<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/65253>65253</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            UBSan fails to call a JIT compiled function
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          kobalicek
      </td>
    </tr>
</table>

<pre>
    Clang 17+ (and the current master) crashes with UBSAN when a JIT compiled function is being called. For some reason it crashes on address, which us `funcPtr - 8`. Note that both ASAN and valgrind pass without any issues. Clang's 16 UBSAN and older work, GCC's UBSAN works as well.

It seems to me that something is wrong with clang's 17+ UBSAN, but I have no idea why `funcPtr - 8` is the problem - such arithmetic is not used in the code; it seems injected by UBSAN.

I have been able to make this reproducible with asmjit library, without the need to modify anything:

```
git clone https://github.com/asmjit/asmjit.git
cd asmjit/tools
CC=clang CXX=clang++ ./configure-sanitizers.sh
cd ..
cd build/Release_UBSAN
make
./asmjit_test_emitters
```

When `./asmjit_test_emitters` is executed, the output is the following:

```
AsmJit Emitters Test-Suite v1.10.0

Using x86::Assembler:
  mov rax, rdi
  mov rcx, rsi
  movdqu xmm0, [rcx]
  movdqu xmm1, [rdx]
  paddd xmm0, xmm1
  movdqu [rax], xmm0
  ret
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==309866==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x7f03e8aacff8 (pc 0x555d011597e7 bp 0x7fff4f1e86e0 sp 0x7fff4f1e82e0 T309866)
==309866==The signal is caused by a READ memory access.
    #0 0x555d011597e7 (/home/petr/workspace/asmjit/build/Release_UBSAN/asmjit_test_emitters+0x327e7)
 #1 0x555d01158ba3 (/home/petr/workspace/asmjit/build/Release_UBSAN/asmjit_test_emitters+0x31ba3)
 #2 0x7f03e86456c9  (/lib/x86_64-linux-gnu/libc.so.6+0x276c9) (BuildId: 072feb34c63e054d60d94cbc68d92e4caad25d72)
    #3 0x7f03e8645784 (/lib/x86_64-linux-gnu/libc.so.6+0x27784) (BuildId: 072feb34c63e054d60d94cbc68d92e4caad25d72)
    #4 0x555d0112e5a0 (/home/petr/workspace/asmjit/build/Release_UBSAN/asmjit_test_emitters+0x75a0)

UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: SEGV (/home/petr/workspace/asmjit/build/Release_UBSAN/asmjit_test_emitters+0x327e7) 
==309866==ABORTING
```

The logger is okay - it successfully assembled the function, however, it then fails when trying to execute it. When I have debugged this, I have found out that the pointer to the function is actually `0x7f03e8aad000`, but UNSAN fails with `0x7f03e8aacff8` address, which is 8 bytes less and doesn't exist.

OS: Debian Linux
Architecture: x86_64
Clang Version: 17+, master
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJy0Vl9v2zgS_zTMy8ACTVmy_OAHO46LLLrpIX_2dp8KihxZ3FCij6Ri-z79YSTZSa6b9g7YAoWrkMOZ3_z_yRDMrkVcsmzNss2V7GLt_PLZldIahc9XpdOn5bWV7Q6mcybWwEQhWw2xRlCd99hGaGSI6JlYgPIy1BjgYGINT-uH1R0camxBwi-3j6BcszcWNVRdq6JxLZgAJZp2B0paizqBrfMQXIPgUQYSiBedrgWptccQmLiGQ21UDV0AlnNS94_oYQIFy3kCdy4ixFpGKF2sYUUwCPOLtDtvWg17GQaMrosg2xOYEDoMCfSOMjEPMM1H_PTQWY0eDs4_k-lP19e9yOif888BZIADWpswvmF8NfzeRgiITYDooBkBkW-xJo9NgIN37W6IlXo13Ee5103Gyi7CLdTyBaF1YDRKONSnb70mfZSTvXelxQYmEDpVg_Qm1g1Go0igdRG6gBpMOyTQaWTpmqI8IDXtn6giaihPA4T3Dg04SqSMlhZ7x-QzuWYCeNx7pztl6KZ3SobmTxPBmtJLf-qzNsacjLeIutfgtKlOlIY-MCxdvbXJcj7-6__cUUFY1yLUMe4DCYstE9udiXVXJso1TGwHu5ePZGfi8FppuNxF52wYjq-vWbrpMwDXv_9-_mZiTZlImNgq11Zm13mcBNmaaP6NPiShvihNkstn2Rmrmdjeo0UZ8OuQyP6WQjV8JRdsXyOG-BUbEyP68JcuD7__pDai6v7o6VACeETVRdQUbAqy6-K-i-fiqJy17vDDIK9C84uJcDOqhkcMcfLQmYjwMk2mPHmH7ClQOR-LnJSmq1UI2JQW_cUGQONewMsjgfLavDtVw2l4e6r_1cGxaTjdsGxNMtnm2_vp-V6_vd9LrfXleS_2_iW9kP2L4Z6f7z2OZfLUaqxMi3qNtXwxzj-cs87S1eZmtfn8x8Ptp7vV5zEM6Yalm5Qvijwfvm_u77_cs3QF39UEDzeffqOx1rXPrTtcxhvw47ziKRZSqqoqaOLuFfBjlmWaT6fZYo5zKPe9WFXNqikWOXII704EcngcMYnFR0AfawRaANJSiSjZD4fyBBLub1YbaLBx_gRSKQwhOccJgImU_zcgJgomtrVrkIntHqNnYtvPxr1U-LYp_7pDPqhqsebHVMxxfnGCjE_fGC9Kmf5M49NSpu-Mi0t-8lmWqwWM1q0pmdgei_xrPptY03bHya7thguVBJfkvUIxz9WCdiUTxZrQ3GqqBT4XFZbpTOUp8mymc64XM1WqvNALgTMlpRaZnotXKEMe0rdo5sXs_wUzL2Z_H5jZa14EZpL_xLzMM8lfC_sHbQtKtv3y23v3YjRSpxkiIFT3beXG0n54-vXX1f0f_2Pj_vyCh4_adrX-cv94e_fpO_uCOtu63Q49dbZ7lieY9Hu-65u56qw9gRxn9UDnzqyM5mLtDvhCnO6aHkVaPpU0Ngx0LvoTzfzozvsGTEygX1EjR9BYdrtdr9j0fG08r1xHfKqnAHLgAXtn2oietL1FQbClip0koCznr0NRc957O7KjpzuiYSM6oh3vhGmC0m78hjqaAAWUp4gBLA1d4nnaYWiZmEfAownxHfn58kCZ32BpZAufqaPGZelVbSKq2HkkiaHnRmLRc4rf0AcKa7oayB1hGCjzlV6mepEu5BUup_kiLUQ2zdOreollPhXpQk8zveBlKstZKviiyHgqpcxEdmWWgouUL_hsyrOFSBOFlVogV-VsNstlkbEZx0Yam1j70iTO7656jrvMM5GlV1aWaMOZ9PslCU3KbhfYjFsTYnh9Fk20uHxaP8hzCUTX0_WPSP1V5-3yO-yMNI__TfbeEeFkYjswcCa2PcD_BAAA__9xGezo">