[llvm-bugs] [Bug 51362] New: Incorrect code generation when enabled stack instrumentation with arm64 MTE
via llvm-bugs
llvm-bugs at lists.llvm.org
Thu Aug 5 08:42:44 PDT 2021
https://bugs.llvm.org/show_bug.cgi?id=51362
Bug ID: 51362
Summary: Incorrect code generation when enabled stack
instrumentation with arm64 MTE
Product: clang
Version: 12.0
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: C
Assignee: unassignedclangbugs at nondot.org
Reporter: scopichmu at gmail.com
CC: blitzrakete at gmail.com, dgregor at apple.com,
erik.pilkington at gmail.com, llvm-bugs at lists.llvm.org,
richard-llvm at metafoo.co.uk
Stack instrumentation with arm64 MTE were enabled using such options: "-target
aarch64-linux -march=armv8+memtag -fsanitize=memtag". Clang generates such
code:
```
00000000000014a0 <test_func>:
14a0: d100c3ff sub sp, sp, #0x30
14a4: a9027bfd stp x29, x30, [sp, #32]
14a8: 910083fd add x29, sp, #0x20
...
14c8: f81f83a8 stur x8, [x29, #-8]
...
```
Here Clang copies address of stack into 'x29' register then copy 'x8' register
into stack using 'x29' register. This violates arm spec. and causes false
positive Tag Check Fault MTE reports.
When CPU executes 'stur' instruction (at address 14c8), Synchronous Tag Check
Fault exception is triggered. Exception happens because only 'sp' allows to be
used to perform Tag Unchecked access - all load and store instructions with SP
base register and immediate offset do not check tags. Arm spec. says:
```
A Tag Unchecked access will be generated for a load or store that uses either
of the following:
• A base register only, with the SP as the base register.
• A base register plus immediate offset addressing form, with the SP as the
base register.
```
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210805/1bb604af/attachment.html>
More information about the llvm-bugs
mailing list