A clean buildworld with `WITH_ASAN=` on amd64 yields the following, clang version is 18.1.6: Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses, file /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp, line 514. PLEASE submit a bug report to https://bugs.freebsd.org/submit/ and include the crash backtrace, preprocessed source, and associated run script. Stack dump: 0. Program arguments: /usr/bin/cc -cc1 -triple x86_64-unknown-freebsd15.0 -emit-obj -disable-free -clear-ast-before-backend -main-file-name getcontextx.c -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debug-info-kind=standalone -dwarf-version=4 -debugger-tuning=gdb --compress-debug-sections=zlib -fdebug-compilation-dir=/home/markj/sb/main/bricoler/freebsd-src-build/obj.amd64.amd64/home/markj/sb/main/src/amd64.amd64/lib/libc -fcoverage-compilation-dir=/home/markj/sb/main/bricoler/freebsd-src-build/obj.amd64.amd64/home/markj/sb/main/src/amd64.amd64/lib/libc -sys-header-deps -D PIC -D _SYSCALL_BODY(name)= -D _FORTIFY_SOURCE_read=_read -D NO__SCCSID -D NO__RCSID -D NLS -D CRT_IRELOC_RELA -D INIT_IRELOCS=init_cpu_features() -D __DBINTERFACE_PRIVATE -D INET6 -D _ACL_PRIVATE -D POSIX_MISTAKE -D WANT_HYPERV -D BROKEN_DES -D PORTMAP -D DES_BUILTIN -D YP -D NS_CACHING -O2 -Wno-format-zero-length -Wsystem-headers -Werror -Wall -Wno-format-y2k -Wno-uninitialized -Wno-pointer-sign -Wdate-time -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -Wno-error=unused-but-set-parameter -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-enum-conversion -Wno-unused-local-typedef -Wno-address-of-packed-member -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -std=gnu99 -ferror-limit 19 -ftls-model=initial-exec -fsanitize=address -fsanitize-recover=address -fsanitize-system-ignorelist=/usr/lib/clang/18/share/asan_ignorelist.txt -fno-sanitize-memory-param-retval -fsanitize-address-use-after-scope -fsanitize-address-globals-dead-stripping -fno-assume-sane-operator-new -stack-protector 2 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -vectorize-loops -vectorize-slp -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -x c getcontextx-cc225c.c 1. <eof> parser at end of file 2. Optimizer #0 0x0000000005aa60f1 PrintStackTrace /root/freebsd/contrib/llvm-project/llvm/lib/Support/Unix/Signals.inc:723:13 #1 0x0000000005aa4105 RunSignalHandlers /root/freebsd/contrib/llvm-project/llvm/lib/Support/Signals.cpp:106:18 #2 0x0000000005aa66f2 SignalHandler /root/freebsd/contrib/llvm-project/llvm/lib/Support/Unix/Signals.inc:0:3 #3 0x00000008075d74ec handle_signal /root/freebsd/lib/libthr/thread/thr_sig.c:0:3 #4 0x00000008075d6aab thr_sighandler /root/freebsd/lib/libthr/thread/thr_sig.c:244:1 #5 0x00007ffffffff2d3 ([vdso]+0x2d3) #6 0x0000000807ba235a _thr_kill /usr/obj/root/freebsd/amd64.amd64/lib/libsys/thr_kill.S:4:0 #7 0x00000008077f8704 _raise /root/freebsd/lib/libc/gen/raise.c:0:10 #8 0x00000008078ac319 abort /root/freebsd/lib/libc/stdlib/abort.c:67:17 #9 0x00000008077dc081 (/lib/libc.so.7+0x97081) #10 0x000000000501afbc analyzeAllUses /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp:0:9 #11 0x000000000501555f run /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp:550:20 #12 0x000000000501555f getInfo /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp:876:32 #13 0x0000000005016188 getInfo /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp:891:19 #14 0x0000000005018d1e __root /usr/obj/root/freebsd/amd64.amd64/tmp/usr/include/c++/v1/__tree:972:54 #15 0x0000000005018d1e find<const llvm::Instruction *> /usr/obj/root/freebsd/amd64.amd64/tmp/usr/include/c++/v1/__tree:2098:43 #16 0x0000000005018d1e find /usr/obj/root/freebsd/amd64.amd64/tmp/usr/include/c++/v1/set:826:89 #17 0x0000000005018d1e stackAccessIsSafe /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp:983:30 #18 0x0000000006e3302d ignoreAccess /root/freebsd/contrib/llvm-project/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp:1317:57 #19 0x0000000006e272f8 getInterestingMemoryOperands /root/freebsd/contrib/llvm-project/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp:1336:9 #20 0x0000000006e272f8 instrumentFunction /root/freebsd/contrib/llvm-project/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp:2905:7 #21 