clang-20 crashed with alias attribute and constructor attribute at -O1 and above. Assertion `Val && "isa<> used on a null pointer"' failed.

[iamanonymouscs]

clang-20 crashed with alias attribute and constructor attribute at -O1 and above.

Compiler explorer: https://godbolt.org/z/5bqxWjPE5

$cat mutant.c
int a() __attribute__((alias("foo")));
void foo() {}
int __attribute__((constructor)) main() { return a(); }

Also crashed at Clang-19.

$clang-19 -O1 mutant.c
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /usr/lib/llvm-19/bin/clang -cc1 -triple x86_64-pc-linux-gnu -emit-obj -dumpdir a- -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name mutant.c -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/home/code/reduce -fcoverage-compilation-dir=/home/code/reduce -resource-dir /usr/lib/llvm-19/lib/clang/19 -internal-isystem /usr/lib/llvm-19/lib/clang/19/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/11/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O1 -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fcolor-diagnostics -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/mutant-b4e528.o -x c mutant.c
1.      <eof> parser at end of file
2.      Optimizer
3.      Running pass "globalopt" on module "mutant.c"
 #0 0x00007fd9274c7246 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0xea7246)
 #1 0x00007fd9274c4e20 llvm::sys::RunSignalHandlers() (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0xea4e20)
 #2 0x00007fd9274c790b (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0xea790b)
 #3 0x00007fd9260ff520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #4 0x00007fd92898d6d2 (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0x236d6d2)
 #5 0x00007fd92898da27 llvm::ConstantFoldConstant(llvm::Constant const*, llvm::DataLayout const&, llvm::TargetLibraryInfo const*) (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0x236da27)
 #6 0x00007fd9280dc480 llvm::Evaluator::EvaluateBlock(llvm::ilist_iterator_w_bits<llvm::ilist_detail::node_options<llvm::Instruction, false, false, void, true, llvm::BasicBlock>, false, false>, llvm::BasicBlock*&, bool&) (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0x1abc480)
 #7 0x00007fd9280dd062 llvm::Evaluator::EvaluateFunction(llvm::Function*, llvm::Constant*&, llvm::SmallVectorImpl<llvm::Constant*> const&) (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0x1abd062)
 #8 0x00007fd92868c5d0 (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0x206c5d0)
 #9 0x00007fd9280caae8 llvm::optimizeGlobalCtorsList(llvm::Module&, llvm::function_ref<bool (unsigned int, llvm::Function*)>) (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0x1aaaae8)
#10 0x00007fd928684442 llvm::GlobalOptPass::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0x2064442)
#11 0x00007fd92a78822d (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0x416822d)
#12 0x00007fd92764cb99 llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0x102cb99)
#13 0x00007fd92ffda091 (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x1e28091)
#14 0x00007fd92ffd293b clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, llvm::IntrusiveRefCntPtr<llvm::vfs::FileSystem>, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>, clang::BackendConsumer*) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x1e2093b)
#15 0x00007fd930378132 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x21c6132)
#16 0x00007fd92ede1739 clang::ParseAST(clang::Sema&, bool, bool) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0xc2f739)
#17 0x00007fd930e740b5 clang::FrontendAction::Execute() (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2cc20b5)
#18 0x00007fd930de42f4 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2c322f4)
#19 0x00007fd930ef0dee clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2d3edee)
#20 0x0000562ddfad5bc5 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/usr/lib/llvm-19/bin/clang+0x11bc5)
#21 0x0000562ddfad2ad5 (/usr/lib/llvm-19/bin/clang+0xead5)
#22 0x0000562ddfad1c9b clang_main(int, char**, llvm::ToolContext const&) (/usr/lib/llvm-19/bin/clang+0xdc9b)
#23 0x0000562ddfadff36 main (/usr/lib/llvm-19/bin/clang+0x1bf36)
#24 0x00007fd9260e6d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
#25 0x00007fd9260e6e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
#26 0x0000562ddfad0765 _start (/usr/lib/llvm-19/bin/clang+0xc765)
clang: error: unable to execute command: Segmentation fault (core dumped)
clang: error: clang frontend command failed due to signal (use -v to see invocation)
Ubuntu clang version 19.0.0 (++20240722031324+65825cd5431c-1~exp1~20240722151445.1819)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/lib/llvm-19/bin
clang: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang: note: diagnostic msg: /tmp/mutant-91e178.c
clang: note: diagnostic msg: /tmp/mutant-91e178.sh
clang: note: diagnostic msg: 

