[LLVMbugs] [Bug 23868] New: Runtime GP fault when throwing aligned type

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Wed Jun 17 01:41:10 PDT 2015 

https://llvm.org/bugs/show_bug.cgi?id=23868

            Bug ID: 23868
           Summary: Runtime GP fault when throwing aligned type
           Product: new-bugs
           Version: 3.6
          Hardware: Macintosh
                OS: MacOS X
            Status: NEW
          Severity: normal
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: greg at hewgill.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

I have a type that is declared with __attribute__((aligned(16))). When building
with clang on OS X on x86_64, the following code causes a GP fault when
attempting to throw a value containing this type. The fault happens because the
compiler generates a 128-bit move instruction which must be aligned on a
16-byte boundary, but the address is not correctly aligned.

Here is a program that reproduces the problem:

    #include <stdint.h>
    #include <stdio.h>

    struct __attribute__((aligned(16))) int128 {
        uint64_t w[2];
    };

    int main()
    {
        try {
            int128 x;
            throw x;
        } catch (int128 &e) {
            printf("%p %lu\n", &e, sizeof(e));
        }
    }

And the disassembly with the fault location marked with `->`:

    a.out`main:
        0x100000db0 <+0>:   pushq  %rbp
        0x100000db1 <+1>:   movq   %rsp, %rbp
        0x100000db4 <+4>:   subq   $0x40, %rsp
        0x100000db8 <+8>:   movl   $0x10, %eax
        0x100000dbd <+13>:  movl   %eax, %edi
        0x100000dbf <+15>:  callq  0x100000e8c               ; symbol stub for:
__cxa_allocate_exception
        0x100000dc4 <+20>:  movaps -0x10(%rbp), %xmm0
    ->  0x100000dc8 <+24>:  movaps %xmm0, (%rax)
        0x100000dcb <+27>:  movq   0x23e(%rip), %rsi         ; (void
*)0x0000000100001058
        0x100000dd2 <+34>:  xorl   %ecx, %ecx
        0x100000dd4 <+36>:  movl   %ecx, %edx
        0x100000dd6 <+38>:  movq   %rax, %rdi
        0x100000dd9 <+41>:  callq  0x100000e9e               ; symbol stub for:
__cxa_throw

Current register:

    (lldb) register read rax
           rax = 0x0000000100905b08

It looks like what is happening is the __cxa_allocate_exception function has no
knowledge of the alignment requirements of the type for which it is allocating
storage. On my system it happens to allocate an address that ends in 8, and is
therefore not 16-byte aligned. When the `movaps` instruction attempts to move
data into that memory location, the CPU faults due to unaligned access.

Compiler info (`clang` from Xcode 6.3.2):

    $ clang --version
    Apple LLVM version 6.1.0 (clang-602.0.53) (based on LLVM 3.6.0svn)
    Target: x86_64-apple-darwin14.3.0
    Thread model: posix

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150617/f49e31af/attachment.html>

More information about the llvm-bugs mailing list