public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/105817] New: outline kernel-address sanitizer doesn't save callee-saved register properly on AArch64
@ 2022-06-02 8:32 tonnyl at nvidia dot com
2022-06-08 16:04 ` [Bug sanitizer/105817] outline kernel-address sanitizer doesn't save caller-saved registers " rearnsha at gcc dot gnu.org
2022-06-13 2:31 ` tonnyl at nvidia dot com
0 siblings, 2 replies; 3+ messages in thread
From: tonnyl at nvidia dot com @ 2022-06-02 8:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105817
Bug ID: 105817
Summary: outline kernel-address sanitizer doesn't save
callee-saved register properly on AArch64
Product: gcc
Version: 11.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: tonnyl at nvidia dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
We are using Arm GNU Toolchain Version 11.2-2022.02 (distributed by ARM).
The source code snippet is below:
#include <stdint.h>
int foo(unsigned int *result)
{
register uint64_t r0 asm("x0");
register uint64_t r1 asm("x1");
asm("hvc %2"
: "=r"(r0), "=r"(r1)
: "i"(0)
: "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11",
"x12", "x13", "x14", "x15", "x16", "x17");
*result = r1;
return (int)r0;
}
And the compiling command is:
aarch64-none-linux-gnu-gcc -c -O1 -fno-omit-frame-pointer
-fsanitize=kernel-address snippet.c
Then disassemble the code:
aarch64-linux-objdump -d snippet.o
snippet.o: file format elf64-littleaarch64
Disassembly of section .text:
0000000000000000 <foo>:
0: a9be7bfd stp x29, x30, [sp, #-32]!
4: 910003fd mov x29, sp
8: a90153f3 stp x19, x20, [sp, #16]
c: aa0003f3 mov x19, x0
10: d4000002 hvc #0x0
14: aa0103f4 mov x20, x1
18: aa1303e0 mov x0, x19
1c: 94000000 bl 0 <__asan_store4_noabort>
20: b9000274 str w20, [x19]
24: 2a1303e0 mov w0, w19
28: a94153f3 ldp x19, x20, [sp, #16]
2c: a8c27bfd ldp x29, x30, [sp], #32
30: d65f03c0 ret
The problem is:
* the inline asm outputs on x0 and x1
* this function returns the value in x0
* before invocation of __asan_store4_noabort, the instrumented instructions
*only save x1 and overwrite x0*
* this causes semantic difference between before/after instrumentation
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug sanitizer/105817] outline kernel-address sanitizer doesn't save caller-saved registers properly on AArch64
2022-06-02 8:32 [Bug sanitizer/105817] New: outline kernel-address sanitizer doesn't save callee-saved register properly on AArch64 tonnyl at nvidia dot com
@ 2022-06-08 16:04 ` rearnsha at gcc dot gnu.org
2022-06-13 2:31 ` tonnyl at nvidia dot com
1 sibling, 0 replies; 3+ messages in thread
From: rearnsha at gcc dot gnu.org @ 2022-06-08 16:04 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105817
--- Comment #1 from Richard Earnshaw <rearnsha at gcc dot gnu.org> ---
The GCC manual says
<quote>
register int *p1 asm ("r0") = …;
register int *p2 asm ("r1") = …;
register int *result asm ("r0");
asm ("sysint" : "=r" (result) : "0" (p1), "r" (p2));
Warning: In the above example, be aware that a register (for example r0) can be
call-clobbered by subsequent code, including function calls and library calls
for arithmetic operators on other variables (for example the initialization of
p2). In this case, use temporary variables for expressions between the register
assignments:
int t1 = …;
register int *p1 asm ("r0") = …;
register int *p2 asm ("r1") = t1;
register int *result asm ("r0");
asm ("sysint" : "=r" (result) : "0" (p1), "r" (p2));
</quote>
So I think by that statement this testcase is invalid. You need to write
something like:
extern __thread uint64_t p;
int foo(unsigned int *result)
{
register uint64_t r0 asm("x0");
register uint64_t r1 asm("x1");
uint64_t real_r0;
uint64_t real_r1;
asm("hvc %2"
: "=r"(r0), "=r"(r1)
: "i"(0)
: "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11",
"x12", "x13", "x14", "x15", "x16", "x17");
real_r0 = r0;
real_r1 = r1;
*result = real_r1;
return (int)real_r0;
}
It's unfortunate that this type of testcase just fails silently with no
diagnostic from the compiler.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug sanitizer/105817] outline kernel-address sanitizer doesn't save caller-saved registers properly on AArch64
2022-06-02 8:32 [Bug sanitizer/105817] New: outline kernel-address sanitizer doesn't save callee-saved register properly on AArch64 tonnyl at nvidia dot com
2022-06-08 16:04 ` [Bug sanitizer/105817] outline kernel-address sanitizer doesn't save caller-saved registers " rearnsha at gcc dot gnu.org
@ 2022-06-13 2:31 ` tonnyl at nvidia dot com
1 sibling, 0 replies; 3+ messages in thread
From: tonnyl at nvidia dot com @ 2022-06-13 2:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105817
tonnyl at nvidia dot com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |INVALID
--- Comment #2 from tonnyl at nvidia dot com ---
Hi Richard,
Thanks a lot for your comment. I marked this bug as resolved.
Have a nice day.
Tonny
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-06-13 2:31 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-02 8:32 [Bug sanitizer/105817] New: outline kernel-address sanitizer doesn't save callee-saved register properly on AArch64 tonnyl at nvidia dot com
2022-06-08 16:04 ` [Bug sanitizer/105817] outline kernel-address sanitizer doesn't save caller-saved registers " rearnsha at gcc dot gnu.org
2022-06-13 2:31 ` tonnyl at nvidia dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).