMs are
003F0440 push ebp
003F0441 mov ebp,esp
003F0443 and esp,0FFFFFFF8h
003F0449 sub esp,60h
003F044C mov eax,dword ptr [ebp+0Ch]
003F044F vmovss xmm0,dword ptr [eax+14h]
003F0454 vmovss dword ptr [esp+18h],xmm0
003F045A vmovss xmm0,dword ptr [eax]
003F045E vmovss xmm1,dword ptr [eax+4]
003F0463 vmovss xmm2,dword ptr [eax+8]
003F0468 vmovss xmm3,dword ptr [eax+0Ch]
003F046D vmovss xmm4,dword ptr [eax+10h]
003F0472 fld dword ptr [esp+18h]
003F0476 call 75C09BA1
003F047B mov ecx,dword ptr [ebp+8] ; here ecx is
recovered to ebp+8
003F047E mov dword ptr [ecx+14h],eax
003F0481 vmovss dword ptr [esp+28h],xmm4
003F0487 fld dword ptr [esp+28h]
003F048B call 75C09BA1
003F0490 mov dword ptr [ecx+10h],eax ; here, ecx is
modified to -1 by procedure 75C09BA1. it will be crashed when mov to [ecx+10].
003F0493 vmovss dword ptr [esp+38h],xmm3
003F0499 fld dword ptr [esp+38h]
003F049D call 75C09BA1
003F04A2 mov dword ptr [ecx+0Ch],eax
003F04A5 vmovss dword ptr [esp+48h],xmm2
003F04AB fld dword ptr [esp+48h]
003F04AF call 75C09BA1
003F04B4 mov dword ptr [ecx+8],eax
003F04B7 vmovss dword ptr [esp+58h],xmm1
003F04BD fld dword ptr [esp+58h]
003F04C1 call 75C09BA1
003F04C6 mov dword ptr [ecx+4],eax
003F04C9 vmovss dword ptr [esp+8],xmm0
003F04CF fld dword ptr [esp+8]
003F04D3 call 75C09BA1
003F04D8 mov dword ptr [ecx],eax
003F04DA mov esp,ebp
003F04DC pop ebp
003F04DD ret
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list