GlobalsEncryption 在编译 protobuf 时由于浮点型变量没有了正确处理而 crash

[mrh929]

chi_square-4614c1.zip

• 编译选项 -mllvm -gle
• 编译报错：

PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /home/mrh929/git/Pluto-Obfuscator/install/bin/clang-12 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj -mrelax-all --mrelax-relocations -disable-free -disable-llvm-verifier -discard-value-names -main-file-name chi_square.cc -mrelocation-model static -mframe-pointer=all -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -fno-split-dwarf-inlining -debugger-tuning=gdb -sys-header-deps -D NOMINMAX -Wall -Wextra -Wcast-qual -Wconversion -Wfloat-overflow-conversion -Wfloat-zero-conversion -Wfor-loop-analysis -Wformat-security -Wgnu-redeclared-enum -Winfinite-recursion -Winvalid-constexpr -Wliteral-conversion -Wmissing-declarations -Woverlength-strings -Wpointer-arith -Wself-assign -Wshadow-all -Wshorten-64-to-32 -Wsign-conversion -Wstring-conversion -Wtautological-overlap-compare -Wtautological-unsigned-zero-compare -Wundef -Wuninitialized -Wunreachable-code -Wunused-comparison -Wunused-local-typedefs -Wunused-result -Wvla -Wwrite-strings -Wno-float-conversion -Wno-implicit-float-conversion -Wno-implicit-int-float-conversion -Wno-unknown-warning-option -fdeprecated-macro -ferror-limit 19 -fgnuc-version=4.2.1 -fcxx-exceptions -fexceptions -fcolor-diagnostics -mllvm -gle -faddrsig -x c++ chi_square-4614c1.cpp
1.      <eof> parser at end of file
2.      Code generation
3.      Running pass 'Function Pass Manager' on module 'chi_square-4614c1.cpp'.
4.      Running pass 'X86 DAG->DAG Instruction Selection' on function '@acebe3527d5b22a6ecdebc0e07c9650b3772599e'
 #0 0x00007f02ba71b202 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/libLLVMSupport.so.12+0x19b202)
 #1 0x00007f02ba718e44 llvm::sys::RunSignalHandlers() (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/libLLVMSupport.so.12+0x198e44)
 #2 0x00007f02ba718fb5 SignalHandler(int) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/libLLVMSupport.so.12+0x198fb5)
 #3 0x00007f02ba160520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #4 0x00007f02b9d0df72 llvm::DAGTypeLegalizer::PromoteIntOp_VECREDUCE(llvm::SDNode*) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/../lib/libLLVMSelectionDAG.so.12+0x15cf72)
 #5 0x00007f02b9d0e48b llvm::DAGTypeLegalizer::PromoteIntegerOperand(llvm::SDNode*, unsigned int) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/../lib/libLLVMSelectionDAG.so.12+0x15d48b)
 #6 0x00007f02b9d1b2f7 llvm::DAGTypeLegalizer::run() (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/../lib/libLLVMSelectionDAG.so.12+0x16a2f7)
 #7 0x00007f02b9d1b8b5 llvm::SelectionDAG::LegalizeTypes() (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/../lib/libLLVMSelectionDAG.so.12+0x16a8b5)
 #8 0x00007f02b9e32cf5 llvm::SelectionDAGISel::CodeGenAndEmitDAG() (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/../lib/libLLVMSelectionDAG.so.12+0x281cf5)
 #9 0x00007f02b9e35c10 llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/../lib/libLLVMSelectionDAG.so.12+0x284c10)
#10 0x00007f02b9e383f8 llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&) (.part.0) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/../lib/libLLVMSelectionDAG.so.12+0x2873f8)
#11 0x00007f02bda66f0d (anonymous namespace)::X86DAGToDAGISel::runOnMachineFunction(llvm::MachineFunction&) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/libLLVMX86CodeGen.so.12+0x124f0d)
#12 0x00007f02bcc53c17 llvm::MachineFunctionPass::runOnFunction(llvm::Function&) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/libLLVMCodeGen.so.12+0x28ec17)
#13 0x00007f02baa69380 llvm::FPPassManager::runOnFunction(llvm::Function&) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/libLLVMCore.so.12+0x208380)
#14 0x00007f02baa6a8d4 llvm::FPPassManager::runOnModule(llvm::Module&) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/libLLVMCore.so.12+0x2098d4)
#15 0x00007f02baa68c40 llvm::legacy::PassManagerImpl::run(llvm::Module&) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/libLLVMCore.so.12+0x207c40)
#16 0x00007f02bd0af073 (anonymous namespace)::EmitAssemblyHelper::EmitAssembly(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) (.constprop.0) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/libclangCodeGen.so.12+0xe4073)
#17 0x00007f02bd0b0f8a clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/libclangCodeGen.so.12+0xe5f8a)
#18 0x00007f02bd421e76 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/libclangCodeGen.so.12+0x456e76)
#19 0x00007f02b8976eb9 clang::ParseAST(clang::Sema&, bool, bool) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/../lib/libclangParse.so.12+0x39eb9)
#20 0x00007f02bbf68209 clang::FrontendAction::Execute() (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/libclangFrontend.so.12+0xf0209)
#21 0x00007f02bbefdf03 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/libclangFrontend.so.12+0x85f03)
#22 0x00007f02bd633328 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/home/mrh929/git/Pluto-Obfuscator/install/bin/../lib/libclangFrontendTool.so.12+0x5328)
#23 0x000056380187a195 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/home/mrh929/git/Pluto-Obfuscator/install/bin/clang-12+0x14195)
#24 0x0000563801877b27 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) (/home/mrh929/git/Pluto-Obfuscator/install/bin/clang-12+0x11b27)
#25 0x00005638018742dc main (/home/mrh929/git/Pluto-Obfuscator/install/bin/clang-12+0xe2dc)
#26 0x00007f02ba147d90 __libc_start_call_main ./csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#27 0x00007f02ba147e40 call_init ./csu/../csu/libc-start.c:128:20
#28 0x00007f02ba147e40 __libc_start_main ./csu/../csu/libc-start.c:379:5
#29 0x00005638018774d5 _start (/home/mrh929/git/Pluto-Obfuscator/install/bin/clang-12+0x114d5)
Segmentation fault

压缩包里面附上了 debug.ll，说明中间层的 pass 本身没有 crash，而是后端 pass crash 了，原因就是它无法处理 double 类型的 IR：

具体一点，GlobalsEncryption 生成了这个解密函数，无法被后端正确处理：

define void @acebe3527d5b22a6ecdebc0e07c9650b3772599e() {
  %1 = alloca i32, align 4
  store i32 0, i32* %1, align 4
  br label %2

2:                                                ; preds = %9, %0
  %3 = load i32, i32* %1, align 4
  %4 = icmp slt i32 %3, 5
  br i1 %4, label %5, label %11

5:                                                ; preds = %2
  %6 = getelementptr [5 x double], [5 x double]* @_ZZN4absl12lts_2023080215random_internal12_GLOBAL__N_115normal_survivalEdE2kR, i32 0, i32 %3
  %7 = load double, double* %6, align 8
  %8 = xor double %7, i0 1975683127162860763
  store double %8, double* %6, align 8
  br label %9

9:                                                ; preds = %5
  %10 = add i32 %3, 1
  store i32 %10, i32* %1, align 4
  br label %2

11:                                               ; preds = %2
  ret void
}