[llvm] [AArch64] Verify ldp/stp alignment stricter (PR #83948)

Florian Mayer via llvm-commits llvm-commits at lists.llvm.org
Tue Mar 5 15:50:07 PST 2024 

fmayer wrote:

This broke the ASan buildbot: https://lab.llvm.org/buildbot/#/builders/168/builds/19054/steps/10/logs/stdio

```
==2590670==ERROR: AddressSanitizer: use-after-poison on address 0x52100054c618 at pc 0x560bf92304ba bp 0x7ffcba24a6d0 sp 0x7ffcba24a6c8
READ of size 8 at 0x52100054c618 thread T0
    #0 0x560bf92304b9 in getOpcode /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/include/llvm/CodeGen/MachineInstr.h:544:39
    #1 0x560bf92304b9 in hasUnscaledLdStOffset /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/Target/AArch64/AArch64InstrInfo.h:83:37
    #2 0x560bf92304b9 in (anonymous namespace)::AArch64LoadStoreOpt::tryToPairLdStInst(llvm::MachineInstrBundleIterator<llvm::MachineInstr, false>&) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/Target/AArch64/AArch64LoadStoreOptimizer.cpp:2380:9
    #3 0x560bf92280f7 in (anonymous namespace)::AArch64LoadStoreOpt::optimizeBlock(llvm::MachineBasicBlock&, bool) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/Target/AArch64/AArch64LoadStoreOptimizer.cpp:2501:43
    #4 0x560bf922276d in (anonymous namespace)::AArch64LoadStoreOpt::runOnMachineFunction(llvm::MachineFunction&) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/Target/AArch64/AArch64LoadStoreOptimizer.cpp:2543:14
    #5 0x560bfd34b832 in llvm::MachineFunctionPass::runOnFunction(llvm::Function&) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/CodeGen/MachineFunctionPass.cpp:93:13
    #6 0x560bfe0b72b7 in llvm::FPPassManager::runOnFunction(llvm::Function&) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1445:27
    #7 0x560bfe0cdea1 in llvm::FPPassManager::runOnModule(llvm::Module&) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1491:16
    #8 0x560bfe0b8f7b in runOnModule /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1560:27
    #9 0x560bfe0b8f7b in llvm::legacy::PassManagerImpl::run(llvm::Module&) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:542:44
    #10 0x560bf887e30c in compileModule(char**, llvm::LLVMContext&) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/tools/llc/llc.cpp:739:8
    #11 0x560bf88790ce in main /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/tools/llc/llc.cpp:408:22
    #12 0x7f7a0c223a8f  (/lib/x86_64-linux-gnu/libc.so.6+0x23a8f) (BuildId: d320ce4e63925d698610ed423fc4b1f0e8ed51f1)
    #13 0x7f7a0c223b48 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x23b48) (BuildId: d320ce4e63925d698610ed423fc4b1f0e8ed51f1)
    #14 0x560bf87905a4 in _start (/b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm_build_asan/bin/llc+0x7e275a4)
0x52100054c618 is located 280 bytes inside of 4096-byte region [0x52100054c500,0x52100054d500)
allocated by thread T0 here:
    #0 0x560bf8867d22 in operator new(unsigned long, std::align_val_t) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:98:3
    #1 0x560bf8d0c003 in Allocate /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/include/llvm/Support/AllocatorBase.h:92:12
    #2 0x560bf8d0c003 in StartNewSlab /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/include/llvm/Support/Allocator.h:339:42
    #3 0x560bf8d0c003 in llvm::BumpPtrAllocatorImpl<llvm::MallocAllocator, 4096ul, 4096ul, 128ul>::Allocate(unsigned long, llvm::Align) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/include/llvm/Support/Allocator.h:195:5
    #4 0x560bfd36e65d in Allocate /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/include/llvm/Support/Allocator.h:209:12
    #5 0x560bfd36e65d in allocate<llvm::BumpPtrAllocatorImpl<llvm::MallocAllocator, 4096UL, 4096UL, 128UL> > /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/include/llvm/Support/ArrayRecycler.h:130:38
    #6 0x560bfd36e65d in allocateOperandArray /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/include/llvm/CodeGen/MachineFunction.h:1082:28
