Segmentation fault compiling a contract with huge data and via-IR enabled

[r0qs]

Description

Investigating issue #13494 I ended up in a segmentation fault error when compiling the contract below with via-IR. The contract only assigns to a variable a huge payload.

Environment

• Compiler version: Version: 0.8.17-develop.2022.9.5+commit.51929652.Linux.g++ (also tested on 0.8.16 release)
• Target EVM version (as per compiler settings): via-ir
• Framework/IDE (e.g. Truffle or Remix): tested with solc and foundry
• Operating system: Linux

Steps to Reproduce

1. Create a file Test.sol with the following code and the data payload from this example here

pragma solidity >=0.8.16;

contract Test {
	function test() external {
		bytes memory data = hex"615870600E600039..."; // replace with a huge data
	}
}

2. Compile the code to get the segmentation fault error

solc --via-ir ./Test.sol

Running using GDB returns the following stack trace on solidity::yul::Parser::parseSrcComment:

ar const*, std::__cxx11::match_results<char const*, std::allocator<std::__cxx11::sub_match<char const*> > >&, std::__cxx11::basic_regex<char, std::__cxx11::regex_traits<char> > const&, std::regex_constants::match_flag_type, std::__detail::_RegexExecutorPolicy, bool) ()
#80516 0x0000555555c4c3f4 in solidity::yul::Parser::parseSrcComment(std::basic_string_view<char, std::char_traits<char> >, solidity::langutil::SourceLocation const&) ()
#80517 0x0000555555c4d63a in solidity::yul::Parser::fetchDebugDataFromComment() ()
#80518 0x0000555555c4d91c in solidity::yul::Parser::advance() ()
#80519 0x0000555555c50e09 in solidity::yul::Parser::parseBlock() ()
#80520 0x0000555555c516e8 in solidity::yul::Parser::parseFunctionDefinition() ()
#80521 0x0000555555c4ff88 in solidity::yul::Parser::parseStatement() ()
#80522 0x0000555555c50e66 in solidity::yul::Parser::parseBlock() ()
#80523 0x0000555555c51a83 in solidity::yul::Parser::parseInline(std::shared_ptr<solidity::langutil::Scanner> const&) ()
#80524 0x0000555555c6e801 in solidity::yul::ObjectParser::parseBlock(std::optional<std::map<unsigned int, std::shared_ptr<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const>, std::less<unsigned int>, std::allocator<std::pair<unsigned int const, std::shared_ptr<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const> > > > >) ()
#80525 0x0000555555c6ecaf in solidity::yul::ObjectParser::parseCode(std::optional<std::map<unsigned int, std::shared_ptr<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const>, std::less<unsigned int>, std::allocator<std::pair<unsigned int const, std::shared_ptr<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const> > > > >) ()
#80526 0x0000555555c715e1 in solidity::yul::ObjectParser::parseObject(solidity::yul::Object*) ()
#80527 0x0000555555c71985 in solidity::yul::ObjectParser::parseObject(solidity::yul::Object*) ()
#80528 0x0000555555c71ba9 in solidity::yul::ObjectParser::parse(std::shared_ptr<solidity::langutil::Scanner> const&, bool) ()
#80529 0x0000555555c5ec20 in solidity::yul::YulStack::parseAndAnalyze(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ()
#80530 0x0000555555aa0e24 in solidity::frontend::IRGenerator::run[abi:cxx11](solidity::frontend::ContractDefinition const&, std::vector<unsigned char, std::allocator<unsigned char> > const&, std::map<solidity::frontend::ContractDefinition const*, std::basic_string_view<char, std::char_traits<char> > const, std::less<solidity::frontend::ContractDefinition const*>, std::allocator<std::pair<solidity::frontend::ContractDefinition const* const, std::basic_string_view<char, std::char_traits<char> > const> > > const&) ()
#80531 0x00005555558048d1 in solidity::frontend::CompilerStack::generateIR(solidity::frontend::ContractDefinition const&) ()
#80532 0x000055555580929b in solidity::frontend::CompilerStack::compile(solidity::frontend::CompilerStack::State) ()
#80533 0x0000555555735c26 in solidity::frontend::CommandLineInterface::compile() ()
#80534 0x000055555573b015 in solidity::frontend::CommandLineInterface::processInput() ()
#80535 0x000055555573b40c in solidity::frontend::CommandLineInterface::run(int, char const* const*) ()
#80536 0x0000555555706e6c in main ()

[Marenz]

The crash is happen inside our regex library which seems to be the same/similar problem as the two other issues I just linked to this.

[fvictorio]

Also ran into this. One of our tests uses a big contract and it fails when run wiht viaIR enabled.

[cameel]

Ok then, maybe we should bump the priority here. I thought it would affect only really pathological cases unlikely to happen in practice.

[cameel]

I have to finally fix it because now it interferes with my attempt to implement #13583. syntaxTests/sizeLimits/bytecode_too_large_byzantium.sol and a few similar tests we have in our test suite crash like this and the bytecode comparison does not complete for --via-ir.

[smol-ninja]

I can also confirm its a bug.

I tried to write a deployment script that uses precompiles bytecode for the deployment. The ci fails with Segmentation fault error. The bytecodes are declared in a file Precompiles.sol which I tried to import in DeployCorePrecompiles.s.sol.

Related:

• https://github.com/sablier-labs/v2-core/pull/846/files