double on 32-bit x86 without SSE can cause the value to mutate

LLVM Bugs via llvm-bugs Tue, 23 Apr 2024 09:31:57 -0700

Issue	89791
Summary	Loading/storing float/double on 32-bit x86 without SSE can cause the value to mutate
Labels	new issue
Assignees
Reporter	beetrees

    In LLVM IR, it is valid to transform
```llvm
%x = load i32, ptr %0
store i32 %x, ptr %1
```


into

```llvm
%x = load float, ptr %0
store float %x, ptr %1
```

([alive2](https://alive2.llvm.org/ce/z/CexSsR))

However, the 32-bit x86 backend will (when SSE is disabled) miscompile the second example:

```asm
fld     dword ptr [ecx]
fstp    dword ptr [eax]
```

([comparison](https://alive2.llvm.org/ce/z/KXdENm))

This is a miscompilation as the `fld`/`fstp` instructions will convert bit patterns that are signalling NaNs to quiet NaNs (e.g. 0xff800001 -> 0xffc00001).

This can cause miscompilations like [this one](https://github.com/rust-lang/rust/issues/114479#issuecomment-2072052116), where the optimiser replaced an integer load/store with a float load/store, ultimately resulting in a segfault.

Related to #44218.

_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

[llvm-bugs] [Bug 89791] Loading/storing float/double on 32-bit x86 without SSE can cause the value to mutate

Reply via email to