<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/56224>56224</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
SEGV caused by READ Memory Access when creating `llvm::Function`
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
AldrinMathew
</td>
</tr>
</table>
<pre>
The following is the original error
```
Initialising context
Context initialised
Getting module name
Creating module
Created module
Got void type
Got function type
Creating function
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==65054==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x00003c018220 (pc 0x7f6b73ffa0f5 bp 0x000007933074 sp 0x7fff08d5fe40 T65054)
==65054==The signal is caused by a READ memory access.
#0 0x7f6b73ffa0f5 in llvm::StringMapImpl::LookupBucketFor(llvm::StringRef) (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xde60f5) (BuildId: 52065316c710ac1be836ac50bf4d5004db3205e5)
#1 0x7f6b741f32c1 in llvm::ValueSymbolTable::reinsertValue(llvm::Value*) (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xfdf2c1) (BuildId: 52065316c710ac1be836ac50bf4d5004db3205e5)
#2 0x7f6b741579fe in llvm::Function::Function(llvm::FunctionType*, llvm::GlobalValue::LinkageTypes, unsigned int, llvm::Twine const&, llvm::Module*) (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xf439fe) (BuildId: 52065316c710ac1be836ac50bf4d5004db3205e5)
#3 0x55e8f55ac6b1 in llvm::Function::Create(llvm::FunctionType*, llvm::GlobalValue::LinkageTypes, llvm::Twine const&, llvm::Module*) /usr/include/llvm/IR/Function.h:147:16
#4 0x55e8f55ac31e in main /mnt/Main/DEV/qatlang/qat/src/qat.cpp:25:3
#5 0x7f6b72a86082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#6 0x55e8f555a14d in _start (/mnt/Main/DEV/qatlang/qat/build/qat+0x2e14d) (BuildId: d1417a87f8a16567)
UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xde60f5) (BuildId: 52065316c710ac1be836ac50bf4d5004db3205e5) in llvm::StringMapImpl::LookupBucketFor(llvm::StringRef)
==65054==ABORTING
```
And the code that causes the error is as follows
```cpp
int main(int count, const char **args) {
using qat::CLI::Config;
SHOW("Initialising context")
llvm::LLVMContext ctx{};
SHOW("Context initialised")
SHOW("Getting module name")
llvm::StringRef mdname("other");
SHOW("Creating module")
auto mod = new llvm::Module{mdname, ctx};
SHOW("Created module")
auto voidTy = llvm::Type::getVoidTy(ctx);
SHOW("Got void type")
auto fnTy = llvm::FunctionType::get(voidTy, false);
SHOW("Got function type")
llvm::StringRef name("hello");
SHOW("Creating function")
llvm::Function::Create(
fnTy, llvm::GlobalValue::LinkageTypes::ExternalWeakLinkage, name, mod);
SHOW("Created function")
return 0;
auto cli = Config::init(count, args);
if (cli->should_exit()) {
return 0;
}
auto sitter = qat::QatSitter();
sitter.init();
Config::destroy();
return 0;
}
```
Seeing `StringMapImpl`, I initially thought that the error is related to StringRef. I separated function calls to individual statements and added debug prints to see the flow of execution upto the error. Turns out, it is caused by by `llvm::Function::Create` when it is trying to see if the `llvm::Value` exists already in the bucket.
Later made a few changes to the code and added a step for setting Target triple of the module:
```cpp
int main(int count, const char **args) {
using qat::CLI::Config;
SHOW("Initialising context")
llvm::LLVMContext ctx;
SHOW("Context initialised")
SHOW("Getting module name")
llvm::StringRef mdname("other");
SHOW("Creating module")
auto mod = new llvm::Module{mdname, ctx};
SHOW("Module created")
SHOW("Setting target triple")
mod->setTargetTriple(LLVM_HOST_TRIPLE);
SHOW("Target triple set")
auto voidTy = llvm::Type::getVoidTy(ctx);
SHOW("Got void type")
auto fnTy = llvm::FunctionType::get(voidTy, false);
SHOW("Got function type")
llvm::StringRef name("hello");
SHOW("Creating function")
llvm::Function::Create(
fnTy, llvm::GlobalValue::LinkageTypes::ExternalWeakLinkage, name, mod);
SHOW("Created function")
return 0;
auto cli = Config::init(count, args);
if (cli->should_exit()) {
return 0;
}
if (cli->is_compile()) {
for (auto path : cli->get_paths()) {
std::cout << path.string() << "\n";
}
}
auto sitter = qat::QatSitter();
sitter.init();
Config::destroy();
return 0;
}
```
And guess what, the error happens at a different spot
```
Initialising context
Context initialised
Getting module name
Creating module
Module created
Setting target triple
/usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/basic_string.h:3390:18: runtime error: applying non-zero offset 18446744073709551592 to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/basic_string.h:3390:18 in
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==64806==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0xfffffffffffffff8 (pc 0x55e858bb4b07 bp 0x7fff5ddcbda0 sp 0x7fff5ddcbd80 T64806)
==64806==The signal is caused by a READ memory access.
