search

Quuxplusone / LLVMBugzillaTest

0 stars 0 forks source link

Crash on converting int128 to float #26557

Closed Quuxplusone closed 8 years ago

Quuxplusone commented 8 years ago
Bugzilla Link PR26559
Status RESOLVED FIXED
Importance P normal
Reported by Marcin Kościelnicki (koriakin@0x04.net)
Reported on 2016-02-10 06:46:59 -0800
Last modified on 2016-03-07 06:49:35 -0800
Version trunk
Hardware Other Linux
CC kit.barton@gmail.com, llvm-bugs@lists.llvm.org, uweigand@de.ibm.com
Fixed by commit(s)
Attachments
Blocks
Blocked by
See also 
$ cat bug.c
typedef unsigned tu_int __attribute__ ((mode (TI)));

tu_int a = 1;
float b;

int main() {
        b = a;
        return 0;
}
$ clang bug.c -O3
$ ./a.out
Segmentation fault (core dumped)

(-O3 is not necessary, but simplifies the emitted assembly)

This is a backend bug - clang simply emits a uitofp:

; Function Attrs: norecurse nounwind
define signext i32 @main() #0 {
entry:
  %0 = load i128, i128* @a, align 16, !tbaa !1
  %conv = uitofp i128 %0 to float
  store float %conv, float* @b, align 4, !tbaa !5
  ret i32 0
}

It seems __floatuntis is incorrectly called with the argument in %r2:%r3, when
it should be called with pointer to argument in %r2:

main:                                   # @main
# BB#0:                                 # %entry
        stmg    %r14, %r15, 112(%r15)
        aghi    %r15, -160
        lgrl    %r2, a
        lgrl    %r3, a+8
        brasl   %r14, __floatuntisf@PLT
        larl    %r1, b
        ste     %f0, 0(%r1)
        lghi    %r2, 0
        lmg     %r14, %r15, 272(%r15)
        br      %r14

gcc gets that right:

main:
.LFB0:
        .cfi_startproc
        stmg    %r14,%r15,112(%r15)
        larl    %r1,a
        lmg     %r4,%r5,0(%r1)
        .cfi_offset 14, -48
        .cfi_offset 15, -40
        lay     %r15,-176(%r15)
        .cfi_def_cfa_offset 336
        la      %r2,160(%r15)
        stmg    %r4,%r5,160(%r15)
        brasl   %r14,__floatuntisf
        lghi    %r2,0
        larl    %r5,b
        lmg     %r14,%r15,288(%r15)
        .cfi_restore 15
        .cfi_restore 14
        .cfi_def_cfa_offset 160
        ste     %f0,0(%r5)
        br      %r14
        .cfi_endproc

Found when attempting to port UBSan to SystemZ (compiler-
rt/test/ubsan/TestCases/Float/cast-overflow.cpp triggers it).
Quuxplusone commented 8 years ago

Confirmed. I'll have a look.

Quuxplusone commented 8 years ago

Fixed in LLVM rev. 261325.

Quuxplusone commented 8 years ago

Works just fine now, and the UBSan testsuite passes with D17660 applied.