[llvm-bugs] [Bug 39219] New: SIGILL in U-Boot due to "-fsanitize=bounds -O2"

via llvm-bugs llvm-bugs at lists.llvm.org
Mon Oct 8 14:46:26 PDT 2018 

https://bugs.llvm.org/show_bug.cgi?id=39219

            Bug ID: 39219
           Summary: SIGILL in U-Boot due to "-fsanitize=bounds -O2"
           Product: clang
           Version: 6.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: roscaeugeniu at gmail.com
                CC: llvm-bugs at lists.llvm.org

In the context of enabling UBSan in U-Boot [1], when passing "-fsanitize=bounds
-O2" to clang, it builds the executable successfully, but when U-Boot is run,
it is killed by SIGILL at startup.

The issue disappears with:
- "clang -fsanitize=bounds -O0"
- "clang -fsanitize=undefined" (any optimization level)

I can't reproduce this problem with GCC [3]. Below is the minimal sample code
leading to this issue (could probably be reduced further, but I tried to also
keep the concept behind):

$ cat z.c
#include <stdio.h>

#define my_section_start(_type) \
({                              \
        static char start[0] __attribute__((unused,section(".my_section")));   
\
        (_type *)&start;                                                       
\
})

int v1 __attribute__((unused,section(".my_section.1"))) = 1;
int v2 __attribute__((unused,section(".my_section.2"))) = 2;

int main(void)
{
        int *ptr = my_section_start(int);
        printf("%p %p %p %d\n", &v1, &v2, ptr, *ptr);
}

$ cat z.lds
SECTIONS
{
        . = ALIGN(4);
        .my_section : {
                KEEP(*(SORT(.my_section*)));
        }
}

INSERT BEFORE .data;

$ clang -fsanitize=bounds -O2 -c z.c -o z.o && clang -Wl,-T z.lds z.o -lubsan
-o z.out && ./z.out
  illegal hardware instruction (core dumped)

$ gcc -fsanitize=bounds -O2 -c z.c -o z.o && gcc -Wl,-T z.lds z.o -lubsan -o
z.out && ./z.out  
0x601028 0x60102c 0x601028 1

$ clang -fsanitize=undefined -O2 -c z.c -o z.o && clang -Wl,-T z.lds z.o
-lubsan -o z.out && ./z.out
z.c:15:41: runtime error: load of address 0x000000601030 with insufficient
space for an object of type 'int'
0x000000601030: note: pointer points here
 51 7f 00 00  01 00 00 00 02 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00
00 00 00  00 00 00 00
              ^ 
0x601030 0x601034 0x601030 1


######### References

[1] https://patchwork.ozlabs.org/cover/962307/
[2] clang versions tried (any generates the issue)
    - 4.0.0-1ubuntu1~16.04.2 (tags/RELEASE_400/rc1)
    - 5.0.0-3~16.04.1 (tags/RELEASE_500/final)
    - 6.0.1-svn334776-1~exp1~20180919141756.113 (branches/release_60)
[3] GCC versions tried (none generates the issue):
    - gcc (Ubuntu 4.9.4-2ubuntu1~16.04) 4.9.4
    - gcc (Ubuntu 5.5.0-12ubuntu1~16.04) 5.5.0 20171010
    - gcc (Ubuntu 6.4.0-17ubuntu1~16.04) 6.4.0 20180424
    - gcc (Ubuntu 7.3.0-21ubuntu1~16.04) 7.3.0
    - gcc (Ubuntu 8.1.0-5ubuntu1~16.04) 8.1.0

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20181008/cc46d872/attachment.html>

More information about the llvm-bugs mailing list