28935 – crash at -Os and above in 64-bit mode on x86_64-linux-gnu (Assertion `getTypeSizeInBits(Op->getType()) < getTypeSizeInBits(Ty) && "This is not an extending conversion!"' failed.)

LLVM Bugzilla is read-only and represents the historical archive of all LLVM issues filled before November 26, 2021. Use github to submit LLVM bugs

Bug 28935 - crash at -Os and above in 64-bit mode on x86_64-linux-gnu (Assertion `getTypeSizeInBits(Op->getType()) < getTypeSizeInBits(Ty) && "This is not an extending conversion!"' failed.)

Summary: crash at -Os and above in 64-bit mode on x86_64-linux-gnu (Assertion `getType...

Status:	RESOLVED FIXED

Alias:	None

Product:	clang
Classification:	Unclassified
Component:	-New Bugs (show other bugs)
Version:	trunk
Hardware:	PC All

Importance:	P normal
Assignee:	Unassigned Clang Bugs

URL:
Keywords:

Depends on:
Blocks:	28600
	Show dependency tree

Reported:	2016-08-11 02:35 PDT by Chengnian Sun
Modified:	2016-08-13 20:03 PDT (History)
CC List:	4 users (show)

See Also:
Fixed By Commit(s):

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chengnian Sun 2016-08-11 02:35:35 PDT

$ clang-trunk -v
clang version 4.0.0 (trunk 278233)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/local/bin
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/5
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/5.3.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.8.5
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9.2
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9.3
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5.3.0
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.8
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Candidate multilib: x32;@mx32
Selected multilib: .;@m64
$ clang-trunk -Os small.c
clang-4.0: /tmp/llvm-builder/llvm-source-trunk/lib/Analysis/ScalarEvolution.cpp:1407: const llvm::SCEV* llvm::ScalarEvolution::getZeroExtendExpr(const llvm::SCEV*, llvm::Type*): Assertion `getTypeSizeInBits(Op->getType()) < getTypeSizeInBits(Ty) && "This is not an extending conversion!"' failed.
#0 0x0000000001c22da5 llvm::sys::PrintStackTrace(llvm::raw_ostream&) (/usr/local/clang-trunk/bin/clang-4.0+0x1c22da5)
#1 0x0000000001c20d0e llvm::sys::RunSignalHandlers() (/usr/local/clang-trunk/bin/clang-4.0+0x1c20d0e)
#2 0x0000000001c20e72 SignalHandler(int) (/usr/local/clang-trunk/bin/clang-4.0+0x1c20e72)
#3 0x00007fe050527330 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x10330)
#4 0x00007fe04f318c37 gsignal /build/eglibc-oGUzwX/eglibc-2.19/signal/../nptl/sysdeps/unix/sysv/linux/raise.c:56:0
#5 0x00007fe04f31c028 abort /build/eglibc-oGUzwX/eglibc-2.19/stdlib/abort.c:91:0
#6 0x00007fe04f311bf6 __assert_fail_base /build/eglibc-oGUzwX/eglibc-2.19/assert/assert.c:92:0
#7 0x00007fe04f311ca2 (/lib/x86_64-linux-gnu/libc.so.6+0x2fca2)
#8 0x00000000014faf7c llvm::ScalarEvolution::getZeroExtendExpr(llvm::SCEV const*, llvm::Type*) (/usr/local/clang-trunk/bin/clang-4.0+0x14faf7c)
#9 0x0000000001ad67d2 (anonymous namespace)::IndVarSimplify::run(llvm::Loop*) [clone .part.454] (/usr/local/clang-trunk/bin/clang-4.0+0x1ad67d2)
#10 0x0000000001ad93d9 (anonymous namespace)::IndVarSimplifyLegacyPass::runOnLoop(llvm::Loop*, llvm::LPPassManager&) [clone .part.455] (/usr/local/clang-trunk/bin/clang-4.0+0x1ad93d9)
#11 0x0000000002492b5f llvm::LPPassManager::runOnFunction(llvm::Function&) (/usr/local/clang-trunk/bin/clang-4.0+0x2492b5f)
#12 0x00000000018a5763 llvm::FPPassManager::runOnFunction(llvm::Function&) (/usr/local/clang-trunk/bin/clang-4.0+0x18a5763)
#13 0x0000000002471bc0 (anonymous namespace)::CGPassManager::runOnModule(llvm::Module&) (/usr/local/clang-trunk/bin/clang-4.0+0x2471bc0)
#14 0x00000000018a5dff llvm::legacy::PassManagerImpl::run(llvm::Module&) (/usr/local/clang-trunk/bin/clang-4.0+0x18a5dff)
#15 0x0000000001d7bea0 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) (/usr/local/clang-trunk/bin/clang-4.0+0x1d7bea0)
#16 0x00000000023716e8 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/usr/local/clang-trunk/bin/clang-4.0+0x23716e8)
#17 0x00000000026c419b clang::ParseAST(clang::Sema&, bool, bool) (/usr/local/clang-trunk/bin/clang-4.0+0x26c419b)
#18 0x0000000002371ade clang::CodeGenAction::ExecuteAction() (/usr/local/clang-trunk/bin/clang-4.0+0x2371ade)
#19 0x000000000208ee46 clang::FrontendAction::Execute() (/usr/local/clang-trunk/bin/clang-4.0+0x208ee46)
#20 0x0000000002069e4e clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/usr/local/clang-trunk/bin/clang-4.0+0x2069e4e)
#21 0x0000000002114946 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/usr/local/clang-trunk/bin/clang-4.0+0x2114946)
#22 0x0000000000a52ee8 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/usr/local/clang-trunk/bin/clang-4.0+0xa52ee8)
#23 0x00000000009fdbcf main (/usr/local/clang-trunk/bin/clang-4.0+0x9fdbcf)
#24 0x00007fe04f303f45 __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:321:0
#25 0x0000000000a4ed9d _start (/usr/local/clang-trunk/bin/clang-4.0+0xa4ed9d)
Stack dump:
0.      Program arguments: /usr/local/clang-trunk/bin/clang-4.0 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj -disable-free -main-file-name small.c -mrelocation-model static -mthread-model posix -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64 -momit-leaf-frame-pointer -dwarf-column-info -debugger-tuning=gdb -resource-dir /usr/local/clang-trunk/bin/../lib/clang/4.0.0 -c-isystem . -c-isystem /usr/local/include/csmith-2.2.0/ -c-isystem /usr/local/include/csmith-2.2.0/ -internal-isystem /usr/local/include -internal-isystem /usr/local/clang-trunk/bin/../lib/clang/4.0.0/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -Os -fdebug-compilation-dir /home/cnsun/ramdisk/hermes/run-2/res/20160810-clang-trunk-m64-g-O3-build-134704/delta -ferror-limit 19 -fmessage-length 118 -fobjc-runtime=gcc -fdiagnostics-show-option -fcolor-diagnostics -vectorize-loops -vectorize-slp -o /tmp/small-fba2b9.o -x c small.c
1.      <eof> parser at end of file
2.      Per-module optimization passes
3.      Running pass 'CallGraph Pass Manager' on module 'small.c'.
4.      Running pass 'Loop Pass Manager' on function '@fn2'
5.      Running pass 'Induction Variable Simplification' on basic block '%for.cond'
clang-4.0: error: unable to execute command: Aborted (core dumped)
clang-4.0: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 4.0.0 (trunk 278233)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/local/bin
clang-4.0: note: diagnostic msg: PLEASE submit a bug report to http://llvm.org/bugs/ and include the crash backtrace, preprocessed source, and associated run script.
clang-4.0: note: diagnostic msg:
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-4.0: note: diagnostic msg: /tmp/small-6e2525.c
clang-4.0: note: diagnostic msg: /tmp/small-6e2525.sh
clang-4.0: note: diagnostic msg:

********************
$ cat small.c
int a;
char d;
unsigned short fn1(unsigned short, long long);
static char fn2(p1) {
  char e;
  int f;
  for (;; f++) {
    e = fn1(f, f);
    d = e << a;
  }
}

unsigned short fn1(unsigned short p1, long long p2) {
  fn2(p2);
  return p1;
}
$

Comment 1 David Majnemer 2016-08-11 12:22:46 PDT

It's -indvars, reduced IR:
target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"

@a = external global i32, align 4
@d = external global i8, align 1

declare zeroext i16 @fn1(i16 returned zeroext, i64)

define internal void @fn2() {
entry:
  br label %for.cond

for.cond:                                         ; preds = %for.cond, %entry
  %f.0 = phi i32 [ undef, %entry ], [ %inc, %for.cond ]
  %conv = trunc i32 %f.0 to i16
  %conv1 = sext i32 %f.0 to i64
  %call = tail call zeroext i16 @fn1(i16 zeroext %conv, i64 %conv1)
  %conv2 = zext i16 %call to i32
  %inc = add nsw i32 %f.0, 1
  br label %for.cond
}

Comment 2 David Majnemer 2016-08-11 12:54:53 PDT

reduced further:
target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"

declare i16 @fn1(i16 returned, i64)

define void @fn2() {
entry:
  br label %for.cond

for.cond:                                         ; preds = %for.cond, %entry
  %f.0 = phi i64 [ undef, %entry ], [ %inc, %for.cond ]
  %conv = trunc i64 %f.0 to i16
  %call = tail call i16 @fn1(i16 %conv, i64 %f.0)
  %conv2 = zext i16 %call to i32
  %inc = add nsw i64 %f.0, 1
  br label %for.cond
}

Comment 3 Hans Wennborg 2016-08-12 13:46:56 PDT

Looks like a 3.8 -> 3.9 regression.

David, are you looking at this at the moment? Otherwise I'll start bisecting.

Comment 4 David Majnemer 2016-08-12 14:13:40 PDT

(In reply to comment #3)
> Looks like a 3.8 -> 3.9 regression.
> 
> David, are you looking at this at the moment? Otherwise I'll start bisecting.

I've bisected it already, it has to do with inference of 'returned'.
I've asked Sanjoy to take a look at this one.

Comment 5 Sanjoy Das 2016-08-13 20:03:35 PDT

Should be fixed in 278584