When you run: echo ' !3=! {%..d04 *asm" !6!={!H)4" ,"" ' | llvm-as - -o /dev/null You get the following: #0 0x667656 llvm::sys::PrintStackTrace(llvm::raw_ostream&) (/workspace/llvm-dev/install/bin/llvm-as+0x667656) #1 0x66796b PrintStackTraceSignalHandler(void*) (/workspace/llvm-dev/install/bin/llvm-as+0x66796b) #2 0x6660e7 llvm::sys::RunSignalHandlers() (/workspace/llvm-dev/install/bin/llvm-as+0x6660e7) #3 0x6665be SignalHandler(int) (/workspace/llvm-dev/install/bin/llvm-as+0x6665be) #4 0x7fd548e92340 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x10340) #5 0x415166 llvm::Type::getSubclassData() const (/workspace/llvm-dev/install/bin/llvm-as+0x415166) #6 0x41555e llvm::FunctionType::isVarArg() const (/workspace/llvm-dev/install/bin/llvm-as+0x41555e) #7 0x5878a4 llvm::InlineAsm::Verify(llvm::FunctionType*, llvm::StringRef) (/workspace/llvm-dev/install/bin/llvm-as+0x5878a4) #8 0x4318c2 llvm::LLParser::ConvertValIDToValue(llvm::Type*, llvm::ValID&, llvm::Value*&, llvm::LLParser::PerFunctionState*) (/workspace/llvm-dev/install/bin/llvm-as+0x4318c2) #9 0x43235a llvm::LLParser::ParseValue(llvm::Type*, llvm::Value*&, llvm::LLParser::PerFunctionState*) (/workspace/llvm-dev/install/bin/llvm-as+0x43235a) #10 0x4314eb llvm::LLParser::ParseValueAsMetadata(llvm::Metadata*&, llvm::Twine const&, llvm::LLParser::PerFunctionState*) (/workspace/llvm-dev/install/bin/llvm-as+0x4314eb) #11 0x4315c0 llvm::LLParser::ParseMetadata(llvm::Metadata*&, llvm::LLParser::PerFunctionState*) (/workspace/llvm-dev/install/bin/llvm-as+0x4315c0) #12 0x43b109 llvm::LLParser::ParseMDNodeVector(llvm::SmallVectorImpl<llvm::Metadata*>&) (/workspace/llvm-dev/install/bin/llvm-as+0x43b109) #13 0x427835 llvm::LLParser::ParseMDTuple(llvm::MDNode*&, bool) (/workspace/llvm-dev/install/bin/llvm-as+0x427835) #14 0x41ce3e llvm::LLParser::ParseStandaloneMetadata() (/workspace/llvm-dev/install/bin/llvm-as+0x41ce3e) #15 0x41b3f6 llvm::LLParser::ParseTopLevelEntities() (/workspace/llvm-dev/install/bin/llvm-as+0x41b3f6) #16 0x41a216 llvm::LLParser::Run() (/workspace/llvm-dev/install/bin/llvm-as+0x41a216) #17 0x408307 llvm::parseAssemblyInto(llvm::MemoryBufferRef, llvm::Module&, llvm::SMDiagnostic&, llvm::SlotMapping*) (/workspace/llvm-dev/install/bin/llvm-as+0x408307) #18 0x4083f1 llvm::parseAssembly(llvm::MemoryBufferRef, llvm::SMDiagnostic&, llvm::LLVMContext&, llvm::SlotMapping*) (/workspace/llvm-dev/install/bin/llvm-as+0x4083f1) #19 0x40873c llvm::parseAssemblyFile(llvm::StringRef, llvm::SMDiagnostic&, llvm::LLVMContext&, llvm::SlotMapping*) (/workspace/llvm-dev/install/bin/llvm-as+0x40873c) #20 0x4055f6 main (/workspace/llvm-dev/install/bin/llvm-as+0x4055f6) #21 0x7fd5482beec5 __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:321:0 #22 0x404579 _start (/workspace/llvm-dev/install/bin/llvm-as+0x404579) Stack dump: 0. Program arguments: llvm-as - -o /dev/null Segmentation fault
It should be noted that this bug was found using lib/Fuzzer (via llvm-as-fuzzer).
