Miscompilation when using LLVM feature LVI CFI

[jethrogb]

// bug.rs
#![no_std]

#[no_mangle]
pub extern "C" fn do_error() -> i32 {
    let buf: [u8; 0] = [];
    (&buf).get(..)
        .map(|_src| {
             0x01020304050607080910111213141516u128
        })
        .map_or(true, |x| x == 0x01020304050607080910111213141516) as _
}

#[panic_handler]
fn panic(_panic: &core::panic::PanicInfo<'_>) -> ! {
    loop {}
}

do_error should always return 1. But it doesn't if you enable the lvi-cfi feature. The miscompilation only happens with opt-level=0.

Compare:

rustc -C panic=abort --crate-type=staticlib bug.rs && gcc test.c libbug.a && ./a.out

rustc -C panic=abort --crate-type=staticlib -C target-feature=+lvi-cfi bug.rs && gcc test.c libbug.a && ./a.out

// test.c
#include <assert.h>

int main() {
	assert(do_error() == 1);
}

Here's a slightly reduced LLVM IR: bug.ll.txt

Difference in llc output when adjusting the lvi-cfi feature attribute on #0: bug.diff.txt. I can't really see any obvious culprits.

I want to file an LLVM bug as well but I don't have an account.

cc @raoulstrackx @mzohreva @scottconstable

[jethrogb]

I think the Rust calling convention may be using rcx whereas LVI-CFI assumes it's unused?

[jethrogb]

Actually you can see the issue in the assembly diff I posted, lines 45-51.

[jethrogb]

I've filed an LLVM bug now based on this reduced example:

pub extern "Rust" fn ret_u64_u128() -> (u64, u128) {
    (1, 0x20000000000000003)
}

https://bugs.llvm.org/show_bug.cgi?id=47740