[llvm-bugs] [Bug 39714] New: -fast-isel=0 for armv7 can result in 4-byte Reload without corresponding 4-byte Spill
via llvm-bugs
llvm-bugs at lists.llvm.org
Mon Nov 19 14:49:03 PST 2018
https://bugs.llvm.org/show_bug.cgi?id=39714
Bug ID: 39714
Summary: -fast-isel=0 for armv7 can result in 4-byte Reload
without corresponding 4-byte Spill
Product: new-bugs
Version: 7.0
Hardware: Macintosh
OS: MacOS X
Status: NEW
Severity: normal
Priority: P
Component: new bugs
Assignee: unassignedbugs at nondot.org
Reporter: jholajter at arxan.com
CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org
Created attachment 21130
--> https://bugs.llvm.org/attachment.cgi?id=21130&action=edit
repro.ll can be use to reproduce the incorrect assembly generated by llc
The attached test case demonstrates an issue where lowering armv7 bitcode for
iOS using -fast-isel=0 results in a register being reloaded from the stack
without first being spilled to the stack. This results in an unknown value
being loaded into the register and undefined runtime results.
This bug is important because Apple forces use of -fast-isel=0 when re-lowering
armv7 bitcode built using Enable Bitcode set to Yes. There is no way to disable
use of -fast-isel=0 when submitting bitcode to Apple.
Use the following command line with the attached repro.ll:
llc -relocation-model=pic -O0 -fast-isel=0 repro.ll -filetype=asm -o repro.s
The resultant repro.s will contain the following line:
ldr.w r1, [r6, #2500] @ 4-byte Reload
The reload of r1 with r6 offset by #2500 was never spilled to the stack. This
instruction is reading and unknown value from the stack and populating r1 with
it. This leads to undefined runtime behavior.
>From the repro.ll file, you can see that a function named printAggregate() is
being invoked:
call void @printAggregate(%struct.structOfStrings* byval align 4
@structOfStrings2, i32 2) #18
call void @printAggregate(%struct.structOfStrings* byval align 4
@structOfStrings1, i32 1) #18
call void @printAggregate(%struct.structOfStrings* byval align 4
@structOfStrings3, i32 3) #18
In the repro.s file, prior to the first invocation of printAggregate() we can
see that the second parameter is populated into r1 via the following
instruction:
movs r1, #2
This is also the case with the third invocation of printAggregate():
movs r1, #3
It is unclear why the second invocation of printAggregate() does not also use
movs, instead trying to Reload r1 from the stack even though it was never
spilled.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20181119/af1f0803/attachment.html>
More information about the llvm-bugs
mailing list