Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ICE on valid code with -O1: Assertion `(i >= FTy->getNumParams() || FTy->getParamType(i) == Args[i]->getType()) && "Calling a function with a bad signature!"' failed. #50194

Closed
chengniansun opened this issue Jun 24, 2021 · 1 comment
Labels
bugzilla Issues migrated from bugzilla c

Comments

@chengniansun
Copy link

Bugzilla Link 50850
Resolution FIXED
Resolved on Aug 15, 2021 15:40
Version trunk
OS Linux
CC @DougGregor,@zygoloid,@rotateright
Fixed by commit(s) 8721490 ca63701

Extended Description

$ clang-trunk -v
clang version 13.0.0 (https://github.com/llvm/llvm-project.git 24d48d4)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/cnsun/usr/bin
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Candidate multilib: x32;@MX32
Selected multilib: .;@m64

$ cat mutant.c
extern memcmp(const *, const *, buf1);
buf1() {
if (memcmp(buf1, "abcde", 6))
abort();
}

$ clang-trunk -O1 mutant.c
mutant.c:1:22: warning: type specifier missing, defaults to 'int' [-Wimplicit-int]
extern memcmp(const *, const *, buf1);
~~~~~ ^
mutant.c:1:31: warning: type specifier missing, defaults to 'int' [-Wimplicit-int]
extern memcmp(const *, const *, buf1);
~~~~~ ^
mutant.c:1:33: warning: type specifier missing, defaults to 'int' [-Wimplicit-int]
extern memcmp(const *, const *, buf1);
^
mutant.c:1:8: warning: type specifier missing, defaults to 'int' [-Wimplicit-int]
extern memcmp(const *, const *, buf1);

mutant.c:1:8: warning: incompatible redeclaration of library function 'memcmp' [-Wincompatible-library-redeclaration]
mutant.c:1:8: note: 'memcmp' is a builtin with type 'int (const void *, const void *, unsigned long)'
mutant.c:2:1: warning: type specifier missing, defaults to 'int' [-Wimplicit-int]
buf1() {
^
mutant.c:3:14: warning: incompatible pointer types passing 'int ()' to parameter of type 'const int *' [-Wincompatible-pointer-types]
  if (memcmp(buf1, "abcde", 6))
             ^~~~
mutant.c:1:22: note: passing argument to parameter here
extern memcmp(const *, const *, buf1);
                     ^
mutant.c:3:20: warning: incompatible pointer types passing 'char [6]' to parameter of type 'const int *' [-Wincompatible-pointer-types]
  if (memcmp(buf1, "abcde", 6))
                   ^~~~~~~
mutant.c:1:31: note: passing argument to parameter here
extern memcmp(const *, const *, buf1);
                              ^
mutant.c:4:5: warning: implicitly declaring library function 'abort' with type 'void (void) __attribute__((noreturn))' [-Wimplicit-function-declaration]
    abort();
    ^
mutant.c:4:5: note: include the header <stdlib.h> or explicitly provide a declaration for 'abort'
mutant.c:5:1: warning: non-void function does not return a value in all control paths [-Wreturn-type]
}
^
clang-13: /tmp/tmp.nPuVKAIgXI-clang-builder/llvm-project/llvm/lib/IR/Instructions.cpp:492: void llvm::CallInst::init(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::ArrayRef<llvm::OperandBundleDefT<llvm::Value*> >, const llvm::Twine&): Assertion `(i >= FTy->getNumParams() || FTy->getParamType(i) == Args[i]->getType()) && "Calling a function with a bad signature!"' failed.
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: /scratch/software/clang-trunk/bin/clang-13 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj --mrelax-relocations -disable-free -main-file-name mutant.c -mrelocation-model static -mframe-pointer=none -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/scratch/cnsun/workspace/perses-fuzzer/default_c_finding_folder/crash_20210623_053748_00c0/delta/perses_result -resource-dir /scratch/software/clang-trunk/lib/clang/13.0.0 -c-isystem . -c-isystem /usr/local/include/cmsith -internal-isystem /scratch/software/clang-trunk/lib/clang/13.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O1 -fdebug-compilation-dir=/scratch/cnsun/workspace/perses-fuzzer/default_c_finding_folder/crash_20210623_053748_00c0/delta/perses_result -ferror-limit 19 -fgnuc-version=4.2.1 -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/mutant-b16a95.o -x c mutant.c
1.	<eof> parser at end of file
2.	Optimizer
 #&#8203;0 0x00005567f70ac274 PrintStackTraceSignalHandler(void*) Signals.cpp:0:0
 #&#8203;1 0x00005567f70a9a2e SignalHandler(int) Signals.cpp:0:0
 #&#8203;2 0x00007fe42e4843c0 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x153c0)
 #&#8203;3 0x00007fe42df2318b raise /build/glibc-ZN95T4/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
 #&#8203;4 0x00007fe42df02859 abort /build/glibc-ZN95T4/glibc-2.31/stdlib/abort.c:81:7
 #&#8203;5 0x00007fe42df02729 get_sysdep_segment_value /build/glibc-ZN95T4/glibc-2.31/intl/loadmsgcat.c:509:8
 #&#8203;6 0x00007fe42df02729 _nl_load_domain /build/glibc-ZN95T4/glibc-2.31/intl/loadmsgcat.c:970:34
 #&#8203;7 0x00007fe42df13f36 (/lib/x86_64-linux-gnu/libc.so.6+0x36f36)
 #&#8203;8 0x00005567f67621fa llvm::CallInst::init(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::ArrayRef<llvm::OperandBundleDefT<llvm::Value*> >, llvm::Twine const&) (/scratch/software/clang-trunk/bin/clang-13+0x30061fa)
 #&#8203;9 0x00005567f70dc36b llvm::IRBuilderBase::CreateCall(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::Twine const&, llvm::MDNode*) (.constprop.0) BuildLibCalls.cpp:0:0
#&#8203;10 0x00005567f70e0ba5 emitLibCall(llvm::LibFunc, llvm::Type*, llvm::ArrayRef<llvm::Type*>, llvm::ArrayRef<llvm::Value*>, llvm::IRBuilderBase&, llvm::TargetLibraryInfo const*, bool) BuildLibCalls.cpp:0:0
#&#8203;11 0x00005567f70e23c7 llvm::emitBCmp(llvm::Value*, llvm::Value*, llvm::Value*, llvm::IRBuilderBase&, llvm::DataLayout const&, llvm::TargetLibraryInfo const*) (/scratch/software/clang-trunk/bin/clang-13+0x39863c7)
#&#8203;12 0x00005567f7269965 llvm::LibCallSimplifier::optimizeStringMemoryLibCall(llvm::CallInst*, llvm::IRBuilderBase&) (/scratch/software/clang-trunk/bin/clang-13+0x3b0d965)
#&#8203;13 0x00005567f726a16a llvm::LibCallSimplifier::optimizeCall(llvm::CallInst*, llvm::IRBuilderBase&) (/scratch/software/clang-trunk/bin/clang-13+0x3b0e16a)
#&#8203;14 0x00005567f6a5b622 llvm::InstCombinerImpl::tryOptimizeCall(llvm::CallInst*) (/scratch/software/clang-trunk/bin/clang-13+0x32ff622)
#&#8203;15 0x00005567f6a6054d llvm::InstCombinerImpl::visitCallBase(llvm::CallBase&) (/scratch/software/clang-trunk/bin/clang-13+0x330454d)
#&#8203;16 0x00005567f6a6240c llvm::InstCombinerImpl::visitCallInst(llvm::CallInst&) (/scratch/software/clang-trunk/bin/clang-13+0x330640c)
#&#8203;17 0x00005567f6a1fbf8 llvm::InstCombinerImpl::run() (/scratch/software/clang-trunk/bin/clang-13+0x32c3bf8)
#&#8203;18 0x00005567f6a22333 combineInstructionsOverFunction(llvm::Function&, llvm::InstCombineWorklist&, llvm::AAResults*, llvm::AssumptionCache&, llvm::TargetLibraryInfo&, llvm::TargetTransformInfo&, llvm::DominatorTree&, llvm::OptimizationRemarkEmitter&, llvm::BlockFrequencyInfo*, llvm::ProfileSummaryInfo*, unsigned int, llvm::LoopInfo*) InstructionCombining.cpp:0:0
#&#8203;19 0x00005567f6a24391 llvm::InstCombinePass::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/scratch/software/clang-trunk/bin/clang-13+0x32c8391)
#&#8203;20 0x00005567f82847d6 llvm::detail::PassModel<llvm::Function, llvm::InstCombinePass, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/scratch/software/clang-trunk/bin/clang-13+0x4b287d6)
#&#8203;21 0x00005567f67e75c6 llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/scratch/software/clang-trunk/bin/clang-13+0x308b5c6)
#&#8203;22 0x00005567f4c832a6 llvm::detail::PassModel<llvm::Function, llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function> >, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/scratch/software/clang-trunk/bin/clang-13+0x15272a6)
#&#8203;23 0x00005567f67e60e9 llvm::ModuleToFunctionPassAdaptor::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/scratch/software/clang-trunk/bin/clang-13+0x308a0e9)
#&#8203;24 0x00005567f4c83b16 llvm::detail::PassModel<llvm::Module, llvm::ModuleToFunctionPassAdaptor, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/scratch/software/clang-trunk/bin/clang-13+0x1527b16)
#&#8203;25 0x00005567f67e39cf llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/scratch/software/clang-trunk/bin/clang-13+0x30879cf)
#&#8203;26 0x00005567f73dcbfd (anonymous namespace)::EmitAssemblyHelper::EmitAssemblyWithNewPassManager(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) BackendUtil.cpp:0:0
#&#8203;27 0x00005567f73dfe7d clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) (/scratch/software/clang-trunk/bin/clang-13+0x3c83e7d)
#&#8203;28 0x00005567f820a44f clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/scratch/software/clang-trunk/bin/clang-13+0x4aae44f)
#&#8203;29 0x00005567f92c1e49 clang::ParseAST(clang::Sema&, bool, bool) (/scratch/software/clang-trunk/bin/clang-13+0x5b65e49)
#&#8203;30 0x00005567f8208f98 clang::CodeGenAction::ExecuteAction() (/scratch/software/clang-trunk/bin/clang-13+0x4aacf98)
#&#8203;31 0x00005567f7ab7e79 clang::FrontendAction::Execute() (/scratch/software/clang-trunk/bin/clang-13+0x435be79)
#&#8203;32 0x00005567f7a4b0c6 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/scratch/software/clang-trunk/bin/clang-13+0x42ef0c6)
#&#8203;33 0x00005567f7b95d00 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/scratch/software/clang-trunk/bin/clang-13+0x4439d00)
#&#8203;34 0x00005567f49bcb06 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/scratch/software/clang-trunk/bin/clang-13+0x1260b06)
#&#8203;35 0x00005567f49b8e48 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0
#&#8203;36 0x00005567f48e60c6 main (/scratch/software/clang-trunk/bin/clang-13+0x118a0c6)
#&#8203;37 0x00007fe42df040b3 __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:342:3
#&#8203;38 0x00005567f49b89be _start (/scratch/software/clang-trunk/bin/clang-13+0x125c9be)
clang-13: error: unable to execute command: Aborted (core dumped)
clang-13: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 13.0.0 (https://github.com/llvm/llvm-project.git 24d48d45cc302a6abeab139d87ba87f7a2335323)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/cnsun/usr/bin
clang-13: note: diagnostic msg:
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-13: note: diagnostic msg: /tmp/mutant-23596d.c
clang-13: note: diagnostic msg: /tmp/mutant-23596d.sh
clang-13: note: diagnostic msg:

********************
@rotateright
Copy link
Contributor

This is another case of lax libcall function signature matching.
It requires a target (eg, Linux not macOS) that has "bcmp" to trigger.

Should be fixed with:
https://reviews.llvm.org/rGca637014f148

This required changing a big pile of x86 regression tests:
https://reviews.llvm.org/rG8721490d3859

...and the bug has probably been around for a long time without anyone noticing, so I'm marking as fixed instead of requesting backporting to the 13.0 release branch.

@llvmbot llvmbot transferred this issue from llvm/llvm-bugzilla-archive Dec 11, 2021
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bugzilla Issues migrated from bugzilla c
Projects
None yet
Development

No branches or pull requests

2 participants