[llvm-dev] crash problem when using IndirectBrInst to replace BranchInst
Friedman, Eli via llvm-dev
llvm-dev at lists.llvm.org
Fri Aug 31 10:59:08 PDT 2018
That looks like https://bugs.llvm.org/show_bug.cgi?id=37130 .
-Eli
On 8/31/2018 12:22 AM, Baozeng via llvm-dev wrote:
> With Debug mode, it shows the assert error:
>
> Assertion failed: (I != BlockLiveness.end() && "Predecessor not
> found"), function calculateLocalLiveness, file
> lib/CodeGen/StackColoring.cpp, line 782.
>
> 1.<eof> parser at end of file
> 2.Code generation
> 3.Running pass 'Function Pass Manager' on module
> 'busybox/archival/libarchive/decompress_bunzip2.c'.
> 4.Running pass 'Merge disjoint stack slots' on function '@read_bunzip'
> clang: error: unable to execute command: Abort trap: 6
> clang: error: clang frontend command failed due to signal (use -v to
> see invocation)
>
> It seems the block's predecessor is lost, any suggestion? Thanks.
>
> mayuyu.io <http://mayuyu.io> <admin at mayuyu.io
> <mailto:admin at mayuyu.io>> 于2018年8月30日周四 下午6:20写道:
>
> I suggest building LLVM in Debug mode and read the asserts
>
> Zhang
>
> 在 2018年8月30日,17:58,Baozeng via llvm-dev <llvm-dev at lists.llvm.org
> <mailto:llvm-dev at lists.llvm.org>> 写道:
>
>>
>> Hello all,
>>
>> I have written a pass, which replaces condition branchinst
>> using indirectBr to obfuscate program.
>>
>>
>> The origin IR is as the following:
>>
>> br i1 %1, label %2, label %3
>>
>>
>> And the transformed IR is as the follwoing:
>>
>> %4 = select i1 %1, i8* blockaddress(@func, %2), i8*
>> blockaddress(@func, %3)
>>
>> indirectbr i8* %4, [label %2, label %3]
>>
>>
>>
>> The pass's core function is as the following:
>>
>>
>> BasicBlock *TrueDest = BI->getSuccessor(0);//BI is a
>> conditional branch
>>
>> BasicBlock *FalseDest = BI->getSuccessor(1);
>>
>> BlockAddress * TrueDestAddr = BlockAddress::get(TrueDest);
>>
>> BlockAddress * FalseDestAddr = BlockAddress::get(FalseDest);
>>
>>
>> Value * ConditionValue = BI->getCondition();
>>
>> SelectInst * SI = SelectInst::Create(ConditionValue,
>> TrueDestAddr, FalseDestAddr, "", BI);
>>
>> IndirectBrInst *indirBr = IndirectBrInst::Create(SI, 2, BI);
>>
>> indirBr->addDestination(TrueDest);
>>
>> indirBr->addDestination(FalseDest);
>>
>> BI->eraseFromParent();
>>
>>
>> But I met the following crash when using this pass to build the
>> arm target. The crash log is:
>>
>>
>> Process: clang [894]
>>
>> Path: /Users/USER/Library/Android/*/clang
>>
>> Identifier: clang
>>
>> Version: 6.0.0 (6.0)
>>
>> Code Type: X86-64 (Native)
>>
>> Parent Process: clang [893]
>>
>> Responsible: clang [894]
>>
>> User ID: 501
>>
>>
>> Date/Time: 2018-08-30 17:31:27.215 +0800
>>
>> OS Version: Mac OS X 10.13.6 (17G65)
>>
>> Report Version: 12
>>
>> Anonymous UUID: EBCD2C91-4439-C1F4-B504-A32D567161A7
>>
>>
>> Sleep/Wake UUID: 5EB83694-4FFE-458B-85E5-ABCD219ACB1E
>>
>>
>> Time Awake Since Boot: 370000 seconds
>>
>> Time Since Wake: 17000 seconds
>>
>>
>> System Integrity Protection: enabled
>>
>>
>> Crashed Thread: 0 Dispatch queue: com.apple.main-thread
>>
>>
>> Exception Type: EXC_BAD_ACCESS (SIGBUS)
>>
>> Exception Codes: KERN_PROTECTION_FAILURE at 0x000000010457c000
>>
>> Exception Note: EXC_CORPSE_NOTIFY
>>
>>
>> Termination Signal: Bus error: 10
>>
>> Termination Reason: Namespace SIGNAL, Code 0xa
>>
>> Terminating Process: exc handler [0]
>>
>>
>> VM Regions Near 0x10457c000:
>>
>> MALLOC metadata 000000010457b000-000000010457c000 [ 4K]
>> rw-/rwx SM=ZER
>>
>> --> MALLOC guard page 000000010457c000-000000010457d000 [ 4K]
>> ---/rwx SM=ZER
>>
>> MALLOC metadata 000000010457d000-0000000104581000 [ 16K]
>> rw-/rwx SM=ZER
>>
>>
>> Application Specific Information:
>>
>> Stack dump:
>>
>> 0.Program arguments:
>> //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/bin/clang
>> -cc1 -triple thumbv7-none-linux-android14 -emit-obj -mnoexecstack
>> -disable-free -disable-llvm-verifier -discard-value-names
>> -main-file-name bzip2.c -mrelocation-model pic -pic-level 1
>> -mthread-model posix -mdisable-fp-elim -fmath-errno -masm-verbose
>> -mconstructor-aliases -munwind-tables -fuse-init-array
>> -target-cpu generic -target-feature +soft-float-abi
>> -target-feature -fp-only-sp -target-feature +d16 -target-feature
>> +vfp3 -target-feature -fp16 -target-feature -vfp4 -target-feature
>> -fp-armv8 -target-feature -neon -target-feature -crypto
>> -target-abi aapcs-linux -mfloat-abi soft
>> -fallow-half-arguments-and-returns -dwarf-column-info
>> -debug-info-kind=limited -dwarf-version=4 -debugger-tuning=gdb
>> -target-linker-version 351.8 -ffunction-sections
>> -coverage-notes-file
>> /Users/dingbaozeng/work/native_obfuscator/tests/./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.gcno
>> -resource-dir
>> //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/lib/clang/6.0.0
>> -dependency-file
>> ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o.d
>> -MT
>> ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o
>> -MP -isystem
>> //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/include/arm-linux-androideabi
>> -D NDEBUG -I busybox/include -I busybox -D ANDROID -D
>> BB_VER="1.28.4-topjohnwu" -D BB_BT=AUTOCONF_TIMESTAMP -D
>> __ANDROID_API__=14 -isysroot
>> //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot
>> -internal-isystem
>> //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/local/include
>> -internal-isystem
>> //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/lib/clang/6.0.0/include
>> -internal-externc-isystem
>> //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/include
>> -internal-externc-isystem
>> //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/include
>> -Os -Wno-invalid-command-line-argument
>> -Wno-unused-command-line-argument -Wno-error=format-security -w
>> -fdebug-compilation-dir
>> /Users/dingbaozeng/work/native_obfuscator/tests -ferror-limit 19
>> -fmessage-length 138 -femulated-tls -stack-protector 2
>> -fno-signed-char -fobjc-runtime=gcc -fdiagnostics-show-option
>> -fcolor-diagnostics -vectorize-loops -vectorize-slp -mllvm
>> -indibran -o
>> ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o -x
>> c busybox/archival/bzip2.c
>>
>> 1.<eof> parser at end of file
>>
>> 2.Code generation
>>
>> 3.Running pass 'Function Pass Manager' on module
>> 'busybox/archival/bzip2.c'.
>>
>> 4.Running pass 'Merge disjoint stack slots' on function '@mainSort'
>>
>>
>> Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
>>
>> 0 clang 0x00000001011233c0 (anonymous
>> namespace)::StackColoring::runOnMachineFunction(llvm::MachineFunction&)
>> + 8448
>>
>> 1 clang 0x0000000100ff0746
>> llvm::MachineFunctionPass::runOnFunction(llvm::Function&) + 134
>>
>> 2 clang 0x000000010124cdd2
>> llvm::FPPassManager::runOnFunction(llvm::Function&) + 546
>>
>> 3 clang 0x000000010124cfe3
>> llvm::FPPassManager::runOnModule(llvm::Module&) + 67
>>
>> 4 clang 0x000000010124d458
>> llvm::legacy::PassManagerImpl::run(llvm::Module&) + 888
>>
>> 5 clang 0x00000001018d7f5b
>> clang::EmitBackendOutput(clang::DiagnosticsEngine&,
>> clang::HeaderSearchOptions const&, clang::CodeGenOptions const&,
>> clang::TargetOptions const&, clang::LangOptions const&,
>> llvm::DataLayout const&, llvm::Module*, clang::BackendAction,
>> std::__1::unique_ptr<llvm::raw_pwrite_stream,
>> std::__1::default_delete<llvm::raw_pwrite_stream> >) + 14907
>>
>> 6 clang 0x0000000101a9bc0f
>> clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&)
>> + 959
>>
>> 7 clang 0x000000010236d7e2 clang::ParseAST(clang::Sema&, bool,
>> bool) + 466
>>
>> 8 clang 0x0000000101d038a3 clang::FrontendAction::Execute() + 67
>>
>> 9 clang 0x0000000101ca4878
>> clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 1208
>>
>> 10 clang 0x0000000101d4a0c5
>> clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 4613
>>
>> 11 clang 0x000000010083b865 cc1_main(llvm::ArrayRef<char const*>,
>> char const*, void*) + 1333
>>
>> 12 clang 0x00000001008398e2 main + 11250
>>
>> 13 libdyld.dylib 0x00007fff50a2e015 start + 1
>>
>>
>> Thread 0 crashed with X86 Thread State (64-bit):
>>
>> rax: 0x00000001053bc148 rbx: 0x0000000000000005 rcx:
>> 0x000000000038c8cc rdx: 0x000000010457c008
>>
>> rdi: 0x00000000005044f1 rsi: 0x0000000000000000 rbp:
>> 0x00007ffeef3c6cf0 rsp: 0x00007ffeef3c6910
>>
>> r8: 0x0000000003000001 r9: 0x00000001039bdec0 r10:
>> 0x0000000000000000 r11: 0x0000000000000007
>>
>> r12: 0x00007fa712668450 r13: 0x00007ffeef3c6ba0 r14:
>> 0x00007fa713a5ca00 r15: 0x00007fa712668468
>>
>> rip: 0x00000001011233c0 rfl: 0x0000000000010246 cr2:
>> 0x000000010457c000
>>
>> Logical CPU: 2
>>
>> Error Code: 0x00000004
>>
>> Trap Number: 14
>>
>>
>>
>> Binary Images:
>>
>> 0x100835000 - 0x103977ff7 +clang (6.0.0 - 6.0)
>> <894457CA-21F3-318A-84F6-806AED47E3F6>
>> /Users/USER/Library/Android/*/clang
>>
>> 0x107ed8000 - 0x107f22acf dyld (551.4)
>> <8A72DE9C-A136-3506-AA02-4BA2B82DCAF3> /usr/lib/dyld
>>
>> 0x7fff4e20d000 - 0x7fff4e240ff7 libclosured.dylib (551.4)
>> <3FB6B209-51F4-38DA-B1D8-2EE29D5BDD83>
>> /usr/lib/closure/libclosured.dylib
>>
>> 0x7fff4e747000 - 0x7fff4e748ffb libSystem.B.dylib
>> (1252.50.4) <CD555F3B-FDDB-35E5-A2FB-FBBF3D62031A>
>> /usr/lib/libSystem.B.dylib
>>
>> 0x7fff4e97c000 - 0x7fff4e9d2fff libc++.1.dylib (400.9)
>> <7D3DACCC-3804-393C-ABC1-1A580FD00CB6> /usr/lib/libc++.1.dylib
>>
>> 0x7fff4e9d3000 - 0x7fff4e9f7ff7 libc++abi.dylib (400.8.2)
>> <EF5E37D7-11D9-3530-BE45-B986612D13E2> /usr/lib/libc++abi.dylib
>>
>> 0x7fff4fa2b000 - 0x7fff4fa5bffb libncurses.5.4.dylib (53)
>> <030DF747-F71B-367A-83EE-2F30B7947929> /usr/lib/libncurses.5.4.dylib
>>
>> 0x7fff4fe00000 - 0x7fff501ee7e7 libobjc.A.dylib (723)
>> <DD9E5EC5-B507-3249-B700-93433E2D5EDF> /usr/lib/libobjc.A.dylib
>>
>> 0x7fff50816000 - 0x7fff50828ffb libz.1.dylib (70)
>> <48C67CFC-940D-3857-8DAD-857774605352> /usr/lib/libz.1.dylib
>>
>> 0x7fff508c4000 - 0x7fff508c8ff7 libcache.dylib (80)
>> <092479CB-1008-3A83-BECF-E115F24D13C1> /usr/lib/system/libcache.dylib
>>
>> 0x7fff508c9000 - 0x7fff508d3ff3 libcommonCrypto.dylib
>> (60118.50.1) <029F5985-9B6E-3DCB-9B96-FD007678C6A7>
>> /usr/lib/system/libcommonCrypto.dylib
>>
>> 0x7fff508d4000 - 0x7fff508dbfff libcompiler_rt.dylib (62)
>> <968B8E3F-3681-3230-9D78-BB8732024F6E>
>> /usr/lib/system/libcompiler_rt.dylib
>>
>> 0x7fff508dc000 - 0x7fff508e5ffb libcopyfile.dylib
>> (146.50.5) <3885083D-50D8-3EEC-B481-B2E605180D7F>
>> /usr/lib/system/libcopyfile.dylib
>>
>> 0x7fff508e6000 - 0x7fff5096bfff libcorecrypto.dylib
>> (562.70.1) <5C26364F-2269-31EC-84AF-0FED2C902E38>
>> /usr/lib/system/libcorecrypto.dylib
>>
>> 0x7fff509f3000 - 0x7fff50a2cff7 libdispatch.dylib
>> (913.60.2) <232C69BD-022E-3AB9-8807-79F9FA7CB5EC>
>> /usr/lib/system/libdispatch.dylib
>>
>> 0x7fff50a2d000 - 0x7fff50a4aff7 libdyld.dylib (551.4)
>> <81BF3A82-5719-3B54-ABA9-76C82D932CAC> /usr/lib/system/libdyld.dylib
>>
>> 0x7fff50a4b000 - 0x7fff50a4bffb libkeymgr.dylib (28)
>> <E34E283E-90FA-3C59-B48E-1277CDB9CDCE>
>> /usr/lib/system/libkeymgr.dylib
>>
>> 0x7fff50a59000 - 0x7fff50a59ff7 liblaunch.dylib (1205.70.9)
>> <B184B521-FF24-3142-AFAF-23D170CF918C>
>> /usr/lib/system/liblaunch.dylib
>>
>> 0x7fff50a5a000 - 0x7fff50a5effb libmacho.dylib (906)
>> <1902A611-081A-3452-B11E-EBD1B166E831> /usr/lib/system/libmacho.dylib
>>
>> 0x7fff50a5f000 - 0x7fff50a61ff3 libquarantine.dylib (86)
>> <26C0BA22-8F93-3A07-9A4E-C8D53D2CE42E>
>> /usr/lib/system/libquarantine.dylib
>>
>> 0x7fff50a62000 - 0x7fff50a63ff3 libremovefile.dylib (45)
>> <711E18B2-5BBE-3211-A916-56740C27D17A>
>> /usr/lib/system/libremovefile.dylib
>>
>> 0x7fff50a64000 - 0x7fff50a7bfff libsystem_asl.dylib
>> (356.70.1) <39E46A6F-B228-3E78-B83E-1779F9707A39>
>> /usr/lib/system/libsystem_asl.dylib
>>
>> 0x7fff50a7c000 - 0x7fff50a7cfff libsystem_blocks.dylib (67)
>> <17303FDF-0D2D-3963-B05E-B4DF63052D47>
>> /usr/lib/system/libsystem_blocks.dylib
>>
>> 0x7fff50a7d000 - 0x7fff50b06ff7 libsystem_c.dylib
>> (1244.50.9) <1187BFE8-4576-3247-8177-481554E1F9E7>
>> /usr/lib/system/libsystem_c.dylib
>>
>> 0x7fff50b07000 - 0x7fff50b0affb
>> libsystem_configuration.dylib (963.50.8)
>> <DF6B5287-203E-30CB-9947-78DF446C72B8>
>> /usr/lib/system/libsystem_configuration.dylib
>>
>> 0x7fff50b0b000 - 0x7fff50b0effb
>> libsystem_coreservices.dylib (51)
>> <486000D3-D8CB-3BE7-8EE5-8BF380DE6DF7>
>> /usr/lib/system/libsystem_coreservices.dylib
>>
>> 0x7fff50b0f000 - 0x7fff50b10fff libsystem_darwin.dylib
>> (1244.50.9) <09C21A4A-9EE0-388B-A9D9-DFF8F6758791>
>> /usr/lib/system/libsystem_darwin.dylib
>>
>> 0x7fff50b11000 - 0x7fff50b17ff7 libsystem_dnssd.dylib
>> (878.70.2) <3290768B-54DE-3AB6-B155-AC0950AC5564>
>> /usr/lib/system/libsystem_dnssd.dylib
>>
>> 0x7fff50b18000 - 0x7fff50b61ff7 libsystem_info.dylib
>> (517.30.1) <AB634A98-B8AA-3804-8436-38261FC8EC4D>
>> /usr/lib/system/libsystem_info.dylib
>>
>> 0x7fff50b62000 - 0x7fff50b88ff7 libsystem_kernel.dylib
>> (4570.71.2) <F22B8D73-69D8-36D7-BF66-7F9AC70C08C2>
>> /usr/lib/system/libsystem_kernel.dylib
>>
>> 0x7fff50b89000 - 0x7fff50bd4fcb libsystem_m.dylib
>> (3147.50.1) <8CFB51C9-B422-3379-8552-064C63943A23>
>> /usr/lib/system/libsystem_m.dylib
>>
>> 0x7fff50bd5000 - 0x7fff50bf4fff libsystem_malloc.dylib
>> (140.50.6) <7FD43735-9DDD-300E-8C4A-F909A74BDF49>
>> /usr/lib/system/libsystem_malloc.dylib
>>
>> 0x7fff50bf5000 - 0x7fff50d25ff7 libsystem_network.dylib
>> (1229.70.2) <5E86B2DE-9E15-3354-8714-4094ED5F698D>
>> /usr/lib/system/libsystem_network.dylib
>>
>> 0x7fff50d26000 - 0x7fff50d30ffb
>> libsystem_networkextension.dylib (767.70.1)
>> <D23EAFC1-E8BD-34D5-969C-6E45A1C3B4E4>
>> /usr/lib/system/libsystem_networkextension.dylib
>>
>> 0x7fff50d31000 - 0x7fff50d3aff3 libsystem_notify.dylib
>> (172) <08012EC0-2CD2-34BE-BF93-E7F56491299A>
>> /usr/lib/system/libsystem_notify.dylib
>>
>> 0x7fff50d3b000 - 0x7fff50d42ff7 libsystem_platform.dylib
>> (161.50.1) <6355EE2D-5456-3CA8-A227-B96E8F1E2AF8>
>> /usr/lib/system/libsystem_platform.dylib
>>
>> 0x7fff50d43000 - 0x7fff50d4efff libsystem_pthread.dylib
>> (301.50.1) <0E51CCBA-91F2-34E1-BF2A-FEEFD3D321E4>
>> /usr/lib/system/libsystem_pthread.dylib
>>
>> 0x7fff50d4f000 - 0x7fff50d52fff libsystem_sandbox.dylib
>> (765.70.1) <553DFCC6-9D31-3B9C-AB7C-30F6F265786D>
>> /usr/lib/system/libsystem_sandbox.dylib
>>
>> 0x7fff50d53000 - 0x7fff50d54ff3 libsystem_secinit.dylib
>> (30) <DE8D14E8-A276-3FF8-AE13-77F7040F33C1>
>> /usr/lib/system/libsystem_secinit.dylib
>>
>> 0x7fff50d55000 - 0x7fff50d5cff7 libsystem_symptoms.dylib
>> (820.60.2) <585BDFA2-D54D-39D0-8046-44E824DABD43>
>> /usr/lib/system/libsystem_symptoms.dylib
>>
>> 0x7fff50d5d000 - 0x7fff50d70fff libsystem_trace.dylib
>> (829.70.1) <3A6CB706-8CA6-3616-8AFC-14AAD7FAF187>
>> /usr/lib/system/libsystem_trace.dylib
>>
>> 0x7fff50d72000 - 0x7fff50d77ff7 libunwind.dylib (35.3)
>> <BEF3FB49-5604-3B5F-82B5-332B80023AC3>
>> /usr/lib/system/libunwind.dylib
>>
>> 0x7fff50d78000 - 0x7fff50da5ff7 libxpc.dylib (1205.70.9)
>> <0BC7AD67-671D-31D4-8B88-C317B8379598> /usr/lib/system/libxpc.dylib
>>
>>
>> External Modification Summary:
>>
>> Calls made by other processes targeting this process:
>>
>> task_for_pid: 0
>>
>> thread_create: 0
>>
>> thread_set_state: 0
>>
>> Calls made by this process:
>>
>> task_for_pid: 0
>>
>> thread_create: 0
>>
>> thread_set_state: 0
>>
>> Calls made by all processes on this machine:
>>
>> task_for_pid: 227609
>>
>> thread_create: 0
>>
>> thread_set_state: 0
>>
>>
>> VM Region Summary:
>>
>> ReadOnly portion of Libraries: Total=260.6M resident=0K(0%)
>> swapped_out_or_unallocated=260.6M(100%)
>>
>> Writable regions: Total=142.7M written=0K(0%) resident=0K(0%)
>> swapped_out=0K(0%) unallocated=142.7M(100%)
>>
>> VIRTUAL REGION
>>
>> REGION TYPE SIZE COUNT (non-coalesced)
>>
>> =========== ======= =======
>>
>> Kernel Alloc Once 8K 2
>>
>> MALLOC 78.2M 16
>>
>> MALLOC guard page 16K 5
>>
>> STACK GUARD 4K 2
>>
>> Stack 64.0M 2
>>
>> __DATA 5224K 45
>>
>> __LINKEDIT 201.9M 4
>>
>> __TEXT 58.8M 44
>>
>> mapped file 444K 9
>>
>> shared memory 8K 3
>>
>> =========== ======= =======
>>
>> TOTAL 408.4M 122
>>
>>
>>
>> any suggestion? Thank you.
>>
>> --
>> Best Regards,
>> Baozeng Ding
>>
>> _______________________________________________
>> LLVM Developers mailing list
>> llvm-dev at lists.llvm.org <mailto:llvm-dev at lists.llvm.org>
>> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>
>
>
> --
> Best Regards,
> Baozeng Ding
>
>
>
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
--
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20180831/7fb89e24/attachment-0001.html>
More information about the llvm-dev
mailing list