<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=http://email.email.llvm.org/c/eJylVl2PmzgU_TXJizUoQCDkIQ_TTlONVO2O2uxzZGwD3jqYtU3S9NfvuYak091W2lUllAD-Oveec-6ltvK6WxRv9uPXr8q9GB4a605JtyieFlnVhTD4Rf64yPa4Wh26sU6EPeHBmPPt72Fw9k8lAh5rY2v8qbwoV9lmlZaizMuizmW1zdZNsRZ5rjK8k9s8XW8zTMVugzbKPThabzQtbyIY3PwLVbZlUjW6V54tytXj4fDx-c0fh3fHw-PH9-8Ox5ffX97-dsAI455x5jvrQsd7ybCcFhyPPASn6zGo4xHx4QrctSrE-2ywg-hxD1zb-SpXCTt0GrsNg9E4lvfMnpVzWioWLAudYi2C5obVozaS2SFo2_tF9pYZFYLu2zjnFiYbvYovcOKnT-_Wi3xPQS2yze3wDdO9D24UtE8E3nAfsFJ9UWKML23DhHKB657VOmBvqRL2HBhgitE51QdzZbbHT60IAM6U2JXdeT44LtTL20QMw68RnYvNtlyJmqdbJbdZWVeqKuu1KPFcpWLVbCRfy7T4b0S_hoWkINI0Z83Yx1T4ZLF6Wqwep98DUmhsqwURw-eQp2gnpiSx8xOBUKLAsm6YpoR79qUqj-WaOEM6O2jnroSZfVy9DQy0qEjJmTttR8-skWAGaRHKe-t8wvbWiTnnxFOIq18RKjhGfJSAU340USG17rm7kkKRF2F43x5dSKbsPEzgEk6yRkzCcd-xCyhin57fP3_4wC6d6m_qoPj763QyoBretkjFPYeU029oMYcHJm2PJATmx2GAX-bY_5FtRHFBXpyiKdgR-0QVF28ap1TtJeTfBvD3GXz-QFIY9ck8NbGunV591cZw3MKolyOeE9FqOELLRf6UFVValKQDKJeP7egDy1ZZSizxhgxxuvq_TLV68MrBkQ9VskqycoZpFCfRk_d1H1TreIgemC1LUSB84IFxYKARziWCUVpknKC-cAFnoXi0akrTiZPjKREdFKZ6woFCQstRE4TtG-1O09QwS4Y2AjJPvIMkNzlfew8V0SKsQFA1hFLHGCSB6fgZ8xwpWHRKfL5VkN5eUPtQUzDgzz3DGcFCNCRHqGZyUAzYW5QMlA074gEMfc-EU2etLj4hQ89MuPe1UFyKJhWyaqo0q8Q2q9M6a3K55mla86po1hV8_iNqf21D8HvptOioWF_8LX-K3DOXWSiPUseNw5ZXGsQTNJGhvfyEvYk3r8K0n-510NygQnApVZxyYl73YqbW6xAJoT24IHPM_hzsdzaYSizNsvU5-v_SXSe2qQYzdY5GBDGe6oaarRRtSPERzlsYYL2d-wMfgz3xoEWE6Kkb7cee0NdRxLPXYn-J5WrqWYw70QG5CKNTpEbwzklO0NRc1zjAPtgBWfJU2Qbrva6NumeZWadb1B5DGNAs2Ul7iAaSDdZOqRw9b79Vsnv7jC6M2bZj29GByBxJMzbeDka7dUdqiCcdy_xtCY_zLzEfyIM_cZQdXlu4KXYtquDXm-7n9fzeDpUB5hhFTAOEuKdu-mSVn2GME9eGEgIX3yFNzXYpd_T9seXLKegdTkEddvyESJejM7v_3Q2jpdHz90VWbfNlt8vVtirKbLUu87ppFBfVpiyyJiuatJJS1kvDa2U8fXmhyfTqMlUF-vQonpa_jkDvqFSmWbZJt-syTZN8zXlVV5KnPE8lfLdeqRPX5u7apdvFLalQY9BEEd8HOYTT9kpFwEAYdDBqh7Iz9SjiBba5Nb1Z9q_bHvyqw2STZcS6i0D_Bkuwk6Q>52893</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
libfuzzer forces use of popcnt instruction in its code
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
theultramage
</td>
</tr>
</table>
<pre>
[FuzzerPlatform.h](https://github.com/llvm/llvm-project/blob/e356027016c6365b3d8924f54c33e2c63d931492/compiler-rt/lib/fuzzer/FuzzerPlatform.h) defines `ATTRIBUTE_TARGET_POPCNT` as a shorthand for `__attribute__((target("popcnt")))`. This applies an override to the global build options, letting the compiler use the (SSE4?) 'popcnt' instruction for faster execution of certain bit code. It is currently only being used in [FuzzerTracePC.cpp](https://github.com/llvm/llvm-project/blob/3c7960cba19ed926b8e86b4c619e81c0f7da4d15/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp) on 13 functions.
The logic apparently being applied to ATTRIBUTE_TARGET_POPCNT is "if it's x86_64, it has popcnt". This is not true for various older processors. Forcing use of this instruction causes the resulting binary `libclang_rt.fuzzer-x86_64.a` to crash with SIGILL when executing any of the flagged functions on processors that don't support popcnt.
