[llvm-bugs] [Bug 30197] New: Scheduler disregards aliasing for stack slots resulting in miscompilation

via llvm-bugs llvm-bugs at lists.llvm.org
Tue Aug 30 08:16:11 PDT 2016 

https://llvm.org/bugs/show_bug.cgi?id=30197

            Bug ID: 30197
           Summary: Scheduler disregards aliasing for stack slots
                    resulting in miscompilation
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: Common Code Generator Code
          Assignee: unassignedbugs at nondot.org
          Reporter: simon.dardis at imgtec.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

Created attachment 17183
  --> https://llvm.org/bugs/attachment.cgi?id=17183&action=edit
Minimal test case.

The simple attached program is miscompiled when the postRA scheduler is run.
The test case program has function that tail calls another function with the
arguments reordered. Crucially, the arguments that are to be re-ordered are
passed on the stack.

The program below clobbers overwrites one of the passed arguments as the
scheduler does not consider invariant loads of arguments from the stack in the
presence of writes to the argument area of the stack.

Before the PostRA scheduler:

        %GP<def> = ADDu %V0, %T9
        %AT<def> = LW %SP, 20; mem:LD4[FixedStack-2]
        %V0<def> = LW %SP, 16; mem:LD4[FixedStack-1](align=8)
        SW %A1<kill>, %SP, 20; mem:Volatile ST4[FixedStack-4]
        SW %V0<kill>, %SP, 16; mem:Volatile ST4[FixedStack-3](align=8)
        %T9<def> = LW %GP, <ga:@func1>[TF=2]; mem:LD4[GlobalValueCallEntry]
        %A1<def> = OR %AT<kill>, %ZERO
        TAILCALLREG %T9, <regmask %FP %RA %D10 %D11 %D12 %D13 %D14 %D15 %F20
%F21 %F22 %F23 %F24 %F25 %F26 %F27 %F28 %F29 %F30 %F31 %S0 %S1 %S2 %S3 %S4 %S5
%S6 %S7>, %AT<imp-def,dead>, %A0<imp-use>, %A1<imp-use>, %A2<imp-use>,
%A3<imp-use>, %GP<imp-use>

After:

        %GP<def> = ADDu %V0<kill>, %T9<kill>
        %V0<def> = LW %SP, 16; mem:LD4[FixedStack-1](align=8)
**      SW %A1<kill>, %SP, 20; mem:Volatile ST4[FixedStack-4]
**      %AT<def> = LW %SP, 20; mem:LD4[FixedStack-2]
        SW %V0<kill>, %SP, 16; mem:Volatile ST4[FixedStack-3](align=8)
        %T9<def> = LW %GP, <ga:@func1>[TF=2]; mem:LD4[GlobalValueCallEntry]
        %A1<def> = OR %AT<kill>, %ZERO
        TAILCALLREG %T9<kill>, <regmask %FP %RA %D10 %D11 %D12 %D13 %D14 %D15
%F20 %F21 %F22 %F23 %F24 %F25 %F26 %F27 %F28 %F29 %F30 %F31 %S0 %S1 %S2 %S3 %S4
%S5 %S6 %S7>, %AT<imp-def,dead>, %A0<imp-use,kill>, %A1<imp-use,kill>,
%A2<imp-use,kill>, %A3<imp-use,kill>, %GP<imp-use,kill>

The re-ordering of ** instructions clobbers 20(sp) too early.

Removing the check isInvariantLoad in ScheduleDAGInstrs::buildSchedGraph
produces the correct code. I'm not sure if that's the correct solution.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160830/5fbbc514/attachment-0001.html>

More information about the llvm-bugs mailing list