42267 – segmentation fault of target program caused by loop-reroll with "opt -mem2reg -loop-unswitch -indvars -loop-rotate -loop-unswitch -jump-threading -loop-unroll -jump-threading -loop-reroll"

LLVM Bugzilla is read-only and represents the historical archive of all LLVM issues filled before November 26, 2021. Use github to submit LLVM bugs

Bug 42267 - segmentation fault of target program caused by loop-reroll with "opt -mem2reg -loop-unswitch -indvars -loop-rotate -loop-unswitch -jump-threading -loop-unroll -jump-threading -loop-reroll"

Summary: segmentation fault of target program caused by loop-reroll with "opt -mem2reg...

Status:	NEW

Alias:	None

Product:	libraries
Classification:	Unclassified
Component:	Scalar Optimizations (show other bugs)
Version:	trunk
Hardware:	PC Linux

Importance:	P enhancement
Assignee:	Unassigned LLVM Bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-06-13 01:02 PDT by Zhide Zhou
Modified:	2019-07-11 06:15 PDT (History)
CC List:	3 users (show)

See Also:
Fixed By Commit(s):

Attachments
.bc file of the source code (8.46 KB, application/octet-stream) 2019-06-13 01:02 PDT, Zhide Zhou	Details
small-opt.bc (8.57 KB, application/octet-stream) 2019-06-13 01:04 PDT, Zhide Zhou	Details
small-before-reroll.bc (9.28 KB, application/octet-stream) 2019-07-11 06:15 PDT, Florian Hahn	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Zhide Zhou 2019-06-13 01:02:50 PDT

Created attachment 22089 [details]
.bc file of the source code

$clang -v
clang version 9.0.0 (trunk 362492)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/jack-zhou/Documents/llvm/llvm_truck/llvm2/build/bin
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5.5.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6.5.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7.4.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/8
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7.4.0
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Candidate multilib: x32;@mx32
Selected multilib: .;@m64


$gcc small.c -o small1.out && ./small1.out
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

$clang small.c -o small2.out && ./small2.out
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000


$clang -O3 -c -emit-llvm  -mllvm -disable-llvm-optzns small.c

$opt -mem2reg -loop-unswitch -indvars -loop-rotate -loop-unswitch -jump-threading -loop-unroll -jump-threading  small.bc -o small-opt.bc

$clang small-opt.bc -o small3.out && ./small3.out
Segmentation fault (core dumped)

without loop-reroll pass, the output is correct.
$$opt -mem2reg -loop-unswitch -indvars -loop-rotate -loop-unswitch -jump-threading -loop-unroll -jump-threading  small.bc -o small-opt1.bc

$clang small-opt1.bc -o small4.out && ./small4.out
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

---------------------------------------
#include<stdio.h>
int a[8][10][2];
void main() {
  int b, c, d;
  for (b = 0; b < 8; b++)
    for (c = 0; c < 10; c++)
      for (d = 0; d < 2; d++)
        printf("%d", a[b][c][d]);
}

Comment 1 Zhide Zhou 2019-06-13 01:04:05 PDT

Created attachment 22090 [details]
small-opt.bc

Comment 2 Florian Hahn 2019-07-11 06:15:17 PDT

Created attachment 22228 [details]
small-before-reroll.bc

I've attached small-before-reroll.bc, which requires only -loop-reroll to trigger different behavior


opt -loop-reroll small-before-reroll.bc -o small-opt.bc 
clang small-opt.bc -o small3.out && ./small3.out
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001935631468168495753894372981769107551144159403213319694483121701077349723593702-187904742400206211048847123191027111677721701677721705160006147219694483121701077349016345576961852404336160041688918524002232036621151163515019400000000000000000000000000000000000000000000000

clang small-before-reroll -o small3.out && ./small3.out
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000