[llvm-bugs] [Bug 33824] New: invoked functions returning structs with -enable-emscripten-cxx-exceptions causes runtime crashes

via llvm-bugs llvm-bugs at lists.llvm.org
Mon Jul 17 14:24:40 PDT 2017 

https://bugs.llvm.org/show_bug.cgi?id=33824

            Bug ID: 33824
           Summary: invoked functions returning structs with
                    -enable-emscripten-cxx-exceptions causes runtime
                    crashes
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Backend: WebAssembly
          Assignee: unassignedbugs at nondot.org
          Reporter: tlively at google.com
                CC: llvm-bugs at lists.llvm.org

Created attachment 18808
  --> https://bugs.llvm.org/attachment.cgi?id=18808&action=edit
a small failing example

When -enable-emscripten-cxx-exceptions is used, the
WebAssemblyLowerEmscriptenEHSjLj pass lowers invoke instructions to calls to
calls to @__invoke_SIG functions that take the originally invoked function as a
first argument and have the same return type. If that return type is a struct,
the initial lowering step creates an sret parameter in the first argument
position, bumping the function pointer to the second argument position, which
causes a crash when the sret pointer is used as a function pointer at run time.

To reproduce:

llc exceptions.ll -enable-emscripten-cxx-exceptions -debug

Observe that 

  %ign = invoke { i32, i8* } @bar(i32 3)
            to label %invoke.cont unwind label %lpad

is lowered to

    ...
    %ign = call { i32, i8* } @"__invoke_{i32.i8*}_i32"({ i32, i8* } (i32)*
@bar, i32 3)
    ...

and later lowered to

    ...
    CALL_VOID <ga:@"__invoke_{i32.i8*}_i32">, <fi#0>, %vreg2<kill>,
%vreg1<kill>, %ARGUMENTS<imp-def,dead>, %SP32<imp-use>, %SP64<imp-use>;
I32:%vreg2,%vreg1
    ...

which has the sret pointer, not the function pointer, as the first argument.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170717/a3a4487f/attachment-0001.html>

More information about the llvm-bugs mailing list