[LLVMbugs] [Bug 6944] New: Calling a non-sret function with an sret convention corrupts the stack

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Mon Apr 26 18:03:57 CDT 2010


http://llvm.org/bugs/show_bug.cgi?id=6944

           Summary: Calling a non-sret function with an sret convention
                    corrupts the stack
           Product: new-bugs
           Version: trunk
          Platform: PC
        OS/Version: FreeBSD
            Status: NEW
          Severity: normal
          Priority: P
         Component: new bugs
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: csdavec at swan.ac.uk
                CC: llvmbugs at cs.uiuc.edu


[theraven at EtoileVM ~/tmp]$ cat fpret.c
typedef struct
{
    double x,y;
} rect;

typedef rect (*aRet)(void);

int foo(void)
{
    return 0;
}

int main(void)
{
    rect a;
    aRet f = (aRet)foo;
    a = f();
    return 0;
}
$ clang fpret.c && ./a.out
Segmentation fault: 11 (core dumped)
$ gcc fpret.c && ./a.out

This is a reduced test case - the problem is exhibited most commonly when
calling an Objective-C method that returns a structure on nil.  The code
generated by GCC returns some undefined value, as does the code generated by
clang, however the code generated by clang crashes (somewhat confusingly) when
the calling function returns.  In this case, when main() returns.  

The assembly produced by clang is very different from that produced by gcc. 
GCC produces this:

main:
    leal    4(%esp), %ecx
    andl    $-16, %esp
    pushl   -4(%ecx)
    pushl   %ebp
    movl    %esp, %ebp
    pushl   %ecx
    subl    $52, %esp
    movl    $foo, -12(%ebp)
    leal    -32(%ebp), %eax
    movl    %eax, (%esp)
    movl    -12(%ebp), %eax
    call    *%eax
    subl    $4, %esp
    movl    $0, %eax
    movl    -4(%ebp), %ecx
    leave
    leal    -4(%ecx), %esp
    ret


Clang produces this:

main:
    pushl   %ebp
    movl    %esp, %ebp
    subl    $32, %esp
    movl    $0, -4(%ebp)
    leal    foo, %eax
    movl    %eax, -28(%ebp)
    movl    -28(%ebp), %eax
    movl    %esp, %ecx
    leal    -24(%ebp), %edx
    movl    %edx, (%ecx)
    call    *%eax
    subl    $4, %esp
    movl    $0, -4(%ebp)
    movl    -4(%ebp), %eax
    addl    $32, %esp
    popl    %ebp
    ret

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the LLVMbugs mailing list