<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - llvm-dsymutil crash on rustc-produced object"
   href="https://bugs.llvm.org/show_bug.cgi?id=33873">33873</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>llvm-dsymutil crash on rustc-produced object
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>tools
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>MacOS X
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>enhancement
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>llvm-dwarfdump
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedbugs@nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>mh+llvm@glandium.org
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>friss@apple.com, llvm-bugs@lists.llvm.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>(There doesn't seem to be a component for llvm-dsymutil, so I'm putting this in
llvm-dwarfdump ; CCing friss because he filed <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Add a llvm-dsymutil component to the tools product"
   href="show_bug.cgi?id=33562">bug 33562</a>, so I assume he's
maintaining dsymutil or at least related somehow and might point the right
people to this bug)

We've got llvm-dsymutil crashes happening while building Firefox. They are
fairly reproducible for a given source tree, but it doesn't happen on every new
state of the source tree we push to CI. We worked around it by making rust
produce less debug info, but it seems newer versions of the rust compiler are
going to make it happen again with that same reduced debug info level.

Anyways, I narrowed it down and have a reduced testcase. You can find the
testcase here:
<a href="https://drive.google.com/file/d/0B_wfRHd_Wd-1dHFNVm51aVV6V00/view?usp=sharing">https://drive.google.com/file/d/0B_wfRHd_Wd-1dHFNVm51aVV6V00/view?usp=sharing</a>

The testcase archive linked above contains two files: a dylib and a static
library. The former refers to the latter with absolute paths, so you'll want to
extract the archive in / that will extract both files under subdirectories of
home/worker/workspace/build/src/obj-firefox/toolkit/library (they come from
Firefox CI, but I stripped down the .a to only contain the .o that causes
trouble).

The problem happens when running `llvm-dsymutil path/to/XUL`. That leads to a
null deref crash. I reproduced the crash with various versions of llvm,
including the 5.0 snapshot currently in Debian unstable, but I got a stack
trace from a debug build of 4.0.1:

#0  0x000055555568e292 in llvm::DWARFAbbreviationDeclaration::getCode
(this=0x0)
    at ../include/llvm/DebugInfo/DWARF/DWARFAbbreviationDeclaration.h:57
#1  0x00005555556793ab in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::keepDIEAndDependencies (this=0x7fffffffd660, 
    RelocMgr=..., Die=..., MyInfo=..., DMO=..., CU=..., UseODR=false)
    at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2216
#2  0x00005555556797f2 in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::lookForDIEsToKeep (this=0x7fffffffd660, RelocMgr=..., 
    Die=..., DMO=..., CU=..., Flags=5) at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2294
#3  0x0000555555679679 in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::keepDIEAndDependencies (this=0x7fffffffd660, 
    RelocMgr=..., Die=..., MyInfo=..., DMO=..., CU=..., UseODR=false)
    at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2253
#4  0x00005555556797f2 in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::lookForDIEsToKeep (this=0x7fffffffd660, RelocMgr=..., 
    Die=..., DMO=..., CU=..., Flags=5) at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2294
#5  0x00005555556798f8 in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::lookForDIEsToKeep (this=0x7fffffffd660, RelocMgr=..., 
    Die=..., DMO=..., CU=..., Flags=5) at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2309
#6  0x00005555556798f8 in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::lookForDIEsToKeep (this=0x7fffffffd660, RelocMgr=..., 
    Die=..., DMO=..., CU=..., Flags=5) at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2309
#7  0x00005555556798f8 in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::lookForDIEsToKeep (this=0x7fffffffd660, RelocMgr=..., 
    Die=..., DMO=..., CU=..., Flags=5) at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2309
#8  0x0000555555679679 in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::keepDIEAndDependencies (this=0x7fffffffd660, 
    RelocMgr=..., Die=..., MyInfo=..., DMO=..., CU=..., UseODR=false)
(...)

(gdb) up
#1  0x00005555556793ab in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::keepDIEAndDependencies (this=0x7fffffffd660, 
    RelocMgr=..., Die=..., MyInfo=..., DMO=..., CU=..., UseODR=false)
    at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2216
2216      uint32_t Offset = Die.getOffset() +
getULEB128Size(Abbrev->getCode());
(gdb) list
2211    
2212      // Then we need to mark all the DIEs referenced by this DIE's
2213      // attributes as kept.
2214      DataExtractor Data = Unit.getDebugInfoExtractor();
2215      const auto *Abbrev = Die.getAbbreviationDeclarationPtr();
2216      uint32_t Offset = Die.getOffset() +
getULEB128Size(Abbrev->getCode());
2217    
2218      // Mark all DIEs referenced through atttributes as kept.
2219      for (const auto &AttrSpec : Abbrev->attributes()) {
2220        DWARFFormValue Val(AttrSpec.Form);

There's an obvious null deref on line 2216. After adding a null check and an
early return in that case between line 2215 and 2216, I get an assert crash:

llvm-dsymutil:
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2388:
unsigned int
llvm::dsymutil::{anonymous}::DwarfLinker::DIECloner::cloneDieReferenceAttribute(llvm::DIE&,
const llvm::DWARFDie&,
llvm::dsymutil::{anonymous}::DwarfLinker::DIECloner::AttributeSpec, unsigned
int, const llvm::DWARFFormValue&, llvm::dsymutil::{anonymous}::CompileUnit&):
Assertion `Ref > InputDIE.getOffset()' failed.

