public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables
@ 2023-11-13 12:04 sadko4u at gmail dot com
2023-11-13 12:25 ` [Bug c++/112510] " rguenth at gcc dot gnu.org
` (17 more replies)
0 siblings, 18 replies; 19+ messages in thread
From: sadko4u at gmail dot com @ 2023-11-13 12:04 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
Bug ID: 112510
Summary: Regression: ASAN code injection breaks alignment of
stack variables
Product: gcc
Version: 13.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: sadko4u at gmail dot com
Target Milestone: ---
Created attachment 56568
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=56568&action=edit
Code snippet that can cause the problem
Hello!
I've met a problem on Github CI while introducing AVX-512 support to my DSP
code when using ASAN and was able to find out what's happening only in few
launches.
The problem run starts here:
https://github.com/lsp-plugins/lsp-plugins-beat-breather/actions/runs/6843768144/job/18606721058#step:12:49
We observe a disassembly code that crashed:
```
=> 0x7f3bdb82df53
<_ZN3lsp6avx51213gate_x1_curveEPfPKfPKNS_3dsp11gate_knee_tEm+247>: vmovaps
%zmm0,0x120(%rbx)
0x7f3bdb82df5d
<_ZN3lsp6avx51213gate_x1_curveEPfPKfPKNS_3dsp11gate_knee_tEm+257>: vmovaps
%zmm1,0x160(%rbx)
0x7f3bdb82df67
<_ZN3lsp6avx51213gate_x1_curveEPfPKfPKNS_3dsp11gate_knee_tEm+267>: vmovaps
%zmm2,0x1a0(%rbx)
0x7f3bdb82df71
<_ZN3lsp6avx51213gate_x1_curveEPfPKfPKNS_3dsp11gate_knee_tEm+277>: vmovaps
%zmm3,0x1e0(%rbx)
0x7f3bdb82df7b
<_ZN3lsp6avx51213gate_x1_curveEPfPKfPKNS_3dsp11gate_knee_tEm+287>: vmovaps
%zmm4,0x220(%rbx)
0x7f3bdb82df85
<_ZN3lsp6avx51213gate_x1_curveEPfPKfPKNS_3dsp11gate_knee_tEm+297>: vmovaps
%zmm5,0x260(%rbx)
0x7f3bdb82df8f
<_ZN3lsp6avx51213gate_x1_curveEPfPKfPKNS_3dsp11gate_knee_tEm+307>: vmovaps
%zmm6,0x2a0(%rbx)
0x7f3bdb82df99
<_ZN3lsp6avx51213gate_x1_curveEPfPKfPKNS_3dsp11gate_knee_tEm+317>: vmovaps
%zmm7,0x2e0(%rbx)
```
As we see, the offset to the %rbx register is not 64-byte aligned while the
%rbx register is:
```
rbx 0x7f3bd9d20400 139895034217472
```
If we disassemble the heading of the function, then we see:
```
(gdb) Dump of assembler code for function
_ZN3lsp6avx51213gate_x1_curveEPfPKfPKNS_3dsp11gate_knee_tEm:
0x00007f3bdb82de5c <+0>: push %rbp
0x00007f3bdb82de5d <+1>: mov %rsp,%rbp
0x00007f3bdb82de60 <+4>: push %r15
0x00007f3bdb82de62 <+6>: push %r14
0x00007f3bdb82de64 <+8>: push %r13
0x00007f3bdb82de66 <+10>: push %r12
0x00007f3bdb82de68 <+12>: push %rbx
0x00007f3bdb82de69 <+13>: and $0xffffffffffffffc0,%rsp
0x00007f3bdb82de6d <+17>: sub $0x3c0,%rsp
0x00007f3bdb82de74 <+24>: mov %rdi,%r12
0x00007f3bdb82de77 <+27>: mov %rsi,%r13
0x00007f3bdb82de7a <+30>: mov %rdx,%r14
0x00007f3bdb82de7d <+33>: mov %rcx,0x18(%rsp)
0x00007f3bdb82de82 <+38>: lea 0x20(%rsp),%rbx
0x00007f3bdb82de87 <+43>: mov %rbx,%r15
0x00007f3bdb82de8a <+46>: mov 0x15f13f(%rip),%rax #
0x7f3bdb98cfd0
0x00007f3bdb82de91 <+53>: cmpl $0x0,(%rax)
0x00007f3bdb82de94 <+56>: jne 0x7f3bdb82eba0
<_ZN3lsp6avx51213gate_x1_curveEPfPKfPKNS_3dsp11gate_knee_tEm+3396>
0x00007f3bdb82de9a <+62>: movq $0x41b58ab3,(%rbx)
0x00007f3bdb82dea1 <+69>: lea 0x95bb0(%rip),%rax #
0x7f3bdb8c3a58
0x00007f3bdb82dea8 <+76>: mov %rax,0x8(%rbx)
0x00007f3bdb82deac <+80>: lea -0x57(%rip),%rax # 0x7f3bdb82de5c
<_ZN3lsp6avx51213gate_x1_curveEPfPKfPKNS_3dsp11gate_knee_tEm>
0x00007f3bdb82deb3 <+87>: mov %rax,0x10(%rbx)
0x00007f3bdb82deb7 <+91>: mov %rbx,%rax
0x00007f3bdb82deba <+94>: shr $0x3,%rax
0x00007f3bdb82debe <+98>: movl $0xf1f1f1f1,0x7fff8000(%rax)
0x00007f3bdb82dec8 <+108>: movl $0xf2f2f2f2,0x7fff8008(%rax)
0x00007f3bdb82ded2 <+118>: movl $0xf2f2f2f2,0x7fff801c(%rax)
0x00007f3bdb82dedc <+128>: movl $0xf2f2f2f2,0x7fff8020(%rax)
0x00007f3bdb82dee6 <+138>: movl $0xf3f3f3f3,0x7fff8064(%rax)
0x00007f3bdb82def0 <+148>: movl $0xf3f3f3f3,0x7fff8068(%rax)
0x00007f3bdb82defa <+158>: movl $0xf3f3f3f3,0x7fff806c(%rax)
0x00007f3bdb82df04 <+168>: mov %fs:0x28,%rdx
0x00007f3bdb82df0d <+177>: mov %rdx,0x3b8(%rsp)
0x00007f3bdb82df15 <+185>: xor %edx,%edx
0x00007f3bdb82df17 <+187>: mov 0x18(%rsp),%rdx
0x00007f3bdb82df1c <+192>: vbroadcastss (%r14),%zmm0
0x00007f3bdb82df22 <+198>: vbroadcastss 0x4(%r14),%zmm1
0x00007f3bdb82df29 <+205>: vbroadcastss 0x8(%r14),%zmm2
0x00007f3bdb82df30 <+212>: vbroadcastss 0xc(%r14),%zmm3
0x00007f3bdb82df37 <+219>: vbroadcastss 0x10(%r14),%zmm4
0x00007f3bdb82df3e <+226>: vbroadcastss 0x14(%r14),%zmm5
0x00007f3bdb82df45 <+233>: vbroadcastss 0x18(%r14),%zmm6
0x00007f3bdb82df4c <+240>: vbroadcastss 0x1c(%r14),%zmm7
=> 0x00007f3bdb82df53 <+247>: vmovaps %zmm0,0x120(%rbx)
0x00007f3bdb82df5d <+257>: vmovaps %zmm1,0x160(%rbx)
0x00007f3bdb82df67 <+267>: vmovaps %zmm2,0x1a0(%rbx)
```
The function is aligning stack pointer properly at the beginning:
```
0x00007f3bdb82de69 <+13>: and $0xffffffffffffffc0,%rsp
```
But after some ASAN magic it now uses %rbx as a base pointer instead of %rsp
(for non-ASAN build) and generates invalid offsets which are aligned to 32-byte
boundary instead of 64-byte boundary.
This bug was hard to reproduce for me since it happens only on particular
machines and I am able to do it only on a specific runner with GitHub CI. It is
not reproducible on other than ArchLinux systems with older compiler because
the compiler generates proper
The version of compiler:
```
gcc (GCC) 13.2.1 20230801
Copyright (C) 2023 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
```
I think the reason is in this code that loads 64-byte aligned address into
%rbx:
```
0x00007f4ef6295f3e <+197>: mov 0x18(%rsp),%rdx
```
while the generated offsets for the `vmovaps` instruction expect that the
address is multiple of 0x20 but not of 0x40.
The code snippet that MAY cause the problem is in attachment. But I really was
able to reproduce the problem on specific CPUs on the GitHub CI.
For example, here is my GDB session of the test snippet on an AVX512 computer:
```
│B+> 0x5555555552dc <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+243>
vmovaps %zmm0,0x120(%rbx)
│
│ 0x5555555552e6 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+253>
vmovaps %zmm1,0x160(%rbx)
│
│ 0x5555555552f0 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+263>
vmovaps %zmm2,0x1a0(%rbx)
│
│ 0x5555555552fa <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+273>
vmovaps %zmm3,0x1e0(%rbx)
│
│ 0x555555555304 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+283>
vmovaps %zmm4,0x220(%rbx)
│
│ 0x55555555530e <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+293>
vmovaps %zmm5,0x260(%rbx)
│
│ 0x555555555318 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+303>
vmovaps %zmm6,0x2a0(%rbx)
│
│ 0x555555555322 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+313>
vmovaps %zmm7,0x2e0(%rbx)
```
While %rbx is:
```
rbx 0x7fffffffde20 140737488346656
```
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug c++/112510] Regression: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
@ 2023-11-13 12:25 ` rguenth at gcc dot gnu.org
2023-11-13 12:33 ` sadko4u at gmail dot com
` (16 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-11-13 12:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
void gate_x1_curve(float *dst, const float *src, const dsp::gate_knee_t *c,
size_t count)
{
gate_knee_t knee __lsp_aligned64;
float mem[32] __lsp_aligned64;
float stub[8] __lsp_aligned64;
size_t mask;
you seem to rely on a specific chosen stack layout. Instead you should
put appropriate _Alignas or __attribute__((aligned(N))) on the variables
above.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug c++/112510] Regression: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
2023-11-13 12:25 ` [Bug c++/112510] " rguenth at gcc dot gnu.org
@ 2023-11-13 12:33 ` sadko4u at gmail dot com
2023-11-13 12:52 ` sadko4u at gmail dot com
` (15 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: sadko4u at gmail dot com @ 2023-11-13 12:33 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
Vladimir Sadovnikov <sadko4u at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|INVALID |FIXED
--- Comment #2 from Vladimir Sadovnikov <sadko4u at gmail dot com> ---
I actually do this by specifying:
```
#define __lsp_aligned64 __attribute__ ((aligned (64)))
```
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug c++/112510] Regression: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
2023-11-13 12:25 ` [Bug c++/112510] " rguenth at gcc dot gnu.org
2023-11-13 12:33 ` sadko4u at gmail dot com
@ 2023-11-13 12:52 ` sadko4u at gmail dot com
2023-11-14 6:28 ` [Bug middle-end/112510] " pinskia at gcc dot gnu.org
` (14 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: sadko4u at gmail dot com @ 2023-11-13 12:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
Vladimir Sadovnikov <sadko4u at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |UNCONFIRMED
Resolution|FIXED |---
--- Comment #3 from Vladimir Sadovnikov <sadko4u at gmail dot com> ---
The resolution was set invalid because I explicitly specify the alignment of
variables on the stack.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug middle-end/112510] Regression: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
` (2 preceding siblings ...)
2023-11-13 12:52 ` sadko4u at gmail dot com
@ 2023-11-14 6:28 ` pinskia at gcc dot gnu.org
2023-11-14 6:32 ` pinskia at gcc dot gnu.org
` (13 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-11-14 6:28 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Looks like the first code generation change for this function is between GCC 7
and GCC 8.
>It is not reproducible on other than ArchLinux systems with older compiler because the compiler generates proper
What compiler does the older one have?
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug middle-end/112510] Regression: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
` (3 preceding siblings ...)
2023-11-14 6:28 ` [Bug middle-end/112510] " pinskia at gcc dot gnu.org
@ 2023-11-14 6:32 ` pinskia at gcc dot gnu.org
2023-11-14 7:55 ` sadko4u at gmail dot com
` (12 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-11-14 6:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
--- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Could also be caused by r8-1786-g7b97253879973d .
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug middle-end/112510] Regression: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
` (4 preceding siblings ...)
2023-11-14 6:32 ` pinskia at gcc dot gnu.org
@ 2023-11-14 7:55 ` sadko4u at gmail dot com
2023-11-14 8:02 ` sadko4u at gmail dot com
` (11 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: sadko4u at gmail dot com @ 2023-11-14 7:55 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
--- Comment #6 from Vladimir Sadovnikov <sadko4u at gmail dot com> ---
Here is disassembly of `test.cpp` function for GCC 7.5.0:
```
0000000000400727 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm>:
400727: 4c 8d 54 24 08 lea 0x8(%rsp),%r10
40072c: 48 83 e4 c0 and $0xffffffffffffffc0,%rsp
400730: 41 ff 72 f8 push -0x8(%r10)
400734: 55 push %rbp
400735: 48 89 e5 mov %rsp,%rbp
400738: 41 57 push %r15
40073a: 41 56 push %r14
40073c: 41 55 push %r13
40073e: 41 54 push %r12
400740: 41 52 push %r10
400742: 53 push %rbx
400743: 48 81 ec 80 03 00 00 sub $0x380,%rsp
40074a: 49 89 fc mov %rdi,%r12
40074d: 49 89 f5 mov %rsi,%r13
400750: 49 89 d7 mov %rdx,%r15
400753: 49 89 ce mov %rcx,%r14
400756: 48 8d 9d 50 fc ff ff lea -0x3b0(%rbp),%rbx
40075d: 83 3d 1c 19 00 00 00 cmpl $0x0,0x191c(%rip) #
402080 <__asan_option_detect_stack_use_after_return@@Base>
400764: 0f 85 32 01 00 00 jne 40089c
<_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+0x175>
40076a: 48 c7 03 b3 8a b5 41 movq $0x41b58ab3,(%rbx)
400771: 48 c7 43 08 f8 0c 40 movq $0x400cf8,0x8(%rbx)
400778: 00
400779: 48 c7 43 10 27 07 40 movq $0x400727,0x10(%rbx)
400780: 00
400781: 48 89 df mov %rbx,%rdi
400784: 48 c1 ef 03 shr $0x3,%rdi
400788: c7 87 00 80 ff 7f f1 movl $0xf1f1f1f1,0x7fff8000(%rdi)
40078f: f1 f1 f1
400792: c7 87 04 80 ff 7f f1 movl $0xf1f1f1f1,0x7fff8004(%rdi)
400799: f1 f1 f1
40079c: c7 87 0c 80 ff 7f f2 movl $0xf2f2f2f2,0x7fff800c(%rdi)
4007a3: f2 f2 f2
4007a6: c7 87 20 80 ff 7f f2 movl $0xf2f2f2f2,0x7fff8020(%rdi)
4007ad: f2 f2 f2
4007b0: c7 87 24 80 ff 7f f2 movl $0xf2f2f2f2,0x7fff8024(%rdi)
4007b7: f2 f2 f2
4007ba: c7 87 68 80 ff 7f f3 movl $0xf3f3f3f3,0x7fff8068(%rdi)
4007c1: f3 f3 f3
4007c4: c7 87 6c 80 ff 7f f3 movl $0xf3f3f3f3,0x7fff806c(%rdi)
4007cb: f3 f3 f3
4007ce: 62 d2 7d 48 18 07 vbroadcastss (%r15),%zmm0
4007d4: 62 d2 7d 48 18 4f 01 vbroadcastss 0x4(%r15),%zmm1
4007db: 62 d2 7d 48 18 57 02 vbroadcastss 0x8(%r15),%zmm2
4007e2: 62 d2 7d 48 18 5f 03 vbroadcastss 0xc(%r15),%zmm3
4007e9: 62 d2 7d 48 18 67 04 vbroadcastss 0x10(%r15),%zmm4
4007f0: 62 d2 7d 48 18 6f 05 vbroadcastss 0x14(%r15),%zmm5
4007f7: 62 d2 7d 48 18 77 06 vbroadcastss 0x18(%r15),%zmm6
4007fe: 62 d2 7d 48 18 7f 07 vbroadcastss 0x1c(%r15),%zmm7
400805: 62 f1 7c 48 29 43 05 vmovaps %zmm0,0x140(%rbx)
40080c: 62 f1 7c 48 29 4b 06 vmovaps %zmm1,0x180(%rbx)
400813: 62 f1 7c 48 29 53 07 vmovaps %zmm2,0x1c0(%rbx)
40081a: 62 f1 7c 48 29 5b 08 vmovaps %zmm3,0x200(%rbx)
400821: 62 f1 7c 48 29 63 09 vmovaps %zmm4,0x240(%rbx)
400828: 62 f1 7c 48 29 6b 0a vmovaps %zmm5,0x280(%rbx)
40082f: 62 f1 7c 48 29 73 0b vmovaps %zmm6,0x2c0(%rbx)
400836: 62 f1 7c 48 29 7b 0c vmovaps %zmm7,0x300(%rbx)
```
gcc --version
gcc (SUSE Linux) 7.5.0
Copyright (C) 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
As we see, there is no load of %rbx from stack and all offsets are multiple of
0x40.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug middle-end/112510] Regression: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
` (5 preceding siblings ...)
