Bad LLVM code generation on Aarch64 Darwin

[Keno]

LLVM generates the following code on AArch64 darwin under make debug:

        bl      _japi1_BitSet_5477
        str     x0, [x19, #224]
Lloh112385:
        adrp    x8, __MergedGlobals.2@PAGE
Lloh112386:
        add     x9, x8, __MergedGlobals.2@PAGEOFF
Lloh112387:
        adrp    x8, __MergedGlobals.5@PAGE
Lloh112388:
        add     x8, x8, __MergedGlobals.5@PAGEOFF
        stp     x8, x9, [x19, #24]
        adrp    xzr, __MergedGlobals.1@PAGE
        add     xzr, xzr, __MergedGlobals.1@PAGEOFF

The last statement here is invalid and actually encodes add sp, sp, __MergedGlobals.1@PAGEOFF, which corrupts the stack.

[Keno]

Alright, through some carefully placed assertions, it looks like this comes from the expansion of a MOVaddr psedo-instruction. Those are declared as:

def MOVaddr
    : Pseudo<(outs GPR64:$dst), (ins i64imm:$hi, i64imm:$low),
             [(set GPR64:$dst, (AArch64addlow (AArch64adrp tglobaladdr:$hi),
                                            tglobaladdr:$low))]>,
      Sched<[WriteAdrAdr]>;

However, they expand into the adrp+add seen above, so the GPR64 register class is actually invalid, because that includes xzr which is invalid on the add. The correct register class should be GRP64common. I can submit that patch, but I'm having some trouble coming up with a regression test.

[Keno]

Here's a (bugpoint-reduced) test case that fails on LLVM11, but doesn't fail on master: https://gist.github.com/Keno/a2bb9385fa9b0426df057b9b37652980. I'll bisect LLVM to see if there was an intentional fix of some sort, though I suspect it may just be sensitive to perturbation.

[Keno]

Bisect result:

1cd19fc5681bc2db49dcd2f46a916084357c6e56 is the first new commit
commit 1cd19fc5681bc2db49dcd2f46a916084357c6e56
Author: Andrew Wei <weiwei64@huawei.com>
Date:   Sat Nov 21 00:35:53 2020 +0800

    [DeadMachineInstrctionElim] Post order visit all blocks and Iteratively run DeadMachineInstructionElim pass until nothing dead
    
    Patched by: guopeilin
    Reviewed By: hliao,rampitec
    
    Differential Revision: https://reviews.llvm.org/D91513

 llvm/lib/CodeGen/DeadMachineInstructionElim.cpp | 21 +++++++--
 llvm/test/CodeGen/AArch64/elim-dead-mi.mir      | 61 +++++++++++++++++++++++++
 2 files changed, 77 insertions(+), 5 deletions(-)
 create mode 100644 llvm/test/CodeGen/AArch64/elim-dead-mi.mir

Which makes sense, since this selection could only possibly work if the instruction is dead, so a more aggressive dce would remove it. I'll put up an upstream patch in anyway and also put together an LLVM11 patch for us.

[Keno]

Patch upstream at https://reviews.llvm.org/D97435 even if the web frontend seems broken.