[ARM] Fix llvm.returnaddress for Thumb1 with R11 frame-pointer

When the llvm.returnaddress intrinsic is used, the LR is marked as
live-in to the function, so it must be preserved through the prologue.
This is normally fine, but there is one case for Thumb1 where we use LR
as a temporary in the prologue to set up a frame chain using r11 as the
frame pointer. There are no other registers guaranteed to be free to do
this, so we have to re-load LR from the stack after pushing the callee
saved registers.

Author: ostannard

llvm/lib/Target/ARM/ARMAsmPrinter.cpp

@@ -1309,6 +1309,10 @@ void ARMAsmPrinter::EmitUnwindingInstruction(const MachineInstr *MI) {
       default:
         MI->print(errs());
         llvm_unreachable("Unsupported opcode for unwinding information");
+      case ARM::tLDRspi:
+        // Used to restore LR in a prologue which uses it as a temporary, has
+        // no effect on unwind tables.
+        return;
       case ARM::MOVr:
       case ARM::tMOVr:
         Offset = 0;

llvm/lib/Target/ARM/Thumb1FrameLowering.cpp

@@ -43,6 +43,8 @@
 #include <iterator>
 #include <vector>
 
+#define DEBUG_TYPE "arm-frame-lowering"
+
 using namespace llvm;
 
 Thumb1FrameLowering::Thumb1FrameLowering(const ARMSubtarget &sti)
@@ -277,6 +279,20 @@ void Thumb1FrameLowering::emitPrologue(MachineFunction &MF,
     }
   }
 
+  // Skip past this code sequence, which is emitted to restore the LR if it is
+  // live-in and clobbered by the frame record setup code:
+  //   ldr rX, [sp, #Y]
+  //   mov lr, rX
+  if (MBBI != MBB.end() && MBBI->getOpcode() == ARM::tLDRspi &&
+      MBBI->getFlag(MachineInstr::FrameSetup)) {
+    ++MBBI;
+    if (MBBI != MBB.end() && MBBI->getOpcode() == ARM::tMOVr &&
+        MBBI->getOperand(0).getReg() == ARM::LR &&
+        MBBI->getFlag(MachineInstr::FrameSetup)) {
+      ++MBBI;
+    }
+  }
+
   // Determine starting offsets of spill areas.
   unsigned DPRCSOffset = NumBytes - ArgRegsSaveSize -
                          (FRSize + GPRCS1Size + GPRCS2Size + DPRCSSize);
@@ -857,7 +873,8 @@ static void pushRegsToStack(MachineBasicBlock &MBB,
                             MachineBasicBlock::iterator MI,
                             const TargetInstrInfo &TII,
                             const std::set<Register> &RegsToSave,
-                            const std::set<Register> &CopyRegs) {
+                            const std::set<Register> &CopyRegs,
+                            bool &UsedLRAsTemp) {
   MachineFunction &MF = *MBB.getParent();
   const MachineRegisterInfo &MRI = MF.getRegInfo();
   DebugLoc DL;
@@ -914,6 +931,8 @@ static void pushRegsToStack(MachineBasicBlock &MBB,
         bool isKill = !MRI.isLiveIn(*HiRegToSave);
         if (isKill && !MRI.isReserved(*HiRegToSave))
           MBB.addLiveIn(*HiRegToSave);
+        if (*CopyRegIt == ARM::LR)
+          UsedLRAsTemp = true;
 
         // Emit a MOV from the high reg to the low reg.
         BuildMI(MBB, MI, DL, TII.get(ARM::tMOVr))
@@ -1093,6 +1112,8 @@ bool Thumb1FrameLowering::spillCalleeSavedRegisters(
   // In case FP is a high reg, we need a separate push sequence to generate
   // a correct Frame Record
   bool NeedsFrameRecordPush = hasFP(MF) && ARM::hGPRRegClass.contains(FPReg);
+  bool LRLiveIn = MF.getRegInfo().isLiveIn(ARM::LR);
+  bool UsedLRAsTemp = false;
 
   std::set<Register> FrameRecord;
   std::set<Register> SpilledGPRs;
@@ -1104,7 +1125,7 @@ bool Thumb1FrameLowering::spillCalleeSavedRegisters(
       SpilledGPRs.insert(Reg);
   }
 
-  pushRegsToStack(MBB, MI, TII, FrameRecord, {ARM::LR});
+  pushRegsToStack(MBB, MI, TII, FrameRecord, {ARM::LR}, UsedLRAsTemp);
 
   // Determine intermediate registers which can be used for pushing high regs:
   // - Spilled low regs
@@ -1118,7 +1139,34 @@ bool Thumb1FrameLowering::spillCalleeSavedRegisters(
     if (!MF.getRegInfo().isLiveIn(ArgReg))
       CopyRegs.insert(ArgReg);
 
-  pushRegsToStack(MBB, MI, TII, SpilledGPRs, CopyRegs);
+  pushRegsToStack(MBB, MI, TII, SpilledGPRs, CopyRegs, UsedLRAsTemp);
+
+  // If the push sequence used LR as a temporary, and LR is live-in (for
+  // example because it is used by the llvm.returnaddress intrinsic), then we
+  // need to reload it from the stack. Thumb1 does not have a load instruction
+  // which can use LR, so we need to load into a temporary low register and
+  // copy to LR.
+  if (LRLiveIn && UsedLRAsTemp) {
+    auto CopyRegIt = getNextOrderedReg(OrderedCopyRegs.rbegin(),
+                                       OrderedCopyRegs.rend(),
+                                       CopyRegs);
+    assert(CopyRegIt != OrderedCopyRegs.rend());
+    unsigned NumRegsPushed = FrameRecord.size() + SpilledGPRs.size();
+    LLVM_DEBUG(
+        dbgs() << "LR is live-in but clobbered in prologue, restoring via "
+               << RegInfo->getName(*CopyRegIt) << "\n");
+
+    BuildMI(MBB, MI, DebugLoc(), TII.get(ARM::tLDRspi), *CopyRegIt)
+        .addReg(ARM::SP)
+        .addImm(NumRegsPushed - 1)
+        .add(predOps(ARMCC::AL))
+        .setMIFlags(MachineInstr::FrameSetup);
+
+    BuildMI(MBB, MI, DebugLoc(), TII.get(ARM::tMOVr), ARM::LR)
+        .addReg(*CopyRegIt)
+        .add(predOps(ARMCC::AL))
+        .setMIFlags(MachineInstr::FrameSetup);
+  }
 
   return true;
 }

llvm/test/CodeGen/Thumb/returnaddress.ll

@@ -1,7 +1,7 @@
 ; NOTE: Assertions have been autogenerated by utils/update_llc_test_checks.py UTC_ARGS: --version 5
-; RUN: llc < %s -mtriple=thumbv6m-none-eabi -frame-pointer=none                          | FileCheck %s --check-prefix=FP-NONE
-; RUN: llc < %s -mtriple=thumbv6m-none-eabi -frame-pointer=all                           | FileCheck %s --check-prefix=FP-ALL
-; RUN: llc < %s -mtriple=thumbv6m-none-eabi -frame-pointer=all -mattr=+aapcs-frame-chain | FileCheck %s --check-prefix=FP-AAPCS
+; RUN: llc < %s -mtriple=thumbv6m-none-eabi -frame-pointer=none                          -verify-machineinstrs | FileCheck %s --check-prefix=FP-NONE
+; RUN: llc < %s -mtriple=thumbv6m-none-eabi -frame-pointer=all                           -verify-machineinstrs | FileCheck %s --check-prefix=FP-ALL
+; RUN: llc < %s -mtriple=thumbv6m-none-eabi -frame-pointer=all -mattr=+aapcs-frame-chain -verify-machineinstrs | FileCheck %s --check-prefix=FP-AAPCS
 