2023-11-14 7:55 ` sadko4u at gmail dot com
@ 2023-11-14 8:02 ` sadko4u at gmail dot com
2023-11-14 8:05 ` [Bug middle-end/112510] [11/12/13/14 Regression]: " pinskia at gcc dot gnu.org
` (10 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: sadko4u at gmail dot com @ 2023-11-14 8:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
--- Comment #7 from Vladimir Sadovnikov <sadko4u at gmail dot com> ---
Disassembly for GCC 11.4.0:
```
00000000000011e9 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm>:
11e9: f3 0f 1e fa endbr64
11ed: 55 push %rbp
11ee: 48 89 e5 mov %rsp,%rbp
11f1: 41 57 push %r15
11f3: 41 56 push %r14
11f5: 41 55 push %r13
11f7: 41 54 push %r12
11f9: 53 push %rbx
11fa: 48 83 e4 c0 and $0xffffffffffffffc0,%rsp
11fe: 48 81 ec c0 03 00 00 sub $0x3c0,%rsp
1205: 49 89 fc mov %rdi,%r12
1208: 49 89 f5 mov %rsi,%r13
120b: 49 89 d7 mov %rdx,%r15
120e: 49 89 ce mov %rcx,%r14
1211: 48 8d 5c 24 20 lea 0x20(%rsp),%rbx
1216: 48 89 5c 24 18 mov %rbx,0x18(%rsp)
121b: 83 3d ee 2d 00 00 00 cmpl $0x0,0x2dee(%rip) # 4010
<__asan_option_detect_stack_use_after_return@@Base>
1222: 0f 85 65 01 00 00 jne 138d
<_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+0x1a4>
1228: 48 c7 03 b3 8a b5 41 movq $0x41b58ab3,(%rbx)
122f: 48 8d 05 d2 0d 00 00 lea 0xdd2(%rip),%rax # 2008
<_IO_stdin_used+0x8>
1236: 48 89 43 08 mov %rax,0x8(%rbx)
123a: 48 8d 05 a8 ff ff ff lea -0x58(%rip),%rax # 11e9
<_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm>
1241: 48 89 43 10 mov %rax,0x10(%rbx)
1245: 48 89 d8 mov %rbx,%rax
1248: 48 c1 e8 03 shr $0x3,%rax
124c: c7 80 00 80 ff 7f f1 movl $0xf1f1f1f1,0x7fff8000(%rax)
1253: f1 f1 f1
1256: c7 80 08 80 ff 7f f2 movl $0xf2f2f2f2,0x7fff8008(%rax)
125d: f2 f2 f2
1260: c7 80 1c 80 ff 7f f2 movl $0xf2f2f2f2,0x7fff801c(%rax)
1267: f2 f2 f2
126a: c7 80 20 80 ff 7f f2 movl $0xf2f2f2f2,0x7fff8020(%rax)
1271: f2 f2 f2
1274: c7 80 64 80 ff 7f f3 movl $0xf3f3f3f3,0x7fff8064(%rax)
127b: f3 f3 f3
127e: c7 80 68 80 ff 7f f3 movl $0xf3f3f3f3,0x7fff8068(%rax)
1285: f3 f3 f3
1288: c7 80 6c 80 ff 7f f3 movl $0xf3f3f3f3,0x7fff806c(%rax)
128f: f3 f3 f3
1292: 64 48 8b 14 25 28 00 mov %fs:0x28,%rdx
1299: 00 00
129b: 48 89 94 24 b8 03 00 mov %rdx,0x3b8(%rsp)
12a2: 00
12a3: 31 d2 xor %edx,%edx
12a5: 62 d2 7d 48 18 07 vbroadcastss (%r15),%zmm0
12ab: 62 d2 7d 48 18 4f 01 vbroadcastss 0x4(%r15),%zmm1
12b2: 62 d2 7d 48 18 57 02 vbroadcastss 0x8(%r15),%zmm2
12b9: 62 d2 7d 48 18 5f 03 vbroadcastss 0xc(%r15),%zmm3
12c0: 62 d2 7d 48 18 67 04 vbroadcastss 0x10(%r15),%zmm4
12c7: 62 d2 7d 48 18 6f 05 vbroadcastss 0x14(%r15),%zmm5
12ce: 62 d2 7d 48 18 77 06 vbroadcastss 0x18(%r15),%zmm6
12d5: 62 d2 7d 48 18 7f 07 vbroadcastss 0x1c(%r15),%zmm7
12dc: 62 f1 7c 48 29 83 20 vmovaps %zmm0,0x120(%rbx)
12e3: 01 00 00
12e6: 62 f1 7c 48 29 8b 60 vmovaps %zmm1,0x160(%rbx)
12ed: 01 00 00
12f0: 62 f1 7c 48 29 93 a0 vmovaps %zmm2,0x1a0(%rbx)
12f7: 01 00 00
12fa: 62 f1 7c 48 29 9b e0 vmovaps %zmm3,0x1e0(%rbx)
1301: 01 00 00
1304: 62 f1 7c 48 29 a3 20 vmovaps %zmm4,0x220(%rbx)
130b: 02 00 00
130e: 62 f1 7c 48 29 ab 60 vmovaps %zmm5,0x260(%rbx)
1315: 02 00 00
1318: 62 f1 7c 48 29 b3 a0 vmovaps %zmm6,0x2a0(%rbx)
131f: 02 00 00
1322: 62 f1 7c 48 29 bb e0 vmovaps %zmm7,0x2e0(%rbx)
1329: 02 00 00
```
Here we have offsets multiple of 0x20 but not multiple of 0x40 but missing
strange load of %rbx from stack. It is reasonable because of this instruction:
```
1211: 48 8d 5c 24 20 lea 0x20(%rsp),%rbx
```
All works fine.
gcc --version
gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug middle-end/112510] [11/12/13/14 Regression]: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
` (6 preceding siblings ...)
2023-11-14 8:02 ` sadko4u at gmail dot com
@ 2023-11-14 8:05 ` pinskia at gcc dot gnu.org
2023-11-14 8:13 ` rguenth at gcc dot gnu.org
` (9 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-11-14 8:05 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |11.5
Keywords| |needs-bisection
Summary|Regression: ASAN code |[11/12/13/14 Regression]:
|injection breaks alignment |ASAN code injection breaks
|of stack variables |alignment of stack
| |variables
Known to work| |7.5.0
Known to fail| |8.1.0
--- Comment #8 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
OK, thanks that helps narrow down a little more since I mentioned the code
generation from gcc 8 until the current trunk is basically the same. It does
mean this is a regression. Maybe only folks are starting to use avx512 ...
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug middle-end/112510] [11/12/13/14 Regression]: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
` (7 preceding siblings ...)
2023-11-14 8:05 ` [Bug middle-end/112510] [11/12/13/14 Regression]: " pinskia at gcc dot gnu.org
@ 2023-11-14 8:13 ` rguenth at gcc dot gnu.org
2023-11-14 8:37 ` sadko4u at gmail dot com
` (8 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-11-14 8:13 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
--- Comment #9 from Richard Biener <rguenth at gcc dot gnu.org> ---
(In reply to Vladimir Sadovnikov from comment #2)
> I actually do this by specifying:
>
> ```
> #define __lsp_aligned64 __attribute__ ((aligned (64)))
> ```
oops, sorry for too coarsely reading...
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug middle-end/112510] [11/12/13/14 Regression]: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
` (8 preceding siblings ...)
2023-11-14 8:13 ` rguenth at gcc dot gnu.org
@ 2023-11-14 8:37 ` sadko4u at gmail dot com
2023-11-14 8:41 ` sadko4u at gmail dot com
` (7 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: sadko4u at gmail dot com @ 2023-11-14 8:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
--- Comment #10 from Vladimir Sadovnikov <sadko4u at gmail dot com> ---
Sorry, I messed up %rbx with loading %rdx from stack.
But it seems that the ASAN-reladed code somehow modifies %rbx.
And now I'm not sure that the code generated by GCC 11.4.0 will work under
certain conditions.
It looks like the problem is not in the header of the function but at the tail,
where the additional ASAN-related code is added.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug middle-end/112510] [11/12/13/14 Regression]: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
` (9 preceding siblings ...)
2023-11-14 8:37 ` sadko4u at gmail dot com
@ 2023-11-14 8:41 ` sadko4u at gmail dot com
2023-11-14 8:50 ` sadko4u at gmail dot com
` (6 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: sadko4u at gmail dot com @ 2023-11-14 8:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
--- Comment #11 from Vladimir Sadovnikov <sadko4u at gmail dot com> ---
I mean, this code may work in improper way if ASAN allocates only 0x20 bytes on
the stack:
```
138d: bf 80 03 00 00 mov $0x380,%edi
1392: e8 39 fd ff ff call 10d0 <__asan_stack_malloc_4@plt>
1397: 48 85 c0 test %rax,%rax
139a: 0f 84 88 fe ff ff je 1228
<_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+0x3f>
13a0: 48 89 c3 mov %rax,%rbx
13a3: e9 80 fe ff ff jmp 1228
<_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+0x3f>
13a8: 48 c7 03 0e 36 e0 45 movq $0x45e0360e,(%rbx)
13af: 48 be f5 f5 f5 f5 f5 movabs $0xf5f5f5f5f5f5f5f5,%rsi
```
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug middle-end/112510] [11/12/13/14 Regression]: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
` (10 preceding siblings ...)
2023-11-14 8:41 ` sadko4u at gmail dot com
@ 2023-11-14 8:50 ` sadko4u at gmail dot com
2023-11-14 9:10 ` sadko4u at gmail dot com
` (5 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: sadko4u at gmail dot com @ 2023-11-14 8:50 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
--- Comment #12 from Vladimir Sadovnikov <sadko4u at gmail dot com> ---
Oh wow, it seems that this makes the code to crash:
```
export ASAN_OPTIONS=detect_stack_use_after_return=1
./test
```
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug middle-end/112510] [11/12/13/14 Regression]: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
` (11 preceding siblings ...)
2023-11-14 8:50 ` sadko4u at gmail dot com
@ 2023-11-14 9:10 ` sadko4u at gmail dot com
2023-11-14 9:15 ` sadko4u at gmail dot com
` (4 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: sadko4u at gmail dot com @ 2023-11-14 9:10 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
--- Comment #13 from Vladimir Sadovnikov <sadko4u at gmail dot com> ---
Here is the full scenario:
~$ g++ --version
g++ (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
~$ g++ -fsanitize=address -mavx512f -Og test.cpp
~$ export ASAN_OPTIONS=detect_stack_use_after_return=0
~$ ./a.out
~$ export ASAN_OPTIONS=detect_stack_use_after_return=1
~$ ./a.out
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1507764==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x5573dbd162dc
bp 0x7fffd196ba60 sp 0x7fffd196b640 T0)
==1507764==The signal is caused by a READ memory access.
==1507764==Hint: this fault was caused by a dereference of a high value address
(see register values below). Dissassemble the provided pc to learn which
register was used.
#0 0x5573dbd162dc in gate_x1_curve(float*, float const*, dsp::gate_knee_t
const*, unsigned long) (/home/sadko/a.out+0x12dc)
#1 0x5573dbd1664e in main (/home/sadko/a.out+0x164e)
#2 0x7f50b61f0d8f in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
#3 0x7f50b61f0e3f in __libc_start_main_impl ../csu/libc-start.c:392
#4 0x5573dbd16124 in _start (/home/sadko/a.out+0x1124)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/sadko/a.out+0x12dc) in
gate_x1_curve(float*, float const*, dsp::gate_knee_t const*, unsigned long)
==1507764==ABORTING
~$ gdb a.out
GNU gdb (Ubuntu 12.1-0ubuntu1~22.04) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from a.out...
(gdb) r
Starting program: /home/sadko/a.out
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00005555555552dc in gate_x1_curve(float*, float const*, dsp::gate_knee_t
const*, unsigned long) ()
(gdb) display /10i $pc
1: x/10i $pc
=> 0x5555555552dc <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+243>: vmovaps
%zmm0,0x120(%rbx)
0x5555555552e6 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+253>: vmovaps
%zmm1,0x160(%rbx)
0x5555555552f0 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+263>: vmovaps
%zmm2,0x1a0(%rbx)
0x5555555552fa <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+273>: vmovaps
%zmm3,0x1e0(%rbx)
0x555555555304 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+283>: vmovaps
%zmm4,0x220(%rbx)
0x55555555530e <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+293>: vmovaps
%zmm5,0x260(%rbx)
0x555555555318 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+303>: vmovaps
%zmm6,0x2a0(%rbx)
0x555555555322 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+313>: vmovaps
%zmm7,0x2e0(%rbx)
0x55555555532c <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+323>: cmp
%rbx,0x18(%rsp)
0x555555555331 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+328>: jne
0x5555555553a8 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+447>
(gdb) i r rbx
rbx 0x7ffff3df9000 140737284902912
(gdb)
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug middle-end/112510] [11/12/13/14 Regression]: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
` (12 preceding siblings ...)
2023-11-14 9:10 ` sadko4u at gmail dot com
@ 2023-11-14 9:15 ` sadko4u at gmail dot com
2023-11-14 9:28 ` sadko4u at gmail dot com
` (3 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: sadko4u at gmail dot com @ 2023-11-14 9:15 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
--- Comment #14 from Vladimir Sadovnikov <sadko4u at gmail dot com> ---
Seems that with GCC 7.6 it also will be reproducible because we have the same
code there:
```
40089c: bf 80 03 00 00 mov $0x380,%edi
4008a1: e8 6a fd ff ff call 400610
<__asan_stack_malloc_4@plt>
4008a6: 48 85 c0 test %rax,%rax
4008a9: 0f 84 bb fe ff ff je 40076a
<_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+0x43>
4008af: 48 89 c3 mov %rax,%rbx
4008b2: e9 b3 fe ff ff jmp 40076a
<_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+0x43>
4008b7: 48 c7 03 0e 36 e0 45 movq $0x45e0360e,(%rbx)
```
I'm not able to run it because it is compiled on machine which does not support
AVX512.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug middle-end/112510] [11/12/13/14 Regression]: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
` (13 preceding siblings ...)
