Devirtualization Error

[shankarapailoor]

Hi,

I'm running crabllvm-pp on this bitcode with the following commands:

./crabllvm-pp -crab-devirt -devirt-resolver=dsa -crab-lower-select -crab-lower-unsigned-icmp -o strings_pp.bc strings.bc

However, I get the following error:

#0 0x000056470871b13b llvm::sys::PrintStackTrace(llvm::raw_ostream&) /home/shankara/llvm-project/llvm/lib/Support/Unix/Signals.inc:495:0
 #1 0x000056470871b1ce PrintStackTraceSignalHandler(void*) /home/shankara/llvm-project/llvm/lib/Support/Unix/Signals.inc:559:0
 #2 0x0000564708718db2 llvm::sys::RunSignalHandlers() /home/shankara/llvm-project/llvm/lib/Support/Signals.cpp:69:0
 #3 0x000056470871ab5d SignalHandler(int) /home/shankara/llvm-project/llvm/lib/Support/Unix/Signals.inc:358:0
 #4 0x00007f3c68f51890 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x12890)
 #5 0x00007f3c6824de97 gsignal /build/glibc-OTsEL5/glibc-2.27/signal/../sysdeps/unix/sysv/linux/raise.c:51:0
 #6 0x00007f3c6824f801 abort /build/glibc-OTsEL5/glibc-2.27/stdlib/abort.c:81:0
 #7 0x00007f3c6823f39a __assert_fail_base /build/glibc-OTsEL5/glibc-2.27/assert/assert.c:89:0
 #8 0x00007f3c6823f412 (/lib/x86_64-linux-gnu/libc.so.6+0x30412)
 #9 0x000056470766707f llvm::CallInst::init(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::ArrayRef<llvm::OperandBundleDefT<llvm::Value*> >, llvm::Twine const&) /home/shankara/llvm-project/llvm/lib/IR/Instructions.cpp:372:0
#10 0x0000564706ffe778 _ZN4llvm8CallInstC4EPNS_12FunctionTypeEPNS_5ValueENS_8ArrayRefIS4_EENS5_INS_17OperandBundleDefTIS4_EEEERKNS_5TwineEPNS_11InstructionE /usr/local/include/llvm/IR/Instructions.h:1725:0
#11 0x0000564706ffe778 llvm::CallInst::Create(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::Twine const&, llvm::Instruction*) /usr/local/include/llvm/IR/Instructions.h:1490:0
#12 0x0000564706ffe778 llvm::CallInst::Create(llvm::Function*, llvm::ArrayRef<llvm::Value*>, llvm::Twine const&, llvm::Instruction*) /usr/local/include/llvm/IR/Instructions.h:1535:0
#13 0x0000564706ffe778 crab_llvm::DevirtualizeFunctions::mkDirectCall(llvm::CallSite, crab_llvm::CallSiteResolver*) /home/shankara/crab-llvm/lib/Transforms/DevirtFunctions.cc:527:0
#14 0x0000564706fffbd7 crab_llvm::DevirtualizeFunctions::resolveCallSites(llvm::Module&, crab_llvm::CallSiteResolver*) /home/shankara/crab-llvm/lib/Transforms/DevirtFunctions.cc:603:0
#15 0x0000564706ff9764 crab_llvm::DevirtualizeFunctionsPass::runOnModule(llvm::Module&) /home/shankara/crab-llvm/lib/Transforms/DevirtFunctionsPass.cc:82:0
#16 0x00005647076a5c54 (anonymous namespace)::MPPassManager::runOnModule(llvm::Module&) /home/shankara/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1744:0

I observed that during the devirtualization that crabllvm is reusing the bounce function:

Reusing bounce function for  call void (i8*, ...) %152(i8* %call94, %struct.bfd* %153, %struct.bfd_section* %154, %struct.reloc_cache_entry* %156)
	seahorn.bounce.16::void (void (i8*, ...)*, i8*, %struct.bfd*, %struct.bfd_section*, %struct.reloc_cache_entry*, i32)*

It seems there is this additional i32 argument which shouldn't be there.

[caballa]

I committed a fix. The problem is related to vararg functions. For now, I don't create bounce functions for those. Let me know if this is a problem.

[shankarapailoor]

looks good! thanks!