search

SVF-tools / SVF

Static Value-Flow Analysis Framework for Source Code
http://svf-tools.github.io/SVF/
Other
1.43k stars 435 forks source link

Assertion `iter!=objSymMap.end() && "obj sym not found" #1071

Open tregua87 opened 1 year ago

tregua87 commented 1 year ago

Hi, I am analyzing libxml2 compiled with -O0 -g, but seems that SVG generates an internal error when updating the call-graph.

It seems an internal error of SVF. I am trying ti rebuild SVF in debug mode to find the culprit.

Meanwhile, here more the details. Maybe something like that has been already resolved/observed?

SVF commit 1c09651a6c4089402b1c072a1b0ab901bc963846
libxml2 7846b0a677f8d3ce72486125fa281e92ac9970e8 (https://github.com/GNOME/libxml2) Clang version

clang version 12.0.0
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/libfuzz/llvm-build/bin/.
PTACallGraph* callgraph = point_to_analysys->getPTACallGraph();
builder.updateCallGraph(callgraph);
icfg = pag->getICFG();
icfg->updateCallGraph(callgraph); // <= exception arose here (according to GDB)

Error:

extractor: /home/.../SVF/include/MemoryModel/SymbolTableInfo.h:241: SVF::SymID SVF::SymbolTableInfo::getObjSym(const Value*) const: Assertion `iter!=objSymMap.end() && "obj sym not found"' failed.
[1]    2647 abort (core dumped)  ./tool [..]/libxml2.a.bc
yuleisui commented 1 year ago

Would you be able to upload your bc or give us a link to download ?

can you also try llvm-14?

yuleisui commented 1 year ago

Would you be able to upload your bc or give us a link to download ?

can you also try llvm-14?

Also the upstream latest SVF

tregua87 commented 1 year ago

Thanks!

Here the .bc: https://drive.google.com/file/d/1fj-I8NupTXq5LUF_56lxMqZRy6DdvtrW/view?usp=sharing

I am gonna try the upstream SVF + llvm-14. I will let you know

UPDATES:

I just tried with SVF commit a84d8cf54d810398e741bd0352e6d1b2f8ae7867 and llvm-14. I obtain the same result, here the call stack:

svf-ex: /root/SVF/svf/include/SVFIR/SymbolTableInfo.h:219: SVF::SymID SVF::SymbolTableInfo::getObjSym(const SVF::SVFValue*) const: Assertion `iter!=objSymMap.end() && "obj sym not found"' failed.

Program received signal SIGABRT, Aborted.
0x00007f2b7d6e0a7c in pthread_kill () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0  0x00007f2b7d6e0a7c in pthread_kill () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007f2b7d68c476 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007f2b7d6727f3 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x00007f2b7d67271b in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#4  0x00007f2b7d683e96 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
#5  0x0000562d2e1c70b2 in SVF::SymbolTableInfo::getObjSym (this=0x562d2fddeb00, val=0x562d36422ec0)
    at /root/SVF/svf/include/SVFIR/SymbolTableInfo.h:219
#6  0x0000562d2e1c7bd8 in SVF::IRGraph::getObjectNode (this=0x562d48c28a90, V=0x562d36422ec0)
    at /root/SVF/svf/include/Graphs/IRGraph.h:150
#7  0x0000562d2e1c9c93 in SVF::SVFIRBuilder::getObjectNode (this=0x7ffc96565480, V=0x562d304cba70)
    at /root/SVF/svf-llvm/include/SVF-LLVM/SVFIRBuilder.h:101
#8  0x0000562d2e1c2e93 in SVF::SVFIRBuilder::parseOperations (this=0x7ffc96565480, 
    operations=std::vector of length 1, capacity 1 = {...}, cs=0x562d304cba70)
    at /root/SVF/svf-llvm/lib/SVFIRBuilder.cpp:1249
#9  0x0000562d2e1c3811 in SVF::SVFIRBuilder::handleExtCall (this=0x7ffc96565480, cs=0x562d304cba70, 
    callee=0x562d2ff625d8) at /root/SVF/svf-llvm/lib/SVFIRBuilder.cpp:1330
#10 0x0000562d2e1c5269 in SVF::SVFIRBuilder::updateCallGraph (this=0x7ffc96565480, 
    callgraph=0x562d7b6de350) at /root/SVF/svf-llvm/lib/SVFIRBuilder.cpp:1577
#11 0x0000562d2e155100 in main (argc=2, argv=0x7ffc96565618)
    at /root/condition_extractor/src/extractor.cpp:98

UPDATE2:

Here a minimal example to replicate the error.

To run ./bin/svf-ex ~/libxml2.a.bc

#include "SVF-LLVM/LLVMUtil.h"
#include "Graphs/SVFG.h"
#include "WPA/Andersen.h"
#include "WPA/AndersenPWC.h"
#include "WPA/TypeAnalysis.h"
#include "SVF-LLVM/SVFIRBuilder.h"
#include "Util/Options.h"

#include <random>
#include <algorithm>
#include <iterator>

#include <stream> 

using namespace llvm;
using namespace std;
using namespace SVF;

static llvm::cl::opt<std::string> InputFilename(cl::Positional,
        llvm::cl::desc("<input bitcode>"), llvm::cl::init("-"));

int main(int argc, char ** argv)
{
    int arg_num = 0;
    char **arg_value = new char*[argc];
    std::vector<std::string> moduleNameVec;
    LLVMUtil::processArguments(argc, argv, arg_num, arg_value, moduleNameVec);
    cl::ParseCommandLineOptions(arg_num, arg_value,
                                "Extract constraints from functions\n");

    SVFModule* svfModule = LLVMModuleSet::getLLVMModuleSet()->buildSVFModule(moduleNameVec);
    SVFIRBuilder builder(svfModule);
    SVFIR* pag = builder.build();
    ICFG* icfg = pag->getICFG();

    Andersen* point_to_analysys = AndersenWaveDiff::createAndersenWaveDiff(pag);
    PAG::FunToRetMap funmap_ret = pag->getFunRets();

    PTACallGraph* callgraph = point_to_analysys->getPTACallGraph();
    builder.updateCallGraph(callgraph);
    icfg = pag->getICFG();
    icfg->updateCallGraph(callgraph); // <= crashing here!!

    outs() << "[INFO] Done\n";
    return 0;
}
yuleisui commented 1 year ago

Any updates for running on the latest SVF?

tregua87 commented 1 year ago

Yes, I tried on the latest SVF and still same problem. (Probably I was not clear in the previous post, sorry).

Also, I used llvm-14, but still.

yuleisui commented 1 year ago

The issue has been fixed https://github.com/SVF-tools/SVF/pull/1085.

Could you try again and let us know if there is still a problem?

tregua87 commented 1 year ago

Now I have problem to compile last SVG commit with the example (https://github.com/SVF-tools/SVF-example/tree/master) to test the error. Here the error when compiling SVF-example.

/usr/bin/ld: /root/SVF/Release-build/svf-llvm/libSvfLLVM.a(ConsG.cpp.o): relocation R_X86_64_32S against symbol `_ZTVN3SVF14ConstraintNodeE' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld: /root/SVF/Release-build/svf-llvm/libSvfLLVM.a(PTACallGraph.cpp.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld: /root/SVF/Release-build/svf-llvm/libSvfLLVM.a(SVFGOPT.cpp.o): relocation R_X86_64_32S against `.rodata' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld: /root/SVF/Release-build/svf-llvm/libSvfLLVM.a(ThreadCallGraph.cpp.o): relocation R_X86_64_32S against symbol `_ZTVN3SVF15ThreadCallGraphE' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld: /root/SVF/Release-build/svf-llvm/libSvfLLVM.a(MemPartition.cpp.o): relocation R_X86_64_32 against `.rodata' can not be used when making a PIE object; recompile with -fPIE
collect2: error: ld returned 1 exit status
make[2]: *** [src/CMakeFiles/svf-ex.dir/build.make:120: bin/svf-ex] Error 1
make[1]: *** [CMakeFiles/Makefile2:178: src/CMakeFiles/svf-ex.dir/all] Error 2
make: *** [Makefile:84: all] Error 2
yuleisui commented 1 year ago

It compiles fine on my local machine and the CIs look good. @jumormt could you please have a look at this?

yuleisui commented 1 year ago

In the case for Position Independent Code. Do we need to add "-fPIE" or "-fPIC" in SVF's cmakelist file https://github.com/SVF-tools/SVF/blob/master/CMakeLists.txt#L16? @xudon9

tregua87 commented 1 year ago

Probably something wired on my configuration. If I try with latest npm packets I can compile just fine and my issue w/ libxml2 seems resolved.

Is the latest npm version synced with the repository last commits? Meaning, I can use that instead of recompiling the repo?

yuleisui commented 1 year ago

Good to know. Yes, it is synced with the lastest upstream svf