search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
29.43k stars 12.16k forks source link

[middle-end] Crash in llvm::scc_begin #118169

Open FFreestanding opened 3 days ago

FFreestanding commented 3 days ago

Description

version: llvm-19.1.4, llvm-13 path: llvm-19.1.4/llvm/include/llvm/ADT/SCCIterator.h call scc_begin when the llvm::Function is declaration, will trigger crash F is a decaration: declare i32 @printf(ptr noundef, ...) #1

 for (scc_iterator<Function *> I = llvm::scc_begin(&F),
                                  IE = llvm::scc_end(&F);
         I != IE; ++I)
  static scc_iterator begin(const GraphT &G) {
      return scc_iterator(GT::getEntryNode(G));
  }

GT::getEntryNode(G) will return a invalid NodeRef

template <> struct GraphTraits<Function *> : public GraphTraits<BasicBlock *> {
  static NodeRef getEntryNode(Function *F) {
    return &F->getEntryBlock();
  }

DFSVisitOne will use it

  scc_iterator(NodeRef entryN) : visitNum(0) {
    DFSVisitOne(entryN);
    GetNextSCC();
  }

N is invalid, visit nodeVisitNumbers[N] will crash

template <class GraphT, class GT>
void scc_iterator<GraphT, GT>::DFSVisitOne(NodeRef N) {
  ++visitNum;
  nodeVisitNumbers[N] = visitNum;
  SCCNodeStack.push_back(N);
  VisitStack.push_back(StackElement(N, GT::child_begin(N), visitNum));
#if 0 // Enable if needed when debugging.
  dbgs() << "TarjanSCC: Node " << N <<
        " : visitNum = " << visitNum << "\n";
#endif
}

Testcase

test.ll

; ModuleID = 'test.c'
source_filename = "test.c"
target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-i128:128-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"

@.str = private unnamed_addr constant [8 x i8] c"func a\0A\00", align 1
@.str.1 = private unnamed_addr constant [8 x i8] c"func b\0A\00", align 1
@.str.2 = private unnamed_addr constant [5 x i8] c"end\0A\00", align 1

; Function Attrs: noinline nounwind optnone uwtable
define dso_local void @a() #0 {
  %1 = call i32 (ptr, ...) @printf(ptr noundef @.str)
  ret void
}

declare i32 @printf(ptr noundef, ...) #1

; Function Attrs: noinline nounwind optnone uwtable
define dso_local void @b() #0 {
  %1 = call i32 (ptr, ...) @printf(ptr noundef @.str.1)
  ret void
}

; Function Attrs: noinline nounwind optnone uwtable
define dso_local i32 @main() #0 {
  %1 = alloca i32, align 4
  %2 = alloca i32, align 4
  store i32 0, ptr %1, align 4
  store i32 1, ptr %2, align 4
  call void @b()
  %3 = load i32, ptr %2, align 4
  %4 = icmp sgt i32 %3, 0
  br i1 %4, label %5, label %11

5:                                                ; preds = %0
  %6 = load i32, ptr %2, align 4
  %7 = icmp sgt i32 %6, -1
  br i1 %7, label %8, label %9

8:                                                ; preds = %5
  call void @b()
  store i32 1, ptr %1, align 4
  br label %18

9:                                                ; preds = %5
  br label %10

10:                                               ; preds = %15, %9
  call void @a()
  br label %16

11:                                               ; preds = %0
  %12 = load i32, ptr %2, align 4
  %13 = icmp slt i32 %12, -1
  br i1 %13, label %14, label %15

14:                                               ; preds = %11
  br label %16

15:                                               ; preds = %11
  br label %10

16:                                               ; preds = %14, %10
  %17 = call i32 (ptr, ...) @printf(ptr noundef @.str.2)
  br label %18

18:                                               ; preds = %16, %8
  %19 = load i32, ptr %1, align 4
  ret i32 %19
}

attributes #0 = { noinline nounwind optnone uwtable "frame-pointer"="all" "min-legal-vector-width"="0" "no-trapping-math"="true" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+cmov,+cx8,+fxsr,+mmx,+sse,+sse2,+x87" "tune-cpu"="generic" }
attributes #1 = { "frame-pointer"="all" "no-trapping-math"="true" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+cmov,+cx8,+fxsr,+mmx,+sse,+sse2,+x87" "tune-cpu"="generic" }

!llvm.module.flags = !{!0, !1, !2, !3, !4}
!llvm.ident = !{!5}

!0 = !{i32 1, !"wchar_size", i32 4}
!1 = !{i32 8, !"PIC Level", i32 2}
!2 = !{i32 7, !"PIE Level", i32 2}
!3 = !{i32 7, !"uwtable", i32 2}
!4 = !{i32 7, !"frame-pointer", i32 2}
!5 = !{!"clang version 19.1.4"}

llvm pass code

  for (auto &F : M) {
    for (scc_iterator<Function *> I = llvm::scc_begin(&F),
                                  IE = llvm::scc_end(&F);
         I != IE; ++I) {
    }
  }

command

opt -debug-pass-manager -load-pass-plugin=build/xxx/xxx.so -passes=xxx -disable-output test.ll > "test.ll.txt" 2>&1
nikic commented 3 days ago

Does it assert in an assertion-enabled build? This looks like user error to me.

