SEGV when creating llvm::Function & setting llvm::TargetTriple

[AldrinMathew]

The following is the original error

Initialising context
Context initialised
Getting module name
Creating module
Created module
Got void type
Got function type
Creating function
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==65054==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x00003c018220 (pc 0x7f6b73ffa0f5 bp 0x000007933074 sp 0x7fff08d5fe40 T65054)
==65054==The signal is caused by a READ memory access.
    #0 0x7f6b73ffa0f5 in llvm::StringMapImpl::LookupBucketFor(llvm::StringRef) (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xde60f5) (BuildId: 52065316c710ac1be836ac50bf4d5004db3205e5)
    #1 0x7f6b741f32c1 in llvm::ValueSymbolTable::reinsertValue(llvm::Value*) (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xfdf2c1) (BuildId: 52065316c710ac1be836ac50bf4d5004db3205e5)
    #2 0x7f6b741579fe in llvm::Function::Function(llvm::FunctionType*, llvm::GlobalValue::LinkageTypes, unsigned int, llvm::Twine const&, llvm::Module*) (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xf439fe) (BuildId: 52065316c710ac1be836ac50bf4d5004db3205e5)
    #3 0x55e8f55ac6b1 in llvm::Function::Create(llvm::FunctionType*, llvm::GlobalValue::LinkageTypes, llvm::Twine const&, llvm::Module*) /usr/include/llvm/IR/Function.h:147:16
    #4 0x55e8f55ac31e in main /mnt/Main/DEV/qatlang/qat/src/qat.cpp:25:3
    #5 0x7f6b72a86082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #6 0x55e8f555a14d in _start (/mnt/Main/DEV/qatlang/qat/build/qat+0x2e14d) (BuildId: d1417a87f8a16567)

UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xde60f5) (BuildId: 52065316c710ac1be836ac50bf4d5004db3205e5) in llvm::StringMapImpl::LookupBucketFor(llvm::StringRef)
==65054==ABORTING

And the code that causes the error is as follows

int main(int count, const char **args) {
  using qat::CLI::Config;

  SHOW("Initialising context")
  llvm::LLVMContext ctx{};
  SHOW("Context initialised")
  SHOW("Getting module name")
  llvm::StringRef mdname("other");
  SHOW("Creating module")
  auto mod = new llvm::Module{mdname, ctx};
  SHOW("Created module")
  auto voidTy = llvm::Type::getVoidTy(ctx);
  SHOW("Got void type")
  auto fnTy = llvm::FunctionType::get(voidTy, false);
  SHOW("Got function type")
  llvm::StringRef name("hello");
  SHOW("Creating function")
  llvm::Function::Create(
      fnTy, llvm::GlobalValue::LinkageTypes::ExternalWeakLinkage, name, mod);
  SHOW("Created function")

  return 0;

  auto cli = Config::init(count, args);
  if (cli->should_exit()) {
    return 0;
  }
  auto sitter = qat::QatSitter();
  sitter.init();
  Config::destroy();
  return 0;
}

Seeing StringMapImpl, I initially thought that the error is related to StringRef. I separated function calls to individual statements and added debug prints to see the flow of execution upto the error. Turns out, it is caused by by llvm::Function::Create when it is trying to see if the llvm::Value exists already in the bucket.

Later made a few changes to the code and added a step for setting Target triple of the module:

int main(int count, const char **args) {
  using qat::CLI::Config;

  SHOW("Initialising context")
  llvm::LLVMContext ctx;
  SHOW("Context initialised")
  SHOW("Getting module name")
  llvm::StringRef mdname("other");
  SHOW("Creating module")
  auto mod = new llvm::Module{mdname, ctx};
  SHOW("Module created")
  SHOW("Setting target triple")
  mod->setTargetTriple(LLVM_HOST_TRIPLE);
  SHOW("Target triple set")
  auto voidTy = llvm::Type::getVoidTy(ctx);
  SHOW("Got void type")
  auto fnTy = llvm::FunctionType::get(voidTy, false);
  SHOW("Got function type")
  llvm::StringRef name("hello");
  SHOW("Creating function")
  llvm::Function::Create(
      fnTy, llvm::GlobalValue::LinkageTypes::ExternalWeakLinkage, name, mod);
  SHOW("Created function")

  return 0;

  auto cli = Config::init(count, args);
  if (cli->should_exit()) {
    return 0;
  }
  if (cli->is_compile()) {
    for (auto path : cli->get_paths()) {
      std::cout << path.string() << "\n";
    }
  }
  auto sitter = qat::QatSitter();
  sitter.init();
  Config::destroy();
  return 0;
}

