[llvm-bugs] [Bug 45875] New: Exception unwinding fails with shadow call stack

Mon May 11 08:23:44 PDT 2020

https://bugs.llvm.org/show_bug.cgi?id=45875

            Bug ID: 45875
           Summary: Exception unwinding fails with shadow call stack
           Product: Runtime Libraries
           Version: trunk
          Hardware: Other
                OS: other
            Status: NEW
          Severity: normal
          Priority: P
         Component: libunwind
          Assignee: unassignedbugs at nondot.org
          Reporter: ambre at google.com
                CC: compnerd at compnerd.org, jgorbe at google.com,
                    llvm-bugs at lists.llvm.org, saugustine at google.com

With a version of libunwind built for aarch64-unknown-fuchsia (which enables
the shadow call stack by default), the unwinding information generated for
_Unwind_RaiseException does not adjust x18. This breaks exception handling: the
function that catches the exception returns to the wrong place.

Here's an example, using the version of llvm shipped in the fuchsia tree:
Source:
#include <iostream>

int main() {
  void* x18;
  try {
    asm volatile("mov %0, x18" : "=r"(x18) : :);
    std::cerr << "will throw, x18=" << x18 << std::endl;
    throw "something";
  } catch (...) {
    asm volatile("mov %0, x18" : "=r"(x18) : :);
    std::cerr << "caught, x18=" << x18 << std::endl;
  }
  return 0;
}

Actual output:
will throw, x18=0x779ed45010
caught, x18=0x779ed45018
<CRASH>

Expected output:
will throw, x18=0x779ed45010
caught, x18=0x779ed45010

Looking at the library, _Unwind_RaiseException starts with the shadow call
stack prolog:
0000000000000000 <_Unwind_RaiseException>:                                      
       0: 5e 86 00 f8                   str     x30, [x18], #8
       4: fd 7b bd a9                   stp     x29, x30, [sp, #-48]!

but it is omitted by its unwind information. I'm not sure how to compile
libunwind for fuchsia myself, but the compiled version I used can be found
under lib/aarch64-unknown-fuchsia/c++/libc++.a in the archive here:
https://chrome-infra-packages.appspot.com/p/fuchsia/third_party/clang/linux-amd64/+/RJTCpB4rJ4IkRZuUWvaLtgjL6zz1HcitXQOIG47dvh8C

This seems to be fixed by compiling UnwindLevel1.c with -fexceptions. I'm not
sure of what the difference should be between using -fexceptions or just
-funwind-tables, but it seems that the dwarf instruction to update x18 is not
emitted when a function is marked nounwind
(https://github.com/llvm/llvm-project/blob/2481f26ac3f228cc085d4d68ee72dadc07afa48f/llvm/lib/Target/AArch64/AArch64FrameLowering.cpp#L2147).

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200511/a842d689/attachment.html>