[llvm-bugs] [Bug 34213] New: - -fsanitize=undefined doesn't pay attention to __builtin_assume_aligned()

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Aug 16 13:09:24 PDT 2017 

https://bugs.llvm.org/show_bug.cgi?id=34213

            Bug ID: 34213
           Summary: - -fsanitize=undefined doesn't pay attention to
                    __builtin_assume_aligned()
           Product: clang
           Version: 4.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: kobalicek.petr at gmail.com
                CC: llvm-bugs at lists.llvm.org

I'm having problem with -fsanitize=undefined and __builtin_assume_aligned()
builtin.

The following code `sanitizer-test.cpp`:

  #include <stdint.h>

  static __attribute((__noinline__)) uint32_t readu32(const void* p) {
    p = __builtin_assume_aligned(p, 1);
    return static_cast<const uint32_t*>(p)[0];
  }

  static __attribute((__noinline__)) void writeu32(void* p, uint32_t x) {
    p = __builtin_assume_aligned(p, 1);
    static_cast<uint32_t*>(p)[0] = x;
  }

  int main(int argc, char* argv[]) {
    char buf[] = { 0, 1, 2, 3, 4, 5, 6 };
    writeu32(buf + 1, 0x44332211);
    uint32_t ret = readu32(buf + 1);
    return static_cast<int>(ret);
  }

Compiled as:

  clang++-4.0 -fsanitize=undefined sanitizer-test.cpp -o sanitizer-test

Outputs the following when executed:

$ ./sanitizer-test
sanitizer-test.cpp:10:3: runtime error: store to misaligned address
0x7ffcdb09e13a for type 'uint32_t' (aka 'unsigned int'), which requires 4 byte
alignment
0x7ffcdb09e13a: note: pointer points here
 00 00  00 00 01 02 03 04 05 06  38 e2 09 db fc 7f 00 00  01 00 00 00 00 00 00
00  a0 b3 42 00 00 00
              ^ 
sanitizer-test.cpp:5:10: runtime error: load of misaligned address
0x7ffcdb09e13a for type 'const uint32_t' (aka 'const unsigned int'), which
requires 4 byte alignment
0x7ffcdb09e13a: note: pointer points here
 00 00  00 00 11 22 33 44 05 06  38 e2 09 db fc 7f 00 00  01 00 00 00 00 00 00
00  a0 b3 42 00 00 00

I think that in this case the sanitizer should not report the runtime error as
the pointer was marked to be aligned to 1 byte.

I reported the same also on GCC's bugzilla as I tested both gcc and clang:
  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81870

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170816/01cb6bab/attachment.html>

More information about the llvm-bugs mailing list