Hi Matthew, On Mon, Nov 2, 2009 at 7:33 PM, Matthew L. Creech <mlcreech at gmail.com> wrote: > On Mon, Nov 2, 2009 at 1:31 AM, Daniel Dunbar <daniel at zuster.org> wrote: >> >> If you want to run klee in gdb and get a backtrace and perhaps the >> result of 'info locals' in the crashing function, that might give a >> clue. >> > > OK, the GDB backtrace is much more thorough: > > $ gdb klee > GNU gdb 6.8 > Copyright (C) 2008 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. ?Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-pc-linux-gnu"... > (gdb) run --only-output-states-covering-new --libc=uclibc test.o > Starting program: /home/mlcreech/klee/install/bin/klee > --only-output-states-covering-new --libc=uclibc test.o > [Thread debugging using libthread_db enabled] > [New Thread 0x7f49282fa710 (LWP 18296)] > > Program received signal SIGSEGV, Segmentation fault. > [Switching to Thread 0x7f49282fa710 (LWP 18296)] > 0x00000000009a2198 in llvm::Value::getValueID (this=0x0) at > /home/mlcreech/klee/llvm-2.6/include/llvm/Value.h:242 > 242 ? ? ? ? return SubclassID; > (gdb) bt > #0 ?0x00000000009a2198 in llvm::Value::getValueID (this=0x0) at > /home/mlcreech/klee/llvm-2.6/include/llvm/Value.h:242 > #1 ?0x0000000000c18c7d in llvm::isa_impl<llvm::Constant, llvm::Value> > (Val=@0x0) > ? ?at /home/mlcreech/klee/llvm-2.6/include/llvm/Value.h:316 > #2 ?0x0000000000c1a881 in llvm::isa_impl_wrap<llvm::Constant, > llvm::Value const, llvm::Value const>::doit (Val=@0x0) > ? ?at /home/mlcreech/klee/llvm-2.6/include/llvm/Support/Casting.h:71 > #3 ?0x0000000000c1a6ea in > llvm::isa_impl_cl<llvm::Value>::isa<llvm::Constant> (Val=@0x0) > ? ?at /home/mlcreech/klee/llvm-2.6/include/llvm/Support/Casting.h:83 > #4 ?0x0000000000c8d00d in llvm::isa_impl_cl<llvm::Value > const>::isa<llvm::Constant> (Val=@0x0) > ? ?at /home/mlcreech/klee/llvm-2.6/include/llvm/Support/Casting.h:92 > #5 ?0x0000000000c864c4 in llvm::isa_impl_cl<llvm::Value > const*>::isa<llvm::Constant> (Val=0x0) > ? ?at /home/mlcreech/klee/llvm-2.6/include/llvm/Support/Casting.h:101 > #6 ?0x0000000000c827a6 in llvm::isa<llvm::Constant, llvm::Value > const*> (Val=@0x7fff675e7e48) > ? ?at /home/mlcreech/klee/llvm-2.6/include/llvm/Support/Casting.h:116 > #7 ?0x0000000000c83b24 in llvm::dyn_cast<llvm::Constant, llvm::Value > const*> (Val=@0x7fff675e7e48) > ? ?at /home/mlcreech/klee/llvm-2.6/include/llvm/Support/Casting.h:225 > #8 ?0x0000000000d7fae6 in RemapOperand (In=0x0, > ValueMap=@0x7fff675e88a0, Context=@0x194c970) at LinkModules.cpp:361 > #9 ?0x0000000000d8010e in RemapOperand (In=0x19966e0, > ValueMap=@0x7fff675e88a0, Context=@0x194c970) > ? ?at LinkModules.cpp:401 > #10 0x0000000000d8010e in RemapOperand (In=0x1996260, > ValueMap=@0x7fff675e88a0, Context=@0x194c970) > ? ?at LinkModules.cpp:401 > #11 0x0000000000d8010e in RemapOperand (In=0x1995e30, > ValueMap=@0x7fff675e88a0, Context=@0x194c970) > ? ?at LinkModules.cpp:401 > #12 0x0000000000d83a9d in LinkFunctionBody (Dest=0x1977da0, > Src=0x197bb40, ValueMap=@0x7fff675e88a0, > ? ?Err=0x7fff675e8b50) at LinkModules.cpp:1094 > #13 0x0000000000d83ca6 in LinkFunctionBodies (Dest=0x194fee0, > Src=0x197a8e0, ValueMap=@0x7fff675e88a0, > ? ?Err=0x7fff675e8b50) at LinkModules.cpp:1121 > #14 0x0000000000d84ea5 in llvm::Linker::LinkModules (Dest=0x194fee0, > Src=0x197a8e0, ErrorMsg=0x7fff675e8b50) > ? ?at LinkModules.cpp:1354 > #15 0x0000000000d7da3f in llvm::Linker::LinkInModule > (this=0x7fff675e8f70, Src=0x197a8e0, ErrorMsg=0x7fff675e8b50) > ? ?at /home/mlcreech/klee/llvm-2.6/include/llvm/Linker.h:249 > #16 0x0000000000d8ec59 in llvm::Linker::LinkInArchive > (this=0x7fff675e8f70, Filename=@0x7fff675e8fc0, > ? ?is_native=@0x7fff675e8fcf) at LinkArchives.cpp:176 > #17 0x0000000000d7d5e6 in llvm::Linker::LinkInFile > (this=0x7fff675e8f70, File=@0x7fff675e8fc0, > ? ?is_native=@0x7fff675e8fcf) at LinkItems.cpp:191 > #18 0x000000000095aba2 in klee::linkWithLibrary (module=<value > optimized out>, libraryName=@0x7fff675e92f0) > ? ?at ModuleUtil.cpp:40 > #19 0x000000000090607a in linkWithUclibc (mainModule=0x194fee0) at > main.cpp:991 > #20 0x000000000090713b in main (argc=4, argv=0x7fff675e9bf8, > envp=<value optimized out>) at main.cpp:1191 > (gdb) > > At a glance it looks like the instruction list given to > LinkFunctionBody() contains a MDNode which contains a NULL entry (at > index 9 out of 12), which gets propagated down to dyn_cast<>, which > can't handle NULL pointers. ?But I've got absolutely no context as to > what's really supposed to be happening here. ?:)
Thanks for the extra info. I'm not exactly sure either, the MD stuff was unfortunately a bit new at the time 2.6 branched and its possible there was a bug in its interaction with the linker, or an underlying bug that is getting triggered. Running under valgrind might provide a bit more information, but I'll probably need to find a way to reproduce it to go farther. Can you send me the 'test.o' and uclibc .a library files from your system? I'll try to reproduce locally and see if I can go from there. - Daniel
