<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - SIGILL in U-Boot due to "-fsanitize=bounds -O2""
href="https://bugs.llvm.org/show_bug.cgi?id=39219">39219</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>SIGILL in U-Boot due to "-fsanitize=bounds -O2"
</td>
</tr>
<tr>
<th>Product</th>
<td>clang
</td>
</tr>
<tr>
<th>Version</th>
<td>6.0
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>-New Bugs
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedclangbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>roscaeugeniu@gmail.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>In the context of enabling UBSan in U-Boot [1], when passing "-fsanitize=bounds
-O2" to clang, it builds the executable successfully, but when U-Boot is run,
it is killed by SIGILL at startup.
The issue disappears with:
- "clang -fsanitize=bounds -O0"
- "clang -fsanitize=undefined" (any optimization level)
I can't reproduce this problem with GCC [3]. Below is the minimal sample code
leading to this issue (could probably be reduced further, but I tried to also
keep the concept behind):
$ cat z.c
#include <stdio.h>
#define my_section_start(_type) \
({ \
static char start[0] __attribute__((unused,section(".my_section")));
\
(_type *)&start;
\
})
int v1 __attribute__((unused,section(".my_section.1"))) = 1;
int v2 __attribute__((unused,section(".my_section.2"))) = 2;
int main(void)
{
int *ptr = my_section_start(int);
printf("%p %p %p %d\n", &v1, &v2, ptr, *ptr);
}
$ cat z.lds
SECTIONS
{
. = ALIGN(4);
.my_section : {
KEEP(*(SORT(.my_section*)));
}
}
INSERT BEFORE .data;
$ clang -fsanitize=bounds -O2 -c z.c -o z.o && clang -Wl,-T z.lds z.o -lubsan
-o z.out && ./z.out
illegal hardware instruction (core dumped)
$ gcc -fsanitize=bounds -O2 -c z.c -o z.o && gcc -Wl,-T z.lds z.o -lubsan -o
z.out && ./z.out
0x601028 0x60102c 0x601028 1
$ clang -fsanitize=undefined -O2 -c z.c -o z.o && clang -Wl,-T z.lds z.o
-lubsan -o z.out && ./z.out
z.c:15:41: runtime error: load of address 0x000000601030 with insufficient
space for an object of type 'int'
0x000000601030: note: pointer points here
51 7f 00 00 01 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00
^
0x601030 0x601034 0x601030 1
######### References
[1] <a href="https://patchwork.ozlabs.org/cover/962307/">https://patchwork.ozlabs.org/cover/962307/</a>
[2] clang versions tried (any generates the issue)
- 4.0.0-1ubuntu1~16.04.2 (tags/RELEASE_400/rc1)
- 5.0.0-3~16.04.1 (tags/RELEASE_500/final)
- 6.0.1-svn334776-1~exp1~20180919141756.113 (branches/release_60)
[3] GCC versions tried (none generates the issue):
- gcc (Ubuntu 4.9.4-2ubuntu1~16.04) 4.9.4
- gcc (Ubuntu 5.5.0-12ubuntu1~16.04) 5.5.0 20171010
- gcc (Ubuntu 6.4.0-17ubuntu1~16.04) 6.4.0 20180424
- gcc (Ubuntu 7.3.0-21ubuntu1~16.04) 7.3.0
- gcc (Ubuntu 8.1.0-5ubuntu1~16.04) 8.1.0</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>