Skip to content

[x86] Assembler syntax check bugs #88516

New issue
New issue
Open
Open
[x86] Assembler syntax check bugs#88516
Labels
llvm:asmparser
@witbring

Description

@witbring
witbring
opened on Apr 12, 2024

Clang assembler does not thoroughly check the syntax of the assembly code.
It proceeds with assembling even if there are syntax errors present, which should ideally prompt warning messages or errors to help programmers identify mistakes in their code.

Confusing memory operand as label.

First, we observed that Clang (v16.0.0) often misinterprets a memory operand as a label.

For instance, when you write and assemble code like this:

$ cat buggy1.s
.intel_syntax noprefix
    ja BYTE PTR [1]

Clang (x86/x64) generates the following binary file.

$ bin/clang -c buggy1.s -o buggy1.o
$ objdump -d -M intel buggy1.o
0000000000000000 <.text>:
   0:	0f 87 00 00 00 00    	ja     0x6
$ readelf -r buggy1.o

Relocation section '.rela.text' at offset 0xc8 contains 21 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000000002  000000000002 R_X86_64_PC32                        -3

Clang translates memory operands into labels (or absolute addresses).

We observed such cases when Clang (x86/x64) assembles 'ja', 'jae', 'jb', 'jbe', 'je', 'jecxz', 'jge', 'jl', 'jle', 'jne', 'jno', 'jnp', 'jns', 'jo', 'jp', ' jrcxz', 'js', 'jmp', 'loop', 'loope', 'loopne' instructions.

Ignore pointer directives.

Second, we often observed that Clang ignore pointer directives

For instance, when you write and assemble code like this:

.intel_syntax noprefix
    call BYTE PTR [RAX]
    call WORD PTR [RAX]
    call DWORD PTR [RAX]
    call QWORD PTR [RAX]
    call XMMWORD PTR [RAX]

Clang ignores the pointer directives and emits the following binary code.

$ bin/clang -c buggy2.s -o buggy2.o
$ objdump -d -M intel buggy2.o
0000000000000000 <.text>:
   0:	ff 18                	call   FWORD PTR [rax]
   2:	ff 18                	call   FWORD PTR [rax]
   4:	ff 18                	call   FWORD PTR [rax]
   6:	ff 10                	call   QWORD PTR [rax]
   8:	ff 18                	call   FWORD PTR [rax]

We observed such cases from

  • Clang(x86): 'aesdecwide128kl', 'aesdecwide256kl', 'aesencwide128kl', 'aesencwide256kl', 'call', 'clrssbsy', 'fldenv', 'fnsave', 'frstor', 'fxsave', 'fnstenv', 'fxrstor', 'rstorssp', 'xrstor', 'xrstors', 'xsave', 'xsavec', 'xsaveopt', 'xsaves'
  • Clang(x64): 'aesencwide128kl', 'aesencwide256kl', 'aesdecwide128kl', 'aesdecwide256kl', 'call', 'fldenv', 'fnsave', 'frstor', 'fxsave', 'fnstenv', 'fxrstor', 'fxsave64', 'fxrstor64', 'ldtilecfg', 'lgdt', 'lidt', 'sgdt', 'sttilecfg', 'xbegin'

In my opinion, when assembling the example code, Clang should output warning or error messages.

Thanks.

Metadata

Metadata

Assignees

No one assigned

    Labels

    llvm:asmparser

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions