search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
29.11k stars 12.01k forks source link

Bad x86-64 codegen in switch statement with -O0 and -mllvm -x86-speculative-load-hardening causes Segmentation fault #93898

Open samuel-lee-msft opened 5 months ago

samuel-lee-msft commented 5 months ago

Simple repro is here, with a switch statement with >=5 cases: https://godbolt.org/z/9ozTKGP48

Clang-11 compiles this fine, but since Clang-12.0.0 until at least Clang-18.1.0 there is some confusion in the compiler.

In the code associated with the case statements, an 8-byte value is "reloaded" from rbp - 56. Unfortunately, this is not a location to which a register has previously been spilled!

This then causes cmp rdx, offset .LBB0_x to be not equal, and 0xffff800000000000 is or-ed into rsp in the epilogue of the function, generating a Segmentation fault (I believe this is supposed to only or in a non-zero value non-architecturally as part of speculative load hardening).

llvmbot commented 5 months ago

@llvm/issue-subscribers-backend-x86

Author: Samuel Lee (samuel-lee-msft)

Simple repro is here, with a switch statement with >=5 cases: https://godbolt.org/z/9ozTKGP48 Clang-11 compiles this fine, but since Clang-12.0.0 until at least Clang-18.1.0 there is some confusion in the compiler. In the code associated with the case statements, an 8-byte value is "reloaded" from `rbp - 56`. Unfortunately, this is not a location to which a register has previously been spilled! This then causes `cmp rdx, offset .LBB0_x` to be not equal, and `0xffff800000000000` is or-ed into rsp in the epilogue of the function, generating a Segmentation fault (I believe this is supposed to only or in a non-zero value non-architecturally as part of speculative load hardening).