search

trailofbits / vast

VAST is an experimental compiler pipeline designed for program analysis of C and C++. It provides a tower of IRs as MLIR dialects to choose the best fit representations for a program analysis or further program abstraction.
https://trailofbits.github.io/vast/
Apache License 2.0
368 stars 23 forks source link

[Bug]: `alias`-attributed function decls crash `vast-front` #636

Closed PappasBrent closed 5 days ago

PappasBrent commented 1 week ago

VAST version

Ubuntu clang version 18.1.8 (++20240615103753+3b5b5c1ec4a3-1~exp1~20240615223858.136) Target: x86_64-pc-linux-gnu Thread model: posix

LLVM version

1:18.1.8

Operating system

Ubuntu 22.04.4 LTS x86_64

Description

vast-front crashes with the following stack trace when attempting to lower a program containing a function declaration attributed with the alias attribute:

vast-front: /usr/lib/llvm-18/include/llvm/Support/Casting.h:109: static bool llvm::isa_impl_cl<clang::CoroutineBodyStmt, const clang::Stmt *>::doit(const From *) [To = clang::CoroutineBodyStmt, From = const clang::Stmt *]: Assertion `Val && "isa<> used on a null pointer"' failed.
PLEASE submit a bug report to https://github.com/trailofbits/vast/issues and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: ./builds/default/tools/vast-front/Debug/vast-front -x c -vast-emit-mlir=hl test.c
1.      <eof> parser at end of file
 #0 0x00007f4cc49c1716 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/usr/lib/llvm-18/lib/libLLVM.so.18.1+0xd94716)
 #1 0x00007f4cc49bf6d0 llvm::sys::RunSignalHandlers() (/usr/lib/llvm-18/lib/libLLVM.so.18.1+0xd926d0)
 #2 0x00007f4cc49111f0 (/usr/lib/llvm-18/lib/libLLVM.so.18.1+0xce41f0)
 #3 0x00007f4cc36af520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #4 0x00007f4cc37039fc __pthread_kill_implementation ./nptl/pthread_kill.c:44:76
 #5 0x00007f4cc37039fc __pthread_kill_internal ./nptl/pthread_kill.c:78:10
 #6 0x00007f4cc37039fc pthread_kill ./nptl/pthread_kill.c:89:10
 #7 0x00007f4cc36af476 gsignal ./signal/../sysdeps/posix/raise.c:27:6
 #8 0x00007f4cc36957f3 abort ./stdlib/abort.c:81:7
 #9 0x00007f4cc369571b _nl_load_domain ./intl/loadmsgcat.c:1177:9
#10 0x00007f4cc36a6e96 (/lib/x86_64-linux-gnu/libc.so.6+0x39e96)
#11 0x0000557b27e5ee6a llvm::isa_impl_cl<clang::CoroutineBodyStmt, clang::Stmt const*>::doit(clang::Stmt const*) /usr/lib/llvm-18/include/llvm/Support/Casting.h:110:38
#12 0x0000557b27e5edf8 llvm::isa_impl_wrap<clang::CoroutineBodyStmt, clang::Stmt const*, clang::Stmt const*>::doit(clang::Stmt const* const&) /usr/lib/llvm-18/include/llvm/Support/Casting.h:137:5
#13 0x0000557b27e5edd2 llvm::isa_impl_wrap<clang::CoroutineBodyStmt, clang::Stmt const* const, clang::Stmt const*>::doit(clang::Stmt const* const&) /usr/lib/llvm-18/include/llvm/Support/Casting.h:127:5
#14 0x0000557b27e5ed85 llvm::CastIsPossible<clang::CoroutineBodyStmt, clang::Stmt const*, void>::isPossible(clang::Stmt const* const&) /usr/lib/llvm-18/include/llvm/Support/Casting.h:255:5
#15 0x0000557b27e5ed62 llvm::CastInfo<clang::CoroutineBodyStmt, clang::Stmt* const, void>::isPossible(clang::Stmt* const&) /usr/lib/llvm-18/include/llvm/Support/Casting.h:509:5
#16 0x0000557b27e59bc5 bool llvm::isa<clang::CoroutineBodyStmt, clang::Stmt*>(clang::Stmt* const&) /usr/lib/llvm-18/include/llvm/Support/Casting.h:549:3
#17 0x0000557b27e598d5 vast::cg::function_generator::emit_body(clang::FunctionDecl const*, vast::hl::FuncOp) /home/bpappas/github.com/trailofbits/vast/lib/vast/CodeGen/CodeGenFunction.cpp:119:13
#18 0x0000557b27e5d24a vast::cg::function_generator::emit(clang::FunctionDecl const*)::$_0::operator()() /home/bpappas/github.com/trailofbits/vast/lib/vast/CodeGen/CodeGenFunction.cpp:87:17
#19 0x0000557b27e5d1a5 void std::__invoke_impl<void, vast::cg::function_generator::emit(clang::FunctionDecl const*)::$_0&>(std::__invoke_other, vast::cg::function_generator::emit(clang::FunctionDecl const*)::$_0&) /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/invoke.h:61:7
#20 0x0000557b27e5d165 std::enable_if<is_invocable_r_v<void, vast::cg::function_generator::emit(clang::FunctionDecl const*)::$_0&>, void>::type std::__invoke_r<void, vast::cg::function_generator::emit(clang::FunctionDecl const*)::$_0&>(vast::cg::function_generator::emit(clang::FunctionDecl const*)::$_0&) /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/invoke.h:117:5
#21 0x0000557b27e5d03d std::_Function_handler<void (), vast::cg::function_generator::emit(clang::FunctionDecl const*)::$_0>::_M_invoke(std::_Any_data const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/std_function.h:290:2
