[llvm-bugs] [Bug 26559] New: Crash on converting int128 to float

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Feb 10 04:46:59 PST 2016 

https://llvm.org/bugs/show_bug.cgi?id=26559

            Bug ID: 26559
           Summary: Crash on converting int128 to float
           Product: libraries
           Version: trunk
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Backend: SystemZ
          Assignee: unassignedbugs at nondot.org
          Reporter: koriakin at 0x04.net
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

$ cat bug.c
typedef unsigned tu_int __attribute__ ((mode (TI)));

tu_int a = 1;
float b;

int main() {
        b = a;
        return 0;
}
$ clang bug.c -O3
$ ./a.out
Segmentation fault (core dumped)

(-O3 is not necessary, but simplifies the emitted assembly)

This is a backend bug - clang simply emits a uitofp:

; Function Attrs: norecurse nounwind
define signext i32 @main() #0 {
entry:
  %0 = load i128, i128* @a, align 16, !tbaa !1
  %conv = uitofp i128 %0 to float
  store float %conv, float* @b, align 4, !tbaa !5
  ret i32 0
}

It seems __floatuntis is incorrectly called with the argument in %r2:%r3, when
it should be called with pointer to argument in %r2:

main:                                   # @main
# BB#0:                                 # %entry
        stmg    %r14, %r15, 112(%r15)
        aghi    %r15, -160
        lgrl    %r2, a
        lgrl    %r3, a+8
        brasl   %r14, __floatuntisf at PLT
        larl    %r1, b
        ste     %f0, 0(%r1)
        lghi    %r2, 0
        lmg     %r14, %r15, 272(%r15)
        br      %r14

gcc gets that right:

main:
.LFB0:
        .cfi_startproc
        stmg    %r14,%r15,112(%r15)
        larl    %r1,a
        lmg     %r4,%r5,0(%r1)
        .cfi_offset 14, -48
        .cfi_offset 15, -40
        lay     %r15,-176(%r15)
        .cfi_def_cfa_offset 336
        la      %r2,160(%r15)
        stmg    %r4,%r5,160(%r15)
        brasl   %r14,__floatuntisf
        lghi    %r2,0
        larl    %r5,b
        lmg     %r14,%r15,288(%r15)
        .cfi_restore 15
        .cfi_restore 14
        .cfi_def_cfa_offset 160
        ste     %f0,0(%r5)
        br      %r14
        .cfi_endproc

Found when attempting to port UBSan to SystemZ
(compiler-rt/test/ubsan/TestCases/Float/cast-overflow.cpp triggers it).

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160210/8c22b7a8/attachment-0001.html>

More information about the llvm-bugs mailing list