search

plast-lab / cclyzer

A tool for analyzing LLVM bitcode using Datalog.
MIT License
96 stars 14 forks source link

Error when analyzing debugging information #9

Open 1stl0ve opened 7 years ago

1stl0ve commented 7 years ago

I am trying to analyze the following LLVM IR code:

 ; ModuleID = 'struct2.ll'
 target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
 target triple = "x86_64-unknown-linux-gnu"

 %struct.foo = type { i32* }

 ; Function Attrs: nounwind uwtable
 define i32 @main(i32 %argc, i8** %argv) #0 !dbg !4 {
   %x = alloca %struct.foo, align 8
   call void @llvm.dbg.value(metadata i32 %argc, i64 0, metadata !14, metadata !15), !dbg !16
   call void @llvm.dbg.value(metadata i8** %argv, i64 0, metadata !17, metadata !15), !dbg !18
   call void @llvm.dbg.declare(metadata %struct.foo* %x, metadata !19, metadata !15), !dbg !24
   %1 = getelementptr inbounds %struct.foo, %struct.foo* %x, i32 0, i32 0, !dbg !25
   store i32* null, i32** %1, align 8, !dbg !26
   call void @llvm.dbg.declare(metadata !2, metadata !27, metadata !15), !dbg !28
   call void @llvm.dbg.value(metadata i32 7, i64 0, metadata !29, metadata !15), !dbg !30
   %2 = getelementptr inbounds %struct.foo, %struct.foo* %x, i32 0, i32 0, !dbg !31
   %3 = load i32*, i32** %2, align 8, !dbg !31
   call void @llvm.dbg.value(metadata i32* %3, i64 0, metadata !32, metadata !15), !dbg !33
   %4 = load i32, i32* %3, align 4, !dbg !34
   call void @llvm.dbg.value(metadata i32 %4, i64 0, metadata !35, metadata !15), !dbg !36
   call void @llvm.dbg.value(metadata !2, i64 0, metadata !32, metadata !15), !dbg !33
   ret i32 7, !dbg !37
 }

 ; Function Attrs: nounwind readnone
 declare void @llvm.dbg.declare(metadata, metadata, metadata) #1

 ; Function Attrs: nounwind readnone
 declare void @llvm.dbg.value(metadata, i64, metadata, metadata) #1

 attributes #0 = { nounwind uwtable "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-        pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-nans-fp-math"="false"      "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2" "unsafe-fp-  math"="false" "use-soft-float"="false" }
 attributes #1 = { nounwind readnone }

 !llvm.dbg.cu = !{!0}
 !llvm.module.flags = !{!11, !12}
 !llvm.ident = !{!13}

 !0 = distinct !DICompileUnit(language: DW_LANG_C99, file: !1, producer: "clang version 3.8.1 (tags/            RELEASE_381/final)", isOptimized: false, runtimeVersion: 0, emissionKind: 1, enums: !2, subprograms: !3)
 !1 = !DIFile(filename: "null_deref_struct2.c", directory: "~/Documents/vivas/code/null_deref/      synthesize/structs")
 !2 = !{}
 !3 = !{!4}
 !4 = distinct !DISubprogram(name: "main", scope: !1, file: !1, line: 7, type: !5, isLocal: false,              isDefinition: true, scopeLine: 7, flags: DIFlagPrototyped, isOptimized: false, variables: !2)
 !5 = !DISubroutineType(types: !6)
 !6 = !{!7, !7, !8}
 !7 = !DIBasicType(name: "int", size: 32, align: 32, encoding: DW_ATE_signed)
 !8 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !9, size: 64, align: 64)
 !9 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !10, size: 64, align: 64)
 !10 = !DIBasicType(name: "char", size: 8, align: 8, encoding: DW_ATE_signed_char)
 !11 = !{i32 2, !"Dwarf Version", i32 4}
 !12 = !{i32 2, !"Debug Info Version", i32 3}
 !13 = !{!"clang version 3.8.1 (tags/RELEASE_381/final)"}
 !14 = !DILocalVariable(name: "argc", arg: 1, scope: !4, file: !1, line: 7, type: !7)
 !15 = !DIExpression()
 !16 = !DILocation(line: 7, column: 14, scope: !4)
 !17 = !DILocalVariable(name: "argv", arg: 2, scope: !4, file: !1, line: 7, type: !8)
 !18 = !DILocation(line: 7, column: 26, scope: !4)
 !19 = !DILocalVariable(name: "x", scope: !4, file: !1, line: 9, type: !20)
 !20 = !DICompositeType(tag: DW_TAG_structure_type, name: "foo", file: !1, line: 3, size: 64, align: 64,        elements: !21)
 !21 = !{!22}
 !22 = !DIDerivedType(tag: DW_TAG_member, name: "bar", scope: !20, file: !1, line: 4, baseType: !23, size: 64,  align: 64)
 !23 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !7, size: 64, align: 64)
 !24 = !DILocation(line: 9, column: 16, scope: !4)
 !25 = !DILocation(line: 10, column: 7, scope: !4)
 !26 = !DILocation(line: 10, column: 11, scope: !4)
 !27 = !DILocalVariable(name: "w", scope: !4, file: !1, line: 13, type: !7)
 !28 = !DILocation(line: 13, column: 11, scope: !4)
 !29 = !DILocalVariable(name: "v", scope: !4, file: !1, line: 13, type: !7)
 !30 = !DILocation(line: 13, column: 9, scope: !4)
 !31 = !DILocation(line: 16, column: 11, scope: !4)
 !32 = !DILocalVariable(name: "y", scope: !4, file: !1, line: 12, type: !23)
 !33 = !DILocation(line: 12, column: 10, scope: !4)
 !34 = !DILocation(line: 18, column: 9, scope: !4)
 !35 = !DILocalVariable(name: "z", scope: !4, file: !1, line: 13, type: !7)
 !36 = !DILocation(line: 13, column: 13, scope: !4)
 !37 = !DILocation(line: 22, column: 5, scope: !4)

When I run cclyzer, I get the following error message:

~/clang+llvm-3.8.1/include/llvm/Support/Casting.h:95: static bool llvm::isa_impl_cl<To, const From*>::doit(const From*) [with To = llvm::UndefValue; From = llvm::Value]: Assertion `Val && "isa<> used on a null pointer"' failed.
Aborted (core dumped)

When I run cclyzer on the code without including any debugging information, there are no errors