Page MenuHomePhabricator

[mips] LLVM PR/30197 - Tail call incorrectly clobbers arguments
ClosedPublic

Authored by sdardis on Aug 31 2016, 6:45 AM.

Details

Reviewers
vkalintiris
Summary

The postRA scheduler performs alias analysis to determine if stores and loads
can moved past each other. When a function has more arguments than argument
registers for the calling convention used, excess arguments are spilled onto the
stack. LLVM by default assumes that argument slots are immutable, unless the
function contains a tail call. Without the knowledge of that a function contains
a tail call site, stores and loads to fixed stack slots may be re-ordered
causing the out-going arguments to clobber the incoming arguments before the
incoming arguments are supposed to be dead.

Diff Detail

Event Timeline

sdardis updated this revision to Diff 69843.Aug 31 2016, 6:45 AM
sdardis retitled this revision from to [mips] LLVM PR/30197 - Tail call incorrectly clobbers arguments.
sdardis updated this object.
sdardis added a reviewer: vkalintiris.
sdardis set the repository for this revision to rL LLVM.
sdardis added a subscriber: llvm-commits.
vkalintiris accepted this revision.Sep 7 2016, 5:59 AM
vkalintiris edited edge metadata.

LGTM but make sure that the checks from the new test enforce the correct ordering of loads/stores.

test/CodeGen/Mips/tailcall/tail-call-arguments-clobber.ll
19

We need a CHECK-LABEL in order to avoid sourcing instructions from func3 (similarly for func3).

21–24

I don't think that this set of checks will enforce the ordering of loads/stores (similarly for func3).

This revision is now accepted and ready to land.Sep 7 2016, 5:59 AM
sdardis marked an inline comment as done.Sep 9 2016, 3:12 AM
sdardis added inline comments.
test/CodeGen/Mips/tailcall/tail-call-arguments-clobber.ll
21–24

Are you expecting the loads to come in a specific order? I was testing that the loads comes before the stores, as otherwise the callee/caller argument area gets clobbered. I didn't see the value in checking that 16(sp) comes before 20(sp) for the loads.

The original bug is this:

lui $2, %hi(_gp_disp)
addiu $2, $2, %lo(_gp_disp)
addu  $gp, $2, $25
lw  $2, 16($sp)
sw  $5, 20($sp)  <- swapped with the load beneath
lw  $1, 20($sp)  <- should be before the store
sw  $2, 16($sp)
lw  $25, %call16(func1)($gp)
jr  $25
move   $5, $1

Whether the load of 16(sp) comes before the load of 20(sp) doesn't seem to matter to me. I'll modify the test to expose the bug better, as it should be using -relocation-model=pic.

sdardis closed this revision.Sep 21 2016, 2:52 AM
sdardis updated this object.
sdardis edited edge metadata.

Thanks, committed as r282063.