[llvm-bugs] [Bug 50785] New: clang incorrectly produces ARM STM instead of STR in thumb mode

via llvm-bugs llvm-bugs at lists.llvm.org
Mon Jun 21 05:49:11 PDT 2021 

https://bugs.llvm.org/show_bug.cgi?id=50785

            Bug ID: 50785
           Summary: clang incorrectly produces ARM STM instead of STR in
                    thumb mode
           Product: clang
           Version: 12.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: release blocker
          Priority: P
         Component: C
          Assignee: unassignedclangbugs at nondot.org
          Reporter: matthieu.bouron at gmail.com
                CC: blitzrakete at gmail.com, dgregor at apple.com,
                    erik.pilkington at gmail.com, llvm-bugs at lists.llvm.org,
                    richard-llvm at metafoo.co.uk

When compiling to ARM (32-bit) thumb mode, clang incorrectly produces stm
instead of str in some cases. This is causing issues (sigbus: illegal
alignment) if the destination pointer is not aligned.

This can be reproduced with the following minimal C code:

    #include <stdint.h>

    uint8_t *f(uint8_t *buf)
    {
        *(uint32_t*)buf = 0;
        return buf + 4;
    }

which, when compiled with -O2 -mthumb, produces the following ARM ASM:

    f:
        movs    r1, #0
        stm     r0!, {r1}
        bx      lr

whereas GCC (or clang without -mthumb) produces:

    f:
        movs    r3, #0
        str     r3, [r0], #4
        bx      lr


This happens on clang 9.x, 10.x, 11.x and 12.x as well as the versions provided
by the Android NDK (r21e, r22b).

This issue was found when debugging a crash occurring in libjpeg-turbo 2.1.0
when compiled to ARM (32-bit) thumb node / Android. The crash happens at:
https://github.com/libjpeg-turbo/libjpeg-turbo/blob/1a1fb615db39880044b789bdb36b351865d9ec4a/simd/arm/jchuff.h#L84
(called by
https://github.com/libjpeg-turbo/libjpeg-turbo/blob/1a1fb615db39880044b789bdb36b351865d9ec4a/simd/arm/aarch32/jchuff-neon.c#L295)

where:

    *((uint32_t *)buffer) = BUILTIN_BSWAP32(put_buffer);
    buffer += 4;

gets compiled to rev + stm instead of rev + str, causing a sigbus error
(illegal alignment) because buffer is not necessarily aligned.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210621/cd5c4bb3/attachment-0001.html>

More information about the llvm-bugs mailing list