    #7 0x560bfd36e65d in llvm::MachineInstr::MachineInstr(llvm::MachineFunction&, llvm::MCInstrDesc const&, llvm::DebugLoc, bool) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/CodeGen/MachineInstr.cpp:107:19
    #8 0x560bfd32c350 in llvm::MachineFunction::CreateMachineInstr(llvm::MCInstrDesc const&, llvm::DebugLoc, bool) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/CodeGen/MachineFunction.cpp:400:7
    #9 0x560bff221883 in BuildMI /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/include/llvm/CodeGen/MachineInstrBuilder.h:365:37
    #10 0x560bff221883 in llvm::InstrEmitter::EmitMachineNode(llvm::SDNode*, bool, bool, llvm::DenseMap<llvm::SDValue, llvm::Register, llvm::DenseMapInfo<llvm::SDValue, void>, llvm::detail::DenseMapPair<llvm::SDValue, llvm::Register>>&) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/CodeGen/SelectionDAG/InstrEmitter.cpp:1039:29
    #11 0x560bff25e287 in EmitNode /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/CodeGen/SelectionDAG/InstrEmitter.h:145:7
    #12 0x560bff25e287 in llvm::ScheduleDAGSDNodes::EmitSchedule(llvm::MachineInstrBundleIterator<llvm::MachineInstr, false>&)::$_0::operator()(llvm::SDNode*, bool, bool, llvm::DenseMap<llvm::SDValue, llvm::Register, llvm::DenseMapInfo<llvm::SDValue, void>, llvm::detail::DenseMapPair<llvm::SDValue, llvm::Register>>&) const /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/CodeGen/SelectionDAG/ScheduleDAGSDNodes.cpp:873:13
    #13 0x560bff25c0c1 in llvm::ScheduleDAGSDNodes::EmitSchedule(llvm::MachineInstrBundleIterator<llvm::MachineInstr, false>&) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/CodeGen/SelectionDAG/ScheduleDAGSDNodes.cpp:951:9
    #14 0x560bff45cce3 in llvm::SelectionDAGISel::CodeGenAndEmitDAG() /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:1017:42
    #15 0x560bff456228 in llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:1750:7
    #16 0x560bff44cbf9 in llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:516:3
    #17 0x560bfd34b832 in llvm::MachineFunctionPass::runOnFunction(llvm::Function&) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/CodeGen/MachineFunctionPass.cpp:93:13
    #18 0x560bfe0b72b7 in llvm::FPPassManager::runOnFunction(llvm::Function&) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1445:27
    #19 0x560bfe0cdea1 in llvm::FPPassManager::runOnModule(llvm::Module&) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1491:16
    #20 0x560bfe0b8f7b in runOnModule /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1560:27
    #21 0x560bfe0b8f7b in llvm::legacy::PassManagerImpl::run(llvm::Module&) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:542:44
    #22 0x560bf887e30c in compileModule(char**, llvm::LLVMContext&) /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/tools/llc/llc.cpp:739:8
    #23 0x560bf88790ce in main /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/tools/llc/llc.cpp:408:22
    #24 0x7f7a0c223a8f  (/lib/x86_64-linux-gnu/libc.so.6+0x23a8f) (BuildId: d320ce4e63925d698610ed423fc4b1f0e8ed51f1)
SUMMARY: AddressSanitizer: use-after-poison /b/sanitizer-x86_64-linux-bootstrap-asan/build/llvm-project/llvm/include/llvm/CodeGen/MachineInstr.h:544:39 in getOpcode
Shadow bytes around the buggy address:
  0x52100054c380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x52100054c400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x52100054c480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x52100054c500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x52100054c580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x52100054c600: f7 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 00 00 00 00 00
  0x52100054c680: 00 00 00 00 00 00 00 00 00 00 00 f7 f7 f7 f7 f7
  0x52100054c700: f7 f7 f7 f7 f7 f7 00 00 00 00 00 00 00 00 00 00
  0x52100054c780: 00 00 00 00 00 00 f7 00 00 00 00 00 00 00 00 00
  0x52100054c800: f7 00 00 00 00 00 00 00 00 00 f7 00 00 00 00 00
  0x52100054c880: 00 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==2590670==ABORTING
```

https://github.com/llvm/llvm-project/pull/83948

More information about the llvm-commits mailing list