Mark the return address stack slot as mutable when moving the return address

during a tail call. A parameter might overwrite this stack slot during the tail call. The sequence during a tail call is: 1.) load return address to temp reg 2.) move parameters (might involve storing to return address stack slot) 3.) store return address to new location from temp reg If the stack location is marked immutable CodeGen can colocate load (1) with the store (3). This fixes bug 6225. llvm-svn: 96783
author: Arnold Schwaighofer <arnold.schwaighofer@gmail.com> 2010-02-22 16:18:09 +0000
committer: Arnold Schwaighofer <arnold.schwaighofer@gmail.com> 2010-02-22 16:18:09 +0000
commit: 30ece5b8077676358a521abacad342d5ab334d97 (patch)
tree: ee8bb40b299ca85934d4cb81f19b2ff34afb3779 /llvm
parent: 260918ce5c5c75ab234f25f9f92e1a5597bd838e (diff)
download: bcm5719-llvm-30ece5b8077676358a521abacad342d5ab334d97.tar.gz
bcm5719-llvm-30ece5b8077676358a521abacad342d5ab334d97.zip
2 files changed, 57 insertions, 2 deletions
diff --git a/llvm/lib/Target/X86/X86ISelLowering.cpp b/llvm/lib/Target/X86/X86ISelLowering.cpp
index 624d65bf1f7..7f9d0820b24 100644
--- a/llvm/lib/Target/X86/X86ISelLowering.cpp
+++ b/llvm/lib/Target/X86/X86ISelLowering.cpp
@@ -1744,7 +1744,7 @@ EmitTailCallStoreRetAddr(SelectionDAG & DAG, MachineFunction &MF,
   // Calculate the new stack slot for the return address.
   int SlotSize = Is64Bit ? 8 : 4;
   int NewReturnAddrFI =
-    MF.getFrameInfo()->CreateFixedObject(SlotSize, FPDiff-SlotSize, true,false);
+    MF.getFrameInfo()->CreateFixedObject(SlotSize, FPDiff-SlotSize, false, false);
   EVT VT = Is64Bit ? MVT::i64 : MVT::i32;
   SDValue NewRetAddrFrIdx = DAG.getFrameIndex(NewReturnAddrFI, VT);
   Chain = DAG.getStore(Chain, dl, RetAddrFrIdx, NewRetAddrFrIdx,
@@ -2377,7 +2377,7 @@ SDValue X86TargetLowering::getReturnAddressFrameIndex(SelectionDAG &DAG) {
     // Set up a frame object for the return address.
     uint64_t SlotSize = TD->getPointerSize();
     ReturnAddrIndex = MF.getFrameInfo()->CreateFixedObject(SlotSize, -SlotSize,
-                                                           true, false);
+                                                           false, false);
     FuncInfo->setRAIndex(ReturnAddrIndex);
   }
 
diff --git a/llvm/test/CodeGen/X86/2010-02-19-TailCallRetAddrBug.ll b/llvm/test/CodeGen/X86/2010-02-19-TailCallRetAddrBug.ll
new file mode 100644
index 00000000000..eb21dc234a0
--- /dev/null
+++ b/llvm/test/CodeGen/X86/2010-02-19-TailCallRetAddrBug.ll
@@ -0,0 +1,55 @@
+; RUN: llc -mtriple=i386-apple-darwin -tailcallopt < %s | FileCheck %s
+; Check that lowered argumens do not overwrite the return address before it is moved.
+; Bug 6225
+;
+; If a call is a fastcc tail call and tail call optimization is enabled, the
+; caller frame is replaced by the callee frame. This can require that arguments are 
+; placed on the former return address stack slot. Special care needs to be taken
+; taken that the return address is moved / or stored in a register before
+; lowering of arguments potentially overwrites the value.
+;
+; Move return address (76(%esp)) to a temporary register (%ebp)
+; CHECK: movl 76(%esp), %ebp
+; Overwrite return addresss
+; CHECK: movl %ecx, 76(%esp)
+; Move return address from temporary register (%ebp) to new stack location (60(%esp))
+; CHECK: movl %ebp, 60(%esp)
+
+%tupl_p = type [9 x i32]*
+
+declare fastcc void @l297(i32 %r10, i32 %r9, i32 %r8, i32 %r7, i32 %r6, i32 %r5, i32 %r3, i32 %r2) noreturn nounwind
+declare fastcc void @l298(i32 %r10, i32 %r9, i32 %r4) noreturn nounwind
+
+define fastcc void @l186(%tupl_p %r1) noreturn nounwind {
+entry:
+  %ptr1 = getelementptr %tupl_p %r1, i32 0, i32 0
+  %r2 = load i32* %ptr1
+  %ptr3 = getelementptr %tupl_p %r1, i32 0, i32 1
+  %r3 = load i32* %ptr3
+  %ptr5 = getelementptr %tupl_p %r1, i32 0, i32 2
+  %r4 = load i32* %ptr5
+  %ptr7 = getelementptr %tupl_p %r1, i32 0, i32 3
+  %r5 = load i32* %ptr7
+  %ptr9 = getelementptr %tupl_p %r1, i32 0, i32 4
+  %r6 = load i32* %ptr9
+  %ptr11 = getelementptr %tupl_p %r1, i32 0, i32 5
+  %r7 = load i32* %ptr11
+  %ptr13 = getelementptr %tupl_p %r1, i32 0, i32 6
+  %r8 = load i32* %ptr13
+  %ptr15 = getelementptr %tupl_p %r1, i32 0, i32 7
+  %r9 = load i32* %ptr15
+  %ptr17 = getelementptr %tupl_p %r1, i32 0, i32 8
+  %r10 = load i32* %ptr17
+  %cond = icmp eq i32 %r10, 3
+  br i1 %cond, label %true, label %false
+
+true:
+  tail call fastcc void @l297(i32 %r10, i32 %r9, i32 %r8, i32 %r7, i32 %r6, i32 %r5, i32 %r3, i32 %r2) noreturn nounwind
+  ret void
+
+false:
+  tail call fastcc void @l298(i32 %r10, i32 %r9, i32 %r4) noreturn nounwind
+  ret void
+}
+
+
author	Arnold Schwaighofer <arnold.schwaighofer@gmail.com>	2010-02-22 16:18:09 +0000
committer	Arnold Schwaighofer <arnold.schwaighofer@gmail.com>	2010-02-22 16:18:09 +0000
commit	30ece5b8077676358a521abacad342d5ab334d97 (patch)
tree	ee8bb40b299ca85934d4cb81f19b2ff34afb3779 /llvm
parent	260918ce5c5c75ab234f25f9f92e1a5597bd838e (diff)
download	bcm5719-llvm-30ece5b8077676358a521abacad342d5ab334d97.tar.gz bcm5719-llvm-30ece5b8077676358a521abacad342d5ab334d97.zip