#0 0x55e858bb4b07 in std::string::_Rep::_M_is_leaked() const /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/basic_string.h:3258:18
#1 0x55e858bb46a5 in std::string::swap(std::string&) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/basic_string.tcc:962:21
#2 0x55e858bb3fc9 in std::string::operator=(std::string&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/basic_string.h:3798:8
#3 0x55e858bb36ff in llvm::Module::setTargetTriple(llvm::StringRef) /usr/include/llvm/IR/Module.h:300:52
#4 0x55e858bb339e in main /mnt/Main/DEV/qatlang/qat/src/qat.cpp:20:8
#5 0x7fc81bf7a082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#6 0x55e858b6127d in _start (/mnt/Main/DEV/qatlang/qat/build/qat+0x3027d) (BuildId: 409a2d3ccd60c9ff)
UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: SEGV /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/basic_string.h:3258:18 in std::string::_Rep::_M_is_leaked() const
==64806==ABORTING
```
I still think this might be caused by the `llvm::StringRef` and how I am initialising the value.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJztWVlv4zgS_jXOCxGDuuUHPziHMwaS6V3bk8E8GZRE2dyWRa1E5ehfP1WkZEs-0j3dwWZm0YYgSzyKdfGrYimSyet4ueEklVkmn0W-JqIiChpkKdYiZxnhZSnLAb0Z0MnAp82lX2e5UIJlosJpscwVf1Gm59q8ENGO4InpuONK4eitTOqMk5xteTOj5KzT02nkSa_tTiryJEVC1GvRaUrrPFZC5p3mHcm2zzT_lic8FTlPrviGPQlZLhhy-YWXA2dyczu5uf9jMbv7dXLfyOzcwOV71HPN4-18_mkOQ8mbhMji9u6RAD91_jmXzzlhSVLyqiL0hcLPiakV2jYlAzssYmgMUj8KnDRlNPVIVDTDaDByHBq4pCr0mDSlYeKl3KVkaViyR2fYRKNWYo0WBIvGrAYbkOiVMDIHGcmWb2UJb3EMTA0NDQK_ge3QQ3ZETrLsaQtSwbVQJej0gRWzbZGZpnspP9fFVR1_5moKvmKHh8PnPAVOUdiBPc1EBPeX0F_57mUm8vrlcp3XpuP-_vHh0nKHlRxaA_uKviTcBxaayVe1yJJZgur1bOp7juXHgUVZbEU8dHwWezRK3cSj1E0ix6Ye93YKaoSzWuFcK3Xs2OoL98iymi9et5HMliwCl9OtJRd5xUule3vSNS2T7xQuTVJg4f2Es_fCecEo5X3hpu026L915Wkbl7iJUKzrzvy7TEYsMyIbu4v8M1tzHFzh0DpHhwM3E7nqT10CsnCEiAo6_H7fg9nc369E1wFR30-JDijR83iYeh6L_ch6S4kGoN5Rhd-lsmldwaabijzO6oSjmnCkPZ3N4dbyM9zARMsN8O73BHa7AjuW9potgxvM3qIlpw_wBn83t49w_y9TGcvX5gnuVRmb52FcFEDd9uDm9FbwWr-0WejT0MYVViswZryqFCvVql