Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[mlir] mlir::outlineSingleBlockRegion crashes with segmentation fault. #60216

Open
Colloportus0 opened this issue Jan 22, 2023 · 5 comments
Open

Comments

@Colloportus0
Copy link

Colloportus0 commented Jan 22, 2023

MLIR built at commit a0dab4950
Reproduced with:

mlir-opt --test-scf-if-utils temp.mlir

temp.mlir:

func.func @func(
  %arg0: index,
  %arg1: index,
  %arg2: index,
  %arg3: memref<2xf32>) -> memref<2xf32> {
  %0 = memref.alloc() : memref<2xf32>
  %1 = scf.for %i = %arg0 to %arg1 step %arg2
    iter_args(%arg4 = %arg3) -> memref<2xf32> {
    %2 = arith.cmpi eq, %i, %arg1 : index
    %3 = scf.if %2 -> (memref<2xf32>) { 
      scf.yield %0 : memref<2xf32>
    } else {
      scf.yield %0 : memref<2xf32>
    }
    scf.yield %0 : memref<2xf32>
  }
  return %1 : memref<2xf32>
}

trace:

PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.	Program arguments: mlir-opt --test-scf-if-utils temp.mlir
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var `LLVM_SYMBOLIZER_PATH` to point to it):
0  mlir-opt                 0x00000001041b86b8 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) + 56
1  mlir-opt                 0x00000001041b7720 llvm::sys::RunSignalHandlers() + 112
2  mlir-opt                 0x00000001041b8d50 SignalHandler(int) + 344
3  libsystem_platform.dylib 0x00000001aad414c4 _sigtramp + 56
4  mlir-opt                 0x0000000104d025fc mlir::outlineSingleBlockRegion(mlir::RewriterBase&, mlir::Location, mlir::Region&, llvm::StringRef, mlir::func::CallOp*) + 256
5  mlir-opt                 0x0000000104d03330 mlir::outlineIfOp(mlir::RewriterBase&, mlir::scf::IfOp, mlir::func::FuncOp*, llvm::StringRef, mlir::func::FuncOp*, llvm::StringRef) + 160
6  mlir-opt                 0x000000010558a830 mlir::WalkResult llvm::function_ref<mlir::WalkResult (mlir::Operation*)>::callback_fn<std::__1::enable_if<!llvm::is_one_of<mlir::scf::IfOp, mlir::Operation*, mlir::Region*, mlir::Block*>::value && std::is_same<mlir::WalkResult, mlir::WalkResult>::value, mlir::WalkResult>::type mlir::detail::walk<(mlir::WalkOrder)1, (anonymous namespace)::TestSCFIfUtilsPass::runOnOperation()::'lambda'(mlir::scf::IfOp), mlir::scf::IfOp, mlir::WalkResult>(mlir::Operation*, (anonymous namespace)::TestSCFIfUtilsPass::runOnOperation()::'lambda'(mlir::scf::IfOp)&&)::'lambda'(mlir::Operation*)>(long, mlir::Operation*) + 404
7  mlir-opt                 0x0000000105959838 mlir::detail::walk(mlir::Operation*, llvm::function_ref<mlir::WalkResult (mlir::Operation*)>, mlir::WalkOrder) + 160
8  mlir-opt                 0x0000000105959838 mlir::detail::walk(mlir::Operation*, llvm::function_ref<mlir::WalkResult (mlir::Operation*)>, mlir::WalkOrder) + 160
9  mlir-opt                 0x0000000105959838 mlir::detail::walk(mlir::Operation*, llvm::function_ref<mlir::WalkResult (mlir::Operation*)>, mlir::WalkOrder) + 160
10 mlir-opt                 0x000000010558a53c (anonymous namespace)::TestSCFIfUtilsPass::runOnOperation() + 112
11 mlir-opt                 0x0000000105834428 mlir::detail::OpToOpPassAdaptor::run(mlir::Pass*, mlir::Operation*, mlir::AnalysisManager, bool, unsigned int) + 428
