[llvm-dev] Interpreter crash due to an "Unknown constant pointer type!"

Lang Hames via llvm-dev llvm-dev at lists.llvm.org
Sun Feb 16 15:30:08 PST 2020 

Hi Alberto,

I'm using the interpreter because my goal is to use it as a visitor and
> follow the execution instruction per instruction.


Not directly. The JIT will translate your IR to machine code for direct
execution. If you wanted to follow the execution instruction by instruction
you would have to either use LLDB (although getting JIT'd code to work with
the debugger is not straightforward yet), or inject extra IR for
instrumentation. Given your use case I think the interpreter is an
attractive option, except for this crash. Unfortunately I'm not sure how to
fix it, and I'm currently busy with JIT development.

-- Lang.

On Mon, Feb 10, 2020 at 1:55 PM Alberto Barbaro <barbaro.alberto at gmail.com>
wrote:

> Hi Lang,
> I'm using the interpreter because my goal is to use it as a visitor and
> follow the execution instruction per instruction.
>
> Is it the same possible with a JIT class?
>
> Thanks
>
> On Mon, Feb 10, 2020, 21:31 Lang Hames <lhames at gmail.com> wrote:
>
>> Hey Lang - does any of this look familiar to you?
>>
>>
>> I'm afraid not: I know nothing about the interpreter. As far as I'm aware
>> it's essentially abandonware.
>>
>> Alberto: The usual recommendation in these circumstances is to use a JIT
>> class instead of the interpreter. You're using -force-interpreter though,
>> so I assume you really want to use the interpreter for your use case?
>>
>> -- Lang.
>>
>> On Fri, Jan 3, 2020 at 3:04 PM David Blaikie <dblaikie at gmail.com> wrote:
>>
>>> Hey Lang - does any of this look familiar to you?
>>>
>>> On Fri, Jan 3, 2020 at 7:04 AM Alberto Barbaro <
>>> barbaro.alberto at gmail.com> wrote:
>>>
>>>> David,
>>>> sorry for this email but I noticed I made a mistake in the previous
>>>> one. So I managed to compile llvm Debug with asserts release. I have used
>>>> the following commands:
>>>>
>>>> cmake -DLLVM_TARGETS_TO_BUILD=X86 -DLLVM_ENABLE_RTTI=ON
>>>> -DLLVM_ENABLE_FFI=ON -DCMAKE_BUILD_TYPE=Debug -DLLVM_ENABLE_ASSERTIONS=ON ..
>>>> cmake --build . -- -j8 && sudo cmake --build . --target install
>>>>
>>>> Once lli was installed it was enough to use the .bc
>>>>
>>>> /usr/local/bin/lli --debug --force-interpreter pngpixel_crash.bc 0 0
>>>> mini.png
>>>> ...
>>>> png_ptr->width: 1
>>>> max_pixel_depth: 24
>>>> row_bytes: 28
>>>> ...
>>>> About to interpret:   store <2 x %struct.code*> <%struct.code*
>>>> getelementptr inbounds ([512 x %struct.code], [512 x %struct.code]*
>>>> @fixedtables.lenfix.681, i64 0, i64 0), %struct.code* getelementptr
>>>> inbounds ([32 x %struct.code], [32 x %struct.code]*
>>>> @fixedtables.distfix.682, i64 0, i64 0)>, <2 x %struct.code*>* %96, align
>>>> 8, !tbaa !50
>>>> Unknown constant pointer type!
>>>> UNREACHABLE executed at
>>>> /home/al/llvm-9.0.0.src/lib/ExecutionEngine/ExecutionEngine.cpp:1008!
>>>> Stack dump:
>>>> 0. Program arguments: /usr/local/bin/lli --force-interpreter
>>>> pngpixel_crash.bc 0 0 mini.png
>>>>  #0 0x0000564bad642af9 llvm::sys::PrintStackTrace(llvm::raw_ostream&)
>>>> /home/al/llvm-9.0.0.src/lib/Support/Unix/Signals.inc:533:0
>>>>  #1 0x0000564bad642b8c PrintStackTraceSignalHandler(void*)
>>>> /home/al/llvm-9.0.0.src/lib/Support/Unix/Signals.inc:594:0
>>>>  #2 0x0000564bad640a66 llvm::sys::RunSignalHandlers()
>>>> /home/al/llvm-9.0.0.src/lib/Support/Signals.cpp:68:0
>>>>  #3 0x0000564bad6424b0 SignalHandler(int)
>>>> /home/al/llvm-9.0.0.src/lib/Support/Unix/Signals.inc:385:0
>>>>  #4 0x00007f697df61890 __restore_rt
>>>> (/lib/x86_64-linux-gnu/libpthread.so.0+0x12890)
>>>>  #5 0x00007f697ca0ae97 raise
>>>> /build/glibc-OTsEL5/glibc-2.27/signal/../sysdeps/unix/sysv/linux/raise.c:51:0
>>>>  #6 0x00007f697ca0c801 abort
>>>> /build/glibc-OTsEL5/glibc-2.27/stdlib/abort.c:81:0
>>>>  #7 0x0000564bad5ce768 bindingsErrorHandler(void*,
>>>> std::__cxx11::basic_string<char, std::char_traits<char>,
>>>> std::allocator<char> > const&, bool)
>>>> /home/al/llvm-9.0.0.src/lib/Support/ErrorHandling.cpp:218:0
>>>>  #8 0x0000564bacfc2e5a
>>>> llvm::ExecutionEngine::getConstantValue(llvm::Constant const*)
>>>> /home/al/llvm-9.0.0.src/lib/ExecutionEngine/ExecutionEngine.cpp:1013:0
>>>>  #9 0x0000564bacfeb873 llvm::Interpreter::getOperandValue(llvm::Value*,
>>>> llvm::ExecutionContext&)
>>>> /home/al/llvm-9.0.0.src/lib/ExecutionEngine/Interpreter/Execution.cpp:2108:0
>>>> #10 0x0000564bacfe548a
>>>> llvm::Interpreter::visitStoreInst(llvm::StoreInst&)
>>>> /home/al/llvm-9.0.0.src/lib/ExecutionEngine/Interpreter/Execution.cpp:1105:0
>>>> #11 0x0000564bacfee32f llvm::InstVisitor<llvm::Interpreter,
>>>> void>::visitStore(llvm::StoreInst&)
>>>> /home/al/llvm-9.0.0.src/include/llvm/IR/Instruction.def:173:0
>>>> #12 0x0000564bacfed18d llvm::InstVisitor<llvm::Interpreter,
>>>> void>::visit(llvm::Instruction&)
>>>> /home/al/llvm-9.0.0.src/include/llvm/IR/Instruction.def:173:0
>>>> #13 0x0000564bacfebd7b llvm::Interpreter::run()
>>>> /home/al/llvm-9.0.0.src/lib/ExecutionEngine/Interpreter/Execution.cpp:2161:0
>>>> #14 0x0000564bacfd6bdc llvm::Interpreter::runFunction(llvm::Function*,
>>>> llvm::ArrayRef<llvm::GenericValue>)
>>>> /home/al/llvm-9.0.0.src/lib/ExecutionEngine/Interpreter/Interpreter.cpp:101:0
>>>> #15 0x0000564bacfbfb94
>>>> llvm::ExecutionEngine::runFunctionAsMain(llvm::Function*,
>>>> std::vector<std::__cxx11::basic_string<char, std::char_traits<char>,
>>>> std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char,
>>>> std::char_traits<char>, std::allocator<char> > > > const&, char const*
>>>> const*)
>>>> /home/al/llvm-9.0.0.src/lib/ExecutionEngine/ExecutionEngine.cpp:470:0
>>>> #16 0x0000564bac794cc4 main
>>>> /home/al/llvm-9.0.0.src/tools/lli/lli.cpp:614:0
>>>> #17 0x00007f697c9edb97 __libc_start_main
>>>> /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:344:0
>>>> #18 0x0000564bac791a9a _start (/usr/local/bin/lli+0x110aa9a)
>>>> [1]    12828 abort (core dumped)  /usr/local/bin/lli
>>>> --force-interpreter pngpixel_crash.bc 0 0 mini.png
>>>>
>>>> So I'm certaint that the crash happend
>>>> in ExecutionEngine::getConstantValue.
>>>>
>>>> In addition, I have noticed that ElemTy->getTypeID() is 15 ( pointer
>>>> type of type struct.code ) but the switch branch ( Line 917 ) in not able
>>>> to deal with it so the llvm_unrecheable instruction is reached.
>>>>
>>>> So I can conclude that the problem is that the switch branch is not
>>>> able to deal with pointers.. Any suggestion on how to fix it please?
>>>>
>>>> Do it help to narrow down the problem?
>>>>
>>>> Thanks
>>>>
>>>>
>>>> Il giorno ven 3 gen 2020 alle ore 11:28 Alberto Barbaro <
>>>> barbaro.alberto at gmail.com> ha scritto:
>>>>
>>>>> David,
>>>>> Using llvm 9 the crash is not present anymore. I think it was just
>>>>> time for me to update my code...
>>>>>
>>>>> Thanks for your help
