runtime: fix inline assembly trampoline for arm64

Use the program counter to compute the address of the first instruction
of the ret sled. The ret sled is located after 5 instructions from the
MOVD instruction saving the value of the program counter.

Change-Id: Ie7ae7a0807785d6fea035cf7a770dba7f37de0ec
GitHub-Last-Rev: 2719208c6a3b049e0f394e5311ce3282b58f8516
GitHub-Pull-Request: golang/go#53039
Reviewed-on: https://go-review.googlesource.com/c/go/+/407895
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Alan Donovan <adonovan@google.com>

diff --git a/src/runtime/libfuzzer_arm64.s b/src/runtime/libfuzzer_arm64.s
index 9da94be03ecdbe43517493b7a355ca754da49f55..37b35173c3b52f7d5dd7fabe11bb2469c7cf50f3 100644 (file)
--- a/src/runtime/libfuzzer_arm64.s
+++ b/src/runtime/libfuzzer_arm64.s
@@ -43,8 +43,8 @@ TEXT  runtime·libfuzzerCallTraceIntCmp(SB), NOSPLIT, $8-32
        MOVD    R12, RSP
 call:
        // Load address of the ret sled into the default register for the return
-       // address (offset of four instructions, which means 16 bytes).
-       ADR     $16, R30
+       // address.
+       ADR     ret_sled, R30
        // Clear the lowest 2 bits of fakePC. All ARM64 instructions are four
        // bytes long, so we cannot get better return address granularity than
        // multiples of 4.
@@ -60,8 +60,9 @@ call:
 // has the same byte length of 4 * 128 = 512 as the x86_64 sled, but
 // coarser granularity.
 #define RET_SLED \
-       JMP end_of_function;
+       JMP     end_of_function;
 
+ret_sled:
        REPEAT_128(RET_SLED);
 
 end_of_function: