ndk icon indicating copy to clipboard operation
ndk copied to clipboard

Published 20 hours ago verified publisher icon android

[BUG] hwasan miscompilation

Open fmayer opened this issue 1 year ago • 4 comments
trafficstars

Description

Given this program

float frexpf(float, int*);

int main() {
  int e;
  float m = frexpf(1, &e);
  __asm volatile("": :"w"(m));
  return 0;
}

Built like this

clang -c \
  -target aarch64-linux-android10000 \
  -O2 -flto=thin -fsanitize=hwaddress \
  -o test.o \
  test.c
ld.lld -r test.o -o partial.o

NDK 27 generates code that crashes with a HWASan tag-mismatch. This is a regression compared to NDK 26c.

This is being fixed in upstream LLVM in https://github.com/llvm/llvm-project/pull/106624

Affected versions

r27

Canary version

No response

Host OS

Linux

Host OS version

Debian

Affected ABIs

arm64-v8a

Build system

Other (specify below)

Other build system

No response

minSdkVersion

n/a

Device API level

No response

fmayer avatar Aug 29 '24 21:08 fmayer

The only difference i see between clang-17 and clang-18 is the llvm.lifetime.start.p0 and llvm.lifetime.end.p0 markers

https://godbolt.org/z/qGhT5ne7P

That does affect the schedule of instruction in the final assembly. https://godbolt.org/z/vo7Mj8Kz9

Left side is clang-trunk and right side clang-17 image

appujee avatar Aug 30 '24 17:08 appujee

The bug is already found. It's about AttrInfer adding assumptions about libc functions that are incorrect for HWAsan

fmayer avatar Aug 30 '24 17:08 fmayer

There is discussion in internal bug b/362408260. This issue tracks backporting the fix to r27.

pirama-arumuga-nainar avatar Aug 30 '24 18:08 pirama-arumuga-nainar

Cherry-picked onto LLVM r522817 (NDK 27 uses that) and r530567 (and main branch)

fmayer avatar Sep 05 '24 18:09 fmayer