x86 Intel assembler assembles indirect calls through absolute memory as direct calls to that address

[Quuxplusone]

Bugzilla Link	PR20511
Status	NEW
Importance	P normal
Reported by	Reid Kleckner (rnk@google.com)
Reported on	2014-08-01 15:33:36 -0700
Last modified on	2018-09-27 09:53:52 -0700
Version	trunk
Hardware	PC Windows NT
CC	comexk@gmail.com, david.majnemer@gmail.com, ehsan.akhgari@gmail.com, grosbach@apple.com, jmuizelaar@mozilla.com, llvm-bugs@lists.llvm.org, rafael@espindo.la
Fixed by commit(s)
Attachments
Blocks
Blocked by
See also

This is obviously broken:

$ cat t.s
.intel_syntax
foo:
        call dword ptr [foo]

$ llvm-mc t.s
        .text
foo:
        calll   foo

Both 'foo' and '[foo]' get parsed as absolute memory X86Operands, and the
pcrel32 variants of 'call' match absolute memory operands.  Therefore we have
ambiguity.  The gas-style assembler looks for an optional '*' token to
disambiguate.

See also http://llvm.org/PR20052.

[Quuxplusone]

This bug is still present on latest trunk:

% cat a.s
.intel_syntax noprefix
jmp foo
jmp [foo]
jmp eax
jmp [eax]

% i686-elf-as -o a.o a.s # GNU as behaves correctly
% i686-elf-objdump -d a.o
[...snip...]
   0:   e9 fc ff ff ff          jmp    0x1
   5:   ff 25 00 00 00 00       jmp    *0x0
   b:   ff e0                   jmp    *%eax
   d:   ff 20                   jmp    *(%eax)

% clang -target i686-elf -c -o a.o a.s
% i686-elf-objdump -d a.o
[...snip...]
   0:   e9 fc ff ff ff          jmp    0x1
   5:   e9 fc ff ff ff          jmp    0x6
   a:   ff e0                   jmp    *%eax
   c:   ff 20                   jmp    *(%eax)

% clang --version
clang version 8.0.0 (https://llvm.org/git/clang.git
7bee69dec5de77cadcdcc2ac9e4341adfa85f4c3) (https://llvm.org/git/llvm.git
3b35e17b21e388832d7b560a06a4f9eeaeb35330)
Target: x86_64-apple-darwin18.0.0
Thread model: posix
InstalledDir: /usr/local/opt/llvm/bin