52501 – Coroutine miscompilation on arm64 leading to invalid memory access

LLVM Bugzilla is read-only and represents the historical archive of all LLVM issues filled before November 26, 2021. Use github to submit LLVM bugs

Bug 52501 - Coroutine miscompilation on arm64 leading to invalid memory access

Summary: Coroutine miscompilation on arm64 leading to invalid memory access

Status:	NEW

Alias:	None

Product:	clang
Classification:	Unclassified
Component:	C++2a (show other bugs)
Version:	13.0
Hardware:	Other Linux

Importance:	P normal
Assignee:	Unassigned Clang Bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-11-14 06:06 PST by Alexey Zatelepin
Modified:	2021-11-14 06:06 PST (History)
CC List:	4 users (show)

See Also:
Fixed By Commit(s):

Attachments
test case source code (1.13 KB, text/x-csrc) 2021-11-14 06:06 PST, Alexey Zatelepin	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexey Zatelepin 2021-11-14 06:06:14 PST

Created attachment 25449 [details]
test case source code

Hi, the bug is best described by the (very simple) attached test case: there is a coroutine do_run with an infinite loop containing a suspension point. Variable val is created on the stack inside the loop. Address of this variable is then taken, stuck into the args struct and passed to the func function which dereferences the pointer and returns the result. We then check that the returned value is equal to the original value of val. The code in main() simply resumes a coroutine a few times.

When compiled on arm64 this results in invalid memory accesses by the program (bogus values returned from func/use-of-uninitialized-value under MSan).

Checked this with clang-13 downloaded from https://apt.llvm.org/focal/ although earlier versions exhibit the same behavior.

Compilation command: clang++-13 -std=c++20 -stdlib=libc++ -fcoroutines-ts -O2 test_coro.cc

Here is the compiler explorer link (compiled with a slightly older clang): https://godbolt.org/z/sxraMMvP5

AFAICT miscompilation is already present in the generated LLVM IR (https://gist.github.com/ztlpn/453b1f906e5f838fa6e47434b03c65e6): the args struct is placed into the coroutine frame and args.value_ is incorrectly initialized with a pointer to memory allocated in the stack frame of the coroutine entry function (line 27, 38). By contrast, if I compile on x86_64, memory for val is correctly allocated in the stack frame of the coroutine resume function and the program doesn't crash.