Reproducible crash with Obfuscator 3.5 #15
Assignees
Comments
|
Fixed 071ed8e |
Open
hudjefa
referenced
this issue
in hudjefa/obfuscator-llvm
Feb 14, 2022
The Select insn in BPF is expensive as BPF backend needs to resolve with conditionals. This patch set the getCmpSelInstrCost() to SCEVCheapExpansionBudget for Select insn to prevent some Select insn related optimizations. This change is motivated during bcc code review for iovisor/bcc#3270 where IndVarSimplifyPass eventually caused generating the following asm code: ; for (i = 0; (i < VIRTIO_MAX_SGS) && (i < num); i++) { 14: 16 05 40 00 00 00 00 00 if w5 == 0 goto +64 <LBB0_6> 15: bc 51 00 00 00 00 00 00 w1 = w5 16: 04 01 00 00 ff ff ff ff w1 += -1 17: 67 05 00 00 20 00 00 00 r5 <<= 32 18: 77 05 00 00 20 00 00 00 r5 >>= 32 19: a6 01 01 00 05 00 00 00 if w1 < 5 goto +1 <LBB0_4> 20: b7 05 00 00 06 00 00 00 r5 = 6 00000000000000a8 <LBB0_4>: 21: b7 02 00 00 00 00 00 00 r2 = 0 22: b7 01 00 00 00 00 00 00 r1 = 0 ; for (i = 0; (i < VIRTIO_MAX_SGS) && (i < num); i++) { 23: 7b 1a e0 ff 00 00 00 00 *(u64 *)(r10 - 32) = r1 24: 7b 5a c0 ff 00 00 00 00 *(u64 *)(r10 - 64) = r5 Note that insn heroims#15 has w1 = w5 and w1 is refined later but r5(w5) is eventually saved on stack at insn heroims#24 for later use. This cause later verifier failures. With this change, IndVarSimplifyPass won't do the above transformation any more. Differential Revision: https://reviews.llvm.org/D97479 (cherry picked from commit 1959ead525b8830cc8a345f45e1c3ef9902d3229)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
[Received on [email protected]]
Hi,
I have a reproducible crash with Obfuscator 3.5 from commit 54b54ee built in Ubuntu 14.04 x64.
Sorry for not using the Issue system in github but it doesn't allow to attach .tar.gz files.
Please check the attached .tar.gz and just run make, or build the included main.c file.
The build process will fail with a compiler crash like this:
/opt/obfuscator-llvm-3.5/bin/clang -Os -g -m32 -Wall -o main32 main.c
/opt/obfuscator-llvm-3.5/bin/clang -mllvm -sub -mllvm -bcf -mllvm -fla -mllvm -aesSeed=00000000000000000000000000000000 -Os -g -m32 -Wall -o main32obf.o main.c
0 clang-3.5 0x00000000013ac992 llvm::sys::PrintStackTrace(IO_FILE) + 34
1 clang-3.5 0x00000000013ac544
2 libpthread.so.0 0x00002abe3166d340
3 clang-3.5 0x00000000010ded40 llvm::PHINode::removeIncomingValue(unsigned int, bool) + 48
4 clang-3.5 0x00000000013e5b47
5 clang-3.5 0x00000000013e57f8
6 clang-3.5 0x00000000013e5832
7 clang-3.5 0x00000000013e5832
8 clang-3.5 0x00000000013e63b2
9 clang-3.5 0x00000000018b0f14
10 clang-3.5 0x00000000010f896f llvm::FPPassManager::runOnFunction(llvm::Function&) + 623
11 clang-3.5 0x00000000010f89fb llvm::FPPassManager::runOnModule(llvm::Module&) + 43
12 clang-3.5 0x00000000010fae95 llvm::legacy::PassManagerImpl::run(llvm::Module&) + 709
13 clang-3.5 0x0000000001734210 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module_, clang::BackendAction, llvm::raw_ostream_) + 3024
14 clang-3.5 0x000000000172e979
15 clang-3.5 0x0000000001a85293 clang::ParseAST(clang::Sema&, bool, bool) + 483
16 clang-3.5 0x000000000172f6e2 clang::CodeGenAction::ExecuteAction() + 50
17 clang-3.5 0x00000000015072b6 clang::FrontendAction::Execute() + 118
18 clang-3.5 0x00000000014e9150 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 256
19 clang-3.5 0x0000000001573d51 clang::ExecuteCompilerInvocation(clang::CompilerInstance_) + 1921
20 clang-3.5 0x00000000007f1528 cc1_main(char const**, char const**, char const_, void_) + 1304
21 clang-3.5 0x00000000007cddff main + 8575
22 libc.so.6 0x00002abe322d5ec5 __libc_start_main + 245
23 clang-3.5 0x00000000007ef7f9
Stack dump:
0. Program arguments: /opt/obfuscator-llvm-3.5/bin/clang-3.5 -cc1 -triple i386-unknown-linux-gnu -emit-obj -disable-free -disable-llvm-verifier -main-file-name main.c -mrelocation-model static -fmath-errno -masm-verbose -mconstructor-aliases -fuse-init-array -target-cpu pentium4 -momit-leaf-frame-pointer -g -dwarf-column-info -resource-dir /opt/obfuscator-llvm-3.5/bin/../lib/clang/3.5.0 -internal-isystem /usr/local/include -internal-isystem /opt/obfuscator-llvm-3.5/bin/../lib/clang/3.5.0/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -Os -Wall -fdebug-compilation-dir /home/am/Desktop/test_crash1 -ferror-limit 19 -fmessage-length 0 -mstackrealign -fobjc-runtime=gcc -fdiagnostics-show-option -vectorize-loops -vectorize-slp -mllvm -sub -mllvm -bcf -mllvm -fla -mllvm -aesSeed=00000000000000000000000000000000 -o /tmp/main-88fbc5.o -x c main.c
clang-3.5: error: unable to execute command: Segmentation fault (core dumped)
clang-3.5: error: clang frontend command failed due to signal (use -v to see invocation)
Obfuscator- clang version 3.5.0 (tags/RELEASE_350/final) (based on LLVM 3.5.0svn)
Target: i386-unknown-linux-gnu
Thread model: posix
clang-3.5: note: diagnostic msg: PLEASE submit a bug report to http://o-llvm.org and include the crash backtrace, preprocessed source, and associated run script.
clang-3.5: note: diagnostic msg:
PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-3.5: note: diagnostic msg: /tmp/main-08f641.c
clang-3.5: note: diagnostic msg: /tmp/main-08f641.sh
clang-3.5: note: diagnostic msg:
make: *** [all] Error 254
Please let me know if you need additional info.
Ciao,
Andrea
The text was updated successfully, but these errors were encountered: