reachable-call-graph terminates with std::out_of_range exception

[polgreen]

I am producing a reachable call graph of Xen, using goto-instrument --reachable-call-graph input.binary output.binary.

I am using develop, at commit 709b45f446cce6134d65cf08ae74d028e03c054d1

The exception I get is:

libc++abi.dylib: terminating with uncaught exception of type std::out_of_range: map::at:  key not found
Abort trap: 6

The stack trace is

* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
  * frame #0: 0x00007fffd0399d42 libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007fffd0487457 libsystem_pthread.dylib`pthread_kill + 90
    frame #2: 0x00007fffd02ff420 libsystem_c.dylib`abort + 129
    frame #3: 0x00007fffcee5394a libc++abi.dylib`abort_message + 266
    frame #4: 0x00007fffcee78c17 libc++abi.dylib`default_terminate_handler() + 243
    frame #5: 0x00007fffcf987713 libobjc.A.dylib`_objc_terminate() + 124
    frame #6: 0x00007fffcee75d49 libc++abi.dylib`std::__terminate(void (*)()) + 8
    frame #7: 0x00007fffcee757be libc++abi.dylib`__cxa_throw + 121
    frame #8: 0x00000001005b58b8 goto-instrument`std::__1::map<dstringt, goto_functiont, std::__1::less<dstringt>, std::__1::allocator<std::__1::pair<dstringt const, goto_functiont> > >::at(this=0x00007fff5fbffa20 size=10586, __k=0x00007fff5fbfbca0) const at map:1405
    frame #9: 0x00000001005b4273 goto-instrument`call_grapht::call_grapht(this=0x00007fff5fbfd1d0, goto_functions=0x00007fff5fbffa20, root=0x00007fff5fbfd1c8, collect_callsites=false) at call_graph.cpp:88
    frame #10: 0x00000001005b5cd4 goto-instrument`call_grapht::call_grapht(this=0x00007fff5fbfd1d0, goto_functions=0x00007fff5fbffa20, root=0x00007fff5fbfd1c8, collect_callsites=false) at call_graph.cpp:79
    frame #11: 0x00000001005b5d76 goto-instrument`call_grapht::call_grapht(this=0x00007fff5fbfd1d0, goto_model=0x00007fff5fbff9a0, root=0x00007fff5fbfd1c8, collect_callsites=false) at call_graph.cpp:113
    frame #12: 0x0000000100c7c4a3 goto-instrument`call_grapht::create_from_root_function(model=0x00007fff5fbff9a0, root=0x00007fff5fbfd1c8, collect_callsites=false) at call_graph.h:36
    frame #13: 0x0000000100c71b5c goto-instrument`goto_instrument_parse_optionst::doit(this=0x00007fff5fbff7c0) at goto_instrument_parse_options.cpp:680
    frame #14: 0x000000010079fd98 goto-instrument`parse_options_baset::main(this=0x00007fff5fbff7c0) at parse_options.cpp:66
    frame #15: 0x0000000100c6b142 goto-instrument`main(argc=4, argv=0x00007fff5fbffa78) at goto_instrument_main.cpp:27
    frame #16: 0x00007fffd026b235 libdyld.dylib`start + 1
    frame #17: 0x00007fffd026b235 libdyld.dylib`start + 1

I'm working on trying to find an open source binary for you to recreate this. It should be sufficient to use this branch of Xen:
https://github.com/nmanthey/xen/tree/gotocc

Probably of interest to @smowton

[polgreen]

The binary is here:
https://drive.google.com/open?id=1Vco57D_iMhQ6N1EXqLTmF1wC9WiSN3mZ

[polgreen]

This appears to be an issue with __asm_sfence. Is it possible that remove_asm introduces new functions but doesn't add them to the function_map?