After 7740565f56ce, "Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses" with -asan-use-stack-safety #87923

DimitryAndric · 2024-04-07T13:14:18Z

Commit 7740565 enabled StackSafetyAnalysis (-asan-use-stack-safety=1) by default. Afterwards, clang crashes with ASan enabled on https://github.com/freebsd/freebsd-src/blob/main/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c :

Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses, file /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp, line 514.
PLEASE submit a bug report to https://bugs.freebsd.org/submit/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: clang -cc1 -triple x86_64-unknown-freebsd15.0 -emit-obj -disable-free -clear-ast-before-backend -main-file-name dtrace.c -mrelocation-model static -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -ffreestanding -mcmodel=kernel -target-cpu x86-64 -target-feature -mmx -target-feature -sse -target-feature -aes -target-feature -avx -disable-red-zone -no-implicit-float -tune-cpu generic -debug-info-kind=standalone -dwarf-version=4 -debugger-tuning=gdb -fdebug-compilation-dir=/home/dim/obj/home/dim/src/freebsd/src/amd64.amd64/sys/GENERIC-KASAN/modules/home/dim/src/freebsd/src/sys/modules/dtrace/dtrace -fdebug-prefix-map=./machine=/home/dim/src/freebsd/src/sys/amd64/include -fdebug-prefix-map=./x86=/home/dim/src/freebsd/src/sys/x86/include -fdebug-prefix-map=./i386=/home/dim/src/freebsd/src/sys/i386/include -fcoverage-compilation-dir=/home/dim/obj/home/dim/src/freebsd/src/amd64.amd64/sys/GENERIC-KASAN/modules/home/dim/src/freebsd/src/sys/modules/dtrace/dtrace -nostdsysteminc -nobuiltininc -sys-header-deps -D _SYS_VMEM_H_ -D __KERNEL__ -D SMP -D DIS_MEM -D _KERNEL -D KLD_MODULE -D KLD_TIED -D HAVE_KERNEL_OPTION_HEADERS -D SAN_NEEDS_INTERCEPTORS -D SAN_INTERCEPTOR_PREFIX=kasan -D __printf__=__freebsd_kprintf__ -O2 -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wcast-qual -Wundef -Wno-pointer-sign -Wmissing-include-dirs -Wno-unknown-pragmas -Wswitch -Wno-error=tautological-compare -Wno-error=empty-body -Wno-error=parentheses-equality -Wno-error=unused-function -Wno-error=pointer-sign -Wno-error=shift-negative-value -Wno-address-of-packed-member -Wno-format-zero-length -Wno-parentheses -Wno-cast-qual -Wno-unused -std=gnu99 -ferror-limit 19 -fsanitize=kernel-address -fsanitize-recover=kernel-address -fno-sanitize-memory-param-retval -fno-sanitize-address-use-odr-indicator -fwrapv -stack-protector 1 -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -mllvm -asan-stack=true -mllvm -asan-instrument-dynamic-allocas=true -mllvm -asan-globals=true -mllvm -asan-use-after-scope=true -mllvm -asan-instrumentation-with-call-threshold=0 -mllvm -asan-instrument-byval=false -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -x c dtrace-5c7112.c
1.      <eof> parser at end of file
2.      Optimizer
 #0 0x0000000005ab54c1 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/lib/Support/Unix/Signals.inc:723:13
 #1 0x0000000005ab34b5 llvm::sys::RunSignalHandlers() /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/lib/Support/Signals.cpp:106:18
 #2 0x0000000005ab5ac2 SignalHandler(int) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/lib/Support/Unix/Signals.inc:0:3
 #3 0x000000082b949570 handle_signal /share/dim/src/freebsd/llvm-18-update/lib/libthr/thread/thr_sig.c:0:3
 #4 0x000000082b948b2b thr_sighandler /share/dim/src/freebsd/llvm-18-update/lib/libthr/thread/thr_sig.c:244:1
 #5 0x00000008282642d3 ([vdso]+0x2d3)
 #6 0x000000082e43819a thr_kill /usr/obj/share/dim/src/freebsd/llvm-18-update/amd64.amd64/lib/libsys/thr_kill.S:4:0
 #7 0x000000082eb4bf54 _raise /share/dim/src/freebsd/llvm-18-update/lib/libc/gen/raise.c:0:10
 #8 0x000000082ebff509 abort /share/dim/src/freebsd/llvm-18-update/lib/libc/stdlib/abort.c:67:17
 #9 0x000000082eb2f8d1 (/lib/libc.so.7+0x9c8d1)