#22 0x0000557b27df7045 std::function<void ()>::operator()() const /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/std_function.h:591:2
#23 0x0000557b27df6ed5 vast::cg::scope_context::finalize() /home/bpappas/github.com/trailofbits/vast/include/vast/CodeGen/ScopeContext.hpp:143:17
#24 0x0000557b27df6f25 vast::cg::scope_context::finalize() /home/bpappas/github.com/trailofbits/vast/include/vast/CodeGen/ScopeContext.hpp:148:34
#25 0x0000557b27e0a5cd vast::cg::module_generator::finalize() /home/bpappas/github.com/trailofbits/vast/lib/vast/CodeGen/CodeGenModule.cpp:26:61
#26 0x0000557b27ded7b0 vast::cg::driver::finalize() /home/bpappas/github.com/trailofbits/vast/lib/vast/CodeGen/CodeGenDriver.cpp:70:19
#27 0x0000557b27de4f76 vast::cc::vast_consumer::HandleTranslationUnit(clang::ASTContext&) /home/bpappas/github.com/trailofbits/vast/lib/vast/Frontend/Consumer.cpp:67:5
#28 0x0000557b27de57f7 vast::cc::vast_stream_consumer::HandleTranslationUnit(clang::ASTContext&) /home/bpappas/github.com/trailofbits/vast/lib/vast/Frontend/Consumer.cpp:125:15
#29 0x00007f4ccbddbfc6 clang::ParseAST(clang::Sema&, bool, bool) (/usr/lib/llvm-18/lib/libclang-cpp.so.18.1+0xb7ffc6)
#30 0x0000557b279bda75 vast::cc::vast_stream_action::ExecuteAction() /home/bpappas/github.com/trailofbits/vast/lib/vast/Frontend/Action.cpp:75:5
#31 0x00007f4ccdc0cab5 clang::FrontendAction::Execute() (/usr/lib/llvm-18/lib/libclang-cpp.so.18.1+0x29b0ab5)
#32 0x00007f4ccdb86084 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/usr/lib/llvm-18/lib/libclang-cpp.so.18.1+0x292a084)
#33 0x0000557b279a5987 vast::cc::execute_compiler_invocation(clang::CompilerInstance*, vast::cc::vast_args const&) /home/bpappas/github.com/trailofbits/vast/tools/vast-front/compiler_invocation.cpp:101:28
#34 0x0000557b279ba080 vast::cc::cc1(vast::cc::vast_args const&, llvm::ArrayRef<char const*>, char const*, void*) /home/bpappas/github.com/trailofbits/vast/tools/vast-front/cc1.cpp:116:23
#35 0x0000557b279ab0b4 execute_cc1_tool(llvm::SmallVectorImpl<char const*>&) /home/bpappas/github.com/trailofbits/vast/tools/vast-front/driver.cpp:71:16
#36 0x0000557b279b608d int llvm::function_ref<int (llvm::SmallVectorImpl<char const*>&)>::callback_fn<int (*)(llvm::SmallVectorImpl<char const*>&)>(long, llvm::SmallVectorImpl<char const*>&) /usr/lib/llvm-18/include/llvm/ADT/STLFunctionalExtras.h:45:5
#37 0x00007f4ccd83e5c9 (/usr/lib/llvm-18/lib/libclang-cpp.so.18.1+0x25e25c9)
#38 0x00007f4cc4910f8c llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/usr/lib/llvm-18/lib/libLLVM.so.18.1+0xce3f8c)
#39 0x00007f4ccd83df5e clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (/usr/lib/llvm-18/lib/libclang-cpp.so.18.1+0x25e1f5e)
#40 0x00007f4ccd8064d1 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/usr/lib/llvm-18/lib/libclang-cpp.so.18.1+0x25aa4d1)
#41 0x00007f4ccd80671e clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (/usr/lib/llvm-18/lib/libclang-cpp.so.18.1+0x25aa71e)
#42 0x00007f4ccd822d2d clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (/usr/lib/llvm-18/lib/libclang-cpp.so.18.1+0x25c6d2d)
#43 0x0000557b279ab74a vast::cc::driver::execute() /home/bpappas/github.com/trailofbits/vast/include/vast/Frontend/Driver.hpp:180:30
#44 0x0000557b279aa748 main /home/bpappas/github.com/trailofbits/vast/tools/vast-front/driver.cpp:161:19
#45 0x00007f4cc3696d90 __libc_start_call_main ./csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#46 0x00007f4cc3696e40 call_init ./csu/../csu/libc-start.c:128:20
#47 0x00007f4cc3696e40 __libc_start_main ./csu/../csu/libc-start.c:379:5
#48 0x0000557b279a4385 _start (./builds/default/tools/vast-front/Debug/vast-front+0xe48385)
vast-front: error: clang frontend command failed with exit code 134 (use -v to see invocation)
Ubuntu clang version 18.1.8 (++20240615103753+3b5b5c1ec4a3-1~exp1~20240615223858.136)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /home/bpappas/github.com/trailofbits/vast/./builds/default/tools/vast-front/Debug
vast-front: error: unable to execute command: Aborted (core dumped)
vast-front: note: diagnostic msg: Error generating preprocessed source(s).

I have confirmed that this issue occurs when running both the release and debug version of vast-front.

Steps to Reproduce

Create a file test.c with the following contents:

void bar(void) {}

void foo(void) __attribute__((__alias__("bar")));

int main(void) { return 0; }

Run vast-front on the file like so:

vast-front -x c -vast-emit-mlir=hl test.c