Closed
Description
When instrumenting a PGO-optimized libLLVM.so, the instrumented binary binary crashes in _ZNK4llvm4Loop18isLoopSimplifyFormEv. See https://gist.github.com/nikic/e695bd62d1dd40e506f6365b935d417c for the instrumented and uninstrumented assembly of the function.
The problem is that the value spilled by mov %r8,-0x10(%rsp) is later clobbered by the pushes in the instrumentation sequence:
0x00000000075873d9 <+975>: push %rax
0x00000000075873da <+976>: mov $0x0,%eax
0x00000000075873df <+981>: lahf
0x00000000075873e0 <+982>: push %rax
0x00000000075873e1 <+983>: mov $0x0,%eax
0x00000000075873e6 <+988>: seto %al
0x00000000075873e9 <+991>: lock incq 0x57fa3d7(%rip) # 0xcd817c8
0x00000000075873f1 <+999>: add $0x7f,%al
0x00000000075873f4 <+1002>: pop %rax
0x00000000075873f5 <+1003>: sahf
0x00000000075873f6 <+1004>: pop %raxI've uploaded the libLLVM.so in question here: https://drive.google.com/file/d/1lAbqukTx7b1aPasrR7rP-p2nsoRQSgUa/view?usp=sharing
I've also included an opt binary and a test case which make it possible to test the instrumented/uninstrumented libraries as follows:
# Runs fine
LD_LIBRARY_PATH=$PWD valgrind ./opt -S -passes=simple-loop-unswitch < test.ll
# Instrument
mv libLLVM-16-rust-1.69.0-nightly.so libLLVM-16-rust-1.69.0-nightly.so.orig
llvm-bolt -instrument libLLVM-16-rust-1.69.0-nightly.so.orig -o libLLVM-16-rust-1.69.0-nightly.so --instrumentation-file-append-pid
# Produces "Conditional jump or move depends on uninitialised value(s)"
LD_LIBRARY_PATH=$PWD valgrind ./opt -S -passes=simple-loop-unswitch < test.ll