12 mlir-opt                 0x0000000105834958 mlir::detail::OpToOpPassAdaptor::runPipeline(mlir::OpPassManager&, mlir::Operation*, mlir::AnalysisManager, bool, unsigned int, mlir::PassInstrumentor*, mlir::PassInstrumentation::PipelineParentInfo const*) + 320
13 mlir-opt                 0x00000001058362d4 mlir::PassManager::run(mlir::Operation*) + 1148
14 mlir-opt                 0x000000010582f698 performActions(llvm::raw_ostream&, bool, bool, std::__1::shared_ptr<llvm::SourceMgr> const&, mlir::MLIRContext*, llvm::function_ref<mlir::LogicalResult (mlir::PassManager&)>, bool, bool) + 504
15 mlir-opt                 0x000000010582f268 mlir::LogicalResult llvm::function_ref<mlir::LogicalResult (std::__1::unique_ptr<llvm::MemoryBuffer, std::__1::default_delete<llvm::MemoryBuffer>>, llvm::raw_ostream&)>::callback_fn<mlir::MlirOptMain(llvm::raw_ostream&, std::__1::unique_ptr<llvm::MemoryBuffer, std::__1::default_delete<llvm::MemoryBuffer>>, llvm::function_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool)::$_0>(long, std::__1::unique_ptr<llvm::MemoryBuffer, std::__1::default_delete<llvm::MemoryBuffer>>, llvm::raw_ostream&) + 704
16 mlir-opt                 0x0000000105899f5c mlir::splitAndProcessBuffer(std::__1::unique_ptr<llvm::MemoryBuffer, std::__1::default_delete<llvm::MemoryBuffer>>, llvm::function_ref<mlir::LogicalResult (std::__1::unique_ptr<llvm::MemoryBuffer, std::__1::default_delete<llvm::MemoryBuffer>>, llvm::raw_ostream&)>, llvm::raw_ostream&, bool, bool) + 656
17 mlir-opt                 0x000000010582d690 mlir::MlirOptMain(llvm::raw_ostream&, std::__1::unique_ptr<llvm::MemoryBuffer, std::__1::default_delete<llvm::MemoryBuffer>>, llvm::function_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool) + 216
18 mlir-opt                 0x000000010582db84 mlir::MlirOptMain(int, char**, llvm::StringRef, mlir::DialectRegistry&, bool) + 1208
19 mlir-opt                 0x000000010405aae4 main + 108
20 dyld                     0x000000010918d088 start + 516
@llvmbot
Copy link
Collaborator

llvmbot commented Jan 22, 2023

@llvm/issue-subscribers-mlir

@siddhesh
Copy link
Contributor

This inexplicably got assigned a CVE-2023-26924, which I assume will be rejected given LLVM's security process?

@ajakk
Copy link

ajakk commented Apr 29, 2023

This inexplicably got assigned a CVE-2023-26924, which I assume will be rejected given LLVM's security process?

Why would it be automatically rejected? MITRE doesn't care, they assign CVEs from anyone with very little validation.

@ajakk
Copy link

ajakk commented Apr 29, 2023

I've requested that MITRE reject the CVE based on https://llvm.org/docs/Security.html#what-is-considered-a-security-issue.

@siddhesh
Copy link
Contributor

This inexplicably got assigned a CVE-2023-26924, which I assume will be rejected given LLVM's security process?

Why would it be automatically rejected? MITRE doesn't care, they assign CVEs from anyone with very little validation.

Sorry, I meant to ask if the LLVM project will be filing a rejection, thanks for doing that. I could do it downstream (for Fedora/RHEL) but it's usually just easy if upstream does it. However I understand it's not scalable to do a formal filing for all reports; as downstream I'm happy with just a comment on the issue rejecting the security impact. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants