clang: inconsistent compilation / segment fault in ASTContext::getTypeInfo (stack exhaustion) / assertion `Diagnosed && "failed to diagnose bad conversion"' failed

Quuxplusone commented 3 years ago


Bugzilla Link	PR49254
Status	NEW
Importance	P normal
Reported by	Zhuo Zhang (zhan3299@purdue.edu)
Reported on	2021-02-18 14:51:37 -0800
Last modified on	2021-02-19 07:02:47 -0800
Version	trunk
Hardware	PC Linux
CC	htmldeveloper@gmail.com, llvm-bugs@lists.llvm.org, neeilans@live.com, richard-llvm@metafoo.co.uk
Fixed by commit(s)
Attachments
Blocks
Blocked by
See also

Assertion fails on 11.0, 12.0, and trunk.
Following output is from trunk.

$ cat /tmp/test-c1ee08.c
# 1 "<built-in>"
# 1 "test.c"
const int a = 10;
typeof(__builtin_fpclassify(0, 1, 2, 3, __builtin_assume_aligned((const void
*)a, 4), 10.0)) b;

int main() { return b; }

$ cat /tmp/test-c1ee08.sh
# Crash reproducer for clang version 13.0.0 (https://github.com/llvm/llvm-
project.git b006902b2dfac792e8ade73798ca1b216654faf7)
# Driver args: "-x" "c" "-c" "test.c"
# Original command:  "/data/xxx/git/llvm-project/build_trunk/bin/clang-13" "-
cc1" "-triple" "x86_64-unknown-linux-gnu" "-emit-obj" "-mrelax-all" "--mrelax-
relocations" "-disable-free" "-main-file-name" "test.c" "-mrelocation-model"
"static" "-mframe-pointer=all" "-fmath-errno" "-fno-rounding-math" "-
mconstructor-aliases" "-munwind-tables" "-target-cpu" "x86-64" "-tune-cpu"
"generic" "-fno-split-dwarf-inlining" "-debugger-tuning=gdb" "-resource-dir"
"/data/xxx/git/llvm-project/build_trunk/lib/clang/13.0.0" "-internal-isystem"
"/usr/local/include" "-internal-isystem" "/data/xxx/git/llvm-
project/build_trunk/lib/clang/13.0.0/include" "-internal-externc-isystem"
"/usr/include/x86_64-linux-gnu" "-internal-externc-isystem" "/include" "-
internal-externc-isystem" "/usr/include" "-fdebug-compilation-
dir=/data/xxx/docker_share/clang" "-ferror-limit" "19" "-fgnuc-version=4.2.1" "-
fcolor-diagnostics" "-faddrsig" "-o" "test.o" "-x" "c" "test.c"
 "/data/xxx/git/llvm-project/build_trunk/bin/clang-13" "-cc1" "-triple" "x86_64-unknown-linux-gnu" "-emit-obj" "-mrelax-all" "--mrelax-relocations" "-disable-free" "-main-file-name" "test.c" "-mrelocation-model" "static" "-mframe-pointer=all" "-fmath-errno" "-fno-rounding-math" "-mconstructor-aliases" "-munwind-tables" "-target-cpu" "x86-64" "-tune-cpu" "generic" "-fno-split-dwarf-inlining" "-debugger-tuning=gdb" "-fdebug-compilation-dir=/data/xxx/docker_share/clang" "-ferror-limit" "19" "-fgnuc-version=4.2.1" "-fcolor-diagnostics" "-faddrsig" "-x" "c" "test-c1ee08.c"

$ ./clang -x c -c test.c
test.c:2:66: warning: cast to 'const void *' from smaller integer type 'int' [-
Wint-to-void-pointer-cast]
typeof(__builtin_fpclassify(0, 1, 2, 3, __builtin_assume_aligned((const void
*)a, 4), 10.0)) b;
                                                                 ^~~~~~~~~~~~~~~
test.c:2:41: warning: incompatible pointer to integer conversion passing 'void
*' to parameter of type 'int' [-Wint-conversion]
typeof(__builtin_fpclassify(0, 1, 2, 3, __builtin_assume_aligned((const void
*)a, 4), 10.0)) b;
                                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
clang: /home/zhan3299/data/git/llvm-
project/clang/lib/Sema/SemaExprCXX.cpp:4065: clang::ExprResult
clang::Sema::PerformImplicitConversion(clang::Expr *, clang::QualType, const
clang::ImplicitConversionSequence &, clang::Sema::AssignmentAction,
clang::Sema::CheckedConversionKind): Assertion `Diagnosed && "failed to
diagnose bad conversion"' failed.
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash
backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /data/zhan3299/git/llvm-
project/build_trunk/bin/clang -x c -c test.c
1.      test.c:2:91: current parser token ')'
 #0 0x0000000000dfd0a1 __interceptor_backtrace.part.117 asan_interceptors.cc.o:0:0
 #1 0x000000000d7fb43a llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) /home/zhan3299/data/git/llvm-project/llvm/lib/Support/Unix/Signals.inc:561:7
 #2 0x000000000d7f1bc1 llvm::sys::RunSignalHandlers() /home/zhan3299/data/git/llvm-project/llvm/lib/Support/Signals.cpp:72:18
 #3 0x000000000d7f805f llvm::sys::CleanupOnSignal(unsigned long) /home/zhan3299/data/git/llvm-project/llvm/lib/Support/Unix/Signals.inc:0:3
 #4 0x000000000d504245 (anonymous namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long) /home/zhan3299/data/git/llvm-project/llvm/lib/Support/CrashRecoveryContext.cpp:75:5
 #5 0x000000000d504d0c CrashRecoverySignalHandler(int) /home/zhan3299/data/git/llvm-project/llvm/lib/Support/CrashRecoveryContext.cpp:389:1
 #6 0x00007ff88fd158a0 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x128a0)
 #7 0x00007ff88f738f47 raise /build/glibc-2ORdQG/glibc-2.27/signal/../sysdeps/unix/sysv/linux/raise.c:51:0
 #8 0x00007ff88f73a8b1 abort /build/glibc-2ORdQG/glibc-2.27/stdlib/abort.c:81:0
 #9 0x00007ff88f72a42a __assert_fail_base /build/glibc-2ORdQG/glibc-2.27/assert/assert.c:89:0
#10 0x00007ff88f72a4a2 (/lib/x86_64-linux-gnu/libc.so.6+0x304a2)
#11 0x000000001a003292 llvm::isa_impl_wrap<clang::CXXMethodDecl,
clang::FunctionDecl* const, clang::FunctionDecl
const*>::doit(clang::FunctionDecl* const&) /home/zhan3299/data/git/llvm-
project/llvm/include/llvm/Support/Casting.h:123:27
#12 0x000000001a003292 bool llvm::isa<clang::CXXMethodDecl,
clang::FunctionDecl*>(clang::FunctionDecl* const&) /home/zhan3299/data/git/llvm-
project/llvm/include/llvm/Support/Casting.h:142:0
#13 0x000000001a003292 llvm::cast_retty<clang::CXXMethodDecl,
clang::FunctionDecl*>::ret_type llvm::cast<clang::CXXMethodDecl,
clang::FunctionDecl>(clang::FunctionDecl*) /home/zhan3299/data/git/llvm-
project/llvm/include/llvm/Support/Casting.h:269:0
#14 0x000000001a003292 clang::Sema::PerformImplicitConversion(clang::Expr*,
clang::QualType, clang::ImplicitConversionSequence const&,
clang::Sema::AssignmentAction, clang::Sema::CheckedConversionKind)
/home/zhan3299/data/git/llvm-project/clang/lib/Sema/SemaExprCXX.cpp:4032:0
#15 0x000000001ab4e44a clang::Sema::PerformImplicitConversion(clang::Expr*,
clang::QualType, clang::Sema::AssignmentAction, bool)
/home/zhan3299/data/git/llvm-project/clang/lib/Sema/SemaOverload.cpp:1517:10
#16 0x0000000018959f03
clang::Sema::SemaBuiltinFPClassification(clang::CallExpr*, unsigned int)
/home/zhan3299/data/git/llvm-project/clang/lib/Sema/SemaChecking.cpp:5942:22
#17 0x000000001893c002