2023-11-14 9:15 ` sadko4u at gmail dot com
@ 2023-11-14 9:28 ` sadko4u at gmail dot com
2023-11-22 16:20 ` jakub at gcc dot gnu.org
` (2 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: sadko4u at gmail dot com @ 2023-11-14 9:28 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
--- Comment #15 from Vladimir Sadovnikov <sadko4u at gmail dot com> ---
Hmmm. But why not? We're just looking for the value stored in %rbx register...
Here's scenario for GCC 7.5.0:
~/tmp> gcc --version
gcc (SUSE Linux) 7.5.0
Copyright (C) 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
~/tmp> g++ -fsanitize=address -mavx512f -Og test.cpp
~/tmp> export ASAN_OPTIONS=detect_stack_use_after_return=1
~/tmp> ./a.out
Illegal instruction (core dumped)
~/tmp> gdb ./a.out
GNU gdb (GDB; SUSE Linux Enterprise 15) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-suse-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://bugs.opensuse.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./a.out...
(gdb) r
Starting program: /home/sadko/tmp/a.out
Missing separate debuginfos, use: zypper install
glibc-debuginfo-2.31-150300.63.1.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Program received signal SIGILL, Illegal instruction.
0x00000000004007ce in gate_x1_curve(float*, float const*, dsp::gate_knee_t
const*, unsigned long) ()
Missing separate debuginfos, use: zypper install
libasan4-debuginfo-7.5.0+r278197-150000.4.35.1.x86_64
libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3.x86_64
libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3.x86_64
(gdb) disp /16i $pc
2: x/16i $pc
=> 0x4007ce <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+167>: vbroadcastss
(%r15),%zmm0
0x4007d4 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+173>: vbroadcastss
0x4(%r15),%zmm1
0x4007db <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+180>: vbroadcastss
0x8(%r15),%zmm2
0x4007e2 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+187>: vbroadcastss
0xc(%r15),%zmm3
0x4007e9 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+194>: vbroadcastss
0x10(%r15),%zmm4
0x4007f0 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+201>: vbroadcastss
0x14(%r15),%zmm5
0x4007f7 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+208>: vbroadcastss
0x18(%r15),%zmm6
0x4007fe <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+215>: vbroadcastss
0x1c(%r15),%zmm7
0x400805 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+222>: vmovaps
%zmm0,0x140(%rbx)
0x40080c <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+229>: vmovaps
%zmm1,0x180(%rbx)
0x400813 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+236>: vmovaps
%zmm2,0x1c0(%rbx)
0x40081a <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+243>: vmovaps
%zmm3,0x200(%rbx)
0x400821 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+250>: vmovaps
%zmm4,0x240(%rbx)
0x400828 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+257>: vmovaps
%zmm5,0x280(%rbx)
0x40082f <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+264>: vmovaps
%zmm6,0x2c0(%rbx)
0x400836 <_Z13gate_x1_curvePfPKfPKN3dsp11gate_knee_tEm+271>: vmovaps
%zmm7,0x300(%rbx)
(gdb) i r rbx
rbx 0x7ffff3900000 140737279688704
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug middle-end/112510] [11/12/13/14 Regression]: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
` (14 preceding siblings ...)
2023-11-14 9:28 ` sadko4u at gmail dot com
@ 2023-11-22 16:20 ` jakub at gcc dot gnu.org
2023-11-22 18:31 ` sadko4u at gmail dot com
2023-12-01 17:46 ` pinskia at gcc dot gnu.org
17 siblings, 0 replies; 19+ messages in thread
From: jakub at gcc dot gnu.org @ 2023-11-22 16:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu.org
--- Comment #16 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Can't reproduce, neither with GCC 12 nor current trunk.
In the ASAN_OPTIONS=detect_stack_use_after_return=1 case, the stack frames are
allocated by __asan_stack_malloc_4, but that seems to return enough aligned
frames for me (eventhough the routine doesn't have an argument to request a
particular alignment).
Even tried
struct __attribute__((aligned (64))) S { char buf[64]; };
__attribute__((noinline, noclone, noipa)) void
bar (struct S *p, char *a)
{
if ((__UINTPTR_TYPE__)p % 64)
__builtin_abort ();
}
__attribute__((noinline, noclone, noipa)) void
foo (void)
{
struct S s;
char a;
bar (&s, &a);
}
int
main ()
{
for (int i = 0; i < 32; ++i)
foo ();
}
and the frames were sufficiently aligned in all 32 cases.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug middle-end/112510] [11/12/13/14 Regression]: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
` (15 preceding siblings ...)
2023-11-22 16:20 ` jakub at gcc dot gnu.org
@ 2023-11-22 18:31 ` sadko4u at gmail dot com
2023-12-01 17:46 ` pinskia at gcc dot gnu.org
17 siblings, 0 replies; 19+ messages in thread
From: sadko4u at gmail dot com @ 2023-11-22 18:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
--- Comment #17 from Vladimir Sadovnikov <sadko4u at gmail dot com> ---
Reproducible with 11.4.0
~$ export ASAN_OPTIONS=detect_stack_use_after_return=1
~$ g++ -fsanitize=address -Og test-case.cpp
~$ ./a.out
Aborted (core dumped)
~$ gcc --version
gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Not reproducible with 7.5.0:
sadko@tuf-gaming:~/tmp> export ASAN_OPTIONS=detect_stack_use_after_return=1
sadko@tuf-gaming:~/tmp> g++ -fsanitize=address -Og test-case.cpp
sadko@tuf-gaming:~/tmp> ./a.out
sadko@tuf-gaming:~/tmp> gcc --version
gcc (SUSE Linux) 7.5.0
Copyright (C) 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Generated code for 11.4.0:
00000000000011e9 <_Z3barP1SPc>:
11e9: f3 0f 1e fa endbr64
11ed: 40 f6 c7 3f test $0x3f,%dil
11f1: 75 01 jne 11f4 <_Z3barP1SPc+0xb>
11f3: c3 ret
11f4: 48 83 ec 08 sub $0x8,%rsp
11f8: e8 c3 fe ff ff call 10c0
<__asan_handle_no_return@plt>
11fd: e8 9e fe ff ff call 10a0 <abort@plt>
0000000000001202 <_Z3foov>:
1202: f3 0f 1e fa endbr64
1206: 55 push %rbp
1207: 48 89 e5 mov %rsp,%rbp
120a: 41 55 push %r13
120c: 41 54 push %r12
120e: 53 push %rbx
120f: 48 83 e4 c0 and $0xffffffffffffffc0,%rsp
1213: 48 81 ec 00 01 00 00 sub $0x100,%rsp
121a: 48 8d 5c 24 20 lea 0x20(%rsp),%rbx
121f: 49 89 dd mov %rbx,%r13
1222: 83 3d e7 2d 00 00 00 cmpl $0x0,0x2de7(%rip) # 4010
<__asan_option_detect_stack_use_after_return@@Base>
1229: 0f 85 bb 00 00 00 jne 12ea <_Z3foov+0xe8>
122f: 48 c7 03 b3 8a b5 41 movq $0x41b58ab3,(%rbx)
1236: 48 8d 05 c7 0d 00 00 lea 0xdc7(%rip),%rax # 2004
<_IO_stdin_used+0x4>
123d: 48 89 43 08 mov %rax,0x8(%rbx)
1241: 48 8d 05 ba ff ff ff lea -0x46(%rip),%rax # 1202
<_Z3foov>
1248: 48 89 43 10 mov %rax,0x10(%rbx)
124c: 49 89 dc mov %rbx,%r12
124f: 49 c1 ec 03 shr $0x3,%r12
1253: 41 c7 84 24 00 80 ff movl $0xf1f1f1f1,0x7fff8000(%r12)
125a: 7f f1 f1 f1 f1
125f: 41 c7 84 24 04 80 ff movl $0xf1f1f1f1,0x7fff8004(%r12)
1266: 7f f1 f1 f1 f1
126b: 41 c7 84 24 08 80 ff movl $0xf201f1f1,0x7fff8008(%r12)
1272: 7f f1 f1 01 f2
1277: 41 c7 84 24 14 80 ff movl $0xf3f3f3f3,0x7fff8014(%r12)
127e: 7f f3 f3 f3 f3
1283: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
128a: 00 00
128c: 48 89 84 24 f8 00 00 mov %rax,0xf8(%rsp)
1293: 00
1294: 31 c0 xor %eax,%eax
1296: 48 8d 73 50 lea 0x50(%rbx),%rsi
129a: 48 8d 7b 60 lea 0x60(%rbx),%rdi
129e: e8 46 ff ff ff call 11e9 <_Z3barP1SPc>
12a3: 49 39 dd cmp %rbx,%r13
12a6: 75 5d jne 1305 <_Z3foov+0x103>
12a8: 49 c7 84 24 00 80 ff movq $0x0,0x7fff8000(%r12)
12af: 7f 00 00 00 00
12b4: 41 c7 84 24 08 80 ff movl $0x0,0x7fff8008(%r12)
12bb: 7f 00 00 00 00
12c0: 41 c7 84 24 14 80 ff movl $0x0,0x7fff8014(%r12)
12c7: 7f 00 00 00 00
12cc: 48 8b 84 24 f8 00 00 mov 0xf8(%rsp),%rax
12d3: 00
12d4: 64 48 2b 04 25 28 00 sub %fs:0x28,%rax
12db: 00 00
12dd: 75 65 jne 1344 <_Z3foov+0x142>
12df: 48 8d 65 e8 lea -0x18(%rbp),%rsp
12e3: 5b pop %rbx
12e4: 41 5c pop %r12
12e6: 41 5d pop %r13
12e8: 5d pop %rbp
12e9: c3 ret
12ea: bf c0 00 00 00 mov $0xc0,%edi
12ef: e8 ec fd ff ff call 10e0 <__asan_stack_malloc_2@plt>
12f4: 48 85 c0 test %rax,%rax
12f7: 0f 84 32 ff ff ff je 122f <_Z3foov+0x2d>
12fd: 48 89 c3 mov %rax,%rbx
1300: e9 2a ff ff ff jmp 122f <_Z3foov+0x2d>
1305: 48 c7 03 0e 36 e0 45 movq $0x45e0360e,(%rbx)
130c: 48 b8 f5 f5 f5 f5 f5 movabs $0xf5f5f5f5f5f5f5f5,%rax
1313: f5 f5 f5
1316: 49 89 84 24 00 80 ff mov %rax,0x7fff8000(%r12)
131d: 7f
131e: 49 89 84 24 08 80 ff mov %rax,0x7fff8008(%r12)
1325: 7f
1326: 48 b8 f5 f5 f5 f5 f5 movabs $0xf5f5f5f5f5f5f5f5,%rax
132d: f5 f5 f5
1330: 49 89 84 24 10 80 ff mov %rax,0x7fff8010(%r12)
1337: 7f
1338: 48 8b 83 f8 00 00 00 mov 0xf8(%rbx),%rax
133f: c6 00 00 movb $0x0,(%rax)
1342: eb 88 jmp 12cc <_Z3foov+0xca>
1344: e8 67 fd ff ff call 10b0 <__stack_chk_fail@plt>
Generated code for 7.5.0:
0000000000400727 <_Z3barP1SPc>:
400727: 40 f6 c7 3f test $0x3f,%dil
40072b: 75 02 jne 40072f <_Z3barP1SPc+0x8>
40072d: f3 c3 repz ret
40072f: 48 83 ec 08 sub $0x8,%rsp
400733: e8 c8 fe ff ff call 400600
<__asan_handle_no_return@plt>
400738: e8 b3 fe ff ff call 4005f0 <abort@plt>
000000000040073d <_Z3foov>:
40073d: 4c 8d 54 24 08 lea 0x8(%rsp),%r10
400742: 48 83 e4 c0 and $0xffffffffffffffc0,%rsp
400746: 41 ff 72 f8 push -0x8(%r10)
