runtime: fix inline assembly trampoline for arm64

Use the program counter to compute the address of the first instruction
of the ret sled. The ret sled is located after 5 instructions from the
MOVD instruction saving the value of the program counter.

Change-Id: Ie7ae7a0807785d6fea035cf7a770dba7f37de0ec
GitHub-Last-Rev: 2719208c6a3b049e0f394e5311ce3282b58f8516
GitHub-Pull-Request: golang/go#53039
Reviewed-on: https://go-review.googlesource.com/c/go/+/407895
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Alan Donovan <adonovan@google.com>

1 files changed, 4 insertions, 3 deletions

diff --git a/src/runtime/libfuzzer_arm64.s b/src/runtime/libfuzzer_arm64.s
index 9da94be03e..37b35173c3 100644
--- a/src/runtime/libfuzzer_arm64.s
+++ b/src/runtime/libfuzzer_arm64.s
@@ -43,8 +43,8 @@ TEXT	runtime·libfuzzerCallTraceIntCmp(SB), NOSPLIT, $8-32
 	MOVD	R12, RSP
 call:
 	// Load address of the ret sled into the default register for the return
-	// address (offset of four instructions, which means 16 bytes).
-	ADR	$16, R30
+	// address.
+	ADR	ret_sled, R30
 	// Clear the lowest 2 bits of fakePC. All ARM64 instructions are four
 	// bytes long, so we cannot get better return address granularity than
 	// multiples of 4.
@@ -60,8 +60,9 @@ call:
 // has the same byte length of 4 * 128 = 512 as the x86_64 sled, but
 // coarser granularity.
 #define RET_SLED \
-	JMP end_of_function;
+	JMP	end_of_function;
 
+ret_sled:
 	REPEAT_128(RET_SLED);
 
 end_of_function: