ICE on valid code at -O1: llvm::IRBuilderBase::CreatePtrDiff(llvm::Value*, llvm::Value*, const llvm::Twine&): Assertion `LHS->getType() == RHS->getType() && "Pointer subtraction operand types must match!"' failed. #50544
Labels
bugzilla
Issues migrated from bugzilla
Comments
|
This could be viewed as a failure of function signature matching (see related bugs), but if it is, then it is a much bigger problem than matching sprintf alone. We don't check exact pointer type for any library calls AFAICT. I'm also not sure how that will play out if LLVM goes to type-less pointers. For now, just cast around the type difference to allow this fold (and not crash): |
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Extended Description
$ clang-trunk -v
clang version 13.0.0 (https://github.com/llvm/llvm-project.git ab5ac65)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/cnsun/usr/bin
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Candidate multilib: x32;@MX32
Selected multilib: .;@m64
$ cat mutant.c
int sprintf(char **, const *, ...);
g1(d) {
const *p1;
if (sprintf(d, "%s", p1))
abort();
}
$ clang-trunk -w -O1 mutant.c
clang-13: /tmp/tmp.Gcp8nSn9Hr-clang-builder/llvm-project/llvm/lib/IR/IRBuilder.cpp:994: llvm::Value* llvm::IRBuilderBase::CreatePtrDiff(llvm::Value*, llvm::Value*, const llvm::Twine&): Assertion `LHS->getType() == RHS->getType() && "Pointer subtraction operand types must match!"' failed.
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: /scratch/software/clang-trunk/bin/clang-13 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj --mrelax-relocations -disable-free -main-file-name mutant.c -mrelocation-model static -mframe-pointer=none -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/scratch/cnsun/workspace/perses-fuzzer/temp_testing_campaigns/default_finding_folder_c/crash_20210708_161828_2946/delta/perses_result -resource-dir /scratch/software/clang-trunk/lib/clang/13.0.0 -c-isystem . -c-isystem /usr/local/include/cmsith -internal-isystem /scratch/software/clang-trunk/lib/clang/13.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O1 -w -fdebug-compilation-dir=/scratch/cnsun/workspace/perses-fuzzer/temp_testing_campaigns/default_finding_folder_c/crash_20210708_161828_2946/delta/perses_result -ferror-limit 19 -fgnuc-version=4.2.1 -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/mutant-c35c17.o -x c mutant.c
#0 0x00005626fabf6754 PrintStackTraceSignalHandler(void*) Signals.cpp:0:0
#1 0x00005626fabf3e6e SignalHandler(int) Signals.cpp:0:0
#2 0x00007fa20e3c03c0 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x153c0)
#3 0x00007fa20de5f18b raise /build/glibc-ZN95T4/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
#4 0x00007fa20de3e859 abort /build/glibc-ZN95T4/glibc-2.31/stdlib/abort.c:81:7
#5 0x00007fa20de3e729 get_sysdep_segment_value /build/glibc-ZN95T4/glibc-2.31/intl/loadmsgcat.c:509:8
#6 0x00007fa20de3e729 _nl_load_domain /build/glibc-ZN95T4/glibc-2.31/intl/loadmsgcat.c:970:34
#7 0x00007fa20de4ff36 (/lib/x86_64-linux-gnu/libc.so.6+0x36f36)
#8 0x00005626fa26caa4 llvm::IRBuilderBase::CreatePtrDiff(llvm::Value*, llvm::Value*, llvm::Twine const&) (/scratch/software/clang-trunk/bin/clang-13+0x319baa4)
#9 0x00005626fada6c3f llvm::LibCallSimplifier::optimizeSPrintFString(llvm::CallInst*, llvm::IRBuilderBase&) (/scratch/software/clang-trunk/bin/clang-13+0x3cd5c3f)
#10 0x00005626fadae190 llvm::LibCallSimplifier::optimizeSPrintF(llvm::CallInst*, llvm::IRBuilderBase&) (/scratch/software/clang-trunk/bin/clang-13+0x3cdd190)
#11 0x00005626fadb4293 llvm::LibCallSimplifier::optimizeCall(llvm::CallInst*, llvm::IRBuilderBase&) (/scratch/software/clang-trunk/bin/clang-13+0x3ce3293)
#12 0x00005626fa595b26 llvm::InstCombinerImpl::tryOptimizeCall(llvm::CallInst*) (/scratch/software/clang-trunk/bin/clang-13+0x34c4b26)
#13 0x00005626fa59a8ec llvm::InstCombinerImpl::visitCallBase(llvm::CallBase&) (/scratch/software/clang-trunk/bin/clang-13+0x34c98ec)
#14 0x00005626fa59c77c llvm::InstCombinerImpl::visitCallInst(llvm::CallInst&) (/scratch/software/clang-trunk/bin/clang-13+0x34cb77c)
#15 0x00005626fa55a678 llvm::InstCombinerImpl::run() (/scratch/software/clang-trunk/bin/clang-13+0x3489678)
#16 0x00005626fa55cc53 combineInstructionsOverFunction(llvm::Function&, llvm::InstCombineWorklist&, llvm::AAResults*, llvm::AssumptionCache&, llvm::TargetLibraryInfo&, llvm::TargetTransformInfo&, llvm::DominatorTree&, llvm::OptimizationRemarkEmitter&, llvm::BlockFrequencyInfo*, llvm::ProfileSummaryInfo*, unsigned int, llvm::LoopInfo*) InstructionCombining.cpp:0:0
#17 0x00005626fa55ecb1 llvm::InstCombinePass::run(llvm::Function&, llvm::AnalysisManagerllvm::Function&) (/scratch/software/clang-trunk/bin/clang-13+0x348dcb1)
#18 0x00005626fbe05386 llvm::detail::PassModel<llvm::Function, llvm::InstCombinePass, llvm::PreservedAnalyses, llvm::AnalysisManagerllvm::Function >::run(llvm::Function&, llvm::AnalysisManagerllvm::Function&) (/scratch/software/clang-trunk/bin/clang-13+0x4d34386)
#19 0x00005626fa30b076 llvm::PassManager<llvm::Function, llvm::AnalysisManagerllvm::Function >::run(llvm::Function&, llvm::AnalysisManagerllvm::Function&) (/scratch/software/clang-trunk/bin/clang-13+0x323a076)
#20 0x00005626f8743306 llvm::detail::PassModel<llvm::Function, llvm::PassManager<llvm::Function, llvm::AnalysisManagerllvm::Function >, llvm::PreservedAnalyses, llvm::AnalysisManagerllvm::Function >::run(llvm::Function&, llvm::AnalysisManagerllvm::Function&) (/scratch/software/clang-trunk/bin/clang-13+0x1672306)
#21 0x00005626fa309b99 llvm::ModuleToFunctionPassAdaptor::run(llvm::Module&, llvm::AnalysisManagerllvm::Module&) (/scratch/software/clang-trunk/bin/clang-13+0x3238b99)
#22 0x00005626f8743d36 llvm::detail::PassModel<llvm::Module, llvm::ModuleToFunctionPassAdaptor, llvm::PreservedAnalyses, llvm::AnalysisManagerllvm::Module >::run(llvm::Module&, llvm::AnalysisManagerllvm::Module&) (/scratch/software/clang-trunk/bin/clang-13+0x1672d36)
#23 0x00005626fa30747f llvm::PassManager<llvm::Module, llvm::AnalysisManagerllvm::Module >::run(llvm::Module&, llvm::AnalysisManagerllvm::Module&) (/scratch/software/clang-trunk/bin/clang-13+0x323647f)
#24 0x00005626faf331cc (anonymous namespace)::EmitAssemblyHelper::EmitAssemblyWithNewPassManager(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_deletellvm::raw_pwrite_stream >) BackendUtil.cpp:0:0
#25 0x00005626faf3643d clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_deletellvm::raw_pwrite_stream >) (/scratch/software/clang-trunk/bin/clang-13+0x3e6543d)
#26 0x00005626fbd8a7af clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/scratch/software/clang-trunk/bin/clang-13+0x4cb97af)
#27 0x00005626fce4ef59 clang::ParseAST(clang::Sema&, bool, bool) (/scratch/software/clang-trunk/bin/clang-13+0x5d7df59)
#28 0x00005626fbd892f8 clang::CodeGenAction::ExecuteAction() (/scratch/software/clang-trunk/bin/clang-13+0x4cb82f8)
#29 0x00005626fb627419 clang::FrontendAction::Execute() (/scratch/software/clang-trunk/bin/clang-13+0x4556419)
#30 0x00005626fb5bd07e clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/scratch/software/clang-trunk/bin/clang-13+0x44ec07e)
#31 0x00005626fb705710 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/scratch/software/clang-trunk/bin/clang-13+0x4634710)
#32 0x00005626f847115d cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/scratch/software/clang-trunk/bin/clang-13+0x13a015d)
#33 0x00005626f846d4a8 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0
#34 0x00005626f8398126 main (/scratch/software/clang-trunk/bin/clang-13+0x12c7126)
#35 0x00007fa20de400b3 __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:342:3
#36 0x00005626f846d01e _start (/scratch/software/clang-trunk/bin/clang-13+0x139c01e)
clang-13: error: unable to execute command: Aborted (core dumped)
clang-13: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 13.0.0 (https://github.com/llvm/llvm-project.git ab5ac65)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/cnsun/usr/bin
clang-13: note: diagnostic msg:
PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-13: note: diagnostic msg: /tmp/mutant-b7d93a.c
clang-13: note: diagnostic msg: /tmp/mutant-b7d93a.sh
clang-13: note: diagnostic msg:
The text was updated successfully, but these errors were encountered: