[llvm] r219899 - TRE: make TRE a bit more aggressive

Reid Kleckner rnk at google.com
Fri Oct 17 13:51:01 PDT 2014 

On Fri, Oct 17, 2014 at 1:22 PM, Nick Lewycky <nlewycky at google.com> wrote:

> On 17 October 2014 13:00, Reid Kleckner <rnk at google.com> wrote:
>
>> On Fri, Oct 17, 2014 at 12:56 PM, Nick Lewycky <nlewycky at google.com>
>> wrote:
>>
>>> On 17 October 2014 12:17, Rafael EspĂ­ndola <rafael.espindola at gmail.com>
>>> wrote:
>>>
>>>> In fact this was PR7272.
>>>>
>>>
>>> PR7272 is the other way around?
>>>
>>> define void @foo(i32* %x) {
>>>   tail call void @bar(i32* byval %x)  ;; bad tail from PR7272
>>>   ret void
>>> }
>>>
>>> define void @foo(i32* byval %x) {
>>>   tail call void @bar(i32* %x)  ;; okay tail from this patch
>>>   ret void
>>> }
>>>
>>
>> This is precisely the case when it's not safe to tail call. You're
>> capturing the address of something allocated on the current stack frame and
>> passing it down, which you can't do.
>>
>
> Maybe I'm misunderstanding, but I really think this is fine. Specifically
> I claim your error is on the clause "allocated on the current stack frame".
> It's not allocated on the current stack frame, it's allocated on the stack
> frame one above us.
>

This is just the classic ambiguity of "who's frame are the arguments in?"
'byval' lets you capture the address of your arguments, sometimes. That
argument stack space is reused to set up the arguments to the next call.
Suppose that TCE did occur in the example you give, you would see this code
for foo on regular x86, which has no register parameters:

foo:
  pushl ebp
  leal 8(%esp), %eax ; take address of x
  movl %eax, 8(%esp) ; store address of x into argument slot for tail call
  popl ebp
  jmp bar

And now we've overwritten the contents of x.

declare void @bar(i32*)
>
> define void @foo(i32* byval %x) {
>   call void @bar(i32* %x)
>   ret void
> }
>
> define void @test(i32* %y) {
>   call void @foo(i32* byval %y)
>   ret void
> }
>
> foo:                                    # @foo
>         pushq   %rax
>         leaq    16(%rsp), %rdi
>         callq   bar
>         popq    %rax
>         retq
>
> test:                                   # @test
>         pushq   %rax
>         movl    (%rdi), %eax
>         movl    %eax, (%rsp)
>         callq   foo
>         popq    %rax
>         retq
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20141017/b53281e3/attachment.html>

More information about the llvm-commits mailing list