<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - r374662 introduces sanitzer errors with stricter bcmp requirements"
href="https://bugs.llvm.org/show_bug.cgi?id=43870">43870</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>r374662 introduces sanitzer errors with stricter bcmp requirements
</td>
</tr>
<tr>
<th>Product</th>
<td>libraries
</td>
</tr>
<tr>
<th>Version</th>
<td>trunk
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>Loop Optimizer
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>rupprecht@google.com
</td>
</tr>
<tr>
<th>CC</th>
<td>clement.courbet@gmail.com, lebedev.ri@gmail.com, llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>I ran into a curious sanitizer error when integrating r374662. I'm curious
whether it's considered a bug or not. It is reduced to:
$ cat repro.c
#include <stdio.h>
#include <strings.h>
// Gets reduced to an actual bcmp call after r374662
int simple_bcmp(const char *s1, const char *s2, size_t n) {
// Note: if any character matches, don't go past it.
for (size_t i = 0; i < n; ++i) if (*s1++ != *s2++) return 1;
return 0;
}
int main() {
char msg[] = "hello world";
for (int i = 0; i < sizeof(msg); ++i)
printf("bcmp at %d (%s) is %d\n", i, msg + i,
simple_bcmp(msg + i, "world", 5));
return 0;
}
$ stable-clang -O1 -fsanitize=address repro.c && ./a.out
bcmp at 0 (hello world) is 1
bcmp at 1 (ello world) is 1
bcmp at 2 (llo world) is 1
bcmp at 3 (lo world) is 1
bcmp at 4 (o world) is 1
bcmp at 5 ( world) is 1
bcmp at 6 (world) is 0
bcmp at 7 (orld) is 1
bcmp at 8 (rld) is 1
bcmp at 9 (ld) is 1
bcmp at 10 (d) is 1
bcmp at 11 () is 1
$ next-clang -O1 -fsanitize=address repro.c && ./a.out
bcmp at 0 (hello world) is 1
bcmp at 1 (ello world) is 1
bcmp at 2 (llo world) is 1
bcmp at 3 (lo world) is 1
bcmp at 4 (o world) is 1
bcmp at 5 ( world) is 1
bcmp at 6 (world) is 0
bcmp at 7 (orld) is 1
=================================================================
==77134==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffdbfae9d8c at pc 0x00000044f979 bp 0x7ffdbfae9d20 sp 0x7ffdbfae94c8
READ of size 5 at 0x7ffdbfae9d8c thread T0
#0 0x44f978 in MemcmpInterceptorCommon(void*, int (*)(void const*, void
const*, unsigned long), void const*, void const*, unsigned long)
llvm/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:839:7
#1 0x44ff0a in bcmp
llvm/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:885:10
#2 0x4ca97a in simple_bcmp (/tmp/repro+0x4ca97a)
#3 0x4caa45 in main (/tmp/repro+0x4caa45)
#4 0x7f66dec2d52a in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2352a)
#5 0x41bac9 in _start (/tmp/repro+0x41bac9)
The loop idiom is correctly recognized as being bcmp; however, for efficiency
an actual bcmp implementation may choose to compare many bytes at a time,
including bytes past the buffer; hence the asan error. (Replacing `simple_bcmp`
with a call to `bcmp` also shows this).</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>