Symqemu raise SIGSEGV

Question

Symqemu raise SIGSEGV

ntcmp2u opened this issue 6 months ago · 2 comments

I use the following command to test a simple c++ program

echo "2" | x86_64-linux-user/qemu-x86_64 /tmp/test.out

However, the qemu process crashes after generating several testcases:

...
[INFO] New testcase: /tmp/output/000010-optimistic
[STAT] SMT: { "solving_time": 23999, "total_time": 95028 }
[STAT] SMT: { "solving_time": 24114 }
[STAT] SMT: { "solving_time": 24114, "total_time": 95333 }
[STAT] SMT: { "solving_time": 24200 }
[INFO] New testcase: /tmp/output/000011-optimistic
[STAT] SMT: { "solving_time": 24200, "total_time": 96206 }
[STAT] SMT: { "solving_time": 24324 }
[STAT] SMT: { "solving_time": 24324, "total_time": 96524 }
[STAT] SMT: { "solving_time": 24410 }
[INFO] New testcase: /tmp/output/000012-optimistic
[STAT] SMT: { "solving_time": 24410, "total_time": 97448 }
[STAT] SMT: { "solving_time": 24536 }
[STAT] SMT: { "solving_time": 24536, "total_time": 97777 }
[STAT] SMT: { "solving_time": 25712 }
[INFO] New testcase: /tmp/output/000013-optimistic
[STAT] SMT: { "solving_time": 25712, "total_time": 99812 }
[STAT] SMT: { "solving_time": 25843 }
[STAT] SMT: { "solving_time": 25843, "total_time": 100138 }
[STAT] SMT: { "solving_time": 26948 }
[INFO] New testcase: /tmp/output/000014-optimistic
[STAT] SMT: { "solving_time": 26948, "total_time": 102200 }
[STAT] SMT: { "solving_time": 27032 }
[STAT] SMT: { "solving_time": 27032, "total_time": 102477 }
[STAT] SMT: { "solving_time": 27100 }
qemu-x86_64: QEMU internal SIGSEGV {code=MAPERR, addr=0x14}
fish: Process 24522, 'x86_64-linux-user/qemu-x86_64' from job 1, 'echo "2" | x86_64-linux-user/qe…' terminated by signal SIGSEGV (Address boundary error)

The test code I used is:

#include <stdio.h>
#include <stdint.h>
#include <unistd.h>

int main(int argc, char* argv[]) {
    int x;
    if (scanf("%d", &x) != 1) {
        printf("read fail\n");
        return 1;
    }

    if(x > 100) {
        printf("aaa\n");
    } else if(x < 100) {
        printf("bbb\n");
    } else {
        printf("ccc\n");
    }

    return 0;
}

and the code to compile this code is:

clang++ test.cc -o test.out

The clang version is 14.0.0 and the symqemu I used is this commit: 45b4700

Any idea for this crash?

Answer 1 · 2024-04-25T05:49:06.000Z

@aurelf Hi, can you reproduce this issue?

Answer 2 · 2024-05-15T02:49:07.000Z

Yes in the docker, with LLVM 15 but not on my machine with LLVM 17... So this looks like a bug we need to address.