clang::Sema::CheckBuiltinFunctionCall(clang::FunctionDecl*, unsigned int,
clang::CallExpr*) /home/zhan3299/data/git/llvm-
project/clang/lib/Sema/SemaChecking.cpp:1523:9
#18 0x00000000199455c9 clang::Sema::BuildResolvedCallExpr(clang::Expr*,
clang::NamedDecl*, clang::SourceLocation, llvm::ArrayRef<clang::Expr*>,
clang::SourceLocation, clang::Expr*, bool, clang::CallExpr::ADLCallKind)
/home/zhan3299/data/git/llvm-project/clang/lib/Sema/SemaExpr.cpp:0:37
#19 0x00000000198b5ff2 clang::Sema::BuildCallExpr(clang::Scope*, clang::Expr*,
clang::SourceLocation, llvm::MutableArrayRef<clang::Expr*>,
clang::SourceLocation, clang::Expr*, bool, bool) /home/zhan3299/data/git/llvm-
project/clang/lib/Sema/SemaExpr.cpp:6494:10
#20 0x000000001994232c clang::Sema::ActOnCallExpr(clang::Scope*, clang::Expr*,
clang::SourceLocation, llvm::MutableArrayRef<clang::Expr*>,
clang::SourceLocation, clang::Expr*) /home/zhan3299/data/git/llvm-
project/clang/lib/Sema/SemaExpr.cpp:6317:7
#21 0x0000000018483c37
clang::Parser::ParsePostfixExpressionSuffix(clang::ActionResult<clang::Expr*,
true>) /home/zhan3299/data/git/llvm-
project/clang/lib/Parse/ParseExpr.cpp:2064:23
#22 0x000000001848d936
clang::Parser::ParseCastExpression(clang::Parser::CastParseKind, bool, bool&,
clang::Parser::TypeCastState, bool, bool*) /home/zhan3299/data/git/llvm-
project/clang/lib/Parse/ParseExpr.cpp:1809:7
#23 0x0000000018477884
clang::Parser::ParseCastExpression(clang::Parser::CastParseKind, bool,
clang::Parser::TypeCastState, bool, bool*) /home/zhan3299/data/git/llvm-
project/clang/lib/Parse/ParseExpr.cpp:681:20
#24 0x0000000018477884
clang::Parser::ParseAssignmentExpression(clang::Parser::TypeCastState)
/home/zhan3299/data/git/llvm-project/clang/lib/Parse/ParseExpr.cpp:173:0
#25 0x00000000184a0511
clang::Parser::ParseExpression(clang::Parser::TypeCastState)
/home/zhan3299/data/git/llvm-project/clang/lib/Parse/ParseExpr.cpp:125:10
#26 0x00000000184a0511
clang::Parser::ParseParenExpression(clang::Parser::ParenParseOption&, bool,
bool, clang::OpaquePtr<clang::QualType>&, clang::SourceLocation&)
/home/zhan3299/data/git/llvm-project/clang/lib/Parse/ParseExpr.cpp:3073:0
#27 0x00000000184b5958
clang::Parser::ParseExprAfterUnaryExprOrTypeTrait(clang::Token const&, bool&,
clang::OpaquePtr<clang::QualType>&, clang::SourceRange&)
/home/zhan3299/data/git/llvm-project/clang/lib/Parse/ParseExpr.cpp:2299:15
#28 0x00000000183c2155 clang::Parser::ParseTypeofSpecifier(clang::DeclSpec&)
/home/zhan3299/data/git/llvm-project/clang/lib/Parse/ParseDecl.cpp:7187:7
#29 0x0000000018399617
clang::Parser::ParseDeclarationSpecifiers(clang::DeclSpec&,
clang::Parser::ParsedTemplateInfo const&, clang::AccessSpecifier,
clang::Parser::DeclSpecContext, clang::Parser::LateParsedAttrList*)
/home/zhan3299/data/git/llvm-project/clang/lib/Parse/ParseDecl.cpp:3973:7
#30 0x0000000018323b6d
clang::Parser::ParseDeclOrFunctionDefInternal(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec&, clang::AccessSpecifier) /home/zhan3299/data/git/llvm-
project/clang/lib/Parse/Parser.cpp:1040:3
#31 0x0000000018322237
clang::Parser::ParseDeclarationOrFunctionDefinition(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec*, clang::AccessSpecifier) /home/zhan3299/data/git/llvm-
project/clang/lib/Parse/Parser.cpp:1150:12
#32 0x000000001831f00d
clang::Parser::ParseExternalDeclaration(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec*) /home/zhan3299/data/git/llvm-
project/clang/lib/Parse/Parser.cpp:0:12
#33 0x0000000018317f4e
clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, bool)
/home/zhan3299/data/git/llvm-project/clang/lib/Parse/Parser.cpp:716:10
#34 0x00000000183047f9 clang::ParseAST(clang::Sema&, bool, bool)
/home/zhan3299/data/git/llvm-project/clang/lib/Parse/ParseAST.cpp:157:15
#35 0x00000000105c90c3 clang::ASTFrontendAction::ExecuteAction()
/home/zhan3299/data/git/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1058:1
#36 0x0000000012cff7d9 clang::CodeGenAction::ExecuteAction()
/home/zhan3299/data/git/llvm-project/clang/lib/CodeGen/CodeGenAction.cpp:1082:30
#37 0x00000000105c5efd clang::FrontendAction::Execute()
/home/zhan3299/data/git/llvm-project/clang/lib/Frontend/FrontendAction.cpp:0:8
#38 0x0000000010394e0a llvm::Error::operator bool()
/home/zhan3299/data/git/llvm-project/llvm/include/llvm/Support/Error.h:0:0
#39 0x0000000010394e0a
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
/home/zhan3299/data/git/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:949:0
#40 0x0000000010ac5a2e
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
/home/zhan3299/data/git/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:278:25
#41 0x0000000000e9b85d cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) /home/zhan3299/data/git/llvm-
project/clang/tools/driver/cc1_main.cpp:246:15
#42 0x0000000000e82e17 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&)
/home/zhan3299/data/git/llvm-project/clang/tools/driver/driver.cpp:330:12
#43 0x000000000ff0a39d
clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>
>, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >*, bool*) const::$_1::operator()() const
/home/zhan3299/data/git/llvm-project/clang/lib/Driver/Job.cpp:404:30
#44 0x000000000ff0a39d void llvm::function_ref<void
()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>
>, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >*, bool*) const::$_1>(long) /home/zhan3299/data/git/llvm-
project/llvm/include/llvm/ADT/STLExtras.h:185:0
#45 0x000000000d503de4 llvm::function_ref<void ()>::operator()() const
/home/zhan3299/data/git/llvm-project/llvm/include/llvm/ADT/STLExtras.h:209:12
#46 0x000000000d503de4
llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>)
/home/zhan3299/data/git/llvm-project/llvm/lib/Support/CrashRecoveryContext.cpp:424:0
#47 0x000000000ff08be2
clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>
>, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >*, bool*) const /home/zhan3299/data/git/llvm-
project/clang/lib/Driver/Job.cpp:404:7
#48 0x000000000fdfc32e
clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&,
clang::driver::Command const*&) const /home/zhan3299/data/git/llvm-
project/clang/lib/Driver/Compilation.cpp:195:15
#49 0x000000000fdfcf7c
clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&,
llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) const
/home/zhan3299/data/git/llvm-project/clang/lib/Driver/Compilation.cpp:248:19
#50 0x000000000fe6126a llvm::SmallVectorBase<unsigned int>::empty() const
/home/zhan3299/data/git/llvm-project/llvm/include/llvm/ADT/SmallVector.h:0:0
#51 0x000000000fe6126a
clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&,
llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&)
/home/zhan3299/data/git/llvm-project/clang/lib/Driver/Driver.cpp:1529:0
#52 0x0000000000e7fd4f main /home/zhan3299/data/git/llvm-
project/clang/tools/driver/driver.cpp:502:21
#53 0x00007ff88f71bb97 __libc_start_main /build/glibc-2ORdQG/glibc-
2.27/csu/../csu/libc-start.c:344:0
#54 0x0000000000d7aada _start (/data/zhan3299/git/llvm-
project/build_trunk/bin/clang+0xd7aada)
clang-13: error: clang frontend command failed with exit code 134 (use -v to
see invocation)
clang version 13.0.0 (https://github.com/llvm/llvm-project.git
b006902b2dfac792e8ade73798ca1b216654faf7)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /data/zhan3299/git/llvm-project/build_trunk/bin
clang-13: note: diagnostic msg:
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-13: note: diagnostic msg: /tmp/test-c1ee08.c
clang-13: note: diagnostic msg: /tmp/test-c1ee08.sh
clang-13: note: diagnostic msg:

********************

Quuxplusone commented 3 years ago

It seems a carefully-crafted C program will crash the trunk (and the newest
commit).

The poc file has a very similar nature to
https://bugs.llvm.org/show_bug.cgi?id=49239.

$ cat poc.c
int main() {
    typeof(__builtin_fpclassify(0, 1, 2, 3, __builtin_assume_aligned(({10;}), 4), 10.0)) a = 10;
    return a;
}

$ ./clang -x c poc.c

It does have different behaviors on different version

Latest commit b6db47d7e044730dc3c9b35dae6697eee0885dbf (crash): attached below
Trunk (crash): https://godbolt.org/z/sxsE9e
11.0 (subject program returns 0): https://godbolt.org/z/6s4nv3
10.0 (compilation fails): https://godbolt.org/z/TzMK6n
6.0 - 9.0 (subject program return 10): https://godbolt.org/z/qEvs63

$ /data/xxx/git/llvm-project/build_trunk_update/bin/clang --version
clang version 13.0.0 (https://github.com/llvm/llvm-project.git
b6db47d7e044730dc3c9b35dae6697eee0885dbf)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /data/xxx/git/llvm-project/build_trunk_update/bin

$ ./clang -c -o /tmp/a.out -x c poc.c
poc.c:2:70: warning: incompatible integer to pointer conversion passing 'int'
to parameter of type 'const void *' [-Wint-conversion]
    typeof(__builtin_fpclassify(0, 1, 2, 3, __builtin_assume_aligned(({10;}), 4), 10.0)) a = 10;
                                                                     ^~~~~~~
poc.c:2:45: warning: incompatible pointer to integer conversion passing 'void
*' to parameter of type 'int' [-Wint-conversion]
    typeof(__builtin_fpclassify(0, 1, 2, 3, __builtin_assume_aligned(({10;}), 4), 10.0)) a = 10;
                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[1]    23006 segmentation fault (core dumped)  ./clang -c -o /tmp/a.out

Quuxplusone commented 3 years ago

(In reply to Zhuo Zhang from comment #1)
> It seems a carefully-crafted C program will crash the trunk (and the newest
> commit).
>
> The poc file has a very similar nature to
> https://bugs.llvm.org/show_bug.cgi?id=49239.
>
> $ cat poc.c
> int main() {
>     typeof(__builtin_fpclassify(0, 1, 2, 3,
> __builtin_assume_aligned(({10;}), 4), 10.0)) a = 10;
>     return a;
> }
>
> $ ./clang -x c poc.c
>
> It does have different behaviors on different version
>
> Latest commit b6db47d7e044730dc3c9b35dae6697eee0885dbf (crash): attached
> below
> Trunk (crash): https://godbolt.org/z/sxsE9e
> 11.0 (subject program returns 0): https://godbolt.org/z/6s4nv3
> 10.0 (compilation fails): https://godbolt.org/z/TzMK6n
> 6.0 - 9.0 (subject program return 10): https://godbolt.org/z/qEvs63
>
>
> $ /data/xxx/git/llvm-project/build_trunk_update/bin/clang --version
> clang version 13.0.0 (https://github.com/llvm/llvm-project.git
> b6db47d7e044730dc3c9b35dae6697eee0885dbf)
> Target: x86_64-unknown-linux-gnu
> Thread model: posix
> InstalledDir: /data/xxx/git/llvm-project/build_trunk_update/bin
>
>
> $ ./clang -c -o /tmp/a.out -x c poc.c
> poc.c:2:70: warning: incompatible integer to pointer conversion passing
> 'int' to parameter of type 'const void *' [-Wint-conversion]
>     typeof(__builtin_fpclassify(0, 1, 2, 3,
> __builtin_assume_aligned(({10;}), 4), 10.0)) a = 10;
>                                                                      ^~~~~~~
> poc.c:2:45: warning: incompatible pointer to integer conversion passing
> 'void *' to parameter of type 'int' [-Wint-conversion]
>     typeof(__builtin_fpclassify(0, 1, 2, 3,
> __builtin_assume_aligned(({10;}), 4), 10.0)) a = 10;
>
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> [1]    23006 segmentation fault (core dumped)  ./clang -c -o /tmp/a.out

Oh, I paste the wrong links...

Trunk (crash): https://godbolt.org/z/Eqfq1s
11.0 (subject program returns 0): https://godbolt.org/z/xKcT7e
10.0 (compilation fails): https://godbolt.org/z/4bfGsT
6.0 - 9.0 (subject program return 10): https://godbolt.org/z/v8vYnK

Quuxplusone / LLVMBugzillaTest

clang: inconsistent compilation / segment fault in ASTContext::getTypeInfo (stack exhaustion) / assertion `Diagnosed && "failed to diagnose bad conversion"' failed #48223