[LLVMbugs] [Bug 9446] New: segfault in jump threading

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Wed Mar 9 20:10:23 PST 2011 

http://llvm.org/bugs/show_bug.cgi?id=9446

           Summary: segfault in jump threading
           Product: new-bugs
           Version: trunk
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: new bugs
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: regehr at cs.utah.edu
                CC: llvmbugs at cs.uiuc.edu, chenyang at cs.utah.edu


Valgrind says it's null ptr deref.

regehr at home:~/volatile/bugs/tmp001$ clang -v

clang version 3.0 (trunk 127388)
Target: i386-pc-linux-gnu
Thread model: posix

regehr at home:~/volatile/bugs/tmp001$ clang -O -w small.c

0  clang 0x09536cb8
Stack dump:
0.    Program arguments:
/mnt/z/z/compiler-install/llvm-gcc-r127388-install/bin/clang -cc1 -triple
i386-pc-linux-gnu -emit-obj -disable-free -main-file-name small.c
-mrelocation-model static -mdisable-fp-elim -masm-verbose -mconstructor-aliases
-target-cpu pentium4 -target-linker-version 2.20.51 -momit-leaf-frame-pointer
-resource-dir
/mnt/z/z/compiler-install/llvm-gcc-r127388-install/bin/../lib/clang/3.0 -O2 -w
-ferror-limit 19 -fmessage-length 80 -fgnu-runtime -fdiagnostics-show-option
-fcolor-diagnostics -o /tmp/cc-GiN2iB.o -x c small.c 
1.    <eof> parser at end of file
2.    Per-module optimization passes
3.    Running pass 'CallGraph Pass Manager' on module 'small.c'.
4.    Running pass 'Jump Threading' on function '@int327'
clang: error: unable to execute command: Segmentation fault
clang: error: clang frontend command failed due to signal 1 (use -v to see
invocation)

regehr at home:~/volatile/bugs/tmp001$ cat small.c


typedef signed char int8_t;
typedef short int int16_t;
typedef int int32_t;
typedef unsigned char uint8_t;
__extension__ typedef unsigned long long int uint64_t;
static uint8_t
safe_rshift_func_int8_t_s_u (int8_t left, unsigned int right)
{
  return left || right ? : left >> right;
}

static uint8_t
safe_div_func_int16_t_s_s (int16_t si1, uint8_t si2)
{
  return si2 || si1 && si2 ? si1 : si1 + si2;
}

static uint8_t
safe_add_func_uint64_t_u_u (uint64_t ui1, uint8_t ui2)
{
  return ui1 + ui2;
}

struct S0
{
};
uint8_t g_80[1] = {
};

uint8_t func_39 (int32_t p_40, int uint8p_41, int uint32p_42, int32_t * const
p_43);
int32_t func_113 (struct S0 *p_114);

int int327 (struct S0 **p_108, uint8_t p_109)
{
  int32_t l_182;
  if (safe_div_func_int16_t_s_s (0, 0) || func_113 (0))
    {
      int32_t l_260;
      uint8_t l_266;
      int32_t *const l_269 = &l_182;
      for (; p_109; p_109 = safe_add_func_uint64_t_u_u (p_109, 1))
    {
      for (l_182 = 0; l_182 < 0; l_182 = 1)
        {
          if (safe_rshift_func_int8_t_s_u
          (1, func_39 (+p_109, 0x1BL, 1, l_269)))
        {
        }
        }
    }
      for (0; 1; l_260 += 1)
    for (l_266 = 0; l_266 < 1; l_266 += 1)
      {
        *l_269 &= 1;
        *l_269 = +g_80[0];
      }
    }
  return 0;
}

int32_t
func_113 (struct S0 * p_114)
{
  for (0;; 1)
    {
    }
}

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list