eshard/obfuscator-llvm

seg fault When applying "flattening"

codetronik opened this issue · 6 comments

I applied SCALAROPTIMIZERLATE_PASSES with flattening.

However, an error occurs when building my iPhone app.

clang: error: unable to execute command: Segmentation fault: 11
clang: error: clang frontend command failed due to signal (use -v to see invocation)
Apple clang version 14.0.3 (clang-1403.0.22.14.1)
Target: arm64-apple-ios13.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
clang: note: diagnostic msg: 
********************


An error occurs while executing the below source.

flattening.cpp
run(Function &F, ...)
{
analysis.intersect(LowerSwitchPass().run(F, AM)); // crash
}

Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var `LLVM_SYMBOLIZER_PATH` to point to it):
0  clang                    0x0000000106676a8c llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) + 56
1  clang                    0x00000001066759c0 llvm::sys::RunSignalHandlers() + 112
2  clang                    0x0000000106677118 SignalHandler(int) + 344
3  libsystem_platform.dylib 0x000000018ad7ea24 _sigtramp + 56
4  clang                    0x0000000105f35e64 llvm::AnalysisManager<llvm::Function>::getResultImpl(llvm::AnalysisKey*, llvm::Function&) + 260
5  libLLVMObfuscator.dylib  0x000000010dc1c620 llvm::LowerSwitchPass::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) + 52
6  libLLVMObfuscator.dylib  0x000000010d985584 llvm::Flattening::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) + 136

llvm (clang-15) build option
cmake -S llvm -B Release -DCMAKE_BUILD_TYPE=Release -DLLVM_ENABLE_NEW_PASS_MANAGER=ON -DCMAKE_OSX_ARCHITECTURES=arm64 -DLLVM_CREATE_XCODE_TOOLCHAIN=ON -DLLVM_ENABLE_PROJECTS="clang;libcxx;libcxxabi"

obfuscator build option
cmake -B Release -DLLVM_DIR=/Users/kei/Downloads/llvm-project/Release/lib/cmake -DCMAKE_OSX_ARCHITECTURES=arm64

app build option
Clang -fno-legacy-pass-manager -fpass-plugin=/Users/kei/Downloads/obfuscator-llvm/Release/libLLVMObfuscator.dylib 1.c -o 1.o -DCMAKE_OSX_ARCHITECTURES=arm64

Hi,

Thanks for the report, LowerSwitchPass() was troublesome on the past, maybe something changed with latest releases.

I see you build llvm-15 but you are building with 14.0.3 from your segfault log. Is it normal ?

Well good to know.

Is it related to https://reviews.llvm.org/D123607 ?

There was some changed to IR in LLVM 15
https://releases.llvm.org/15.0.0/docs/ReleaseNotes.html#changes-to-the-llvm-ir

I also encountered the same problem using android-ndk-r25c (Android (9352603, based on r450784d1) clang version 14.0.7), which can be solved by removing LowerSwitchPass.

-  analysis.intersect(LowerSwitchPass().run(F, AM));
+  // analysis.intersect(LowerSwitchPass().run(F, AM));

Reference: https://github.com/bluesadi/Pluto-Obfuscator/blob/main/llvm/lib/Transforms/Obfuscation/Flattening.cpp

I also encountered the same problem using android-ndk-r25c (Android (9352603, based on r450784d1) clang version 14.0.7), which can be solved by removing LowerSwitchPass.

-  analysis.intersect(LowerSwitchPass().run(F, AM));
+  // analysis.intersect(LowerSwitchPass().run(F, AM));

Reference: https://github.com/bluesadi/Pluto-Obfuscator/blob/main/llvm/lib/Transforms/Obfuscation/Flattening.cpp

If you remove the LowerSwitchPass, you will not be able to obtain the IR intended by flattening. Use the legacyLowerSwitchPass instead.

I also encountered the same problem using android-ndk-r25c (Android (9352603, based on r450784d1) clang version 14.0.7), which can be solved by removing LowerSwitchPass.

-  analysis.intersect(LowerSwitchPass().run(F, AM));
+  // analysis.intersect(LowerSwitchPass().run(F, AM));

Reference: https://github.com/bluesadi/Pluto-Obfuscator/blob/main/llvm/lib/Transforms/Obfuscation/Flattening.cpp

If you remove the LowerSwitchPass, you will not be able to obtain the IR intended by flattening. Use the legacyLowerSwitchPass instead.

I compiled two libraries and the results of comparison are the same.