********************

[AaronBallman]

Crash seems to have started happening around Clang 15 timeframe: https://godbolt.org/z/cszPs9xnP

[VedantParanjape]

Crash seems to have started happening around Clang 15 timeframe: https://godbolt.org/z/cszPs9xnP

Reproducible with this IR as well! opt -passes=globalopt

; *** IR Dump Before GlobalOptPass on [module] ***
; ModuleID = '<source>'
source_filename = "<source>"
target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-i128:128-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"

@llvm.global_ctors = appending global [1 x { i32, ptr, ptr }] [{ i32, ptr, ptr } { i32 65535, ptr @main, ptr null }]

@a = dso_local alias i32 (...), ptr @foo

; Function Attrs: nounwind uwtable
define dso_local void @foo() #0 !dbg !9 {
entry:
  ret void, !dbg !13
}

; Function Attrs: nounwind uwtable
define dso_local i32 @main() #0 !dbg !14 {
entry:
  %call = call i32 (...) @a(), !dbg !18
  ret i32 %call, !dbg !19
}

attributes #0 = { nounwind uwtable "min-legal-vector-width"="0" "no-trapping-math"="true" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+cmov,+cx8,+fxsr,+mmx,+sse,+sse2,+x87" "tune-cpu"="generic" }

!llvm.dbg.cu = !{!0}
!llvm.module.flags = !{!2, !3, !4, !5, !6, !7}
!llvm.ident = !{!8}

!0 = distinct !DICompileUnit(language: DW_LANG_C11, file: !1, producer: "clang version 20.0.0git (https://github.com/llvm/llvm-project.git 01d233ff403823389f8480897e41aea84ecbb3d3)", isOptimized: true, runtimeVersion: 0, emissionKind: FullDebug, splitDebugInlining: false, nameTableKind: None)
!1 = !DIFile(filename: "<source>", directory: "/app")
!2 = !{i32 7, !"Dwarf Version", i32 4}
!3 = !{i32 2, !"Debug Info Version", i32 3}
!4 = !{i32 1, !"wchar_size", i32 4}
!5 = !{i32 8, !"PIC Level", i32 2}
!6 = !{i32 7, !"PIE Level", i32 2}
!7 = !{i32 7, !"uwtable", i32 2}
!8 = !{!"clang version 20.0.0git (https://github.com/llvm/llvm-project.git 01d233ff403823389f8480897e41aea84ecbb3d3)"}
!9 = distinct !DISubprogram(name: "foo", scope: !10, file: !10, line: 2, type: !11, scopeLine: 2, flags: DIFlagAllCallsDescribed, spFlags: DISPFlagDefinition | DISPFlagOptimized, unit: !0)
!10 = !DIFile(filename: "example.c", directory: "/app")
!11 = !DISubroutineType(types: !12)
!12 = !{null}
!13 = !DILocation(line: 2, column: 13, scope: !9)
!14 = distinct !DISubprogram(name: "main", scope: !10, file: !10, line: 3, type: !15, scopeLine: 3, flags: DIFlagAllCallsDescribed, spFlags: DISPFlagDefinition | DISPFlagOptimized, unit: !0)
!15 = !DISubroutineType(types: !16)
!16 = !{!17}
!17 = !DIBasicType(name: "int", size: 32, encoding: DW_ATE_signed)
!18 = !DILocation(line: 3, column: 50, scope: !14)
!19 = !DILocation(line: 3, column: 43, scope: !14)

[VedantParanjape]

Crash seems to have started happening around Clang 15 timeframe: https://godbolt.org/z/cszPs9xnP

I looked at the GlobalOpt and Evaluator class, basically the two differing return types of foo and a, even though they are aliasing causes issues while getting global constants.

https://github.com/llvm/llvm-project/blob/627b8f87e2c499c62df2e9bd6048f795fd085545/llvm/lib/Transforms/Utils/Evaluator.cpp#L609

InstResult is nullptr here as it is not set at this point.

https://github.com/llvm/llvm-project/blob/627b8f87e2c499c62df2e9bd6048f795fd085545/llvm/lib/Transforms/Utils/Evaluator.cpp#L547

Before this, the call to evaluateFunction falls through here, there's a check below to see if return value is void ty

https://github.com/llvm/llvm-project/blob/627b8f87e2c499c62df2e9bd6048f795fd085545/llvm/lib/Transforms/Utils/Evaluator.cpp#L666