[PATCH] D69579: [libFuzzer] Fix unwinding for Fuchsia
Marco Vanotti via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Oct 29 12:09:54 PDT 2019
charco created this revision.
charco added reviewers: mcgrathr, jakehehrlich, phosek, kcc, aarongreen.
Herald added subscribers: llvm-commits, Sanitizers, kristof.beyls, aprantl.
Herald added projects: Sanitizers, LLVM.
This commit fixes part of the issues with stack unwinding in fuchsia for
arm64 and x86_64. It consists of multiple fixes:
(1) The cfa_offset calculation was wrong, instead of pointing to the
previous stack pointer, it was pointing to the correct one. It worked in
most of the cases because the crashing functions already had a
prologue and had their cfa information relative to another register. The
fix consists on adding a constant that can be used to calculate the
crashing function's stack pointer, and base all the cfi information
relative to that offset.
(2) (arm64) Due to errors with the syntax for the dwarf information, most
of the `OP_NUM` macros were not working. The problem was that they were
referred to as `r##NUM` (like `r14`), when it should have been `x##num`
(like `x14`), or even without the x.
(3) (arm64) The link register was being considered a part of the main
registers (`r30`), when in the real struct it has its own field. Given
that the link register is in the same spot in the struct as r[30] would be,
and that C++ doesn't care about anything, the calculation was still correct.
(4) (x86_64) The stack doesn't need to be aligned to 16 bytes when we
jump to the trampoline function, but it needs to be before performing
call instructions. Encoding that logic in cfi information was tricky, so
we decided to make the cfa information relative to `rbp` and align `rsp`.
Note that this could have been done using another register directly,
but it seems cleaner to make a new fake stack frame.
There are some other minor changes like adding a `brk 1` instruction in
arm64 to make sure that we never return to the crash trampoline (similar to
what we do in x86_64).
Sadly this commit does not fix unwinding for all use cases for arm64.
Crashing functions that do not add information related to the return column in
their cfi information will fail to unwind due to a bug in libunwinder.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D69579
Files:
compiler-rt/lib/fuzzer/FuzzerUtilFuchsia.cpp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D69579.226950.patch
Type: text/x-patch
Size: 5857 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20191029/38222db2/attachment.bin>
More information about the llvm-commits
mailing list