search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
28.24k stars 11.66k forks source link

Clang crash (Segmentation fault) at -O2/3/s #68553

Open junweizeng opened 11 months ago

junweizeng commented 11 months ago

Clang at -O2/3/s crashes.

When I compiled this code with different optimization levels on different versions of clang, I found that -O2/s caused ICE starting from clang-13.0.0, while -O3 caused ICE starting from clang-15.0.0.

Compiler explorer: https://godbolt.org/z/xoPnzoWs3

$ cat test.c
int c[];
int d, e;
char f, i;
short a, b;
char *j() {
  for (;;) {
    a = 0;
    for (; a <= 5; a++)
      if (a == 1)
        return &a;
    break;
  }
  for (; b;) {
    e = 0;
    for (; e < 6; e++) {
      i = 0;
      for (; i <= 5; i++)
        for (int g = 0; g < 8; g++)
          for (int h = 0; h < 9; h++) {
            d = c[d] & 5 ^ c[d ^ f];
            d = d & 5 ^ c[d ^ f];
            d = d & 5 ^ c[d ^ f];
            d = d & 5 ^ c[d ^ f];
            d = d & 5 ^ c[d ^ f];
          }
    }
  }
}
$
$ clang-16 --version
clang version 16.0.0
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/jwzeng/compilers/llvm/llvm-16.0.0/bin
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Candidate multilib: .;@m64
Selected multilib: .;@m64
$
$ clang-16 -O2 -w test.c
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.  Program arguments: /home/jwzeng/compilers/llvm/llvm-16.0.0/bin/clang-16 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name test1.c -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -mllvm -treat-scalable-fixed-error-as-warning -debugger-tuning=gdb -fcoverage-compilation-dir=/home/jwzeng/workplace/compiler_testing/scripts/testing-20231008-100t7csmith-v3-ubuntu/result/clang/compfail/S_3403600649/test -resource-dir /home/jwzeng/compilers/llvm/llvm-16.0.0/lib/clang/16 -internal-isystem /home/jwzeng/compilers/llvm/llvm-16.0.0/lib/clang/16/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -w -fdebug-compilation-dir=/home/jwzeng/workplace/compiler_testing/scripts/testing-20231008-100t7csmith-v3-ubuntu/result/clang/compfail/S_3403600649/test -ferror-limit 19 -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/test1-fd704c.o -x c test1.c
1.  <eof> parser at end of file
2.  Optimizer
  #0 0x00005624a5903b68 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/home/jwzeng/compilers/llvm/llvm-16.0.0/bin/clang-16+0x3103b68)
  #1 0x00005646a7d01aae llvm::sys::RunSignalHandlers() (/home/jwzeng/compilers/llvm/llvm-16.0.0/bin/clang-16+0x3101aae)
  #2 0x00005646a7d041ed SignalHandler(int) Signals.cpp:0:0
  #3 0x00007f775cc35520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
  #4 0x00005646a71efb99 computeKnownBitsFromAssume(llvm::Value const*, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
  #5 0x00005646a71ebebb computeKnownBitsFromOperator(llvm::Operator const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
  #6 0x00005646a71d9de5 computeKnownBits(llvm::Value const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
  #7 0x00005646a71ec2d6 computeKnownBitsFromOperator(llvm::Operator const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
  #8 0x00005646a71d9de5 computeKnownBits(llvm::Value const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
  #9 0x00005646a71ec372 computeKnownBitsFromOperator(llvm::Operator const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
  ...
  ...
  ...
  #255 0x00005624a4d91a47 llvm::ScalarEvolution::computeSCEVAtScope(llvm::SCEV const*, llvm::Loop const*) (/home/jwzeng/compilers/llvm/llvm-16.0.0/bin/clang-16+0x2591a47)
clang-16: error: unable to execute command: Segmentation fault (core dumped)
clang-16: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 16.0.0
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/jwzeng/compilers/llvm/llvm-16.0.0/bin
clang-16: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-16: note: diagnostic msg: /tmp/test1-493d8d.c
clang-16: note: diagnostic msg: /tmp/test1-493d8d.sh
clang-16: note: diagnostic msg: 

********************
HerrCai0907 commented 11 months ago

It's due to stack overflow in SCEV

junweizeng commented 11 months ago

It's due to stack overflow in SCEV

Hi @HerrCai0907,

Thanks for your reply, I have revised the title of this issue. Could you please provide more information on the cause of this crash?

Best regards, Junwei Zeng.