<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/62849>62849</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Clang compiles ebpf skips the judgment causing the program to fail to load
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          g0dA
      </td>
    </tr>
</table>

<pre>
    # ENV
kernel: `6.3.1-arch1-1`
clang: `15.0.7 x86_64-pc-linux-gnu`

# Code
```
#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>

char LICENSE[] SEC("license") = "Dual BSD/GPL";

struct trace_event_raw_sys_enter {
        short unsigned int type;
        unsigned char flags;
        unsigned char preempt_count;
        int pid;
        int __syscall_nr;
        long unsigned int args[6];
        char __data[0];
};
struct {
        __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
        __uint(max_entries, 1);
        __type(key, unsigned int);
        __type(value, char [4096]);
} map SEC(".maps");

SEC("tracepoint/syscalls/sys_enter_execve")
int tracepoint__syscalls__sys_enter_execve(struct trace_event_raw_sys_enter *ctx)
{

        int key = 0 ;
        char *buf = (char *)bpf_map_lookup_elem(&map, &key);    // get ptr of inner buffer
        if (buf == 0)
                return 0;

        char *ptr_name = (char *)ctx->args[0];
        char **argv = (char **)ctx->args[1];
        char *ptr_argv0;
        bpf_probe_read(&ptr_argv0, sizeof(ptr_argv0), argv + 0);

        /* read filename into buffer */
        unsigned int offset = bpf_probe_read_str(buf, 4096, ptr_name);


        /* read argv0 into buffer */
        if (offset > 4096 || offset < 0)
                return 0;
        int len = bpf_probe_read_str(buf + offset, 4096 - offset, ptr_argv0);
        bpf_printk("len : %d\n", len);
        return 0;
}
```
compile this code with `clang -O2 -g -target bpf -c llvbpf.c -o llvbpf.o` and load this ebpf by `sudo bpftool prog load -L -d llvbpf.o`

occur error:
```
29: (bf) r2 = r7 ; R2_w=scalar(id=4,umax=8191,var_off=(0x0; 0x1fff)) R7_w=scalar(id=4,umax=8191,var_off=(0x0; 0x1fff))
30: (85) call bpf_probe_read_str#45
invalid access to map value, value_size=4096 off=0 size=8191
R1 min value is outside of the allowed memory range
```
# Reason

in source code:
```
int len = bpf_probe_read_str(buf + offset, 4096 - offset, ptr_argv0);
```
in btytecode:
```
 21:    bf 01 00 00 00 00 00 00 r1 = r0
      22:       67 01 00 00 20 00 00 00 r1 <<= 32
      23:       77 01 00 00 20 00 00 00 r1 >>= 32
 24:    25 01 0b 00 00 10 00 00 if r1 > 4096 goto +11 <LBB0_3>
      25:       1f 07 00 00 00 00 00 00 r7 -= r0  // 4096 - offset
      26:       0f 16 00 00 00 00 00 00 r6 += r1 // buf + offset
      27:       79 a3 f0 ff 00 00 00 00 r3 = *(u64 *)(r10 - 16)
      28:       bf 61 00 00 00 00 00 00 r1 = r6
 29:    bf 72 00 00 00 00 00 00 r2 = r7
      30:       85 00 00 00 2d 00 00 00 call 45
```
on line 25, offset is `r0`, there is no scope constraint after the if judgment, on line 26, offset is `r1` is correct
so, the correct line 25 should be: `r7 -= r1`

# Problem
So, why does this problem occur when clang compiles ebpf? 
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJy0V12Pq7oV_TXOyxaRMeHrIQ8JSapK09vRnLbSfUIGDOEO2Mg2M0l_fWWbJEySmfah9widMHiv5bW_vIEq1TacsTUKtyjcLeioj0KuG1xtFoWozmtEAtj_9i-Edwhv3pnkrEPBBlCEo2Ww9D0qy6Pv-SjCzqTsKG8mCz9c4mUMpyTKo5U3lF7X8vHkNXy8mk__kwAyUbHprwhP12Wx5WU3VgxQkFkKRA7FUC-PKNg_symG2lnkR9YNTKq5pVN5pBJe_prtf_u1d57Dr32GSIII6dqSccUQIYikgIIdIEJ2I-1g-2uHyOEvry9mLdjOCZWWY6lBS1qynH0wrnNJP3N1VjnjmklA8dU-VUchNYzchr6ClmvQ54HNKNProlVad7RR3y8PkrF-0HkpRq7nZoZ5aKv7R7nRVdKuy7mcr3WCN19lUdkoFG4jFO7mhnbXPK-opijc4i-r8e1-Csrc9TwfW64RSazDJIPt6yH_2-Y1_8fvr_v8df-Wvf4z37y9bX5HJJ1veQX29GRCKlumDN5_sHPMyTs7m_W5O9-ZftButGKsXyjcrnBqXZ7bxzvo6XArk2VPB-WK5K4Wria2GgZhdz5MIVfu1lVFzk6s_JhKzYFtMVxx10ypPH9EJf-96sim1Kcr-SwTs3J4Z2db5hgecozIphjrqQmSyyNEUtNcPR3yToj3cchZx3rrc9TTwUQSkcgmwMUmReSAyAEapmHQEkQNLedMQjHWNZM3NbXZZtrRSrpJxynCqWR6lBzwXcRncgctc0579kRzqU8eCvZTTeNnNW0NN1Q2H4_4Rwr_GwqjwXDMZdqIDVIULJeMVi5YN0OSgWr_zUSNSDJ7mpoFJ4dsXTQePLex3YBhhbrtmPW-5VpM0XXqD49nh8m9qGvFtHX2q8BcaelyYSTYhiAZXKL7TMgTOdaLn7S4hF9F7O1GgOIMxdlNW_a_1IEt5Y7xH32xYXS8F7fAmz34EvqH5LVcv08zwu6zAUTCCoUZtx2cme3vgI9C493TKVeKfmg7BvrYKihFxeCz1UczRe1EBe_vBLwGPE2l6aJiqMEroes-zCAswROXe4EiDJRX0AlaOTpmrIuzIVNjJQxYC9HBIEXjzLwX8Ko5wzypoixHCUxKIVGweareOL2xvVuboSmJzYKMzYkCbyT_RMHOnGPU5MEMpN0KkWzs6QkFu8RPfUSyDypzUdem80mCTyZkgE9-Xde2D1J4i_8vPE5xgCfFSWi4zRn7tGqCVXg5mD9o11ZAy5IpBVrYcXAdHfYmNz1sRJm6chowTM-sOsv05kPfcoeAVoEYtWorZk5FfWRAu058sgp61gt5Bkl58-2LEbwxqgSfZ6vloMQoS2ar6LuE_XnNcr8PFPqs2U9agPh2KS1qwD5gfHeZNvJdQV0Q9p95CTOwKL7ByCMss9cOAvIFHDhw_DN4b68ZmKwcjoQWV0wI_4Zra3BQF7FGaGEi6VstL9stzoPr2-ikJXScfg04fu5_DJ4LAMA0S7-mY84WOTZcgx89Z4uMIMvnX-ju8j3ni6dIpUADqDHU9T1fME3LDSLJGK2meYtIIn0MHvjRte0myuSa8OjnhEeXsKdXREyeIy5nznwj2-UIp0l4sybVHGYb_9Ljd4UpOHQtZyY_5DqOWmXOUWmtSGY6Vtou5gJUKQbTdlxpSe3rc21ewkxTtzX8MVZNz7htnStz9MhsvqXADgEpWTmlQolps8vjizJQRzF2FRRs-ui6lor_5CPrVYrCvKq591TL-Xk8QyWYcqNicAbgzvzPI-Pg5s80n9wwQcEBFtU6qNIgpQu29qNkFZMwwsHiuKbJKghK5pOiSpOiqFclqSJCy4TVhV9GdNGuCSYBDgnBAcE4WKZhnfhhQOOYRUEVpmiFWU_bbtl1H_1SyGbRKjWydUSSVbroaME6ZT9YCeHsE-yimcDhbiHXBuMVY6PQCnet0urGolvdsXX26A-o93ZQNryXLEFJR9Xyxj40g1LS3hz6NW0782vG5mKU3fqo9aBMldk-alp9HItlKXpEDmbj6ccbpPjDZJMcrFzzGWDd-U8AAAD__4V6Uwo">