New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Crash during liveness analysis #114
Comments
Here's a sample liveness debug log:
So this all seems to be related t o AVX instructions... |
Could I have access to the binary you're getting this crash on? |
Also if you could provide me with your os and library versions, that would be helpful,
Update: Also what GCC are you building with? |
@jdetter I would bet that this is reproducible with parseThat -i3 on any of our VEX test binaries. |
@wrwilliams yup I was able to get it to seg fault. |
Somehow I am getting a different error than @ea is reporting. When I run parseThat without gdb it crashes with an assert but when I run it with gdb it finishes without an issue. @wrwilliams any idea why that would be? |
That smells like uninitialized memory to me. valgrind have anything useful to say for itself here? |
Looks like there aren't any memory errors, but that at least got me a stacktrace:
|
This is the code block causing the issue for me. The first assert fails.
|
...comment does not match code. @mxz297, you know off the top of your head what's up here? |
I added some more asserts in the liveness analysis that probably should have been there (checks to make sure array indexes are greater than 0). This should at least cause asserts instead of silent failures and buffer overreads. I think I need more environment and binary information from @ea to reproduce his specific issue. |
This issue has been frustratingly difficult to debug, primarily because the bug doesn't appear every run and it never appears when ran through gdb (at least for me). I talked with Xiaozhu and he said he would be able to look at this sometime this week. |
Did you get my offlist email ? |
@ea unfortunately I did not, did you send it to jdetter@wisc.edu? |
forwarded, please check spam :) |
What @jdetter has seen is mainly caused by an issue of inconsistent CFG labeling. Basically, we somehow did not finalize a function after parsing it. So, the function had an incomplete basic block list. In liveness analysis, we first calculated block summaries based on this incomplete block list. Then when we were performing the fix point analysis, we visited a block that was truly in this function, but was not included in the basic block list. However, in the end, I think the issue reported by @ea is different issue from this inconsistent CFG issue. I will first fix the inconsistent CFG issue first and then see what we have. |
I am now able to reproduce the exact crash. I will get to you @ea when I have a better idea of what's the problem. |
@jdetter The issue is that we do not represent ymm registers for 32-bit binaries. The offending instruction is
In common/h/dyn_regs.h and dataflowAPI/src/RegisterMap.C, we have code for representing ymm registers for 64-bit binaries, but we do not have any code for representing ymm registers for 32-bit binaries. |
…egisters to prevent future similar issues.
I'm rebuilding/rerunning in a 32 bit environment to make sure the patch works, but so far it looks like I have it fixed. |
Rebuilding too and will try against my target binary ASAP and report back. Thanks! |
@ea the patch is available on branch |
This is now available on |
The fix for this issue must be moved into |
registers that aren't defined. Partial fix for #114
registers that aren't defined. Partial fix for #114
Hi
I just updated to the latest release and spoted a crashing bug with a certain binary.
The crash happens on : https://github.com/dyninst/dyninst/blob/master/dataflowAPI/src/liveness.C#L473
and again on https://github.com/dyninst/dyninst/blob/master/dataflowAPI/src/liveness.C#L510
Both times the similar code
For some cases , getIndex(base) will return -1 , which will cause an out of bounds access leading to segfault.
This is the crash i get:
I tried to enable liveness debug output, but the offending binary is big and the liveness debug log is getting huge. I'll update the issue once I isolate the problematic instruction/code.
Cheers
The text was updated successfully, but these errors were encountered: