clang crashes on valid code at -Os and above on x86_64-linux-gnu (in 'Simplify the CFG') #49982
Comments
|
crashes on: opt -simplifycfg ; ModuleID = 'bugpoint-reduced-conditionals.bc' @a = external dso_local global i32, align 4 define dso_local i32 @main() local_unnamed_addr { while.cond: ; preds = %for.cond, %entry for.cond: ; preds = %for.inc, %while.cond for.inc: ; preds = %for.cond while.end: ; preds = %while.cond |
|
I'm not seeing a crash with the original C program or the simplifycfg reduction with a freshly built compiler. And not seeing a crash on godbolt: But I don't see any recent changes to simplifycfg that would account for a difference either...ideas? |
|
I'm still seeing this with asserts enabled: https://godbolt.org/z/fcToWdsP1 |
|
Should be fixed with: Simon or Zhendong, I'll leave this open until you can confirm (or we can wait for godbolt to update). I never got the assert on my release-with-asserts build (so the regression test in the patch already passed for me), but I was able to see the use-after-free problem in a debug build. |
Sanjay, I can confirm that the crash has been fixed (with my build of e2d0798); thanks. |
Extended Description
[551] % clangtk -v
clang version 13.0.0 (https://github.com/llvm/llvm-project.git 205cde6)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /local/suz-local/opfuzz/bin
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6.5.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7.5.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/8
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7.5.0
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Candidate multilib: x32;@MX32
Selected multilib: .;@m64
[552] %
[552] % clangtk -O1 small.c; ./a.out
[553] %
[553] % clangtk -Os small.c
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: /local/suz-local/software/local/clang-trunk/bin/clang-13 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj --mrelax-relocations -disable-free -main-file-name small.c -mrelocation-model static -mframe-pointer=none -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/local/suz-local/software/emitesting/bugs/20210609-clangtk-m64-O3-g-Weverything-pipe-fPIC-build-121036/delta -resource-dir /local/suz-local/software/local/clang-trunk/lib/clang/13.0.0 -I /usr/local/include/csmith -internal-isystem /local/suz-local/software/local/clang-trunk/lib/clang/13.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -Os -fdebug-compilation-dir=/local/suz-local/software/emitesting/bugs/20210609-clangtk-m64-O3-g-Weverything-pipe-fPIC-build-121036/delta -ferror-limit 19 -fgnuc-version=4.2.1 -fcolor-diagnostics -vectorize-loops -vectorize-slp -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/small-2b81e3.o -x c small.c
#0 0x00005634604aa35f PrintStackTraceSignalHandler(void*) Signals.cpp:0:0
#1 0x00005634604a7bad SignalHandler(int) Signals.cpp:0:0
#2 0x00007f695207f980 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x12980)
#3 0x000056345fccbd30 llvm::Type::getInt1Ty(llvm::LLVMContext&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x2fbad30)
#4 0x000056345fc4b4c8 llvm::SelectInst::areInvalidOperands(llvm::Value*, llvm::Value*, llvm::Value*) (.part.492) Instructions.cpp:0:0
#5 0x000056345fc2d71f llvm::IRBuilderBase::CreateSelect(llvm::Value*, llvm::Value*, llvm::Value*, llvm::Twine const&, llvm::Instruction*) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x2f1c71f)
#6 0x0000563460611b1e FoldTwoEntryPHINode(llvm::PHINode*, llvm::TargetTransformInfo const&, llvm::DomTreeUpdater*, llvm::DataLayout const&) SimplifyCFG.cpp:0:0
#7 0x0000563460628872 llvm::simplifyCFG(llvm::BasicBlock*, llvm::TargetTransformInfo const&, llvm::DomTreeUpdater*, llvm::SimplifyCFGOptions const&, llvm::ArrayRefllvm::WeakVH) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x3917872)
#8 0x000056346039717f iterativelySimplifyCFG(llvm::Function&, llvm::TargetTransformInfo const&, llvm::DomTreeUpdater*, llvm::SimplifyCFGOptions const&) SimplifyCFGPass.cpp:0:0
#9 0x0000563460397cc6 simplifyFunctionCFGImpl(llvm::Function&, llvm::TargetTransformInfo const&, llvm::DominatorTree*, llvm::SimplifyCFGOptions const&) SimplifyCFGPass.cpp:0:0
#10 0x0000563460399434 llvm::SimplifyCFGPass::run(llvm::Function&, llvm::AnalysisManagerllvm::Function&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x3688434)
#11 0x000056345e8ca271 llvm::detail::PassModel<llvm::Function, llvm::SimplifyCFGPass, llvm::PreservedAnalyses, llvm::AnalysisManagerllvm::Function >::run(llvm::Function&, llvm::AnalysisManagerllvm::Function&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x1bb9271)
#12 0x000056345fcbf37c llvm::PassManager<llvm::Function, llvm::AnalysisManagerllvm::Function >::run(llvm::Function&, llvm::AnalysisManagerllvm::Function&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x2fae37c)
#13 0x000056345e320361 llvm::detail::PassModel<llvm::Function, llvm::PassManager<llvm::Function, llvm::AnalysisManagerllvm::Function >, llvm::PreservedAnalyses, llvm::AnalysisManagerllvm::Function >::run(llvm::Function&, llvm::AnalysisManagerllvm::Function&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x160f361)
#14 0x000056345f416bc4 llvm::CGSCCToFunctionPassAdaptor::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x2705bc4)
#15 0x000056345e320e41 llvm::detail::PassModel<llvm::LazyCallGraph::SCC, llvm::CGSCCToFunctionPassAdaptor, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x160fe41)
#16 0x000056345f40f6e3 llvm::PassManager<llvm::LazyCallGraph::SCC, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x26fe6e3)
#17 0x000056345fdbcaf1 llvm::detail::PassModel<llvm::LazyCallGraph::SCC, llvm::PassManager<llvm::LazyCallGraph::SCC, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x30abaf1)
#18 0x000056345f412b88 llvm::DevirtSCCRepeatedPass::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x2701b88)
#19 0x000056345fdbcab1 llvm::detail::PassModel<llvm::LazyCallGraph::SCC, llvm::DevirtSCCRepeatedPass, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x30abab1)
#20 0x000056345f41113b llvm::ModuleToPostOrderCGSCCPassAdaptor::run(llvm::Module&, llvm::AnalysisManagerllvm::Module&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x270013b)
#21 0x000056345fdbcb31 llvm::detail::PassModel<llvm::Module, llvm::ModuleToPostOrderCGSCCPassAdaptor, llvm::PreservedAnalyses, llvm::AnalysisManagerllvm::Module >::run(llvm::Module&, llvm::AnalysisManagerllvm::Module&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x30abb31)
#22 0x000056345fcbd424 llvm::PassManager<llvm::Module, llvm::AnalysisManagerllvm::Module >::run(llvm::Module&, llvm::AnalysisManagerllvm::Module&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x2fac424)
#23 0x000056345fdbf2a3 llvm::ModuleInlinerWrapperPass::run(llvm::Module&, llvm::AnalysisManagerllvm::Module&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x30ae2a3)
#24 0x00005634614d1151 llvm::detail::PassModel<llvm::Module, llvm::ModuleInlinerWrapperPass, llvm::PreservedAnalyses, llvm::AnalysisManagerllvm::Module >::run(llvm::Module&, llvm::AnalysisManagerllvm::Module&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x47c0151)
#25 0x000056345fcbd424 llvm::PassManager<llvm::Module, llvm::AnalysisManagerllvm::Module >::run(llvm::Module&, llvm::AnalysisManagerllvm::Module&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x2fac424)
#26 0x0000563460790508 (anonymous namespace)::EmitAssemblyHelper::EmitAssemblyWithNewPassManager(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_deletellvm::raw_pwrite_stream >) BackendUtil.cpp:0:0
#27 0x0000563460795443 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_deletellvm::raw_pwrite_stream >) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x3a84443)
#28 0x00005634614554ea clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x47444ea)
#29 0x0000563462321179 clang::ParseAST(clang::Sema&, bool, bool) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x5610179)
#30 0x0000563461455688 clang::CodeGenAction::ExecuteAction() (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x4744688)
#31 0x0000563460db5b81 clang::FrontendAction::Execute() (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x40a4b81)
#32 0x0000563460d5244a clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x404144a)
#33 0x0000563460e8379a clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x417279a)
#34 0x000056345e09c6cc cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x138b6cc)
#35 0x000056345e097a79 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0
#36 0x000056345dfc4407 main (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x12b3407)
#37 0x00007f6950d13bf7 __libc_start_main /build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:344:0
#38 0x000056345e0975ea _start (/local/suz-local/software/local/clang-trunk/bin/clang-13+0x13865ea)
clang-13: error: unable to execute command: Segmentation fault
clang-13: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 13.0.0 (https://github.com/llvm/llvm-project.git 205cde6)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /local/suz-local/opfuzz/bin
clang-13: note: diagnostic msg:
PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-13: note: diagnostic msg: /tmp/small-bfab67.c
clang-13: note: diagnostic msg: /tmp/small-bfab67.sh
clang-13: note: diagnostic msg:
[554] %
[554] % cat small.c
int a;
int main() {
a = 0;
while (a)
for (a = 0; a < 1; a++)
;
return 0;
}
The text was updated successfully, but these errors were encountered: