Bug 280936

Summary: cannot build world with ASAN enabled
Product: Base System Reporter: Mark Johnston <markj>
Component: binAssignee: freebsd-toolchain (Nobody) <toolchain>
Status: Closed FIXED    
Severity: Affects Only Me CC: dim
Priority: ---    
Version: 15.0-CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
reproducer script
none
reproducer script from llvm 19
none
reproducer source from llvm 19 none

Description Mark Johnston freebsd_committer freebsd_triage 2024-08-19 22:28:07 UTC 
A clean buildworld with `WITH_ASAN=` on amd64 yields the following, clang version is 18.1.6:

Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses, file /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp, line 514.
PLEASE submit a bug report to https://bugs.freebsd.org/submit/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /usr/bin/cc -cc1 -triple x86_64-unknown-freebsd15.0 -emit-obj -disable-free -clear-ast-before-backend -main-file-name getcontextx.c -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debug-info-kind=standalone -dwarf-version=4 -debugger-tuning=gdb --compress-debug-sections=zlib -fdebug-compilation-dir=/home/markj/sb/main/bricoler/freebsd-src-build/obj.amd64.amd64/home/markj/sb/main/src/amd64.amd64/lib/libc -fcoverage-compilation-dir=/home/markj/sb/main/bricoler/freebsd-src-build/obj.amd64.amd64/home/markj/sb/main/src/amd64.amd64/lib/libc -sys-header-deps -D PIC -D _SYSCALL_BODY(name)= -D _FORTIFY_SOURCE_read=_read -D NO__SCCSID -D NO__RCSID -D NLS -D CRT_IRELOC_RELA -D INIT_IRELOCS=init_cpu_features() -D __DBINTERFACE_PRIVATE -D INET6 -D _ACL_PRIVATE -D POSIX_MISTAKE -D WANT_HYPERV -D BROKEN_DES -D PORTMAP -D DES_BUILTIN -D YP -D NS_CACHING -O2 -Wno-format-zero-length -Wsystem-headers -Werror -Wall -Wno-format-y2k -Wno-uninitialized -Wno-pointer-sign -Wdate-time -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -Wno-error=unused-but-set-parameter -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-enum-conversion -Wno-unused-local-typedef -Wno-address-of-packed-member -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -std=gnu99 -ferror-limit 19 -ftls-model=initial-exec -fsanitize=address -fsanitize-recover=address -fsanitize-system-ignorelist=/usr/lib/clang/18/share/asan_ignorelist.txt -fno-sanitize-memory-param-retval -fsanitize-address-use-after-scope -fsanitize-address-globals-dead-stripping -fno-assume-sane-operator-new -stack-protector 2 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -vectorize-loops -vectorize-slp -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -x c getcontextx-cc225c.c
1.      <eof> parser at end of file
2.      Optimizer
 #0 0x0000000005aa60f1 PrintStackTrace /root/freebsd/contrib/llvm-project/llvm/lib/Support/Unix/Signals.inc:723:13
 #1 0x0000000005aa4105 RunSignalHandlers /root/freebsd/contrib/llvm-project/llvm/lib/Support/Signals.cpp:106:18
 #2 0x0000000005aa66f2 SignalHandler /root/freebsd/contrib/llvm-project/llvm/lib/Support/Unix/Signals.inc:0:3
 #3 0x00000008075d74ec handle_signal /root/freebsd/lib/libthr/thread/thr_sig.c:0:3
 #4 0x00000008075d6aab thr_sighandler /root/freebsd/lib/libthr/thread/thr_sig.c:244:1
 #5 0x00007ffffffff2d3 ([vdso]+0x2d3)
 #6 0x0000000807ba235a _thr_kill /usr/obj/root/freebsd/amd64.amd64/lib/libsys/thr_kill.S:4:0
 #7 0x00000008077f8704 _raise /root/freebsd/lib/libc/gen/raise.c:0:10
 #8 0x00000008078ac319 abort /root/freebsd/lib/libc/stdlib/abort.c:67:17
 #9 0x00000008077dc081 (/lib/libc.so.7+0x97081)
#10 0x000000000501afbc analyzeAllUses /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp:0:9
#11 0x000000000501555f run /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp:550:20
#12 0x000000000501555f getInfo /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp:876:32
#13 0x0000000005016188 getInfo /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp:891:19
#14 0x0000000005018d1e __root /usr/obj/root/freebsd/amd64.amd64/tmp/usr/include/c++/v1/__tree:972:54
#15 0x0000000005018d1e find<const llvm::Instruction *> /usr/obj/root/freebsd/amd64.amd64/tmp/usr/include/c++/v1/__tree:2098:43
#16 0x0000000005018d1e find /usr/obj/root/freebsd/amd64.amd64/tmp/usr/include/c++/v1/set:826:89
#17 0x0000000005018d1e stackAccessIsSafe /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp:983:30
#18 0x0000000006e3302d ignoreAccess /root/freebsd/contrib/llvm-project/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp:1317:57
#19 0x0000000006e272f8 getInterestingMemoryOperands /root/freebsd/contrib/llvm-project/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp:1336:9
#20 0x0000000006e272f8 instrumentFunction /root/freebsd/contrib/llvm-project/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp:2905:7
#21 0x0000000006e246ae ~DenseMap /root/freebsd/contrib/llvm-project/llvm/include/llvm/ADT/DenseMap.h:782:23
#22 0x0000000006e246ae ~AddressSanitizer /root/freebsd/contrib/llvm-project/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp:647:8
#23 0x0000000006e246ae run /root/freebsd/contrib/llvm-project/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp:1191:3
#24 0x0000000003151ec2 /root/freebsd/contrib/llvm-project/llvm/include/llvm/IR/PassManagerInternal.h:89:5
#25 0x00000000056bf091 run /root/freebsd/contrib/llvm-project/llvm/include/llvm/IR/PassManager.h:547:10
#26 0x00000000031486cb isSmall /root/freebsd/contrib/llvm-project/llvm/include/llvm/ADT/SmallPtrSet.h:195:33
#27 0x00000000031486cb ~SmallPtrSetImplBase /root/freebsd/contrib/llvm-project/llvm/include/llvm/ADT/SmallPtrSet.h:83:10
#28 0x00000000031486cb ~PreservedAnalyses /root/freebsd/contrib/llvm-project/llvm/include/llvm/IR/PassManager.h:172:7
#29 0x00000000031486cb RunOptimizationPipeline /root/freebsd/contrib/llvm-project/clang/lib/CodeGen/BackendUtil.cpp:1101:5
#30 0x0000000003141268 EmitAssembly /root/freebsd/contrib/llvm-project/clang/lib/CodeGen/BackendUtil.cpp:0:3
#31 0x0000000003141268 EmitBackendOutput /root/freebsd/contrib/llvm-project/clang/lib/CodeGen/BackendUtil.cpp:1328:13
#32 0x0000000003156994 reset /usr/obj/root/freebsd/amd64.amd64/tmp/usr/include/c++/v1/__memory/unique_ptr.h:263:29
#33 0x0000000003156994 ~unique_ptr /usr/obj/root/freebsd/amd64.amd64/tmp/usr/include/c++/v1/__memory/unique_ptr.h:236:71
#34 0x0000000003156994 HandleTranslationUnit /root/freebsd/contrib/llvm-project/clang/lib/CodeGen/CodeGenAction.cpp:379:3
#35 0x0000000003aeb646 begin /usr/obj/root/freebsd/amd64.amd64/tmp/usr/include/c++/v1/vector:1369:28
#36 0x0000000003aeb646 finalize<std::__1::vector<std::__1::unique_ptr<clang::TemplateInstantiationCallback, std::__1::default_delete<clang::TemplateInstantiationCallback> >, std::__1::allocator<std::__1::unique_ptr<clang::TemplateInstantiationCallback, std::__1::default_delete<clang::TemplateInstantiationCallback> > > > > /root/freebsd/contrib/llvm-project/clang/include/clang/Sema/TemplateInstCallback.h:54:16
#37 0x0000000003aeb646 ParseAST /root/freebsd/contrib/llvm-project/clang/lib/Parse/ParseAST.cpp:183:3
#38 0x000000000341e36f Execute /root/freebsd/contrib/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1073:10
#39 0x000000000334f02d getPtr /root/freebsd/contrib/llvm-project/llvm/include/llvm/Support/Error.h:276:42
#40 0x000000000334f02d operator bool /root/freebsd/contrib/llvm-project/llvm/include/llvm/Support/Error.h:239:16
#41 0x000000000334f02d ExecuteAction /root/freebsd/contrib/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:1057:23
#42 0x00000000034e929c ExecuteCompilerInvocation /root/freebsd/contrib/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:272:25
#43 0x000000000272bde1 cc1_main /root/freebsd/contrib/llvm-project/clang/tools/driver/cc1_main.cpp:294:15
#44 0x000000000273b0ab ExecuteCC1Tool /root/freebsd/contrib/llvm-project/clang/tools/driver/driver.cpp:365:12
#45 0x000000000273a194 clang_main /root/freebsd/contrib/llvm-project/clang/tools/driver/driver.cpp:405:12
#46 0x00000000027378cd main /root/freebsd/usr.bin/clang/clang/clang-driver.cpp:17:10
#47 0x00000008077cd5da __libc_start1 /root/freebsd/lib/libc/csu/libc_start1.c:157:2
Comment 1 Mark Johnston freebsd_committer freebsd_triage 2024-08-19 22:28:40 UTC 
Created attachment 252937 [details]
reproducer script

Attached the reproducer generated by clang.
Comment 2 Mark Johnston freebsd_committer freebsd_triage 2024-10-24 17:05:22 UTC 
This is still broken with LLVM 19.  Dmitry, do you have any pointers on how to reduce this to a useful test case that we could submit in an upstream bug report?  I don't have much experience with that.
Comment 3 Mark Johnston freebsd_committer freebsd_triage 2024-10-24 17:06:26 UTC 
(In reply to Mark Johnston from comment #2)
Sorry, Dimitry*
Comment 4 Dimitry Andric freebsd_committer freebsd_triage 2024-10-24 17:11:21 UTC 
(In reply to Mark Johnston from comment #3)
This fell completely through the cracks for me, sorry! I'll take a look at that reproducer.
Comment 5 Dimitry Andric freebsd_committer freebsd_triage 2024-10-24 22:15:41 UTC 
(In reply to Dimitry Andric from comment #4)
Eh Mark, do you also happen to have the preprocessed source file? It should have been dumped in /tmp, similar to the shell script.
Comment 6 Mark Johnston freebsd_committer freebsd_triage 2024-10-25 13:10:50 UTC 
Created attachment 254508 [details]
reproducer script from llvm 19
Comment 7 Mark Johnston freebsd_committer freebsd_triage 2024-10-25 13:11:24 UTC 
Created attachment 254509 [details]
reproducer source from llvm 19
Comment 8 Mark Johnston freebsd_committer freebsd_triage 2024-10-25 13:11:47 UTC 
(In reply to Dimitry Andric from comment #5)
Woops.  I reproduced the problem and attached both files this time.
Comment 9 Dimitry Andric freebsd_committer freebsd_triage 2024-10-25 14:59:05 UTC 
In the mean time I had run a build somewhere on a universe machine, and ran into the same assertion.

So it looks like this regressed with https://github.com/llvm/llvm-project/commit/llvmorg-18-init-16766-g51fbab134560 ("[asan] Enable StackSafetyAnalysis by default"), and it still crashes with very recent main, i.e. llvmorg-20-init-09245-g0850e721ab1.

One workaround would be to use -asan-use-stack-safety=0 for this one particular troublesome source file, but I'm unsure if that will allow the rest of world to build.

Simultaneously, I think it is good to report a bug upstream, but I'll have to reduce the test case.
Comment 10 Dimitry Andric freebsd_committer freebsd_triage 2024-10-25 15:55:20 UTC 
Right, I knew I had seen this before:
https://github.com/llvm/llvm-project/issues/87923 [After 7740565f56ce, "Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses" with -asan-use-stack-safety]

This looks like the same sort of thing. The minimized test case I arrived at now was slightly different:

typedef int uint32_t;
void sysarch(int, void *);
#define DEFINE_UIFUNC(qual, ret_type, name, args)                              \
  ret_type name args __attribute__((ifunc(#name "_resolver")));                \
  ret_type(*name##_resolver(uint32_t cpu_feature2)) args
int __fillcontextx2_xfpu() {
  int xfpu;
  sysarch(2, &xfpu);
  return 0;
}
int __fillcontextx2_noxfpu();
DEFINE_UIFUNC(, int, __fillcontextx2, (char *)) {
  return cpu_feature2 ? __fillcontextx2_xfpu : __fillcontextx2_noxfpu;
}
void __fillcontextx(char *ctx) { __fillcontextx2(ctx); }

I'll need do ping the assignee of the upstream bug again.
Comment 11 commit-hook freebsd_committer freebsd_triage 2024-10-28 17:35:39 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=f3457ed94241be9d4c2c3ab337c9086d5c45c43f

commit f3457ed94241be9d4c2c3ab337c9086d5c45c43f
Author:     Dimitry Andric <dim@FreeBSD.org>
AuthorDate: 2024-10-28 17:33:49 +0000
Commit:     Dimitry Andric <dim@FreeBSD.org>
CommitDate: 2024-10-28 17:34:58 +0000

    Tentatively merge llvm fix for buildworld WITH_ASAN

    Building world using WITH_ASAN results in an assertion when compiling
    certain source files referencing ifuncs:

      Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses, file /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp, line 514.

    This was already reported upstream a while ago, in
    <https://github.com/llvm/llvm-project/issues/87923>, but now there is
    finally a candidate fix, which seems trivial so I am importing it right
    away.

    Reported by:    markj
    PR:             280936
    Pull Request:   https://github.com/llvm/llvm-project/pull/113841
    MFC after:      3 days

 contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 12 Mark Johnston freebsd_committer freebsd_triage 2024-10-28 18:54:54 UTC 
(In reply to commit-hook from comment #11)
Thanks, but I think something is still missing.  A "make buildworld WITH_CLEAN= WITH_ASAN=" still crashes the same way as before.
Comment 13 Dimitry Andric freebsd_committer freebsd_triage 2024-10-28 19:02:28 UTC 
Yeah, you need to rebuild the compiler first, using MK_SYSTEM_COMPILER=no. I think I might need to bump FreeBSD_cc_version, but I really don't want to force everybody to rebuild all of llvm-project _again_. :)
Comment 14 Mark Johnston freebsd_committer freebsd_triage 2024-10-28 20:14:26 UTC 
(In reply to Dimitry Andric from comment #13)
Woops, you're right, thanks.  I even thought of that before commenting, but then failed to actually try it.
Comment 15 commit-hook freebsd_committer freebsd_triage 2024-11-02 19:41:43 UTC 
A commit in branch stable/14 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=17d39df524a5003131398bc9fbdf8c9fef043d05

commit 17d39df524a5003131398bc9fbdf8c9fef043d05
Author:     Dimitry Andric <dim@FreeBSD.org>
AuthorDate: 2024-10-28 17:33:49 +0000
Commit:     Dimitry Andric <dim@FreeBSD.org>
CommitDate: 2024-11-02 19:37:27 +0000

    Tentatively merge llvm fix for buildworld WITH_ASAN

    Building world using WITH_ASAN results in an assertion when compiling
    certain source files referencing ifuncs:

      Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses, file /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp, line 514.

    This was already reported upstream a while ago, in
    <https://github.com/llvm/llvm-project/issues/87923>, but now there is
    finally a candidate fix, which seems trivial so I am importing it right
    away.

    Reported by:    markj
    PR:             280936
    Pull Request:   https://github.com/llvm/llvm-project/pull/113841
    MFC after:      3 days

    (cherry picked from commit f3457ed94241be9d4c2c3ab337c9086d5c45c43f)

 contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 16 commit-hook freebsd_committer freebsd_triage 2024-11-02 19:41:44 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=814ddb3c8cda06686c5fe10f67b63bc2457e97b5

commit 814ddb3c8cda06686c5fe10f67b63bc2457e97b5
Author:     Dimitry Andric <dim@FreeBSD.org>
AuthorDate: 2024-10-28 17:33:49 +0000
Commit:     Dimitry Andric <dim@FreeBSD.org>
CommitDate: 2024-11-02 19:37:33 +0000

    Tentatively merge llvm fix for buildworld WITH_ASAN

    Building world using WITH_ASAN results in an assertion when compiling
    certain source files referencing ifuncs:

      Assertion failed: (isa<Function>(Callee) || isa<GlobalAlias>(Callee)), function analyzeAllUses, file /root/freebsd/contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp, line 514.

    This was already reported upstream a while ago, in
    <https://github.com/llvm/llvm-project/issues/87923>, but now there is
    finally a candidate fix, which seems trivial so I am importing it right
    away.

    Reported by:    markj
    PR:             280936
    Pull Request:   https://github.com/llvm/llvm-project/pull/113841
    MFC after:      3 days

    (cherry picked from commit f3457ed94241be9d4c2c3ab337c9086d5c45c43f)

 contrib/llvm-project/llvm/lib/Analysis/StackSafetyAnalysis.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 17 Dimitry Andric freebsd_committer freebsd_triage 2024-11-02 19:51:21 UTC 
Mark, have you been able to check this, so we can close this bug? For me it all built successfully. However, some runtime testing might also be nice :)
Comment 18 Mark Johnston freebsd_committer freebsd_triage 2024-11-04 13:32:47 UTC 
(In reply to Dimitry Andric from comment #17)
Some basic testing indicates it works, thanks!

I tried booting a VM image entirely built with ASAN enabled, and /bin/sh crashes pretty early due to what looks like a false positive, but I think it's a separate problem.