[llvm-bugs] [Bug 39219] New: SIGILL in U-Boot due to "-fsanitize=bounds -O2"
via llvm-bugs
llvm-bugs at lists.llvm.org
Mon Oct 8 14:46:26 PDT 2018
https://bugs.llvm.org/show_bug.cgi?id=39219
Bug ID: 39219
Summary: SIGILL in U-Boot due to "-fsanitize=bounds -O2"
Product: clang
Version: 6.0
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: -New Bugs
Assignee: unassignedclangbugs at nondot.org
Reporter: roscaeugeniu at gmail.com
CC: llvm-bugs at lists.llvm.org
In the context of enabling UBSan in U-Boot [1], when passing "-fsanitize=bounds
-O2" to clang, it builds the executable successfully, but when U-Boot is run,
it is killed by SIGILL at startup.
The issue disappears with:
- "clang -fsanitize=bounds -O0"
- "clang -fsanitize=undefined" (any optimization level)
I can't reproduce this problem with GCC [3]. Below is the minimal sample code
leading to this issue (could probably be reduced further, but I tried to also
keep the concept behind):
$ cat z.c
#include <stdio.h>
#define my_section_start(_type) \
({ \
static char start[0] __attribute__((unused,section(".my_section")));
\
(_type *)&start;
\
})
int v1 __attribute__((unused,section(".my_section.1"))) = 1;
int v2 __attribute__((unused,section(".my_section.2"))) = 2;
int main(void)
{
int *ptr = my_section_start(int);
printf("%p %p %p %d\n", &v1, &v2, ptr, *ptr);
}
$ cat z.lds
SECTIONS
{
. = ALIGN(4);
.my_section : {
KEEP(*(SORT(.my_section*)));
}
}
INSERT BEFORE .data;
$ clang -fsanitize=bounds -O2 -c z.c -o z.o && clang -Wl,-T z.lds z.o -lubsan
-o z.out && ./z.out
illegal hardware instruction (core dumped)
$ gcc -fsanitize=bounds -O2 -c z.c -o z.o && gcc -Wl,-T z.lds z.o -lubsan -o
z.out && ./z.out
0x601028 0x60102c 0x601028 1
$ clang -fsanitize=undefined -O2 -c z.c -o z.o && clang -Wl,-T z.lds z.o
-lubsan -o z.out && ./z.out
z.c:15:41: runtime error: load of address 0x000000601030 with insufficient
space for an object of type 'int'
0x000000601030: note: pointer points here
51 7f 00 00 01 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00
^
0x601030 0x601034 0x601030 1
######### References
[1] https://patchwork.ozlabs.org/cover/962307/
[2] clang versions tried (any generates the issue)
- 4.0.0-1ubuntu1~16.04.2 (tags/RELEASE_400/rc1)
- 5.0.0-3~16.04.1 (tags/RELEASE_500/final)
- 6.0.1-svn334776-1~exp1~20180919141756.113 (branches/release_60)
[3] GCC versions tried (none generates the issue):
- gcc (Ubuntu 4.9.4-2ubuntu1~16.04) 4.9.4
- gcc (Ubuntu 5.5.0-12ubuntu1~16.04) 5.5.0 20171010
- gcc (Ubuntu 6.4.0-17ubuntu1~16.04) 6.4.0 20180424
- gcc (Ubuntu 7.3.0-21ubuntu1~16.04) 7.3.0
- gcc (Ubuntu 8.1.0-5ubuntu1~16.04) 8.1.0
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20181008/cc46d872/attachment.html>
More information about the llvm-bugs
mailing list