And guess what, the error happens at a different spot

Initialising context
Context initialised
Getting module name
Creating module
Module created
Setting target triple
/usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/basic_string.h:3390:18: runtime error: applying non-zero offset 18446744073709551592 to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/basic_string.h:3390:18 in 
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==64806==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0xfffffffffffffff8 (pc 0x55e858bb4b07 bp 0x7fff5ddcbda0 sp 0x7fff5ddcbd80 T64806)
==64806==The signal is caused by a READ memory access.
    #0 0x55e858bb4b07 in std::string::_Rep::_M_is_leaked() const /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/basic_string.h:3258:18
    #1 0x55e858bb46a5 in std::string::swap(std::string&) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/basic_string.tcc:962:21
    #2 0x55e858bb3fc9 in std::string::operator=(std::string&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/basic_string.h:3798:8
    #3 0x55e858bb36ff in llvm::Module::setTargetTriple(llvm::StringRef) /usr/include/llvm/IR/Module.h:300:52
    #4 0x55e858bb339e in main /mnt/Main/DEV/qatlang/qat/src/qat.cpp:20:8
    #5 0x7fc81bf7a082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #6 0x55e858b6127d in _start (/mnt/Main/DEV/qatlang/qat/build/qat+0x3027d) (BuildId: 409a2d3ccd60c9ff)

UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: SEGV /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/basic_string.h:3258:18 in std::string::_Rep::_M_is_leaked() const
==64806==ABORTING

I still think this might be caused by the llvm::StringRef and how I am initialising the value.

[AldrinMathew]

The statements after the first return statement is the actual code in that file. I added the steps above that to easily debug the problem. This initially happened in the IR generation phase of my language

[AldrinMathew]