#10 0x0000000005029acc (anonymous namespace)::StackSafetyLocalAnalysis::analyzeAllUses(llvm::Value*, (anonymous namespace)::UseInfo<llvm::GlobalValue>&, llvm::StackLifetime const&) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp:0:9
#11 0x000000000502406f (anonymous namespace)::StackSafetyLocalAnalysis::run() /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp:550:20
#12 0x000000000502406f llvm::StackSafetyInfo::getInfo() const /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp:876:32
#13 0x0000000005024c98 llvm::StackSafetyGlobalInfo::getInfo() const /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp:891:19
#14 0x000000000502782e std::__1::__tree<llvm::Instruction const*, std::__1::less<llvm::Instruction const*>, std::__1::allocator<llvm::Instruction const*>>::__root[abi:sn180100]() const /usr/obj/share/dim/src/freebsd/llvm-18-update/amd64.amd64/tmp/usr/include/c++/v1/__tree:972:54
#15 0x000000000502782e std::__1::__tree_const_iterator<llvm::Instruction const*, std::__1::__tree_node<llvm::Instruction const*, void*>*, long> std::__1::__tree<llvm::Instruction const*, std::__1::less<llvm::Instruction const*>, std::__1::allocator<llvm::Instruction const*>>::find<llvm::Instruction const*>(llvm::Instruction const* const&) const /usr/obj/share/dim/src/freebsd/llvm-18-update/amd64.amd64/tmp/usr/include/c++/v1/__tree:2098:43
#16 0x000000000502782e std::__1::set<llvm::Instruction const*, std::__1::less<llvm::Instruction const*>, std::__1::allocator<llvm::Instruction const*>>::find[abi:sn180100](llvm::Instruction const* const&) const /usr/obj/share/dim/src/freebsd/llvm-18-update/amd64.amd64/tmp/usr/include/c++/v1/set:826:89
#17 0x000000000502782e llvm::StackSafetyGlobalInfo::stackAccessIsSafe(llvm::Instruction const&) const /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp:983:30
#18 0x0000000006e4274d (anonymous namespace)::AddressSanitizer::ignoreAccess(llvm::Instruction*, llvm::Value*) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp:1317:57
#19 0x0000000006e36970 (anonymous namespace)::AddressSanitizer::getInterestingMemoryOperands(llvm::Instruction*, llvm::SmallVectorImpl<llvm::InterestingMemoryOperand>&) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp:1331:9
#20 0x0000000006e36970 (anonymous namespace)::AddressSanitizer::instrumentFunction(llvm::Function&, llvm::TargetLibraryInfo const*) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp:2905:7
#21 0x0000000006e33dae llvm::DenseMap<llvm::AllocaInst const*, bool, llvm::DenseMapInfo<llvm::AllocaInst const*, void>, llvm::detail::DenseMapPair<llvm::AllocaInst const*, bool>>::~DenseMap() /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/include/llvm/ADT/DenseMap.h:782:23
#22 0x0000000006e33dae (anonymous namespace)::AddressSanitizer::~AddressSanitizer() /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp:647:8
#23 0x0000000006e33dae llvm::AddressSanitizerPass::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp:1191:3
#24 0x000000000315f522 llvm::detail::PassModel<llvm::Module, llvm::AddressSanitizerPass, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/include/llvm/IR/PassManagerInternal.h:89:5
#25 0x00000000056cdea1 llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/include/llvm/IR/PassManager.h:547:10
#26 0x0000000003155d2b llvm::SmallPtrSetImplBase::isSmall() const /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/include/llvm/ADT/SmallPtrSet.h:195:33
#27 0x0000000003155d2b llvm::SmallPtrSetImplBase::~SmallPtrSetImplBase() /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/include/llvm/ADT/SmallPtrSet.h:83:10
#28 0x0000000003155d2b llvm::PreservedAnalyses::~PreservedAnalyses() /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/include/llvm/IR/PassManager.h:172:7
#29 0x0000000003155d2b (anonymous namespace)::EmitAssemblyHelper::RunOptimizationPipeline(clang::BackendAction, std::__1::unique_ptr<llvm::raw_pwrite_stream, std::__1::default_delete<llvm::raw_pwrite_stream>>&, std::__1::unique_ptr<llvm::ToolOutputFile, std::__1::default_delete<llvm::ToolOutputFile>>&, clang::BackendConsumer*) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/clang/lib/CodeGen/BackendUtil.cpp:1101:5
#30 0x000000000314e8a8 (anonymous namespace)::EmitAssemblyHelper::EmitAssembly(clang::BackendAction, std::__1::unique_ptr<llvm::raw_pwrite_stream, std::__1::default_delete<llvm::raw_pwrite_stream>>, clang::BackendConsumer*) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/clang/lib/CodeGen/BackendUtil.cpp:0:3
#31 0x000000000314e8a8 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, llvm::IntrusiveRefCntPtr<llvm::vfs::FileSystem>, std::__1::unique_ptr<llvm::raw_pwrite_stream, std::__1::default_delete<llvm::raw_pwrite_stream>>, clang::BackendConsumer*) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/clang/lib/CodeGen/BackendUtil.cpp:1328:13
#32 0x0000000003163ff4 std::__1::unique_ptr<llvm::raw_pwrite_stream, std::__1::default_delete<llvm::raw_pwrite_stream>>::reset[abi:sn180100](llvm::raw_pwrite_stream*) /usr/obj/share/dim/src/freebsd/llvm-18-update/amd64.amd64/tmp/usr/include/c++/v1/__memory/unique_ptr.h:263:29
#33 0x0000000003163ff4 std::__1::unique_ptr<llvm::raw_pwrite_stream, std::__1::default_delete<llvm::raw_pwrite_stream>>::~unique_ptr[abi:sn180100]() /usr/obj/share/dim/src/freebsd/llvm-18-update/amd64.amd64/tmp/usr/include/c++/v1/__memory/unique_ptr.h:236:71
#34 0x0000000003163ff4 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/clang/lib/CodeGen/CodeGenAction.cpp:379:3
#35 0x0000000003af9d06 std::__1::vector<std::__1::unique_ptr<clang::TemplateInstantiationCallback, std::__1::default_delete<clang::TemplateInstantiationCallback>>, std::__1::allocator<std::__1::unique_ptr<clang::TemplateInstantiationCallback, std::__1::default_delete<clang::TemplateInstantiationCallback>>>>::begin[abi:sn180100]() /usr/obj/share/dim/src/freebsd/llvm-18-update/amd64.amd64/tmp/usr/include/c++/v1/vector:1369:28
#36 0x0000000003af9d06 void clang::finalize<std::__1::vector<std::__1::unique_ptr<clang::TemplateInstantiationCallback, std::__1::default_delete<clang::TemplateInstantiationCallback>>, std::__1::allocator<std::__1::unique_ptr<clang::TemplateInstantiationCallback, std::__1::default_delete<clang::TemplateInstantiationCallback>>>>>(std::__1::vector<std::__1::unique_ptr<clang::TemplateInstantiationCallback, std::__1::default_delete<clang::TemplateInstantiationCallback>>, std::__1::allocator<std::__1::unique_ptr<clang::TemplateInstantiationCallback, std::__1::default_delete<clang::TemplateInstantiationCallback>>>>&, clang::Sema const&) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/clang/include/clang/Sema/TemplateInstCallback.h:54:16
#37 0x0000000003af9d06 clang::ParseAST(clang::Sema&, bool, bool) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/clang/lib/Parse/ParseAST.cpp:183:3
#38 0x000000000342c6ff clang::FrontendAction::Execute() /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1073:10
#39 0x000000000335cd0d llvm::Error::getPtr() const /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/include/llvm/Support/Error.h:276:42
#40 0x000000000335cd0d llvm::Error::operator bool() /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/llvm/include/llvm/Support/Error.h:239:16
#41 0x000000000335cd0d clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:1057:23
#42 0x00000000034f769c clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:272:25
#43 0x00000000027390a1 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/clang/tools/driver/cc1_main.cpp:294:15
#44 0x000000000274842b ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/clang/tools/driver/driver.cpp:365:12
#45 0x0000000002747517 clang_main(int, char**, llvm::ToolContext const&) /share/dim/src/freebsd/llvm-18-update/contrib/llvm-project/clang/tools/driver/driver.cpp:405:12
#46 0x0000000002744c2d main /share/dim/src/freebsd/llvm-18-update/usr.bin/clang/clang/clang-driver.cpp:17:10
#47 0x000000082eb20e2a __libc_start1 /share/dim/src/freebsd/llvm-18-update/lib/libc/csu/libc_start1.c:157:2
Abort trap

Minimized test case:

// clang -cc1 -triple x86_64-- -S -O2 -fsanitize=address dtrace-min.c
long cpu_core_0_1;
long dtrace_fuword64_nocheck(void *)
    __attribute__((ifunc("dtrace_fuword64_nocheck"
                         "_resolver")));
void dtrace_fuword64(void *uaddr) {
  cpu_core_0_1 = dtrace_fuword64_nocheck(uaddr);
}
long *dtrace_fuword64_nocheck_resolver() { return 0; }

The text was updated successfully, but these errors were encountered:

DimitryAndric · 2024-04-07T13:15:20Z

@MaskRay @kstoimenov @ZequanWu (from #77210)

Work around llvm/llvm-project#87923, which leads to an assertion failure compiling several kernel source files with asan enabled. PR: 276104 MFC after: 1 month

Work around llvm/llvm-project#87923, which leads to an assertion failure compiling several kernel source files with asan enabled. PR: 276104 MFC after: 1 month (cherry picked from commit b811dac)

MaskRay · 2024-06-24T18:54:59Z

Sorry. Just saw this issue. We need to skip analysis for ifunc.

StackSafetyAnalysis.cpp:536: void (anonymous namespace)::StackSafetyLocalAnalysis::analyzeAllUses(Value *, UseInfo<GlobalValue> &, const StackLifetime &): Assertion `isa<Function>(Callee) || isa<GlobalAlias>(Callee)' failed.

Work around llvm/llvm-project#87923, which leads to an assertion failure compiling several kernel source files with asan enabled. PR: 276104 MFC after: 1 month

DimitryAndric · 2024-10-25T15:56:16Z

I've just been notified again of the same issue, in https://bugs.freebsd.org/280936, but now it occurred during building of FreeBSD user space. @MaskRay did you get any further with this? :)

MaskRay · 2024-10-27T23:05:33Z

I've just been notified again of the same issue, in bugs.freebsd.org/280936, but now it occurred during building of FreeBSD user space. @MaskRay did you get any further with this? :)

Sorry, I did not realized that I did not upload a patch...

#113841

Building world using WITH_ASAN results in an assertion when compiling certain source files referencing ifuncs: Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses, file /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp, line 514. This was already reported upstream a while ago, in <llvm/llvm-project#87923>, but now there is finally a candidate fix, which seems trivial so I am importing it right away. Reported by: markj PR: 280936 Pull Request: llvm/llvm-project#113841 MFC after: 3 days

An assertion failure arises when a call instruction calls a GlobalIFunc. Since we cannot reason about the underlying function, just bail out. Fix #87923 Pull Request: #113841

Building world using WITH_ASAN results in an assertion when compiling certain source files referencing ifuncs: Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses, file /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp, line 514. This was already reported upstream a while ago, in <llvm/llvm-project#87923>, but now there is finally a candidate fix, which seems trivial so I am importing it right away. Reported by: markj PR: 280936 Pull Request: llvm/llvm-project#113841 MFC after: 3 days (cherry picked from commit f3457ed)

An assertion failure arises when a call instruction calls a GlobalIFunc. Since we cannot reason about the underlying function, just bail out. Fix llvm#87923 Pull Request: llvm#113841

DimitryAndric added compiler-rt:sanitizer llvm:transforms labels Apr 7, 2024

EugeneZelenko added compiler-rt:asan Address sanitizer and removed compiler-rt:sanitizer labels Apr 7, 2024

MaskRay self-assigned this Jun 24, 2024

bsdjhb pushed a commit to bsdjhb/cheribsd that referenced this issue Aug 7, 2024

Fix GENERIC-KASAN kernel build for amd64

238b2e7

Work around llvm/llvm-project#87923, which leads to an assertion failure compiling several kernel source files with asan enabled. PR: 276104 MFC after: 1 month

MaskRay mentioned this issue Oct 27, 2024

[StackSafetyAnalysis] Bail out when calling ifunc #113841

Merged

MaskRay closed this as completed in #113841 Oct 29, 2024

EugeneZelenko added llvm:analysis and removed compiler-rt:asan Address sanitizer llvm:transforms labels Oct 29, 2024

van-ema mentioned this issue Apr 4, 2025

StackSafetyLocalAnalysis Assertion failed with ASAN #134367

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

After 7740565f56ce, "Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses" with -asan-use-stack-safety #87923

After 7740565f56ce, "Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses" with -asan-use-stack-safety #87923

DimitryAndric commented Apr 7, 2024

DimitryAndric commented Apr 7, 2024

MaskRay commented Jun 24, 2024

DimitryAndric commented Oct 25, 2024

MaskRay commented Oct 27, 2024

After 7740565f56ce, "Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses" with -asan-use-stack-safety #87923

After 7740565f56ce, "Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses" with -asan-use-stack-safety #87923

Comments

DimitryAndric commented Apr 7, 2024

DimitryAndric commented Apr 7, 2024

MaskRay commented Jun 24, 2024

DimitryAndric commented Oct 25, 2024

MaskRay commented Oct 27, 2024