EugeneZelenko commented 3 days ago

Please provide complete stack.

FFreestanding commented 3 days ago

Please provide complete stack.

Thanks. version: llvm-19.1.4

PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.  Program arguments: opt -debug-pass-manager -load-pass-plugin=build/testpass/testpass.so -passes=testpass -disable-output inputs/test/test.ll
1.  Running pass "testpass" on module "inputs/test/test.ll"
 #0 0x00007366b861ab72 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/home/ffreestanding/envs/llvm-19.1.4/build/bin/../lib/libLLVMSupport.so.19.1+0x21ab72)
 #1 0x00007366b861779f llvm::sys::RunSignalHandlers() (/home/ffreestanding/envs/llvm-19.1.4/build/bin/../lib/libLLVMSupport.so.19.1+0x21779f)
 #2 0x00007366b86178e5 SignalHandler(int) Signals.cpp:0:0
 #3 0x00007366b8045320 (/lib/x86_64-linux-gnu/libc.so.6+0x45320)
 #4 0x00007366b809eb1c __pthread_kill_implementation ./nptl/pthread_kill.c:44:76
 #5 0x00007366b809eb1c __pthread_kill_internal ./nptl/pthread_kill.c:78:10
 #6 0x00007366b809eb1c pthread_kill ./nptl/pthread_kill.c:89:10
 #7 0x00007366b804526e raise ./signal/../sysdeps/posix/raise.c:27:6
 #8 0x00007366b80288ff abort ./stdlib/abort.c:81:7
 #9 0x00007366b802881b _nl_load_domain ./intl/loadmsgcat.c:1177:9
#10 0x00007366b803b507 (/lib/x86_64-linux-gnu/libc.so.6+0x3b507)
#11 0x00007366b1fc8cf2 llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::BasicBlock, true, false, void, false, void>, false, false>::operator*() const (build/testpass/testpass.so+0x1c8cf2)
#12 0x00007366b1fc4e25 llvm::simple_ilist<llvm::BasicBlock>::front() (build/testpass/特色他.so+0x1c4e25)
#13 0x00007366b1fc274c llvm::Function::front() (build/testpass/testpass.so+0x1c274c)
#14 0x00007366b1fc272a llvm::Function::getEntryBlock() (build/testpass/testpass.so+0x1c272a)
#15 0x00007366b1fc2861 llvm::GraphTraits<llvm::Function*>::getEntryNode(llvm::Function*) (build/testpass/testpass.so+0x1c2861)
#16 0x00007366b1fcb389 llvm::scc_iterator<llvm::Function*, llvm::GraphTraits<llvm::Function*>>::begin(llvm::Function* const&) (build/testpass/testpass.so+0x1cb389)
#17 0x00007366b1fc68f2 llvm::scc_iterator<llvm::Function*, llvm::GraphTraits<llvm::Function*>> llvm::scc_begin<llvm::Function*>(llvm::Function* const&) (build/testpass/testpass.so+0x1c68f2)
#18 0x00007366b1fbe673 llvm::testpass::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (build/testpass/testpass.so+0x1be673)
#19 0x00007366b1ffbadd llvm::detail::PassModel<llvm::Module, llvm::testpass, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (build/testpass/testpass.so+0x1fbadd)
#20 0x00007366b3d58cd5 llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/home/ffreestanding/envs/llvm-19.1.4/build/bin/../lib/../lib/libLLVMCore.so.19.1+0x358cd5)
#21 0x00007366b8737973 llvm::runPassPipeline(llvm::StringRef, llvm::Module&, llvm::TargetMachine*, llvm::TargetLibraryInfoImpl*, llvm::ToolOutputFile*, llvm::ToolOutputFile*, llvm::ToolOutputFile*, llvm::StringRef, llvm::ArrayRef<llvm::PassPlugin>, llvm::ArrayRef<std::function<void (llvm::PassBuilder&)>>, llvm::opt_tool::OutputKind, llvm::opt_tool::VerifierKind, bool, bool, bool, bool, bool, bool, bool) (/home/ffreestanding/envs/llvm-19.1.4/build/bin/../lib/libLLVMOptDriver.so.19.1+0x2d973)
#22 0x00007366b8743aaa optMain (/home/ffreestanding/envs/llvm-19.1.4/build/bin/../lib/libLLVMOptDriver.so.19.1+0x39aaa)
#23 0x00007366b802a1ca __libc_start_call_main ./csu/../sysdeps/nptl/libc_start_call_main.h:74:3
#24 0x00007366b802a28b call_init ./csu/../csu/libc-start.c:128:20
#25 0x00007366b802a28b __libc_start_main ./csu/../csu/libc-start.c:347:5
#26 0x0000614e81678095 _start (/home/ffreestanding/envs/llvm-19.1.4/build/bin/opt+0x1095)
Aborted (core dumped)
FFreestanding commented 3 days ago

Does it assert in an assertion-enabled build? This looks like user error to me.

It doesn't assert in an assertion-enabled build.