Using the LLVM 2.1 release, the following test case segfaults when run; a.ll: define i32 @test(i32 %X, ...) { %ap = alloca i8*, i32 1024 %ap2 = bitcast i8** %ap to i8* call void @llvm.va_start(i8* %ap2) %tmp = va_arg i8** %ap, i32 call void @llvm.va_end(i8* %ap2) ret i32 %tmp } declare void @llvm.va_start(i8*) declare void @llvm.va_end(i8*) define i32 @main(i32, i8**, i8**) { %ret = call i32(i32, ...)* @test(i32 0, i32 0) ret i32 %ret } result: $ llvm-as -f a.ll && llc -f a.bc && gcc a.s && ./a.out Segmentation fault $
Verified on darwin/x86-64
There is currently no implementation of the x86-64 va_arg operation. va_arg on x86-64 was going through the default legalize Expand logic, generating code that was incorrect for x86-64. This has temporarily been changed to a compiler abort, to avoid silently generating invalid code. llvm-gcc isn't affected because it doesn't currently use LLVM's va_arg instruction on x86-64; it does the lowering before translating to LLVM.
*** Bug 2825 has been marked as a duplicate of this bug. ***
There is a similar problem when using i8 or i16 on x86-32: these are passed in 4 byte wide stack slots (for the usual calling convention at least), but the generic expansion code increments the pointer by 1 (resp. 2) rather than 4.
*** Bug 3569 has been marked as a duplicate of this bug. ***
Works for me in llvm 3.3 (trunk 170352).