Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

valgrind errors with "wpa -anders" and PTABen #21

Closed
dtzWill opened this issue May 4, 2017 · 3 comments
Closed

valgrind errors with "wpa -anders" and PTABen #21

dtzWill opened this issue May 4, 2017 · 3 comments
Labels
bug help wanted

Comments

@dtzWill
Copy link
Contributor

dtzWill commented May 4, 2017

Using latest master (0800cd1), I just added 'valgrind' before the invocation of 'wpa' in PTABen's run.sh and am seeing the following:

http://dtz.so/docs/ladeg.log

In particular:

fi_tests/spec_tests/gap.c
@@@analyzing fi_tests/spec_tests/gap.c with testwpa.sh
==331== Memcheck, a memory error detector
==331== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==331== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==331== Command: /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa -ander -vgep=true -stat=false fi_tests/spec_tests/gap.opt
==331== 
==331== Invalid read of size 4
==331==    at 0x4B477B: ConstraintGraph::moveInEdgesToRepNode(ConstraintNode*, ConstraintNode*) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x471E33: Andersen::mergeNodeToRep(unsigned int, unsigned int) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x483098: AndersenWaveDiff::mergeNodeToRep(unsigned int, unsigned int) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x47061B: Andersen::mergeSccNodes(unsigned int, llvm::SparseBitVector<128u>&) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x47344B: Andersen::mergeSccCycle() (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x4755A0: Andersen::SCCDetect() (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x47083C: Andersen::analyze(llvm::Module&) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x42CF22: WPAPass::runPointerAnalysis(llvm::Module&, unsigned int) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x42D565: WPAPass::runOnModule(llvm::Module&) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x61302E: llvm::legacy::PassManagerImpl::run(llvm::Module&) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x417D6D: main (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==  Address 0x66eaa58 is 24 bytes inside a block of size 72 free'd
==331==    at 0x4C2C2EB: operator delete(void*) (in /nix/store/cl1jd45s910gq4jzsd0irnis14p2vmj4-valgrind-3.12.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==331==    by 0x4B40E7: ConstraintGraph::removeDirectEdge(ConstraintEdge*) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x4B477A: ConstraintGraph::moveInEdgesToRepNode(ConstraintNode*, ConstraintNode*) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x471E33: Andersen::mergeNodeToRep(unsigned int, unsigned int) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x483098: AndersenWaveDiff::mergeNodeToRep(unsigned int, unsigned int) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x47061B: Andersen::mergeSccNodes(unsigned int, llvm::SparseBitVector<128u>&) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x47344B: Andersen::mergeSccCycle() (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x4755A0: Andersen::SCCDetect() (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x47083C: Andersen::analyze(llvm::Module&) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x42CF22: WPAPass::runPointerAnalysis(llvm::Module&, unsigned int) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x42D565: WPAPass::runOnModule(llvm::Module&) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x61302E: llvm::legacy::PassManagerImpl::run(llvm::Module&) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==  Block was alloc'd at
==331==    at 0x4C2B22F: operator new(unsigned long) (in /nix/store/cl1jd45s910gq4jzsd0irnis14p2vmj4-valgrind-3.12.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==331==    by 0x4AF478: ConstraintGraph::addNormalGepCGEdge(unsigned int, unsigned int, LocationSet const&) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x4B06C5: ConstraintGraph::buildCG() (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x4771DC: Andersen::initialize(llvm::Module&) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x4707C6: Andersen::analyze(llvm::Module&) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x42CF22: WPAPass::runPointerAnalysis(llvm::Module&, unsigned int) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x42D565: WPAPass::runOnModule(llvm::Module&) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x61302E: llvm::legacy::PassManagerImpl::run(llvm::Module&) (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)
==331==    by 0x417D6D: main (in /nix/store/cwki8ybl3g876zia6m1m7g577rxpzpw1-SVF-3.8.1-2017.05.01/bin/wpa)

(apologies for lack of debug info in those traces)

If you could confirm whether this matches in your build/version that would be useful.

Let me know if you need any more information!
@dtzWill
Copy link
Contributor Author

dtzWill commented May 4, 2017

I'll hopefully have time to distill this properly later, but the most recent commits on this branch seem to fix this and a few other crash-causing memory errors:

https://github.com/dtzWill/SVF/tree/experimental/misc-fixes

Feel free to cherry-pick them over, but the entire branch is not suitable for merging as it contains both the LLVM 4 PR and unrelated changes.

@dtzWill
Copy link
Contributor Author

dtzWill commented May 4, 2017

Oh, and the PDT fix is only needed on the LLVM 4 update (cc #18).

@yuleisui
Copy link
Collaborator

yuleisui commented May 5, 2017

Will,
The CallGraphSCC one is a good fix. Could you please submit a PR?
As Jared's repo is behind the master for a while, I will ask him to create a new PR for LLVM-4, if possible.

@nix7965 nix7965 mentioned this issue Apr 29, 2017
Closed
yuleisui pushed a commit that referenced this issue May 11, 2017
Update FlowSensitive.cpp
b09729a 
Fix the duplicated callgraphSCC reported by Will (#21)
yuleisui added a commit that referenced this issue Aug 30, 2019
@yuleisui
Merge pull request #21 from kisslune/master
b3b1282 
fix unionPts()
yuleisui pushed a commit that referenced this issue Dec 1, 2022
@JasonZhongZexin
Merge pull request #21 from yuleisui/master
3241e64 
fetch upstream
yuleisui added a commit that referenced this issue Jan 4, 2024
@yuleisui
Merge pull request #21 from jumormt/1.3
4163e32 
A small refactor
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dtzWill @yuleisui