[llvm-dev] crash problem when using IndirectBrInst to replace BranchInst
Baozeng via llvm-dev
llvm-dev at lists.llvm.org
Fri Aug 31 00:22:15 PDT 2018
With Debug mode, it shows the assert error:
Assertion failed: (I != BlockLiveness.end() && "Predecessor not found"),
function calculateLocalLiveness, file lib/CodeGen/StackColoring.cpp, line
782.
1. <eof> parser at end of file
2. Code generation
3. Running pass 'Function Pass Manager' on module
'busybox/archival/libarchive/decompress_bunzip2.c'.
4. Running pass 'Merge disjoint stack slots' on function '@read_bunzip'
clang: error: unable to execute command: Abort trap: 6
clang: error: clang frontend command failed due to signal (use -v to see
invocation)
It seems the block's predecessor is lost, any suggestion? Thanks.
mayuyu.io <admin at mayuyu.io> 于2018年8月30日周四 下午6:20写道:
> I suggest building LLVM in Debug mode and read the asserts
>
> Zhang
>
> 在 2018年8月30日,17:58,Baozeng via llvm-dev <llvm-dev at lists.llvm.org> 写道:
>
>
> Hello all,
>
> I have written a pass, which replaces condition branchinst using
> indirectBr to obfuscate program.
>
>
> The origin IR is as the following:
>
> br i1 %1, label %2, label %3
>
>
> And the transformed IR is as the follwoing:
>
> %4 = select i1 %1, i8* blockaddress(@func, %2), i8* blockaddress(@func,
> %3)
>
> indirectbr i8* %4, [label %2, label %3]
>
>
>
> The pass's core function is as the following:
>
>
> BasicBlock *TrueDest = BI->getSuccessor(0);//BI is a conditional
> branch
>
> BasicBlock *FalseDest = BI->getSuccessor(1);
>
>
>
> BlockAddress * TrueDestAddr = BlockAddress::get(TrueDest);
>
> BlockAddress * FalseDestAddr = BlockAddress::get(FalseDest);
>
>
> Value * ConditionValue = BI->getCondition();
>
>
>
> SelectInst * SI = SelectInst::Create(ConditionValue, TrueDestAddr,
> FalseDestAddr, "", BI);
>
>
>
> IndirectBrInst *indirBr = IndirectBrInst::Create(SI, 2, BI);
>
> indirBr->addDestination(TrueDest);
>
> indirBr->addDestination(FalseDest);
>
> BI->eraseFromParent();
>
>
> But I met the following crash when using this pass to build the arm
> target. The crash log is:
>
>
> Process: clang [894]
>
> Path: /Users/USER/Library/Android/*/clang
>
> Identifier: clang
>
> Version: 6.0.0 (6.0)
>
> Code Type: X86-64 (Native)
>
> Parent Process: clang [893]
>
> Responsible: clang [894]
>
> User ID: 501
>
>
> Date/Time: 2018-08-30 17:31:27.215 +0800
>
> OS Version: Mac OS X 10.13.6 (17G65)
>
> Report Version: 12
>
> Anonymous UUID: EBCD2C91-4439-C1F4-B504-A32D567161A7
>
>
> Sleep/Wake UUID: 5EB83694-4FFE-458B-85E5-ABCD219ACB1E
>
>
> Time Awake Since Boot: 370000 seconds
>
> Time Since Wake: 17000 seconds
>
>
> System Integrity Protection: enabled
>
>
> Crashed Thread: 0 Dispatch queue: com.apple.main-thread
>
>
> Exception Type: EXC_BAD_ACCESS (SIGBUS)
>
> Exception Codes: KERN_PROTECTION_FAILURE at 0x000000010457c000
>
> Exception Note: EXC_CORPSE_NOTIFY
>
>
> Termination Signal: Bus error: 10
>
> Termination Reason: Namespace SIGNAL, Code 0xa
>
> Terminating Process: exc handler [0]
>
>
> VM Regions Near 0x10457c000:
>
> MALLOC metadata 000000010457b000-000000010457c000 [ 4K]
> rw-/rwx SM=ZER
>
> --> MALLOC guard page 000000010457c000-000000010457d000 [ 4K]
> ---/rwx SM=ZER
>
> MALLOC metadata 000000010457d000-0000000104581000 [ 16K]
> rw-/rwx SM=ZER
>
>
> Application Specific Information:
>
> Stack dump:
>
> 0. Program arguments:
> //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/bin/clang
> -cc1 -triple thumbv7-none-linux-android14 -emit-obj -mnoexecstack
> -disable-free -disable-llvm-verifier -discard-value-names -main-file-name
> bzip2.c -mrelocation-model pic -pic-level 1 -mthread-model posix
> -mdisable-fp-elim -fmath-errno -masm-verbose -mconstructor-aliases
> -munwind-tables -fuse-init-array -target-cpu generic -target-feature
> +soft-float-abi -target-feature -fp-only-sp -target-feature +d16
> -target-feature +vfp3 -target-feature -fp16 -target-feature -vfp4
> -target-feature -fp-armv8 -target-feature -neon -target-feature -crypto
> -target-abi aapcs-linux -mfloat-abi soft -fallow-half-arguments-and-returns
> -dwarf-column-info -debug-info-kind=limited -dwarf-version=4
> -debugger-tuning=gdb -target-linker-version 351.8 -ffunction-sections
> -coverage-notes-file
> /Users/dingbaozeng/work/native_obfuscator/tests/./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.gcno
> -resource-dir
> //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/lib/clang/6.0.0
> -dependency-file
> ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o.d -MT
> ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o -MP -isystem
> //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/include/arm-linux-androideabi
> -D NDEBUG -I busybox/include -I busybox -D ANDROID -D
> BB_VER="1.28.4-topjohnwu" -D BB_BT=AUTOCONF_TIMESTAMP -D __ANDROID_API__=14
> -isysroot //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot
> -internal-isystem
> //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/local/include
> -internal-isystem
> //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/lib/clang/6.0.0/include
> -internal-externc-isystem
> //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/include
> -internal-externc-isystem
> //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/include -Os
> -Wno-invalid-command-line-argument -Wno-unused-command-line-argument
> -Wno-error=format-security -w -fdebug-compilation-dir
> /Users/dingbaozeng/work/native_obfuscator/tests -ferror-limit 19
> -fmessage-length 138 -femulated-tls -stack-protector 2 -fno-signed-char
> -fobjc-runtime=gcc -fdiagnostics-show-option -fcolor-diagnostics
> -vectorize-loops -vectorize-slp -mllvm -indibran -o
> ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o -x c
> busybox/archival/bzip2.c
>
> 1. <eof> parser at end of file
>
> 2. Code generation
>
> 3. Running pass 'Function Pass Manager' on module
> 'busybox/archival/bzip2.c'.
>
> 4. Running pass 'Merge disjoint stack slots' on function '@mainSort'
>
>
>
>
> Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
>
> 0 clang 0x00000001011233c0 (anonymous
> namespace)::StackColoring::runOnMachineFunction(llvm::MachineFunction&) +
> 8448
>
> 1 clang 0x0000000100ff0746
> llvm::MachineFunctionPass::runOnFunction(llvm::Function&) + 134
>
> 2 clang 0x000000010124cdd2
> llvm::FPPassManager::runOnFunction(llvm::Function&) + 546
>
> 3 clang 0x000000010124cfe3
> llvm::FPPassManager::runOnModule(llvm::Module&) + 67
>
> 4 clang 0x000000010124d458
> llvm::legacy::PassManagerImpl::run(llvm::Module&) + 888
>
> 5 clang 0x00000001018d7f5b
> clang::EmitBackendOutput(clang::DiagnosticsEngine&,
> clang::HeaderSearchOptions const&, clang::CodeGenOptions const&,
> clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout
> const&, llvm::Module*, clang::BackendAction,
> std::__1::unique_ptr<llvm::raw_pwrite_stream,
> std::__1::default_delete<llvm::raw_pwrite_stream> >) + 14907
>
> 6 clang 0x0000000101a9bc0f
> clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) + 959
>
> 7 clang 0x000000010236d7e2
> clang::ParseAST(clang::Sema&, bool, bool) + 466
>
> 8 clang 0x0000000101d038a3
> clang::FrontendAction::Execute() + 67
>
> 9 clang 0x0000000101ca4878
> clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 1208
>
> 10 clang 0x0000000101d4a0c5
> clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 4613
>
> 11 clang 0x000000010083b865
> cc1_main(llvm::ArrayRef<char const*>, char const*, void*) + 1333
>
> 12 clang 0x00000001008398e2 main + 11250
>
> 13 libdyld.dylib 0x00007fff50a2e015 start + 1
>
>
> Thread 0 crashed with X86 Thread State (64-bit):
>
> rax: 0x00000001053bc148 rbx: 0x0000000000000005 rcx:
> 0x000000000038c8cc rdx: 0x000000010457c008
>
> rdi: 0x00000000005044f1 rsi: 0x0000000000000000 rbp:
> 0x00007ffeef3c6cf0 rsp: 0x00007ffeef3c6910
>
> r8: 0x0000000003000001 r9: 0x00000001039bdec0 r10:
> 0x0000000000000000 r11: 0x0000000000000007
>
> r12: 0x00007fa712668450 r13: 0x00007ffeef3c6ba0 r14:
> 0x00007fa713a5ca00 r15: 0x00007fa712668468
>
> rip: 0x00000001011233c0 rfl: 0x0000000000010246 cr2: 0x000000010457c000
>
>
>
> Logical CPU: 2
>
> Error Code: 0x00000004
>
> Trap Number: 14
>
>
>
> Binary Images:
>
> 0x100835000 - 0x103977ff7 +clang (6.0.0 - 6.0)
> <894457CA-21F3-318A-84F6-806AED47E3F6> /Users/USER/Library/Android/*/clang
>
> 0x107ed8000 - 0x107f22acf dyld (551.4)
> <8A72DE9C-A136-3506-AA02-4BA2B82DCAF3> /usr/lib/dyld
>
> 0x7fff4e20d000 - 0x7fff4e240ff7 libclosured.dylib (551.4)
> <3FB6B209-51F4-38DA-B1D8-2EE29D5BDD83> /usr/lib/closure/libclosured.dylib
>
> 0x7fff4e747000 - 0x7fff4e748ffb libSystem.B.dylib (1252.50.4)
> <CD555F3B-FDDB-35E5-A2FB-FBBF3D62031A> /usr/lib/libSystem.B.dylib
>
> 0x7fff4e97c000 - 0x7fff4e9d2fff libc++.1.dylib (400.9)
> <7D3DACCC-3804-393C-ABC1-1A580FD00CB6> /usr/lib/libc++.1.dylib
>
> 0x7fff4e9d3000 - 0x7fff4e9f7ff7 libc++abi.dylib (400.8.2)
> <EF5E37D7-11D9-3530-BE45-B986612D13E2> /usr/lib/libc++abi.dylib
>
> 0x7fff4fa2b000 - 0x7fff4fa5bffb libncurses.5.4.dylib (53)
> <030DF747-F71B-367A-83EE-2F30B7947929> /usr/lib/libncurses.5.4.dylib
>
> 0x7fff4fe00000 - 0x7fff501ee7e7 libobjc.A.dylib (723)
> <DD9E5EC5-B507-3249-B700-93433E2D5EDF> /usr/lib/libobjc.A.dylib
>
> 0x7fff50816000 - 0x7fff50828ffb libz.1.dylib (70)
> <48C67CFC-940D-3857-8DAD-857774605352> /usr/lib/libz.1.dylib
>
> 0x7fff508c4000 - 0x7fff508c8ff7 libcache.dylib (80)
> <092479CB-1008-3A83-BECF-E115F24D13C1> /usr/lib/system/libcache.dylib
>
> 0x7fff508c9000 - 0x7fff508d3ff3 libcommonCrypto.dylib
> (60118.50.1) <029F5985-9B6E-3DCB-9B96-FD007678C6A7>
> /usr/lib/system/libcommonCrypto.dylib
>
> 0x7fff508d4000 - 0x7fff508dbfff libcompiler_rt.dylib (62)
> <968B8E3F-3681-3230-9D78-BB8732024F6E> /usr/lib/system/libcompiler_rt.dylib
>
> 0x7fff508dc000 - 0x7fff508e5ffb libcopyfile.dylib (146.50.5)
> <3885083D-50D8-3EEC-B481-B2E605180D7F> /usr/lib/system/libcopyfile.dylib
>
> 0x7fff508e6000 - 0x7fff5096bfff libcorecrypto.dylib (562.70.1)
> <5C26364F-2269-31EC-84AF-0FED2C902E38> /usr/lib/system/libcorecrypto.dylib
>
> 0x7fff509f3000 - 0x7fff50a2cff7 libdispatch.dylib (913.60.2)
> <232C69BD-022E-3AB9-8807-79F9FA7CB5EC> /usr/lib/system/libdispatch.dylib
>
> 0x7fff50a2d000 - 0x7fff50a4aff7 libdyld.dylib (551.4)
> <81BF3A82-5719-3B54-ABA9-76C82D932CAC> /usr/lib/system/libdyld.dylib
>
> 0x7fff50a4b000 - 0x7fff50a4bffb libkeymgr.dylib (28)
> <E34E283E-90FA-3C59-B48E-1277CDB9CDCE> /usr/lib/system/libkeymgr.dylib
>
> 0x7fff50a59000 - 0x7fff50a59ff7 liblaunch.dylib (1205.70.9)
> <B184B521-FF24-3142-AFAF-23D170CF918C> /usr/lib/system/liblaunch.dylib
>
> 0x7fff50a5a000 - 0x7fff50a5effb libmacho.dylib (906)
> <1902A611-081A-3452-B11E-EBD1B166E831> /usr/lib/system/libmacho.dylib
>
> 0x7fff50a5f000 - 0x7fff50a61ff3 libquarantine.dylib (86)
> <26C0BA22-8F93-3A07-9A4E-C8D53D2CE42E> /usr/lib/system/libquarantine.dylib
>
> 0x7fff50a62000 - 0x7fff50a63ff3 libremovefile.dylib (45)
> <711E18B2-5BBE-3211-A916-56740C27D17A> /usr/lib/system/libremovefile.dylib
>
> 0x7fff50a64000 - 0x7fff50a7bfff libsystem_asl.dylib (356.70.1)
> <39E46A6F-B228-3E78-B83E-1779F9707A39> /usr/lib/system/libsystem_asl.dylib
>
> 0x7fff50a7c000 - 0x7fff50a7cfff libsystem_blocks.dylib (67)
> <17303FDF-0D2D-3963-B05E-B4DF63052D47>
> /usr/lib/system/libsystem_blocks.dylib
>
> 0x7fff50a7d000 - 0x7fff50b06ff7 libsystem_c.dylib (1244.50.9)
> <1187BFE8-4576-3247-8177-481554E1F9E7> /usr/lib/system/libsystem_c.dylib
>
> 0x7fff50b07000 - 0x7fff50b0affb libsystem_configuration.dylib
> (963.50.8) <DF6B5287-203E-30CB-9947-78DF446C72B8>
> /usr/lib/system/libsystem_configuration.dylib
>
> 0x7fff50b0b000 - 0x7fff50b0effb libsystem_coreservices.dylib (51)
> <486000D3-D8CB-3BE7-8EE5-8BF380DE6DF7>
> /usr/lib/system/libsystem_coreservices.dylib
>
> 0x7fff50b0f000 - 0x7fff50b10fff libsystem_darwin.dylib
> (1244.50.9) <09C21A4A-9EE0-388B-A9D9-DFF8F6758791>
> /usr/lib/system/libsystem_darwin.dylib
>
> 0x7fff50b11000 - 0x7fff50b17ff7 libsystem_dnssd.dylib (878.70.2)
> <3290768B-54DE-3AB6-B155-AC0950AC5564> /usr/lib/system/libsystem_dnssd.dylib
>
> 0x7fff50b18000 - 0x7fff50b61ff7 libsystem_info.dylib (517.30.1)
> <AB634A98-B8AA-3804-8436-38261FC8EC4D> /usr/lib/system/libsystem_info.dylib
>
> 0x7fff50b62000 - 0x7fff50b88ff7 libsystem_kernel.dylib
> (4570.71.2) <F22B8D73-69D8-36D7-BF66-7F9AC70C08C2>
> /usr/lib/system/libsystem_kernel.dylib
>
> 0x7fff50b89000 - 0x7fff50bd4fcb libsystem_m.dylib (3147.50.1)
> <8CFB51C9-B422-3379-8552-064C63943A23> /usr/lib/system/libsystem_m.dylib
>
> 0x7fff50bd5000 - 0x7fff50bf4fff libsystem_malloc.dylib (140.50.6)
> <7FD43735-9DDD-300E-8C4A-F909A74BDF49>
> /usr/lib/system/libsystem_malloc.dylib
>
> 0x7fff50bf5000 - 0x7fff50d25ff7 libsystem_network.dylib
> (1229.70.2) <5E86B2DE-9E15-3354-8714-4094ED5F698D>
> /usr/lib/system/libsystem_network.dylib
>
> 0x7fff50d26000 - 0x7fff50d30ffb libsystem_networkextension.dylib
> (767.70.1) <D23EAFC1-E8BD-34D5-969C-6E45A1C3B4E4>
> /usr/lib/system/libsystem_networkextension.dylib
>
> 0x7fff50d31000 - 0x7fff50d3aff3 libsystem_notify.dylib (172)
> <08012EC0-2CD2-34BE-BF93-E7F56491299A>
> /usr/lib/system/libsystem_notify.dylib
>
> 0x7fff50d3b000 - 0x7fff50d42ff7 libsystem_platform.dylib
> (161.50.1) <6355EE2D-5456-3CA8-A227-B96E8F1E2AF8>
> /usr/lib/system/libsystem_platform.dylib
>
> 0x7fff50d43000 - 0x7fff50d4efff libsystem_pthread.dylib
> (301.50.1) <0E51CCBA-91F2-34E1-BF2A-FEEFD3D321E4>
> /usr/lib/system/libsystem_pthread.dylib
>
> 0x7fff50d4f000 - 0x7fff50d52fff libsystem_sandbox.dylib
> (765.70.1) <553DFCC6-9D31-3B9C-AB7C-30F6F265786D>
> /usr/lib/system/libsystem_sandbox.dylib
>
> 0x7fff50d53000 - 0x7fff50d54ff3 libsystem_secinit.dylib (30)
> <DE8D14E8-A276-3FF8-AE13-77F7040F33C1>
> /usr/lib/system/libsystem_secinit.dylib
>
> 0x7fff50d55000 - 0x7fff50d5cff7 libsystem_symptoms.dylib
> (820.60.2) <585BDFA2-D54D-39D0-8046-44E824DABD43>
> /usr/lib/system/libsystem_symptoms.dylib
>
> 0x7fff50d5d000 - 0x7fff50d70fff libsystem_trace.dylib (829.70.1)
> <3A6CB706-8CA6-3616-8AFC-14AAD7FAF187> /usr/lib/system/libsystem_trace.dylib
>
> 0x7fff50d72000 - 0x7fff50d77ff7 libunwind.dylib (35.3)
> <BEF3FB49-5604-3B5F-82B5-332B80023AC3> /usr/lib/system/libunwind.dylib
>
> 0x7fff50d78000 - 0x7fff50da5ff7 libxpc.dylib (1205.70.9)
> <0BC7AD67-671D-31D4-8B88-C317B8379598> /usr/lib/system/libxpc.dylib
>
>
> External Modification Summary:
>
> Calls made by other processes targeting this process:
>
> task_for_pid: 0
>
> thread_create: 0
>
> thread_set_state: 0
>
> Calls made by this process:
>
> task_for_pid: 0
>
> thread_create: 0
>
> thread_set_state: 0
>
> Calls made by all processes on this machine:
>
> task_for_pid: 227609
>
> thread_create: 0
>
> thread_set_state: 0
>
>
> VM Region Summary:
>
> ReadOnly portion of Libraries: Total=260.6M resident=0K(0%)
> swapped_out_or_unallocated=260.6M(100%)
>
> Writable regions: Total=142.7M written=0K(0%) resident=0K(0%)
> swapped_out=0K(0%) unallocated=142.7M(100%)
>
>
>
> VIRTUAL REGION
>
> REGION TYPE SIZE COUNT (non-coalesced)
>
> =========== ======= =======
>
> Kernel Alloc Once 8K 2
>
> MALLOC 78.2M 16
>
> MALLOC guard page 16K 5
>
> STACK GUARD 4K 2
>
> Stack 64.0M 2
>
> __DATA 5224K 45
>
> __LINKEDIT 201.9M 4
>
> __TEXT 58.8M 44
>
> mapped file 444K 9
>
> shared memory 8K 3
>
> =========== ======= =======
>
> TOTAL 408.4M 122
>
>
>
> any suggestion? Thank you.
> --
> Best Regards,
> Baozeng Ding
>
>
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>
>
--
Best Regards,
Baozeng Ding
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20180831/93585a54/attachment-0001.html>
More information about the llvm-dev
mailing list