<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - BPF target: segfault on access to a volatile array in a loop"
href="https://bugs.llvm.org/show_bug.cgi?id=39316">39316</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>BPF target: segfault on access to a volatile array in a loop
</td>
</tr>
<tr>
<th>Product</th>
<td>new-bugs
</td>
</tr>
<tr>
<th>Version</th>
<td>6.0
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>new bugs
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>elazarg@gmail.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=21009" name="attach_21009" title="zip file with bitcode, disassembly and source C file">attachment 21009</a> <a href="attachment.cgi?id=21009&action=edit" title="zip file with bitcode, disassembly and source C file">[details]</a></span>
zip file with bitcode, disassembly and source C file
Certain combinations of loops and volatile seems to confuse the BPF backend and
in this case cause a segfault.
As far as I understand, llc should not report any error in this example, even
though the Linux BPF verifier will reject it for having a back edge.
Output:
$ llc-6.0 -march=bpf -filetype=obj bug_segfault.bc
/usr/lib/llvm-6.0/bin/../lib/libLLVM-6.0.so.1(_ZN4llvm3sys15PrintStackTraceERNS_11raw_ostreamE+0x2a)[0x7f17f64e20ea]
/usr/lib/llvm-6.0/bin/../lib/libLLVM-6.0.so.1(_ZN4llvm3sys17RunSignalHandlersEv+0x56)[0x7f17f64e0366]
/usr/lib/llvm-6.0/bin/../lib/libLLVM-6.0.so.1(+0x81c49b)[0x7f17f64e049b]
/lib/x86_64-linux-gnu/libc.so.6(+0x3ef20)[0x7f17f5588f20]
/usr/lib/llvm-6.0/bin/../lib/libLLVM-6.0.so.1(_ZN4llvm12SelectionDAG16getGlobalAddressEPKNS_11GlobalValueERKNS_5SDLocENS_3EVTElbh+0x5c)[0x7f17f6ab682c]
/usr/lib/llvm-6.0/bin/../lib/libLLVM-6.0.so.1(_ZNK4llvm17BPFTargetLowering18LowerGlobalAddressENS_7SDValueERNS_12SelectionDAGE+0x66)[0x7f17f7b64ab6]
/usr/lib/llvm-6.0/bin/../lib/libLLVM-6.0.so.1(+0xd0a751)[0x7f17f69ce751]
/usr/lib/llvm-6.0/bin/../lib/libLLVM-6.0.so.1(_ZN4llvm12SelectionDAG8LegalizeEv+0x328)[0x7f17f69d1e38]
/usr/lib/llvm-6.0/bin/../lib/libLLVM-6.0.so.1(_ZN4llvm16SelectionDAGISel17CodeGenAndEmitDAGEv+0x1e8)[0x7f17f6ad9bf8]
/usr/lib/llvm-6.0/bin/../lib/libLLVM-6.0.so.1(_ZN4llvm16SelectionDAGISel20SelectAllBasicBlocksERKNS_8FunctionE+0x147c)[0x7f17f6ae33fc]
/usr/lib/llvm-6.0/bin/../lib/libLLVM-6.0.so.1(+0xe21905)[0x7f17f6ae5905]
/usr/lib/llvm-6.0/bin/../lib/libLLVM-6.0.so.1(_ZN4llvm19MachineFunctionPass13runOnFunctionERNS_8FunctionE+0x90)[0x7f17f6786fe0]
/usr/lib/llvm-6.0/bin/../lib/libLLVM-6.0.so.1(_ZN4llvm13FPPassManager13runOnFunctionERNS_8FunctionE+0x278)[0x7f17f65bc7f8]
/usr/lib/llvm-6.0/bin/../lib/libLLVM-6.0.so.1(_ZN4llvm13FPPassManager11runOnModuleERNS_6ModuleE+0x33)[0x7f17f65bc843]
/usr/lib/llvm-6.0/bin/../lib/libLLVM-6.0.so.1(_ZN4llvm6legacy15PassManagerImpl3runERNS_6ModuleE+0x30f)[0x7f17f65bc08f]
llc-6.0(+0x21861)[0x556bff9dd861]
llc-6.0(main+0x3f5)[0x556bff9d25d5]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0x7f17f556bb97]
llc-6.0(_start+0x2a)[0x556bff9d275a]
Stack dump:
0. Program arguments: llc-6.0 -march=bpf -filetype=obj bug_segfault.bc
1. Running pass 'Function Pass Manager' on module 'bug_segfault.bc'.
2. Running pass 'BPF DAG->DAG Pattern Instruction Selection' on function
'@manual_memcpy'
Segmentation fault (core dumped)
Details:
LLVM version 6.0.0
Optimized build.
Default target: x86_64-pc-linux-gnu
Host CPU: skylake</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>