50846 – ICE on valid code with -O1: Assertion `BitWidth == RHS.BitWidth && "Bit widths must be the same"' failed.

LLVM Bugzilla is read-only and represents the historical archive of all LLVM issues filled before November 26, 2021. Use github to submit LLVM bugs

Bug 50846 - ICE on valid code with -O1: Assertion `BitWidth == RHS.BitWidth && "Bit widths must be the same"' failed.

Summary: ICE on valid code with -O1: Assertion `BitWidth == RHS.BitWidth && "Bit width...

Status:	RESOLVED FIXED

Alias:	None

Product:	libraries
Classification:	Unclassified
Component:	Scalar Optimizations (show other bugs)
Version:	trunk
Hardware:	PC Linux

Importance:	P enhancement
Assignee:	Sanjay Patel

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-06-24 15:44 PDT by Chengnian Sun
Modified:	2021-07-26 07:58 PDT (History)
CC List:	6 users (show)

See Also:	51200
Fixed By Commit(s):	7414bbebc289

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chengnian Sun 2021-06-24 15:44:04 PDT

$ clang-trunk -v
clang version 13.0.0 (https://github.com/llvm/llvm-project.git 24d48d45cc302a6abeab139d87ba87f7a2335323)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/cnsun/usr/bin
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Candidate multilib: x32;@mx32
Selected multilib: .;@m64

$ cat mutant.c
void *calloc(__SIZE_TYPE__, x7);
x7() {
  int md = calloc(1, 1);
  return md;
}

