[llvm-bugs] [Bug 33327] New: Memory access error in MetadataTracking::untrack
via llvm-bugs
llvm-bugs at lists.llvm.org
Tue Jun 6 07:28:55 PDT 2017
https://bugs.llvm.org/show_bug.cgi?id=33327
Bug ID: 33327
Summary: Memory access error in MetadataTracking::untrack
Product: new-bugs
Version: 4.0
Hardware: PC
OS: MacOS X
Status: NEW
Severity: normal
Priority: P
Component: new bugs
Assignee: unassignedbugs at nondot.org
Reporter: akokins at whitecryption.com
CC: llvm-bugs at lists.llvm.org
Created attachment 18581
--> https://bugs.llvm.org/attachment.cgi?id=18581&action=edit
bug reproduction kit
opt sometimes crashes when processing files with metadata in them, when a
custom plugin is used that deletes and recreates certain instructions.
Even if it doesn't crash, the issue can still be seen when opt is run under
Valgrind.
>From what I could tell, the bug was triggered by deleting and replacing an
instruction that had metadata. The attached example plugin removes metadata
from all instructions, and takes each "br" instruction, adding metadata and
then replacing it with an otherwise identical instruction. In the end, opt
crashes during LLVMContext destruction.
I have reproduced the issue on both macOS 10.11.6 and Ubuntu 14.
To reproduce the bug, unzip the attachment, adjust path to LLVM in makefile and
run "make".
(path to LLVM must contain both headers to include and a library for the plugin
to link to)
This is the most important part of the expected output:
Invalid read of size 2
at 0x100216864: llvm::MetadataTracking::untrack(void*, llvm::Metadata&) (in
/opt/llvm-4.0.0/lib/libLLVM.dylib)
by 0x100201745: llvm::LLVMContextImpl::~LLVMContextImpl() (in
/opt/llvm-4.0.0/lib/libLLVM.dylib)
by 0x1001FC8C5: llvm::LLVMContext::~LLVMContext() (in
/opt/llvm-4.0.0/lib/libLLVM.dylib)
by 0x10000B497: main (in /opt/llvm-4.0.0/bin/opt)
Address 0x102c54208 is 8 bytes inside a block of size 32 free'd
at 0x100046ABD: free (in
/usr/local/Cellar/valgrind/3.12.0/lib/valgrind/vgpreload_memcheck-amd64-darwin.so)
by 0x1001FF4A2: llvm::LLVMContextImpl::~LLVMContextImpl() (in
/opt/llvm-4.0.0/lib/libLLVM.dylib)
by 0x1001FC8C5: llvm::LLVMContext::~LLVMContext() (in
/opt/llvm-4.0.0/lib/libLLVM.dylib)
by 0x10000B497: main (in /opt/llvm-4.0.0/bin/opt)
Block was alloc'd at
at 0x100046681: malloc (in
/usr/local/Cellar/valgrind/3.12.0/lib/valgrind/vgpreload_memcheck-amd64-darwin.so)
by 0x1021197DD: operator new(unsigned long) (in /usr/lib/libc++.1.dylib)
by 0x10021E4B3: llvm::MDTuple::getImpl(llvm::LLVMContext&,
llvm::ArrayRef<llvm::Metadata*>, llvm::Metadata::StorageType, bool) (in
/opt/llvm-4.0.0/lib/libLLVM.dylib)
by 0x1031CB77C: llvm::MDTuple::get(llvm::LLVMContext&,
llvm::ArrayRef<llvm::Metadata*>) (in
/Users/akokins/Desktop/llvm-bug-metadata/mdfp.so)
by 0x1031CB014: llvm::MDNode::get(llvm::LLVMContext&,
llvm::ArrayRef<llvm::Metadata*>) (in
/Users/akokins/Desktop/llvm-bug-metadata/mdfp.so)
by 0x1031CAB82: MetadataFauxPass::runOnFunction(llvm::Function&) (in
/Users/akokins/Desktop/llvm-bug-metadata/mdfp.so)
by 0x10020B371: llvm::FPPassManager::runOnFunction(llvm::Function&) (in
/opt/llvm-4.0.0/lib/libLLVM.dylib)
by 0x10020B572: llvm::FPPassManager::runOnModule(llvm::Module&) (in
/opt/llvm-4.0.0/lib/libLLVM.dylib)
by 0x10020B9F3: llvm::legacy::PassManagerImpl::run(llvm::Module&) (in
/opt/llvm-4.0.0/lib/libLLVM.dylib)
by 0x10000B050: main (in /opt/llvm-4.0.0/bin/opt)
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170606/10bfd5c1/attachment.html>
More information about the llvm-bugs
mailing list