 define void @ra_call() {
 ; FP-NONE-LABEL: ra_call:
@@ -31,6 +31,8 @@ define void @ra_call() {
 ; FP-AAPCS-NEXT:    push {lr}
 ; FP-AAPCS-NEXT:    .setfp r11, sp
 ; FP-AAPCS-NEXT:    mov r11, sp
+; FP-AAPCS-NEXT:    ldr r3, [sp, #4]
+; FP-AAPCS-NEXT:    mov lr, r3
 ; FP-AAPCS-NEXT:    mov r0, lr
 ; FP-AAPCS-NEXT:    bl sink_ptr
 ; FP-AAPCS-NEXT:    pop {r0}
@@ -66,6 +68,8 @@ define ptr @ra_return() {
 ; FP-AAPCS-NEXT:    push {lr}
 ; FP-AAPCS-NEXT:    .setfp r11, sp
 ; FP-AAPCS-NEXT:    mov r11, sp
+; FP-AAPCS-NEXT:    ldr r3, [sp, #4]
+; FP-AAPCS-NEXT:    mov lr, r3
 ; FP-AAPCS-NEXT:    mov r0, lr
 ; FP-AAPCS-NEXT:    pop {r1}
 ; FP-AAPCS-NEXT:    mov r11, r1
@@ -107,6 +111,8 @@ define ptr @callee_saved_low() {
 ; FP-AAPCS-NEXT:    mov r11, sp
 ; FP-AAPCS-NEXT:    .save {r4, r5}
 ; FP-AAPCS-NEXT:    push {r4, r5}
+; FP-AAPCS-NEXT:    ldr r5, [sp, #12]
+; FP-AAPCS-NEXT:    mov lr, r5
 ; FP-AAPCS-NEXT:    mov r0, lr
 ; FP-AAPCS-NEXT:    @APP
 ; FP-AAPCS-NEXT:    @NO_APP
@@ -166,6 +172,8 @@ define ptr @callee_saved_high() {
 ; FP-AAPCS-NEXT:    mov r2, r8
 ; FP-AAPCS-NEXT:    .save {r8, r9}
 ; FP-AAPCS-NEXT:    push {r2, r3}
+; FP-AAPCS-NEXT:    ldr r3, [sp, #12]
+; FP-AAPCS-NEXT:    mov lr, r3
 ; FP-AAPCS-NEXT:    mov r0, lr
 ; FP-AAPCS-NEXT:    @APP
 ; FP-AAPCS-NEXT:    @NO_APP
@@ -236,6 +244,8 @@ define ptr @large_alloca() {
 ; FP-AAPCS-NEXT:    mov r11, sp
 ; FP-AAPCS-NEXT:    .save {r4, r7}
 ; FP-AAPCS-NEXT:    push {r4, r7}
+; FP-AAPCS-NEXT:    ldr r7, [sp, #12]
+; FP-AAPCS-NEXT:    mov lr, r7
 ; FP-AAPCS-NEXT:    ldr r7, .LCPI4_0
 ; FP-AAPCS-NEXT:    .pad #2000
 ; FP-AAPCS-NEXT:    add sp, r7
@@ -315,6 +325,8 @@ define ptr @var_alloca(i32 %size) {
 ; FP-AAPCS-NEXT:    mov r11, sp
 ; FP-AAPCS-NEXT:    .save {r4, r6}
 ; FP-AAPCS-NEXT:    push {r4, r6}
+; FP-AAPCS-NEXT:    ldr r6, [sp, #12]
+; FP-AAPCS-NEXT:    mov lr, r6
 ; FP-AAPCS-NEXT:    mov r6, sp
 ; FP-AAPCS-NEXT:    mov r4, lr
 ; FP-AAPCS-NEXT:    adds r0, r0, #7
@@ -375,6 +387,8 @@ define i32 @all_arg_regs(i32 %a, i32 %b, i32 %c, i32 %d) {
 ; FP-AAPCS-NEXT:    mov r11, sp
 ; FP-AAPCS-NEXT:    .save {r4, r7}
 ; FP-AAPCS-NEXT:    push {r4, r7}
+; FP-AAPCS-NEXT:    ldr r7, [sp, #12]
+; FP-AAPCS-NEXT:    mov lr, r7
 ; FP-AAPCS-NEXT:    mov r4, lr
 ; FP-AAPCS-NEXT:    adds r0, r0, r1
 ; FP-AAPCS-NEXT:    adds r0, r0, r2