Fix alignment calculation in XNNWeightsCache

[GregoryComer]

Summary

We're seeing crashes on Android when running XNNPACK-delegated models. I tracked it down to a bug in the alignment calculation for weight cache memory. To make the calculation, it casts the void* to a (signed) intptr_t. When the address is in the upper half of the address space, it becomes negative. This causes the modulo to return a negative value and increment the address too much - leading to out of bounds access.

executorch/backends/xnnpack/runtime/XNNWeightsCache.cpp

Lines 166 to 168 in cc6cb83

	void* maybe_aligned_space = data_container.data();
	void* aligned_space = (void*)((intptr_t)maybe_aligned_space + 64 -
	(intptr_t)maybe_aligned_space % 64);

Walking through the numbers I captured in #14831:

• The raw (unaligned) address of the data buffer is 0xb40000763d4bfa90.
• The target alignment is 64 bytes.
• Casting the address to intptr_t gives -5476376639047992688.
  • Mod 64 is -48.
  • The total offset applied is 64 - (-48) = 112.
• Since the allocation size is N + 64, increasing the start by 112 means the new region extends 48 bytes past the end of the allocation.

To resolve this, I replaced the alignment code with a call to std::align. Casing to uintptr_t also resolves it, but using the standard implementation seems less error prone.

Test plan

I've validated that the repro in #14831 does not crash with this change.

[pytorch-bot]

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/15039

• 📄 Preview Python docs built from this PR

Note: Links to docs will display an error until the docs builds have been completed.

❗ 2 Active SEVs

There are 2 currently active SEVs. If your PR is affected, please view them below:

• Macos CI runners unavailable
• [ROCm][CI] Machines under the label linux.rocm.gpu.2 are undergoing maintenance.

❌ 6 New Failures, 1 Unrelated Failure

As of commit 15097e3 with merge base 019c8da ():

NEW FAILURES - The following jobs have failed:

• pull / test-qnn-wheel-packages-linux (3.10) / linux-job (gh)
  RuntimeError: Command docker exec -t df2b4df4847b4e705c34fcef5158b7cb12ecfd528de2a5fa1120841ce0182ac5 /exec failed with exit code 1
• pull / test-qnn-wheel-packages-linux (3.11) / linux-job (gh)
  RuntimeError: Command docker exec -t 4c39585c121b5bb1355c3bf67fa4d01914457bcb12b1c9a54a287fae2763f88f /exec failed with exit code 1
• pull / test-qnn-wheel-packages-linux (3.12) / linux-job (gh)
  RuntimeError: Command docker exec -t b0c777146b536f47a6c951bf8991fffca89b00080a66e08dc7f3b40f35143946 /exec failed with exit code 1
• pull / test-samsung-models-linux / linux-job (gh)
  RuntimeError: Command docker exec -t 13cbe8a89b572e2858f8dbe4d44fe38dc81b8e88cfc5f37c5038d79553f8420c /exec failed with exit code 1
• pull / unittest / macos / macos-job (gh)
  export/tests/test_target_recipes.py::TestTargetRecipes::test_linear_model
• Test CUDA Builds / export-voxtral-cuda-artifact / linux-job (gh)
  RuntimeError: Command docker exec -t e68192ad28f0ca786fe64e9839ded6098ac8d62daf744784588db0d402bb6995 /exec failed with exit code 2

FLAKY - The following job failed but was likely due to flakiness present on trunk:

• pull / unittest-arm-backend-with-no-fvp (test_pytest_models) / linux-job (gh) (detected as infra flaky with no log or failing log classifier)

This comment was automatically generated by Dr. CI and updates every 15 minutes.

[GregoryComer]

CI failures are due to running on a fork or broken trunk.