Llvm memory corruption on duplicate static with one being weak and the other not

[bjorn3]

#![feature(linkage)]

fn main() {
    extern {
        #[linkage = "weak"]
        static mut ABC: *const u8;
    }

    {
        #[no_mangle]
        static mut ABC: *const u8 = 1 as *const u8;
    }

    unsafe { assert_eq!(ABC as usize, 0); }
}

$ rustc -V
rustc 1.35.0-nightly (26b4cb484 2019-03-09)
$ uname
Darwin

(lldb) continue 
Process 35161 resuming
rustc(35161,0x70000a0b9000) malloc: Incorrect checksum for freed object 0x10477a648: probably modified after being freed.
Corrupt value: 0x10476e348
rustc(35161,0x70000a0b9000) malloc: *** set a breakpoint in malloc_error_break to debug
Process 35161 stopped
* thread #3, name = 'rustc', stop reason = signal SIGABRT
    frame #0: 0x00007fff6db9223e libsystem_kernel.dylib`__pthread_kill + 10
libsystem_kernel.dylib`__pthread_kill:
->  0x7fff6db9223e <+10>: jae    0x7fff6db92248            ; <+20>
    0x7fff6db92240 <+12>: movq   %rax, %rdi
    0x7fff6db92243 <+15>: jmp    0x7fff6db8c3b7            ; cerror_nocancel
    0x7fff6db92248 <+20>: retq   
Target 0: (rustc) stopped.
(lldb) bt
* thread #3, name = 'rustc', stop reason = signal SIGABRT
  * frame #0: 0x00007fff6db9223e libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007fff6dc48c1c libsystem_pthread.dylib`pthread_kill + 285
    frame #2: 0x00007fff6dafb1c9 libsystem_c.dylib`abort + 127
    frame #3: 0x00007fff6dc0a6e2 libsystem_malloc.dylib`malloc_vreport + 545
    frame #4: 0x00007fff6dc1e86c libsystem_malloc.dylib`malloc_zone_error + 184
    frame #5: 0x00007fff6dc037fd libsystem_malloc.dylib`tiny_malloc_from_free_list + 1302
    frame #6: 0x00007fff6dc02d71 libsystem_malloc.dylib`tiny_malloc_should_clear + 273
    frame #7: 0x00007fff6dc02bac libsystem_malloc.dylib`szone_malloc_should_clear + 66
    frame #8: 0x00007fff6dc01807 libsystem_malloc.dylib`malloc_zone_malloc + 103
    frame #9: 0x00007fff6dc01783 libsystem_malloc.dylib`malloc + 24
    frame #10: 0x00007fff6b178f48 libc++abi.dylib`operator new(unsigned long) + 40
    frame #11: 0x0000000107bec390 librustc_codegen_llvm-llvm.dylib`llvm::ConstantExpr::getGetElementPtr(llvm::Type*, llvm::Constant*, llvm::ArrayRef<llvm::Value*>, bool, llvm::Optional<unsigned int>, llvm::Type*) + 512
    frame #12: 0x0000000107bcf41e librustc_codegen_llvm-llvm.dylib`llvm::ConstantFoldCastInstruction(unsigned int, llvm::Constant*, llvm::Type*) + 2542
    frame #13: 0x0000000107beadd1 librustc_codegen_llvm-llvm.dylib`llvm::ConstantExpr::getBitCast(llvm::Constant*, llvm::Type*, bool) + 49
    frame #14: 0x00000001060bda39 librustc_codegen_llvm-llvm.dylib`rustc_codegen_llvm::common::_$LT$impl$u20$rustc_codegen_ssa..traits..consts..ConstMethods$LT$$u27$tcx$GT$$u20$for$u20$rustc_codegen_llvm..context..CodegenCx$LT$$u27$ll$C$$u20$$u27$tcx$GT$$GT$::scalar_to_backend::hb9970d6ac4556680 + 857
    frame #15: 0x000000010614b287 librustc_codegen_llvm-llvm.dylib`rustc_codegen_llvm::consts::const_alloc_to_llvm::hc6f89f6f6f2b6384 + 583
    frame #16: 0x00000001060bddce librustc_codegen_llvm-llvm.dylib`rustc_codegen_llvm::common::_$LT$impl$u20$rustc_codegen_ssa..traits..consts..ConstMethods$LT$$u27$tcx$GT$$u20$for$u20$rustc_codegen_llvm..context..CodegenCx$LT$$u27$ll$C$$u20$$u27$tcx$GT$$GT$::from_const_alloc::hb5d0fa58a4020612 + 62
    frame #17: 0x000000010603890c librustc_codegen_llvm-llvm.dylib`rustc_codegen_ssa::mir::place::_$LT$impl$u20$rustc_codegen_ssa..mir..FunctionCx$LT$$u27$a$C$$u20$$u27$tcx$C$$u20$Bx$GT$$GT$::codegen_place::h44996edc5371a87c + 2540
    frame #18: 0x000000010603a66e librustc_codegen_llvm-llvm.dylib`rustc_codegen_ssa::mir::rvalue::_$LT$impl$u20$rustc_codegen_ssa..mir..FunctionCx$LT$$u27$a$C$$u20$$u27$tcx$C$$u20$Bx$GT$$GT$::codegen_rvalue_operand::h5599c6533b14adb2 + 926
    frame #19: 0x0000000106030acb librustc_codegen_llvm-llvm.dylib`rustc_codegen_ssa::mir::block::_$LT$impl$u20$rustc_codegen_ssa..mir..FunctionCx$LT$$u27$a$C$$u20$$u27$tcx$C$$u20$Bx$GT$$GT$::codegen_block::h104600d0adb65100 + 347
    frame #20: 0x000000010602f870 librustc_codegen_llvm-llvm.dylib`rustc_codegen_ssa::mir::codegen_mir::he842e8c595cfa704 + 8240
    frame #21: 0x00000001060d6fe4 librustc_codegen_llvm-llvm.dylib`rustc_codegen_ssa::base::codegen_instance::h73f92f7e3d01c258 + 1348
    frame #22: 0x000000010603d73d librustc_codegen_llvm-llvm.dylib`rustc_codegen_ssa::mono_item::MonoItemExt::define::haa6bfa9d184054c4 + 189
    frame #23: 0x0000000106056ec7 librustc_codegen_llvm-llvm.dylib`rustc_codegen_llvm::base::compile_codegen_unit::module_codegen::h3e4c5ff338f1448b (.llvm.16361522435159248487) + 455
    frame #24: 0x00000001061244eb librustc_codegen_llvm-llvm.dylib`rustc::dep_graph::graph::DepGraph::with_task::h660ec10a08aa9f9a + 603
    frame #25: 0x0000000106056bc3 librustc_codegen_llvm-llvm.dylib`rustc_codegen_llvm::base::compile_codegen_unit::h3b905527d3f3a9f9 + 227
    frame #26: 0x00000001060d3b54 librustc_codegen_llvm-llvm.dylib`rustc_codegen_ssa::base::codegen_crate::h420f27a98bb393ae + 4340
    frame #27: 0x00000001061576b5 librustc_codegen_llvm-llvm.dylib`_$LT$rustc_codegen_llvm..LlvmCodegenBackend$u20$as$u20$rustc_codegen_utils..codegen_backend..CodegenBackend$GT$::codegen_crate::h2e3d5cd849f274bc + 69
    frame #28: 0x00000001003c6947 librustc_driver-301a124b745201e8.dylib`rustc::util::common::time::h8da44bf652bb10f6 + 135
    frame #29: 0x00000001004490b1 librustc_driver-301a124b745201e8.dylib`rustc_driver::driver::phase_4_codegen::h757fd88c254ce434 + 145
    frame #30: 0x0000000100455d68 librustc_driver-301a124b745201e8.dylib`_$LT$std..thread..local..LocalKey$LT$T$GT$$GT$::with::heeb33436a88e3ad3 + 1128
    frame #31: 0x00000001003b3fad librustc_driver-301a124b745201e8.dylib`rustc::ty::context::TyCtxt::create_and_enter::hec6ceb910270a9f3 + 7837
    frame #32: 0x0000000100447571 librustc_driver-301a124b745201e8.dylib`rustc_driver::driver::compile_input::h6990b09d0f6362f8 + 15073
    frame #33: 0x00000001003db63f librustc_driver-301a124b745201e8.dylib`rustc_driver::run_compiler_with_pool::hf083b87556d84788 + 4207
    frame #34: 0x00000001003b6c5c librustc_driver-301a124b745201e8.dylib`_$LT$scoped_tls..ScopedKey$LT$T$GT$$GT$::set::h491a5289543275da + 316
    frame #35: 0x00000001003da4c9 librustc_driver-301a124b745201e8.dylib`rustc_driver::run_compiler::h18229f76a609e57e + 377
    frame #36: 0x00000001003cb802 librustc_driver-301a124b745201e8.dylib`syntax::with_globals::hfed16e71d5f06e09 + 418
    frame #37: 0x0000000104217f3f libstd-a3808d1e8214de12.dylib`__rust_maybe_catch_panic + 31
    frame #38: 0x000000010038aa8e librustc_driver-301a124b745201e8.dylib`_$LT$F$u20$as$u20$alloc..boxed..FnBox$LT$A$GT$$GT$::call_box::h6badfbe39ce107a7 + 126
    frame #39: 0x0000000104216d1c libstd-a3808d1e8214de12.dylib`std::sys::unix::thread::Thread::new::thread_start::hea24a7d87921ef37 + 140
    frame #40: 0x00007fff6dc46305 libsystem_pthread.dylib`_pthread_body + 126
    frame #41: 0x00007fff6dc4926f libsystem_pthread.dylib`_pthread_start + 70
    frame #42: 0x00007fff6dc45415 libsystem_pthread.dylib`thread_start + 13
(lldb) 

[nikic]

Trace for assertion failure in alt build:

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6dd5801 in __GI_abort () at abort.c:79
#2  0x00007ffff6dc539a in __assert_fail_base (fmt=0x7ffff6f4c7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0x7fffe8b466d6 <.str.llvm> "isa<X>(Val) && \"cast<Ty>() argument of incompatible type!\"", 
    file=file@entry=0x7fffe831cf85 <.str.98.llvm> "/checkout/src/llvm-project/llvm/include/llvm/Support/Casting.h", line=line@entry=255, 
    function=function@entry=0x7fffe8412fab "typename cast_retty<X, Y *>::ret_type llvm::cast(Y *) [X = llvm::GlobalValue, Y = llvm::Value]")
    at assert.c:92
#3  0x00007ffff6dc5412 in __GI___assert_fail (
    assertion=0x7fffe8b466d6 <.str.llvm> "isa<X>(Val) && \"cast<Ty>() argument of incompatible type!\"", 
    file=0x7fffe831cf85 <.str.98.llvm> "/checkout/src/llvm-project/llvm/include/llvm/Support/Casting.h", line=255, 
    function=0x7fffe8412fab "typename cast_retty<X, Y *>::ret_type llvm::cast(Y *) [X = llvm::GlobalValue, Y = llvm::Value]") at assert.c:101
#4  0x00007fffe9c11f94 in LLVMSetLinkage ()
   from /home/nikic/.rustup/toolchains/3750348daff89741e3153e0e120aa70a45ff5b68-alt/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/../lib/libLLVM-8-rust-1.35.0-nightly.so
#5  0x00007fffece481fd in rustc_codegen_llvm::consts::check_and_apply_linkage ()
   from /home/nikic/.rustup/toolchains/3750348daff89741e3153e0e120aa70a45ff5b68-alt/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_codegen_llvm-llvm.so
#6  0x00007fffecd811f4 in rustc_codegen_llvm::consts::<impl rustc_codegen_llvm::context::CodegenCx>::get_static ()
   from /home/nikic/.rustup/toolchains/3750348daff89741e3153e0e120aa70a45ff5b68-alt/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_codegen_llvm-llvm.so
#7  0x00007fffecd039e2 in rustc_codegen_ssa::mir::place::<impl rustc_codegen_ssa::mir::FunctionCx<Bx>>::codegen_place ()
   from /home/nikic/.rustup/toolchains/3750348daff89741e3153e0e120aa70a45ff5b68-alt/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_codegen_llvm-llvm.so
#8  0x00007fffecd07a7d in rustc_codegen_ssa::mir::operand::<impl rustc_codegen_ssa::mir::FunctionCx<Bx>>::codegen_consume ()
   from /home/nikic/.rustup/toolchains/3750348daff89741e3153e0e120aa70a45ff5b68-alt/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_codegen_llvm-llvm.so
#9  0x00007fffecd07b25 in rustc_codegen_ssa::mir::operand::<impl rustc_codegen_ssa::mir::FunctionCx<Bx>>::codegen_operand ()
   from /home/nikic/.rustup/toolchains/3750348daff89741e3153e0e120aa70a45ff5b68-alt/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_codegen_llvm-llvm.so
#10 0x00007fffecd055e3 in rustc_codegen_ssa::mir::rvalue::<impl rustc_codegen_ssa::mir::FunctionCx<Bx>>::codegen_rvalue_operand ()
   from /home/nikic/.rustup/toolchains/3750348daff89741e3153e0e120aa70a45ff5b68-alt/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_codegen_llvm-llvm.so
#11 0x00007fffeccfb3e3 in rustc_codegen_ssa::mir::codegen_mir ()
   from /home/nikic/.rustup/toolchains/3750348daff89741e3153e0e120aa70a45ff5b68-alt/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_codegen_llvm-llvm.so
#12 0x00007fffecd9e507 in rustc_codegen_ssa::base::codegen_instance ()
   from /home/nikic/.rustup/toolchains/3750348daff89741e3153e0e120aa70a45ff5b68-alt/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_codegen_llvm-llvm.so
#13 0x00007fffeccf3f43 in rustc_codegen_llvm::base::compile_codegen_unit::module_codegen ()
   from /home/nikic/.rustup/toolchains/3750348daff89741e3153e0e120aa70a45ff5b68-alt/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_codegen_llvm-llvm.so

[tmiasko]

The linkage attribute introduces an additional level of indirection. As a result there is a type mismatch in the original example. Given the current unusual implementation of this attribute, a correct way to use it would be:

#![feature(linkage)]

fn main() {
    extern {
        #[linkage = "weak"]
        static A: *const u8;
    }
    {
        #[no_mangle]
        static A: u8 = 1;
    }
    unsafe { assert_eq!(*A, 1); }
}

[bjorn3]

This doesn't crash anymore.