ICE: __builtin_mul_overflow breaks on (__int128)1 * -1 -> __uint128


Bugzilla Link	52359
Version	12.0
OS	Linux
Attachments	bugpoint-reduced-simplified.bc
CC	@RKSimon,@zygoloid

Extended Description

The following source file:

int main() {
    __uint128_t r;
    __builtin_mul_overflow((__int128)-1, 1, &r);
}

results in:

$ clang input.c
terminate called after throwing an instance of 'std::logic_error'
  what():  basic_string::_M_construct null not valid
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.  Program arguments: /usr/bin/clang-12 -cc1 -triple x86_64-pc-linux-gnu -emit-obj -mrelax-all --mrelax-relocations -disable-free -disable-llvm-verifier -discard-value-names -main-file-name input.c -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -fno-split-dwarf-inlining -debugger-tuning=gdb -resource-dir /usr/lib/clang/12.0.1 -internal-isystem /usr/local/include -internal-isystem /usr/lib/clang/12.0.1/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -fdebug-compilation-dir /tmp -ferror-limit 19 -stack-protector 2 -fgnuc-version=4.2.1 -fcolor-diagnostics -faddrsig -o /tmp/input-b9d941.o -x c input.c
1.  <eof> parser at end of file
2.  Code generation
3.  Running pass 'Function Pass Manager' on module 'input.c'.
4.  Running pass 'X86 DAG->DAG Instruction Selection' on function '@main'
 #&#8203;0 0x00007f0422420793 (/usr/bin/../lib/libLLVM-12.so+0xb49793)
 #&#8203;1 0x00007f042241de96 (/usr/bin/../lib/libLLVM-12.so+0xb46e96)
 #&#8203;2 0x00007f0421531da0 __restore_rt (/usr/bin/../lib/libc.so.6+0x3cda0)
 #&#8203;3 0x00007f0421531d22 raise (/usr/bin/../lib/libc.so.6+0x3cd22)
 #&#8203;4 0x00007f042151b862 abort (/usr/bin/../lib/libc.so.6+0x26862)
 #&#8203;5 0x00007f042175a802 __gnu_cxx::__verbose_terminate_handler() (.cold) /build/gcc/src/gcc/libstdc++-v3/libsupc++/vterminate.cc:75:10
 #&#8203;6 0x00007f0421766c8a __cxxabiv1::__terminate(void (*)()) /build/gcc/src/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:48:15
 #&#8203;7 0x00007f0421766cf7 (/usr/bin/../lib/libstdc++.so.6+0xa5cf7)
 #&#8203;8 0x00007f0421766f8e (/usr/bin/../lib/libstdc++.so.6+0xa5f8e)
 #&#8203;9 0x00007f042175d36c std::__throw_logic_error(char const*) /build/gcc/src/gcc/libstdc++-v3/src/c++11/functexcept.cc:70:5
#&#8203;10 0x00007f0422d167c7 llvm::SelectionDAG::getTargetExternalSymbol(char const*, llvm::EVT, unsigned int) (/usr/bin/../lib/libLLVM-12.so+0x143f7c7)
#&#8203;11 0x00007f04252d44a1 (/usr/bin/../lib/libLLVM-12.so+0x39fd4a1)
#&#8203;12 0x00007f042538a297 (/usr/bin/../lib/libLLVM-12.so+0x3ab3297)
#&#8203;13 0x00007f0422c904de llvm::TargetLowering::LowerCallTo(llvm::TargetLowering::CallLoweringInfo&) const (/usr/bin/../lib/libLLVM-12.so+0x13b94de)
#&#8203;14 0x00007f0422bf5e4d (/usr/bin/../lib/libLLVM-12.so+0x131ee4d)
#&#8203;15 0x00007f0422c0973d (/usr/bin/../lib/libLLVM-12.so+0x133273d)
#&#8203;16 0x00007f0422c11115 (/usr/bin/../lib/libLLVM-12.so+0x133a115)
#&#8203;17 0x00007f0422c11901 llvm::SelectionDAG::LegalizeTypes() (/usr/bin/../lib/libLLVM-12.so+0x133a901)
#&#8203;18 0x00007f0422d2c216 llvm::SelectionDAGISel::CodeGenAndEmitDAG() (/usr/bin/../lib/libLLVM-12.so+0x1455216)
#&#8203;19 0x00007f0422d2f082 llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) (/usr/bin/../lib/libLLVM-12.so+0x1458082)
#&#8203;20 0x00007f0422d318d9 (/usr/bin/../lib/libLLVM-12.so+0x145a8d9)
#&#8203;21 0x00007f042525338c (/usr/bin/../lib/libLLVM-12.so+0x397c38c)
#&#8203;22 0x00007f04228192a9 llvm::MachineFunctionPass::runOnFunction(llvm::Function&) (/usr/bin/../lib/libLLVM-12.so+0xf422a9)
#&#8203;23 0x00007f042257caf0 llvm::FPPassManager::runOnFunction(llvm::Function&) (/usr/bin/../lib/libLLVM-12.so+0xca5af0)
#&#8203;24 0x00007f042257cc5c llvm::FPPassManager::runOnModule(llvm::Module&) (/usr/bin/../lib/libLLVM-12.so+0xca5c5c)
#&#8203;25 0x00007f042257e47a llvm::legacy::PassManagerImpl::run(llvm::Module&) (/usr/bin/../lib/libLLVM-12.so+0xca747a)
#&#8203;26 0x00007f042941a193 (/usr/bin/../lib/libclang-cpp.so.12+0x1898193)
#&#8203;27 0x00007f042941c055 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) (/usr/bin/../lib/libclang-cpp.so.12+0x189a055)
#&#8203;28 0x00007f0429799652 (/usr/bin/../lib/libclang-cpp.so.12+0x1c17652)
#&#8203;29 0x00007f04284b9669 clang::ParseAST(clang::Sema&, bool, bool) (/usr/bin/../lib/libclang-cpp.so.12+0x937669)
#&#8203;30 0x00007f0429f042b9 clang::FrontendAction::Execute() (/usr/bin/../lib/libclang-cpp.so.12+0x23822b9)
#&#8203;31 0x00007f0429e9b5be clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/usr/bin/../lib/libclang-cpp.so.12+0x23195be)
#&#8203;32 0x00007f0429f84999 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/usr/bin/../lib/libclang-cpp.so.12+0x2402999)
#&#8203;33 0x000055da02e788de cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/usr/bin/clang-12+0x128de)
#&#8203;34 0x000055da02e75ee8 (/usr/bin/clang-12+0xfee8)
#&#8203;35 0x000055da02e72505 main (/usr/bin/clang-12+0xc505)
#&#8203;36 0x00007f042151cb25 __libc_start_main (/usr/bin/../lib/libc.so.6+0x27b25)
#&#8203;37 0x000055da02e7586e _start (/usr/bin/clang-12+0xf86e)
clang-12: error: unable to execute command: Aborted (core dumped)
clang-12: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 12.0.1
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
clang-12: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-12: note: diagnostic msg: /tmp/input-39df98.c
clang-12: note: diagnostic msg: /tmp/input-39df98.sh
clang-12: note: diagnostic msg: 

********************

I attach the files noted above:

$ cat /tmp/input-39df98.c
# 1 "<built-in>"
# 1 "input.c"
int main() {
    __uint128_t r;
    __builtin_mul_overflow((__int128)-1, 1, &r);
}
$ cat /tmp/input-39df98.sh
# Crash reproducer for clang version 12.0.1
# Driver args: "input.c"
# Original command:  "/usr/bin/clang-12" "-cc1" "-triple" "x86_64-pc-linux-gnu" "-emit-obj" "-mrelax-all" "--mrelax-relocations" "-disable-free" "-disable-llvm-verifier" "-discard-value-names" "-main-file-name" "input.c" "-mrelocation-model" "pic" "-pic-level" "2" "-pic-is-pie" "-mframe-pointer=all" "-fmath-errno" "-fno-rounding-math" "-mconstructor-aliases" "-munwind-tables" "-target-cpu" "x86-64" "-tune-cpu" "generic" "-fno-split-dwarf-inlining" "-debugger-tuning=gdb" "-resource-dir" "/usr/lib/clang/12.0.1" "-internal-isystem" "/usr/local/include" "-internal-isystem" "/usr/lib/clang/12.0.1/include" "-internal-externc-isystem" "/include" "-internal-externc-isystem" "/usr/include" "-fdebug-compilation-dir" "/tmp" "-ferror-limit" "19" "-stack-protector" "2" "-fgnuc-version=4.2.1" "-fcolor-diagnostics" "-faddrsig" "-o" "/tmp/input-b9d941.o" "-x" "c" "input.c"
 "/usr/bin/clang-12" "-cc1" "-triple" "x86_64-pc-linux-gnu" "-emit-obj" "-mrelax-all" "--mrelax-relocations" "-disable-free" "-disable-llvm-verifier" "-discard-value-names" "-main-file-name" "input.c" "-mrelocation-model" "pic" "-pic-level" "2" "-pic-is-pie" "-mframe-pointer=all" "-fmath-errno" "-fno-rounding-math" "-mconstructor-aliases" "-munwind-tables" "-target-cpu" "x86-64" "-tune-cpu" "generic" "-fno-split-dwarf-inlining" "-debugger-tuning=gdb" "-ferror-limit" "19" "-stack-protector" "2" "-fgnuc-version=4.2.1" "-fcolor-diagnostics" "-faddrsig" "-x" "c" "input-39df98.c"

And bugpoint from following the instruction about code generator bugs:

$ cat input.c 
int main() {
    __uint128_t r;
    __builtin_mul_overflow((__int128)-1, 1, &r);
}
$  clang -emit-llvm -c /tmp/input.c -o /tmp/input.bc
$ bugpoint -run-llc /tmp/input.bc
Read input file      : '/tmp/input.bc'
*** All input ok
Initializing execution environment: Found llc: /usr/bin/llc
Running the code generator to test for a crash: <llc>
Error running tool:
  /usr/bin/llc -o bugpoint-test-program-48f7920.bc-7ab2041.llc.s bugpoint-test-program-48f7920.bc
terminate called after throwing an instance of 'std::logic_error'
  what():  basic_string::_M_construct null not valid
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace.
Stack dump:
0.  Program arguments: /usr/bin/llc -o bugpoint-test-program-48f7920.bc-7ab2041.llc.s bugpoint-test-program-48f7920.bc
1.  Running pass 'Function Pass Manager' on module 'bugpoint-test-program-48f7920.bc'.
2.  Running pass 'X86 DAG->DAG Instruction Selection' on function '@main'
 #&#8203;0 0x00007f435c34b793 (/usr/bin/../lib/libLLVM-12.so+0xb49793)
 #&#8203;1 0x00007f435c348e96 (/usr/bin/../lib/libLLVM-12.so+0xb46e96)
 #&#8203;2 0x00007f435b45cda0 __restore_rt (/usr/bin/../lib/libc.so.6+0x3cda0)
 #&#8203;3 0x00007f435b45cd22 raise (/usr/bin/../lib/libc.so.6+0x3cd22)
 #&#8203;4 0x00007f435b446862 abort (/usr/bin/../lib/libc.so.6+0x26862)
 #&#8203;5 0x00007f435b685802 __gnu_cxx::__verbose_terminate_handler() (.cold) /build/gcc/src/gcc/libstdc++-v3/libsupc++/vterminate.cc:75:10
 #&#8203;6 0x00007f435b691c8a __cxxabiv1::__terminate(void (*)()) /build/gcc/src/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:48:15
 #&#8203;7 0x00007f435b691cf7 (/usr/bin/../lib/libstdc++.so.6+0xa5cf7)
 #&#8203;8 0x00007f435b691f8e (/usr/bin/../lib/libstdc++.so.6+0xa5f8e)
 #&#8203;9 0x00007f435b68836c std::__throw_logic_error(char const*) /build/gcc/src/gcc/libstdc++-v3/src/c++11/functexcept.cc:70:5
#&#8203;10 0x00007f435cc417c7 llvm::SelectionDAG::getTargetExternalSymbol(char const*, llvm::EVT, unsigned int) (/usr/bin/../lib/libLLVM-12.so+0x143f7c7)
#&#8203;11 0x00007f435f1ff4a1 (/usr/bin/../lib/libLLVM-12.so+0x39fd4a1)
#&#8203;12 0x00007f435f2b5297 (/usr/bin/../lib/libLLVM-12.so+0x3ab3297)
#&#8203;13 0x00007f435cbbb4de llvm::TargetLowering::LowerCallTo(llvm::TargetLowering::CallLoweringInfo&) const (/usr/bin/../lib/libLLVM-12.so+0x13b94de)
#&#8203;14 0x00007f435cb20e4d (/usr/bin/../lib/libLLVM-12.so+0x131ee4d)
#&#8203;15 0x00007f435cb3473d (/usr/bin/../lib/libLLVM-12.so+0x133273d)
#&#8203;16 0x00007f435cb3c115 (/usr/bin/../lib/libLLVM-12.so+0x133a115)
#&#8203;17 0x00007f435cb3c901 llvm::SelectionDAG::LegalizeTypes() (/usr/bin/../lib/libLLVM-12.so+0x133a901)
#&#8203;18 0x00007f435cc57216 llvm::SelectionDAGISel::CodeGenAndEmitDAG() (/usr/bin/../lib/libLLVM-12.so+0x1455216)
#&#8203;19 0x00007f435cc5a082 llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) (/usr/bin/../lib/libLLVM-12.so+0x1458082)
#&#8203;20 0x00007f435cc5c8d9 (/usr/bin/../lib/libLLVM-12.so+0x145a8d9)
#&#8203;21 0x00007f435f17e38c (/usr/bin/../lib/libLLVM-12.so+0x397c38c)
#&#8203;22 0x00007f435c7442a9 llvm::MachineFunctionPass::runOnFunction(llvm::Function&) (/usr/bin/../lib/libLLVM-12.so+0xf422a9)
#&#8203;23 0x00007f435c4a7af0 llvm::FPPassManager::runOnFunction(llvm::Function&) (/usr/bin/../lib/libLLVM-12.so+0xca5af0)
#&#8203;24 0x00007f435c4a7c5c llvm::FPPassManager::runOnModule(llvm::Module&) (/usr/bin/../lib/libLLVM-12.so+0xca5c5c)
#&#8203;25 0x00007f435c4a947a llvm::legacy::PassManagerImpl::run(llvm::Module&) (/usr/bin/../lib/libLLVM-12.so+0xca747a)
#&#8203;26 0x000055e0ccf45ec9 (/usr/bin/llc+0x14ec9)
#&#8203;27 0x000055e0ccf3e742 main (/usr/bin/llc+0xd742)
#&#8203;28 0x00007f435b447b25 __libc_start_main (/usr/bin/../lib/libc.so.6+0x27b25)
#&#8203;29 0x000055e0ccf3ed1e _start (/usr/bin/llc+0xdd1e)
*** Debugging code generator crash!

