Skip to content

Bug: Internal compiler error in Arm crypto intrinsics path with older clang (aarch64 + clang-6) #660

New issue
New issue
Open
#663
Open
Bug: Internal compiler error in Arm crypto intrinsics path with older clang (aarch64 + clang-6)#660
#663
Assignees
minosgalanakis
Labels
bugSomething isn't workingcomponent-platformPortability layer and build scriptspriority-mediumMedium priority - this can be reviewed as time permitssize-xsEstimated task size: extra small (a few hours at most)
@minosgalanakis

Description

@minosgalanakis
minosgalanakis
opened on Jan 14, 2026

Summary

Building TF-PSA-Crypto on Ubuntu 18.04 (aarch64) with clang 6.0.0 fails with a clang backend internal compiler error when compiling the AESCE implementation.
The failure is triggered by the use of Arm crypto intrinsics (vaes*) together with a Clang per-function target attribute requesting "aes".

This appears to be a toolchain compatibility issue with older Clang versions and is not related to the include-order problem previously addressed in #603 and #614

It was introduced by Mbed-TLS/mbedtls#7878 but will only affect clang versions 4 and 5.

System information

TF-PSA-Crypto version (number or commit id):
• Current development branch -> HEAD (observed while working on PR #614 / #603)
Operating system and version:
• Ubuntu 18.04 (aarch64), running in Docker on Apple Silicon macOS
Configuration (if not default, please attach crypto_config.h):
• Default configuration
Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
• clang 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
• No explicit -march=armv8-a+crypto flags (relying on in-source compiler feature handling)
Additional environment information:
• Docker-based build environment
• Reproduced consistently with a freshly built Ubuntu 18.04 image

Expected behavior

TF-PSA-Crypto should either:
• build successfully, or
• fail gracefully with a clear diagnostic indicating that a newer compiler or explicit -march=armv8-a+crypto is required.

It should not crash the compiler.

Actual behavior

The build fails with a clang back-end crash while compiling AESCE code, for example:

 fatal error: error in backend: Cannot select: intrinsic %llvm.aarch64.crypto.aesimc
 clang: error: unable to execute command: Segmentation fault

This is an internal compiler error.

Full error log

  CC    ../tf-psa-crypto/drivers/builtin/src/aes.c
../tf-psa-crypto/drivers/builtin/src/sha512.c:65:12: error: "A more recent Clang is required for MBEDTLS_SHA512_USE_A64_CRYPTO_*"
#          error "A more recent Clang is required for MBEDTLS_SHA512_USE_A64_CRYPTO_*"
           ^
  CC    ../tf-psa-crypto/drivers/builtin/src/aesce.c
  CC    ../tf-psa-crypto/drivers/builtin/src/aesni.c
  CC    ../tf-psa-crypto/drivers/builtin/src/bignum_mod.c
1 error generated.
Makefile:262: recipe for target '../tf-psa-crypto/drivers/builtin/src/sha512.o' failed
make[1]: *** [../tf-psa-crypto/drivers/builtin/src/sha512.o] Error 1
make[1]: *** Waiting for unfinished jobs....
'+aes' is not a recognized feature for this target (ignoring feature)
'+aes' is not a recognized feature for this target (ignoring feature)
fatal error: error in backend: Cannot select: intrinsic %llvm.aarch64.crypto.aese
clang: error: clang frontend command failed with exit code 70 (use -v to see invocation)
clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
Target: aarch64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
clang: note: diagnostic msg: PLEASE submit a bug report to http://llvm.org/bugs/ and include the crash backtrace, preprocessed source, and associated run script.
clang: note: diagnostic msg:
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang: note: diagnostic msg: /tmp/aesce-0e2b4f.c
clang: note: diagnostic msg: /tmp/aesce-0e2b4f.sh
clang: note: diagnostic msg:

********************
Makefile:262: recipe for target '../tf-psa-crypto/drivers/builtin/src/aesce.o' failed
make[1]: *** [../tf-psa-crypto/drivers/builtin/src/aesce.o] Error 70
make[1]: Leaving directory '/var/lib/ws/mbedtls/library'
Makefile:69: recipe for target 'server_libs' failed
make: *** [server_libs] Error 2

Steps to reproduce

On an Ubuntu 18.04 aarch64 image with clang 6 installed:

 ./tests/scripts/all.sh --seed 4 --keep-going check_generated_files

Additional information

Preliminary investigation suggests:

  • __ARM_FEATURE_CRYPTO, __ARM_FEATURE_AES, and MBEDTLS_ENABLE_ARM_CRYPTO_EXTENSIONS_COMPILER_FLAG are defined as intended.
  • This causes the AESCE code to push a Clang per-function target attribute requesting "aes".
  • On clang 6, this feature is included in the not reliably enable the Arm crypto backend and +aes feature is introduced in newer versions aesce: use correct target attribute when building with clang mbedtls#7878
  • As a result, the compiler accepts the intrinsics at the front end but crashes during instruction selection.
  • With sha512.c the code is failing graciously as expected but I have not checked that the +sha3 feature is included in the +crypto as is the case with +aes in compiler versions < 7
    Using a newer Clang or compiling the crypto-extension sources with -march=armv8-a+crypto avoids the issue.

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingcomponent-platformPortability layer and build scriptspriority-mediumMedium priority - this can be reviewed as time permitssize-xsEstimated task size: extra small (a few hours at most)

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions