50885 – ICE on valid code with -O1: computeKnownBits(const llvm::Value*, const llvm::APInt&, llvm::KnownBits&, unsigned int, const {anonymous}::Query&): Assertion `(Ty->isIntOrIntVectorTy(BitWidth) || Ty->isPtrOrPtrVectorTy()) && "Not integer or pointer type!"'

LLVM Bugzilla is read-only and represents the historical archive of all LLVM issues filled before November 26, 2021. Use github to submit LLVM bugs

Bug 50885 - ICE on valid code with -O1: computeKnownBits(const llvm::Value*, const llvm::APInt&, llvm::KnownBits&, unsigned int, const {anonymous}::Query&): Assertion `(Ty->isIntOrIntVectorTy(BitWidth) || Ty->isPtrOrPtrVectorTy()) && "Not integer or pointer type!"'

Summary: ICE on valid code with -O1: computeKnownBits(const llvm::Value*, const llvm::...

Status:	RESOLVED FIXED

Alias:	None

Product:	libraries
Classification:	Unclassified
Component:	Transformation Utilities (show other bugs)
Version:	trunk
Hardware:	PC Linux

Importance:	P enhancement
Assignee:	Unassigned LLVM Bugs

URL:
Keywords:

Depends on:
Blocks:	release-13.0.1
	Show dependency tree

Reported:	2021-06-26 12:43 PDT by Chengnian Sun
Modified:	2021-10-11 20:29 PDT (History)
CC List:	7 users (show)

See Also:
Fixed By Commit(s):	7f5555776513 d6974c010878

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chengnian Sun 2021-06-26 12:43:08 PDT

$ clang-trunk -v
clang version 13.0.0 (https://github.com/llvm/llvm-project.git 2e9c75daffddd65e37c3236708b5b133e6f5f2f5)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/cnsun/usr/bin
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Candidate multilib: x32;@mx32
Selected multilib: .;@m64

$ cat mutant.c
extern snprintf(char *, double, const *);
fill(buf, len) { snprintf(buf, len, "%s: %d"); }

$ clang-trunk -O1 mutant.c
mutant.c:1:40: warning: type specifier missing, defaults to 'int' [-Wimplicit-int]
extern snprintf(char *, double, const *);
                                ~~~~~  ^
mutant.c:1:8: warning: type specifier missing, defaults to 'int' [-Wimplicit-int]
extern snprintf(char *, double, const *);
~~~~~~ ^
mutant.c:1:8: warning: incompatible redeclaration of library function 'snprintf' [-Wincompatible-library-redeclaration]
mutant.c:1:8: note: 'snprintf' is a builtin with type 'int (char *, unsigned long, const char *, ...)'
mutant.c:2:1: warning: type specifier missing, defaults to 'int' [-Wimplicit-int]
fill(buf, len) { snprintf(buf, len, "%s: %d"); }
^
mutant.c:2:27: warning: incompatible integer to pointer conversion passing 'int' to parameter of type 'char *' [-Wint-conversion]
fill(buf, len) { snprintf(buf, len, "%s: %d"); }
                          ^~~
mutant.c:1:23: note: passing argument to parameter here
extern snprintf(char *, double, const *);
                      ^
mutant.c:2:37: warning: incompatible pointer types passing 'char [7]' to parameter of type 'const int *' [-Wincompatible-pointer-types]
fill(buf, len) { snprintf(buf, len, "%s: %d"); }
                                    ^~~~~~~~
mutant.c:1:40: note: passing argument to parameter here
extern snprintf(char *, double, const *);
                                       ^
mutant.c:2:48: warning: non-void function does not return a value [-Wreturn-type]
fill(buf, len) { snprintf(buf, len, "%s: %d"); }
                                               ^
clang-13: /tmp/tmp.xjN6dMkdrg-clang-builder/llvm-project/llvm/lib/Analysis/ValueTracking.cpp:1855: void computeKnownBits(const llvm::Value*, const llvm::APInt&, llvm::KnownBits&, unsigned int, const {anonymous}::Query&): Assertion `(Ty->isIntOrIntVectorTy(BitWidth) || Ty->isPtrOrPtrVectorTy()) && "Not integer or pointer type!"' failed.
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: /scratch/software/clang-trunk/bin/clang-13 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj --mrelax-relocations -disable-free -main-file-name mutant.c -mrelocation-model static -mframe-pointer=none -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/scratch/cnsun/workspace/perses-fuzzer/default_c_finding_folder/crash_20210626_112833_0777/delta/perses_result -resource-dir /scratch/software/clang-trunk/lib/clang/13.0.0 -c-isystem . -c-isystem /usr/local/include/cmsith -internal-isystem /scratch/software/clang-trunk/lib/clang/13.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O1 -fdebug-compilation-dir=/scratch/cnsun/workspace/perses-fuzzer/default_c_finding_folder/crash_20210626_112833_0777/delta/perses_result -ferror-limit 19 -fgnuc-version=4.2.1 -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/mutant-250347.o -x c mutant.c
1.	<eof> parser at end of file
2.	Optimizer
 #0 0x000055dafc17c184 PrintStackTraceSignalHandler(void*) Signals.cpp:0:0
 #1 0x000055dafc17993e SignalHandler(int) Signals.cpp:0:0
 #2 0x00007f60060ac3c0 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x153c0)
 #3 0x00007f6005b4b18b raise /build/glibc-ZN95T4/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
 #4 0x00007f6005b2a859 abort /build/glibc-ZN95T4/glibc-2.31/stdlib/abort.c:81:7
 #5 0x00007f6005b2a729 get_sysdep_segment_value /build/glibc-ZN95T4/glibc-2.31/intl/loadmsgcat.c:509:8
 #6 0x00007f6005b2a729 _nl_load_domain /build/glibc-ZN95T4/glibc-2.31/intl/loadmsgcat.c:970:34
 #7 0x00007f6005b3bf36 (/lib/x86_64-linux-gnu/libc.so.6+0x36f36)
 #8 0x000055dafb1bee5a computeKnownBits(llvm::Value const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
 #9 0x000055dafb1c2f49 isKnownNonZero(llvm::Value const*, llvm::APInt const&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#10 0x000055dafb1c474d isKnownNonZero(llvm::Value const*, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#11 0x000055dafb1c4817 llvm::isKnownNonZero(llvm::Value const*, llvm::DataLayout const&, unsigned int, llvm::AssumptionCache*, llvm::Instruction const*, llvm::DominatorTree const*, bool) (/scratch/software/clang-trunk/bin/clang-13+0x29a3817)
#12 0x000055dafc32dfea llvm::LibCallSimplifier::optimizeSnPrintF(llvm::CallInst*, llvm::IRBuilderBase&) (/scratch/software/clang-trunk/bin/clang-13+0x3b0cfea)
#13 0x000055dafc33afc0 llvm::LibCallSimplifier::optimizeCall(llvm::CallInst*, llvm::IRBuilderBase&) (/scratch/software/clang-trunk/bin/clang-13+0x3b19fc0)
#14 0x000055dafbb2ab82 llvm::InstCombinerImpl::tryOptimizeCall(llvm::CallInst*) (/scratch/software/clang-trunk/bin/clang-13+0x3309b82)
#15 0x000055dafbb2f89c llvm::InstCombinerImpl::visitCallBase(llvm::CallBase&) (/scratch/software/clang-trunk/bin/clang-13+0x330e89c)
#16 0x000055dafbb3174c llvm::InstCombinerImpl::visitCallInst(llvm::CallInst&) (/scratch/software/clang-trunk/bin/clang-13+0x331074c)
#17 0x000055dafbaeefa8 llvm::InstCombinerImpl::run() (/scratch/software/clang-trunk/bin/clang-13+0x32cdfa8)
#18 0x000055dafbaf16e3 combineInstructionsOverFunction(llvm::Function&, llvm::InstCombineWorklist&, llvm::AAResults*, llvm::AssumptionCache&, llvm::TargetLibraryInfo&, llvm::TargetTransformInfo&, llvm::DominatorTree&, llvm::OptimizationRemarkEmitter&, llvm::BlockFrequencyInfo*, llvm::ProfileSummaryInfo*, unsigned int, llvm::LoopInfo*) InstructionCombining.cpp:0:0
#19 0x000055dafbaf3741 llvm::InstCombinePass::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/scratch/software/clang-trunk/bin/clang-13+0x32d2741)
#20 0x000055dafd354456 llvm::detail::PassModel<llvm::Function, llvm::InstCombinePass, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/scratch/software/clang-trunk/bin/clang-13+0x4b33456)
#21 0x000055dafb8b84d6 llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/scratch/software/clang-trunk/bin/clang-13+0x30974d6)
#22 0x000055daf9d4d836 llvm::detail::PassModel<llvm::Function, llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function> >, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/scratch/software/clang-trunk/bin/clang-13+0x152c836)
#23 0x000055dafb8b6ff9 llvm::ModuleToFunctionPassAdaptor::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/scratch/software/clang-trunk/bin/clang-13+0x3095ff9)
#24 0x000055daf9d4e0a6 llvm::detail::PassModel<llvm::Module, llvm::ModuleToFunctionPassAdaptor, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/scratch/software/clang-trunk/bin/clang-13+0x152d0a6)
#25 0x000055dafb8b48df llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/scratch/software/clang-trunk/bin/clang-13+0x30938df)
#26 0x000055dafc4ad6ad (anonymous namespace)::EmitAssemblyHelper::EmitAssemblyWithNewPassManager(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) BackendUtil.cpp:0:0
#27 0x000055dafc4b092d clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) (/scratch/software/clang-trunk/bin/clang-13+0x3c8f92d)
#28 0x000055dafd2d9e1f clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/scratch/software/clang-trunk/bin/clang-13+0x4ab8e1f)
#29 0x000055dafe3914d9 clang::ParseAST(clang::Sema&, bool, bool) (/scratch/software/clang-trunk/bin/clang-13+0x5b704d9)
#30 0x000055dafd2d8968 clang::CodeGenAction::ExecuteAction() (/scratch/software/clang-trunk/bin/clang-13+0x4ab7968)
#31 0x000055dafcb88599 clang::FrontendAction::Execute() (/scratch/software/clang-trunk/bin/clang-13+0x4367599)
#32 0x000055dafcb1b7e6 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/scratch/software/clang-trunk/bin/clang-13+0x42fa7e6)
#33 0x000055dafcc66480 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/scratch/software/clang-trunk/bin/clang-13+0x4445480)
#34 0x000055daf9a86696 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/scratch/software/clang-trunk/bin/clang-13+0x1265696)
#35 0x000055daf9a829d8 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0
#36 0x000055daf99b00e6 main (/scratch/software/clang-trunk/bin/clang-13+0x118f0e6)
#37 0x00007f6005b2c0b3 __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:342:3
#38 0x000055daf9a8254e _start (/scratch/software/clang-trunk/bin/clang-13+0x126154e)
clang-13: error: unable to execute command: Aborted (core dumped)
clang-13: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 13.0.0 (https://github.com/llvm/llvm-project.git 2e9c75daffddd65e37c3236708b5b133e6f5f2f5)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/cnsun/usr/bin
clang-13: note: diagnostic msg:
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-13: note: diagnostic msg: /tmp/mutant-5ed6a0.c
clang-13: note: diagnostic msg: /tmp/mutant-5ed6a0.sh
clang-13: note: diagnostic msg:

********************

Comment 1 Simon Pilgrim 2021-07-08 05:02:35 PDT

Reduced: 

define i32 @PR50885(i32 %buf, double %len, i32 * %str) {
  %call = call i32 @snprintf(i8* undef, double %len, i32* %str)
  ret i32 %call
}
declare i32 @snprintf(i8*, double, i32*)

It looks like we're not correctly checking the snprintf libcall signature, so the double arg is incorrectly assumed to be size_t.

Comment 2 Simon Pilgrim 2021-07-08 05:03:35 PDT

opt fuzz.ll -S -instcombine -o -

Assertion failed: (Ty->isIntOrIntVectorTy(BitWidth) || Ty->isPtrOrPtrVectorTy()) && "Not integer or pointer type!", file E:\llvm\llvm-project\llvm\lib\Analysis\ValueTracking.cpp, line 1857

Comment 3 Sanjay Patel 2021-07-31 12:22:21 PDT

https://reviews.llvm.org/rG7f5555776513

Leaving open to block release 13.0 branch.

Comment 4 Tom Stellard 2021-08-02 23:05:53 PDT

Merged: d6974c010878