| Issue |
167181
|
| Summary |
[aarch64] Potential tail call miscompilation, causing branch protection to fault
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
3405691582
|
Here is a reasonably minimal reproducing case (see https://godbolt.org/z/qjMxY7Wjj):
```
define internal tailcc void @g(ptr swiftasync %0) #0 {
call ptr @h() #2
musttail call tailcc void@f(
ptr null, ptr null, ptr null, ptr null,
ptr null, ptr null, ptr null, ptr null, ptr null)
ret void
}
define void @f(ptr, ptr, ptr, ptr, ptr, ptr, ptr,
ptr, ptr, ptr) #0 {
ret void
}
define void @h() #2 {
ret void
}
define protected i32 @main(i32 %0, ptr %1) #0 {
entry:
call void @g()
ret i32 0
}
attributes #0 = {
"branch-target-enforcement"
"frame-pointer"="non-leaf"
"no-trapping-math"="true"
"sign-return-address"="non-leaf"
"sign-return-address-key"="a_key"
"stack-protector-buffer-size"="8"
"target-cpu"="generic"
"target-features"="+fp-armv8,+neon,+strict-align,+v8a"
}
!llvm.module.flags = !{!1, !2, !3}
!1 = !{i32 1, !"wchar_size", i32 4}
!2 = !{i32 8, !"branch-target-enforcement", i32 1}
!3 = !{i32 8, !"sign-return-address", i32 1}
```
Function `g`'s stack pointer appears to not be restored properly:
```
g:
hint #25
orr x29, x29, #0x1000000000000000
sub sp, sp, #48
...
add sp, sp, #32
hint #29
b f
```
(This causes crashes in Swift when branch protection is enabled since Swift uses tail-calls in its concurrency system, see swiftlang/swift#80059)
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
