Index: lib/Transforms/Instrumentation/HWAddressSanitizer.cpp =================================================================== --- lib/Transforms/Instrumentation/HWAddressSanitizer.cpp +++ lib/Transforms/Instrumentation/HWAddressSanitizer.cpp @@ -703,10 +703,12 @@ Value *HWAddressSanitizer::getHwasanThreadSlotPtr(IRBuilder<> &IRB, Type *Ty) { Module *M = IRB.GetInsertBlock()->getParent()->getParent(); if (TargetTriple.isAArch64() && TargetTriple.isAndroid()) { + // Android provides a fixed TLS slot for sanitizers. See TLS_SLOT_SANITIZER + // in Bionic's libc/private/bionic_tls.h. Function *ThreadPointerFunc = Intrinsic::getDeclaration(M, Intrinsic::thread_pointer); Value *SlotPtr = IRB.CreatePointerCast( - IRB.CreateConstGEP1_32(IRB.CreateCall(ThreadPointerFunc), 0x40), + IRB.CreateConstGEP1_32(IRB.CreateCall(ThreadPointerFunc), 0x30), Ty->getPointerTo(0)); return SlotPtr; } Index: test/Instrumentation/HWAddressSanitizer/prologue.ll =================================================================== --- test/Instrumentation/HWAddressSanitizer/prologue.ll +++ test/Instrumentation/HWAddressSanitizer/prologue.ll @@ -29,7 +29,7 @@ ; CHECK-GLOBAL: load i64, i64* @__hwasan_shadow_memory_dynamic_address ; CHECK-TLS: %[[A:[^ ]*]] = call i8* @llvm.thread.pointer() -; CHECK-TLS: %[[B:[^ ]*]] = getelementptr i8, i8* %[[A]], i32 64 +; CHECK-TLS: %[[B:[^ ]*]] = getelementptr i8, i8* %[[A]], i32 48 ; CHECK-TLS: %[[C:[^ ]*]] = bitcast i8* %[[B]] to i64* ; CHECK-TLS: %[[D:[^ ]*]] = load i64, i64* %[[C]] ; CHECK-TLS: %[[E:[^ ]*]] = or i64 %[[D]], 4294967295 @@ -60,7 +60,7 @@ ; CHECK-GLOBAL: load i64, i64* @__hwasan_shadow_memory_dynamic_address ; CHECK-TLS: %[[A:[^ ]*]] = call i8* @llvm.thread.pointer() -; CHECK-TLS: %[[B:[^ ]*]] = getelementptr i8, i8* %[[A]], i32 64 +; CHECK-TLS: %[[B:[^ ]*]] = getelementptr i8, i8* %[[A]], i32 48 ; CHECK-TLS: %[[C:[^ ]*]] = bitcast i8* %[[B]] to i64* ; CHECK-TLS: %[[D:[^ ]*]] = load i64, i64* %[[C]]