153e89f5eSAnmol P. Paralkar; RUN: llc -mattr=+zcmp -verify-machineinstrs \ 27ad7db0dSCraig Topper; RUN: -mtriple=riscv32 -target-abi=ilp32 < %s \ 353e89f5eSAnmol P. Paralkar; RUN: | FileCheck %s -check-prefixes=RV32IZCMP 453e89f5eSAnmol P. Paralkar; RUN: llc -mattr=+zcmp -verify-machineinstrs \ 57ad7db0dSCraig Topper; RUN: -mtriple=riscv64 -target-abi=lp64 < %s \ 653e89f5eSAnmol P. Paralkar; RUN: | FileCheck %s -check-prefixes=RV64IZCMP 753e89f5eSAnmol P. Paralkar 853e89f5eSAnmol P. Paralkar; This source code exposed a crash in the RISC-V Zcmp Push/Pop optimization 953e89f5eSAnmol P. Paralkar; pass. The root cause was: Not doing a bounds check before using a returned 1053e89f5eSAnmol P. Paralkar; iterator. 1153e89f5eSAnmol P. Paralkar 1253e89f5eSAnmol P. Paralkardeclare dso_local void @f1() local_unnamed_addr 1353e89f5eSAnmol P. Paralkardeclare dso_local void @f2() local_unnamed_addr 1453e89f5eSAnmol P. Paralkardefine dso_local void @f0() local_unnamed_addr { 1553e89f5eSAnmol P. Paralkar; RV32IZCMP-LABEL: f0: 1653e89f5eSAnmol P. Paralkar; RV32IZCMP: .cfi_startproc 1753e89f5eSAnmol P. Paralkar; RV32IZCMP-NEXT: # %bb.0: # %entry 1853e89f5eSAnmol P. Paralkar; RV32IZCMP-NEXT: bnez zero, .LBB0_2 1953e89f5eSAnmol P. Paralkar; RV32IZCMP-NEXT: # %bb.1: # %if.T 2053e89f5eSAnmol P. Paralkar; RV32IZCMP-NEXT: cm.push {ra}, -16 2153e89f5eSAnmol P. Paralkar; RV32IZCMP-NEXT: .cfi_def_cfa_offset 16 2253e89f5eSAnmol P. Paralkar; RV32IZCMP-NEXT: .cfi_offset ra, -4 2353e89f5eSAnmol P. Paralkar; RV32IZCMP-NEXT: call f1 2453e89f5eSAnmol P. Paralkar; RV32IZCMP-NEXT: cm.pop {ra}, 16 25*97982a8cSdlav-sc; RV32IZCMP-NEXT: .cfi_restore ra 26*97982a8cSdlav-sc; RV32IZCMP-NEXT: .cfi_def_cfa_offset 0 2753e89f5eSAnmol P. Paralkar; RV32IZCMP-NEXT: .LBB0_2: # %if.F 2853e89f5eSAnmol P. Paralkar; RV32IZCMP-NEXT: tail f2 2953e89f5eSAnmol P. Paralkar; RV32IZCMP-NEXT: .Lfunc_end0: 3053e89f5eSAnmol P. Paralkar 3153e89f5eSAnmol P. Paralkar; RV64IZCMP-LABEL: f0: 3253e89f5eSAnmol P. Paralkar; RV64IZCMP: .cfi_startproc 3353e89f5eSAnmol P. Paralkar; RV64IZCMP-NEXT: # %bb.0: # %entry 3453e89f5eSAnmol P. Paralkar; RV64IZCMP-NEXT: bnez zero, .LBB0_2 3553e89f5eSAnmol P. Paralkar; RV64IZCMP-NEXT: # %bb.1: # %if.T 3653e89f5eSAnmol P. Paralkar; RV64IZCMP-NEXT: cm.push {ra}, -16 3753e89f5eSAnmol P. Paralkar; RV64IZCMP-NEXT: .cfi_def_cfa_offset 16 3853e89f5eSAnmol P. Paralkar; RV64IZCMP-NEXT: .cfi_offset ra, -8 3953e89f5eSAnmol P. Paralkar; RV64IZCMP-NEXT: call f1 4053e89f5eSAnmol P. Paralkar; RV64IZCMP-NEXT: cm.pop {ra}, 16 41*97982a8cSdlav-sc; RV64IZCMP-NEXT: .cfi_restore ra 42*97982a8cSdlav-sc; RV64IZCMP-NEXT: .cfi_def_cfa_offset 0 4353e89f5eSAnmol P. Paralkar; RV64IZCMP-NEXT: .LBB0_2: # %if.F 4453e89f5eSAnmol P. Paralkar; RV64IZCMP-NEXT: tail f2 4553e89f5eSAnmol P. Paralkar; RV64IZCMP-NEXT: .Lfunc_end0: 4653e89f5eSAnmol P. Paralkarentry: 4753e89f5eSAnmol P. Paralkar br i1 poison, label %if.T, label %if.F 4853e89f5eSAnmol P. Paralkar 4953e89f5eSAnmol P. Paralkarif.T: 5053e89f5eSAnmol P. Paralkar tail call void @f1() 5153e89f5eSAnmol P. Paralkar br label %if.F 5253e89f5eSAnmol P. Paralkar 5353e89f5eSAnmol P. Paralkarif.F: 5453e89f5eSAnmol P. Paralkar tail call void @f2() 5553e89f5eSAnmol P. Paralkar ret void 5653e89f5eSAnmol P. Paralkar} 57