riscv: sfence.vma inline assembly is miscompiled

[X547]

Clang: https://godbolt.org/z/afaMvnMrr
GCC: https://godbolt.org/z/nYEK9ozjP

Note that Clang use hardwired zero X0 register for both global and ASID 0 sfence.vma instruction, but GCC avoid using X0 when using ASID.

From RISC-V privileged spec:

If rs1=x0 and rs2=x0, the fence orders all reads and writes made to any level of the page
tables, for all address spaces. The fence also invalidates all address-translation cache entries,
for all address spaces.

If rs1=x0 and rs2̸=x0, the fence orders all reads and writes made to any level of the page
tables, but only for the address space identified by integer register rs2. Accesses to global
mappings (see Section 4.3.1) are not ordered. The fence also invalidates all address-translation
cache entries matching the address space identified by integer register rs2, except for entries
containing global mappings.

If the implementation does not provide ASIDs, or software chooses to always use ASID 0,
then after every satp write, software should execute SFENCE.VMA with rs1=x0. In the
common case that no global translations have been modified, rs2 should be set to a register
other than x0 but which contains the value zero, so that global translations are not flushed.

[llvmbot]

@llvm/issue-subscribers-backend-risc-v

[topperc]

The inline assembly instruction isn't parsed by the compiler. So I think this must mean that gcc will never use x0 to pass 0 to an 'r' constraint?

[X547]

So I think this must mean that gcc will never use x0 to pass 0 to an 'r' constraint?

Yes it seems: https://godbolt.org/z/va6MoM7nb

It is not safe to automatically use X0 for zero constant in inline assembly because X0 is sometimes used to encode different instruction, for example sfence.vma to invalidate ASID, not global pages.

[topperc]

Candidate patch https://reviews.llvm.org/D154744