40074a: 55 push %rbp
40074b: 48 89 e5 mov %rsp,%rbp
40074e: 41 55 push %r13
400750: 41 54 push %r12
400752: 41 52 push %r10
400754: 53 push %rbx
400755: 48 81 ec 10 01 00 00 sub $0x110,%rsp
40075c: 48 8d 9d d0 fe ff ff lea -0x130(%rbp),%rbx
400763: 49 89 dd mov %rbx,%r13
400766: 83 3d 13 19 00 00 00 cmpl $0x0,0x1913(%rip) #
402080 <__asan_option_detect_stack_use_after_return@@Base>
40076d: 0f 85 bf 00 00 00 jne 400832 <_Z3foov+0xf5>
400773: 48 c7 03 b3 8a b5 41 movq $0x41b58ab3,(%rbx)
40077a: 48 c7 43 08 54 09 40 movq $0x400954,0x8(%rbx)
400781: 00
400782: 48 c7 43 10 3d 07 40 movq $0x40073d,0x10(%rbx)
400789: 00
40078a: 49 89 dc mov %rbx,%r12
40078d: 49 c1 ec 03 shr $0x3,%r12
400791: 41 c7 84 24 00 80 ff movl $0xf1f1f1f1,0x7fff8000(%r12)
400798: 7f f1 f1 f1 f1
40079d: 41 c7 84 24 04 80 ff movl $0xf1f1f1f1,0x7fff8004(%r12)
4007a4: 7f f1 f1 f1 f1
4007a9: 41 c7 84 24 08 80 ff movl $0xf2f2f201,0x7fff8008(%r12)
4007b0: 7f 01 f2 f2 f2
4007b5: 41 c7 84 24 0c 80 ff movl $0xf2f2f2f2,0x7fff800c(%r12)
4007bc: 7f f2 f2 f2 f2
4007c1: 41 c7 84 24 18 80 ff movl $0xf3f3f3f3,0x7fff8018(%r12)
4007c8: 7f f3 f3 f3 f3
4007cd: 41 c7 84 24 1c 80 ff movl $0xf3f3f3f3,0x7fff801c(%r12)
4007d4: 7f f3 f3 f3 f3
4007d9: 48 8d 73 40 lea 0x40(%rbx),%rsi
4007dd: 48 8d bb 80 00 00 00 lea 0x80(%rbx),%rdi
4007e4: e8 3e ff ff ff call 400727 <_Z3barP1SPc>
4007e9: 49 39 dd cmp %rbx,%r13
4007ec: 75 5f jne 40084d <_Z3foov+0x110>
4007ee: 49 c7 84 24 00 80 ff movq $0x0,0x7fff8000(%r12)
4007f5: 7f 00 00 00 00
4007fa: 49 c7 84 24 08 80 ff movq $0x0,0x7fff8008(%r12)
400801: 7f 00 00 00 00
400806: 49 c7 84 24 10 80 ff movq $0x0,0x7fff8010(%r12)
40080d: 7f 00 00 00 00
400812: 49 c7 84 24 18 80 ff movq $0x0,0x7fff8018(%r12)
400819: 7f 00 00 00 00
40081e: 48 81 c4 10 01 00 00 add $0x110,%rsp
400825: 5b pop %rbx
400826: 41 5a pop %r10
400828: 41 5c pop %r12
40082a: 41 5d pop %r13
40082c: 5d pop %rbp
40082d: 49 8d 62 f8 lea -0x8(%r10),%rsp
400831: c3 ret
400832: bf 00 01 00 00 mov $0x100,%edi
400837: e8 e4 fd ff ff call 400620
<__asan_stack_malloc_2@plt>
40083c: 48 85 c0 test %rax,%rax
40083f: 0f 84 2e ff ff ff je 400773 <_Z3foov+0x36>
400845: 48 89 c3 mov %rax,%rbx
400848: e9 26 ff ff ff jmp 400773 <_Z3foov+0x36>
40084d: 48 c7 03 0e 36 e0 45 movq $0x45e0360e,(%rbx)
400854: 48 b8 f5 f5 f5 f5 f5 movabs $0xf5f5f5f5f5f5f5f5,%rax
40085b: f5 f5 f5
40085e: 49 89 84 24 00 80 ff mov %rax,0x7fff8000(%r12)
400865: 7f
400866: 49 89 84 24 08 80 ff mov %rax,0x7fff8008(%r12)
40086d: 7f
40086e: 49 89 84 24 10 80 ff mov %rax,0x7fff8010(%r12)
400875: 7f
400876: 49 89 84 24 18 80 ff mov %rax,0x7fff8018(%r12)
40087d: 7f
40087e: eb 9e jmp 40081e <_Z3foov+0xe1>
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug middle-end/112510] [11/12/13/14 Regression]: ASAN code injection breaks alignment of stack variables
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
` (16 preceding siblings ...)
2023-11-22 18:31 ` sadko4u at gmail dot com
@ 2023-12-01 17:46 ` pinskia at gcc dot gnu.org
17 siblings, 0 replies; 19+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-12-01 17:46 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112510
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #18 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Dup.
*** This bug has been marked as a duplicate of bug 110027 ***
^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2023-12-01 17:46 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-11-13 12:04 [Bug c++/112510] New: Regression: ASAN code injection breaks alignment of stack variables sadko4u at gmail dot com
2023-11-13 12:25 ` [Bug c++/112510] " rguenth at gcc dot gnu.org
2023-11-13 12:33 ` sadko4u at gmail dot com
2023-11-13 12:52 ` sadko4u at gmail dot com
2023-11-14 6:28 ` [Bug middle-end/112510] " pinskia at gcc dot gnu.org
2023-11-14 6:32 ` pinskia at gcc dot gnu.org
2023-11-14 7:55 ` sadko4u at gmail dot com
2023-11-14 8:02 ` sadko4u at gmail dot com
2023-11-14 8:05 ` [Bug middle-end/112510] [11/12/13/14 Regression]: " pinskia at gcc dot gnu.org
2023-11-14 8:13 ` rguenth at gcc dot gnu.org
2023-11-14 8:37 ` sadko4u at gmail dot com
2023-11-14 8:41 ` sadko4u at gmail dot com
2023-11-14 8:50 ` sadko4u at gmail dot com
2023-11-14 9:10 ` sadko4u at gmail dot com
2023-11-14 9:15 ` sadko4u at gmail dot com
2023-11-14 9:28 ` sadko4u at gmail dot com
2023-11-22 16:20 ` jakub at gcc dot gnu.org
2023-11-22 18:31 ` sadko4u at gmail dot com
2023-12-01 17:46 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).