0x0000000006e246ae ~DenseMap /root/freebsd/contrib/llvm-project/llvm/include/llvm/ADT/DenseMap.h:782:23 #22 0x0000000006e246ae ~AddressSanitizer /root/freebsd/contrib/llvm-project/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp:647:8 #23 0x0000000006e246ae run /root/freebsd/contrib/llvm-project/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp:1191:3 #24 0x0000000003151ec2 /root/freebsd/contrib/llvm-project/llvm/include/llvm/IR/PassManagerInternal.h:89:5 #25 0x00000000056bf091 run /root/freebsd/contrib/llvm-project/llvm/include/llvm/IR/PassManager.h:547:10 #26 0x00000000031486cb isSmall /root/freebsd/contrib/llvm-project/llvm/include/llvm/ADT/SmallPtrSet.h:195:33 #27 0x00000000031486cb ~SmallPtrSetImplBase /root/freebsd/contrib/llvm-project/llvm/include/llvm/ADT/SmallPtrSet.h:83:10 #28 0x00000000031486cb ~PreservedAnalyses /root/freebsd/contrib/llvm-project/llvm/include/llvm/IR/PassManager.h:172:7 #29 0x00000000031486cb RunOptimizationPipeline /root/freebsd/contrib/llvm-project/clang/lib/CodeGen/BackendUtil.cpp:1101:5 #30 0x0000000003141268 EmitAssembly /root/freebsd/contrib/llvm-project/clang/lib/CodeGen/BackendUtil.cpp:0:3 #31 0x0000000003141268 EmitBackendOutput /root/freebsd/contrib/llvm-project/clang/lib/CodeGen/BackendUtil.cpp:1328:13 #32 0x0000000003156994 reset /usr/obj/root/freebsd/amd64.amd64/tmp/usr/include/c++/v1/__memory/unique_ptr.h:263:29 #33 0x0000000003156994 ~unique_ptr /usr/obj/root/freebsd/amd64.amd64/tmp/usr/include/c++/v1/__memory/unique_ptr.h:236:71 #34 0x0000000003156994 HandleTranslationUnit /root/freebsd/contrib/llvm-project/clang/lib/CodeGen/CodeGenAction.cpp:379:3 #35 0x0000000003aeb646 begin /usr/obj/root/freebsd/amd64.amd64/tmp/usr/include/c++/v1/vector:1369:28 #36 0x0000000003aeb646 finalize<std::__1::vector<std::__1::unique_ptr<clang::TemplateInstantiationCallback, std::__1::default_delete<clang::TemplateInstantiationCallback> >, std::__1::allocator<std::__1::unique_ptr<clang::TemplateInstantiationCallback, std::__1::default_delete<clang::TemplateInstantiationCallback> > > > > /root/freebsd/contrib/llvm-project/clang/include/clang/Sema/TemplateInstCallback.h:54:16 #37 0x0000000003aeb646 ParseAST /root/freebsd/contrib/llvm-project/clang/lib/Parse/ParseAST.cpp:183:3 #38 0x000000000341e36f Execute /root/freebsd/contrib/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1073:10 #39 0x000000000334f02d getPtr /root/freebsd/contrib/llvm-project/llvm/include/llvm/Support/Error.h:276:42 #40 0x000000000334f02d operator bool /root/freebsd/contrib/llvm-project/llvm/include/llvm/Support/Error.h:239:16 #41 0x000000000334f02d ExecuteAction /root/freebsd/contrib/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:1057:23 #42 0x00000000034e929c ExecuteCompilerInvocation /root/freebsd/contrib/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:272:25 #43 0x000000000272bde1 cc1_main /root/freebsd/contrib/llvm-project/clang/tools/driver/cc1_main.cpp:294:15 #44 0x000000000273b0ab ExecuteCC1Tool /root/freebsd/contrib/llvm-project/clang/tools/driver/driver.cpp:365:12 #45 0x000000000273a194 clang_main /root/freebsd/contrib/llvm-project/clang/tools/driver/driver.cpp:405:12 #46 0x00000000027378cd main /root/freebsd/usr.bin/clang/clang/clang-driver.cpp:17:10 #47 0x00000008077cd5da __libc_start1 /root/freebsd/lib/libc/csu/libc_start1.c:157:2
Created attachment 252937 [details] reproducer script Attached the reproducer generated by clang.
This is still broken with LLVM 19. Dmitry, do you have any pointers on how to reduce this to a useful test case that we could submit in an upstream bug report? I don't have much experience with that.
(In reply to Mark Johnston from comment #2) Sorry, Dimitry*
(In reply to Mark Johnston from comment #3) This fell completely through the cracks for me, sorry! I'll take a look at that reproducer.
(In reply to Dimitry Andric from comment #4) Eh Mark, do you also happen to have the preprocessed source file? It should have been dumped in /tmp, similar to the shell script.
Created attachment 254508 [details] reproducer script from llvm 19
Created attachment 254509 [details] reproducer source from llvm 19
(In reply to Dimitry Andric from comment #5) Woops. I reproduced the problem and attached both files this time.
In the mean time I had run a build somewhere on a universe machine, and ran into the same assertion. So it looks like this regressed with https://github.com/llvm/llvm-project/commit/llvmorg-18-init-16766-g51fbab134560 ("[asan] Enable StackSafetyAnalysis by default"), and it still crashes with very recent main, i.e. llvmorg-20-init-09245-g0850e721ab1. One workaround would be to use -asan-use-stack-safety=0 for this one particular troublesome source file, but I'm unsure if that will allow the rest of world to build. Simultaneously, I think it is good to report a bug upstream, but I'll have to reduce the test case.
Right, I knew I had seen this before: https://github.com/llvm/llvm-project/issues/87923 [After 7740565f56ce, "Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses" with -asan-use-stack-safety] This looks like the same sort of thing. The minimized test case I arrived at now was slightly different: typedef int uint32_t; void sysarch(int, void *); #define DEFINE_UIFUNC(qual, ret_type, name, args) \ ret_type name args __attribute__((ifunc(#name "_resolver"))); \ ret_type(*name##_resolver(uint32_t cpu_feature2)) args int __fillcontextx2_xfpu() { int xfpu; sysarch(2, &xfpu); return 0; } int __fillcontextx2_noxfpu(); DEFINE_UIFUNC(, int, __fillcontextx2, (char *)) { return cpu_feature2 ? __fillcontextx2_xfpu : __fillcontextx2_noxfpu; } void __fillcontextx(char *ctx) { __fillcontextx2(ctx); } I'll need do ping the assignee of the upstream bug again.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=f3457ed94241be9d4c2c3ab337c9086d5c45c43f commit f3457ed94241be9d4c2c3ab337c9086d5c45c43f Author: Dimitry Andric <dim@FreeBSD.org> AuthorDate: 2024-10-28 17:33:49 +0000 Commit: Dimitry Andric <dim@FreeBSD.org> CommitDate: 2024-10-28 17:34:58 +0000 Tentatively merge llvm fix for buildworld WITH_ASAN Building world using WITH_ASAN results in an assertion when compiling certain source files referencing ifuncs: Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses, file /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp, line 514. This was already reported upstream a while ago, in <https://github.com/llvm/llvm-project/issues/87923>, but now there is finally a candidate fix, which seems trivial so I am importing it right away. Reported by: markj PR: 280936 Pull Request: https://github.com/llvm/llvm-project/pull/113841 MFC after: 3 days contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
(In reply to commit-hook from comment #11) Thanks, but I think something is still missing. A "make buildworld WITH_CLEAN= WITH_ASAN=" still crashes the same way as before.
Yeah, you need to rebuild the compiler first, using MK_SYSTEM_COMPILER=no. I think I might need to bump FreeBSD_cc_version, but I really don't want to force everybody to rebuild all of llvm-project _again_. :)
(In reply to Dimitry Andric from comment #13) Woops, you're right, thanks. I even thought of that before commenting, but then failed to actually try it.
A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=17d39df524a5003131398bc9fbdf8c9fef043d05 commit 17d39df524a5003131398bc9fbdf8c9fef043d05 Author: Dimitry Andric <dim@FreeBSD.org> AuthorDate: 2024-10-28 17:33:49 +0000 Commit: Dimitry Andric <dim@FreeBSD.org> CommitDate: 2024-11-02 19:37:27 +0000 Tentatively merge llvm fix for buildworld WITH_ASAN Building world using WITH_ASAN results in an assertion when compiling certain source files referencing ifuncs: Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses, file /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp, line 514. This was already reported upstream a while ago, in <https://github.com/llvm/llvm-project/issues/87923>, but now there is finally a candidate fix, which seems trivial so I am importing it right away. Reported by: markj PR: 280936 Pull Request: https://github.com/llvm/llvm-project/pull/113841 MFC after: 3 days (cherry picked from commit f3457ed94241be9d4c2c3ab337c9086d5c45c43f) contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=814ddb3c8cda06686c5fe10f67b63bc2457e97b5 commit 814ddb3c8cda06686c5fe10f67b63bc2457e97b5 Author: Dimitry Andric <dim@FreeBSD.org> AuthorDate: 2024-10-28 17:33:49 +0000 Commit: Dimitry Andric <dim@FreeBSD.org> CommitDate: 2024-11-02 19:37:33 +0000 Tentatively merge llvm fix for buildworld WITH_ASAN Building world using WITH_ASAN results in an assertion when compiling certain source files referencing ifuncs: Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses, file /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp, line 514. This was already reported upstream a while ago, in <https://github.com/llvm/llvm-project/issues/87923>, but now there is finally a candidate fix, which seems trivial so I am importing it right away. Reported by: markj PR: 280936 Pull Request: https://github.com/llvm/llvm-project/pull/113841 MFC after: 3 days (cherry picked from commit f3457ed94241be9d4c2c3ab337c9086d5c45c43f) contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Mark, have you been able to check this, so we can close this bug? For me it all built successfully. However, some runtime testing might also be nice :)
(In reply to Dimitry Andric from comment #17) Some basic testing indicates it works, thanks! I tried booting a VM image entirely built with ASAN enabled, and /bin/sh crashes pretty early due to what looks like a false positive, but I think it's a separate problem.