Turned on assertions, which causes the following assertion to fire: llvm-as: /workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:4131: bool llvm::LLParser::ConvertValIDToValue(llvm::Type *, llvm::ValID &, llvm::Value *&, llvm::LLParser::PerFunctionState *, llvm::LLParser::OperatorConstraint): Assertion `ID.FTy' failed. #0 0x454141 backtrace /workspace/llvm-dev/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:3248:0 #1 0xe3a252 llvm::sys::PrintStackTrace(llvm::raw_ostream&) /workspace/llvm-dev/llvm/lib/Support/Unix/Signals.inc:404:15 #2 0xe36c0d operator!=<std::pair<void (*)(void *), void *> *, std::vector<std::pair<void (*)(void *), void *>, std::allocator<std::pair<void (*)(void *), void *> > > > /usr/lib/gcc/x86_64-linux-gnu/4.8/../../../../include/c++/4.8/bits/stl_iterator.h:825:27 #3 0xe36c0d llvm::sys::RunSignalHandlers() /workspace/llvm-dev/llvm/lib/Support/Signals.cpp:34:0 #4 0xe40e19 SignalHandler(int) /workspace/llvm-dev/llvm/lib/Support/Unix/Signals.inc:211:1 #5 0x7f5ff1e4b340 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x10340) #6 0x7f5ff1073cc9 gsignal /build/buildd/eglibc-2.19/signal/../nptl/sysdeps/unix/sysv/linux/raise.c:56:0 #7 0x7f5ff10770d8 abort /build/buildd/eglibc-2.19/stdlib/abort.c:91:0 #8 0x7f5ff106cb86 __assert_fail_base /build/buildd/eglibc-2.19/assert/assert.c:92:0 #9 0x7f5ff106cc32 (/lib/x86_64-linux-gnu/libc.so.6+0x2fc32) #10 0x5825c7 Twine /workspace/llvm-dev/llvm/include/llvm/ADT/Twine.h:271:21 #11 0x5825c7 llvm::LLParser::ConvertValIDToValue(llvm::Type*, llvm::ValID&, llvm::Value*&, llvm::LLParser::PerFunctionState*, llvm::LLParser::OperatorConstraint) /workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:4220:0 #12 0x5a5bcc ParseValue /workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:4254:33 #13 0x5a5bcc llvm::LLParser::ParseValueAsMetadata(llvm::Metadata*&, llvm::Twine const&, llvm::LLParser::PerFunctionState*) /workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:4046:0 #14 0x5a50a4 llvm::LLParser::ParseMetadata(llvm::Metadata*&, llvm::LLParser::PerFunctionState*) /workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:4073:12 #15 0x583043 llvm::LLParser::ParseMDNodeVector(llvm::SmallVectorImpl<llvm::Metadata*>&) /workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:6043:9 #16 0x52213e ParseMDTuple /workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:3146:7 #17 0x52213e llvm::LLParser::ParseStandaloneMetadata() /workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:631:0 #18 0x511a4a llvm::LLParser::ParseTopLevelEntities() /workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:226:33 #19 0x5117e2 llvm::LLParser::Run() /workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:48:34 #20 0x4f1da2 llvm::parseAssemblyInto(llvm::MemoryBufferRef, llvm::Module&, llvm::SMDiagnostic&, llvm::SlotMapping*) /workspace/llvm-dev/llvm/lib/AsmParser/Parser.cpp:31:10 #21 0x4f2e5b parseAssembly /workspace/llvm-dev/llvm/lib/AsmParser/Parser.cpp:41:7 #22 0x4f2e5b llvm::parseAssemblyFile(llvm::StringRef, llvm::SMDiagnostic&, llvm::LLVMContext&, llvm::SlotMapping*) /workspace/llvm-dev/llvm/lib/AsmParser/Parser.cpp:59:0 #23 0x4ee601 get /usr/lib/gcc/x86_64-linux-gnu/4.8/../../../../include/c++/4.8/bits/unique_ptr.h:234:16 #24 0x4ee601 main /workspace/llvm-dev/llvm/tools/llvm-as/llvm-as.cpp:105:0 #25 0x7f5ff105eec5 __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:321:0 #26 0x425b7c _start (/workspace/llvm-dev/build-as-test/bin/llvm-as+0x425b7c) Stack dump: 0. Program arguments: /workspace/llvm-dev/build-as-test/bin/llvm-as - -o /dev/null Aborted
With similar tests I often see stack-buffer-overflows, heap-buffer-overflows and other crazy stuff. This is what msan has to say: ==3119==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x7f6628661750 in llvm::LLParser::ConvertValIDToValue llvm/lib/AsmParser/LLParser.cpp:4131:5 #1 0x7f6628675683 in llvm::LLParser::ParseValue llvm/lib/AsmParser/LLParser.cpp:4254:33 #2 0x7f6628675296 in llvm::LLParser::ParseValueAsMetadata llvm/lib/AsmParser/LLParser.cpp:4046:7 #3 0x7f6628674d2d in llvm::LLParser::ParseMetadata llvm/lib/AsmParser/LLParser.cpp:4073:12 #4 0x7f6628661b71 in llvm::LLParser::ParseMDNodeVector llvm/lib/AsmParser/LLParser.cpp:6043:9 #5 0x7f662863a919 in llvm::LLParser::ParseMDTuple llvm/lib/AsmParser/LLParser.cpp:3146:7 #6 0x7f662862aa2d in llvm::LLParser::ParseStandaloneMetadata llvm/lib/AsmParser/LLParser.cpp:631:14 #7 0x7f6628620596 in llvm::LLParser::ParseTopLevelEntities llvm/lib/AsmParser/LLParser.cpp:226:33 #8 0x7f662861fc0f in llvm::LLParser::Run llvm/lib/AsmParser/LLParser.cpp:48:10 #9 0x7f66285ee4c4 in llvm::parseAssemblyInto llvm/lib/AsmParser/Parser.cpp:31:10 #10 0x7f66285ee7a2 in llvm::parseAssembly llvm/lib/AsmParser/Parser.cpp:41:7 #11 0x7f66285eeff9 in llvm::parseAssemblyFile llvm/lib/AsmParser/Parser.cpp:59:10 #12 0x7f66285e5c1b in main llvm/tools/llvm-as/llvm-as.cpp:96:31 Uninitialized value was created by an allocation of 'ID' in the stack frame of function '_ZN4llvm8LLParser10ParseValueEPNS_4TypeERPNS_5ValueEPNS0_16PerFunctionStateENS0_18OperatorConstraintE' #0 0x7f66286753e0 in llvm::LLParser::ParseValue llvm/lib/AsmParser/LLParser.cpp:4251 The havoc is caused by an uninitialized field ValID::FTy If I initialize the value to nullptr in the CTOR all the crazy errors transform into Assertion `ID.FTy' failed (lib/AsmParser/LLParser.cpp:4131) --- lib/AsmParser/LLParser.h (revision 246552) +++ lib/AsmParser/LLParser.h (working copy) @@ -59,7 +59,7 @@ LLLexer::LocTy Loc; unsigned UIntVal; - FunctionType *FTy; + FunctionType *FTy = nullptr; std::string StrVal, StrVal2; APSInt APSIntVal; APFloat APFloatVal{0.0};
This might be a reasonable fix: Index: lib/AsmParser/LLParser.cpp =================================================================== --- lib/AsmParser/LLParser.cpp (revision 246552) +++ lib/AsmParser/LLParser.cpp (working copy) @@ -4128,7 +4128,8 @@ V = PFS->GetVal(ID.StrVal, Ty, ID.Loc, OC); return V == nullptr; case ValID::t_InlineAsm: { - assert(ID.FTy); + if (!ID.FTy) + return Error(ID.Loc, "Empty FTy"); if (!InlineAsm::Verify(ID.FTy, ID.StrVal2)) return Error(ID.Loc, "invalid type for inline asm constraint string"); V = InlineAsm::get(ID.FTy, ID.StrVal, ID.StrVal2, ID.UIntVal & 1, Index: lib/AsmParser/LLParser.h =================================================================== --- lib/AsmParser/LLParser.h (revision 246552) +++ lib/AsmParser/LLParser.h (working copy) @@ -59,7 +59,7 @@ LLLexer::LocTy Loc; unsigned UIntVal; - FunctionType *FTy; + FunctionType *FTy = nullptr; std::string StrVal, StrVal2; APSInt APSIntVal; APFloat APFloatVal{0.0};
See https://reviews.llvm.org/D12538 for fix (based on kcc's suggestion).
Committed: https://reviews.llvm.org/rL246779