[llvm-bugs] [Bug 32337] New: nullptr dereference in pass 'Shadow Stack GC Lowering'

via llvm-bugs llvm-bugs at lists.llvm.org
Sat Mar 18 04:43:54 PDT 2017 

https://bugs.llvm.org/show_bug.cgi?id=32337

            Bug ID: 32337
           Summary: nullptr dereference in pass 'Shadow Stack GC Lowering'
           Product: libraries
           Version: 3.9
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Common Code Generator Code
          Assignee: unassignedbugs at nondot.org
          Reporter: hristo at venev.name
                CC: llvm-bugs at lists.llvm.org

Created attachment 18123
  --> https://bugs.llvm.org/attachment.cgi?id=18123&action=edit
test.ll

The pass assumes that gcroot is only called once for every alloca. Even if this
is true for the original source, optimization passes may change this.

I've attached the smallest test case I could find. It causes segfault when
compiled with 'clang -O2' using LLVM 3.8.something and 3.9.1:

#0 0x00007f6b44ac7708 llvm::sys::PrintStackTrace(llvm::raw_ostream&)
(/lib64/libLLVM-3.9.so+0x62c708)
#1 0x00007f6b44ac58a6 llvm::sys::RunSignalHandlers()
(/lib64/libLLVM-3.9.so+0x62a8a6)
#2 0x00007f6b44ac59d4 (/lib64/libLLVM-3.9.so+0x62a9d4)
#3 0x00007f6b42a47260 __restore_rt (/lib64/libpthread.so.0+0x12260)
#4 0x00007f6b44b5f355 llvm::Instruction::eraseFromParent()
(/lib64/libLLVM-3.9.so+0x6c4355)
#5 0x00007f6b44dd1c7b (/lib64/libLLVM-3.9.so+0x936c7b)
#6 0x00007f6b44dd2c48 (/lib64/libLLVM-3.9.so+0x937c48)
#7 0x00007f6b44b86e68 llvm::FPPassManager::runOnFunction(llvm::Function&)
(/lib64/libLLVM-3.9.so+0x6ebe68)
#8 0x00007f6b44b8718b llvm::FPPassManager::runOnModule(llvm::Module&)
(/lib64/libLLVM-3.9.so+0x6ec18b)
#9 0x00007f6b44b8671f llvm::legacy::PassManagerImpl::run(llvm::Module&)
(/lib64/libLLVM-3.9.so+0x6eb71f)
#10 0x00007f6b43b2f6a3 clang::EmitBackendOutput(clang::DiagnosticsEngine&,
clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions
const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction,
std::unique_ptr<llvm::raw_pwrite_stream,
std::default_delete<llvm::raw_pwrite_stream> >)
(/lib64/libclangCodeGen.so+0x6a6a3)
#11 0x00007f6b43cd24fd (/lib64/libclangCodeGen.so+0x20d4fd)
#12 0x00007f6b4353d396 clang::FrontendAction::Execute()
(/lib64/libclangFrontend.so+0xac396)
#13 0x00007f6b4350722c
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/lib64/libclangFrontend.so+0x7622c)
#14 0x00007f6b4328e023
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/lib64/libclangFrontendTool.so+0x3023)
#15 0x000055ebf56be8f0 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (/usr/bin/clang-3.9+0xe8f0)
#16 0x000055ebf56bb519 main (/usr/bin/clang-3.9+0xb519)
#17 0x00007f6b41bb75fe __libc_start_main
/usr/src/debug/glibc-2.25-4-g69e0a87/csu/../csu/libc-start.c:329:0
#18 0x000055ebf56bcdba _start (/usr/bin/clang-3.9+0xcdba)
Stack dump:
0.      Program arguments: /usr/bin/clang-3.9 -cc1 -triple
x86_64-unknown-linux-gnu -emit-obj -disable-free -disable-llvm-verifier
-discard-value-names -main-file-name test-simple.ll -mrelocation-model static
-mthread-model posix -fmath-errno -masm-verbose -mconstructor-aliases
-munwind-tables -fuse-init-array -target-cpu x86-64 -momit-leaf-frame-pointer
-dwarf-column-info -debugger-tuning=gdb -resource-dir
/usr/bin/../lib64/clang/3.9.1 -O2 -fdebug-compilation-dir /home/hristo/dev/ob1
-ferror-limit 19 -fmessage-length 211 -fobjc-runtime=gcc
-fdiagnostics-show-option -fcolor-diagnostics -vectorize-loops -vectorize-slp
-o /tmp/test-simple-0e9ae0.o -x ir test-simple.ll 
1.      Code generation
2.      Running pass 'Function Pass Manager' on module 'test-simple.ll'.
3.      Running pass 'Shadow Stack GC Lowering' on function '@test'
clang-3.9: error: unable to execute command: Segmentation fault (core dumped)
clang-3.9: error: clang frontend command failed due to signal (use -v to see
invocation)
clang version 3.9.1 (tags/RELEASE_391/final)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
clang-3.9: note: diagnostic msg: PLEASE submit a bug report to  and include the
crash backtrace, preprocessed source, and associated run script.
clang-3.9: note: diagnostic msg: Error generating preprocessed source(s) - no
preprocessable inputs.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170318/52d4215e/attachment.html>

More information about the llvm-bugs mailing list