[llvm-branch-commits] [llvm] release/22.x: [X86] Fix missing ByValTemporaries update in CopyViaTemp path for musttail calls (#190540) (PR #192507)

via llvm-branch-commits Thu, 16 Apr 2026 11:31:48 -0700

https://github.com/llvmbot created 
https://github.com/llvm/llvm-project/pull/192507


Backport abd502a44e5ef19a302d943eeb017c29124b96e9

Requested by: @RKSimon

>From c3b8880514ef032e85f4475fbdd926f5bc7a86b7 Mon Sep 17 00:00:00 2001
From: Zile Xiong <[email protected]>
Date: Wed, 8 Apr 2026 23:11:31 +0800
Subject: [PATCH] [X86] Fix missing ByValTemporaries update in CopyViaTemp path
 for musttail calls (#190540)

This fixes a miscompilation in musttail calls with byval arguments on
X86.

In the CopyViaTemp path, a temporary stack object is created and the
argument is copied into it.
However, the temporary is not recorded in ByValTemporaries,
so the final lowering phase does not emit the copy to the real outgoing
argument slot.

As a result, the callee may read incorrect values from the stack.

Fix this by recording the temporary in ByValTemporaries so that the
final lowering step correctly copies the argument to the expected stack
location.

Reproducer: https://github.com/llvm/llvm-project/issues/190429
(cherry picked from commit abd502a44e5ef19a302d943eeb017c29124b96e9)
---
 llvm/lib/Target/X86/X86ISelLoweringCall.cpp |  1 +
 llvm/test/CodeGen/X86/musttail-struct.ll    | 58 ++++++++++++++++-----
 2 files changed, 46 insertions(+), 13 deletions(-)

diff --git a/llvm/lib/Target/X86/X86ISelLoweringCall.cpp 
b/llvm/lib/Target/X86/X86ISelLoweringCall.cpp
index 7e1c894655f3f..a5300d3e38ecc 100644
--- a/llvm/lib/Target/X86/X86ISelLoweringCall.cpp
+++ b/llvm/lib/Target/X86/X86ISelLoweringCall.cpp
@@ -2251,6 +2251,7 @@ 
X86TargetLowering::LowerCall(TargetLowering::CallLoweringInfo &CLI,
         SDValue CopyChain =
             CreateCopyOfByValArgument(Src, Temp, Chain, Flags, DAG, dl);
         ByValCopyChains.push_back(CopyChain);
+        ByValTemporaries[ArgIdx] = Temp;
       }
     }
     if (!ByValCopyChains.empty())
diff --git a/llvm/test/CodeGen/X86/musttail-struct.ll 
b/llvm/test/CodeGen/X86/musttail-struct.ll
index 735fd674a2ff1..22a2aedb6e213 100644
--- a/llvm/test/CodeGen/X86/musttail-struct.ll
+++ b/llvm/test/CodeGen/X86/musttail-struct.ll
@@ -104,8 +104,10 @@ define dso_local i32 @swapByValArguments(ptr 
byval(%struct.1xi32) %0, ptr byval(
 ; X32-NEXT:    .cfi_def_cfa_offset 12
 ; X32-NEXT:    mov eax, dword ptr [esp + 12]
 ; X32-NEXT:    mov dword ptr [esp], eax
-; X32-NEXT:    mov eax, dword ptr [esp + 16]
-; X32-NEXT:    mov dword ptr [esp + 4], eax
+; X32-NEXT:    mov ecx, dword ptr [esp + 16]
+; X32-NEXT:    mov dword ptr [esp + 4], ecx
+; X32-NEXT:    mov dword ptr [esp + 12], ecx
+; X32-NEXT:    mov dword ptr [esp + 16], eax
 ; X32-NEXT:    add esp, 8
 ; X32-NEXT:    .cfi_def_cfa_offset 4
 ; X32-NEXT:    jmp swap # TAILCALL
@@ -114,8 +116,10 @@ define dso_local i32 @swapByValArguments(ptr 
byval(%struct.1xi32) %0, ptr byval(
 ; X64:       # %bb.0:
 ; X64-NEXT:    mov eax, dword ptr [rsp + 8]
 ; X64-NEXT:    mov dword ptr [rsp - 16], eax
-; X64-NEXT:    mov eax, dword ptr [rsp + 16]
-; X64-NEXT:    mov dword ptr [rsp - 8], eax
+; X64-NEXT:    mov ecx, dword ptr [rsp + 16]
+; X64-NEXT:    mov dword ptr [rsp - 8], ecx
+; X64-NEXT:    mov dword ptr [rsp + 8], ecx
+; X64-NEXT:    mov dword ptr [rsp + 16], eax
 ; X64-NEXT:    jmp swap # TAILCALL
   %r = musttail call i32 @swap(ptr byval(%struct.1xi32) %1, ptr 
byval(%struct.1xi32) %0)
   ret i32 %r
@@ -218,22 +222,50 @@ define void @swap_byvals(%twenty_bytes* 
byval(%twenty_bytes) align 4 %a, %twenty
 ; X32-NEXT:    mov ecx, dword ptr [esp + 68]
 ; X32-NEXT:    mov dword ptr [esp + 24], ecx
 ; X32-NEXT:    mov dword ptr [esp + 20], eax
+; X32-NEXT:    mov eax, dword ptr [esp + 16]
+; X32-NEXT:    mov dword ptr [esp + 80], eax
+; X32-NEXT:    mov eax, dword ptr [esp + 12]
+; X32-NEXT:    mov dword ptr [esp + 76], eax
+; X32-NEXT:    mov eax, dword ptr [esp + 8]
+; X32-NEXT:    mov dword ptr [esp + 72], eax
+; X32-NEXT:    mov eax, dword ptr [esp]
+; X32-NEXT:    mov ecx, dword ptr [esp + 4]
+; X32-NEXT:    mov dword ptr [esp + 68], ecx
+; X32-NEXT:    mov dword ptr [esp + 64], eax
+; X32-NEXT:    mov eax, dword ptr [esp + 36]
+; X32-NEXT:    mov dword ptr [esp + 60], eax
+; X32-NEXT:    mov eax, dword ptr [esp + 32]
+; X32-NEXT:    mov dword ptr [esp + 56], eax
+; X32-NEXT:    mov eax, dword ptr [esp + 28]
+; X32-NEXT:    mov dword ptr [esp + 52], eax
+; X32-NEXT:    mov eax, dword ptr [esp + 20]
+; X32-NEXT:    mov ecx, dword ptr [esp + 24]
+; X32-NEXT:    mov dword ptr [esp + 48], ecx
+; X32-NEXT:    mov dword ptr [esp + 44], eax
 ; X32-NEXT:    add esp, 40
 ; X32-NEXT:    .cfi_def_cfa_offset 4
 ; X32-NEXT:    jmp two_byvals_callee@PLT # TAILCALL
 ;
 ; X64-LABEL: swap_byvals:
 ; X64:       # %bb.0: # %entry
-; X64-NEXT:    mov eax, dword ptr [rsp + 24]
-; X64-NEXT:    mov dword ptr [rsp - 8], eax
 ; X64-NEXT:    movaps xmm0, xmmword ptr [rsp + 8]
-; X64-NEXT:    movaps xmmword ptr [rsp - 24], xmm0
-; X64-NEXT:    mov eax, dword ptr [rsp + 48]
-; X64-NEXT:    mov dword ptr [rsp - 32], eax
-; X64-NEXT:    mov rax, qword ptr [rsp + 32]
-; X64-NEXT:    mov rcx, qword ptr [rsp + 40]
-; X64-NEXT:    mov qword ptr [rsp - 40], rcx
-; X64-NEXT:    mov qword ptr [rsp - 48], rax
+; X64-NEXT:    movaps xmmword ptr [rsp - 56], xmm0
+; X64-NEXT:    mov eax, dword ptr [rsp + 24]
+; X64-NEXT:    mov dword ptr [rsp - 40], eax
+; X64-NEXT:    mov ecx, dword ptr [rsp + 48]
+; X64-NEXT:    mov dword ptr [rsp - 8], ecx
+; X64-NEXT:    mov rdx, qword ptr [rsp + 32]
+; X64-NEXT:    mov rsi, qword ptr [rsp + 40]
+; X64-NEXT:    mov qword ptr [rsp - 16], rsi
+; X64-NEXT:    mov qword ptr [rsp - 24], rdx
+; X64-NEXT:    mov qword ptr [rsp + 8], rdx
+; X64-NEXT:    mov qword ptr [rsp + 16], rsi
+; X64-NEXT:    mov dword ptr [rsp + 24], ecx
+; X64-NEXT:    mov dword ptr [rsp + 48], eax
+; X64-NEXT:    mov rax, qword ptr [rsp - 56]
+; X64-NEXT:    mov rcx, qword ptr [rsp - 48]
+; X64-NEXT:    mov qword ptr [rsp + 32], rax
+; X64-NEXT:    mov qword ptr [rsp + 40], rcx
 ; X64-NEXT:    jmp two_byvals_callee@PLT # TAILCALL
 entry:
   musttail call void @two_byvals_callee(%twenty_bytes* byval(%twenty_bytes) 
align 4 %b, %twenty_bytes* byval(%twenty_bytes) align 4 %a)

_______________________________________________
llvm-branch-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [llvm] release/22.x: [X86] Fix missing ByValTemporaries update in CopyViaTemp path for musttail calls (#190540) (PR #192507)

Reply via email to