search

seahorn / sea-dsa

A new context, field, and array-sensitive heap analysis for LLVM bitcode based on DSA.
Other
157 stars 29 forks source link

Segment fault on GlobalValue.h:575:32 #101

Closed rainoftime closed 4 years ago

rainoftime commented 4 years ago

Hi, for the following bitcode (LLVM 10)

error.bc.zip

sea-dsa throws a segment fault

[]$ /home/legend/sea-dsa/build/bin/seadsa --sea-dsa=butd-cs  --sea-dsa-aa-eval err.bc
 #0 0x00005627bc485fab llvm::sys::PrintStackTrace(llvm::raw_ostream&) (/home/legend/sea-dsa/build/bin/seadsa+0xe23fab)
 #1 0x00005627bc483b54 llvm::sys::RunSignalHandlers() (/home/legend/sea-dsa/build/bin/seadsa+0xe21b54)
 #2 0x00005627bc483ca9 SignalHandler(int) (/home/legend/sea-dsa/build/bin/seadsa+0xe21ca9)
 #3 0x00007efd458840f0 __restore_rt (/usr/lib/libpthread.so.0+0x140f0)
 #4 0x00005627bbf97881 llvm::GlobalValue::getParent() /usr/include/llvm/IR/GlobalValue.h:575:32
 #5 0x00005627bbf97881 getModuleFromQuery /home/legend/sea-dsa/lib/seadsa/SeaDsaAliasAnalysis.cc:50:33
 #6 0x00005627bbf97881 seadsa::SeaDsaAAResult::alias(llvm::MemoryLocation const&, llvm::MemoryLocation const&, llvm::AAQueryInfo&) /home/legend/sea-dsa/lib/seadsa/SeaDsaAliasAnalysis.cc:144:39
 #7 0x00005627bb7448ab llvm::AAResults::alias(llvm::MemoryLocation const&, llvm::MemoryLocation const&, llvm::AAQueryInfo&) (/home/legend/sea-dsa/build/bin/seadsa+0xe28ab)
 #8 0x00005627bb760b5e llvm::BasicAAResult::aliasCheck(llvm::Value const*, llvm::LocationSize, llvm::AAMDNodes, llvm::Value const*, llvm::LocationSize, llvm::AAMDNodes, llvm::AAQueryInfo&, llvm::Value const*, llvm::Value const*) (/home/legend/sea-dsa/build/bin/seadsa+0xfeb5e)
 #9 0x00005627bb763243 llvm::BasicAAResult::alias(llvm::MemoryLocation const&, llvm::MemoryLocation const&, llvm::AAQueryInfo&) (/home/legend/sea-dsa/build/bin/seadsa+0x101243)
#10 0x00005627bb7448ab llvm::AAResults::alias(llvm::MemoryLocation const&, llvm::MemoryLocation const&, llvm::AAQueryInfo&) (/home/legend/sea-dsa/build/bin/seadsa+0xe28ab)
#11 0x00005627bb744bcf llvm::AAResults::alias(llvm::MemoryLocation const&, llvm::MemoryLocation const&) (/home/legend/sea-dsa/build/bin/seadsa+0xe2bcf)
#12 0x00005627bb74f5f0 llvm::AAEvaluator::runInternal(llvm::Function&, llvm::AAResults&) (/home/legend/sea-dsa/build/bin/seadsa+0xed5f0)
#13 0x00005627bb751e14 llvm::AAEvalLegacyPass::runOnFunction(llvm::Function&) (/home/legend/sea-dsa/build/bin/seadsa+0xefe14)
#14 0x00005627bbd64ca8 llvm::FPPassManager::runOnFunction(llvm::Function&) (/home/legend/sea-dsa/build/bin/seadsa+0x702ca8)
#15 0x00005627bbd65e2d llvm::FPPassManager::runOnModule(llvm::Module&) (/home/legend/sea-dsa/build/bin/seadsa+0x703e2d)
#16 0x00005627bbd661c0 llvm::legacy::PassManagerImpl::run(llvm::Module&) (/home/legend/sea-dsa/build/bin/seadsa+0x7041c0)
#17 0x00005627bb7066f3 main /home/legend/sea-dsa/tools/seadsa.cc:234:3
#18 0x00007efd452f4152 __libc_start_main (/usr/lib/libc.so.6+0x28152)
#19 0x00005627bb73dabe _start (/home/legend/sea-dsa/build/bin/seadsa+0xdbabe)
Stack dump:
0.  Program arguments: /home/legend/sea-dsa/build/bin/seadsa --sea-dsa=butd-cs --sea-dsa-aa-eval /tmp/diffpts/crash/diff_input-1_4.c.bc
1.  Running pass 'Function Pass Manager' on module '/tmp/diffpts/crash/diff_input-1_4.c.bc'.
2.  Running pass 'Exhaustive Alias Analysis Precision Evaluator' on function '@func_29'
Segmentation fault (core dumped)
agurfinkel commented 4 years ago

Does not reproduce. From the stack trace, something seems wrong in your setup. You have a GlobalValue that is either nullptr or does not have a parent.

rainoftime commented 4 years ago

A wrong bc was uploaded error.bc.zip

caballa commented 4 years ago

I committed a fix 24d8ad3