search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
29.42k stars 12.16k forks source link

clang-20 crashed with speculative_load_hardening attribute at -O3 level. Assertion `OpRC->hasSuperClassEq(&X86::GR64RegClass) && "Not a supported register class for address hardening!"' failed. #113403

Open iamanonymouscs opened 1 month ago

iamanonymouscs commented 1 month ago

clang-20 crashed with speculative_load_hardening attribute at -O3 level.

Compiler explorer: https://godbolt.org/z/6xeTYYEee

$cat mutant.c
char a;
int __attribute__((speculative_load_hardening)) b(char *c) {
  switch (*c)
  case 'c':
    a = ' ';
}

Also crashed on clang-19.

$clang-19 -O3 -m16 mutant.c
mutant.c:6:1: warning: non-void function does not return a value [-Wreturn-type]
    6 | }
      | ^
clang-19: /home/compiler/llvm/llvm/lib/Target/X86/X86SpeculativeLoadHardening.cpp:1729: void (anonymous namespace)::X86SpeculativeLoadHardeningPass::hardenLoadAddr(MachineInstr &, MachineOperand &, MachineOperand &, SmallDenseMap<unsigned int, unsigned int, 32> &): Assertion `OpRC->hasSuperClassEq(&X86::GR64RegClass) && "Not a supported register class for address hardening!"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /home/software/llvm-trunk-eed7c5e/bin/clang-19 -cc1 -triple i386-unknown-linux-code16 -emit-obj -dumpdir a- -disable-free -clear-ast-before-backend -main-file-name mutant.c -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu pentium4 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/home/code/reduce -fcoverage-compilation-dir=/home/code/reduce -resource-dir /home/software/llvm-trunk-eed7c5e/lib/clang/19 -internal-isystem /home/software/llvm-trunk-eed7c5e/lib/clang/19/include -internal-isystem /usr/local/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fcolor-diagnostics -vectorize-loops -vectorize-slp -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/mutant-1e73ae.o -x c mutant.c
1.      <eof> parser at end of file
2.      Code generation
3.      Running pass 'Function Pass Manager' on module 'mutant.c'.
4.      Running pass 'X86 speculative load hardening' on function '@b'
 #0 0x00007f1a2a6bd617 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libLLVM.so.19.0git+0xffc617)
 #1 0x00007f1a2a6b9b92 llvm::sys::RunSignalHandlers() (/home/software/llvm-trunk-eed7c5e/bin/../lib/libLLVM.so.19.0git+0xff8b92)
 #2 0x00007f1a2a6bdd91 SignalHandler(int) Signals.cpp:0:0
 #3 0x00007f1a291a1520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #4 0x00007f1a291f59fc pthread_kill (/lib/x86_64-linux-gnu/libc.so.6+0x969fc)
 #5 0x00007f1a291a1476 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x42476)
 #6 0x00007f1a291877f3 abort (/lib/x86_64-linux-gnu/libc.so.6+0x287f3)
 #7 0x00007f1a2918771b (/lib/x86_64-linux-gnu/libc.so.6+0x2871b)
 #8 0x00007f1a29198e96 (/lib/x86_64-linux-gnu/libc.so.6+0x39e96)
 #9 0x00007f1a31d55ae8 (anonymous namespace)::X86SpeculativeLoadHardeningPass::hardenLoadAddr(llvm::MachineInstr&, llvm::MachineOperand&, llvm::MachineOperand&, llvm::SmallDenseMap<unsigned int, unsigned int, 32u, llvm::DenseMapInfo<unsigned int, void>, llvm::detail::DenseMapPair<unsigned int, unsigned int>>&) X86SpeculativeLoadHardening.cpp:0:0
#10 0x00007f1a31d4b733 (anonymous namespace)::X86SpeculativeLoadHardeningPass::tracePredStateThroughBlocksAndHarden(llvm::MachineFunction&) X86SpeculativeLoadHardening.cpp:0:0
#11 0x00007f1a31d44084 (anonymous namespace)::X86SpeculativeLoadHardeningPass::runOnMachineFunction(llvm::MachineFunction&) X86SpeculativeLoadHardening.cpp:0:0
#12 0x00007f1a2b0ec6dc llvm::MachineFunctionPass::runOnFunction(llvm::Function&) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libLLVM.so.19.0git+0x1a2b6dc)
#13 0x00007f1a2aa14a4b llvm::FPPassManager::runOnFunction(llvm::Function&) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libLLVM.so.19.0git+0x1353a4b)
#14 0x00007f1a2aa219b1 llvm::FPPassManager::runOnModule(llvm::Module&) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libLLVM.so.19.0git+0x13609b1)
#15 0x00007f1a2aa15814 llvm::legacy::PassManagerImpl::run(llvm::Module&) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libLLVM.so.19.0git+0x1354814)
#16 0x00007f1a467c71eb clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, llvm::IntrusiveRefCntPtr<llvm::vfs::FileSystem>, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>, clang::BackendConsumer*) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x36e81eb)
#17 0x00007f1a46f09e72 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x3e2ae72)
#18 0x00007f1a43f3a09e clang::ParseAST(clang::Sema&, bool, bool) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0xe5b09e)
#19 0x00007f1a48822ed5 clang::FrontendAction::Execute() (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x5743ed5)
#20 0x00007f1a486dbcbb clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x55fccbb)
#21 0x00007f1a48923fd1 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x5844fd1)
#22 0x000055d6601a41bf cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/home/software/llvm-trunk-eed7c5e/bin/clang-19+0x1d1bf)
#23 0x000055d660199a94 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#24 0x000055d6601982b5 clang_main(int, char**, llvm::ToolContext const&) (/home/software/llvm-trunk-eed7c5e/bin/clang-19+0x112b5)
#25 0x000055d6601c0e25 main (/home/software/llvm-trunk-eed7c5e/bin/clang-19+0x39e25)
#26 0x00007f1a29188d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
#27 0x00007f1a29188e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
#28 0x000055d6601956d5 _start (/home/software/llvm-trunk-eed7c5e/bin/clang-19+0xe6d5)
clang: error: unable to execute command: Aborted (core dumped)
clang: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 19.0.0git (https://github.com/llvm/llvm-project.git eed7c5e29c1dc5f78bd01608430e2b4e0c439bb1)
Target: i386-unknown-linux-code16
Thread model: posix
InstalledDir: /home/software/llvm-trunk-eed7c5e/bin
Build config: +assertions
clang: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang: note: diagnostic msg: /tmp/mutant-df05d2.c
clang: note: diagnostic msg: /tmp/mutant-df05d2.sh
clang: note: diagnostic msg: 

********************
llvmbot commented 1 month ago

@llvm/issue-subscribers-backend-x86

Author: Anonymous (iamanonymouscs)

clang-20 crashed with ```speculative_load_hardening``` attribute at ```-O3``` level. Compiler explorer: https://godbolt.org/z/6xeTYYEee ``` $cat mutant.c char a; int __attribute__((speculative_load_hardening)) b(char *c) { switch (*c) case 'c': a = ' '; } Also crashed on clang-19. $clang-19 -O3 -m16 mutant.c mutant.c:6:1: warning: non-void function does not return a value [-Wreturn-type] 6 | } | ^ clang-19: /home/compiler/llvm/llvm/lib/Target/X86/X86SpeculativeLoadHardening.cpp:1729: void (anonymous namespace)::X86SpeculativeLoadHardeningPass::hardenLoadAddr(MachineInstr &, MachineOperand &, MachineOperand &, SmallDenseMap<unsigned int, unsigned int, 32> &): Assertion `OpRC->hasSuperClassEq(&X86::GR64RegClass) && "Not a supported register class for address hardening!"' failed. PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script. Stack dump: 0. Program arguments: /home/software/llvm-trunk-eed7c5e/bin/clang-19 -cc1 -triple i386-unknown-linux-code16 -emit-obj -dumpdir a- -disable-free -clear-ast-before-backend -main-file-name mutant.c -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu pentium4 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/home/code/reduce -fcoverage-compilation-dir=/home/code/reduce -resource-dir /home/software/llvm-trunk-eed7c5e/lib/clang/19 -internal-isystem /home/software/llvm-trunk-eed7c5e/lib/clang/19/include -internal-isystem /usr/local/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fcolor-diagnostics -vectorize-loops -vectorize-slp -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/mutant-1e73ae.o -x c mutant.c 1. <eof> parser at end of file 2. Code generation 3. Running pass 'Function Pass Manager' on module 'mutant.c'. 4. Running pass 'X86 speculative load hardening' on function '@b' #0 0x00007f1a2a6bd617 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libLLVM.so.19.0git+0xffc617) #1 0x00007f1a2a6b9b92 llvm::sys::RunSignalHandlers() (/home/software/llvm-trunk-eed7c5e/bin/../lib/libLLVM.so.19.0git+0xff8b92) #2 0x00007f1a2a6bdd91 SignalHandler(int) Signals.cpp:0:0 #3 0x00007f1a291a1520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520) #4 0x00007f1a291f59fc pthread_kill (/lib/x86_64-linux-gnu/libc.so.6+0x969fc) #5 0x00007f1a291a1476 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x42476) #6 0x00007f1a291877f3 abort (/lib/x86_64-linux-gnu/libc.so.6+0x287f3) #7 0x00007f1a2918771b (/lib/x86_64-linux-gnu/libc.so.6+0x2871b) #8 0x00007f1a29198e96 (/lib/x86_64-linux-gnu/libc.so.6+0x39e96) #9 0x00007f1a31d55ae8 (anonymous namespace)::X86SpeculativeLoadHardeningPass::hardenLoadAddr(llvm::MachineInstr&, llvm::MachineOperand&, llvm::MachineOperand&, llvm::SmallDenseMap<unsigned int, unsigned int, 32u, llvm::DenseMapInfo<unsigned int, void>, llvm::detail::DenseMapPair<unsigned int, unsigned int>>&) X86SpeculativeLoadHardening.cpp:0:0 #10 0x00007f1a31d4b733 (anonymous namespace)::X86SpeculativeLoadHardeningPass::tracePredStateThroughBlocksAndHarden(llvm::MachineFunction&) X86SpeculativeLoadHardening.cpp:0:0 #11 0x00007f1a31d44084 (anonymous namespace)::X86SpeculativeLoadHardeningPass::runOnMachineFunction(llvm::MachineFunction&) X86SpeculativeLoadHardening.cpp:0:0 #12 0x00007f1a2b0ec6dc llvm::MachineFunctionPass::runOnFunction(llvm::Function&) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libLLVM.so.19.0git+0x1a2b6dc) #13 0x00007f1a2aa14a4b llvm::FPPassManager::runOnFunction(llvm::Function&) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libLLVM.so.19.0git+0x1353a4b) #14 0x00007f1a2aa219b1 llvm::FPPassManager::runOnModule(llvm::Module&) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libLLVM.so.19.0git+0x13609b1) #15 0x00007f1a2aa15814 llvm::legacy::PassManagerImpl::run(llvm::Module&) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libLLVM.so.19.0git+0x1354814) #16 0x00007f1a467c71eb clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, llvm::IntrusiveRefCntPtr<llvm::vfs::FileSystem>, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>, clang::BackendConsumer*) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x36e81eb) #17 0x00007f1a46f09e72 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x3e2ae72) #18 0x00007f1a43f3a09e clang::ParseAST(clang::Sema&, bool, bool) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0xe5b09e) #19 0x00007f1a48822ed5 clang::FrontendAction::Execute() (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x5743ed5) #20 0x00007f1a486dbcbb clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x55fccbb) #21 0x00007f1a48923fd1 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x5844fd1) #22 0x000055d6601a41bf cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/home/software/llvm-trunk-eed7c5e/bin/clang-19+0x1d1bf) #23 0x000055d660199a94 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0 #24 0x000055d6601982b5 clang_main(int, char**, llvm::ToolContext const&) (/home/software/llvm-trunk-eed7c5e/bin/clang-19+0x112b5) #25 0x000055d6601c0e25 main (/home/software/llvm-trunk-eed7c5e/bin/clang-19+0x39e25) #26 0x00007f1a29188d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90) #27 0x00007f1a29188e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40) #28 0x000055d6601956d5 _start (/home/software/llvm-trunk-eed7c5e/bin/clang-19+0xe6d5) clang: error: unable to execute command: Aborted (core dumped) clang: error: clang frontend command failed due to signal (use -v to see invocation) clang version 19.0.0git (https://github.com/llvm/llvm-project.git eed7c5e29c1dc5f78bd01608430e2b4e0c439bb1) Target: i386-unknown-linux-code16 Thread model: posix InstalledDir: /home/software/llvm-trunk-eed7c5e/bin Build config: +assertions clang: note: diagnostic msg: ******************** PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT: Preprocessed source(s) and associated run script(s) are located at: clang: note: diagnostic msg: /tmp/mutant-df05d2.c clang: note: diagnostic msg: /tmp/mutant-df05d2.sh clang: note: diagnostic msg: ******************** ```