Tests failures with llvm 15 and 16

Question

Tests failures with llvm 15 and 16

jirislaby opened this issue 5 months ago · comments

I see (both with llvm 15 and 16 but not with llvm 14 -- even when the patches from #1664 are applied):

[   35s] Failing Tests (3):
[   35s]     KLEE :: Feature/VarArgByVal.c
[   35s]     KLEE :: Runtime/POSIX/DirConsistency.c
[   35s]     KLEE :: Runtime/POSIX/SymFileConsistency.c

Full log

Originally posted by @jirislaby in #1664 (comment)

Jiri Slaby · Answer 1 · Fri Feb 09 2024 16:35:14 GMT+0800 (China Standard Time)

Full build log:
build.log

It's x86_64 build on openSUSE Tumbleweed (using uclibc if that's relevant).

MartinNowack · Answer 2 · Fri Feb 09 2024 18:00:51 GMT+0800 (China Standard Time)

@jirislaby Do you see the same behaviour with the main branch of KLEE as in the current state?

What is strange - at least according to your log files:

[   25s] KLEE: WARNING ONCE: calling external: syscall(16, 0, 21505, 139108239835136) at runtime/POSIX/fd.c:997 10
[   25s] KLEE: WARNING ONCE: Alignment of memory from call "malloc" is not modelled. Using alignment of 8.
[   25s] KLEE: WARNING ONCE: calling __klee_posix_wrapped_main with extra arguments.
[   25s] KLEE: ERROR: (location information missing) illegal instruction
[   25s] KLEE: NOTE: now ignoring this error at this location
[   25s] KLEE: ERROR: EXITING ON ERROR:
[   25s] Error: illegal instruction
[   25s] Stack: 
[   25s] 	#000012088 in vfprintf(139122735349760, 140302335115264, 139103944867840)
[   25s] 	#100011477 in vsnprintf(139129714671616, 1024, 140302335115264, 139103944867840)
[   25s] 	#200010851 in snprintf(139129714671616, 1024, 140302335115264)
[   25s] 	#300007730 in __klee_posix_wrapped_main(1, 139441099800576) at test/Runtime/POSIX/SymFileConsistency.c:29
[   25s] 	#400006833 in __user_main(4, 140317809999872, 140317809999912) at runtime/POSIX/klee_init_env.c:245
[   25s] 	#500000411 in __uClibc_main(140303037661184, 4, 140317809999872, 0, 0, 0, 0)
[   25s] 	#600000478 in main(4, 140317809999872)

The generated code contains an illegal instruction. This only happens if an instruction currently unhandled by KLEE is executed.

Which LLVM version are you using?

Jiri Slaby · Answer 3 · Fri Feb 09 2024 18:44:35 GMT+0800 (China Standard Time)

Yes, it's with 9336cd2. And llvm 16.0.6 (see the build log).

Frank Busse · Answer 4 · Fri Feb 09 2024 18:47:27 GMT+0800 (China Standard Time)

Could you attach the bitcode file with the illegal instruction?

Jiri Slaby · Answer 5 · Fri Feb 09 2024 18:54:51 GMT+0800 (China Standard Time)

Could you attach the bitcode file with the illegal instruction?

+1 The three .bc files attached + the uclibc libc.a (as a bcs.tar.gz due to github no support for .bc upload). It seems the illegal instruction is in its vfprintf?

Jiri Slaby · Answer 6 · Fri Feb 09 2024 19:18:57 GMT+0800 (China Standard Time)

Note uclibc is built with --enable-release. Now I added -g to the build of uclibc, so (the build log in #1691 (comment) will be updated shortly):

[   26s] KLEE: ERROR: libc/stdio/_vfprintf.c:1613: illegal instruction
[   26s] KLEE: NOTE: now ignoring this error at this location
[   26s] KLEE: ERROR: EXITING ON ERROR:
[   26s] Error: illegal instruction
[   26s] File: libc/stdio/_vfprintf.c
[   26s] Line: 1613
[   26s] assembly.ll line: 12723
[   26s] State: 1
[   26s] Stack: 
[   26s]        #000012723 in vfprintf(139166493294592, 140354823503872, 139156292747264) at libc/stdio/_vfprintf.c:1613
[   26s]        #100012161 in vsnprintf(139160587714560, 64, 140354823503872, 139156292747264) at libc/stdio/vsnprintf.c:64
[   26s]        #200011406 in snprintf(139160587714560, 64, 140354823503872) at libc/stdio/snprintf.c:25
[   26s]        #300007953 in __klee_posix_wrapped_main(1, 139492373938176) at test/Runtime/POSIX/DirConsistency.c:67
[   26s]        #400006864 in __user_main(4, 140369084137472, 140369084137512) at runtime/POSIX/klee_init_env.c:245
[   26s]        #500000435 in __uClibc_main(140353808482304, 4, 140369084137472, 0, 0, 0, 0) at libc/misc/internals/__uClibc_main.c:401
[   26s]        #600000512 in main(4, 140369084137472)

From assembly.ll:

  %175 = load i32, ptr %29, align 8, !dbg !11049, !noalias !10961
  %176 = icmp slt i32 %175, 0, !dbg !11050
  %177 = select i1 %176, i32 1, i32 %175, !dbg !11051
  %178 = freeze i32 %177, !dbg !11052 <--- HERE
  call void @llvm.dbg.value(metadata i32 %177, metadata !1364, metadata !DIExpression()), !dbg !10957
  %179 = and i32 %170, 16, !dbg !11030
  %180 = icmp eq i32 %179, 0, !dbg !11030
  br i1 %180, label %190, label %181, !dbg !11057

MartinNowack · Answer 7 · Fri Feb 09 2024 19:27:42 GMT+0800 (China Standard Time)

The freeze instruction is mainly generated if optimised code is generated.

Jiri Slaby · Answer 8 · Fri Feb 09 2024 19:31:11 GMT+0800 (China Standard Time)

Right, if I remove --enable-release from uclibc, only the VarArgByVal failure remains.

MartinNowack · Answer 9 · Sat Feb 10 2024 06:40:56 GMT+0800 (China Standard Time)

@jirislaby Can you check if #1692 solves your problem?

Jiri Slaby · Answer 10 · Mon Feb 12 2024 19:34:50 GMT+0800 (China Standard Time)

Yes, the VarArgByVal failure is gone by that. So now, should freeze be supported? Note it's impossible to build some code wihout optimizations (like kernel).

MartinNowack · Answer 11 · Mon Feb 12 2024 20:00:55 GMT+0800 (China Standard Time)

@jirislaby Thanks for the feedback. Agreed in the long run, we need to add support for freeze.

Cristian Cadar · Answer 12 · Wed Feb 14 2024 05:08:44 GMT+0800 (China Standard Time)

Indeed, and contributions would be useful. In the upcoming KLEE 3.1, we will continue to recommend LLVM 13, but we should move to LLVM 15/16 soon.

Cristian Cadar · Answer 13 · Sat Mar 02 2024 05:49:35 GMT+0800 (China Standard Time)

Let's close this one -- I created #1703 to add support for freeze