$ clang-trunk -O1 mutant.c
mutant.c:1:29: warning: type specifier missing, defaults to 'int' [-Wimplicit-int]
void *calloc(__SIZE_TYPE__, x7);
                            ^
mutant.c:1:7: warning: incompatible redeclaration of library function 'calloc' [-Wincompatible-library-redeclaration]
void *calloc(__SIZE_TYPE__, x7);
      ^
mutant.c:1:7: note: 'calloc' is a builtin with type 'void *(unsigned long, unsigned long)'
mutant.c:2:1: warning: type specifier missing, defaults to 'int' [-Wimplicit-int]
x7() {
^
mutant.c:3:7: warning: incompatible pointer to integer conversion initializing 'int' with an expression of type 'void *' [-Wint-conversion]
  int md = calloc(1, 1);
      ^    ~~~~~~~~~~~~
clang-13: /tmp/tmp.nPuVKAIgXI-clang-builder/llvm-project/llvm/lib/Support/APInt.cpp:231: llvm::APInt llvm::APInt::operator*(const llvm::APInt&) const: Assertion `BitWidth == RHS.BitWidth && "Bit widths must be the same"' failed.
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: /scratch/software/clang-trunk/bin/clang-13 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj --mrelax-relocations -disable-free -main-file-name mutant.c -mrelocation-model static -mframe-pointer=none -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/scratch/cnsun/workspace/perses-fuzzer/default_c_finding_folder/crash_20210624_092016_02f1/delta/perses_result -resource-dir /scratch/software/clang-trunk/lib/clang/13.0.0 -c-isystem . -c-isystem /usr/local/include/cmsith -internal-isystem /scratch/software/clang-trunk/lib/clang/13.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O1 -fdebug-compilation-dir=/scratch/cnsun/workspace/perses-fuzzer/default_c_finding_folder/crash_20210624_092016_02f1/delta/perses_result -ferror-limit 19 -fgnuc-version=4.2.1 -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/mutant-f571ba.o -x c mutant.c
1.	<eof> parser at end of file
2.	Optimizer
 #0 0x0000559a7d99c274 PrintStackTraceSignalHandler(void*) Signals.cpp:0:0
 #1 0x0000559a7d999a2e SignalHandler(int) Signals.cpp:0:0
 #2 0x00007f061ae0a3c0 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x153c0)
 #3 0x00007f061a8a918b raise /build/glibc-ZN95T4/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
 #4 0x00007f061a888859 abort /build/glibc-ZN95T4/glibc-2.31/stdlib/abort.c:81:7
 #5 0x00007f061a888729 get_sysdep_segment_value /build/glibc-ZN95T4/glibc-2.31/intl/loadmsgcat.c:509:8
 #6 0x00007f061a888729 _nl_load_domain /build/glibc-ZN95T4/glibc-2.31/intl/loadmsgcat.c:970:34
 #7 0x00007f061a899f36 (/lib/x86_64-linux-gnu/libc.so.6+0x36f36)
 #8 0x0000559a7d8c0691 (/scratch/software/clang-trunk/bin/clang-13+0x3874691)
 #9 0x0000559a7d8c6628 llvm::APInt::umul_ov(llvm::APInt const&, bool&) const (/scratch/software/clang-trunk/bin/clang-13+0x387a628)
#10 0x0000559a7d34a1c4 llvm::InstCombinerImpl::annotateAnyAllocSite(llvm::CallBase&, llvm::TargetLibraryInfo const*) (/scratch/software/clang-trunk/bin/clang-13+0x32fe1c4)
#11 0x0000559a7d3502af llvm::InstCombinerImpl::visitCallBase(llvm::CallBase&) (/scratch/software/clang-trunk/bin/clang-13+0x33042af)
#12 0x0000559a7d35240c llvm::InstCombinerImpl::visitCallInst(llvm::CallInst&) (/scratch/software/clang-trunk/bin/clang-13+0x330640c)
#13 0x0000559a7d30fbf8 llvm::InstCombinerImpl::run() (/scratch/software/clang-trunk/bin/clang-13+0x32c3bf8)
#14 0x0000559a7d312333 combineInstructionsOverFunction(llvm::Function&, llvm::InstCombineWorklist&, llvm::AAResults*, llvm::AssumptionCache&, llvm::TargetLibraryInfo&, llvm::TargetTransformInfo&, llvm::DominatorTree&, llvm::OptimizationRemarkEmitter&, llvm::BlockFrequencyInfo*, llvm::ProfileSummaryInfo*, unsigned int, llvm::LoopInfo*) InstructionCombining.cpp:0:0
#15 0x0000559a7d314391 llvm::InstCombinePass::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/scratch/software/clang-trunk/bin/clang-13+0x32c8391)
#16 0x0000559a7eb747d6 llvm::detail::PassModel<llvm::Function, llvm::InstCombinePass, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/scratch/software/clang-trunk/bin/clang-13+0x4b287d6)
#17 0x0000559a7d0d75c6 llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/scratch/software/clang-trunk/bin/clang-13+0x308b5c6)
#18 0x0000559a7b5732a6 llvm::detail::PassModel<llvm::Function, llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function> >, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/scratch/software/clang-trunk/bin/clang-13+0x15272a6)
#19 0x0000559a7d0d60e9 llvm::ModuleToFunctionPassAdaptor::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/scratch/software/clang-trunk/bin/clang-13+0x308a0e9)
#20 0x0000559a7b573b16 llvm::detail::PassModel<llvm::Module, llvm::ModuleToFunctionPassAdaptor, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/scratch/software/clang-trunk/bin/clang-13+0x1527b16)
#21 0x0000559a7d0d39cf llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/scratch/software/clang-trunk/bin/clang-13+0x30879cf)
#22 0x0000559a7dcccbfd (anonymous namespace)::EmitAssemblyHelper::EmitAssemblyWithNewPassManager(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) BackendUtil.cpp:0:0
#23 0x0000559a7dccfe7d clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) (/scratch/software/clang-trunk/bin/clang-13+0x3c83e7d)
#24 0x0000559a7eafa44f clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/scratch/software/clang-trunk/bin/clang-13+0x4aae44f)
#25 0x0000559a7fbb1e49 clang::ParseAST(clang::Sema&, bool, bool) (/scratch/software/clang-trunk/bin/clang-13+0x5b65e49)
#26 0x0000559a7eaf8f98 clang::CodeGenAction::ExecuteAction() (/scratch/software/clang-trunk/bin/clang-13+0x4aacf98)
#27 0x0000559a7e3a7e79 clang::FrontendAction::Execute() (/scratch/software/clang-trunk/bin/clang-13+0x435be79)
#28 0x0000559a7e33b0c6 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/scratch/software/clang-trunk/bin/clang-13+0x42ef0c6)
#29 0x0000559a7e485d00 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/scratch/software/clang-trunk/bin/clang-13+0x4439d00)
#30 0x0000559a7b2acb06 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/scratch/software/clang-trunk/bin/clang-13+0x1260b06)
#31 0x0000559a7b2a8e48 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0
#32 0x0000559a7b1d60c6 main (/scratch/software/clang-trunk/bin/clang-13+0x118a0c6)
#33 0x00007f061a88a0b3 __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:342:3
#34 0x0000559a7b2a89be _start (/scratch/software/clang-trunk/bin/clang-13+0x125c9be)
clang-13: error: unable to execute command: Aborted (core dumped)
clang-13: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 13.0.0 (https://github.com/llvm/llvm-project.git 24d48d45cc302a6abeab139d87ba87f7a2335323)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/cnsun/usr/bin
clang-13: note: diagnostic msg:
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-13: note: diagnostic msg: /tmp/mutant-32ab84.c
clang-13: note: diagnostic msg: /tmp/mutant-32ab84.sh
clang-13: note: diagnostic msg:

********************

Comment 1 Sanjay Patel 2021-06-25 06:59:56 PDT

The crash is in instcombine, so changing component.

Seems like we need to do a better job of vetting the function signature. We don't expect the arguments of calloc to have different types:

define void @x7() {
  %call = call i8* @calloc(i64 1, i32 1)
  ret void
}

declare i8* @calloc(i64, i32) #2

Comment 2 Sanjay Patel 2021-06-25 10:23:05 PDT

The library call matching is a mess - we need a fix before the fix:
https://reviews.llvm.org/rG1076b6c4f022

Comment 3 Sanjay Patel 2021-06-27 05:44:33 PDT

https://reviews.llvm.org/rG7414bbebc289