ToyObfuscator
ToyObfuscator copied to clipboard
veritas501
对InvokeInst做flat有概率编译失败
在测试对LIEF(C++库)做flatten测试时发现,如果对InvokeInst做flat,则在后续Greedy Register Allocator时会发生空指针引用从而导致clang崩溃。
$ make
[ 2%] Built target lief_libjson
[ 4%] Built target lief_frozen
[ 6%] Built target lief_mbed_tls
[ 8%] Built target lief_leaf
[ 10%] Built target lief_utfcpp
[ 12%] Built target lief_spdlog_project
[ 12%] Building CXX object CMakeFiles/LIB_LIEF.dir/src/ELF/Builder.cpp.o
Stack dump:
0. Program arguments: /home/veritas/src/llvm-project/build/bin/clang++ -DLIEF_STATIC -DMBEDTLS_MD2_C -DMBEDTLS_MD4_C -DMBEDTLS_PEM_PARSE_C -DMBEDTLS_PEM_WRITE_C -DMBEDTLS_PKCS1_V15 -DMBEDTLS_PKCS1_V21 -DMBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION -DMBEDTLS_X509_CRT_PARSE_C -DSPDLOG_DISABLE_DEFAULT_LOGGER -DSPDLOG_FUNCTION= -D_GLIBCXX_USE_CXX11_ABI=1 -I/home/veritas/src/LIEF/include -I/home/veritas/src/LIEF/api/c/include -I/home/veritas/src/LIEF/build/include -I/home/veritas/src/LIEF/build/lief_frozen-prefix/src/lief_frozen/include -I/home/veritas/src/LIEF/src -I/home/veritas/src/LIEF/build -I/home/veritas/src/LIEF/include/LIEF -isystem /home/veritas/src/LIEF/build/mbed_tls/src/lief_mbed_tls/include -isystem /home/veritas/src/LIEF/build/lief_spdlog_project-prefix/src/lief_spdlog_project/include -mllvm -fla_plus -O3 -DNDEBUG -fPIC -fvisibility=hidden -Wall -Wextra -Wpedantic -fno-stack-protector -fomit-frame-pointer -fno-strict-aliasing -fexceptions -fvisibility=hidden -Wno-expansion-to-defined -fdiagnostics-color=always -fcolor-diagnostics -std=gnu++14 -o CMakeFiles/LIB_LIEF.dir/src/ELF/Builder.cpp.o -c /home/veritas/src/LIEF/src/ELF/Builder.cpp
1. <eof> parser at end of file
2. Code generation
3. Running pass 'Function Pass Manager' on module '/home/veritas/src/LIEF/src/ELF/Builder.cpp'.
4. Running pass 'Greedy Register Allocator' on function '@_ZN4LIEF3ELF7Builder20build_symbol_versionINS0_5ELF32EEEvv'
#0 0x000055711d3f311e llvm::sys::PrintStackTrace(llvm::raw_ostream&) (/home/veritas/src/llvm-project/build/bin/clang+++0x296711e)
#1 0x000055711d3f0e64 llvm::sys::RunSignalHandlers() (/home/veritas/src/llvm-project/build/bin/clang+++0x2964e64)
#2 0x000055711d3f10e1 llvm::sys::CleanupOnSignal(unsigned long) (/home/veritas/src/llvm-project/build/bin/clang+++0x29650e1)
#3 0x000055711d36c908 CrashRecoverySignalHandler(int) (/home/veritas/src/llvm-project/build/bin/clang+++0x28e0908)
#4 0x00007fb221eaf3c0 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x153c0)
#5 0x000055711cb8171f (anonymous namespace)::HoistSpillHelper::getVisitOrders(llvm::MachineBasicBlock*, llvm::SmallPtrSet<llvm::MachineInstr*, 16u>&, llvm::SmallVectorImpl<llvm::DomTreeNodeBase<llvm::MachineBasicBlock>*>&, llvm::SmallVectorImpl<llvm::MachineInstr*>&, llvm::DenseMap<llvm::DomTreeNodeBase<llvm::MachineBasicBlock>*, unsigned int, llvm::DenseMapInfo<llvm::DomTreeNodeBase<llvm::MachineBasicBlock>*>, llvm::detail::DenseMapPair<llvm::DomTreeNodeBase<llvm::MachineBasicBlock>*, unsigned int> >&, llvm::DenseMap<llvm::DomTreeNodeBase<llvm::MachineBasicBlock>*, llvm::MachineInstr*, llvm::DenseMapInfo<llvm::DomTreeNodeBase<llvm::MachineBasicBlock>*>, llvm::detail::DenseMapPair<llvm::DomTreeNodeBase<llvm::MachineBasicBlock>*, llvm::MachineInstr*> >&) (.isra.0) (/home/veritas/src/llvm-project/build/bin/clang+++0x20f571f)
#6 0x000055711cb82db5 (anonymous namespace)::HoistSpillHelper::runHoistSpills(llvm::LiveInterval&, llvm::VNInfo&, llvm::SmallPtrSet<llvm::MachineInstr*, 16u>&, llvm::SmallVectorImpl<llvm::MachineInstr*>&, llvm::DenseMap<llvm::MachineBasicBlock*, unsigned int, llvm::DenseMapInfo<llvm::MachineBasicBlock*>, llvm::detail::DenseMapPair<llvm::MachineBasicBlock*, unsigned int> >&) (.isra.0) (/home/veritas/src/llvm-project/build/bin/clang+++0x20f6db5)
#7 0x000055711cb8b498 (anonymous namespace)::HoistSpillHelper::hoistAllSpills() (/home/veritas/src/llvm-project/build/bin/clang+++0x20ff498)
#8 0x000055711cbff382 llvm::RegAllocBase::postOptimization() (/home/veritas/src/llvm-project/build/bin/clang+++0x2173382)
#9 0x000055711cbcdfbd (anonymous namespace)::RAGreedy::runOnMachineFunction(llvm::MachineFunction&) (/home/veritas/src/llvm-project/build/bin/clang+++0x2141fbd)
#10 0x000055711c95acec llvm::MachineFunctionPass::runOnFunction(llvm::Function&) (/home/veritas/src/llvm-project/build/bin/clang+++0x1ececec)
#11 0x000055711cce73d8 llvm::FPPassManager::runOnFunction(llvm::Function&) (/home/veritas/src/llvm-project/build/bin/clang+++0x225b3d8)
#12 0x000055711cce8999 llvm::FPPassManager::runOnModule(llvm::Module&) (/home/veritas/src/llvm-project/build/bin/clang+++0x225c999)
#13 0x000055711cce8d60 llvm::legacy::PassManagerImpl::run(llvm::Module&) (/home/veritas/src/llvm-project/build/bin/clang+++0x225cd60)
#14 0x000055711d658b3c clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) (/home/veritas/src/llvm-project/build/bin/clang+++0x2bccb3c)
#15 0x000055711e26ed79 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/home/veritas/src/llvm-project/build/bin/clang+++0x37e2d79)
#16 0x000055711edecf61 clang::ParseAST(clang::Sema&, bool, bool) (/home/veritas/src/llvm-project/build/bin/clang+++0x4360f61)
#17 0x000055711dc2fbf9 clang::FrontendAction::Execute() (/home/veritas/src/llvm-project/build/bin/clang+++0x31a3bf9)
#18 0x000055711dbe75eb clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/home/veritas/src/llvm-project/build/bin/clang+++0x315b5eb)
#19 0x000055711dd064ab clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/home/veritas/src/llvm-project/build/bin/clang+++0x327a4ab)
#20 0x000055711b6973a1 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/home/veritas/src/llvm-project/build/bin/clang+++0xc0b3a1)
#21 0x000055711b694fea ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) (/home/veritas/src/llvm-project/build/bin/clang+++0xc08fea)
#22 0x000055711dab1c89 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const::'lambda'()>(long) (/home/veritas/src/llvm-project/build/bin/clang+++0x3025c89)
#23 0x000055711d36ca07 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/home/veritas/src/llvm-project/build/bin/clang+++0x28e0a07)
#24 0x000055711dab289e clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const (.part.0) (/home/veritas/src/llvm-project/build/bin/clang+++0x302689e)
#25 0x000055711da892bc clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&) const (/home/veritas/src/llvm-project/build/bin/clang+++0x2ffd2bc)
#26 0x000055711da89bb9 clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) const (/home/veritas/src/llvm-project/build/bin/clang+++0x2ffdbb9)
#27 0x000055711da9193f clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) (/home/veritas/src/llvm-project/build/bin/clang+++0x300593f)
#28 0x000055711b60cd1e main (/home/veritas/src/llvm-project/build/bin/clang+++0xb80d1e)
#29 0x00007fb2203900b3 __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:342:3
#30 0x000055711b694bce _start (/home/veritas/src/llvm-project/build/bin/clang+++0xc08bce)
clang-10: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 10.0.1 (https://github.com/llvm/llvm-project.git ef32c611aa214dea855364efd7ba451ec5ec3f74)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/veritas/src/llvm-project/build/bin
clang-10: note: diagnostic msg: PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
clang-10: note: diagnostic msg:
********************
PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-10: note: diagnostic msg: /tmp/Builder-975698.cpp
clang-10: note: diagnostic msg: /tmp/Builder-975698.sh
clang-10: note: diagnostic msg:
********************
make[2]: *** [CMakeFiles/LIB_LIEF.dir/build.make:1804: CMakeFiles/LIB_LIEF.dir/src/ELF/Builder.cpp.o] Error 254
make[1]: *** [CMakeFiles/Makefile2:373: CMakeFiles/LIB_LIEF.dir/all] Error 2
make: *** [Makefile:152: all] Error 2