>>>>>
>>>>> Alberto
>>>>>
>>>>> On Tue, Dec 24, 2019, 21:16 Alberto Barbaro <barbaro.alberto at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi David,
>>>>>> In pretty sure that the crash is due to the instruction I have shared
>>>>>> in my first email. In order to run pngpixel you just need libpng and zlib..
>>>>>> honest I thought that the .bc had Al the necessary. I'm happy to help you
>>>>>> to reproduce it. As a curiosity, why do you think you cannot reproduce it?
>>>>>>
>>>>>> Unfortunately I won't be able to modify the interpreter soon..
>>>>>> anyway, I'll try to dump s much info as possible.
>>>>>>
>>>>>> Thanks
>>>>>> Alberto
>>>>>>
>>>>>>
>>>>>> On Tue, Dec 24, 2019, 22:09 David Blaikie <dblaikie at gmail.com> wrote:
>>>>>>
>>>>>>> I can't reproduce it (just because of other local differences that
>>>>>>> lead to failures before it reaches this point, not because it passes for me
>>>>>>> or anything)
>>>>>>>
>>>>>>> I'd suggest you hop in with a debugger and/or modify the interpreter
>>>>>>> to print more information at that unreachable - to see what sort of type
>>>>>>> you do have & maybe then it'll be more clear what should be done with that
>>>>>>> type, or why it's a weird type, etc.
>>>>>>>
>>>>>>> On Thu, Dec 19, 2019 at 11:32 AM Alberto Barbaro <
>>>>>>> barbaro.alberto at gmail.com> wrote:
>>>>>>>
>>>>>>>> Hi David,
>>>>>>>> Thanks for the suggestions. I can definitely provide the example bc
>>>>>>>> file and image ( please see the attachments ). For the debug + asserts I
>>>>>>>> need a bit of more time.
>>>>>>>>
>>>>>>>> Anyway the full output of lli is:
>>>>>>>>
>>>>>>>> lli --force-interpreter examples/pngpixel_crash.bc 0 0
>>>>>>>> examples/mini.png
>>>>>>>> png_ptr->width: 1
>>>>>>>> max_pixel_depth: 24
>>>>>>>> row_bytes: 28
>>>>>>>> Unknown constant pointer type!
>>>>>>>> UNREACHABLE executed at
>>>>>>>> /home/al/Desktop/llvm-6.0.1.src/lib/ExecutionEngine/ExecutionEngine.cpp:1007!
>>>>>>>> LLVMSymbolizer: error reading file: No such file or directory
>>>>>>>> #0 0x0000000001765ee9 (lli+0x1765ee9)
>>>>>>>> #1 0x0000000001766099 (lli+0x1766099)
>>>>>>>> #2 0x0000000001764643 (lli+0x1764643)
>>>>>>>> #3 0x0000000001766424 (lli+0x1766424)
>>>>>>>> #4 0x00007f5dc5fc7890 __restore_rt
>>>>>>>> (/lib/x86_64-linux-gnu/libpthread.so.0+0x12890)
>>>>>>>> #5 0x00007f5dc4a85e97 gsignal
>>>>>>>> (/lib/x86_64-linux-gnu/libc.so.6+0x3ee97)
>>>>>>>> #6 0x00007f5dc4a87801 abort
>>>>>>>> (/lib/x86_64-linux-gnu/libc.so.6+0x40801)
>>>>>>>> #7 0x00000000016d7150 (lli+0x16d7150)
>>>>>>>> #8 0x0000000001139543 (lli+0x1139543)
>>>>>>>> #9 0x00000000011500b8 (lli+0x11500b8)
>>>>>>>> #10 0x000000000115c25d (lli+0x115c25d)
>>>>>>>> #11 0x0000000001167d32 (lli+0x1167d32)
>>>>>>>> #12 0x000000000116430d (lli+0x116430d)
>>>>>>>> #13 0x0000000001163580 (lli+0x1163580)
>>>>>>>> #14 0x000000000114e197 (lli+0x114e197)
>>>>>>>> #15 0x0000000001135ba0 (lli+0x1135ba0)
>>>>>>>> #16 0x00000000008c729d (lli+0x8c729d)
>>>>>>>> #17 0x00007f5dc4a68b97 __libc_start_main
>>>>>>>> (/lib/x86_64-linux-gnu/libc.so.6+0x21b97)
>>>>>>>> #18 0x00000000008c4f1a (lli+0x8c4f1a)
>>>>>>>> Stack dump:
>>>>>>>> 0. Program arguments: lli --force-interpreter
>>>>>>>> examples/pngpixel_crash.bc 0 0 examples/mini.png
>>>>>>>> [1]    4344 abort (core dumped)  lli --force-interpreter
>>>>>>>> examples/pngpixel_crash.bc 0 0 examples/mini.png
>>>>>>>>
>>>>>>>> Please let me know if you can reproduce it!!
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>> Alberto
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Dec 19, 2019, 19:10 David Blaikie <dblaikie at gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Probably need a debug (& probably +Asserts) build to see more
>>>>>>>>> about where it's failing & that might help you fix it - if you want other
>>>>>>>>> folks to be able to help debug the issue, providing the full reproduction
>>>>>>>>> steps (the entire input files, what commands were run, etc) - though,
>>>>>>>>> preferably, minimized (simplify the inputs/commands, etc, while still
>>>>>>>>> producing the failure)
>>>>>>>>>
>>>>>>>>> On Thu, Dec 19, 2019 at 11:06 AM Alberto Barbaro via llvm-dev <
>>>>>>>>> llvm-dev at lists.llvm.org> wrote:
>>>>>>>>>
>>>>>>>>>> Hi all,
>>>>>>>>>> as usual I'm playing with the Interpreter and unfortunately I hit
>>>>>>>>>> a crash. I have narrowed down the problem an the crash happens inside the
>>>>>>>>>> inflate function which is part of zlib and specifically at the instruction:
>>>>>>>>>>
>>>>>>>>>> store <2 x %struct.code*> <%struct.code* getelementptr inbounds
>>>>>>>>>> ([512 x %struct.code], [512 x %struct.code]* @fixedtables.lenfix.681, i64
>>>>>>>>>> 0, i64 0), %struct.code* getelementptr inbounds ([32 x %struct.code], [32 x
>>>>>>>>>> %struct.code]* @fixedtables.distfix.682, i64 0, i64 0)>, <2 x
>>>>>>>>>> %struct.code*>* %96, align 8, !tbaa !46
>>>>>>>>>>
>>>>>>>>>> The output from lli is:
>>>>>>>>>>
>>>>>>>>>> Unknown constant pointer type!
>>>>>>>>>> UNREACHABLE executed at
>>>>>>>>>> /home/al/Desktop/llvm-6.0.1.src/lib/ExecutionEngine/ExecutionEngine.cpp:1007!
>>>>>>>>>> LLVMSymbolizer: error reading file: No such file or directory
>>>>>>>>>> #0 0x0000000001765ee9 (lli+0x1765ee9)
>>>>>>>>>> #1 0x0000000001766099 (lli+0x1766099)
>>>>>>>>>> #2 0x0000000001764643 (lli+0x1764643)
>>>>>>>>>> #3 0x0000000001766424 (lli+0x1766424)
>>>>>>>>>> #4 0x00007faade157890 __restore_rt
>>>>>>>>>> (/lib/x86_64-linux-gnu/libpthread.so.0+0x12890)
>>>>>>>>>> #5 0x00007faadcc15e97 gsignal
>>>>>>>>>> (/lib/x86_64-linux-gnu/libc.so.6+0x3ee97)
>>>>>>>>>> #6 0x00007faadcc17801 abort
>>>>>>>>>> (/lib/x86_64-linux-gnu/libc.so.6+0x40801)
>>>>>>>>>> #7 0x00000000016d7150 (lli+0x16d7150)
>>>>>>>>>> #8 0x0000000001139543 (lli+0x1139543)
>>>>>>>>>> #9 0x00000000011500b8 (lli+0x11500b8)
>>>>>>>>>> #10 0x000000000115c25d (lli+0x115c25d)
>>>>>>>>>> #11 0x0000000001167d32 (lli+0x1167d32)
>>>>>>>>>> #12 0x000000000116430d (lli+0x116430d)
>>>>>>>>>> #13 0x0000000001163580 (lli+0x1163580)
>>>>>>>>>> #14 0x000000000114e197 (lli+0x114e197)
>>>>>>>>>> #15 0x0000000001135ba0 (lli+0x1135ba0)
>>>>>>>>>> #16 0x00000000008c729d (lli+0x8c729d)
>>>>>>>>>> #17 0x00007faadcbf8b97 __libc_start_main
>>>>>>>>>> (/lib/x86_64-linux-gnu/libc.so.6+0x21b97)
>>>>>>>>>> #18 0x00000000008c4f1a (lli+0x8c4f1a)
>>>>>>>>>>
>>>>>>>>>> Is there anyone that can help me to understand how to fix it even
>>>>>>>>>> a simple workaround for the moment would be enough!
>>>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>> Alberto
>>>>>>>>>> _______________________________________________
>>>>>>>>>> LLVM Developers mailing list
>>>>>>>>>> llvm-dev at lists.llvm.org
>>>>>>>>>> https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>>>>>>>>>>
>>>>>>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20200216/6b93de6d/attachment.html>

More information about the llvm-dev mailing list