Error on wpa -ander -svfg -dump-svfg example.bc

[nix7965]

Hi, I am trying to understand and check SVF capabilities.

However, I found some error with a toy code.
I also attached error messages.
--------------------------- Code ------------------------------------------------
#include
#include

using namespace std;

class Profile
{
public:
void printProfile()
{
cout << "Name : " << _name.c_str() << endl;
cout << "Phone Number : " << _phoneNumber.c_str() <<endl;
}
void setName(string name)
{
_name = name;
}
void setPhoneNumber(string phoneNumber)
{
_phoneNumber = phoneNumber;
}
private:
string _name;
string _phoneNumber;
};

int main()
{
Profile myProfile;
myProfile.setName("Hong");
myProfile.setPhoneNumber("012319562");
myProfile.printProfile();
return 0;
}
------------------------ Error message --------------------------------------

Writing 'ander_svfg.dot'...#0 0x0000000000e7870b llvm::sys::PrintStackTrace(llvm::raw_ostream&) (/SVF/build/bin/wpa+0xe7870b)
#1 0x0000000000e78a20 PrintStackTraceSignalHandler(void*) (/SVF/build/bin/wpa+0xe78a20)
#2 0x0000000000e7706d llvm::sys::RunSignalHandlers() (/SVF/build/bin/wpa+0xe7706d)
#3 0x0000000000e78181 SignalHandler(int) (/SVF/build/bin/wpa+0xe78181)
#4 0x00007fe76b13b330 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x10330)
#5 0x000000000045ed78 MRVer::getSSAVersion() const (/SVF/build/bin/wpa+0x45ed78)
#6 0x0000000000463d4f llvm::DOTGraphTraits<SVFG*>::getCompleteNodeLabel(SVFGNode*, SVFG*) (/SVF/build/bin/wpa+0x463d4f)
#7 0x0000000000462e08 llvm::DOTGraphTraits<SVFG*>::getNodeLabel(SVFGNode*, SVFG*) (/SVF/build/bin/wpa+0x462e08)
#8 0x000000000047bec9 llvm::GraphWriter<SVFG*>::writeNode(SVFGNode*) (/SVF/build/bin/wpa+0x47bec9)
#9 0x0000000000479fe7 llvm::GraphWriter<SVFG*>::writeNodes() (/SVF/build/bin/wpa+0x479fe7)
#10 0x00000000004769a3 llvm::GraphWriter<SVFG*>::writeGraph(std::string const&) (/SVF/build/bin/wpa+0x4769a3)
#11 0x000000000047095d llvm::raw_ostream& llvm::WriteGraph<SVFG*>(llvm::raw_ostream&, SVFG* const&, bool, llvm::Twine const&) (/SVF/build/bin/wpa+0x47095d)
#12 0x000000000046a10b void llvm::GraphPrinter::WriteGraphToFile<SVFG*>(llvm::raw_ostream&, std::string const&, SVFG* const&, bool) (/SVF/build/bin/wpa+0x46a10b)
#13 0x000000000045c593 SVFG::dump(std::string const&, bool) (/SVF/build/bin/wpa+0x45c593)
#14 0x0000000000409bc6 WPAPass::runPointerAnalysis(llvm::Module&, unsigned int) (/SVF/build/bin/wpa+0x409bc6)
#15 0x0000000000409964 WPAPass::runOnModule(llvm::Module&) (/SVF/build/bin/wpa+0x409964)
#16 0x00000000007b92b6 (anonymous namespace)::MPPassManager::runOnModule(llvm::Module&) (/SVF/build/bin/wpa+0x7b92b6)
#17 0x00000000007b9a20 llvm::legacy::PassManagerImpl::run(llvm::Module&) (/SVF/build/bin/wpa+0x7b9a20)
#18 0x00000000007b9c61 llvm::legacy::PassManager::run(llvm::Module&) (/SVF/build/bin/wpa+0x7b9c61)
#19 0x000000000040772b main (/SVF/build/bin/wpa+0x40772b)
#20 0x00007fe76a34ef45 __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:321:0
#21 0x0000000000407289 _start (/SVF/build/bin/wpa+0x407289)
Stack dump:
0. Program arguments: wpa -ander -svfg -dump-svfg c++.bc

