[LLVMbugs] [Bug 15520] New: Function pointer miscompilation on ARM
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Thu Mar 14 19:01:57 PDT 2013
http://llvm.org/bugs/show_bug.cgi?id=15520
Bug ID: 15520
Summary: Function pointer miscompilation on ARM
Product: libraries
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: release blocker
Priority: P
Component: Backend: ARM
Assignee: unassignedbugs at nondot.org
Reporter: ilyoan at gmail.com
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
LLVM r176844. I think LLVM miscompiles the code on ARM.
This is a example that reproduces the problem.
# C
typedef void(*Fn)(int);
void call(int a, int b, Fn fn) {
int i;
for (i = a; i < b; i++) {
fn(i);
}
}
Get LLVM IR by clang -S -emit-llvm -c -o fn.ll fn.c
# IR
; ModuleID = 'fn.c'
target datalayout =
"e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"
define void @call(i32 %a, i32 %b, void (i32)* %fn) #0 {
entry:
%a.addr = alloca i32, align 4
%b.addr = alloca i32, align 4
%fn.addr = alloca void (i32)*, align 8
%i = alloca i32, align 4
store i32 %a, i32* %a.addr, align 4
store i32 %b, i32* %b.addr, align 4
store void (i32)* %fn, void (i32)** %fn.addr, align 8
%0 = load i32* %a.addr, align 4
store i32 %0, i32* %i, align 4
br label %for.cond
for.cond: ; preds = %for.inc, %entry
%1 = load i32* %i, align 4
%2 = load i32* %b.addr, align 4
%cmp = icmp slt i32 %1, %2
br i1 %cmp, label %for.body, label %for.end
for.body: ; preds = %for.cond
%3 = load void (i32)** %fn.addr, align 8
%4 = load i32* %i, align 4
call void %3(i32 %4)
br label %for.inc
for.inc: ; preds = %for.body
%5 = load i32* %i, align 4
%inc = add nsw i32 %5, 1
store i32 %inc, i32* %i, align 4
br label %for.cond
for.end: ; preds = %for.cond
ret void
}
Get ARM assembly by llc -march=arm fn.ll
# ARM assembly
.syntax unified
.eabi_attribute 6, 10
.eabi_attribute 7, 65
.eabi_attribute 8, 1
.eabi_attribute 9, 2
.eabi_attribute 20, 1
.eabi_attribute 21, 1
.eabi_attribute 23, 3
.eabi_attribute 24, 1
.eabi_attribute 25, 1
.file "fn.bc"
.text
.globl call
.align 2
.type call,%function
call: @ @call
@ BB#0: @ %entry
push {r11, lr}
mov r11, sp
sub sp, sp, #24
bic sp, sp, #7
str r0, [sp, #20]
str r1, [sp, #16]
str r2, [sp, #8]
ldr r0, [sp, #20]
b .LBB0_2
.LBB0_1: @ %for.body
@ in Loop: Header=BB0_2 Depth=1
ldmib sp, {r0, r1}
mov lr, pc
mov pc, #61
ldr r0, [sp, #4]
add r0, r0, #1
.LBB0_2: @ %entry
@ =>This Inner Loop Header: Depth=1
str r0, [sp, #4]
ldr r0, [sp, #16]
ldr r1, [sp, #4]
cmp r1, r0
blt .LBB0_1
@ BB#3: @ %for.end
mov sp, r11
pop {r11, lr}
mov pc, lr
.Ltmp0:
.size call, .Ltmp0-call
I think the third line of .LBB0_1: block should be mov pc, r1, right?
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20130315/7bed62bd/attachment.html>
More information about the llvm-bugs
mailing list