[llvm-dev] Hardware ASan Generating Unknown Instruction
Mitch Phillips via llvm-dev
llvm-dev at lists.llvm.org
Mon Jun 22 13:51:05 PDT 2020
> movk x0, #:prel_g3:.L.str+4294967296
Looks like it's getting tripped up on the relocation.
Peter - was there any additional work on the prel_g3 relocation when you
landed these patches?
On Mon, Jun 22, 2020 at 1:45 PM Derrick McKee <derrick.mckee at gmail.com>
wrote:
> Hi Mitch,
>
> > cat test.c
>
> #include <stdio.h>
>
> int main(int argc, char** argv) {
> printf("Hello, world!\n");
> return 0;
> }
>
>
> > cat test.s
> .text
> .file "test.c"
> .globl main // -- Begin function main
> .p2align 2
> .type main, at function
> main: // @main
> .Lfunc_begin0:
> .file 1 "/home/derrick/tmp" "test.c"
> .loc 1 3 0 // test.c:3:0
> .cfi_startproc
> // %bb.0:
> sub sp, sp, #48 // =48
> stp x29, x30, [sp, #32] // 16-byte Folded Spill
> add x29, sp, #32 // =32
> .cfi_def_cfa w29, 16
> .cfi_offset w30, -8
> .cfi_offset w29, -16
> adrp x8, :gottprel:__hwasan_tls
> ldr x8, [x8, :gottprel_lo12:__hwasan_tls]
> mrs x9, TPIDR_EL0
> ldr x8, [x9, x8]
> orr x8, x8, #0xffffffff
> add x8, x8, #1 // =1
> sub x2, x29, #4 // =4
> mov x9, x8
> bl __hwasan_check_x2_18_short
> mov w10, wzr
> stur w10, [x29, #-4]
> sub x2, x29, #8 // =8
> mov x9, x8
> bl __hwasan_check_x2_18_short
> stur w0, [x29, #-8]
> add x2, sp, #16 // =16
> mov x9, x8
> bl __hwasan_check_x2_19_short
> str x1, [sp, #16]
> .Ltmp0:
> .loc 1 4 2 prologue_end // test.c:4:2
> adrp x0, :pg_hi21_nc:.L.str
> movk x0, #:prel_g3:.L.str+4294967296
> add x0, x0, :lo12:.L.str
> str w10, [sp, #12] // 4-byte Folded Spill
> bl printf
> ldr w10, [sp, #12] // 4-byte Folded Reload
> str w0, [sp, #8] // 4-byte Folded Spill
> .loc 1 5 2 // test.c:5:2
> mov w0, w10
> ldp x29, x30, [sp, #32] // 16-byte Folded Reload
> add sp, sp, #48 // =48
> ret
> .Ltmp1:
> .Lfunc_end0:
> .size main, .Lfunc_end0-main
> .cfi_endproc
> // -- End function
> .section
> .text.hwasan.module_ctor,"axG", at progbits,hwasan.module_ctor,comdat
> .p2align 2 // -- Begin function hwasan.module_ctor
> .type hwasan.module_ctor, at function
> hwasan.module_ctor: // @hwasan.module_ctor
> .Lfunc_begin1:
> .cfi_startproc
> // %bb.0:
> str x30, [sp, #-16]! // 8-byte Folded Spill
> .cfi_def_cfa_offset 16
> .cfi_offset w30, -16
> bl __hwasan_init
> ldr x30, [sp], #16 // 8-byte Folded Reload
> ret
> .Lfunc_end1:
> .size hwasan.module_ctor, .Lfunc_end1-hwasan.module_ctor
> .cfi_endproc
> // -- End function
> .section .init_array.0,"aGw", at init_array,hwasan.module_ctor,comdat
> .p2align 3
> .xword hwasan.module_ctor
> .hidden __start_hwasan_globals
> .hidden __stop_hwasan_globals
> .type .Lhwasan.note, at object // @hwasan.note
> .section .note.hwasan.globals,"aG", at note,hwasan.note,comdat
> .p2align 2
> .Lhwasan.note:
> .word 8 // 0x8
> .word 8 // 0x8
> .word 3 // 0x3
> .asciz "LLVM\000\000\000"
> .word __start_hwasan_globals-.Lhwasan.note
> .word __stop_hwasan_globals-.Lhwasan.note
> .size .Lhwasan.note, 28
>
> .type .Lhwasan.dummy.global, at object // @hwasan.dummy.global
> .section
> hwasan_globals,"aGo", at progbits,hwasan.note,comdat,.Lhwasan.note,unique,1
> .p2align 2
> .Lhwasan.dummy.global:
> .size .Lhwasan.dummy.global, 0
>
> .type .L.str.hwasan, at object // @.str.hwasan
> .section .rodata,"a", at progbits
> .p2align 4
> .L.str.hwasan:
> .asciz "Hello, world!\n"
> .byte 208
> .size .L.str.hwasan, 16
>
> .type .L.str.hwasan.descriptor, at object // @.str.hwasan.descriptor
> .section hwasan_globals,"ao", at progbits,.L.str.hwasan,unique,2
> .p2align 3
> .L.str.hwasan.descriptor:
> .word .L.str.hwasan-.L.str.hwasan.descriptor
> .word 3489660943 // 0xd000000f
> .size .L.str.hwasan.descriptor, 8
>
> .section .debug_str,"MS", at progbits,1
> .Linfo_string0:
> .asciz "clang version 10.0.1
> (git at github.com:llvm/llvm-project.git
> a634a80615b1e012f1a61aa0cd1e2e67ef77d0bd)" // string offset=0
> .Linfo_string1:
> .asciz "test.c" // string offset=101
> .Linfo_string2:
> .asciz "/home/derrick/tmp" // string offset=108
> .Linfo_string3:
> .asciz "main" // string offset=126
> .Linfo_string4:
> .asciz "int" // string offset=131
> .Linfo_string5:
> .asciz "argc" // string offset=135
> .Linfo_string6:
> .asciz "argv" // string offset=140
> .Linfo_string7:
> .asciz "char" // string offset=145
> .section .debug_abbrev,"", at progbits
> .byte 1 // Abbreviation Code
> .byte 17 // DW_TAG_compile_unit
> .byte 1 // DW_CHILDREN_yes
> .byte 37 // DW_AT_producer
> .byte 14 // DW_FORM_strp
> .byte 19 // DW_AT_language
> .byte 5 // DW_FORM_data2
> .byte 3 // DW_AT_name
> .byte 14 // DW_FORM_strp
> .byte 16 // DW_AT_stmt_list
> .byte 23 // DW_FORM_sec_offset
> .byte 27 // DW_AT_comp_dir
> .byte 14 // DW_FORM_strp
> .byte 17 // DW_AT_low_pc
> .byte 1 // DW_FORM_addr
> .byte 18 // DW_AT_high_pc
> .byte 6 // DW_FORM_data4
> .byte 0 // EOM(1)
> .byte 0 // EOM(2)
> .byte 2 // Abbreviation Code
> .byte 46 // DW_TAG_subprogram
> .byte 1 // DW_CHILDREN_yes
> .byte 17 // DW_AT_low_pc
> .byte 1 // DW_FORM_addr
> .byte 18 // DW_AT_high_pc
> .byte 6 // DW_FORM_data4
> .byte 64 // DW_AT_frame_base
> .byte 24 // DW_FORM_exprloc
> .byte 3 // DW_AT_name
> .byte 14 // DW_FORM_strp
> .byte 58 // DW_AT_decl_file
> .byte 11 // DW_FORM_data1
> .byte 59 // DW_AT_decl_line
> .byte 11 // DW_FORM_data1
> .byte 39 // DW_AT_prototyped
> .byte 25 // DW_FORM_flag_present
> .byte 73 // DW_AT_type
> .byte 19 // DW_FORM_ref4
> .byte 63 // DW_AT_external
> .byte 25 // DW_FORM_flag_present
> .byte 0 // EOM(1)
> .byte 0 // EOM(2)
> .byte 3 // Abbreviation Code
> .byte 5 // DW_TAG_formal_parameter
> .byte 0 // DW_CHILDREN_no
> .byte 2 // DW_AT_location
> .byte 24 // DW_FORM_exprloc
> .byte 3 // DW_AT_name
> .byte 14 // DW_FORM_strp
> .byte 58 // DW_AT_decl_file
> .byte 11 // DW_FORM_data1
> .byte 59 // DW_AT_decl_line
> .byte 11 // DW_FORM_data1
> .byte 73 // DW_AT_type
> .byte 19 // DW_FORM_ref4
> .byte 0 // EOM(1)
> .byte 0 // EOM(2)
> .byte 4 // Abbreviation Code
> .byte 36 // DW_TAG_base_type
> .byte 0 // DW_CHILDREN_no
> .byte 3 // DW_AT_name
> .byte 14 // DW_FORM_strp
> .byte 62 // DW_AT_encoding
> .byte 11 // DW_FORM_data1
> .byte 11 // DW_AT_byte_size
> .byte 11 // DW_FORM_data1
> .byte 0 // EOM(1)
> .byte 0 // EOM(2)
> .byte 5 // Abbreviation Code
> .byte 15 // DW_TAG_pointer_type
> .byte 0 // DW_CHILDREN_no
> .byte 73 // DW_AT_type
> .byte 19 // DW_FORM_ref4
> .byte 0 // EOM(1)
> .byte 0 // EOM(2)
> .byte 0 // EOM(3)
> .section .debug_info,"", at progbits
> .Lcu_begin0:
> .word .Ldebug_info_end0-.Ldebug_info_start0 // Length of Unit
> .Ldebug_info_start0:
> .hword 4 // DWARF version number
> .word .debug_abbrev // Offset Into Abbrev. Section
> .byte 8 // Address Size (in bytes)
> .byte 1 // Abbrev [1] 0xb:0x6e
> DW_TAG_compile_unit
> .word .Linfo_string0 // DW_AT_producer
> .hword 12 // DW_AT_language
> .word .Linfo_string1 // DW_AT_name
> .word .Lline_table_start0 // DW_AT_stmt_list
> .word .Linfo_string2 // DW_AT_comp_dir
> .xword .Lfunc_begin0 // DW_AT_low_pc
> .word .Lfunc_end0-.Lfunc_begin0 // DW_AT_high_pc
> .byte 2 // Abbrev [2] 0x2a:0x36
> DW_TAG_subprogram
> .xword .Lfunc_begin0 // DW_AT_low_pc
> .word .Lfunc_end0-.Lfunc_begin0 // DW_AT_high_pc
> .byte 1 // DW_AT_frame_base
> .byte 109
> .word .Linfo_string3 // DW_AT_name
> .byte 1 // DW_AT_decl_file
> .byte 3 // DW_AT_decl_line
> // DW_AT_prototyped
> .word 96 // DW_AT_type
> // DW_AT_external
> .byte 3 // Abbrev [3] 0x43:0xe
> DW_TAG_formal_parameter
> .byte 2 // DW_AT_location
> .byte 145
> .byte 120
> .word .Linfo_string5 // DW_AT_name
> .byte 1 // DW_AT_decl_file
> .byte 3 // DW_AT_decl_line
> .word 96 // DW_AT_type
> .byte 3 // Abbrev [3] 0x51:0xe
> DW_TAG_formal_parameter
> .byte 2 // DW_AT_location
> .byte 145
> .byte 112
> .word .Linfo_string6 // DW_AT_name
> .byte 1 // DW_AT_decl_file
> .byte 3 // DW_AT_decl_line
> .word 103 // DW_AT_type
> .byte 0 // End Of Children Mark
> .byte 4 // Abbrev [4] 0x60:0x7
> DW_TAG_base_type
> .word .Linfo_string4 // DW_AT_name
> .byte 5 // DW_AT_encoding
> .byte 4 // DW_AT_byte_size
> .byte 5 // Abbrev [5] 0x67:0x5