1. Running pass 'WPAPass' on module 'c++.bc'.
   #0 0x0000000000e7870b llvm::sys::PrintStackTrace(llvm::raw_ostream&) (/SVF/build/bin/wpa+0xe7870b)
   Merge with master #1 0x0000000000e78a20 PrintStackTraceSignalHandler(void*) (/SVF/build/bin/wpa+0xe78a20)
   singleton instances, unclear memory ownership #2 0x0000000000e7706d llvm::sys::RunSignalHandlers() (/SVF/build/bin/wpa+0xe7706d)
   Add missing paren in stat print. #3 0x0000000000e78181 SignalHandler(int) (/SVF/build/bin/wpa+0xe78181)
   Fix memory bug in ConsG, copy to avoid ref into dead object. #4 0x00007fe76b13b330 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x10330)
   cmake build support (required for use with LLVM newer than 3.8 release) #5 0x000000000045ed78 MRVer::getSSAVersion() const (/SVF/build/bin/wpa+0x45ed78)
   AndersenLCD implementation "incomplete": documentation and efficiency #6 0x0000000000463d4f llvm::DOTGraphTraits<SVFG*>::getCompleteNodeLabel(SVFGNode*, SVFG*) (/SVF/build/bin/wpa+0x463d4f)
   PAG: "black hole" and "variant GEP" edges? #7 0x0000000000462e08 llvm::DOTGraphTraits<SVFG*>::getNodeLabel(SVFGNode*, SVFG*) (/SVF/build/bin/wpa+0x462e08)
   Added CMake support for SVF #8 0x000000000047bec9 llvm::GraphWriter<SVFG*>::writeNode(SVFGNode*) (/SVF/build/bin/wpa+0x47bec9)
   Moved CUDD tests from lib dir to tests dir #9 0x0000000000479fe7 llvm::GraphWriter<SVFG*>::writeNodes() (/SVF/build/bin/wpa+0x479fe7)
   SVFG: Calling a function twice with global pointers as a parameter #10 0x00000000004769a3 llvm::GraphWriter<SVFG*>::writeGraph(std::string const&) (/SVF/build/bin/wpa+0x4769a3)
   Buffer index sensitivity with non variant GEP instructions #11 0x000000000047095d llvm::raw_ostream& llvm::WriteGraph<SVFG*>(llvm::raw_ostream&, SVFG* const&, bool, llvm::Twine const&) (/SVF/build/bin/wpa+0x47095d)
   Assertion triggered after modifying code #12 0x000000000046a10b void llvm::GraphPrinter::WriteGraphToFile<SVFG*>(llvm::raw_ostream&, std::string const&, SVFG* const&, bool) (/SVF/build/bin/wpa+0x46a10b)
   SVFG: Obtain SVFGNode corresponding to argument of CallSite #13 0x000000000045c593 SVFG::dump(std::string const&, bool) (/SVF/build/bin/wpa+0x45c593)
   Migrating SVF to LLVM 4 #14 0x0000000000409bc6 WPAPass::runPointerAnalysis(llvm::Module&, unsigned int) (/SVF/build/bin/wpa+0x409bc6)
   Missing a function in musl's PointsTo #15 0x0000000000409964 WPAPass::runOnModule(llvm::Module&) (/SVF/build/bin/wpa+0x409964)
   Question for source sink analysis #16 0x00000000007b92b6 (anonymous namespace)::MPPassManager::runOnModule(llvm::Module&) (/SVF/build/bin/wpa+0x7b92b6)
   Error on wpa -ander -svfg -dump-svfg example.bc  #17 0x00000000007b9a20 llvm::legacy::PassManagerImpl::run(llvm::Module&) (/SVF/build/bin/wpa+0x7b9a20)
   LLVM 4 #18 0x00000000007b9c61 llvm::legacy::PassManager::run(llvm::Module&) (/SVF/build/bin/wpa+0x7b9c61)
   cppUtil::DemangledName cppUtil::demangle does not work in some case #19 0x000000000040772b main (/SVF/build/bin/wpa+0x40772b)
   Merging in SUPA implementation? #20 0x00007fe76a34ef45 __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:321:0
   valgrind errors with "wpa -anders" and PTABen #21 0x0000000000407289 _start (/SVF/build/bin/wpa+0x407289)
   llvmhelper.sh: line 26: 26518 Segmentation fault (core dumped) wpa -ander -svfg -dump-svfg $1.bc

[yuleisui]

Hi Kim,

This is not a bug in SVF.

You may wish to check your g++/clang++ options when compiling the source code of LLVM-3.8.0. If you use std=c++11 to compile llvm-3.8.0, but use std=c++98 to compile SVF, or the other way around, then you may see this error. This error occurs when you use "autoconf" to build SVF, you have to manually correct it to make the options consistent.

"autoconf" will be deprecated soon in later versions of LLVM. I suggest you use cmake (https://github.com/unsw-corg/SVF/wiki/Setup-Guide-(CMake)) to build SVF.

The error will disappear when you use cmake build.

Thanks

[dtzWill]

Hmm, I'm seeing this issue

• I'm using CMake
• I've built LLVM-3.8 and SVF with same compiler and same flags, and tried GCC 5.4, 6, clang_4

This issue happens 100% of the time when using #18, however I don't know that it's caused by those changes--it seems it just gets less lucky with the underlying bug.

@rockysui can you verify that running wpa -anders -svfg -dump-svfg on the tutorial's input works correctly and that running it under valgrind reports no errors?

For me, on the current master (using LLVM 3.8) as well as the LLVM 4 changes valgrind reports errors resulting from accessing MemSSA bits that have been deleted. Looking at the code it's easy to see why--indeed they /have/ been deleted. I'm not sure why this happens less on master, and AFAICT has little to do with the C++ standard used to compile the code.

I have patched this issue in my fork which fixes the crash on LLVM 4 and the valgrind errors in both versions.

If indeed this is a problem, perhaps you should be less quick to close bugs (at least wait for the OP to confirm they're resolved)?

[yuleisui]

Hi WIll,

Thanks for confirming this issue and your attempts to fix it!

The aim of building MemSSA is to create SVFG, so MemSSA is an intermediate data structure and will be discarded later. When creating a SVFG, a local instance of memSSA is created (Please take a look at here). This might be the issue when any of its fields is referred later (e.g., dumpSVFG).

I don't know whether we can have a quick workaround fix by simply allocating the MemSSA instance on the heap.

@jcarlson23
Sorry that I am pretty busy with a paper deadline these two weeks, and will try to get a complete fix for this issue and Jared's pull request asap.

[dtzWill]

I've implemented a quickfix here: dtzWill@49a0464

One implication is the mssa is preserved for the lifetime of the SVFG, which for this use case is desired but I don't know about what other clients might want.

For convenience and lack of familiarity with the codebase I just used unique_ptr, anyway it seems to work for me so I thought I'd share in case it's useful to someone else. 👍

[yuleisui]

Thanks, Will! A very good fix using unique_ptr.

The C++11 style is not consistent with SVF. I have committed a quick fix by allocating the "mssa' on the heap instead of a local instance, and also I have kept a "ReleaseMemory" function to be called by users (see f752075).

Anyway, SVF folks could make their own choices to use any of the fixes.