Bug 222551

Summary: Code generated by Clang using union aliasing results in segmentation fault
Product: Base System Reporter: Michael Osipov <michael.osipov>
Component: binAssignee: Dimitry Andric <dim>
Status: Closed Overcome By Events    
Severity: Affects Many People CC: dim, emaste
Priority: ---    
Version: 11.1-RELEASE   
Hardware: i386   
OS: Any   

Description Michael Osipov 2017-09-24 11:31:19 UTC 
This was discovered while working on https://svnweb.freebsd.org/ports/head/lang/duktape/.

Using a double and an int array with eight elements corrupts the union. The issue has been reported against duktape: https://github.com/svaarala/duktape/issues/1752 , though already known since 2103 (http://lists.llvm.org/pipermail/cfe-users/2013-December/000321.html) and it turned out to be a Clang bug in FreeBSD which has been fixed in 5.0.0: https://bugs.llvm.org/show_bug.cgi?id=32056.

I simple example is availabe at https://github.com/svaarala/duktape/blob/master/misc/clang_aliasing.c.

The fix from Clang trunk requires a backport to 4.0.x and update in FreeBSD base. Unfortunately, there is no workaround to this issue unless you install llvm50 from ports.
Comment 1 Dimitry Andric freebsd_committer freebsd_triage 2017-09-25 09:19:48 UTC 
clang 5.0.0 has been merged into head as of r323245 (2017-09-06), and it will land in stable/11 pretty soon.  So I'll close this bug when it lands there.
Comment 2 Michael Osipov 2017-09-25 11:41:58 UTC 
(In reply to Dimitry Andric from comment #1)

That's good news. I am on 11.1-RELEASE. What about it and 10.4-RELEASE? One still has to use llvm50 from ports?
Comment 3 Dimitry Andric freebsd_committer freebsd_triage 2017-09-25 11:56:26 UTC 
(In reply to Michael Osipov from comment #2)
> (In reply to Dimitry Andric from comment #1)
> 
> That's good news. I am on 11.1-RELEASE. What about it and 10.4-RELEASE? One
> still has to use llvm50 from ports?

11.1-RELEASE is already out the door, and I don't think this issue warrants an Errata Notice, as you can work around it with either the llvm50 port, or maybe we could apply the upstream patch to the llvm40 port.

10.4-RELEASE still has a much older clang 3.4.1, and I have no idea if this union issue even applies to it.  In any case, that could also use either the llvm40 or llvm50 port.
Comment 4 Michael Osipov 2017-09-25 12:21:10 UTC 
(In reply to Dimitry Andric from comment #3)

Makes sense. Only 11.2-RELEASE will receive 5.0.0, right?
Comment 5 Dimitry Andric freebsd_committer freebsd_triage 2017-09-25 15:50:34 UTC 
(In reply to Michael Osipov from comment #4)
> (In reply to Dimitry Andric from comment #3)
> 
> Makes sense. Only 11.2-RELEASE will receive 5.0.0, right?

Indeed, stable/11 will eventually be released as 11.2-RELEASE. (It'll not be very soon, though, as 11.1-RELEASE is quite recent.)
Comment 6 Ed Maste freebsd_committer freebsd_triage 2017-10-17 03:26:35 UTC 
(In reply to Dimitry Andric from comment #3)
> 10.4-RELEASE still has a much older clang 3.4.1, and I have no idea if this
> union issue even applies to it.

Michael links to a cfe-users report from the end of 2013 against Clang 3.3, so it seems likely that the problem will affect 10.4 as well.

Unfortunately it looks like we don't have a handy USES= arg available already in ports to require Clang 5.0+
Comment 7 Michael Osipov 2017-10-17 06:22:45 UTC 
(In reply to Ed Maste from comment #6)

It does also apply to 10.4. I tried 3.4.1, 3.8.1, 4.0.0, 4.0.1 and 5.0.0. Only 5.0.0 works since this issue has been fixed in 5.0.0. So base r10.4-RELEASE is affected.
Comment 8 Michael Osipov 2017-10-17 12:25:56 UTC 
For the record:

> osipovmi@blnn719x:/var/osipovmi$ uname -a
> FreeBSD blnn719x.ww004.siemens.net 10.4-PRERELEASE FreeBSD 10.4-PRERELEASE #8 r323607: Fri Sep 15 10:3  8:24 CEST 2017     root@blnn719x.ww004.siemens.net:/usr/obj/usr/src/sys/BLNN719X  i386
> osipovmi@blnn719x:/var/osipovmi$ git clone https://github.com/svaarala/duktape.git
> Klone nach 'duktape' ...
> remote: Counting objects: 50570, done.
> remote: Compressing objects: 100% (82/82), done.
> remote: Total 50570 (delta 24), reused 38 (delta 13), pack-reused 50475
> Empfange Objekte: 100% (50570/50570), 67.58 MiB | 7.30 MiB/s, Fertig.
> Löse Unterschiede auf: 100% (36345/36345), Fertig.
> Checke Dateien aus: 100% (3135/3135), Fertig.
> osipovmi@blnn719x:/var/osipovmi$ cd duktape/misc/
> osipovmi@blnn719x:/var/osipovmi/duktape/misc$ cc -Os -m32 -std=c99 -fstrict-aliasing -fomit-frame-poin  ter clang_aliasing.c
> osipovmi@blnn719x:/var/osipovmi/duktape/misc$ ./a.out
> 11 22 33 44 00 00 f1 ff
> 11 22 33 44 00 00 f9 ff
> 11 22 33 44 00 00 f9 ff
> 11 22 33 44 00 00 f1 ff
> osipovmi@blnn719x:/var/osipovmi$ cc --version
> FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
> Target: i386-unknown-freebsd10.4
> Thread model: posix

So 10-STABLE will be broken for another year.
Comment 9 Dimitry Andric freebsd_committer freebsd_triage 2017-10-17 14:16:42 UTC 
(In reply to Michael Osipov from comment #8)
> For the record:
> 
> > osipovmi@blnn719x:/var/osipovmi$ uname -a
> > FreeBSD blnn719x.ww004.siemens.net 10.4-PRERELEASE FreeBSD 10.4-PRERELEASE #8 r323607: Fri Sep 15 10:3  8:24 CEST 2017     root@blnn719x.ww004.siemens.net:/usr/obj/usr/src/sys/BLNN719X  i386
> > osipovmi@blnn719x:/var/osipovmi$ git clone https://github.com/svaarala/duktape.git
> > Klone nach 'duktape' ...
> > remote: Counting objects: 50570, done.
> > remote: Compressing objects: 100% (82/82), done.
> > remote: Total 50570 (delta 24), reused 38 (delta 13), pack-reused 50475
> > Empfange Objekte: 100% (50570/50570), 67.58 MiB | 7.30 MiB/s, Fertig.
> > Löse Unterschiede auf: 100% (36345/36345), Fertig.
> > Checke Dateien aus: 100% (3135/3135), Fertig.
> > osipovmi@blnn719x:/var/osipovmi$ cd duktape/misc/
> > osipovmi@blnn719x:/var/osipovmi/duktape/misc$ cc -Os -m32 -std=c99 -fstrict-aliasing -fomit-frame-poin  ter clang_aliasing.c
> > osipovmi@blnn719x:/var/osipovmi/duktape/misc$ ./a.out
> > 11 22 33 44 00 00 f1 ff
> > 11 22 33 44 00 00 f9 ff
> > 11 22 33 44 00 00 f9 ff
> > 11 22 33 44 00 00 f1 ff
> > osipovmi@blnn719x:/var/osipovmi$ cc --version
> > FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
> > Target: i386-unknown-freebsd10.4
> > Thread model: posix
> 
> So 10-STABLE will be broken for another year.

Just use -fno-strict-aliasing.
Comment 10 Michael Osipov 2017-10-17 17:09:23 UTC 
(In reply to Dimitry Andric from comment #9)

Does not work:

> [mosipov@mika-ion ~/Projekte/duktape/misc]$ rm ./a.out
> [mosipov@mika-ion ~/Projekte/duktape/misc]$ cc -Os -m32 -std=c99 -fno-strict-aliasing -fomit-frame-pointer clang_aliasing.c
> [mosipov@mika-ion ~/Projekte/duktape/misc]$ ./a.out
> 11 22 33 44 00 00 f1 ff
> 11 22 33 44 00 00 f9 ff
> 11 22 33 44 00 00 f9 ff
> 11 22 33 44 00 00 f1 ff
Comment 11 Michael Osipov 2018-11-20 15:05:51 UTC 
10 is out of support now. Has this now been overcome by events?