search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
29.18k stars 12.04k forks source link

[mlir] heap-use-after-free parsing example with forward-ref to result defined within #107121

Open dtzSiFive opened 2 months ago

dtzSiFive commented 2 months ago

Input:

scf.if %true {
  %true = arith.constant true
}

This crashes on release builds, ASAN reports heap-use-after-free. Found via fuzzing.

ASAN report ``` ================================================================= ==2358793==ERROR: AddressSanitizer: heap-use-after-free on address 0x5080000026a0 at pc 0x55e2dcac36e8 bp 0x7ffd3eca9e40 sp 0x7ffd3eca9e38 READ of size 8 at 0x5080000026a0 thread T0 #0 0x55e2dcac36e7 in void mlir::detail::IROperandBase::insertInto>(mlir::IRObjectWithUseList*) /home/will/src/sifive/circt/llvm/mlir/include/mlir/IR/UseDefLists.h:99:24 #1 0x55e2dcac36e7 in mlir::IROperand::insertIntoCurrent() /home/will/src/sifive/circt/llvm/mlir/include/mlir/IR/UseDefLists.h:186:30 #2 0x55e2e45126c3 in mlir::IROperand::IROperand(mlir::Operation*, mlir::Value) /home/will/src/sifive/circt/llvm/mlir/include/mlir/IR/UseDefLists.h:132:5 #3 0x55e2e45126c3 in mlir::OpOperand::OpOperand(mlir::Operation*, mlir::Value) /home/will/src/sifive/circt/llvm/mlir/include/mlir/IR/Value.h:284:38 #4 0x55e2e45126c3 in mlir::detail::OperandStorage::OperandStorage(mlir::Operation*, mlir::OpOperand*, mlir::ValueRange) /home/will/src/sifive/circt/llvm/mlir/lib/IR/OperationSupport.cpp:245:30 #5 0x55e2e44f66d6 in mlir::Operation::create(mlir::Location, mlir::OperationName, mlir::TypeRange, mlir::ValueRange, mlir::DictionaryAttr, mlir::OpaqueProperties, mlir::BlockRange, unsigned int) /home/will/src/sifive/circt/llvm/mlir/lib/IR/Operation.cpp:140:36 #6 0x55e2e44f5f13 in mlir::Operation::create(mlir::Location, mlir::OperationName, mlir::TypeRange, mlir::ValueRange, mlir::NamedAttrList&&, mlir::OpaqueProperties, mlir::BlockRange, unsigned int) /home/will/src/sifive/circt/llvm/mlir/lib/IR/Operation.cpp:75:10 #7 0x55e2e44f585b in mlir::Operation::create(mlir::Location, mlir::OperationName, mlir::TypeRange, mlir::ValueRange, mlir::NamedAttrList&&, mlir::OpaqueProperties, mlir::BlockRange, mlir::RegionRange) /home/will/src/sifive/circt/llvm/mlir/lib/IR/Operation.cpp:58:7 #8 0x55e2e44f54ba in mlir::Operation::create(mlir::OperationState const&) /home/will/src/sifive/circt/llvm/mlir/lib/IR/Operation.cpp:36:7 #9 0x55e2e4307350 in mlir::OpBuilder::create(mlir::OperationState const&) /home/will/src/sifive/circt/llvm/mlir/lib/IR/Builders.cpp:473:17 #10 0x55e2e8ca1623 in (anonymous namespace)::OperationParser::parseCustomOperation(llvm::ArrayRef>) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:2068:29 #11 0x55e2e8ca1623 in (anonymous namespace)::OperationParser::parseOperation() /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:1214:10 #12 0x55e2e8c9db28 in (anonymous namespace)::TopLevelOperationParser::parse(mlir::Block*, mlir::Location) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:2765:20 #13 0x55e2e8c9db28 in mlir::parseAsmSourceFile(llvm::SourceMgr const&, mlir::Block*, mlir::ParserConfig const&, mlir::AsmParserState*, mlir::AsmParserCodeCompleteContext*) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:2825:41 #14 0x55e2e406999c in mlir::parseSourceFile(std::shared_ptr const&, mlir::Block*, mlir::ParserConfig const&, mlir::LocationAttr*) /home/will/src/sifive/circt/llvm/mlir/lib/Parser/Parser.cpp:46:10 #15 0x55e2e4068961 in mlir::OwningOpRef mlir::detail::parseSourceFile const&>(mlir::ParserConfig const&, std::shared_ptr const&) /home/will/src/sifive/circt/llvm/mlir/include/mlir/Parser/Parser.h:159:14 #16 0x55e2e405d3b9 in mlir::OwningOpRef mlir::parseSourceFile(std::shared_ptr const&, mlir::ParserConfig const&) /home/will/src/sifive/circt/llvm/mlir/include/mlir/Parser/Parser.h:189:10 #17 0x55e2e405d3b9 in mlir::parseSourceFileForTool(std::shared_ptr const&, mlir::ParserConfig const&, bool) /home/will/src/sifive/circt/llvm/mlir/include/mlir/Tools/ParseUtilities.h:31:12 #18 0x55e2e405d3b9 in performActions(llvm::raw_ostream&, std::shared_ptr const&, mlir::MLIRContext*, mlir::MlirOptMainConfig const&) /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:388:33 #19 0x55e2e405cd76 in processBuffer(llvm::raw_ostream&, std::unique_ptr>, mlir::MlirOptMainConfig const&, mlir::DialectRegistry&, llvm::ThreadPoolInterface*) /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:478:12 #20 0x55e2e405cd76 in mlir::MlirOptMain(llvm::raw_ostream&, std::unique_ptr>, mlir::DialectRegistry&, mlir::MlirOptMainConfig const&)::$_0::operator()(std::unique_ptr>, llvm::raw_ostream&) const /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:561:12 #21 0x55e2e405cd76 in llvm::LogicalResult llvm::function_ref>, llvm::raw_ostream&)>::callback_fn>, mlir::DialectRegistry&, mlir::MlirOptMainConfig const&)::$_0>(long, std::unique_ptr>, llvm::raw_ostream&) /home/will/src/sifive/circt/llvm/llvm/include/llvm/ADT/STLFunctionalExtras.h:45:12 #22 0x55e2e4254f83 in llvm::function_ref>, llvm::raw_ostream&)>::operator()(std::unique_ptr>, llvm::raw_ostream&) const /home/will/src/sifive/circt/llvm/llvm/include/llvm/ADT/STLFunctionalExtras.h:68:12 #23 0x55e2e4254f83 in mlir::splitAndProcessBuffer(std::unique_ptr>, llvm::function_ref>, llvm::raw_ostream&)>, llvm::raw_ostream&, llvm::StringRef, llvm::StringRef) /home/will/src/sifive/circt/llvm/mlir/lib/Support/ToolUtilities.cpp:27:12 #24 0x55e2e4057d54 in mlir::MlirOptMain(llvm::raw_ostream&, std::unique_ptr>, mlir::DialectRegistry&, mlir::MlirOptMainConfig const&) /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:564:10 #25 0x55e2e40585f2 in mlir::MlirOptMain(int, char**, llvm::StringRef, llvm::StringRef, mlir::DialectRegistry&) /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:605:14 #26 0x55e2e4058d03 in mlir::MlirOptMain(int, char**, llvm::StringRef, mlir::DialectRegistry&) /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:621:10 #27 0x55e2dc6f8ade in main /home/will/src/sifive/circt/llvm/mlir/tools/mlir-opt/mlir-opt.cpp:317:33 #28 0x7f83a521810d in __libc_start_call_main (/nix/store/k7zgvzp2r31zkg9xqgjim7mbknryv6bs-glibc-2.39-52/lib/libc.so.6+0x2a10d) (BuildId: bc8ec5f3ac2561de8f08b232685038c7167bf4b7) #29 0x7f83a52181c8 in __libc_start_main@GLIBC_2.2.5 (/nix/store/k7zgvzp2r31zkg9xqgjim7mbknryv6bs-glibc-2.39-52/lib/libc.so.6+0x2a1c8) (BuildId: bc8ec5f3ac2561de8f08b232685038c7167bf4b7) #30 0x55e2dc5c4b64 in _start (/build/sifive/asan/bin/mlir-opt+0x9ad6b64) 0x5080000026a0 is located 0 bytes inside of 96-byte region [0x5080000026a0,0x508000002700) freed by thread T0 here: #0 0x55e2dc6ada58 in free.part.0 (/build/sifive/asan/bin/mlir-opt+0x9bbfa58) #1 0x55e2e8ca616e in (anonymous namespace)::OperationParser::addDefinition(mlir::OpAsmParser::UnresolvedOperand, mlir::Value) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:964:31 #2 0x55e2e8ca20ac in (anonymous namespace)::OperationParser::parseOperation() /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:1255:13 #3 0x55e2e8cb6b0c in (anonymous namespace)::OperationParser::parseBlockBody(mlir::Block*) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:2336:9 #4 0x55e2e8cb4ee9 in (anonymous namespace)::OperationParser::parseBlock(mlir::Block*&) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:2266:12 #5 0x55e2e8caffc0 in (anonymous namespace)::OperationParser::parseRegionBody(mlir::Region&, llvm::SMLoc, llvm::ArrayRef, bool) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:2224:7 #6 0x55e2e8caffc0 in (anonymous namespace)::OperationParser::parseRegion(mlir::Region&, llvm::ArrayRef, bool) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:2161:7 #7 0x55e2e8cab55e in (anonymous namespace)::CustomOpAsmParser::parseRegion(mlir::Region&, llvm::ArrayRef, bool) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:1825:16 #8 0x55e2e0cbcf51 in mlir::scf::IfOp::parse(mlir::OpAsmParser&, mlir::OperationState&) /home/will/src/sifive/circt/llvm/mlir/lib/Dialect/SCF/IR/SCF.cpp:2096:14 #9 0x55e2e8ca13ef in llvm::unique_function::operator()(mlir::OpAsmParser&, mlir::OperationState&) /home/will/src/sifive/circt/llvm/llvm/include/llvm/ADT/FunctionExtras.h:387:12 #10 0x55e2e8ca13ef in llvm::ParseResult llvm::function_ref::callback_fn>(long, mlir::OpAsmParser&, mlir::OperationState&) /home/will/src/sifive/circt/llvm/llvm/include/llvm/ADT/STLFunctionalExtras.h:45:12 #11 0x55e2e8ca13ef in llvm::function_ref::operator()(mlir::OpAsmParser&, mlir::OperationState&) const /home/will/src/sifive/circt/llvm/llvm/include/llvm/ADT/STLFunctionalExtras.h:68:12 #12 0x55e2e8ca13ef in (anonymous namespace)::CustomOpAsmParser::parseOperation(mlir::OperationState&) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:1561:9 #13 0x55e2e8ca13ef in (anonymous namespace)::OperationParser::parseCustomOperation(llvm::ArrayRef>) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:2057:19 #14 0x55e2e8ca13ef in (anonymous namespace)::OperationParser::parseOperation() /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:1214:10 #15 0x55e2e8c9db28 in (anonymous namespace)::TopLevelOperationParser::parse(mlir::Block*, mlir::Location) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:2765:20 #16 0x55e2e8c9db28 in mlir::parseAsmSourceFile(llvm::SourceMgr const&, mlir::Block*, mlir::ParserConfig const&, mlir::AsmParserState*, mlir::AsmParserCodeCompleteContext*) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:2825:41 #17 0x55e2e406999c in mlir::parseSourceFile(std::shared_ptr const&, mlir::Block*, mlir::ParserConfig const&, mlir::LocationAttr*) /home/will/src/sifive/circt/llvm/mlir/lib/Parser/Parser.cpp:46:10 #18 0x55e2e4068961 in mlir::OwningOpRef mlir::detail::parseSourceFile const&>(mlir::ParserConfig const&, std::shared_ptr const&) /home/will/src/sifive/circt/llvm/mlir/include/mlir/Parser/Parser.h:159:14 #19 0x55e2e405d3b9 in mlir::OwningOpRef mlir::parseSourceFile(std::shared_ptr const&, mlir::ParserConfig const&) /home/will/src/sifive/circt/llvm/mlir/include/mlir/Parser/Parser.h:189:10 #20 0x55e2e405d3b9 in mlir::parseSourceFileForTool(std::shared_ptr const&, mlir::ParserConfig const&, bool) /home/will/src/sifive/circt/llvm/mlir/include/mlir/Tools/ParseUtilities.h:31:12 #21 0x55e2e405d3b9 in performActions(llvm::raw_ostream&, std::shared_ptr const&, mlir::MLIRContext*, mlir::MlirOptMainConfig const&) /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:388:33 #22 0x55e2e405cd76 in processBuffer(llvm::raw_ostream&, std::unique_ptr>, mlir::MlirOptMainConfig const&, mlir::DialectRegistry&, llvm::ThreadPoolInterface*) /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:478:12 #23 0x55e2e405cd76 in mlir::MlirOptMain(llvm::raw_ostream&, std::unique_ptr>, mlir::DialectRegistry&, mlir::MlirOptMainConfig const&)::$_0::operator()(std::unique_ptr>, llvm::raw_ostream&) const /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:561:12 #24 0x55e2e405cd76 in llvm::LogicalResult llvm::function_ref>, llvm::raw_ostream&)>::callback_fn>, mlir::DialectRegistry&, mlir::MlirOptMainConfig const&)::$_0>(long, std::unique_ptr>, llvm::raw_ostream&) /home/will/src/sifive/circt/llvm/llvm/include/llvm/ADT/STLFunctionalExtras.h:45:12 #25 0x55e2e4254f83 in llvm::function_ref>, llvm::raw_ostream&)>::operator()(std::unique_ptr>, llvm::raw_ostream&) const /home/will/src/sifive/circt/llvm/llvm/include/llvm/ADT/STLFunctionalExtras.h:68:12 #26 0x55e2e4254f83 in mlir::splitAndProcessBuffer(std::unique_ptr>, llvm::function_ref>, llvm::raw_ostream&)>, llvm::raw_ostream&, llvm::StringRef, llvm::StringRef) /home/will/src/sifive/circt/llvm/mlir/lib/Support/ToolUtilities.cpp:27:12 #27 0x55e2e4057d54 in mlir::MlirOptMain(llvm::raw_ostream&, std::unique_ptr>, mlir::DialectRegistry&, mlir::MlirOptMainConfig const&) /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:564:10 #28 0x55e2e40585f2 in mlir::MlirOptMain(int, char**, llvm::StringRef, llvm::StringRef, mlir::DialectRegistry&) /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:605:14 #29 0x55e2e4058d03 in mlir::MlirOptMain(int, char**, llvm::StringRef, mlir::DialectRegistry&) /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:621:10 #30 0x55e2dc6f8ade in main /home/will/src/sifive/circt/llvm/mlir/tools/mlir-opt/mlir-opt.cpp:317:33 #31 0x7f83a521810d in __libc_start_call_main (/nix/store/k7zgvzp2r31zkg9xqgjim7mbknryv6bs-glibc-2.39-52/lib/libc.so.6+0x2a10d) (BuildId: bc8ec5f3ac2561de8f08b232685038c7167bf4b7) previously allocated by thread T0 here: #0 0x55e2dc6ae9bf in malloc (/build/sifive/asan/bin/mlir-opt+0x9bc09bf) #1 0x55e2e44f6311 in mlir::Operation::create(mlir::Location, mlir::OperationName, mlir::TypeRange, mlir::ValueRange, mlir::DictionaryAttr, mlir::OpaqueProperties, mlir::BlockRange, unsigned int) /home/will/src/sifive/circt/llvm/mlir/lib/IR/Operation.cpp:114:46 #2 0x55e2e44f5f13 in mlir::Operation::create(mlir::Location, mlir::OperationName, mlir::TypeRange, mlir::ValueRange, mlir::NamedAttrList&&, mlir::OpaqueProperties, mlir::BlockRange, unsigned int) /home/will/src/sifive/circt/llvm/mlir/lib/IR/Operation.cpp:75:10 #3 0x55e2e8cb1186 in (anonymous namespace)::OperationParser::createForwardRefPlaceholder(llvm::SMLoc, mlir::Type) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:1146:14 #4 0x55e2e8cb1186 in (anonymous namespace)::OperationParser::resolveSSAUse(mlir::OpAsmParser::UnresolvedOperand, mlir::Type) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:1068:18 #5 0x55e2e8caa68c in (anonymous namespace)::CustomOpAsmParser::resolveOperand(mlir::OpAsmParser::UnresolvedOperand const&, mlir::Type, llvm::SmallVectorImpl&) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:1708:29 #6 0x55e2e0cbcea2 in mlir::scf::IfOp::parse(mlir::OpAsmParser&, mlir::OperationState&) /home/will/src/sifive/circt/llvm/mlir/lib/Dialect/SCF/IR/SCF.cpp:2090:14 #7 0x55e2e8ca13ef in llvm::unique_function::operator()(mlir::OpAsmParser&, mlir::OperationState&) /home/will/src/sifive/circt/llvm/llvm/include/llvm/ADT/FunctionExtras.h:387:12 #8 0x55e2e8ca13ef in llvm::ParseResult llvm::function_ref::callback_fn>(long, mlir::OpAsmParser&, mlir::OperationState&) /home/will/src/sifive/circt/llvm/llvm/include/llvm/ADT/STLFunctionalExtras.h:45:12 #9 0x55e2e8ca13ef in llvm::function_ref::operator()(mlir::OpAsmParser&, mlir::OperationState&) const /home/will/src/sifive/circt/llvm/llvm/include/llvm/ADT/STLFunctionalExtras.h:68:12 #10 0x55e2e8ca13ef in (anonymous namespace)::CustomOpAsmParser::parseOperation(mlir::OperationState&) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:1561:9 #11 0x55e2e8ca13ef in (anonymous namespace)::OperationParser::parseCustomOperation(llvm::ArrayRef>) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:2057:19 #12 0x55e2e8ca13ef in (anonymous namespace)::OperationParser::parseOperation() /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:1214:10 #13 0x55e2e8c9db28 in (anonymous namespace)::TopLevelOperationParser::parse(mlir::Block*, mlir::Location) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:2765:20 #14 0x55e2e8c9db28 in mlir::parseAsmSourceFile(llvm::SourceMgr const&, mlir::Block*, mlir::ParserConfig const&, mlir::AsmParserState*, mlir::AsmParserCodeCompleteContext*) /home/will/src/sifive/circt/llvm/mlir/lib/AsmParser/Parser.cpp:2825:41 #15 0x55e2e406999c in mlir::parseSourceFile(std::shared_ptr const&, mlir::Block*, mlir::ParserConfig const&, mlir::LocationAttr*) /home/will/src/sifive/circt/llvm/mlir/lib/Parser/Parser.cpp:46:10 #16 0x55e2e4068961 in mlir::OwningOpRef mlir::detail::parseSourceFile const&>(mlir::ParserConfig const&, std::shared_ptr const&) /home/will/src/sifive/circt/llvm/mlir/include/mlir/Parser/Parser.h:159:14 #17 0x55e2e405d3b9 in mlir::OwningOpRef mlir::parseSourceFile(std::shared_ptr const&, mlir::ParserConfig const&) /home/will/src/sifive/circt/llvm/mlir/include/mlir/Parser/Parser.h:189:10 #18 0x55e2e405d3b9 in mlir::parseSourceFileForTool(std::shared_ptr const&, mlir::ParserConfig const&, bool) /home/will/src/sifive/circt/llvm/mlir/include/mlir/Tools/ParseUtilities.h:31:12 #19 0x55e2e405d3b9 in performActions(llvm::raw_ostream&, std::shared_ptr const&, mlir::MLIRContext*, mlir::MlirOptMainConfig const&) /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:388:33 #20 0x55e2e405cd76 in processBuffer(llvm::raw_ostream&, std::unique_ptr>, mlir::MlirOptMainConfig const&, mlir::DialectRegistry&, llvm::ThreadPoolInterface*) /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:478:12 #21 0x55e2e405cd76 in mlir::MlirOptMain(llvm::raw_ostream&, std::unique_ptr>, mlir::DialectRegistry&, mlir::MlirOptMainConfig const&)::$_0::operator()(std::unique_ptr>, llvm::raw_ostream&) const /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:561:12 #22 0x55e2e405cd76 in llvm::LogicalResult llvm::function_ref>, llvm::raw_ostream&)>::callback_fn>, mlir::DialectRegistry&, mlir::MlirOptMainConfig const&)::$_0>(long, std::unique_ptr>, llvm::raw_ostream&) /home/will/src/sifive/circt/llvm/llvm/include/llvm/ADT/STLFunctionalExtras.h:45:12 #23 0x55e2e4254f83 in llvm::function_ref>, llvm::raw_ostream&)>::operator()(std::unique_ptr>, llvm::raw_ostream&) const /home/will/src/sifive/circt/llvm/llvm/include/llvm/ADT/STLFunctionalExtras.h:68:12 #24 0x55e2e4254f83 in mlir::splitAndProcessBuffer(std::unique_ptr>, llvm::function_ref>, llvm::raw_ostream&)>, llvm::raw_ostream&, llvm::StringRef, llvm::StringRef) /home/will/src/sifive/circt/llvm/mlir/lib/Support/ToolUtilities.cpp:27:12 #25 0x55e2e4057d54 in mlir::MlirOptMain(llvm::raw_ostream&, std::unique_ptr>, mlir::DialectRegistry&, mlir::MlirOptMainConfig const&) /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:564:10 #26 0x55e2e40585f2 in mlir::MlirOptMain(int, char**, llvm::StringRef, llvm::StringRef, mlir::DialectRegistry&) /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:605:14 #27 0x55e2e4058d03 in mlir::MlirOptMain(int, char**, llvm::StringRef, mlir::DialectRegistry&) /home/will/src/sifive/circt/llvm/mlir/lib/Tools/mlir-opt/MlirOptMain.cpp:621:10 #28 0x55e2dc6f8ade in main /home/will/src/sifive/circt/llvm/mlir/tools/mlir-opt/mlir-opt.cpp:317:33 #29 0x7f83a521810d in __libc_start_call_main (/nix/store/k7zgvzp2r31zkg9xqgjim7mbknryv6bs-glibc-2.39-52/lib/libc.so.6+0x2a10d) (BuildId: bc8ec5f3ac2561de8f08b232685038c7167bf4b7) SUMMARY: AddressSanitizer: heap-use-after-free /home/will/src/sifive/circt/llvm/mlir/include/mlir/IR/UseDefLists.h:99:24 in void mlir::detail::IROperandBase::insertInto>(mlir::IRObjectWithUseList*) Shadow bytes around the buggy address: 0x508000002400: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 0x508000002480: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 0x508000002500: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 0x508000002580: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 0x508000002600: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 =>0x508000002680: fa fa fa fa[fd]fd fd fd fd fd fd fd fd fd fd fd 0x508000002700: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 0x508000002780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x508000002800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x508000002880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x508000002900: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==2358793==ABORTING ```
joker-eph commented 2 months ago

I can't tell if this is an MLIR Core issue or the SCF dialect custom parser here, needs more investigation (I won't have time for this at the moment).