<div dir="ltr"><div><div>Hello,<br><br></div>Has anyone taken a look at this bug? I really want to fix this, but as Paul pointed out, this requires a lot of care...<br><br></div>Thank you for your help<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Son Tuan Vu</div></div></div>
<br><div class="gmail_quote">On Fri, Apr 27, 2018 at 7:29 PM, Son Tuan VU <span dir="ltr"><<a href="mailto:sontuan.vu119@gmail.com" target="_blank">sontuan.vu119@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Thank you all for taking a look at this. I pasted the C source then deleted it because I was afraid that it was too long to read...<br><br></div>Here's the code of <b>foo</b>. Its real name is <b>verifyPIN</b>. The variable <b>bar</b> is <b>userPin</b>.<br><br>int <b>verifyPIN</b>(char *<b>userPin</b>, char *cardPin, int *cpt)<br>{<br> int i;<br> int status;<br> int diff;<br><br> if (*cpt > 0) {<br> status = 0x55;<br> diff = 0x55;<br><br> for (i = 0; i < 4; i++) {<br> if (<b>userPin</b>[i] != cardPin[i]) {<br> diff = 0xAA;<br> }<br> }<br><br> if (diff == 0x55) {<br> status = 0xAA;<br> }<br> else {<br> status = 0x55;<br> }<br><br> if (status == 0xAA) {<br> *cpt = 3;<br> return 0xAA;<br> } else {<br> *cpt--;<br> return 0x55;<br> }<br> }<br><br> return 0x55;<br>}<br><br></div>@paul: Yes you are right, I have investigated the backend and it all starts at <b>IfConversionPass</b>. <b>r4</b> is clobbered by <b>poplt</b>, and there's no logic to handle conditional instruction in <b>DbgValueHistoryCalculator</b>, thus the issue at the binary level.<span class="HOEnZb"><font color="#888888"><br></font></span><div><div><div class="gmail_extra"><span class="HOEnZb"><font color="#888888"><br clear="all"><div><div class="m_-8398178226514364903gmail_signature"><div dir="ltr">Son Tuan Vu</div></div></div></font></span><div><div class="h5">
<br><div class="gmail_quote">On Fri, Apr 27, 2018 at 5:53 PM, <span dir="ltr"><<a href="mailto:paul.robinson@sony.com" target="_blank">paul.robinson@sony.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div class="m_-8398178226514364903gmail-m_-7351827624220065084WordSection1">
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">As Adrian said, we'd need to see the source of foo() to assess what the location-list for bar ought to be.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">Without actually going to look, I would guess that 'poplt' is considered a conditional move, therefore r4's contents are not guaranteed after it executes (i.e.
it is a clobber). If one operand of 'poplt' is 'pc' then of course it is also a conditional indirect branch (which is probably but not necessarily a return). This combination might be worth handling differently for location-list purposes.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">But this is a tricky area, and we'd need to consider the consequences carefully.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">--paulr<u></u><u></u></span></p>
<p class="MsoNormal"><a name="m_-8398178226514364903_m_-7351827624220065084__MailEndCompose"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)"><u></u> <u></u></span></a></p>
<div style="border-width:medium medium medium 1.5pt;border-style:none none none solid;border-color:currentcolor currentcolor currentcolor blue;padding:0in 0in 0in 4pt">
<div>
<div style="border-width:1pt medium medium;border-style:solid none none;border-color:rgb(181,196,223) currentcolor currentcolor;padding:3pt 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10pt;font-family:"Tahoma","sans-serif""> <a href="mailto:aprantl@apple.com" target="_blank">aprantl@apple.com</a> [mailto:<a href="mailto:aprantl@apple.com" target="_blank">aprantl@apple.com</a>]
<br>
<b>Sent:</b> Friday, April 27, 2018 11:22 AM<br>
<b>To:</b> Son Tuan VU<br>
<b>Cc:</b> Robinson, Paul; Vedant Kumar; <a href="mailto:dblaikie@gmail.com" target="_blank">dblaikie@gmail.com</a>; llvm-dev<br>
<b>Subject:</b> Re: [DbgInfo] Potential bug in location list address ranges<u></u><u></u></span></p>
</div>
</div><div><div class="m_-8398178226514364903gmail-h5">
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal"><br>
<br>
<u></u><u></u></p>
<div>
<p class="MsoNormal">On Apr 27, 2018, at 7:48 AM, Son Tuan VU <<a href="mailto:sontuan.vu119@gmail.com" target="_blank">sontuan.vu119@gmail.com</a>> wrote:<u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">Hi all,<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)">Consider this ARM assembly code of a C function:<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"><u></u> <u></u></span></p>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)">00008124 <foo>:<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8124: push {r4, r6, r7, lr}<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8126: add r7, sp, #8<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8128: mov r4, r0<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 812a: ldrsb.w r0, [r2]<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 812e: cmp r0, #1<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8130: itt lt<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8132: movlt r0, #85 ; 0x55<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8134: poplt {r4, r6, r7, pc} // a function return<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8136: ldrb.w ip, [r1, #3]<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 813a: ldrb.w lr, [r4, #3]<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 813e: movs r0, #85 ; 0x55<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8140: cmp lr, ip<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8142: bne.n 8168 <foo+0x44><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8144: ldrb.w ip, [r1, #2]<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8148: ldrb r3, [r4, #2]<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 814a: cmp r3, ip<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 814c: it ne<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 814e: popne {r4, r6, r7, pc} <span style="background:white none repeat scroll 0% 0%"> // a function return</span><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8150: ldrb.w ip, [r1, #1]<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8154: ldrb r3, [r4, #1]<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8156: cmp r3, ip<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8158: bne.n 8168 <foo+0x44><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 815a: ldrb r1, [r1, #0]<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 815c: ldrb r3, [r4, #0]<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 815e: cmp r3, r1<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8160: ittt eq<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8162: moveq r0, #3<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8164: strbeq r0, [r2, #0]<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8166: moveq r0, #170 ; 0xaa<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white none repeat scroll 0% 0%"><span style="font-family:"Arial","sans-serif";color:rgb(34,34,34)"> 8168: pop {r4, r6, r7, pc}<span style="background:white none repeat scroll 0% 0%"> // a function return</span><u></u><u></u></span></p>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I have a variable <b>bar</b> and here's its corresponding DWARF DIE:<u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<div>
<p class="MsoNormal"> <2><3b>: Abbrev Number: 3 (DW_TAG_formal_parameter)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <3c> DW_AT_location : 0x0 (location list)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <40> DW_AT_name : (indirect string, offset: 0x9e):
<b>bar</b><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <44> DW_AT_decl_file : 1<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <45> DW_AT_decl_line : 34<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <46> DW_AT_type : <0x153><u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal"> // <b>Its location list</b><u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal"> 00000000 00008124 0000812a (DW_OP_reg0 (r0))<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> 0000000b 0000812a 00008136 (DW_OP_reg4 (r4))<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> 00000016 <End of list><u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">As you can see, it says that we can find <b>bar </b>in <b>r4</b> from
<b>0x812a </b>to <b>0x8134 (poplt)</b>. However, this is only true when the <b>cmp
</b>instruction at <b>0x812e</b> yields <b>less than (lt)</b>. So if the value in
<b>r0 </b>is greater than 1 (which is the case of my input), we should still be able to read the value of
<b>bar</b> from <b>r4</b> in the remaining of the function.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I don't know if we can consider this a bug, because I don't even know what should be the correct location information for
<b>bar</b>. However, in this case, since the conditional instruction that clobbers
<b>r4</b> is a function return, I'd expect to read the value of <b>bar</b> from <b>
r4</b> in the remaining of the function. <u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I can't tell for sure whether the debug info is correct without also seeing the source code, but as a general point: Debug information is
<i>must</i>-information that holds over all paths through the program. Debug information that is only accurate for some paths is a bug. A serious bug, because if the user can't rely on the debug info to be correct in
<b>some</b> cases, they can't rely on <b>any</b> of the debug info to be correct.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">-- adrian<u></u><u></u></p>
</div>
<p class="MsoNormal"><br>
<br>
<u></u><u></u></p>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">If the conditional instruction <b>poplt </b>was <b>addlt r4, r0, 3</b> for example, what should be the correct location list of
<b>bar</b>?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<div>
<p class="MsoNormal">For now, my only idea is to check if the clobbering MI is a <b>
conditional return</b> in <b>DbgValueHistoryCalculator</b> whic<wbr>h computes the end address of a location llist entry. But I do not feel like this is the correct fix though.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Looking forward to hearing your thoughts on this,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Thank you for reading this,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal">Son Tuan Vu<u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div></div></div>
</div>
</div>
</blockquote></div><br></div></div></div></div></div></div>
</blockquote></div><br></div>