[llvm-bugs] [Bug 39447] New: Assembly instructions with "OFFSET FLAT:" are handled incorrectly

via llvm-bugs llvm-bugs at lists.llvm.org
Fri Oct 26 02:32:43 PDT 2018 

https://bugs.llvm.org/show_bug.cgi?id=39447

            Bug ID: 39447
           Summary: Assembly instructions with "OFFSET FLAT:" are handled
                    incorrectly
           Product: libraries
           Version: 7.0
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: MCJIT
          Assignee: unassignedbugs at nondot.org
          Reporter: bjoern.gaier at horiba.com
                CC: llvm-bugs at lists.llvm.org

Created attachment 21038
  --> https://bugs.llvm.org/attachment.cgi?id=21038&action=edit
Contains CM_Switch.cpp CM_Switch.cod CM_Switch.obj

Hello LLVM-Team,

I used the new LLVM 7 to write a small and simple JIT-Client, which loads
bitcode files, JITs them and executes them. In this JIT process I also include
some object files which were generated by VisualStudio2017 - but sadly the
resulting code will crash. I did some research and try to explain what I've
done and what my conclusions are.

1.) Generating VisualStudio object file
All I do is simply compile the file "CM_Switch.cpp" - as it is attached to this
report - and that's all.
I use the following compile flags: /nologo /FAcs /Zc:wchar_t- /GS- /MT /W3 /O2
/I "..\..\include" /I "..\..\external\include" /D "WIN32" /D
"_CRT_NON_CONFORMING_SWPRINTFS" /D "_CRT_NONSTDC_NO_DEPRECATE" /D
"_CRT_SECURE_NO_WARNINGS" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS"
/Fp"$(OutDir)%(Filename).pch" /Fo"$(OutDir)%(Filename).obj" /c
$(ProjectName).cpp

2.) JIT Client
For the JIT client I use to parse first a bc file, that does not contain any
code - I just compiled an empty .cpp document with clang and enabled generating
a bc file. So the bc file is not empty, but has no executable code or anything.
After this I locate the CM_Switch.obj file and add it via "addObjectFile":
llvm::Expected<std::unique_ptr<llvm::object::ObjectFile>> preObj =
llvm::object::ObjectFile::createObjectFile(ArBuf.get()->getMemBufferRef());
refEngine->addObjectFile(llvm::object::OwningBinary<llvm::object::ObjectFile>(std::move(preObj.get()),
std::move(ArBuf.get())));

When generating the executable code, the JIT client will ask for resolving some
references and will get these address as they are. But executing the
"Initialize2" function will crash the application.

Investigations:
With the CM_Switch.cod file and a debugger I was able to locate the root of the
problem! Assembly instructions like these:
lea      r8, OFFSET FLAT:__ImageBase

The problem comes from "OFFSET FLAT" which - as I understood - determine the
offset of the current instruction to that reference. In this case
"__ImageBase".
But this is not handled correct! When I pass an address to "__ImageBase", the
application will crash at EXACTLY the address I passed. When I return 0xFF as
an Address, I will crash at the address 0xFF, if I pass the address of
ImageBase, I will crash there.
If I pass an address to a function, then this function will actually be
executed. It seems to me, that this code gets replaced with a jump, which is
totally wrong.

That is all I can say.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20181026/ac532206/attachment.html>

More information about the llvm-bugs mailing list