[llvm-bugs] [Bug 50647] New: Incorrect code generation for ARM with inline assembly

Wed Jun 9 13:54:52 PDT 2021

https://bugs.llvm.org/show_bug.cgi?id=50647

            Bug ID: 50647
           Summary: Incorrect code generation for ARM with inline assembly
           Product: clang
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: jacob.abraham at intel.com
                CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org,
                    neeilans at live.com, richard-llvm at metafoo.co.uk

I came across a code generation issue related to register allocation.

Essentially, if you have two C variables, one being uninitialized, and you use
one of them in regular C code (in the example a shift right), then use both of
them as inputs to an inline asm block, the two variables collide on a register.
This issue does not appear in similar X86 code or in the ARM gcc compiler.
However, if you initialize the variable this bug goes away, but introduces an
extra mov that is unnecessary for the correctness of the code.

You can see the below example on compiler explorer here
(https://godbolt.org/z/7nKhfj9E9)

The following is code that reproduces the issue
void func(unsigned long long n)
{
    #ifndef FIX
    unsigned long long b;
    #else
    //this fixes the bug but introduces an extra, extraneous mov
    //the ideal code would not include this extra mov
    //this is what gcc does with or without initializing the variable
    unsigned long long b = 0;
    #endif

    //if this is not here, bug does not occur
    //one of the C variables must be used to trigger the bug
    n = n >> 7;

    //_n should be a loop counter
    //_b should be the jump address
    //but _n and _b map to the same register in arm clang
    //they should map to different registers, as seen in arm gcc
    __asm__ volatile (
        "top%=: \n\t"
        "adrp %[_b], lbl%=@PAGE \n\t"
        "add %[_b], %[_b], lbl%=@PAGEOFF \n\t"
        "br %[_b] \n\t"
        "lbl%=: \n\t"
        "sub %[_n], %[_n], #0x1 \n\t"
        "cmp %[_n], #0x0 \n\t"
        "b.ne top%= \n\t"
        : 
        : [_n] "r" (n), [_b] "r" (b)
    );
}

The generated assembly is as follows
func:
        lsr     x8, x0, #7
top0:
        adrp    x8, lbl0 at PAGE
        add     x8, x8, lbl0 at PAGEOFF
        br      x8
lbl0:
        sub     x8, x8, #1
        cmp     x8, #0
        b.ne    top0
        ret

Note that x0 is 'n', which after being shifted is stored in x8. But then x8 is
used for both 'n' and 'b'.

I would expect the generated assembly to be
func:
        lsr     x9, x0, #7
top0:
        adrp    x8, lbl0 at PAGE
        add     x8, x8, lbl0 at PAGEOFF
        br      x8
lbl0:
        sub     x9, x9, #1
        cmp     x9, #0
        b.ne    top0
        ret

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210609/a62fad8c/attachment.html>