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff67653fa in __GI_abort () at abort.c:89
#2  0x00007ffff675ce37 in __assert_fail_base (fmt=<optimized out>, 
    assertion=assertion@entry=0x555556831f3c "Ref > InputDIE.getOffset()", 
    file=file@entry=0x5555568316c8
"/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp",
line=line@entry=2388, 
    function=function@entry=0x555556839a00 <llvm::dsymutil::(anonymous
namespace)::DwarfLinker::DIECloner::cloneDieReferenceAttribute(llvm::DIE&,
llvm::DWARFDie const&, llvm::DWARFAbbreviationDeclaration::AttributeSpec,
unsigned int, llvm::DWARFFormValue const&, llvm::dsymutil::(anonymous
namespace)::CompileUnit&)::__PRETTY_FUNCTION__> "unsigned int
llvm::dsymutil::{anonymous}::DwarfLinker::DIECloner::cloneDieReferenceAttribute(llvm::DIE&,
const llvm::DWARFDie&,
llvm::dsymutil::{anonymous}::DwarfLinker::DIECloner::AttributeSpec, unsi"...)
at assert.c:92
#3  0x00007ffff675cee2 in __GI___assert_fail (assertion=0x555556831f3c "Ref >
InputDIE.getOffset()", 
    file=0x5555568316c8
"/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp",
line=2388, 
    function=0x555556839a00 <llvm::dsymutil::(anonymous
namespace)::DwarfLinker::DIECloner::cloneDieReferenceAttribute(llvm::DIE&,
llvm::DWARFDie const&, llvm::DWARFAbbreviationDeclaration::AttributeSpec,
unsigned int, llvm::DWARFFormValue const&, llvm::dsymutil::(anonymous
namespace)::CompileUnit&)::__PRETTY_FUNCTION__> "unsigned int
llvm::dsymutil::{anonymous}::DwarfLinker::DIECloner::cloneDieReferenceAttribute(llvm::DIE&,
const llvm::DWARFDie&,
llvm::dsymutil::{anonymous}::DwarfLinker::DIECloner::AttributeSpec, unsi"...)
    at assert.c:101
#4  0x0000555555679e82 in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::DIECloner::cloneDieReferenceAttribute (
    this=0x7fffffffd570, Die=..., InputDIE=..., AttrSpec=..., AttrSize=4,
Val=..., Unit=...)
    at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2388
#5  0x000055555567a9ea in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::DIECloner::cloneAttribute (this=0x7fffffffd570, 
    Die=..., InputDIE=..., Unit=..., Val=..., AttrSpec=..., AttrSize=4,
Info=...)
    at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2566
#6  0x000055555567b7ca in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::DIECloner::cloneDIE (this=0x7fffffffd570,
InputDIE=..., 
    Unit=..., PCOffset=73285056, OutOffset=763556, Flags=2, Die=0x55555b4d60a0)
    at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2804
#7  0x000055555567bbeb in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::DIECloner::cloneDIE (this=0x7fffffffd570,
InputDIE=..., 
    Unit=..., PCOffset=73285056, OutOffset=763556, Flags=2, Die=0x55555b4d5fd0)
    at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2855
#8  0x000055555567bbeb in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::DIECloner::cloneDIE (this=0x7fffffffd570,
InputDIE=..., 
    Unit=..., PCOffset=73285056, OutOffset=763530, Flags=2, Die=0x55555b4d5e70)
    at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2855
#9  0x000055555567bbeb in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::DIECloner::cloneDIE (this=0x7fffffffd570,
InputDIE=..., 
    Unit=..., PCOffset=0, OutOffset=763497, Flags=0, Die=0x55555b4d5500)
    at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2855
#10 0x000055555567bbeb in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::DIECloner::cloneDIE (this=0x7fffffffd570,
InputDIE=..., 
    Unit=..., PCOffset=0, OutOffset=763338, Flags=0, Die=0x55555b063270)
    at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2855
#11 0x000055555567bbeb in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::DIECloner::cloneDIE (this=0x7fffffffd570,
InputDIE=..., 
    Unit=..., PCOffset=0, OutOffset=519394, Flags=0, Die=0x55555aae40a0)
    at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2855
#12 0x000055555567bbeb in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::DIECloner::cloneDIE (this=0x7fffffffd570,
InputDIE=..., 
    Unit=..., PCOffset=0, OutOffset=283591, Flags=0, Die=0x555557c7e278)
    at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:2855
#13 0x000055555567ee7c in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::DIECloner::cloneAllCompileUnits (this=0x7fffffffd570, 
    DwarfContext=...) at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:3389
#14 0x000055555567f851 in llvm::dsymutil::(anonymous
namespace)::DwarfLinker::link (this=0x7fffffffd660, Map=...)
    at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:3484
#15 0x0000555555680019 in llvm::dsymutil::linkDwarf (OutputFilename=...,
DM=..., Options=...)
    at
/home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/DwarfLinker.cpp:3551
#16 0x000055555564f5d9 in main (argc=2, argv=0x7fffffffdfe8)
    at /home/glandium/llvm-toolchain-4.0-4.0.1/tools/dsymutil/dsymutil.cpp:330

Removing the assert seems to work...

It doesn't look like, from the look of dwarfdump around the offsets where the
errors occur that there's something fundamentally wrong in the dwarf data, but
I haven't looked very carefully.</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>