> DW_TAG_pointer_type
> .word 108 // DW_AT_type
> .byte 5 // Abbrev [5] 0x6c:0x5
> DW_TAG_pointer_type
> .word 113 // DW_AT_type
> .byte 4 // Abbrev [4] 0x71:0x7
> DW_TAG_base_type
> .word .Linfo_string7 // DW_AT_name
> .byte 8 // DW_AT_encoding
> .byte 1 // DW_AT_byte_size
> .byte 0 // End Of Children Mark
> .Ldebug_info_end0:
> .set .L.str, .L.str.hwasan-3458764513820540928
> .size .L.str, 15
> .ident "clang version 10.0.1
> (git at github.com:llvm/llvm-project.git
> a634a80615b1e012f1a61aa0cd1e2e67ef77d0bd)"
> .section ".note.GNU-stack","", at progbits
> .addrsig
> .addrsig_sym printf
> .addrsig_sym __hwasan_init
> .addrsig_sym hwasan.module_ctor
> .addrsig_sym __start_hwasan_globals
> .addrsig_sym __stop_hwasan_globals
> .addrsig_sym .Lhwasan.note
> .addrsig_sym .Lhwasan.dummy.global
> .addrsig_sym .L.str.hwasan
> .addrsig_sym .L.str.hwasan.descriptor
> .addrsig_sym .L.str
> .section .text.hot,"axG", at progbits,__hwasan_check_x2_18_short,comdat
> .type __hwasan_check_x2_18_short, at function
> .weak __hwasan_check_x2_18_short
> .hidden __hwasan_check_x2_18_short
> __hwasan_check_x2_18_short:
> ubfx x16, x2, #4, #52
> ldrb w16, [x9, x16]
> cmp x16, x2, lsr #56
> b.ne .Ltmp2
> .Ltmp3:
> ret
> .Ltmp2:
> cmp w16, #15 // =15
> b.hi .Ltmp4
> and x17, x2, #0xf
> add x17, x17, #3 // =3
> cmp w16, w17
> b.ls .Ltmp4
> orr x16, x2, #0xf
> ldrb w16, [x16]
> cmp x16, x2, lsr #56
> b.eq .Ltmp3
> .Ltmp4:
> stp x0, x1, [sp, #-256]!
> stp x29, x30, [sp, #232]
> mov x0, x2
> mov x1, #18
> adrp x16, :got:__hwasan_tag_mismatch_v2
> ldr x16, [x16, :got_lo12:__hwasan_tag_mismatch_v2]
> br x16
> .section .text.hot,"axG", at progbits,__hwasan_check_x2_19_short,comdat
> .type __hwasan_check_x2_19_short, at function
> .weak __hwasan_check_x2_19_short
> .hidden __hwasan_check_x2_19_short
> __hwasan_check_x2_19_short:
> ubfx x16, x2, #4, #52
> ldrb w16, [x9, x16]
> cmp x16, x2, lsr #56
> b.ne .Ltmp5
> .Ltmp6:
> ret
> .Ltmp5:
> cmp w16, #15 // =15
> b.hi .Ltmp7
> and x17, x2, #0xf
> add x17, x17, #7 // =7
> cmp w16, w17
> b.ls .Ltmp7
> orr x16, x2, #0xf
> ldrb w16, [x16]
> cmp x16, x2, lsr #56
> b.eq .Ltmp6
> .Ltmp7:
> stp x0, x1, [sp, #-256]!
> stp x29, x30, [sp, #232]
> mov x0, x2
> mov x1, #19
> adrp x16, :got:__hwasan_tag_mismatch_v2
> ldr x16, [x16, :got_lo12:__hwasan_tag_mismatch_v2]
> br x16
> .section .debug_line,"", at progbits
> .Lline_table_start0:
>
> On Mon, Jun 22, 2020 at 4:37 PM Mitch Phillips <mitchp at google.com> wrote:
> >
> > Hi Derrick,
> >
> > Can you send through `test.c`? What does clang's assembly say
> (`path/to/compiled/clang --target=aarch64-linux-gnu -march=armv8.5-a
> -fsanitize=hwaddress -S test.c; cat test.s`)?
> >
> > - Mitch
> >
> > On Mon, Jun 22, 2020 at 12:04 PM Derrick McKee via llvm-dev <
> llvm-dev at lists.llvm.org> wrote:
> >>
> >> Hi,
> >>
> >> I am trying to execute a simple hello world program compiled like so:
> >>
> >> path/to/compiled/clang -o test --target=aarch64-linux-gnu
> >> -march=armv8.5-a -fsanitize=hwaddress
> >> --sysroot=/usr/aarch64-linux-gnu/
> >> -L/usr/lib/gcc/aarch64-linux-gnu/10.1.0/ -g test.c
> >>
> >> However, when I look at the disassembly, there is an unknown
> >> instruction listed at 0x2d51c:
> >>
> >> 000000000002d4c0 main:
> >> 2d4c0: ff c3 00 d1 sub sp, sp, #48
> >> 2d4c4: fd 7b 02 a9 stp x29, x30, [sp, #32]
> >> 2d4c8: fd 83 00 91 add x29, sp, #32
> >> 2d4cc: 08 01 00 d0 adrp x8, #139264
> >> 2d4d0: 08 49 47 f9 ldr x8, [x8, #3728]
> >> 2d4d4: 49 d0 3b d5 mrs x9, TPIDR_EL0
> >> 2d4d8: 28 69 68 f8 ldr x8, [x9, x8]
> >> 2d4dc: 08 7d 40 b2 orr x8, x8, #0xffffffff
> >> 2d4e0: 08 05 00 91 add x8, x8, #1
> >> 2d4e4: a2 13 00 d1 sub x2, x29, #4
> >> 2d4e8: e9 03 08 aa mov x9, x8
> >> 2d4ec: df 64 ff 97 bl #-158852
> >> <__hwasan_check_x2_18_short>
> >> 2d4f0: ea 03 1f 2a mov w10, wzr
> >> 2d4f4: aa c3 1f b8 stur w10, [x29, #-4]
> >> 2d4f8: a2 23 00 d1 sub x2, x29, #8
> >> 2d4fc: e9 03 08 aa mov x9, x8
> >> 2d500: da 64 ff 97 bl #-158872
> >> <__hwasan_check_x2_18_short>
> >> 2d504: a0 83 1f b8 stur w0, [x29, #-8]
> >> 2d508: e2 43 00 91 add x2, sp, #16
> >> 2d50c: e9 03 08 aa mov x9, x8
> >> 2d510: ec 64 ff 97 bl #-158800
> >> <__hwasan_check_x2_19_short>
> >> 2d514: e1 0b 00 f9 str x1, [sp, #16]
> >> 2d518: 40 00 00 d0 adrp x0, #40960
> >> 2d51c: e0 ff e5 b2 <unknown>
> >> 2d520: 00 40 35 91 add x0, x0, #3408
> >> 2d524: ea 0f 00 b9 str w10, [sp, #12]
> >> 2d528: c2 64 ff 97 bl #-158968 <printf at plt>
> >> 2d52c: ea 0f 40 b9 ldr w10, [sp, #12]
> >> 2d530: e0 0b 00 b9 str w0, [sp, #8]
> >> 2d534: e0 03 0a 2a mov w0, w10
> >> 2d538: fd 7b 42 a9 ldp x29, x30, [sp, #32]
> >> 2d53c: ff c3 00 91 add sp, sp, #48
> >> 2d540: c0 03 5f d6 ret
> >>
> >>
> >> Am I compiling the program incorrectly? For reference, here's my clang
> version
> >>
> >> # llvm-project/build-10.x/install/bin/clang --version
> >> [1]
> >> clang version 10.0.1 (git at github.com:llvm/llvm-project.git
> >> a634a80615b1e012f1a61aa0cd1e2e67ef77d0bd)
> >> Target: x86_64-unknown-linux-gnu
> >> Thread model: posix
> >>
> >> --
> >> Derrick McKee
> >> Phone: (703) 957-9362
> >> Email: derrick.mckee at gmail.com
> >> _______________________________________________
> >> LLVM Developers mailing list
> >> llvm-dev at lists.llvm.org
> >> https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>
>
>
> --
> Derrick McKee
> Phone: (703) 957-9362
> Email: derrick.mckee at gmail.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20200622/0157c73f/attachment.html>
More information about the llvm-dev
mailing list