No exception raises when running use-after-free code with memory tagging enabled


I can successfully run tag manipulation instructions using Armv8-A Base RevC AEM FVP model. But for the following use-after-free code, there is no exception. I also cannot see the tag embedded in the top byte of pointer.

I also setup several registers based on the following patch. To successfully set up the register RGSR_EL1, I compiled the code with command "armclang --target=aarch64-arm-none-eabi -march=armv8.5-a+memtag -O0 -g -fsanitize=memtag -MD -MP -c -o "src/main.o" "../src/main.c" and linked the code with library using command "armlink --entry=start64 --scatter="/home/harper/developmentstudio-workspace/Hello/scatter.scat" --info=sizes --library_security=v8.5a -o "Hello.axf"  ./src/GICv3_gicd.o ./src/GICv3_gicr.o ./src/main.o ./src/sp804_timer.o ./src/timer_interrupts.o  ./asm/MP_Mutexes.o ./asm/startup.o ./asm/v8_aarch64.o ./asm/v8_utils.o ./asm/vectors.o"

May I ask how to configure the build option or debug configuration to throw an exception when running use-after-free code?


More questions in this forum