*** Attempting to reduce the number of function attributes in the testcase
<llc><crash>
<llc><crash>
<llc><crash>
<llc><crash>
<llc><crash>
<llc><crash>
<llc><crash>
<llc><crash>
<llc><crash>
<llc><crash>
Checking for crash with changing conditionals to always jump to true: : <llc><crash>
Emitted bitcode to 'bugpoint-reduced-conditionals.bc'
Checking for crash with only these blocks: : <llc><crash>
Emitted bitcode to 'bugpoint-reduced-blocks.bc'
Checking for crash with CFG simplifying: : <llc><crash>
Emitted bitcode to 'bugpoint-reduced-simplifycfg.bc'
Checking for crash with only 9 instructions: <llc><crash>
Checking for crash with only 5 instructions: <llc>
Checking for crash with only 4 instructions: <llc>
Checking for crash with only 7 instructions: <llc>
Checking for crash with only 2 instructions: <llc>
Checking for crash with only 8 instructions: <llc><crash>
Checking for crash with only 4 instructions: <llc>
Checking for crash with only 4 instructions: <llc>
Checking for crash with only 6 instructions: <llc>
Checking for crash with only 2 instructions: <llc>
Checking for crash with only 7 instructions: <llc>
Checking for crash with only 1 instruction: <llc>
Checking for crash with only 7 instructions: <llc><crash>
Checking for crash with only 6 instructions: <llc>
Checking for crash with only 6 instructions: <llc>
Checking for crash with only 6 instructions: <llc><crash>
Checking for crash with only 5 instructions: <llc><crash>
Checking for crash with only 4 instructions: <llc><crash>
Checking for crash with only 3 instructions: <llc>
Checking for crash with only 3 instructions: <llc>

*** Attempting to reduce testcase by deleting instructions: Simplification Level #&#8203;1
Checking instruction:   %1 = call { i129, i1 } @&#8203;llvm.smul.with.overflow.i129(i129 -1, i129 1)<llc>
Checking instruction:   %2 = extractvalue { i129, i1 } %1, 0<llc>
Checking instruction:   %3 = trunc i129 %2 to i128<llc>
Checking instruction:   store i128 %3, i128* undef, align 16<llc>

*** Attempting to reduce testcase by deleting instructions: Simplification Level #&#8203;0
Checking instruction:   %1 = call { i129, i1 } @&#8203;llvm.smul.with.overflow.i129(i129 -1, i129 1)<llc>
Checking instruction:   %2 = extractvalue { i129, i1 } %1, 0<llc>
Checking instruction:   %3 = trunc i129 %2 to i128<llc>
Checking instruction:   store i128 %3, i128* undef, align 16<llc>
Checking for crash with metadata retained from 5 instructions: <llc><crash>
Checking for crash with metadata retained from 3 instructions: <llc><crash>
Checking for crash with metadata retained from 2 instructions: <llc><crash>
Checking for crash with metadata retained from 1 instruction: <llc><crash>
Emitted bitcode to 'bugpoint-reduced-instructions.bc'

*** Attempting to strip the debug info: <llc><crash>

*** Attempting to strip the debug type info: <llc><crash>

*** Attempting to remove named metadata: Checking for crash with only these named metadata nodes: llvm.module.flags llvm.ident: <llc><crash>
Checking for crash with only these named metadata nodes: llvm.ident: <llc><crash>
Checking for crash with only 1 named metadata operand: <llc><crash>
Emitted bitcode to 'bugpoint-reduced-named-md.bc'

*** Attempting to perform final cleanups: <llc><crash>
Emitted bitcode to 'bugpoint-reduced-simplified.bc'

Thank You!

llvm / llvm-project

ICE: __builtin_mul_overflow breaks on (int128)1 * -1 -> uint128 #51701

Extended Description

llvm / llvm-project

ICE: __builtin_mul_overflow breaks on (__int128)1 * -1 -> __uint128 #51701

Extended Description

ICE: __builtin_mul_overflow breaks on (int128)1 * -1 -> uint128 #51701