[LLVMbugs] [Bug 23710] New: [Win64] Indirect tail calls on non-Windows can use clobbered non-volatile register

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Sat May 30 19:45:44 PDT 2015 

https://llvm.org/bugs/show_bug.cgi?id=23710

            Bug ID: 23710
           Summary: [Win64] Indirect tail calls on non-Windows can use
                    clobbered non-volatile register
           Product: libraries
           Version: trunk
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: Backend: X86
          Assignee: unassignedbugs at nondot.org
          Reporter: cdavis5x at gmail.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Created attachment 14406
  --> https://llvm.org/bugs/attachment.cgi?id=14406&action=edit
Failing test case that demonstrates Win64 indirect tail-call bug

When compiling a Win64 function on non-Windows (e.g. Linux, Mac OS X) that does
the following:
1) calculates some address to call
2) saves that address in a non-volatile register (e.g. to preserve it across a
call)
3) tail-calls that address
the tail call goes through the non-volatile register. Unfortunately, this being
a tail call, the non-volatiles were all restored from the stack by the time the
jump happens, so we lose the address to be called.

Test case attached. Here's what LLVM produces (as of this writing) from it for
x86-64-linux, cleaned up and annotated by me:

win64_tailcall:
    pushq    %rsi
    pushq    %rdi         # Non-volatile RDI saved to stack
    subq    $40, %rsp
    movl    %ecx, %esi
    callq    win64_callee # Returns address to call
    movq    %rax, %rdi   # Saved to RDI here...
    xorl    %ecx, %ecx
    callq    win64_other  # ...because of this call
    movl    %esi, %ecx   # Getting ready to make the tail call
        #movq   %rdi, %rax   # Missing instruction that should've been inserted
    addq    $40, %rsp
    popq    %rdi         # RDI restored (uh oh...)
    popq    %rsi
    jmpq    *%rdi        # KABOOM

I suspect that somewhere where it matters for tail call lowering, we're still
assuming that RDI is volatile (because in the System V AMD64 ABI, it is), but I
haven't been able to figure out where yet.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150531/2f4a140f/attachment.html>

More information about the llvm-bugs mailing list