libfuzzer forces use of popcnt instruction in its code #52893
Labels
Comments
In all cases, I think the intent was that the popcnt instruction should be more efficient, but I don't know why it wasn't simply left to |
freebsd-git
pushed a commit
to freebsd/freebsd-src
that referenced
this issue
Dec 30, 2021
Since popcnt is only supported by CPUTYPE=nehalem and later, ensure that this instruction is only emitted when appropriate. Otherwise, programs using the library can abort with SIGILL. See also: llvm/llvm-project#52893 PR: 258156 Reported by: Eric Rucker <bhtooefr@bhtooefr.org> MFC after: 3 days
freebsd-git
pushed a commit
to freebsd/freebsd-src
that referenced
this issue
Jan 2, 2022
Since popcnt is only supported by CPUTYPE=nehalem and later, ensure that this instruction is only emitted when appropriate. Otherwise, programs using the library can abort with SIGILL. See also: llvm/llvm-project#52893 PR: 258156 Reported by: Eric Rucker <bhtooefr@bhtooefr.org> MFC after: 3 days (cherry picked from commit 1331805)
freebsd-git
pushed a commit
to freebsd/freebsd-src
that referenced
this issue
Jan 2, 2022
Since popcnt is only supported by CPUTYPE=nehalem and later, ensure that this instruction is only emitted when appropriate. Otherwise, programs using the library can abort with SIGILL. See also: llvm/llvm-project#52893 PR: 258156 Reported by: Eric Rucker <bhtooefr@bhtooefr.org> MFC after: 3 days (cherry picked from commit 1331805)
bsdjhb
pushed a commit
to bsdjhb/cheribsd
that referenced
this issue
Jan 25, 2022
Since popcnt is only supported by CPUTYPE=nehalem and later, ensure that this instruction is only emitted when appropriate. Otherwise, programs using the library can abort with SIGILL. See also: llvm/llvm-project#52893 PR: 258156 Reported by: Eric Rucker <bhtooefr@bhtooefr.org> MFC after: 3 days
netgate-git-updates
pushed a commit
to pfsense/FreeBSD-src
that referenced
this issue
Mar 15, 2022
Since popcnt is only supported by CPUTYPE=nehalem and later, ensure that this instruction is only emitted when appropriate. Otherwise, programs using the library can abort with SIGILL. See also: llvm/llvm-project#52893 PR: 258156 Reported by: Eric Rucker <bhtooefr@bhtooefr.org> MFC after: 3 days (cherry picked from commit 1331805)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
FuzzerPlatform.h defines
ATTRIBUTE_TARGET_POPCNTas a shorthand for__attribute__((target("popcnt"))). This applies an override to the global build options, letting the compiler use the (SSE4?) 'popcnt' instruction for faster execution of certain bit code. It is currently only being used in FuzzerTracePC.cpp on 13 functions.The logic apparently being applied to ATTRIBUTE_TARGET_POPCNT is "if it's x86_64, it has popcnt". This is not true for various older processors. Forcing use of this instruction causes the resulting binary
libclang_rt.fuzzer-x86_64.ato crash with SIGILL when executing any of the flagged functions on processors that don't support popcnt.This was reported on the freebsd bugtracker in august 2021, after mysql80-server-8.0.26 was released and integrated into the ports tree. The relevant mysql change happened in february 2021 but wasn't put into a release until later. I have tried checking the now deleted svn history for libFuzzer and so far found llvm-svn: 279601 which shows that these overrides were already there in 2016. I could not find the changeset that initially added them since that site cannot access the repo.
It is not obvious why this code even exists. The popcnt flag should already be getting automatically set/unset based on the build's target architecture, so at best it's a no-op. Is it possible that the original author misunderstood the usage of this attribute, and thought it acted as a hint to the optimizer, and that it would be smart about only applying the optimization for eligible targets? (Does it actually also act as a hint?)
The text was updated successfully, but these errors were encountered: