1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
; RUN: llc -mattr=+zcmp -verify-machineinstrs \
; RUN: -mtriple=riscv32 -target-abi ilp32 < %s \
; RUN: | FileCheck %s -check-prefixes=RV32IZCMP
; RUN: llc -mattr=+zcmp -verify-machineinstrs \
; RUN: -mtriple=riscv64 -target-abi ilp64 < %s \
; RUN: | FileCheck %s -check-prefixes=RV64IZCMP
; This source code exposed a crash in the RISC-V Zcmp Push/Pop optimization
; pass. The root cause was: Not doing a bounds check before using a returned
; iterator.
declare dso_local void @f1() local_unnamed_addr
declare dso_local void @f2() local_unnamed_addr
define dso_local void @f0() local_unnamed_addr {
; RV32IZCMP-LABEL: f0:
; RV32IZCMP: .cfi_startproc
; RV32IZCMP-NEXT: # %bb.0: # %entry
; RV32IZCMP-NEXT: bnez zero, .LBB0_2
; RV32IZCMP-NEXT: # %bb.1: # %if.T
; RV32IZCMP-NEXT: cm.push {ra}, -16
; RV32IZCMP-NEXT: .cfi_def_cfa_offset 16
; RV32IZCMP-NEXT: .cfi_offset ra, -4
; RV32IZCMP-NEXT: call f1
; RV32IZCMP-NEXT: cm.pop {ra}, 16
; RV32IZCMP-NEXT: .LBB0_2: # %if.F
; RV32IZCMP-NEXT: tail f2
; RV32IZCMP-NEXT: .Lfunc_end0:
; RV64IZCMP-LABEL: f0:
; RV64IZCMP: .cfi_startproc
; RV64IZCMP-NEXT: # %bb.0: # %entry
; RV64IZCMP-NEXT: bnez zero, .LBB0_2
; RV64IZCMP-NEXT: # %bb.1: # %if.T
; RV64IZCMP-NEXT: cm.push {ra}, -16
; RV64IZCMP-NEXT: .cfi_def_cfa_offset 16
; RV64IZCMP-NEXT: .cfi_offset ra, -8
; RV64IZCMP-NEXT: call f1
; RV64IZCMP-NEXT: cm.pop {ra}, 16
; RV64IZCMP-NEXT: .LBB0_2: # %if.F
; RV64IZCMP-NEXT: tail f2
; RV64IZCMP-NEXT: .Lfunc_end0:
entry:
br i1 poison, label %if.T, label %if.F
if.T:
tail call void @f1()
br label %if.F
if.F:
tail call void @f2()
ret void
}
|
