llvm dev - Nov 2016 - llc generating code that writes below the stack pointer on darwin/x86-64

Hi,

Is there something wrong with my inline assembly below?

***
target datalayout = 
"e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
target triple = "x86_64-apple-macosx10.5"

define void @"\01_SYSTEM_$$_SETMXCSR$LONGWORD"(i32 %p.w) nobuiltin {
; [71] procedure SetMXCSR(w : dword);
         %tmp.1 = alloca i32, align 4
; Var w located at %tmp.1
; [72] begin
         store i32 %p.w, i32* %tmp.1, align 4
; [73] defaultmxcsr:=w;
         %reg.1_16 = load i32, i32* %tmp.1, align 4
         store i32 %reg.1_16, i32* @"\01_TC_$SYSTEM_$$_DEFAULTMXCSR", 
align 4
; [75] ldmxcsr w
         call void asm sideeffect "# 
[math.inc]\0A\09ldmxcsr\09$0\0A","=*m,~{memory},~{fpsr},~{flags},~{rax},~{rcx},~{rdx},~{rsi},~{rdi},~{r8},~{r9},~{r10},~{r11}"(i32*
%tmp.1)
; [77] end;
         br label %Lj1135
Lj1135:
         ret void
}

@"\01_TC_$SYSTEM_$$_DEFAULTMXCSR" = global i32 6400, align 4
***

I know the clobber list is overly conservative, but it's automatically 
generated by our compiler, which does not have the necessary information 
to reduce it.

The resulting assembly generated by llc -O2 is:

***
         .section        __TEXT,__text,regular,pure_instructions
         .macosx_version_min 10, 5
         .globl  _SYSTEM_$$_SETMXCSR$LONGWORD
         .p2align        4, 0x90
_SYSTEM_$$_SETMXCSR$LONGWORD:           ## 
@"\01_SYSTEM_$$_SETMXCSR$LONGWORD"
         .cfi_startproc
## BB#0:
         movl    %edi, -4(%rsp)
         movl    %edi, _TC_$SYSTEM_$$_DEFAULTMXCSR(%rip)
         ## InlineAsm Start
         ## [math.inc]
         ldmxcsr -4(%rsp)
         ##  CPU ATHLON64

         ## InlineAsm End
         retq
         .cfi_endproc

         .section        __DATA,__data
         .globl  _TC_$SYSTEM_$$_DEFAULTMXCSR ## 
@"\01_TC_$SYSTEM_$$_DEFAULTMXCSR"
         .p2align        2
_TC_$SYSTEM_$$_DEFAULTMXCSR:
         .long   6400                    ## 0x1900


.subsections_via_symbols
***

This code use a negative stack offset, which is forbidden on x86-64 
(there's no red zone). This happens with llc from llvm 3.7, 3.8 and 3.9.

Thanks,


Jonas

> On Nov 13, 2016, at 11:12, Jonas Maebe via llvm-dev <llvm-dev at
lists.llvm.org> wrote:
> 
> This code use a negative stack offset, which is forbidden on x86-64
(there's no red zone). This happens with llc from llvm 3.7, 3.8 and 3.9.
Doesn't Darwin use the System V ABI [1]? As I understand it, there's a
128-byte red zone on x86-64.
> The 128-byte area beyond the location pointed to by %rsp is considered to
be reserved and shall not be modified by signal or interrupt handlers.
Therefore, functions may use this area for temporary data that is not needed
across function calls. In particular, leaf functions may use this area for their
entire stack frame, rather than adjusting the stack pointer in the prologue and
epilogue. This area is known as the red zone. [2]
1.
https://developer.apple.com/library/content/documentation/DeveloperTools/Conceptual/LowLevelABI/140-x86-64_Function_Calling_Conventions/x86_64.html
2.
http://web.archive.org/web/20160801075139/http://www.x86-64.org/documentation/abi.pdf

-- 
Stephen Checkoway

On 13/11/16 18:48, Stephen Checkoway wrote:
>
>> On Nov 13, 2016, at 11:12, Jonas Maebe via llvm-dev <llvm-dev at
lists.llvm.org> wrote:
>>
>> This code use a negative stack offset, which is forbidden on x86-64
(there's no red zone). This happens with llc from llvm 3.7, 3.8 and 3.9.
>
> Doesn't Darwin use the System V ABI [1]? As I understand it,
there's a 128-byte red zone on x86-64.
You're right, sorry. I got a crash in this routine, saw the negative 
stack offset, quickly searched to check whether there was a red zone, 
and from a summary of a found page assumed there wasn't, but the quoted 
section was about the Win64 ABI.

I'll have to look further to determine what caused the actual crash.

Thanks,


Jonas