This was reported on the [freebsd bugtracker](https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258156) in august 2021, after mysql80-server-8.0.26 was released and integrated into the ports tree. I could not find the exact change that made this happen, but I can confirm that this is the version where the issue can first be observed. I have tried checking the now deleted svn history for libFuzzer and so far found [https://reviews.llvm.org/rGbceadcf1cd8f8128c92b1b2f3d4a11ba85f480cb](https://reviews.llvm.org/rGbceadcf1cd8f8128c92b1b2f3d4a11ba85f480cb) which shows that these overrides were already there in 2016. I could not find the changeset that initially added them since that site cannot access the repo.
It is not obvious why this code even exists. The popcnt flag should already be getting automatically set/unset based on the build's target architecture, so at best it's a no-op. Is it possible that the original author misunderstood the usage of this attribute, and thought it acted as a hint to the optimizer, and that it would be smart about only applying the optimization for eligible targets? (Does it actually also act as a hint?)
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJylVluPmzgU_jXJizUoQMKQhzxMO51qpGp31GafI2MO4K2DWdskTX_9fseQdLrbSruqhBLAt3POdzlUtr7sFps3T-PXr-RejAyNdcekW2weF1nZhTD4Rf6wyJ5wtTp0Y5Uoe8SDMafr393g7J-kAh4rYyv8Ub4pVtn9Ki1UkRebKq_LbbZuNmuV55ThXb3N0_U2w1TsNmhD7s7xeqN5eRODwc2_osq2oqZG9-TFolg97Pcfn9_8sX932D98fP9uf3j5_eXtb3uMCOmFFL6zLnSyrwWW84LDQYbgdDUGOhyQH64gXUsh3meDHVSPe8S1na9ilYh9p7HbMBiNY2Uv7Imc0zWJYEXoSLRIWhpRjdrUwg5B294vsrfCUAi6b-Oca5pi9BRf4MRPn96tF_kTJ7XI7q-H3wvd--BGxfvEwBvpA1bSF1JjfGkbocgFqXtR6YC9a0rEcxAIU43OUR_MRdgePxVxADizxq7ihvPeSUUvbxM1DL8GdK7ut8VKVTLdUr3NiqqksqjWqsBzmapVc1_LdZ1u_hvQr8NCUZBpmotm7GMpfLJYPS5WD9PvHiU0ttWKgZFzylO2E1I1o_MTgnChgLJuhOaCe_GlLA7FmjFDOTtw58aEGX1cvQ0CsFCE5CSdtqMX1tRABmVR5L11PhFP1qm55oxTiKtfAaokRnykgCM_msiQSvfSXZihqIsysm8PLiRTde6m4BLJtEZOyknfiTMgEp-e3z9_-CDOHfVXdnD-_WU6GaEa2bYoxa2GXNNv0WKODKK2PYoQhB-HAXqZc_9HtZHFGXVxxFOwI_aJLN68aRxR5WvQvw3A7zPw_AGlMOqTeWpiXTu9-qqNkbiFUM8HPCeq1VCErhf5Y7Yp003BPABz5diOPohslaWMkmxYEMeL_8uUqztPDoq8K5NVkhVzmIYkk561r_tArZMhamCWLGeB9BEPhAMBjVAuAwxrqeME-iIVlAXzaGkq01Gy4rkQHRhGPccBI-Hl8ARl-0a74zQ1zJThjRCZZ9wBkpuUr70Hi3gRViCpCkSpYg41B9PJE-Y5ZrDqSH2-Okhvz_A-eAoG_KkXOCNYkIbpCNZMCooJewvLgG3YEQ9A6HskHJ00nX3Cgp6RcO8rRbJWTarqsinTrFTbrEqrrMnrtUzTSpabZl1C5z-C9tc2BL7nTquOzfrsr_UjVs9ss2Ael04ahy0vPIgncCJDe_kJehNunsK0n-510NLAIWRdU5xyFF73aobW6xAB4T2kYnHM-hzsdzKYLJZn2eoU9X_uLhPa7MGCTlGIAMazb9AspShDzo_jvKYB1Nu5P8gx2KMMWsUQPXejp7Hn6KtI4llrsb9Eu5p6lpBOdYhchdERsxG4S6YTODX7mkSwd3ZAlTw722C915WhW5WFdbqF9xiOAc1SHLUHaUDZYO1UytHL9puT3dpnVGGsth3bjg9E5ZiasfF2ENq1O3JDPOpo89clMs4_x3qgDv4oYTuyslBT7Frs4Jcr7-f18tYOySDmmEUsA4j4xN300ZKfwxgnrA0XBCq-hTQ122W94--PrVwGHQztIJ7JaXl3gH-17hm81-YN1ukwgb0cndn977YZtY-Pg6dNVm7zZbdbp5LutykVdVZVRFm5yrfpJk-zVBZVlq2WRlZkPH-ioRv1dJ7sg79RNo9LvWNHTLPsPt2uizRN8rWUZVXWMpV5WkNe6xUdpTY3cS7dLobEfoxBE7l6G5TgR9sTxeOw_8SKHWBAo3LyCCos4_m7GP_faf99dQ">