https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100908
Bug ID: 100908
Summary: asan clobberes register asm variables
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: krebbel at gcc dot gnu.org
Target Milestone: ---
Created attachment 50933
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=50933&action=edit
Testcase
Compiling the testcase with either:
gcc -O3 t1.c -o t -fsanitize=address --param
asan-instrumentation-with-call-threshold=0
or
gcc -O3 t1.c -o t -fsanitize=kernel-address -lasan
aborts because dereferencing y triggers the address sanitizer to
introduce a function call.
That a function call might clobber registers assigned with register asm
is a documented limitation of the register asm construct:
https://gcc.gnu.org/onlinedocs/gcc/Local-Register-Variables.html
However, in combination with the address sanitizer this becomes even
less obvious making even the most experienced kernel developers trip
over it:
https://lkml.org/lkml/2020/10/23/908
For IBM Z quite a few cases like this have been reported to me. Here just
one I could find quickly:
https://lore.kernel.org/patchwork/patch/1413907/
Btw. clang appears to handle this more gracefully and preserves the
value of the variable around function calls. The attached testcase
works fine with clang.
I think it would be much better to find a solution which allows to
directly name hard registers as inline assembly constraints. I'll
post an RFC on the mailing list.
