<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - ORC JIT fails with standard math librrary"

   href="https://bugs.llvm.org/show_bug.cgi?id=41258">41258</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>ORC JIT fails with standard math librrary

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>new-bugs

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>8.0

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>release blocker

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>new bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>fwinter@jlab.org

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>htmldeveloper@gmail.com, llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=21686" name="attach_21686" title="Exploit">attachment 21686</a> <a href="attachment.cgi?id=21686&action=edit" title="Exploit">[details]</a></span>

Exploit

Hi,

when transitioning our application (which uses the IR Builder and JIT) from

using LLVM release 6.0 to release 8.0 we noticed that some JIT'd function work

fine while others don't. They actually crashed the program (always with the

same error message, see below). I narrowed it down to whenever a JIT'd function

make calls to the standard math library it fails.

I provide a minimal exploit.

Description of the exploit:

The program uses the KaleidoscopeJIT.h that ships with LLVM 8 (except that I

had to expose the Datalayout). It reads from the filesystem an IR file

(filename "func_works.ll" or "func_cos_fails.ll) and asks the ORC JIT first for

the symbol "func_ir" and then for the address.

In case the file "func_works.ll" was read the program succeeds with:

symbol found!

address found!

In case the file "func_cos_fails.ll" was read the program fails with:

symbol found!

Failure value returned from cantFail wrapped call

UNREACHABLE executed at

install/llvm-8.0-x86-debug/include/llvm/Support/Error.h:732!

Stack dump:

The program needs to be rebuild for it to use the other input file since the

filename is a C literal.

This was tested on an x86 Linux Ubuntu system using a "debug" build of LLVM 8.0

configured with

cmake -G "Unix Makefiles" \

      -DBUILD_SHARED_LIBS="ON" \

      -DLLVM_ENABLE_RTTI="ON" \

      -DLLVM_ENABLE_ZLIB="OFF" \

      -DLLVM_ENABLE_TERMINFO="OFF" \

      -DCMAKE_BUILD_TYPE="Debug" \

      -DCMAKE_INSTALL_PREFIX=$CMAKE_INSTALL_PREFIX \

      -DLLVM_TARGETS_TO_BUILD="X86" \

      -DCMAKE_BUILD_TYPE="Debug" \

      $SRC

We are not doing something obviously wrong, do we?

This is a show stopper for us. We cannot use LLVM 8.0 in our production code.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>