Just got the source of the error for TargetTriple

Process 46808 stopped
* thread #1, name = 'qat', stop reason = step in
    frame #0: 0x000000000034ca1f qat`qat::IR::QatModule::QatModule(this=0x0000000000d70290, _name="nine.qat", _filename="�F�, ctx=0x0000000000d19bc8, _type=file, _visibility=<unavailable>) at qat_module.cpp:47:3
   44         visibility(_visibility), active(nullptr) {
   45     mod = new llvm::Module(_name, ctx);
   46     mod->setCodeModel(llvm::CodeModel::Small);
-> 47     mod->setTargetTriple(LLVM_HOST_TRIPLE);
   48     mod->setSourceFileName(_filename);
   49   }
   50  
(lldb) s
Process 46808 stopped
* thread #1, name = 'qat', stop reason = step in
    frame #0: 0x00000000002b5c32 qat`llvm::StringRef::StringRef(this=0x00007fffffffd288, Str="x86_64-unknown-linux-gnu") at StringRef.h:108:16
   105 
   106      /// Construct a string ref from a cstring.
   107      /*implicit*/ constexpr StringRef(const char *Str)
-> 108          : Data(Str), Length(Str ? strLen(Str) : 0) {}
   109 
   110      /// Construct a string ref from a pointer and length.
   111      /*implicit*/ constexpr StringRef(const char *data, size_t length)
(lldb) s
Process 46808 stopped
* thread #1, name = 'qat', stop reason = step in
    frame #0: 0x00000000002b6524 qat`llvm::StringRef::strLen(Str="x86_64-unknown-linux-gnu") at StringRef.h:83:45
   80       // Constexpr version of std::strlen.
   81       static constexpr size_t strLen(const char *Str) {
   82   #if __cplusplus > 201402L
-> 83         return std::char_traits<char>::length(Str);
   84   #elif __has_builtin(__builtin_strlen) || defined(__GNUC__) || \
   85       (defined(_MSC_VER) && _MSC_VER >= 1916)
   86         return __builtin_strlen(Str);
(lldb) s
Process 46808 stopped
* thread #1, name = 'qat', stop reason = step in
    frame #0: 0x00000000002b6532 qat`llvm::StringRef::strLen(Str="ț�) at StringRef.h:83:7
   80       // Constexpr version of std::strlen.
   81       static constexpr size_t strLen(const char *Str) {
   82   #if __cplusplus > 201402L
-> 83         return std::char_traits<char>::length(Str);
   84   #elif __has_builtin(__builtin_strlen) || defined(__GNUC__) || \
   85       (defined(_MSC_VER) && _MSC_VER >= 1916)
   86         return __builtin_strlen(Str);
(lldb) s
Process 46808 stopped
* thread #1, name = 'qat', stop reason = step in
    frame #0: 0x00000000002b5c4d qat`llvm::StringRef::StringRef(this=0x00007fffffffd288, Str="x86_64-unknown-linux-gnu") at StringRef.h:108:29
   105 
   106      /// Construct a string ref from a cstring.
   107      /*implicit*/ constexpr StringRef(const char *Str)
-> 108          : Data(Str), Length(Str ? strLen(Str) : 0) {}
   109 
   110      /// Construct a string ref from a pointer and length.
   111      /*implicit*/ constexpr StringRef(const char *data, size_t length)
(lldb) s
Process 46808 stopped
* thread #1, name = 'qat', stop reason = step in
    frame #0: 0x000000000034ca61 qat`qat::IR::QatModule::QatModule(this=0x0000000000d70290, _name=<unavailable>, _filename="�F�, ctx=0x0000000000d19bc8, _type=file, _visibility=<unavailable>) at qat_module.cpp:47:24
   44         visibility(_visibility), active(nullptr) {
   45     mod = new llvm::Module(_name, ctx);
   46     mod->setCodeModel(llvm::CodeModel::Small);
-> 47     mod->setTargetTriple(LLVM_HOST_TRIPLE);
   48     mod->setSourceFileName(_filename);
   49   }
   50  
(lldb) s
Process 46808 stopped
* thread #1, name = 'qat', stop reason = step in
    frame #0: 0x000000000034cdac qat`llvm::Module::setTargetTriple(this=0x0000000000d74900, T=(Data = "x86_64-unknown-linux-gnu", Length = 24)) at Module.h:300:54
   297    void setDataLayout(const DataLayout &Other);
   298 
   299    /// Set the target triple.
-> 300    void setTargetTriple(StringRef T) { TargetTriple = std::string(T); }
   301 
   302    /// Set the module-scope inline assembly blocks.
   303    /// A trailing newline is added if the input doesn't have one.
(lldb) s
Process 46808 stopped
* thread #1, name = 'qat', stop reason = Nullptr with nonzero offset
    frame #0: 0x00000000002af300 qat`__ubsan_on_report
qat`__ubsan_on_report:
->  0x2af300 <+0>: retq   
    0x2af301:      int3   
    0x2af302:      int3   
    0x2af303:      int3   
(lldb)

[AldrinMathew]

@EugeneZelenko
Are there any comments or can anyone else provide feedback on this? I am focusing on other parts of my compiler since this is not resolved yet. I cannot even compile a basic program using LLVM 13 & LLVM 14.

• Was there proper testing for LLVM in a linux(debian) environment, before release?
• Does the open StringRefizing project at clang have something to do with this?
• Is this potentially caused by any incompatibilities between llvm::StringRef, std::string and char *?
• Or is this because I am doing something wrong?

[EugeneZelenko]

@AldrinMathew: You could try to ask questions on https://discourse.llvm.org

[danilaml]

Was LLVM compiled on the same machine your are experiencing the crash? Could you provide standalone reproducer (qat seems to be irrelevant for the crash), i.e. that can be run with only LLVM (maybe try to reproduce it on godbolt.org)? Does it crash without UBSan? Your provided lldb trace looks correct up until the crash.

[joker-eph]

Are you statically linking the binary or are you using shared libraries? This looks like the kind of bugs that happen when using a mismatch of shared libraries built at different version of the code, or with incompatible flags

[AldrinMathew]

@danilaml
I tried both Building from scratch and also apt packages
@joker-eph
I am statically linking the binary

The cause of the problem has been found a few hours ago. -D_GLIBCXX_USE_CXX11_ABI=0 is what caused the error. It was added to the project's build config a few months ago due to a faulty tutorial about build configurations, when I was not familiar with C++ flags.