This is an archive of the discontinued LLVM Phabricator instance.

Differential D130208

[lld-macho] Fix assertion when two symbols at same addr have unwind info
ClosedPublic

Authored by int3 on Jul 20 2022, 3:36 PM.

Details

Reviewers
thakis
Group Reviewers
Restricted Project
Commits
rG241f62d8d30f: [lld-macho] Fix assertion when two symbols at same addr have unwind info
Summary

If there are multiple symbols at the same address, our unwind info
implementation assumes that we always register unwind entries to a
single canonical symbol.

This assumption was violated by the registerEhFrame code.

Fixes #56570.

Diff Detail

Event Timeline

int3 created this revision.Jul 20 2022, 3:36 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptJul 20 2022, 3:36 PM
int3 requested review of this revision.Jul 20 2022, 3:36 PM
Herald added a project: Restricted Project. · View Herald TranscriptJul 20 2022, 3:36 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
int3 edited the summary of this revision. (Show Details)Jul 20 2022, 3:38 PM
Harbormaster completed remote builds in B176609: Diff 446284.Jul 20 2022, 4:00 PM
oontvoo added a subscriber: oontvoo.Jul 20 2022, 4:22 PM
oontvoo added inline comments.
lld/test/MachO/Inputs/double-unwind-info.yaml
2

would be great to have comment on how this yaml was created (ie., the .s file and/or any special flag?) in case we need to update it in the future

int3 marked an inline comment as done.Jul 20 2022, 4:37 PM
int3 added inline comments.
lld/test/MachO/Inputs/double-unwind-info.yaml
2

See the comments in double-unwind-info.s :)

thakis accepted this revision.Jul 21 2022, 5:50 AM
thakis added a subscriber: thakis.

Stamp, but:

lld/MachO/InputFiles.cpp
1536

We hit this assert in "normal" builds: https://bugs.chromium.org/p/chromium/issues/detail?id=1346125#c1

Do you want a repro file for that?

Anyways, addressing the assert quickly would be good :) (either revert if hitting this on a normal build is surprising and needs more investigation, or by landing this fix here)

This revision is now accepted and ready to land.Jul 21 2022, 5:50 AM
int3 marked an inline comment as done.Jul 21 2022, 6:39 AM
int3 added inline comments.
lld/MachO/InputFiles.cpp
1536

Just to confirm, are you sure the "normal" build doesn't pull in any 3rd-party lib that could've been passed through ld -r?

I wasn't able to generate it the problem via llvm-mc in my testing, but I could certainly have missed something. Repro file wouldn't really help to figure out the compiler flags that trigger it though...

It doesn't look like the assert triggers at all on chromium_framework at least, so I think it's safe to say that it's a fairly uncommon code path

int3 added inline comments.Jul 21 2022, 6:43 AM
lld/MachO/InputFiles.cpp
1536

It doesn't look like the assert triggers at all on chromium_framework at least, so I think it's safe to say that it's a fairly uncommon code path

More precisely, an assert(false) in this if branch doesn't get tripped while linking chromium_framework.

Landing this now, we can tweak the comment as needed later

Closed by commit rG241f62d8d30f: [lld-macho] Fix assertion when two symbols at same addr have unwind info (authored by int3). · Explain WhyJul 21 2022, 6:46 AM
This revision was automatically updated to reflect the committed changes.
int3 added a commit: rG241f62d8d30f: [lld-macho] Fix assertion when two symbols at same addr have unwind info.
abrachet added a subscriber: abrachet.Jul 22 2022, 7:59 PM
abrachet added inline comments.
lld/MachO/InputFiles.cpp
1536

Hi this is crashing for us too I've uploaded a reproducer here https://drive.google.com/file/d/1tz3feLMfR-2N8SMxT5dqLqAN3dUVSGRQ/view?usp=sharing. Though it seems like not all input files correctly made it into the reproducer.
See https://ci.chromium.org/ui/p/fuchsia/builders/prod/clang-mac-xarm64/b8807891867843444577/overview which is an lto build of llvm. If it's helpful here's what funcSym looks like before the crash

(lldb) p *funcSym
(lld::macho::Defined) $9 = {
  lld::macho::Symbol = {
    gotIndex = 4294967295
    lazyBindOffset = 4294967295
    stubsHelperIndex = 4294967295
    stubsIndex = 4294967295
    symtabIndex = 4294967295
    symbolKind = DefinedKind
    nameData = 0x000000011986014f "__ZNSt3__212basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC1B6v15000IDnEEPKc"
    file = 0x000000011a849a00
    nameSize = 82
    isUsedInRegularObj = true
    used = false
  }
  overridesWeakDef = false
  privateExtern = true
  includeInSymtab = true
  wasIdenticalCodeFolded = false
  thumb = false
  referencedDynamically = false
  noDeadStrip = false
  interposable = false
  weakDefCanBeHidden = false
  weakDef = true
  external = true
  isec = nullptr
  value = 0
  size = 0
  unwindEntry = nullptr
}
abrachet added inline comments.Jul 22 2022, 8:09 PM
lld/MachO/InputFiles.cpp
1536

Ignore the "too" in my comment. I incorrectly read @thakis's comment as him saying this was causing an assertion failure not fixing one.

int3 marked 2 inline comments as done.Jul 22 2022, 11:12 PM
int3 added inline comments.
lld/MachO/InputFiles.cpp
1536

whoops, guess it's bug whackamole season. Sorry about that. D130409 should fix.

thakis added a comment.Jul 25 2022, 10:17 AM

Sorry for the slow turnaround – was at a conference last week, and don't build the iOS code all that often.

Here's a repro file: https://drive.google.com/file/d/1wMTTtgtLgrnXPZ--qpx1jUJs3spXeLmo/view?usp=sharing

The assertion used to fire for Users/thakis/src/chrome/src/out/gnios/obj/ios/chrome/browser/ui/omnibox/popup/popup_swift/omnibox_popup_view_provider.o. That .o file is created by compiling https://source.chromium.org/chromium/chromium/src/+/main:ios/chrome/browser/ui/omnibox/popup/omnibox_popup_view_provider.swift;l=1?q=omnibox_popup_view_provider.&sq= (I can get the exact compile command if it helps). It's a swift file, so maybe this is needed for all swift .o files? If so, this would probably slow down links of projects using swift a bit (?)

thakis added a comment.Jul 25 2022, 10:22 AM

(For my own notes:

args.gn:

use_goma = true
dcheck_always_on = false
is_debug = false
symbol_level = 0
target_os = "ios"
target_cpu = "arm64"
ios_enable_code_signing = false

At chromium rev 3695eeb95bcf70bcbad32a4166c0d0748ed61d99.

Ran:

% time ninja -C out/gnios ios_chrome_unittests -j250     
% rm out/gnios/obj/ios/chrome/test/arm64/ios_chrome_unittests
% LLD_REPRODUCE=repro-ios.tar ninja -C out/gnios obj/ios/chrome/test/arm64/ios_chrome_unittests

)

Revision Contents

PathSize
lld/
MachO/
7 lines
2 lines
test/
MachO/
Inputs/
159 lines
26 lines

Diff 446473

lld/MachO/InputFiles.cpp

Show First 20 LinesShow All 1,522 Lines▼ Show 20 Lines for (auto it = isec->relocs.begin(); it != isec->relocs.end(); ++it) {
funcAddrRelocIt = it++; // Found subtrahend; skip over minuend reloc funcAddrRelocIt = it++; // Found subtrahend; skip over minuend reloc
else if (lsdaAddrOpt && it->offset == lsdaAddrOff) else if (lsdaAddrOpt && it->offset == lsdaAddrOff)
lsdaAddrRelocIt = it++; // Found subtrahend; skip over minuend reloc lsdaAddrRelocIt = it++; // Found subtrahend; skip over minuend reloc
} }
Defined *funcSym; Defined *funcSym;
if (funcAddrRelocIt != isec->relocs.end()) { if (funcAddrRelocIt != isec->relocs.end()) {
funcSym = targetSymFromCanonicalSubtractor(isec, funcAddrRelocIt); funcSym = targetSymFromCanonicalSubtractor(isec, funcAddrRelocIt);
// Canonicalize the symbol. If there are multiple symbols at the same
// address, we want both `registerEhFrame` and `registerCompactUnwind`
// to register the unwind entry under same symbol.
// This is not particularly efficient, but we should run into this case
// infrequently (only when handling the output of `ld -r`).
funcSym = findSymbolAtOffset(cast<ConcatInputSection>(funcSym->isec),
thakisUnsubmitted
Not Done
ReplyInline Actions

We hit this assert in "normal" builds: https://bugs.chromium.org/p/chromium/issues/detail?id=1346125#c1

Do you want a repro file for that?

Anyways, addressing the assert quickly would be good :) (either revert if hitting this on a normal build is surprising and needs more investigation, or by landing this fix here)

thakis: We hit this assert in "normal" builds: https://bugs.chromium.org/p/chromium/issues/detail?
int3AuthorUnsubmitted
Done
ReplyInline Actions

Just to confirm, are you sure the "normal" build doesn't pull in any 3rd-party lib that could've been passed through ld -r?

I wasn't able to generate it the problem via llvm-mc in my testing, but I could certainly have missed something. Repro file wouldn't really help to figure out the compiler flags that trigger it though...

It doesn't look like the assert triggers at all on chromium_framework at least, so I think it's safe to say that it's a fairly uncommon code path

int3: Just to confirm, are you sure the "normal" build doesn't pull in any 3rd-party lib that…
int3AuthorUnsubmitted
Done
ReplyInline Actions

It doesn't look like the assert triggers at all on chromium_framework at least, so I think it's safe to say that it's a fairly uncommon code path

More precisely, an assert(false) in this if branch doesn't get tripped while linking chromium_framework.

Landing this now, we can tweak the comment as needed later

int3: > It doesn't look like the assert triggers at all on chromium_framework at least, so I think…
abrachetUnsubmitted
Done
ReplyInline Actions

Hi this is crashing for us too I've uploaded a reproducer here https://drive.google.com/file/d/1tz3feLMfR-2N8SMxT5dqLqAN3dUVSGRQ/view?usp=sharing. Though it seems like not all input files correctly made it into the reproducer.
See https://ci.chromium.org/ui/p/fuchsia/builders/prod/clang-mac-xarm64/b8807891867843444577/overview which is an lto build of llvm. If it's helpful here's what funcSym looks like before the crash

(lldb) p *funcSym
(lld::macho::Defined) $9 = {
  lld::macho::Symbol = {
    gotIndex = 4294967295
    lazyBindOffset = 4294967295
    stubsHelperIndex = 4294967295
    stubsIndex = 4294967295
    symtabIndex = 4294967295
    symbolKind = DefinedKind
    nameData = 0x000000011986014f "__ZNSt3__212basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC1B6v15000IDnEEPKc"
    file = 0x000000011a849a00
    nameSize = 82
    isUsedInRegularObj = true
    used = false
  }
  overridesWeakDef = false
  privateExtern = true
  includeInSymtab = true
  wasIdenticalCodeFolded = false
  thumb = false
  referencedDynamically = false
  noDeadStrip = false
  interposable = false
  weakDefCanBeHidden = false
  weakDef = true
  external = true
  isec = nullptr
  value = 0
  size = 0
  unwindEntry = nullptr
}
abrachet: Hi this is crashing for us too I've uploaded a reproducer here https://drive.google.
abrachetUnsubmitted
Not Done
ReplyInline Actions

Ignore the "too" in my comment. I incorrectly read @thakis's comment as him saying this was causing an assertion failure not fixing one.

abrachet: Ignore the "too" in my comment. I incorrectly read @thakis's comment as him saying this was…
int3AuthorUnsubmitted
Done
ReplyInline Actions

whoops, guess it's bug whackamole season. Sorry about that. D130409 should fix.

int3: whoops, guess it's bug whackamole season. Sorry about that. D130409 should fix.
funcSym->value);
} else { } else {
funcSym = findSymbolAtAddress(sections, funcAddr); funcSym = findSymbolAtAddress(sections, funcAddr);
ehRelocator.makePcRel(funcAddrOff, funcSym, target->p2WordSize); ehRelocator.makePcRel(funcAddrOff, funcSym, target->p2WordSize);
} }
// The symbol has been coalesced, or already has a compact unwind entry. // The symbol has been coalesced, or already has a compact unwind entry.
if (!funcSym || funcSym->getFile() != this || funcSym->unwindEntry) { if (!funcSym || funcSym->getFile() != this || funcSym->unwindEntry) {
// We must prune unused FDEs for correctness, so we cannot rely on // We must prune unused FDEs for correctness, so we cannot rely on
// -dead_strip being enabled. // -dead_strip being enabled.
▲ Show 20 LinesShow All 682 LinesShow Last 20 Lines

lld/MachO/UnwindInfoSection.cpp

Show First 20 LinesShow All 205 Lines▼ Show 20 Lines
void UnwindInfoSection::addSymbol(const Defined *d) { void UnwindInfoSection::addSymbol(const Defined *d) {
if (d->unwindEntry) if (d->unwindEntry)
allEntriesAreOmitted = false; allEntriesAreOmitted = false;
// We don't yet know the final output address of this symbol, but we know that // We don't yet know the final output address of this symbol, but we know that
// they are uniquely determined by a combination of the isec and value, so // they are uniquely determined by a combination of the isec and value, so
// we use that as the key here. // we use that as the key here.
auto p = symbols.insert({{d->isec, d->value}, d}); auto p = symbols.insert({{d->isec, d->value}, d});
// If we have multiple symbols at the same address, only one of them can have // If we have multiple symbols at the same address, only one of them can have
// an associated CUE. // an associated unwind entry.
if (!p.second && d->unwindEntry) { if (!p.second && d->unwindEntry) {
assert(!p.first->second->unwindEntry); assert(!p.first->second->unwindEntry);
p.first->second = d; p.first->second = d;
} }
} }
void UnwindInfoSectionImpl::prepareRelocations() { void UnwindInfoSectionImpl::prepareRelocations() {
// This iteration needs to be deterministic, since prepareRelocations may add // This iteration needs to be deterministic, since prepareRelocations may add
▲ Show 20 LinesShow All 461 LinesShow Last 20 Lines

lld/test/MachO/Inputs/double-unwind-info.yaml

  • This file was added.
--- !mach-o
FileHeader:
oontvooUnsubmitted
Done
ReplyInline Actions

would be great to have comment on how this yaml was created (ie., the .s file and/or any special flag?) in case we need to update it in the future

oontvoo: would be great to have comment on how this yaml was created (ie., the `.s` file and/or any…
int3AuthorUnsubmitted
Done
ReplyInline Actions

See the comments in double-unwind-info.s :)

int3: See the comments in double-unwind-info.s :)
magic: 0xFEEDFACF
cputype: 0x1000007
cpusubtype: 0x3
filetype: 0x1
ncmds: 4
sizeofcmds: 384
flags: 0x2000
reserved: 0x0
LoadCommands:
- cmd: LC_SEGMENT_64
cmdsize: 312
segname: ''
vmaddr: 0
vmsize: 96
fileoff: 448
filesize: 96
maxprot: 7
initprot: 7
nsects: 3
flags: 0
Sections:
- sectname: __text
segname: __TEXT
addr: 0x0
size: 2
offset: 0x1C0
align: 0
reloff: 0x0
nreloc: 0
flags: 0x80000400
reserved1: 0x0
reserved2: 0x0
reserved3: 0x0
content: '9090'
- sectname: __eh_frame
segname: __TEXT
addr: 0x8
size: 56
offset: 0x1C8
align: 3
reloff: 0x220
nreloc: 4
flags: 0x0
reserved1: 0x0
reserved2: 0x0
reserved3: 0x0
content: 1400000000000000017A520001781001100C0708900100001C00000004000000F8FFFFFFFFFFFFFF0100000000000000000E080000000000
relocations:
- address: 0x1C
symbolnum: 3
pcrel: false
length: 2
extern: true
type: 5
scattered: false
value: 0
- address: 0x1C
symbolnum: 4
pcrel: false
length: 2
extern: true
type: 0
scattered: false
value: 0
- address: 0x20
symbolnum: 4
pcrel: false
length: 3
extern: true
type: 5
scattered: false
value: 0
- address: 0x20
symbolnum: 2
pcrel: false
length: 3
extern: true
type: 0
scattered: false
value: 0
- sectname: __compact_unwind
segname: __LD
addr: 0x40
size: 32
offset: 0x200
align: 3
reloff: 0x240
nreloc: 1
flags: 0x2000000
reserved1: 0x0
reserved2: 0x0
reserved3: 0x0
content: '0000000000000000010000000000010200000000000000000000000000000000'
relocations:
- address: 0x0
symbolnum: 2
pcrel: false
length: 3
extern: true
type: 0
scattered: false
value: 0
- cmd: LC_SYMTAB
cmdsize: 24
symoff: 584
nsyms: 5
stroff: 664
strsize: 40
- cmd: LC_BUILD_VERSION
cmdsize: 32
platform: 1
minos: 659200
sdk: 0
ntools: 1
Tools:
- tool: 3
version: 50069504
- cmd: LC_DATA_IN_CODE
cmdsize: 16
dataoff: 584
datasize: 0
LinkEditData:
NameList:
- n_strx: 2
n_type: 0xE
n_sect: 1
n_desc: 0
n_value: 0
- n_strx: 10
n_type: 0xE
n_sect: 1
n_desc: 0
n_value: 1
- n_strx: 16
n_type: 0xE
n_sect: 1
n_desc: 0
n_value: 1
- n_strx: 21
n_type: 0xE
n_sect: 2
n_desc: 0
n_value: 8
- n_strx: 31
n_type: 0xE
n_sect: 2
n_desc: 0
n_value: 32
StringTable:
- ' '
- _spacer
- ltmp1
- _foo
- EH_Frame1
- func.eh
- ''
...

lld/test/MachO/double-unwind-info.s

  • This file was added.
## When changing the assembly input, uncomment these lines to re-generate the
## YAML.
# COM: llvm-mc --emit-dwarf-unwind=always -filetype=obj -triple=x86_64-apple-macos10.15 %s -o %t.o
# COM: ld -r %t.o -o %t-r.o
# COM: obj2yaml %t-r.o > %S/Inputs/double-unwind-info.yaml
# RUN: yaml2obj %S/Inputs/double-unwind-info.yaml > %t-r.o
# RUN: %lld -dylib -lSystem %t-r.o -o /dev/null
.text
## eh_frame function address relocations are only emitted if the function isn't
## at address 0x0.
_spacer:
nop
## Check that we perform unwind info registration correctly when there are
## multiple symbols at the same address. This would previously hit an assertion
## error (PR56570).
_foo:
ltmp1:
.cfi_startproc
.cfi_def_cfa_offset 8
nop
.cfi_endproc
.subsections_via_symbols