[llvm-bugs] [Bug 52501] New: Coroutine miscompilation on arm64 leading to invalid memory access

via llvm-bugs llvm-bugs at lists.llvm.org
Sun Nov 14 06:06:14 PST 2021 

https://bugs.llvm.org/show_bug.cgi?id=52501

            Bug ID: 52501
           Summary: Coroutine miscompilation on arm64 leading to invalid
                    memory access
           Product: clang
           Version: 13.0
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: C++2a
          Assignee: unassignedclangbugs at nondot.org
          Reporter: ztlpn at vectorized.io
                CC: blitzrakete at gmail.com, erik.pilkington at gmail.com,
                    llvm-bugs at lists.llvm.org, richard-llvm at metafoo.co.uk

Created attachment 25449
  --> https://bugs.llvm.org/attachment.cgi?id=25449&action=edit
test case source code

Hi, the bug is best described by the (very simple) attached test case: there is
a coroutine do_run with an infinite loop containing a suspension point.
Variable val is created on the stack inside the loop. Address of this variable
is then taken, stuck into the args struct and passed to the func function which
dereferences the pointer and returns the result. We then check that the
returned value is equal to the original value of val. The code in main() simply
resumes a coroutine a few times.

When compiled on arm64 this results in invalid memory accesses by the program
(bogus values returned from func/use-of-uninitialized-value under MSan).

Checked this with clang-13 downloaded from https://apt.llvm.org/focal/ although
earlier versions exhibit the same behavior.

Compilation command: clang++-13 -std=c++20 -stdlib=libc++ -fcoroutines-ts -O2
test_coro.cc

Here is the compiler explorer link (compiled with a slightly older clang):
https://godbolt.org/z/sxraMMvP5

AFAICT miscompilation is already present in the generated LLVM IR
(https://gist.github.com/ztlpn/453b1f906e5f838fa6e47434b03c65e6): the args
struct is placed into the coroutine frame and args.value_ is incorrectly
initialized with a pointer to memory allocated in the stack frame of the
coroutine entry function (line 27, 38). By contrast, if I compile on x86_64,
memory for val is correctly allocated in the stack frame of the coroutine
resume function and the program doesn't crash.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20211114/88a98806/attachment-0001.html>

More information about the llvm-bugs mailing list