Baozeng via llvm-dev
2018-Aug-30 09:58 UTC
[llvm-dev] crash problem when using IndirectBrInst to replace BranchInst
Hello all,
I have written a pass, which replaces condition branchinst using
indirectBr to obfuscate program.
The origin IR is as the following:
br i1 %1, label %2, label %3
And the transformed IR is as the follwoing:
%4 = select i1 %1, i8* blockaddress(@func, %2), i8* blockaddress(@func,
%3)
indirectbr i8* %4, [label %2, label %3]
The pass's core function is as the following:
BasicBlock *TrueDest = BI->getSuccessor(0);//BI is a conditional
branch
BasicBlock *FalseDest = BI->getSuccessor(1);
BlockAddress * TrueDestAddr = BlockAddress::get(TrueDest);
BlockAddress * FalseDestAddr = BlockAddress::get(FalseDest);
Value * ConditionValue = BI->getCondition();
SelectInst * SI = SelectInst::Create(ConditionValue, TrueDestAddr,
FalseDestAddr, "", BI);
IndirectBrInst *indirBr = IndirectBrInst::Create(SI, 2, BI);
indirBr->addDestination(TrueDest);
indirBr->addDestination(FalseDest);
BI->eraseFromParent();
But I met the following crash when using this pass to build the arm target.
The crash log is:
Process: clang [894]
Path: /Users/USER/Library/Android/*/clang
Identifier: clang
Version: 6.0.0 (6.0)
Code Type: X86-64 (Native)
Parent Process: clang [893]
Responsible: clang [894]
User ID: 501
Date/Time: 2018-08-30 17:31:27.215 +0800
OS Version: Mac OS X 10.13.6 (17G65)
Report Version: 12
Anonymous UUID: EBCD2C91-4439-C1F4-B504-A32D567161A7
Sleep/Wake UUID: 5EB83694-4FFE-458B-85E5-ABCD219ACB1E
Time Awake Since Boot: 370000 seconds
Time Since Wake: 17000 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x000000010457c000
Exception Note: EXC_CORPSE_NOTIFY
Termination Signal: Bus error: 10
Termination Reason: Namespace SIGNAL, Code 0xa
Terminating Process: exc handler [0]
VM Regions Near 0x10457c000:
MALLOC metadata 000000010457b000-000000010457c000 [ 4K]
rw-/rwx SM=ZER
--> MALLOC guard page 000000010457c000-000000010457d000 [ 4K]
---/rwx SM=ZER
MALLOC metadata 000000010457d000-0000000104581000 [ 16K]
rw-/rwx SM=ZER
Application Specific Information:
Stack dump:
0. Program arguments:
//Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/bin/clang
-cc1 -triple thumbv7-none-linux-android14 -emit-obj -mnoexecstack
-disable-free -disable-llvm-verifier -discard-value-names -main-file-name
bzip2.c -mrelocation-model pic -pic-level 1 -mthread-model posix
-mdisable-fp-elim -fmath-errno -masm-verbose -mconstructor-aliases
-munwind-tables -fuse-init-array -target-cpu generic -target-feature
+soft-float-abi -target-feature -fp-only-sp -target-feature +d16
-target-feature +vfp3 -target-feature -fp16 -target-feature -vfp4
-target-feature -fp-armv8 -target-feature -neon -target-feature -crypto
-target-abi aapcs-linux -mfloat-abi soft -fallow-half-arguments-and-returns
-dwarf-column-info -debug-info-kind=limited -dwarf-version=4
-debugger-tuning=gdb -target-linker-version 351.8 -ffunction-sections
-coverage-notes-file
/Users/dingbaozeng/work/native_obfuscator/tests/./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.gcno
-resource-dir
//Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/lib/clang/6.0.0
-dependency-file
./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o.d -MT
./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o -MP -isystem
//Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/include/arm-linux-androideabi
-D NDEBUG -I busybox/include -I busybox -D ANDROID -D
BB_VER="1.28.4-topjohnwu" -D BB_BT=AUTOCONF_TIMESTAMP -D
__ANDROID_API__=14
-isysroot //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot
-internal-isystem
//Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/local/include
-internal-isystem
//Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/lib/clang/6.0.0/include
-internal-externc-isystem
//Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/include
-internal-externc-isystem
//Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/include -Os
-Wno-invalid-command-line-argument -Wno-unused-command-line-argument
-Wno-error=format-security -w -fdebug-compilation-dir
/Users/dingbaozeng/work/native_obfuscator/tests -ferror-limit 19
-fmessage-length 138 -femulated-tls -stack-protector 2 -fno-signed-char
-fobjc-runtime=gcc -fdiagnostics-show-option -fcolor-diagnostics
-vectorize-loops -vectorize-slp -mllvm -indibran -o
./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o -x c
busybox/archival/bzip2.c
1. <eof> parser at end of file
2. Code generation
3. Running pass 'Function Pass Manager' on module
'busybox/archival/bzip2.c'.
4. Running pass 'Merge disjoint stack slots' on function
'@mainSort'
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 clang 0x00000001011233c0 (anonymous
namespace)::StackColoring::runOnMachineFunction(llvm::MachineFunction&) +
8448
1 clang 0x0000000100ff0746
llvm::MachineFunctionPass::runOnFunction(llvm::Function&) + 134
2 clang 0x000000010124cdd2
llvm::FPPassManager::runOnFunction(llvm::Function&) + 546
3 clang 0x000000010124cfe3
llvm::FPPassManager::runOnModule(llvm::Module&) + 67
4 clang 0x000000010124d458
llvm::legacy::PassManagerImpl::run(llvm::Module&) + 888
5 clang 0x00000001018d7f5b
clang::EmitBackendOutput(clang::DiagnosticsEngine&,
clang::HeaderSearchOptions const&, clang::CodeGenOptions const&,
clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout
const&, llvm::Module*, clang::BackendAction,
std::__1::unique_ptr<llvm::raw_pwrite_stream,
std::__1::default_delete<llvm::raw_pwrite_stream> >) + 14907
6 clang 0x0000000101a9bc0f
clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) + 959
7 clang 0x000000010236d7e2
clang::ParseAST(clang::Sema&, bool, bool) + 466
8 clang 0x0000000101d038a3
clang::FrontendAction::Execute() + 67
9 clang 0x0000000101ca4878
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 1208
10 clang 0x0000000101d4a0c5
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 4613
11 clang 0x000000010083b865
cc1_main(llvm::ArrayRef<char const*>, char const*, void*) + 1333
12 clang 0x00000001008398e2 main + 11250
13 libdyld.dylib 0x00007fff50a2e015 start + 1
Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x00000001053bc148 rbx: 0x0000000000000005 rcx:
0x000000000038c8cc rdx: 0x000000010457c008
rdi: 0x00000000005044f1 rsi: 0x0000000000000000 rbp:
0x00007ffeef3c6cf0 rsp: 0x00007ffeef3c6910
r8: 0x0000000003000001 r9: 0x00000001039bdec0 r10:
0x0000000000000000 r11: 0x0000000000000007
r12: 0x00007fa712668450 r13: 0x00007ffeef3c6ba0 r14:
0x00007fa713a5ca00 r15: 0x00007fa712668468
rip: 0x00000001011233c0 rfl: 0x0000000000010246 cr2: 0x000000010457c000
Logical CPU: 2
Error Code: 0x00000004
Trap Number: 14
Binary Images:
0x100835000 - 0x103977ff7 +clang (6.0.0 - 6.0)
<894457CA-21F3-318A-84F6-806AED47E3F6> /Users/USER/Library/Android/*/clang
0x107ed8000 - 0x107f22acf dyld (551.4)
<8A72DE9C-A136-3506-AA02-4BA2B82DCAF3> /usr/lib/dyld
0x7fff4e20d000 - 0x7fff4e240ff7 libclosured.dylib (551.4)
<3FB6B209-51F4-38DA-B1D8-2EE29D5BDD83> /usr/lib/closure/libclosured.dylib
0x7fff4e747000 - 0x7fff4e748ffb libSystem.B.dylib (1252.50.4)
<CD555F3B-FDDB-35E5-A2FB-FBBF3D62031A> /usr/lib/libSystem.B.dylib
0x7fff4e97c000 - 0x7fff4e9d2fff libc++.1.dylib (400.9)
<7D3DACCC-3804-393C-ABC1-1A580FD00CB6> /usr/lib/libc++.1.dylib
0x7fff4e9d3000 - 0x7fff4e9f7ff7 libc++abi.dylib (400.8.2)
<EF5E37D7-11D9-3530-BE45-B986612D13E2> /usr/lib/libc++abi.dylib
0x7fff4fa2b000 - 0x7fff4fa5bffb libncurses.5.4.dylib (53)
<030DF747-F71B-367A-83EE-2F30B7947929> /usr/lib/libncurses.5.4.dylib
0x7fff4fe00000 - 0x7fff501ee7e7 libobjc.A.dylib (723)
<DD9E5EC5-B507-3249-B700-93433E2D5EDF> /usr/lib/libobjc.A.dylib
0x7fff50816000 - 0x7fff50828ffb libz.1.dylib (70)
<48C67CFC-940D-3857-8DAD-857774605352> /usr/lib/libz.1.dylib
0x7fff508c4000 - 0x7fff508c8ff7 libcache.dylib (80)
<092479CB-1008-3A83-BECF-E115F24D13C1> /usr/lib/system/libcache.dylib
0x7fff508c9000 - 0x7fff508d3ff3 libcommonCrypto.dylib (60118.50.1)
<029F5985-9B6E-3DCB-9B96-FD007678C6A7>
/usr/lib/system/libcommonCrypto.dylib
0x7fff508d4000 - 0x7fff508dbfff libcompiler_rt.dylib (62)
<968B8E3F-3681-3230-9D78-BB8732024F6E>
/usr/lib/system/libcompiler_rt.dylib
0x7fff508dc000 - 0x7fff508e5ffb libcopyfile.dylib (146.50.5)
<3885083D-50D8-3EEC-B481-B2E605180D7F> /usr/lib/system/libcopyfile.dylib
0x7fff508e6000 - 0x7fff5096bfff libcorecrypto.dylib (562.70.1)
<5C26364F-2269-31EC-84AF-0FED2C902E38> /usr/lib/system/libcorecrypto.dylib
0x7fff509f3000 - 0x7fff50a2cff7 libdispatch.dylib (913.60.2)
<232C69BD-022E-3AB9-8807-79F9FA7CB5EC> /usr/lib/system/libdispatch.dylib
0x7fff50a2d000 - 0x7fff50a4aff7 libdyld.dylib (551.4)
<81BF3A82-5719-3B54-ABA9-76C82D932CAC> /usr/lib/system/libdyld.dylib
0x7fff50a4b000 - 0x7fff50a4bffb libkeymgr.dylib (28)
<E34E283E-90FA-3C59-B48E-1277CDB9CDCE> /usr/lib/system/libkeymgr.dylib
0x7fff50a59000 - 0x7fff50a59ff7 liblaunch.dylib (1205.70.9)
<B184B521-FF24-3142-AFAF-23D170CF918C> /usr/lib/system/liblaunch.dylib
0x7fff50a5a000 - 0x7fff50a5effb libmacho.dylib (906)
<1902A611-081A-3452-B11E-EBD1B166E831> /usr/lib/system/libmacho.dylib
0x7fff50a5f000 - 0x7fff50a61ff3 libquarantine.dylib (86)
<26C0BA22-8F93-3A07-9A4E-C8D53D2CE42E> /usr/lib/system/libquarantine.dylib
0x7fff50a62000 - 0x7fff50a63ff3 libremovefile.dylib (45)
<711E18B2-5BBE-3211-A916-56740C27D17A> /usr/lib/system/libremovefile.dylib
0x7fff50a64000 - 0x7fff50a7bfff libsystem_asl.dylib (356.70.1)
<39E46A6F-B228-3E78-B83E-1779F9707A39> /usr/lib/system/libsystem_asl.dylib
0x7fff50a7c000 - 0x7fff50a7cfff libsystem_blocks.dylib (67)
<17303FDF-0D2D-3963-B05E-B4DF63052D47>
/usr/lib/system/libsystem_blocks.dylib
0x7fff50a7d000 - 0x7fff50b06ff7 libsystem_c.dylib (1244.50.9)
<1187BFE8-4576-3247-8177-481554E1F9E7> /usr/lib/system/libsystem_c.dylib
0x7fff50b07000 - 0x7fff50b0affb libsystem_configuration.dylib
(963.50.8) <DF6B5287-203E-30CB-9947-78DF446C72B8>
/usr/lib/system/libsystem_configuration.dylib
0x7fff50b0b000 - 0x7fff50b0effb libsystem_coreservices.dylib (51)
<486000D3-D8CB-3BE7-8EE5-8BF380DE6DF7>
/usr/lib/system/libsystem_coreservices.dylib
0x7fff50b0f000 - 0x7fff50b10fff libsystem_darwin.dylib (1244.50.9)
<09C21A4A-9EE0-388B-A9D9-DFF8F6758791>
/usr/lib/system/libsystem_darwin.dylib
0x7fff50b11000 - 0x7fff50b17ff7 libsystem_dnssd.dylib (878.70.2)
<3290768B-54DE-3AB6-B155-AC0950AC5564>
/usr/lib/system/libsystem_dnssd.dylib
0x7fff50b18000 - 0x7fff50b61ff7 libsystem_info.dylib (517.30.1)
<AB634A98-B8AA-3804-8436-38261FC8EC4D>
/usr/lib/system/libsystem_info.dylib
0x7fff50b62000 - 0x7fff50b88ff7 libsystem_kernel.dylib (4570.71.2)
<F22B8D73-69D8-36D7-BF66-7F9AC70C08C2>
/usr/lib/system/libsystem_kernel.dylib
0x7fff50b89000 - 0x7fff50bd4fcb libsystem_m.dylib (3147.50.1)
<8CFB51C9-B422-3379-8552-064C63943A23> /usr/lib/system/libsystem_m.dylib
0x7fff50bd5000 - 0x7fff50bf4fff libsystem_malloc.dylib (140.50.6)
<7FD43735-9DDD-300E-8C4A-F909A74BDF49>
/usr/lib/system/libsystem_malloc.dylib
0x7fff50bf5000 - 0x7fff50d25ff7 libsystem_network.dylib
(1229.70.2) <5E86B2DE-9E15-3354-8714-4094ED5F698D>
/usr/lib/system/libsystem_network.dylib
0x7fff50d26000 - 0x7fff50d30ffb libsystem_networkextension.dylib
(767.70.1) <D23EAFC1-E8BD-34D5-969C-6E45A1C3B4E4>
/usr/lib/system/libsystem_networkextension.dylib
0x7fff50d31000 - 0x7fff50d3aff3 libsystem_notify.dylib (172)
<08012EC0-2CD2-34BE-BF93-E7F56491299A>
/usr/lib/system/libsystem_notify.dylib
0x7fff50d3b000 - 0x7fff50d42ff7 libsystem_platform.dylib
(161.50.1) <6355EE2D-5456-3CA8-A227-B96E8F1E2AF8>
/usr/lib/system/libsystem_platform.dylib
0x7fff50d43000 - 0x7fff50d4efff libsystem_pthread.dylib (301.50.1)
<0E51CCBA-91F2-34E1-BF2A-FEEFD3D321E4>
/usr/lib/system/libsystem_pthread.dylib
0x7fff50d4f000 - 0x7fff50d52fff libsystem_sandbox.dylib (765.70.1)
<553DFCC6-9D31-3B9C-AB7C-30F6F265786D>
/usr/lib/system/libsystem_sandbox.dylib
0x7fff50d53000 - 0x7fff50d54ff3 libsystem_secinit.dylib (30)
<DE8D14E8-A276-3FF8-AE13-77F7040F33C1>
/usr/lib/system/libsystem_secinit.dylib
0x7fff50d55000 - 0x7fff50d5cff7 libsystem_symptoms.dylib
(820.60.2) <585BDFA2-D54D-39D0-8046-44E824DABD43>
/usr/lib/system/libsystem_symptoms.dylib
0x7fff50d5d000 - 0x7fff50d70fff libsystem_trace.dylib (829.70.1)
<3A6CB706-8CA6-3616-8AFC-14AAD7FAF187>
/usr/lib/system/libsystem_trace.dylib
0x7fff50d72000 - 0x7fff50d77ff7 libunwind.dylib (35.3)
<BEF3FB49-5604-3B5F-82B5-332B80023AC3> /usr/lib/system/libunwind.dylib
0x7fff50d78000 - 0x7fff50da5ff7 libxpc.dylib (1205.70.9)
<0BC7AD67-671D-31D4-8B88-C317B8379598> /usr/lib/system/libxpc.dylib
External Modification Summary:
Calls made by other processes targeting this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by all processes on this machine:
task_for_pid: 227609
thread_create: 0
thread_set_state: 0
VM Region Summary:
ReadOnly portion of Libraries: Total=260.6M resident=0K(0%)
swapped_out_or_unallocated=260.6M(100%)
Writable regions: Total=142.7M written=0K(0%) resident=0K(0%)
swapped_out=0K(0%) unallocated=142.7M(100%)
VIRTUAL REGION
REGION TYPE SIZE COUNT (non-coalesced)
=========== ======= ======
Kernel Alloc Once 8K 2
MALLOC 78.2M 16
MALLOC guard page 16K 5
STACK GUARD 4K 2
Stack 64.0M 2
__DATA 5224K 45
__LINKEDIT 201.9M 4
__TEXT 58.8M 44
mapped file 444K 9
shared memory 8K 3
=========== ======= ======
TOTAL 408.4M 122
any suggestion? Thank you.
--
Best Regards,
Baozeng Ding
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20180830/09a5a93e/attachment-0001.html>
mayuyu.io via llvm-dev
2018-Aug-30 10:19 UTC
[llvm-dev] crash problem when using IndirectBrInst to replace BranchInst
Doesn’t my open-source implementation already did this obfuscation? Zhang> 在 2018年8月30日,17:58,Baozeng via llvm-dev <llvm-dev at lists.llvm.org> 写道: > > > Hello all, > I have written a pass, which replaces condition branchinst using indirectBr to obfuscate program. > > The origin IR is as the following: > br i1 %1, label %2, label %3 > > And the transformed IR is as the follwoing: > %4 = select i1 %1, i8* blockaddress(@func, %2), i8* blockaddress(@func, %3) > indirectbr i8* %4, [label %2, label %3] > > > The pass's core function is as the following: > > BasicBlock *TrueDest = BI->getSuccessor(0);//BI is a conditional branch > BasicBlock *FalseDest = BI->getSuccessor(1); > > BlockAddress * TrueDestAddr = BlockAddress::get(TrueDest); > BlockAddress * FalseDestAddr = BlockAddress::get(FalseDest); > > Value * ConditionValue = BI->getCondition(); > > SelectInst * SI = SelectInst::Create(ConditionValue, TrueDestAddr, FalseDestAddr, "", BI); > > IndirectBrInst *indirBr = IndirectBrInst::Create(SI, 2, BI); > indirBr->addDestination(TrueDest); > indirBr->addDestination(FalseDest); > BI->eraseFromParent(); > > But I met the following crash when using this pass to build the arm target. The crash log is: > > Process: clang [894] > Path: /Users/USER/Library/Android/*/clang > Identifier: clang > Version: 6.0.0 (6.0) > Code Type: X86-64 (Native) > Parent Process: clang [893] > Responsible: clang [894] > User ID: 501 > > Date/Time: 2018-08-30 17:31:27.215 +0800 > OS Version: Mac OS X 10.13.6 (17G65) > Report Version: 12 > Anonymous UUID: EBCD2C91-4439-C1F4-B504-A32D567161A7 > > Sleep/Wake UUID: 5EB83694-4FFE-458B-85E5-ABCD219ACB1E > > Time Awake Since Boot: 370000 seconds > Time Since Wake: 17000 seconds > > System Integrity Protection: enabled > > Crashed Thread: 0 Dispatch queue: com.apple.main-thread > > Exception Type: EXC_BAD_ACCESS (SIGBUS) > Exception Codes: KERN_PROTECTION_FAILURE at 0x000000010457c000 > Exception Note: EXC_CORPSE_NOTIFY > > Termination Signal: Bus error: 10 > Termination Reason: Namespace SIGNAL, Code 0xa > Terminating Process: exc handler [0] > > VM Regions Near 0x10457c000: > MALLOC metadata 000000010457b000-000000010457c000 [ 4K] rw-/rwx SM=ZER > --> MALLOC guard page 000000010457c000-000000010457d000 [ 4K] ---/rwx SM=ZER > MALLOC metadata 000000010457d000-0000000104581000 [ 16K] rw-/rwx SM=ZER > > Application Specific Information: > Stack dump: > 0. Program arguments: //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/bin/clang -cc1 -triple thumbv7-none-linux-android14 -emit-obj -mnoexecstack -disable-free -disable-llvm-verifier -discard-value-names -main-file-name bzip2.c -mrelocation-model pic -pic-level 1 -mthread-model posix -mdisable-fp-elim -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu generic -target-feature +soft-float-abi -target-feature -fp-only-sp -target-feature +d16 -target-feature +vfp3 -target-feature -fp16 -target-feature -vfp4 -target-feature -fp-armv8 -target-feature -neon -target-feature -crypto -target-abi aapcs-linux -mfloat-abi soft -fallow-half-arguments-and-returns -dwarf-column-info -debug-info-kind=limited -dwarf-version=4 -debugger-tuning=gdb -target-linker-version 351.8 -ffunction-sections -coverage-notes-file /Users/dingbaozeng/work/native_obfuscator/tests/./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.gcno -resource-dir //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/lib/clang/6.0.0 -dependency-file ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o.d -MT ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o -MP -isystem //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/include/arm-linux-androideabi -D NDEBUG -I busybox/include -I busybox -D ANDROID -D BB_VER="1.28.4-topjohnwu" -D BB_BT=AUTOCONF_TIMESTAMP -D __ANDROID_API__=14 -isysroot //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot -internal-isystem //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/local/include -internal-isystem //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/lib/clang/6.0.0/include -internal-externc-isystem //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/include -internal-externc-isystem //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/include -Os -Wno-invalid-command-line-argument -Wno-unused-command-line-argument -Wno-error=format-security -w -fdebug-compilation-dir /Users/dingbaozeng/work/native_obfuscator/tests -ferror-limit 19 -fmessage-length 138 -femulated-tls -stack-protector 2 -fno-signed-char -fobjc-runtime=gcc -fdiagnostics-show-option -fcolor-diagnostics -vectorize-loops -vectorize-slp -mllvm -indibran -o ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o -x c busybox/archival/bzip2.c > 1. <eof> parser at end of file > 2. Code generation > 3. Running pass 'Function Pass Manager' on module 'busybox/archival/bzip2.c'. > 4. Running pass 'Merge disjoint stack slots' on function '@mainSort' > > > Thread 0 Crashed:: Dispatch queue: com.apple.main-thread > 0 clang 0x00000001011233c0 (anonymous namespace)::StackColoring::runOnMachineFunction(llvm::MachineFunction&) + 8448 > 1 clang 0x0000000100ff0746 llvm::MachineFunctionPass::runOnFunction(llvm::Function&) + 134 > 2 clang 0x000000010124cdd2 llvm::FPPassManager::runOnFunction(llvm::Function&) + 546 > 3 clang 0x000000010124cfe3 llvm::FPPassManager::runOnModule(llvm::Module&) + 67 > 4 clang 0x000000010124d458 llvm::legacy::PassManagerImpl::run(llvm::Module&) + 888 > 5 clang 0x00000001018d7f5b clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction, std::__1::unique_ptr<llvm::raw_pwrite_stream, std::__1::default_delete<llvm::raw_pwrite_stream> >) + 14907 > 6 clang 0x0000000101a9bc0f clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) + 959 > 7 clang 0x000000010236d7e2 clang::ParseAST(clang::Sema&, bool, bool) + 466 > 8 clang 0x0000000101d038a3 clang::FrontendAction::Execute() + 67 > 9 clang 0x0000000101ca4878 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 1208 > 10 clang 0x0000000101d4a0c5 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 4613 > 11 clang 0x000000010083b865 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) + 1333 > 12 clang 0x00000001008398e2 main + 11250 > 13 libdyld.dylib 0x00007fff50a2e015 start + 1 > > Thread 0 crashed with X86 Thread State (64-bit): > rax: 0x00000001053bc148 rbx: 0x0000000000000005 rcx: 0x000000000038c8cc rdx: 0x000000010457c008 > rdi: 0x00000000005044f1 rsi: 0x0000000000000000 rbp: 0x00007ffeef3c6cf0 rsp: 0x00007ffeef3c6910 > r8: 0x0000000003000001 r9: 0x00000001039bdec0 r10: 0x0000000000000000 r11: 0x0000000000000007 > r12: 0x00007fa712668450 r13: 0x00007ffeef3c6ba0 r14: 0x00007fa713a5ca00 r15: 0x00007fa712668468 > rip: 0x00000001011233c0 rfl: 0x0000000000010246 cr2: 0x000000010457c000 > > Logical CPU: 2 > Error Code: 0x00000004 > Trap Number: 14 > > > Binary Images: > 0x100835000 - 0x103977ff7 +clang (6.0.0 - 6.0) <894457CA-21F3-318A-84F6-806AED47E3F6> /Users/USER/Library/Android/*/clang > 0x107ed8000 - 0x107f22acf dyld (551.4) <8A72DE9C-A136-3506-AA02-4BA2B82DCAF3> /usr/lib/dyld > 0x7fff4e20d000 - 0x7fff4e240ff7 libclosured.dylib (551.4) <3FB6B209-51F4-38DA-B1D8-2EE29D5BDD83> /usr/lib/closure/libclosured.dylib > 0x7fff4e747000 - 0x7fff4e748ffb libSystem.B.dylib (1252.50.4) <CD555F3B-FDDB-35E5-A2FB-FBBF3D62031A> /usr/lib/libSystem.B.dylib > 0x7fff4e97c000 - 0x7fff4e9d2fff libc++.1.dylib (400.9) <7D3DACCC-3804-393C-ABC1-1A580FD00CB6> /usr/lib/libc++.1.dylib > 0x7fff4e9d3000 - 0x7fff4e9f7ff7 libc++abi.dylib (400.8.2) <EF5E37D7-11D9-3530-BE45-B986612D13E2> /usr/lib/libc++abi.dylib > 0x7fff4fa2b000 - 0x7fff4fa5bffb libncurses.5.4.dylib (53) <030DF747-F71B-367A-83EE-2F30B7947929> /usr/lib/libncurses.5.4.dylib > 0x7fff4fe00000 - 0x7fff501ee7e7 libobjc.A.dylib (723) <DD9E5EC5-B507-3249-B700-93433E2D5EDF> /usr/lib/libobjc.A.dylib > 0x7fff50816000 - 0x7fff50828ffb libz.1.dylib (70) <48C67CFC-940D-3857-8DAD-857774605352> /usr/lib/libz.1.dylib > 0x7fff508c4000 - 0x7fff508c8ff7 libcache.dylib (80) <092479CB-1008-3A83-BECF-E115F24D13C1> /usr/lib/system/libcache.dylib > 0x7fff508c9000 - 0x7fff508d3ff3 libcommonCrypto.dylib (60118.50.1) <029F5985-9B6E-3DCB-9B96-FD007678C6A7> /usr/lib/system/libcommonCrypto.dylib > 0x7fff508d4000 - 0x7fff508dbfff libcompiler_rt.dylib (62) <968B8E3F-3681-3230-9D78-BB8732024F6E> /usr/lib/system/libcompiler_rt.dylib > 0x7fff508dc000 - 0x7fff508e5ffb libcopyfile.dylib (146.50.5) <3885083D-50D8-3EEC-B481-B2E605180D7F> /usr/lib/system/libcopyfile.dylib > 0x7fff508e6000 - 0x7fff5096bfff libcorecrypto.dylib (562.70.1) <5C26364F-2269-31EC-84AF-0FED2C902E38> /usr/lib/system/libcorecrypto.dylib > 0x7fff509f3000 - 0x7fff50a2cff7 libdispatch.dylib (913.60.2) <232C69BD-022E-3AB9-8807-79F9FA7CB5EC> /usr/lib/system/libdispatch.dylib > 0x7fff50a2d000 - 0x7fff50a4aff7 libdyld.dylib (551.4) <81BF3A82-5719-3B54-ABA9-76C82D932CAC> /usr/lib/system/libdyld.dylib > 0x7fff50a4b000 - 0x7fff50a4bffb libkeymgr.dylib (28) <E34E283E-90FA-3C59-B48E-1277CDB9CDCE> /usr/lib/system/libkeymgr.dylib > 0x7fff50a59000 - 0x7fff50a59ff7 liblaunch.dylib (1205.70.9) <B184B521-FF24-3142-AFAF-23D170CF918C> /usr/lib/system/liblaunch.dylib > 0x7fff50a5a000 - 0x7fff50a5effb libmacho.dylib (906) <1902A611-081A-3452-B11E-EBD1B166E831> /usr/lib/system/libmacho.dylib > 0x7fff50a5f000 - 0x7fff50a61ff3 libquarantine.dylib (86) <26C0BA22-8F93-3A07-9A4E-C8D53D2CE42E> /usr/lib/system/libquarantine.dylib > 0x7fff50a62000 - 0x7fff50a63ff3 libremovefile.dylib (45) <711E18B2-5BBE-3211-A916-56740C27D17A> /usr/lib/system/libremovefile.dylib > 0x7fff50a64000 - 0x7fff50a7bfff libsystem_asl.dylib (356.70.1) <39E46A6F-B228-3E78-B83E-1779F9707A39> /usr/lib/system/libsystem_asl.dylib > 0x7fff50a7c000 - 0x7fff50a7cfff libsystem_blocks.dylib (67) <17303FDF-0D2D-3963-B05E-B4DF63052D47> /usr/lib/system/libsystem_blocks.dylib > 0x7fff50a7d000 - 0x7fff50b06ff7 libsystem_c.dylib (1244.50.9) <1187BFE8-4576-3247-8177-481554E1F9E7> /usr/lib/system/libsystem_c.dylib > 0x7fff50b07000 - 0x7fff50b0affb libsystem_configuration.dylib (963.50.8) <DF6B5287-203E-30CB-9947-78DF446C72B8> /usr/lib/system/libsystem_configuration.dylib > 0x7fff50b0b000 - 0x7fff50b0effb libsystem_coreservices.dylib (51) <486000D3-D8CB-3BE7-8EE5-8BF380DE6DF7> /usr/lib/system/libsystem_coreservices.dylib > 0x7fff50b0f000 - 0x7fff50b10fff libsystem_darwin.dylib (1244.50.9) <09C21A4A-9EE0-388B-A9D9-DFF8F6758791> /usr/lib/system/libsystem_darwin.dylib > 0x7fff50b11000 - 0x7fff50b17ff7 libsystem_dnssd.dylib (878.70.2) <3290768B-54DE-3AB6-B155-AC0950AC5564> /usr/lib/system/libsystem_dnssd.dylib > 0x7fff50b18000 - 0x7fff50b61ff7 libsystem_info.dylib (517.30.1) <AB634A98-B8AA-3804-8436-38261FC8EC4D> /usr/lib/system/libsystem_info.dylib > 0x7fff50b62000 - 0x7fff50b88ff7 libsystem_kernel.dylib (4570.71.2) <F22B8D73-69D8-36D7-BF66-7F9AC70C08C2> /usr/lib/system/libsystem_kernel.dylib > 0x7fff50b89000 - 0x7fff50bd4fcb libsystem_m.dylib (3147.50.1) <8CFB51C9-B422-3379-8552-064C63943A23> /usr/lib/system/libsystem_m.dylib > 0x7fff50bd5000 - 0x7fff50bf4fff libsystem_malloc.dylib (140.50.6) <7FD43735-9DDD-300E-8C4A-F909A74BDF49> /usr/lib/system/libsystem_malloc.dylib > 0x7fff50bf5000 - 0x7fff50d25ff7 libsystem_network.dylib (1229.70.2) <5E86B2DE-9E15-3354-8714-4094ED5F698D> /usr/lib/system/libsystem_network.dylib > 0x7fff50d26000 - 0x7fff50d30ffb libsystem_networkextension.dylib (767.70.1) <D23EAFC1-E8BD-34D5-969C-6E45A1C3B4E4> /usr/lib/system/libsystem_networkextension.dylib > 0x7fff50d31000 - 0x7fff50d3aff3 libsystem_notify.dylib (172) <08012EC0-2CD2-34BE-BF93-E7F56491299A> /usr/lib/system/libsystem_notify.dylib > 0x7fff50d3b000 - 0x7fff50d42ff7 libsystem_platform.dylib (161.50.1) <6355EE2D-5456-3CA8-A227-B96E8F1E2AF8> /usr/lib/system/libsystem_platform.dylib > 0x7fff50d43000 - 0x7fff50d4efff libsystem_pthread.dylib (301.50.1) <0E51CCBA-91F2-34E1-BF2A-FEEFD3D321E4> /usr/lib/system/libsystem_pthread.dylib > 0x7fff50d4f000 - 0x7fff50d52fff libsystem_sandbox.dylib (765.70.1) <553DFCC6-9D31-3B9C-AB7C-30F6F265786D> /usr/lib/system/libsystem_sandbox.dylib > 0x7fff50d53000 - 0x7fff50d54ff3 libsystem_secinit.dylib (30) <DE8D14E8-A276-3FF8-AE13-77F7040F33C1> /usr/lib/system/libsystem_secinit.dylib > 0x7fff50d55000 - 0x7fff50d5cff7 libsystem_symptoms.dylib (820.60.2) <585BDFA2-D54D-39D0-8046-44E824DABD43> /usr/lib/system/libsystem_symptoms.dylib > 0x7fff50d5d000 - 0x7fff50d70fff libsystem_trace.dylib (829.70.1) <3A6CB706-8CA6-3616-8AFC-14AAD7FAF187> /usr/lib/system/libsystem_trace.dylib > 0x7fff50d72000 - 0x7fff50d77ff7 libunwind.dylib (35.3) <BEF3FB49-5604-3B5F-82B5-332B80023AC3> /usr/lib/system/libunwind.dylib > 0x7fff50d78000 - 0x7fff50da5ff7 libxpc.dylib (1205.70.9) <0BC7AD67-671D-31D4-8B88-C317B8379598> /usr/lib/system/libxpc.dylib > > External Modification Summary: > Calls made by other processes targeting this process: > task_for_pid: 0 > thread_create: 0 > thread_set_state: 0 > Calls made by this process: > task_for_pid: 0 > thread_create: 0 > thread_set_state: 0 > Calls made by all processes on this machine: > task_for_pid: 227609 > thread_create: 0 > thread_set_state: 0 > > VM Region Summary: > ReadOnly portion of Libraries: Total=260.6M resident=0K(0%) swapped_out_or_unallocated=260.6M(100%) > Writable regions: Total=142.7M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=142.7M(100%) > > VIRTUAL REGION > REGION TYPE SIZE COUNT (non-coalesced) > =========== ======= ======= > Kernel Alloc Once 8K 2 > MALLOC 78.2M 16 > MALLOC guard page 16K 5 > STACK GUARD 4K 2 > Stack 64.0M 2 > __DATA 5224K 45 > __LINKEDIT 201.9M 4 > __TEXT 58.8M 44 > mapped file 444K 9 > shared memory 8K 3 > =========== ======= ======= > TOTAL 408.4M 122 > > > any suggestion? Thank you. > -- > Best Regards, > Baozeng Ding > > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20180830/f44dac94/attachment.html>
mayuyu.io via llvm-dev
2018-Aug-30 10:20 UTC
[llvm-dev] crash problem when using IndirectBrInst to replace BranchInst
I suggest building LLVM in Debug mode and read the asserts Zhang> 在 2018年8月30日,17:58,Baozeng via llvm-dev <llvm-dev at lists.llvm.org> 写道: > > > Hello all, > I have written a pass, which replaces condition branchinst using indirectBr to obfuscate program. > > The origin IR is as the following: > br i1 %1, label %2, label %3 > > And the transformed IR is as the follwoing: > %4 = select i1 %1, i8* blockaddress(@func, %2), i8* blockaddress(@func, %3) > indirectbr i8* %4, [label %2, label %3] > > > The pass's core function is as the following: > > BasicBlock *TrueDest = BI->getSuccessor(0);//BI is a conditional branch > BasicBlock *FalseDest = BI->getSuccessor(1); > > BlockAddress * TrueDestAddr = BlockAddress::get(TrueDest); > BlockAddress * FalseDestAddr = BlockAddress::get(FalseDest); > > Value * ConditionValue = BI->getCondition(); > > SelectInst * SI = SelectInst::Create(ConditionValue, TrueDestAddr, FalseDestAddr, "", BI); > > IndirectBrInst *indirBr = IndirectBrInst::Create(SI, 2, BI); > indirBr->addDestination(TrueDest); > indirBr->addDestination(FalseDest); > BI->eraseFromParent(); > > But I met the following crash when using this pass to build the arm target. The crash log is: > > Process: clang [894] > Path: /Users/USER/Library/Android/*/clang > Identifier: clang > Version: 6.0.0 (6.0) > Code Type: X86-64 (Native) > Parent Process: clang [893] > Responsible: clang [894] > User ID: 501 > > Date/Time: 2018-08-30 17:31:27.215 +0800 > OS Version: Mac OS X 10.13.6 (17G65) > Report Version: 12 > Anonymous UUID: EBCD2C91-4439-C1F4-B504-A32D567161A7 > > Sleep/Wake UUID: 5EB83694-4FFE-458B-85E5-ABCD219ACB1E > > Time Awake Since Boot: 370000 seconds > Time Since Wake: 17000 seconds > > System Integrity Protection: enabled > > Crashed Thread: 0 Dispatch queue: com.apple.main-thread > > Exception Type: EXC_BAD_ACCESS (SIGBUS) > Exception Codes: KERN_PROTECTION_FAILURE at 0x000000010457c000 > Exception Note: EXC_CORPSE_NOTIFY > > Termination Signal: Bus error: 10 > Termination Reason: Namespace SIGNAL, Code 0xa > Terminating Process: exc handler [0] > > VM Regions Near 0x10457c000: > MALLOC metadata 000000010457b000-000000010457c000 [ 4K] rw-/rwx SM=ZER > --> MALLOC guard page 000000010457c000-000000010457d000 [ 4K] ---/rwx SM=ZER > MALLOC metadata 000000010457d000-0000000104581000 [ 16K] rw-/rwx SM=ZER > > Application Specific Information: > Stack dump: > 0. Program arguments: //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/bin/clang -cc1 -triple thumbv7-none-linux-android14 -emit-obj -mnoexecstack -disable-free -disable-llvm-verifier -discard-value-names -main-file-name bzip2.c -mrelocation-model pic -pic-level 1 -mthread-model posix -mdisable-fp-elim -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu generic -target-feature +soft-float-abi -target-feature -fp-only-sp -target-feature +d16 -target-feature +vfp3 -target-feature -fp16 -target-feature -vfp4 -target-feature -fp-armv8 -target-feature -neon -target-feature -crypto -target-abi aapcs-linux -mfloat-abi soft -fallow-half-arguments-and-returns -dwarf-column-info -debug-info-kind=limited -dwarf-version=4 -debugger-tuning=gdb -target-linker-version 351.8 -ffunction-sections -coverage-notes-file /Users/dingbaozeng/work/native_obfuscator/tests/./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.gcno -resource-dir //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/lib/clang/6.0.0 -dependency-file ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o.d -MT ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o -MP -isystem //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/include/arm-linux-androideabi -D NDEBUG -I busybox/include -I busybox -D ANDROID -D BB_VER="1.28.4-topjohnwu" -D BB_BT=AUTOCONF_TIMESTAMP -D __ANDROID_API__=14 -isysroot //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot -internal-isystem //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/local/include -internal-isystem //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/lib/clang/6.0.0/include -internal-externc-isystem //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/include -internal-externc-isystem //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/include -Os -Wno-invalid-command-line-argument -Wno-unused-command-line-argument -Wno-error=format-security -w -fdebug-compilation-dir /Users/dingbaozeng/work/native_obfuscator/tests -ferror-limit 19 -fmessage-length 138 -femulated-tls -stack-protector 2 -fno-signed-char -fobjc-runtime=gcc -fdiagnostics-show-option -fcolor-diagnostics -vectorize-loops -vectorize-slp -mllvm -indibran -o ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o -x c busybox/archival/bzip2.c > 1. <eof> parser at end of file > 2. Code generation > 3. Running pass 'Function Pass Manager' on module 'busybox/archival/bzip2.c'. > 4. Running pass 'Merge disjoint stack slots' on function '@mainSort' > > > Thread 0 Crashed:: Dispatch queue: com.apple.main-thread > 0 clang 0x00000001011233c0 (anonymous namespace)::StackColoring::runOnMachineFunction(llvm::MachineFunction&) + 8448 > 1 clang 0x0000000100ff0746 llvm::MachineFunctionPass::runOnFunction(llvm::Function&) + 134 > 2 clang 0x000000010124cdd2 llvm::FPPassManager::runOnFunction(llvm::Function&) + 546 > 3 clang 0x000000010124cfe3 llvm::FPPassManager::runOnModule(llvm::Module&) + 67 > 4 clang 0x000000010124d458 llvm::legacy::PassManagerImpl::run(llvm::Module&) + 888 > 5 clang 0x00000001018d7f5b clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction, std::__1::unique_ptr<llvm::raw_pwrite_stream, std::__1::default_delete<llvm::raw_pwrite_stream> >) + 14907 > 6 clang 0x0000000101a9bc0f clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) + 959 > 7 clang 0x000000010236d7e2 clang::ParseAST(clang::Sema&, bool, bool) + 466 > 8 clang 0x0000000101d038a3 clang::FrontendAction::Execute() + 67 > 9 clang 0x0000000101ca4878 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 1208 > 10 clang 0x0000000101d4a0c5 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 4613 > 11 clang 0x000000010083b865 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) + 1333 > 12 clang 0x00000001008398e2 main + 11250 > 13 libdyld.dylib 0x00007fff50a2e015 start + 1 > > Thread 0 crashed with X86 Thread State (64-bit): > rax: 0x00000001053bc148 rbx: 0x0000000000000005 rcx: 0x000000000038c8cc rdx: 0x000000010457c008 > rdi: 0x00000000005044f1 rsi: 0x0000000000000000 rbp: 0x00007ffeef3c6cf0 rsp: 0x00007ffeef3c6910 > r8: 0x0000000003000001 r9: 0x00000001039bdec0 r10: 0x0000000000000000 r11: 0x0000000000000007 > r12: 0x00007fa712668450 r13: 0x00007ffeef3c6ba0 r14: 0x00007fa713a5ca00 r15: 0x00007fa712668468 > rip: 0x00000001011233c0 rfl: 0x0000000000010246 cr2: 0x000000010457c000 > > Logical CPU: 2 > Error Code: 0x00000004 > Trap Number: 14 > > > Binary Images: > 0x100835000 - 0x103977ff7 +clang (6.0.0 - 6.0) <894457CA-21F3-318A-84F6-806AED47E3F6> /Users/USER/Library/Android/*/clang > 0x107ed8000 - 0x107f22acf dyld (551.4) <8A72DE9C-A136-3506-AA02-4BA2B82DCAF3> /usr/lib/dyld > 0x7fff4e20d000 - 0x7fff4e240ff7 libclosured.dylib (551.4) <3FB6B209-51F4-38DA-B1D8-2EE29D5BDD83> /usr/lib/closure/libclosured.dylib > 0x7fff4e747000 - 0x7fff4e748ffb libSystem.B.dylib (1252.50.4) <CD555F3B-FDDB-35E5-A2FB-FBBF3D62031A> /usr/lib/libSystem.B.dylib > 0x7fff4e97c000 - 0x7fff4e9d2fff libc++.1.dylib (400.9) <7D3DACCC-3804-393C-ABC1-1A580FD00CB6> /usr/lib/libc++.1.dylib > 0x7fff4e9d3000 - 0x7fff4e9f7ff7 libc++abi.dylib (400.8.2) <EF5E37D7-11D9-3530-BE45-B986612D13E2> /usr/lib/libc++abi.dylib > 0x7fff4fa2b000 - 0x7fff4fa5bffb libncurses.5.4.dylib (53) <030DF747-F71B-367A-83EE-2F30B7947929> /usr/lib/libncurses.5.4.dylib > 0x7fff4fe00000 - 0x7fff501ee7e7 libobjc.A.dylib (723) <DD9E5EC5-B507-3249-B700-93433E2D5EDF> /usr/lib/libobjc.A.dylib > 0x7fff50816000 - 0x7fff50828ffb libz.1.dylib (70) <48C67CFC-940D-3857-8DAD-857774605352> /usr/lib/libz.1.dylib > 0x7fff508c4000 - 0x7fff508c8ff7 libcache.dylib (80) <092479CB-1008-3A83-BECF-E115F24D13C1> /usr/lib/system/libcache.dylib > 0x7fff508c9000 - 0x7fff508d3ff3 libcommonCrypto.dylib (60118.50.1) <029F5985-9B6E-3DCB-9B96-FD007678C6A7> /usr/lib/system/libcommonCrypto.dylib > 0x7fff508d4000 - 0x7fff508dbfff libcompiler_rt.dylib (62) <968B8E3F-3681-3230-9D78-BB8732024F6E> /usr/lib/system/libcompiler_rt.dylib > 0x7fff508dc000 - 0x7fff508e5ffb libcopyfile.dylib (146.50.5) <3885083D-50D8-3EEC-B481-B2E605180D7F> /usr/lib/system/libcopyfile.dylib > 0x7fff508e6000 - 0x7fff5096bfff libcorecrypto.dylib (562.70.1) <5C26364F-2269-31EC-84AF-0FED2C902E38> /usr/lib/system/libcorecrypto.dylib > 0x7fff509f3000 - 0x7fff50a2cff7 libdispatch.dylib (913.60.2) <232C69BD-022E-3AB9-8807-79F9FA7CB5EC> /usr/lib/system/libdispatch.dylib > 0x7fff50a2d000 - 0x7fff50a4aff7 libdyld.dylib (551.4) <81BF3A82-5719-3B54-ABA9-76C82D932CAC> /usr/lib/system/libdyld.dylib > 0x7fff50a4b000 - 0x7fff50a4bffb libkeymgr.dylib (28) <E34E283E-90FA-3C59-B48E-1277CDB9CDCE> /usr/lib/system/libkeymgr.dylib > 0x7fff50a59000 - 0x7fff50a59ff7 liblaunch.dylib (1205.70.9) <B184B521-FF24-3142-AFAF-23D170CF918C> /usr/lib/system/liblaunch.dylib > 0x7fff50a5a000 - 0x7fff50a5effb libmacho.dylib (906) <1902A611-081A-3452-B11E-EBD1B166E831> /usr/lib/system/libmacho.dylib > 0x7fff50a5f000 - 0x7fff50a61ff3 libquarantine.dylib (86) <26C0BA22-8F93-3A07-9A4E-C8D53D2CE42E> /usr/lib/system/libquarantine.dylib > 0x7fff50a62000 - 0x7fff50a63ff3 libremovefile.dylib (45) <711E18B2-5BBE-3211-A916-56740C27D17A> /usr/lib/system/libremovefile.dylib > 0x7fff50a64000 - 0x7fff50a7bfff libsystem_asl.dylib (356.70.1) <39E46A6F-B228-3E78-B83E-1779F9707A39> /usr/lib/system/libsystem_asl.dylib > 0x7fff50a7c000 - 0x7fff50a7cfff libsystem_blocks.dylib (67) <17303FDF-0D2D-3963-B05E-B4DF63052D47> /usr/lib/system/libsystem_blocks.dylib > 0x7fff50a7d000 - 0x7fff50b06ff7 libsystem_c.dylib (1244.50.9) <1187BFE8-4576-3247-8177-481554E1F9E7> /usr/lib/system/libsystem_c.dylib > 0x7fff50b07000 - 0x7fff50b0affb libsystem_configuration.dylib (963.50.8) <DF6B5287-203E-30CB-9947-78DF446C72B8> /usr/lib/system/libsystem_configuration.dylib > 0x7fff50b0b000 - 0x7fff50b0effb libsystem_coreservices.dylib (51) <486000D3-D8CB-3BE7-8EE5-8BF380DE6DF7> /usr/lib/system/libsystem_coreservices.dylib > 0x7fff50b0f000 - 0x7fff50b10fff libsystem_darwin.dylib (1244.50.9) <09C21A4A-9EE0-388B-A9D9-DFF8F6758791> /usr/lib/system/libsystem_darwin.dylib > 0x7fff50b11000 - 0x7fff50b17ff7 libsystem_dnssd.dylib (878.70.2) <3290768B-54DE-3AB6-B155-AC0950AC5564> /usr/lib/system/libsystem_dnssd.dylib > 0x7fff50b18000 - 0x7fff50b61ff7 libsystem_info.dylib (517.30.1) <AB634A98-B8AA-3804-8436-38261FC8EC4D> /usr/lib/system/libsystem_info.dylib > 0x7fff50b62000 - 0x7fff50b88ff7 libsystem_kernel.dylib (4570.71.2) <F22B8D73-69D8-36D7-BF66-7F9AC70C08C2> /usr/lib/system/libsystem_kernel.dylib > 0x7fff50b89000 - 0x7fff50bd4fcb libsystem_m.dylib (3147.50.1) <8CFB51C9-B422-3379-8552-064C63943A23> /usr/lib/system/libsystem_m.dylib > 0x7fff50bd5000 - 0x7fff50bf4fff libsystem_malloc.dylib (140.50.6) <7FD43735-9DDD-300E-8C4A-F909A74BDF49> /usr/lib/system/libsystem_malloc.dylib > 0x7fff50bf5000 - 0x7fff50d25ff7 libsystem_network.dylib (1229.70.2) <5E86B2DE-9E15-3354-8714-4094ED5F698D> /usr/lib/system/libsystem_network.dylib > 0x7fff50d26000 - 0x7fff50d30ffb libsystem_networkextension.dylib (767.70.1) <D23EAFC1-E8BD-34D5-969C-6E45A1C3B4E4> /usr/lib/system/libsystem_networkextension.dylib > 0x7fff50d31000 - 0x7fff50d3aff3 libsystem_notify.dylib (172) <08012EC0-2CD2-34BE-BF93-E7F56491299A> /usr/lib/system/libsystem_notify.dylib > 0x7fff50d3b000 - 0x7fff50d42ff7 libsystem_platform.dylib (161.50.1) <6355EE2D-5456-3CA8-A227-B96E8F1E2AF8> /usr/lib/system/libsystem_platform.dylib > 0x7fff50d43000 - 0x7fff50d4efff libsystem_pthread.dylib (301.50.1) <0E51CCBA-91F2-34E1-BF2A-FEEFD3D321E4> /usr/lib/system/libsystem_pthread.dylib > 0x7fff50d4f000 - 0x7fff50d52fff libsystem_sandbox.dylib (765.70.1) <553DFCC6-9D31-3B9C-AB7C-30F6F265786D> /usr/lib/system/libsystem_sandbox.dylib > 0x7fff50d53000 - 0x7fff50d54ff3 libsystem_secinit.dylib (30) <DE8D14E8-A276-3FF8-AE13-77F7040F33C1> /usr/lib/system/libsystem_secinit.dylib > 0x7fff50d55000 - 0x7fff50d5cff7 libsystem_symptoms.dylib (820.60.2) <585BDFA2-D54D-39D0-8046-44E824DABD43> /usr/lib/system/libsystem_symptoms.dylib > 0x7fff50d5d000 - 0x7fff50d70fff libsystem_trace.dylib (829.70.1) <3A6CB706-8CA6-3616-8AFC-14AAD7FAF187> /usr/lib/system/libsystem_trace.dylib > 0x7fff50d72000 - 0x7fff50d77ff7 libunwind.dylib (35.3) <BEF3FB49-5604-3B5F-82B5-332B80023AC3> /usr/lib/system/libunwind.dylib > 0x7fff50d78000 - 0x7fff50da5ff7 libxpc.dylib (1205.70.9) <0BC7AD67-671D-31D4-8B88-C317B8379598> /usr/lib/system/libxpc.dylib > > External Modification Summary: > Calls made by other processes targeting this process: > task_for_pid: 0 > thread_create: 0 > thread_set_state: 0 > Calls made by this process: > task_for_pid: 0 > thread_create: 0 > thread_set_state: 0 > Calls made by all processes on this machine: > task_for_pid: 227609 > thread_create: 0 > thread_set_state: 0 > > VM Region Summary: > ReadOnly portion of Libraries: Total=260.6M resident=0K(0%) swapped_out_or_unallocated=260.6M(100%) > Writable regions: Total=142.7M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=142.7M(100%) > > VIRTUAL REGION > REGION TYPE SIZE COUNT (non-coalesced) > =========== ======= ======= > Kernel Alloc Once 8K 2 > MALLOC 78.2M 16 > MALLOC guard page 16K 5 > STACK GUARD 4K 2 > Stack 64.0M 2 > __DATA 5224K 45 > __LINKEDIT 201.9M 4 > __TEXT 58.8M 44 > mapped file 444K 9 > shared memory 8K 3 > =========== ======= ======= > TOTAL 408.4M 122 > > > any suggestion? Thank you. > -- > Best Regards, > Baozeng Ding > > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20180830/7e6c3a57/attachment-0001.html>
Baozeng via llvm-dev
2018-Aug-30 10:25 UTC
[llvm-dev] crash problem when using IndirectBrInst to replace BranchInst
Hello, Your implementation is ok for O0, but cannot be used for O2, Os. It also crashes when I tested with ndk-build busybox. Thanks. mayuyu.io <admin at mayuyu.io> 于2018年8月30日周四 下午6:20写道:> I suggest building LLVM in Debug mode and read the asserts > > Zhang > > 在 2018年8月30日,17:58,Baozeng via llvm-dev <llvm-dev at lists.llvm.org> 写道: > > > Hello all, > > I have written a pass, which replaces condition branchinst using > indirectBr to obfuscate program. > > > The origin IR is as the following: > > br i1 %1, label %2, label %3 > > > And the transformed IR is as the follwoing: > > %4 = select i1 %1, i8* blockaddress(@func, %2), i8* blockaddress(@func, > %3) > > indirectbr i8* %4, [label %2, label %3] > > > > The pass's core function is as the following: > > > BasicBlock *TrueDest = BI->getSuccessor(0);//BI is a conditional > branch > > BasicBlock *FalseDest = BI->getSuccessor(1); > > > > BlockAddress * TrueDestAddr = BlockAddress::get(TrueDest); > > BlockAddress * FalseDestAddr = BlockAddress::get(FalseDest); > > > Value * ConditionValue = BI->getCondition(); > > > > SelectInst * SI = SelectInst::Create(ConditionValue, TrueDestAddr, > FalseDestAddr, "", BI); > > > > IndirectBrInst *indirBr = IndirectBrInst::Create(SI, 2, BI); > > indirBr->addDestination(TrueDest); > > indirBr->addDestination(FalseDest); > > BI->eraseFromParent(); > > > But I met the following crash when using this pass to build the arm > target. The crash log is: > > > Process: clang [894] > > Path: /Users/USER/Library/Android/*/clang > > Identifier: clang > > Version: 6.0.0 (6.0) > > Code Type: X86-64 (Native) > > Parent Process: clang [893] > > Responsible: clang [894] > > User ID: 501 > > > Date/Time: 2018-08-30 17:31:27.215 +0800 > > OS Version: Mac OS X 10.13.6 (17G65) > > Report Version: 12 > > Anonymous UUID: EBCD2C91-4439-C1F4-B504-A32D567161A7 > > > Sleep/Wake UUID: 5EB83694-4FFE-458B-85E5-ABCD219ACB1E > > > Time Awake Since Boot: 370000 seconds > > Time Since Wake: 17000 seconds > > > System Integrity Protection: enabled > > > Crashed Thread: 0 Dispatch queue: com.apple.main-thread > > > Exception Type: EXC_BAD_ACCESS (SIGBUS) > > Exception Codes: KERN_PROTECTION_FAILURE at 0x000000010457c000 > > Exception Note: EXC_CORPSE_NOTIFY > > > Termination Signal: Bus error: 10 > > Termination Reason: Namespace SIGNAL, Code 0xa > > Terminating Process: exc handler [0] > > > VM Regions Near 0x10457c000: > > MALLOC metadata 000000010457b000-000000010457c000 [ 4K] > rw-/rwx SM=ZER > > --> MALLOC guard page 000000010457c000-000000010457d000 [ 4K] > ---/rwx SM=ZER > > MALLOC metadata 000000010457d000-0000000104581000 [ 16K] > rw-/rwx SM=ZER > > > Application Specific Information: > > Stack dump: > > 0. Program arguments: > //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/bin/clang > -cc1 -triple thumbv7-none-linux-android14 -emit-obj -mnoexecstack > -disable-free -disable-llvm-verifier -discard-value-names -main-file-name > bzip2.c -mrelocation-model pic -pic-level 1 -mthread-model posix > -mdisable-fp-elim -fmath-errno -masm-verbose -mconstructor-aliases > -munwind-tables -fuse-init-array -target-cpu generic -target-feature > +soft-float-abi -target-feature -fp-only-sp -target-feature +d16 > -target-feature +vfp3 -target-feature -fp16 -target-feature -vfp4 > -target-feature -fp-armv8 -target-feature -neon -target-feature -crypto > -target-abi aapcs-linux -mfloat-abi soft -fallow-half-arguments-and-returns > -dwarf-column-info -debug-info-kind=limited -dwarf-version=4 > -debugger-tuning=gdb -target-linker-version 351.8 -ffunction-sections > -coverage-notes-file > /Users/dingbaozeng/work/native_obfuscator/tests/./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.gcno > -resource-dir > //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/lib/clang/6.0.0 > -dependency-file > ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o.d -MT > ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o -MP -isystem > //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/include/arm-linux-androideabi > -D NDEBUG -I busybox/include -I busybox -D ANDROID -D > BB_VER="1.28.4-topjohnwu" -D BB_BT=AUTOCONF_TIMESTAMP -D __ANDROID_API__=14 > -isysroot //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot > -internal-isystem > //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/local/include > -internal-isystem > //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/lib/clang/6.0.0/include > -internal-externc-isystem > //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/include > -internal-externc-isystem > //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/include -Os > -Wno-invalid-command-line-argument -Wno-unused-command-line-argument > -Wno-error=format-security -w -fdebug-compilation-dir > /Users/dingbaozeng/work/native_obfuscator/tests -ferror-limit 19 > -fmessage-length 138 -femulated-tls -stack-protector 2 -fno-signed-char > -fobjc-runtime=gcc -fdiagnostics-show-option -fcolor-diagnostics > -vectorize-loops -vectorize-slp -mllvm -indibran -o > ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o -x c > busybox/archival/bzip2.c > > 1. <eof> parser at end of file > > 2. Code generation > > 3. Running pass 'Function Pass Manager' on module > 'busybox/archival/bzip2.c'. > > 4. Running pass 'Merge disjoint stack slots' on function '@mainSort' > > > > > Thread 0 Crashed:: Dispatch queue: com.apple.main-thread > > 0 clang 0x00000001011233c0 (anonymous > namespace)::StackColoring::runOnMachineFunction(llvm::MachineFunction&) + > 8448 > > 1 clang 0x0000000100ff0746 > llvm::MachineFunctionPass::runOnFunction(llvm::Function&) + 134 > > 2 clang 0x000000010124cdd2 > llvm::FPPassManager::runOnFunction(llvm::Function&) + 546 > > 3 clang 0x000000010124cfe3 > llvm::FPPassManager::runOnModule(llvm::Module&) + 67 > > 4 clang 0x000000010124d458 > llvm::legacy::PassManagerImpl::run(llvm::Module&) + 888 > > 5 clang 0x00000001018d7f5b > clang::EmitBackendOutput(clang::DiagnosticsEngine&, > clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, > clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout > const&, llvm::Module*, clang::BackendAction, > std::__1::unique_ptr<llvm::raw_pwrite_stream, > std::__1::default_delete<llvm::raw_pwrite_stream> >) + 14907 > > 6 clang 0x0000000101a9bc0f > clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) + 959 > > 7 clang 0x000000010236d7e2 > clang::ParseAST(clang::Sema&, bool, bool) + 466 > > 8 clang 0x0000000101d038a3 > clang::FrontendAction::Execute() + 67 > > 9 clang 0x0000000101ca4878 > clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 1208 > > 10 clang 0x0000000101d4a0c5 > clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 4613 > > 11 clang 0x000000010083b865 > cc1_main(llvm::ArrayRef<char const*>, char const*, void*) + 1333 > > 12 clang 0x00000001008398e2 main + 11250 > > 13 libdyld.dylib 0x00007fff50a2e015 start + 1 > > > Thread 0 crashed with X86 Thread State (64-bit): > > rax: 0x00000001053bc148 rbx: 0x0000000000000005 rcx: > 0x000000000038c8cc rdx: 0x000000010457c008 > > rdi: 0x00000000005044f1 rsi: 0x0000000000000000 rbp: > 0x00007ffeef3c6cf0 rsp: 0x00007ffeef3c6910 > > r8: 0x0000000003000001 r9: 0x00000001039bdec0 r10: > 0x0000000000000000 r11: 0x0000000000000007 > > r12: 0x00007fa712668450 r13: 0x00007ffeef3c6ba0 r14: > 0x00007fa713a5ca00 r15: 0x00007fa712668468 > > rip: 0x00000001011233c0 rfl: 0x0000000000010246 cr2: 0x000000010457c000 > > > > Logical CPU: 2 > > Error Code: 0x00000004 > > Trap Number: 14 > > > > Binary Images: > > 0x100835000 - 0x103977ff7 +clang (6.0.0 - 6.0) > <894457CA-21F3-318A-84F6-806AED47E3F6> /Users/USER/Library/Android/*/clang > > 0x107ed8000 - 0x107f22acf dyld (551.4) > <8A72DE9C-A136-3506-AA02-4BA2B82DCAF3> /usr/lib/dyld > > 0x7fff4e20d000 - 0x7fff4e240ff7 libclosured.dylib (551.4) > <3FB6B209-51F4-38DA-B1D8-2EE29D5BDD83> /usr/lib/closure/libclosured.dylib > > 0x7fff4e747000 - 0x7fff4e748ffb libSystem.B.dylib (1252.50.4) > <CD555F3B-FDDB-35E5-A2FB-FBBF3D62031A> /usr/lib/libSystem.B.dylib > > 0x7fff4e97c000 - 0x7fff4e9d2fff libc++.1.dylib (400.9) > <7D3DACCC-3804-393C-ABC1-1A580FD00CB6> /usr/lib/libc++.1.dylib > > 0x7fff4e9d3000 - 0x7fff4e9f7ff7 libc++abi.dylib (400.8.2) > <EF5E37D7-11D9-3530-BE45-B986612D13E2> /usr/lib/libc++abi.dylib > > 0x7fff4fa2b000 - 0x7fff4fa5bffb libncurses.5.4.dylib (53) > <030DF747-F71B-367A-83EE-2F30B7947929> /usr/lib/libncurses.5.4.dylib > > 0x7fff4fe00000 - 0x7fff501ee7e7 libobjc.A.dylib (723) > <DD9E5EC5-B507-3249-B700-93433E2D5EDF> /usr/lib/libobjc.A.dylib > > 0x7fff50816000 - 0x7fff50828ffb libz.1.dylib (70) > <48C67CFC-940D-3857-8DAD-857774605352> /usr/lib/libz.1.dylib > > 0x7fff508c4000 - 0x7fff508c8ff7 libcache.dylib (80) > <092479CB-1008-3A83-BECF-E115F24D13C1> /usr/lib/system/libcache.dylib > > 0x7fff508c9000 - 0x7fff508d3ff3 libcommonCrypto.dylib > (60118.50.1) <029F5985-9B6E-3DCB-9B96-FD007678C6A7> > /usr/lib/system/libcommonCrypto.dylib > > 0x7fff508d4000 - 0x7fff508dbfff libcompiler_rt.dylib (62) > <968B8E3F-3681-3230-9D78-BB8732024F6E> /usr/lib/system/libcompiler_rt.dylib > > 0x7fff508dc000 - 0x7fff508e5ffb libcopyfile.dylib (146.50.5) > <3885083D-50D8-3EEC-B481-B2E605180D7F> /usr/lib/system/libcopyfile.dylib > > 0x7fff508e6000 - 0x7fff5096bfff libcorecrypto.dylib (562.70.1) > <5C26364F-2269-31EC-84AF-0FED2C902E38> /usr/lib/system/libcorecrypto.dylib > > 0x7fff509f3000 - 0x7fff50a2cff7 libdispatch.dylib (913.60.2) > <232C69BD-022E-3AB9-8807-79F9FA7CB5EC> /usr/lib/system/libdispatch.dylib > > 0x7fff50a2d000 - 0x7fff50a4aff7 libdyld.dylib (551.4) > <81BF3A82-5719-3B54-ABA9-76C82D932CAC> /usr/lib/system/libdyld.dylib > > 0x7fff50a4b000 - 0x7fff50a4bffb libkeymgr.dylib (28) > <E34E283E-90FA-3C59-B48E-1277CDB9CDCE> /usr/lib/system/libkeymgr.dylib > > 0x7fff50a59000 - 0x7fff50a59ff7 liblaunch.dylib (1205.70.9) > <B184B521-FF24-3142-AFAF-23D170CF918C> /usr/lib/system/liblaunch.dylib > > 0x7fff50a5a000 - 0x7fff50a5effb libmacho.dylib (906) > <1902A611-081A-3452-B11E-EBD1B166E831> /usr/lib/system/libmacho.dylib > > 0x7fff50a5f000 - 0x7fff50a61ff3 libquarantine.dylib (86) > <26C0BA22-8F93-3A07-9A4E-C8D53D2CE42E> /usr/lib/system/libquarantine.dylib > > 0x7fff50a62000 - 0x7fff50a63ff3 libremovefile.dylib (45) > <711E18B2-5BBE-3211-A916-56740C27D17A> /usr/lib/system/libremovefile.dylib > > 0x7fff50a64000 - 0x7fff50a7bfff libsystem_asl.dylib (356.70.1) > <39E46A6F-B228-3E78-B83E-1779F9707A39> /usr/lib/system/libsystem_asl.dylib > > 0x7fff50a7c000 - 0x7fff50a7cfff libsystem_blocks.dylib (67) > <17303FDF-0D2D-3963-B05E-B4DF63052D47> > /usr/lib/system/libsystem_blocks.dylib > > 0x7fff50a7d000 - 0x7fff50b06ff7 libsystem_c.dylib (1244.50.9) > <1187BFE8-4576-3247-8177-481554E1F9E7> /usr/lib/system/libsystem_c.dylib > > 0x7fff50b07000 - 0x7fff50b0affb libsystem_configuration.dylib > (963.50.8) <DF6B5287-203E-30CB-9947-78DF446C72B8> > /usr/lib/system/libsystem_configuration.dylib > > 0x7fff50b0b000 - 0x7fff50b0effb libsystem_coreservices.dylib (51) > <486000D3-D8CB-3BE7-8EE5-8BF380DE6DF7> > /usr/lib/system/libsystem_coreservices.dylib > > 0x7fff50b0f000 - 0x7fff50b10fff libsystem_darwin.dylib > (1244.50.9) <09C21A4A-9EE0-388B-A9D9-DFF8F6758791> > /usr/lib/system/libsystem_darwin.dylib > > 0x7fff50b11000 - 0x7fff50b17ff7 libsystem_dnssd.dylib (878.70.2) > <3290768B-54DE-3AB6-B155-AC0950AC5564> /usr/lib/system/libsystem_dnssd.dylib > > 0x7fff50b18000 - 0x7fff50b61ff7 libsystem_info.dylib (517.30.1) > <AB634A98-B8AA-3804-8436-38261FC8EC4D> /usr/lib/system/libsystem_info.dylib > > 0x7fff50b62000 - 0x7fff50b88ff7 libsystem_kernel.dylib > (4570.71.2) <F22B8D73-69D8-36D7-BF66-7F9AC70C08C2> > /usr/lib/system/libsystem_kernel.dylib > > 0x7fff50b89000 - 0x7fff50bd4fcb libsystem_m.dylib (3147.50.1) > <8CFB51C9-B422-3379-8552-064C63943A23> /usr/lib/system/libsystem_m.dylib > > 0x7fff50bd5000 - 0x7fff50bf4fff libsystem_malloc.dylib (140.50.6) > <7FD43735-9DDD-300E-8C4A-F909A74BDF49> > /usr/lib/system/libsystem_malloc.dylib > > 0x7fff50bf5000 - 0x7fff50d25ff7 libsystem_network.dylib > (1229.70.2) <5E86B2DE-9E15-3354-8714-4094ED5F698D> > /usr/lib/system/libsystem_network.dylib > > 0x7fff50d26000 - 0x7fff50d30ffb libsystem_networkextension.dylib > (767.70.1) <D23EAFC1-E8BD-34D5-969C-6E45A1C3B4E4> > /usr/lib/system/libsystem_networkextension.dylib > > 0x7fff50d31000 - 0x7fff50d3aff3 libsystem_notify.dylib (172) > <08012EC0-2CD2-34BE-BF93-E7F56491299A> > /usr/lib/system/libsystem_notify.dylib > > 0x7fff50d3b000 - 0x7fff50d42ff7 libsystem_platform.dylib > (161.50.1) <6355EE2D-5456-3CA8-A227-B96E8F1E2AF8> > /usr/lib/system/libsystem_platform.dylib > > 0x7fff50d43000 - 0x7fff50d4efff libsystem_pthread.dylib > (301.50.1) <0E51CCBA-91F2-34E1-BF2A-FEEFD3D321E4> > /usr/lib/system/libsystem_pthread.dylib > > 0x7fff50d4f000 - 0x7fff50d52fff libsystem_sandbox.dylib > (765.70.1) <553DFCC6-9D31-3B9C-AB7C-30F6F265786D> > /usr/lib/system/libsystem_sandbox.dylib > > 0x7fff50d53000 - 0x7fff50d54ff3 libsystem_secinit.dylib (30) > <DE8D14E8-A276-3FF8-AE13-77F7040F33C1> > /usr/lib/system/libsystem_secinit.dylib > > 0x7fff50d55000 - 0x7fff50d5cff7 libsystem_symptoms.dylib > (820.60.2) <585BDFA2-D54D-39D0-8046-44E824DABD43> > /usr/lib/system/libsystem_symptoms.dylib > > 0x7fff50d5d000 - 0x7fff50d70fff libsystem_trace.dylib (829.70.1) > <3A6CB706-8CA6-3616-8AFC-14AAD7FAF187> /usr/lib/system/libsystem_trace.dylib > > 0x7fff50d72000 - 0x7fff50d77ff7 libunwind.dylib (35.3) > <BEF3FB49-5604-3B5F-82B5-332B80023AC3> /usr/lib/system/libunwind.dylib > > 0x7fff50d78000 - 0x7fff50da5ff7 libxpc.dylib (1205.70.9) > <0BC7AD67-671D-31D4-8B88-C317B8379598> /usr/lib/system/libxpc.dylib > > > External Modification Summary: > > Calls made by other processes targeting this process: > > task_for_pid: 0 > > thread_create: 0 > > thread_set_state: 0 > > Calls made by this process: > > task_for_pid: 0 > > thread_create: 0 > > thread_set_state: 0 > > Calls made by all processes on this machine: > > task_for_pid: 227609 > > thread_create: 0 > > thread_set_state: 0 > > > VM Region Summary: > > ReadOnly portion of Libraries: Total=260.6M resident=0K(0%) > swapped_out_or_unallocated=260.6M(100%) > > Writable regions: Total=142.7M written=0K(0%) resident=0K(0%) > swapped_out=0K(0%) unallocated=142.7M(100%) > > > > VIRTUAL REGION > > REGION TYPE SIZE COUNT (non-coalesced) > > =========== ======= ======> > Kernel Alloc Once 8K 2 > > MALLOC 78.2M 16 > > MALLOC guard page 16K 5 > > STACK GUARD 4K 2 > > Stack 64.0M 2 > > __DATA 5224K 45 > > __LINKEDIT 201.9M 4 > > __TEXT 58.8M 44 > > mapped file 444K 9 > > shared memory 8K 3 > > =========== ======= ======> > TOTAL 408.4M 122 > > > > any suggestion? Thank you. > -- > Best Regards, > Baozeng Ding > > > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev > >-- Best Regards, Baozeng Ding -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20180830/ab1f2bcf/attachment-0001.html>
Baozeng via llvm-dev
2018-Aug-31 07:22 UTC
[llvm-dev] crash problem when using IndirectBrInst to replace BranchInst
With Debug mode, it shows the assert error: Assertion failed: (I != BlockLiveness.end() && "Predecessor not found"), function calculateLocalLiveness, file lib/CodeGen/StackColoring.cpp, line 782. 1. <eof> parser at end of file 2. Code generation 3. Running pass 'Function Pass Manager' on module 'busybox/archival/libarchive/decompress_bunzip2.c'. 4. Running pass 'Merge disjoint stack slots' on function '@read_bunzip' clang: error: unable to execute command: Abort trap: 6 clang: error: clang frontend command failed due to signal (use -v to see invocation) It seems the block's predecessor is lost, any suggestion? Thanks. mayuyu.io <admin at mayuyu.io> 于2018年8月30日周四 下午6:20写道:> I suggest building LLVM in Debug mode and read the asserts > > Zhang > > 在 2018年8月30日,17:58,Baozeng via llvm-dev <llvm-dev at lists.llvm.org> 写道: > > > Hello all, > > I have written a pass, which replaces condition branchinst using > indirectBr to obfuscate program. > > > The origin IR is as the following: > > br i1 %1, label %2, label %3 > > > And the transformed IR is as the follwoing: > > %4 = select i1 %1, i8* blockaddress(@func, %2), i8* blockaddress(@func, > %3) > > indirectbr i8* %4, [label %2, label %3] > > > > The pass's core function is as the following: > > > BasicBlock *TrueDest = BI->getSuccessor(0);//BI is a conditional > branch > > BasicBlock *FalseDest = BI->getSuccessor(1); > > > > BlockAddress * TrueDestAddr = BlockAddress::get(TrueDest); > > BlockAddress * FalseDestAddr = BlockAddress::get(FalseDest); > > > Value * ConditionValue = BI->getCondition(); > > > > SelectInst * SI = SelectInst::Create(ConditionValue, TrueDestAddr, > FalseDestAddr, "", BI); > > > > IndirectBrInst *indirBr = IndirectBrInst::Create(SI, 2, BI); > > indirBr->addDestination(TrueDest); > > indirBr->addDestination(FalseDest); > > BI->eraseFromParent(); > > > But I met the following crash when using this pass to build the arm > target. The crash log is: > > > Process: clang [894] > > Path: /Users/USER/Library/Android/*/clang > > Identifier: clang > > Version: 6.0.0 (6.0) > > Code Type: X86-64 (Native) > > Parent Process: clang [893] > > Responsible: clang [894] > > User ID: 501 > > > Date/Time: 2018-08-30 17:31:27.215 +0800 > > OS Version: Mac OS X 10.13.6 (17G65) > > Report Version: 12 > > Anonymous UUID: EBCD2C91-4439-C1F4-B504-A32D567161A7 > > > Sleep/Wake UUID: 5EB83694-4FFE-458B-85E5-ABCD219ACB1E > > > Time Awake Since Boot: 370000 seconds > > Time Since Wake: 17000 seconds > > > System Integrity Protection: enabled > > > Crashed Thread: 0 Dispatch queue: com.apple.main-thread > > > Exception Type: EXC_BAD_ACCESS (SIGBUS) > > Exception Codes: KERN_PROTECTION_FAILURE at 0x000000010457c000 > > Exception Note: EXC_CORPSE_NOTIFY > > > Termination Signal: Bus error: 10 > > Termination Reason: Namespace SIGNAL, Code 0xa > > Terminating Process: exc handler [0] > > > VM Regions Near 0x10457c000: > > MALLOC metadata 000000010457b000-000000010457c000 [ 4K] > rw-/rwx SM=ZER > > --> MALLOC guard page 000000010457c000-000000010457d000 [ 4K] > ---/rwx SM=ZER > > MALLOC metadata 000000010457d000-0000000104581000 [ 16K] > rw-/rwx SM=ZER > > > Application Specific Information: > > Stack dump: > > 0. Program arguments: > //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/bin/clang > -cc1 -triple thumbv7-none-linux-android14 -emit-obj -mnoexecstack > -disable-free -disable-llvm-verifier -discard-value-names -main-file-name > bzip2.c -mrelocation-model pic -pic-level 1 -mthread-model posix > -mdisable-fp-elim -fmath-errno -masm-verbose -mconstructor-aliases > -munwind-tables -fuse-init-array -target-cpu generic -target-feature > +soft-float-abi -target-feature -fp-only-sp -target-feature +d16 > -target-feature +vfp3 -target-feature -fp16 -target-feature -vfp4 > -target-feature -fp-armv8 -target-feature -neon -target-feature -crypto > -target-abi aapcs-linux -mfloat-abi soft -fallow-half-arguments-and-returns > -dwarf-column-info -debug-info-kind=limited -dwarf-version=4 > -debugger-tuning=gdb -target-linker-version 351.8 -ffunction-sections > -coverage-notes-file > /Users/dingbaozeng/work/native_obfuscator/tests/./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.gcno > -resource-dir > //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/lib/clang/6.0.0 > -dependency-file > ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o.d -MT > ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o -MP -isystem > //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/include/arm-linux-androideabi > -D NDEBUG -I busybox/include -I busybox -D ANDROID -D > BB_VER="1.28.4-topjohnwu" -D BB_BT=AUTOCONF_TIMESTAMP -D __ANDROID_API__=14 > -isysroot //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot > -internal-isystem > //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/local/include > -internal-isystem > //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/toolchains/llvm/prebuilt/darwin-x86_64/lib/clang/6.0.0/include > -internal-externc-isystem > //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/include > -internal-externc-isystem > //Users/dingbaozeng/Library/Android/sdk/ndk-bundle/sysroot/usr/include -Os > -Wno-invalid-command-line-argument -Wno-unused-command-line-argument > -Wno-error=format-security -w -fdebug-compilation-dir > /Users/dingbaozeng/work/native_obfuscator/tests -ferror-limit 19 > -fmessage-length 138 -femulated-tls -stack-protector 2 -fno-signed-char > -fobjc-runtime=gcc -fdiagnostics-show-option -fcolor-diagnostics > -vectorize-loops -vectorize-slp -mllvm -indibran -o > ./busybox//obj/local/armeabi-v7a/objs/busybox/archival/bzip2.o -x c > busybox/archival/bzip2.c > > 1. <eof> parser at end of file > > 2. Code generation > > 3. Running pass 'Function Pass Manager' on module > 'busybox/archival/bzip2.c'. > > 4. Running pass 'Merge disjoint stack slots' on function '@mainSort' > > > > > Thread 0 Crashed:: Dispatch queue: com.apple.main-thread > > 0 clang 0x00000001011233c0 (anonymous > namespace)::StackColoring::runOnMachineFunction(llvm::MachineFunction&) + > 8448 > > 1 clang 0x0000000100ff0746 > llvm::MachineFunctionPass::runOnFunction(llvm::Function&) + 134 > > 2 clang 0x000000010124cdd2 > llvm::FPPassManager::runOnFunction(llvm::Function&) + 546 > > 3 clang 0x000000010124cfe3 > llvm::FPPassManager::runOnModule(llvm::Module&) + 67 > > 4 clang 0x000000010124d458 > llvm::legacy::PassManagerImpl::run(llvm::Module&) + 888 > > 5 clang 0x00000001018d7f5b > clang::EmitBackendOutput(clang::DiagnosticsEngine&, > clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, > clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout > const&, llvm::Module*, clang::BackendAction, > std::__1::unique_ptr<llvm::raw_pwrite_stream, > std::__1::default_delete<llvm::raw_pwrite_stream> >) + 14907 > > 6 clang 0x0000000101a9bc0f > clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) + 959 > > 7 clang 0x000000010236d7e2 > clang::ParseAST(clang::Sema&, bool, bool) + 466 > > 8 clang 0x0000000101d038a3 > clang::FrontendAction::Execute() + 67 > > 9 clang 0x0000000101ca4878 > clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 1208 > > 10 clang 0x0000000101d4a0c5 > clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 4613 > > 11 clang 0x000000010083b865 > cc1_main(llvm::ArrayRef<char const*>, char const*, void*) + 1333 > > 12 clang 0x00000001008398e2 main + 11250 > > 13 libdyld.dylib 0x00007fff50a2e015 start + 1 > > > Thread 0 crashed with X86 Thread State (64-bit): > > rax: 0x00000001053bc148 rbx: 0x0000000000000005 rcx: > 0x000000000038c8cc rdx: 0x000000010457c008 > > rdi: 0x00000000005044f1 rsi: 0x0000000000000000 rbp: > 0x00007ffeef3c6cf0 rsp: 0x00007ffeef3c6910 > > r8: 0x0000000003000001 r9: 0x00000001039bdec0 r10: > 0x0000000000000000 r11: 0x0000000000000007 > > r12: 0x00007fa712668450 r13: 0x00007ffeef3c6ba0 r14: > 0x00007fa713a5ca00 r15: 0x00007fa712668468 > > rip: 0x00000001011233c0 rfl: 0x0000000000010246 cr2: 0x000000010457c000 > > > > Logical CPU: 2 > > Error Code: 0x00000004 > > Trap Number: 14 > > > > Binary Images: > > 0x100835000 - 0x103977ff7 +clang (6.0.0 - 6.0) > <894457CA-21F3-318A-84F6-806AED47E3F6> /Users/USER/Library/Android/*/clang > > 0x107ed8000 - 0x107f22acf dyld (551.4) > <8A72DE9C-A136-3506-AA02-4BA2B82DCAF3> /usr/lib/dyld > > 0x7fff4e20d000 - 0x7fff4e240ff7 libclosured.dylib (551.4) > <3FB6B209-51F4-38DA-B1D8-2EE29D5BDD83> /usr/lib/closure/libclosured.dylib > > 0x7fff4e747000 - 0x7fff4e748ffb libSystem.B.dylib (1252.50.4) > <CD555F3B-FDDB-35E5-A2FB-FBBF3D62031A> /usr/lib/libSystem.B.dylib > > 0x7fff4e97c000 - 0x7fff4e9d2fff libc++.1.dylib (400.9) > <7D3DACCC-3804-393C-ABC1-1A580FD00CB6> /usr/lib/libc++.1.dylib > > 0x7fff4e9d3000 - 0x7fff4e9f7ff7 libc++abi.dylib (400.8.2) > <EF5E37D7-11D9-3530-BE45-B986612D13E2> /usr/lib/libc++abi.dylib > > 0x7fff4fa2b000 - 0x7fff4fa5bffb libncurses.5.4.dylib (53) > <030DF747-F71B-367A-83EE-2F30B7947929> /usr/lib/libncurses.5.4.dylib > > 0x7fff4fe00000 - 0x7fff501ee7e7 libobjc.A.dylib (723) > <DD9E5EC5-B507-3249-B700-93433E2D5EDF> /usr/lib/libobjc.A.dylib > > 0x7fff50816000 - 0x7fff50828ffb libz.1.dylib (70) > <48C67CFC-940D-3857-8DAD-857774605352> /usr/lib/libz.1.dylib > > 0x7fff508c4000 - 0x7fff508c8ff7 libcache.dylib (80) > <092479CB-1008-3A83-BECF-E115F24D13C1> /usr/lib/system/libcache.dylib > > 0x7fff508c9000 - 0x7fff508d3ff3 libcommonCrypto.dylib > (60118.50.1) <029F5985-9B6E-3DCB-9B96-FD007678C6A7> > /usr/lib/system/libcommonCrypto.dylib > > 0x7fff508d4000 - 0x7fff508dbfff libcompiler_rt.dylib (62) > <968B8E3F-3681-3230-9D78-BB8732024F6E> /usr/lib/system/libcompiler_rt.dylib > > 0x7fff508dc000 - 0x7fff508e5ffb libcopyfile.dylib (146.50.5) > <3885083D-50D8-3EEC-B481-B2E605180D7F> /usr/lib/system/libcopyfile.dylib > > 0x7fff508e6000 - 0x7fff5096bfff libcorecrypto.dylib (562.70.1) > <5C26364F-2269-31EC-84AF-0FED2C902E38> /usr/lib/system/libcorecrypto.dylib > > 0x7fff509f3000 - 0x7fff50a2cff7 libdispatch.dylib (913.60.2) > <232C69BD-022E-3AB9-8807-79F9FA7CB5EC> /usr/lib/system/libdispatch.dylib > > 0x7fff50a2d000 - 0x7fff50a4aff7 libdyld.dylib (551.4) > <81BF3A82-5719-3B54-ABA9-76C82D932CAC> /usr/lib/system/libdyld.dylib > > 0x7fff50a4b000 - 0x7fff50a4bffb libkeymgr.dylib (28) > <E34E283E-90FA-3C59-B48E-1277CDB9CDCE> /usr/lib/system/libkeymgr.dylib > > 0x7fff50a59000 - 0x7fff50a59ff7 liblaunch.dylib (1205.70.9) > <B184B521-FF24-3142-AFAF-23D170CF918C> /usr/lib/system/liblaunch.dylib > > 0x7fff50a5a000 - 0x7fff50a5effb libmacho.dylib (906) > <1902A611-081A-3452-B11E-EBD1B166E831> /usr/lib/system/libmacho.dylib > > 0x7fff50a5f000 - 0x7fff50a61ff3 libquarantine.dylib (86) > <26C0BA22-8F93-3A07-9A4E-C8D53D2CE42E> /usr/lib/system/libquarantine.dylib > > 0x7fff50a62000 - 0x7fff50a63ff3 libremovefile.dylib (45) > <711E18B2-5BBE-3211-A916-56740C27D17A> /usr/lib/system/libremovefile.dylib > > 0x7fff50a64000 - 0x7fff50a7bfff libsystem_asl.dylib (356.70.1) > <39E46A6F-B228-3E78-B83E-1779F9707A39> /usr/lib/system/libsystem_asl.dylib > > 0x7fff50a7c000 - 0x7fff50a7cfff libsystem_blocks.dylib (67) > <17303FDF-0D2D-3963-B05E-B4DF63052D47> > /usr/lib/system/libsystem_blocks.dylib > > 0x7fff50a7d000 - 0x7fff50b06ff7 libsystem_c.dylib (1244.50.9) > <1187BFE8-4576-3247-8177-481554E1F9E7> /usr/lib/system/libsystem_c.dylib > > 0x7fff50b07000 - 0x7fff50b0affb libsystem_configuration.dylib > (963.50.8) <DF6B5287-203E-30CB-9947-78DF446C72B8> > /usr/lib/system/libsystem_configuration.dylib > > 0x7fff50b0b000 - 0x7fff50b0effb libsystem_coreservices.dylib (51) > <486000D3-D8CB-3BE7-8EE5-8BF380DE6DF7> > /usr/lib/system/libsystem_coreservices.dylib > > 0x7fff50b0f000 - 0x7fff50b10fff libsystem_darwin.dylib > (1244.50.9) <09C21A4A-9EE0-388B-A9D9-DFF8F6758791> > /usr/lib/system/libsystem_darwin.dylib > > 0x7fff50b11000 - 0x7fff50b17ff7 libsystem_dnssd.dylib (878.70.2) > <3290768B-54DE-3AB6-B155-AC0950AC5564> /usr/lib/system/libsystem_dnssd.dylib > > 0x7fff50b18000 - 0x7fff50b61ff7 libsystem_info.dylib (517.30.1) > <AB634A98-B8AA-3804-8436-38261FC8EC4D> /usr/lib/system/libsystem_info.dylib > > 0x7fff50b62000 - 0x7fff50b88ff7 libsystem_kernel.dylib > (4570.71.2) <F22B8D73-69D8-36D7-BF66-7F9AC70C08C2> > /usr/lib/system/libsystem_kernel.dylib > > 0x7fff50b89000 - 0x7fff50bd4fcb libsystem_m.dylib (3147.50.1) > <8CFB51C9-B422-3379-8552-064C63943A23> /usr/lib/system/libsystem_m.dylib > > 0x7fff50bd5000 - 0x7fff50bf4fff libsystem_malloc.dylib (140.50.6) > <7FD43735-9DDD-300E-8C4A-F909A74BDF49> > /usr/lib/system/libsystem_malloc.dylib > > 0x7fff50bf5000 - 0x7fff50d25ff7 libsystem_network.dylib > (1229.70.2) <5E86B2DE-9E15-3354-8714-4094ED5F698D> > /usr/lib/system/libsystem_network.dylib > > 0x7fff50d26000 - 0x7fff50d30ffb libsystem_networkextension.dylib > (767.70.1) <D23EAFC1-E8BD-34D5-969C-6E45A1C3B4E4> > /usr/lib/system/libsystem_networkextension.dylib > > 0x7fff50d31000 - 0x7fff50d3aff3 libsystem_notify.dylib (172) > <08012EC0-2CD2-34BE-BF93-E7F56491299A> > /usr/lib/system/libsystem_notify.dylib > > 0x7fff50d3b000 - 0x7fff50d42ff7 libsystem_platform.dylib > (161.50.1) <6355EE2D-5456-3CA8-A227-B96E8F1E2AF8> > /usr/lib/system/libsystem_platform.dylib > > 0x7fff50d43000 - 0x7fff50d4efff libsystem_pthread.dylib > (301.50.1) <0E51CCBA-91F2-34E1-BF2A-FEEFD3D321E4> > /usr/lib/system/libsystem_pthread.dylib > > 0x7fff50d4f000 - 0x7fff50d52fff libsystem_sandbox.dylib > (765.70.1) <553DFCC6-9D31-3B9C-AB7C-30F6F265786D> > /usr/lib/system/libsystem_sandbox.dylib > > 0x7fff50d53000 - 0x7fff50d54ff3 libsystem_secinit.dylib (30) > <DE8D14E8-A276-3FF8-AE13-77F7040F33C1> > /usr/lib/system/libsystem_secinit.dylib > > 0x7fff50d55000 - 0x7fff50d5cff7 libsystem_symptoms.dylib > (820.60.2) <585BDFA2-D54D-39D0-8046-44E824DABD43> > /usr/lib/system/libsystem_symptoms.dylib > > 0x7fff50d5d000 - 0x7fff50d70fff libsystem_trace.dylib (829.70.1) > <3A6CB706-8CA6-3616-8AFC-14AAD7FAF187> /usr/lib/system/libsystem_trace.dylib > > 0x7fff50d72000 - 0x7fff50d77ff7 libunwind.dylib (35.3) > <BEF3FB49-5604-3B5F-82B5-332B80023AC3> /usr/lib/system/libunwind.dylib > > 0x7fff50d78000 - 0x7fff50da5ff7 libxpc.dylib (1205.70.9) > <0BC7AD67-671D-31D4-8B88-C317B8379598> /usr/lib/system/libxpc.dylib > > > External Modification Summary: > > Calls made by other processes targeting this process: > > task_for_pid: 0 > > thread_create: 0 > > thread_set_state: 0 > > Calls made by this process: > > task_for_pid: 0 > > thread_create: 0 > > thread_set_state: 0 > > Calls made by all processes on this machine: > > task_for_pid: 227609 > > thread_create: 0 > > thread_set_state: 0 > > > VM Region Summary: > > ReadOnly portion of Libraries: Total=260.6M resident=0K(0%) > swapped_out_or_unallocated=260.6M(100%) > > Writable regions: Total=142.7M written=0K(0%) resident=0K(0%) > swapped_out=0K(0%) unallocated=142.7M(100%) > > > > VIRTUAL REGION > > REGION TYPE SIZE COUNT (non-coalesced) > > =========== ======= ======> > Kernel Alloc Once 8K 2 > > MALLOC 78.2M 16 > > MALLOC guard page 16K 5 > > STACK GUARD 4K 2 > > Stack 64.0M 2 > > __DATA 5224K 45 > > __LINKEDIT 201.9M 4 > > __TEXT 58.8M 44 > > mapped file 444K 9 > > shared memory 8K 3 > > =========== ======= ======> > TOTAL 408.4M 122 > > > > any suggestion? Thank you. > -- > Best Regards, > Baozeng Ding > > > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev > >-- Best Regards, Baozeng Ding -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20180831/93585a54/attachment-0001.html>