Closed vit9696 closed 5 years ago
Thanks for that catch and sorry. After a subsequent review, I discovered that the issue was lost during the minimisation.
However, a second attempt to minimise it actually showed that the issue only exists in our local copy, and not in upstream. Closing this as invalid.
Doesn't "jns .LBB0_11" mean if %eax >=0 goto 11?
Extended Description
LLVM 7.0 generates invalid code optimises out variable zeroing for 32-bit X86 at -O1 or higher when sanitizers are enabled. I was able to reproduce the issue with AddressSanitizer or UndefinedBehaviorSanitizer enabled, yet I believe they are just the trigger point. The IR looks fine, so most likely the issue lies in LLVM itself.
The bug is not reproducible on LLVM 8.0 or trunk. If LLVM 7.1 release is abandoned, it should be closed, otherwise I believe it is to be release blocker.
Test example is provided in the attachment. Both C file and generated .S file.
clang -S -c -target i386-gnu-linux -march=pentium2 -pipe -nostdinc -fno-asynchronous-unwind-tables -O1 -fno-builtin -I. -fno-omit-frame-pointer -m32 -fno-stack-protector -fsanitize=address -c d.c -o d.S
Relevant comments for generated asm:
pushl %esi ...
implicit-def: $esi ; allocates r temporary in %esi, which is filled with random data
... movl %esi, -16(%ebp) ... calll func1 testl %eax, %eax movl -16(%ebp), %ecx ; writes random data to %ecx cmovsl %eax, %ecx ; if (%eax < 0) %ecx = %eax movl %ecx, -16(%ebp) ; %ecx is returned back to stack ... jns .LBB0_11 → if (%eax < 0) goto 11 jmp .LBB0_19 ... .LBB0_19: ... movl -16(%ebp), %eax ; function returns random data when func1 returns >= 0 ... ret