0uQvPB_xr7LhdfZl-Cq92rPXTA4tO4Qk8YDnePulPTGca4NA2PZfT3MnrMchPNgZ7TuNw3CNoyp9_A8WwOhI79LrFcK2BhkIbM8j0_2EP0V8IPgHROcohlRSmfRMIxZAg0HUJ4nsoGpRe_PTxM5n98YwT6GMh9t5BxJrhNrj7Nl7Nf706mJeY-yROdx8QSNKk2TJkYaJIbndNgXGRVk_lUB6TQl3ULYJneDcAiPsayNuCmdyaJN6wkeiNOWLmutNLAZRvXq3VmhP5i0OJ-1jzIPBXrgXPVZZiQxS-fftf2sk9mVrbdgaq9utB-bb4VqxdcPrjZ0e5SPZWV9Yjuh57K086svzMX2SZmHBKQoOaymXKSl4N8r0ec1UpiBwFTk5w_H0NfcNUudm2EPiNxP4E8XgQzyeWrXqcDvQjd-mnN1aMeAeRwmTPC9HPS41XS_GiNXpho1wJqT81y1yRlWcXfWrGf8n7VOnvbbDh4_LfYZpc4nyF-JhjukZdo0f9KDNQtty-KlwB7v3P2uelFGq3BwZpvsg4GP8V5O7rkqi5zQo_2n7ZVnAltqnaPIj-4YdAD2r3fbPUOByJFsIS5lwPnttrIOktW_EXPwoF9WDjBAgQpcOEuH5VQoATNyg5A_s3UQjc3ZPezzehhw2i_rytJwitVytejMcc6adk5Ca4LztE_oLWP7TAK1DNrESZ7BbSV9XqjDAL3oLfkmTYVyLpz0iHMrXjByp4RAbmzrMKBIk8EhMYaIiIEb8W3PFcA4gD1ECthRsKjeg3xU2AzKpFzvWgKCE9kSvgLj2tNsi6ge8fPkCxB_IrIWttXqP6ZCS4Q7St-71PyvOF5M1mVr6ihhgdwD1yrR8TsAJgFflKhFBnQSV4xdOLYSMfGYVfr9ww9YsswNSApwCJEn3zNtaS7ULdXBgMd8QLiWwk8GDhfgudysEMpCkB1abhqwNGZ_N-EwJ_BD1cxo0lsIPGcsItGWNV1jf5gYEbDGlfGf5bNmBD1vvrl02K5Ws5n_7q_PSdv3-0qrn5G4p-R-J8QiXvERLWK5bYQGT9DC5EWujTzBVMbgqemZjL41ArbqjNzIYSrxMgIwsGp1LmGS5MZVtpzzMS2A9XpXWutOh0yHd7_IQkFntPWNVZGnzdM23SfJWxYUXAIy5A6MJKINOUlBHxSFVJ9TEH6AFKbXOgUgBr22tJMpMsKumZhjuLrOD59ILesduDBbV_dgZlX-jKDI6Eq_GOVwHIKuoqu9TjOiGIhBKshpIT9IraNXrEBNJvpDCWX-eUXXkrIBlJAZmKFrusHrksDJ6Ajz7O8kY0JRl5nGSkkJAC8_IuFiLrtvYyabvL30AzmWj_yUcANqf9OHwXS_i_cfRjAqpUXRpEb0cB8GMDPAF6SxFHC6P7DgGkJ8cOAZuugdrJn9cc-DPTYAfXtUKsBKf28mvOieXpYAWxmED0wA9EAZrLGj3UA2wvN1jj8NLATz2feWfGqZ1aAMId9WKUdfZxgKsbq58i3sQZrHX0XaCVz0nh0VjJZcDh6IULcnBHwY2XUxgtGaLy-7ZyuhH6a9guQD7sTDshylMWe_Vj1Zl3d0DQcUYQTzz5ZVdccOaMfrqrTI5lNVT0OrSgN2IdW1UFG37KDd6mqOxQIHRefXTpiduLEcQIH01GaHuSS__Oq-t8BvX4Af8_Ehjfr6jNYTEASoDZwEMB7RbYCazsR74SRozrHflP5VFcnNvKZzAjb7pMxnT7BvCc8igwvkrGTjJwRu1BCZXysNb5fQEepBxOlJjpKmbpL3CZsp0s1Pr2oy2y8UarQZxt7itYSalNHQ0jr97sb_y7BWf7DY_RPUVU1fpuber5tuxebceiknAYRtyhLk9BJHC8NPRaMYnvEImc0ushYxLNqPPDAkjYe4DUJnbDfXIixTW2b-rZPfRp67jAIfBawwKM0CEM3jQcu5bBxsyHyMZTl-qIca5aiGo46Ls2wWLTvZJX-5sr1ckAfUv2NLMeTLAGtP8DpgT9f6PXHmv8_AYvnCJU">