Asan with Windows EH generates __asan_xxx runtime calls without required funclet tokens

[sylvain-audi]

This issue has been discussed in #39667 as well as google/sanitizers#749

As mentionned by @rnk in a comment: "ASan instrumentation isn't inserting calls into EH pads with the right funclet token bundle, so any attempts to do ASan checks inside funclets will be removed by WinEHPrepare. "

It seems that not only WinEHPrepare will remove the calls themselves but it also discards the entire Basic Block around it, replacing the content with unreachable statement.

Here is a repro:

char buff1[6] = "hello";
char buff2[6] = "hello";

int main(int argc, char **argv) {
  int result = 1;
  try {
    throw 1;
  } catch (...) {
    // make asan generate call to __asan_memcpy that should report an error due to memory overflow.
    __builtin_memcpy(buff1, buff2 + 3, 6);
    result = 0;
  }
  return result;
}

See in Compiler Explorer: https://godbolt.org/z/Tacdhsz4T
Notice, in the LLVM Opt Pipeline Viewer, the WinEHPrepare pass of main: the entire catch Basic block and successors get transformed into a single unreachable statement.

[llvmbot]

@llvm/issue-subscribers-bug

[rnk]

This is true, this was the intended behavior. The thinking was:

• calls to functions with the wrong funclet are UB
• we can transform them to unreachable, and then run the standard unreachable block cleanup pass
• if we do this, it will enforce the invariant that all blocks have a unique funclet color without having to clone blocks

It's the kind of error recovery that only a compiler engineer would think is reasonable ("What do you do when something impossible happens, abort and report an error? No, just delete the code, the impossible can't happen!"), but that's what we did, I can't really defend it too strongly.

We could certainly revise the decision. The smallest most incremental change would be to replace the call with a trap followed by unreachable, which won't propagate backwards.

[sylvain-audi]

Thanks for the explanation!

I intended the scope of this issue to be limited to the bug where asan doesn't add a required funclet opbundle, causing UB. A patch is currently in review for this, which simply adds the missing opbundle.

I wanted to isolate this bug as a new issue, as I realized that the patch I mentioned doesn't entirely fix the issues where it was described in the comments (#39667 and google/sanitizers#749). This way I could close this issue after the patch lands.