[llvm-bugs] [Bug 25541] New: SEGV in llvm::Value::getContext() on bogus Value object (experienced with clang-cl on Windows)
via llvm-bugs
llvm-bugs at lists.llvm.org
Mon Nov 16 06:07:49 PST 2015
https://llvm.org/bugs/show_bug.cgi?id=25541
Bug ID: 25541
Summary: SEGV in llvm::Value::getContext() on bogus Value
object (experienced with clang-cl on Windows)
Product: clang
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P
Component: -New Bugs
Assignee: unassignedclangbugs at nondot.org
Reporter: stephan.bergmann.secondary at googlemail.com
CC: llvm-bugs at lists.llvm.org
Classification: Unclassified
Created attachment 15295
--> https://llvm.org/bugs/attachment.cgi?id=15295&action=edit
reproducer
Compiling the attached test.cc with recent Clang trunk SEGVs with
> $ clang -cc1 -triple x86_64-pc-windows-msvc -emit-obj -fcxx-exceptions -fexceptions -momit-leaf-frame-pointer -Os -fms-extensions -std=c++11 -x c++ test.cc
> #0 0x189ded5 printSymbolizedStackTrace clang/trunk/src/lib/Support/Unix/Signals.inc:314:0
> #1 0x189ded5 llvm::sys::PrintStackTrace(llvm::raw_ostream&) clang/trunk/src/lib/Support/Unix/Signals.inc:406:0
> #2 0x189cf96 llvm::sys::RunSignalHandlers() clang/trunk/src/lib/Support/Signals.cpp:35:0
> #3 0x189d10f SignalHandler(int) clang/trunk/src/lib/Support/Unix/Signals.inc:211:0
> #4 0x7f36ca97e430 __restore_rt (/lib64/libpthread.so.0+0x10430)
> #5 0x15a0294 llvm::Value::getContext() const clang/trunk/src/lib/IR/Value.cpp:518:0
> #6 0x15a1443 llvm::ValueHandleBase::AddToUseList() clang/trunk/src/lib/IR/Value.cpp:569:0
> #7 0x179ca79 llvm::ValueHandleBase::ValueHandleBase(llvm::ValueHandleBase::HandleBaseKind, llvm::Value*) clang/trunk/src/include/llvm/IR/ValueHandle.h:76:0
> #8 0x179ca79 llvm::AssertingVH<llvm::Value>::AssertingVH(llvm::Value*) clang/trunk/src/include/llvm/IR/ValueHandle.h:218:0
> #9 0x179ca79 llvm::SCEVExpander::isInsertedInstruction(llvm::Instruction*) const clang/trunk/src/include/llvm/Analysis/ScalarEvolutionExpander.h:196:0
> #10 0x179ca79 AdjustInsertPositionForExpand clang/trunk/src/lib/Transforms/Scalar/LoopStrengthReduce.cpp:4443:0
> #11 0x179ca79 (anonymous namespace)::LSRInstance::Expand((anonymous namespace)::LSRFixup const&, (anonymous namespace)::Formula const&, llvm::ilist_iterator<llvm::Instruction>, llvm::SCEVExpander&, llvm::SmallVectorImpl<llvm::WeakVH>&) const [clone .constprop.666] clang/trunk/src/lib/Transforms/Scalar/LoopStrengthReduce.cpp:4462:0
> #12 0x17a2c72 Rewrite clang/trunk/src/lib/Transforms/Scalar/LoopStrengthReduce.cpp:4723:0
> #13 0x17a2c72 (anonymous namespace)::LSRInstance::ImplementSolution(llvm::SmallVectorImpl<(anonymous namespace)::Formula const*> const&, llvm::Pass*) [clone .isra.641] clang/trunk/src/lib/Transforms/Scalar/LoopStrengthReduce.cpp:4774:0
> #14 0x17afd5e begin clang/trunk/src/include/llvm/ADT/SmallVector.h:113:0
> #15 0x17afd5e ~SmallVectorImpl clang/trunk/src/include/llvm/ADT/SmallVector.h:370:0
> #16 0x17afd5e ~SmallVector clang/trunk/src/include/llvm/ADT/SmallVector.h:868:0
> #17 0x17afd5e LSRInstance clang/trunk/src/lib/Transforms/Scalar/LoopStrengthReduce.cpp:4867:0
> #18 0x17afd5e (anonymous namespace)::LoopStrengthReduce::runOnLoop(llvm::Loop*, llvm::LPPassManager&) [clone .part.656] [clone .constprop.660] clang/trunk/src/lib/Transforms/Scalar/LoopStrengthReduce.cpp:5008:0
> #19 0x1fe675b llvm::LPPassManager::runOnFunction(llvm::Function&) clang/trunk/src/lib/Analysis/LoopPass.cpp:232:0
> #20 0x157909b llvm::FPPassManager::runOnFunction(llvm::Function&) clang/trunk/src/lib/IR/LegacyPassManager.cpp:1521:0
> #21 0x157942b llvm::FPPassManager::runOnModule(llvm::Module&) clang/trunk/src/lib/IR/LegacyPassManager.cpp:1542:0
> #22 0x1578cca runOnModule clang/trunk/src/lib/IR/LegacyPassManager.cpp:1598:0
> #23 0x1578cca llvm::legacy::PassManagerImpl::run(llvm::Module&) clang/trunk/src/lib/IR/LegacyPassManager.cpp:1701:0
> #24 0x19a79b3 llvm::PrettyStackTraceString::~PrettyStackTraceString() clang/trunk/src/include/llvm/Support/PrettyStackTrace.h:49:0
> #25 0x19a79b3 EmitAssembly clang/trunk/src/tools/clang/lib/CodeGen/BackendUtil.cpp:639:0
> #26 0x19a79b3 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, llvm::raw_pwrite_stream*) clang/trunk/src/tools/clang/lib/CodeGen/BackendUtil.cpp:652:0
> #27 0x1ec8b8a clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) clang/trunk/src/tools/clang/lib/CodeGen/CodeGenAction.cpp:193:0
> #28 0x213c21a clang::ParseAST(clang::Sema&, bool, bool) clang/trunk/src/tools/clang/lib/Parse/ParseAST.cpp:168:0
> #29 0x1ec8c8b clang::CodeGenAction::ExecuteAction() clang/trunk/src/tools/clang/lib/CodeGen/CodeGenAction.cpp:798:0
> #30 0x1c48406 clang::FrontendAction::Execute() clang/trunk/src/tools/clang/lib/Frontend/FrontendAction.cpp:439:0
> #31 0x1c243e9 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) clang/trunk/src/tools/clang/lib/Frontend/CompilerInstance.cpp:839:0
> #32 0x1cc3b83 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) clang/trunk/src/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:222:0
> #33 0x877520 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) clang/trunk/src/tools/clang/tools/driver/cc1_main.cpp:116:0
> #34 0x833684 ExecuteCC1Tool clang/trunk/src/tools/clang/tools/driver/driver.cpp:301:0
> #35 0x833684 main clang/trunk/src/tools/clang/tools/driver/driver.cpp:366:0
> #36 0x7f36c9b17700 __libc_start_main (/lib64/libc.so.6+0x20700)
> #37 0x874079 _start (clang/trunk/inst/bin/clang-3.8+0x874079)
> Stack dump:
> 0. Program arguments: clang -cc1 -triple x86_64-pc-windows-msvc -emit-obj -fcxx-exceptions -fexceptions -momit-leaf-frame-pointer -Os -fms-extensions -std=c++11 -x c++ test.cc
> 1. <eof> parser at end of file
> 2. Code generation
> 3. Running pass 'Function Pass Manager' on module 'test.cc'.
> 4. Running pass 'Loop Pass Manager' on function '@"\01?f1@?$C1 at H@@QEAAXXZ"'
> 5. Running pass 'Loop Strength Reduction' on basic block '%for.cond.i'
> Segmentation fault
(regardless of the OS that Clang is run on; seen it originally with clang-cl on
Windows, but can reproduce on Linux as well).
Some experimentation makes it look like that the llvm::Value this pointer in
frame 5 is actually 16 bytes into a llvm::BasicBlock object (so getContext()
happens to try to dereference an uninitialized 8 bytes as a pointer). Patching
Clang to keep track of all llvm::Value instantiations and checking that
llvm::ValueHandleBase instances are created with a valid Value pointer
(attached BUG.patch) points at
> $ clang -cc1 -triple x86_64-pc-windows-msvc -emit-obj -fcxx-exceptions -fexceptions -momit-leaf-frame-pointer -Os -fms-extensions -std=c++11 -x c++ test.cc
> clang: clang/trunk/src/lib/IR/Value.cpp:51: llvm::ValueHandleBase::ValueHandleBase(llvm::ValueHandleBase::HandleBaseKind, llvm::Value*): Assertion `SB.find(V)!=SB.end()' failed.
> #0 0x18a4e25 printSymbolizedStackTrace clang/trunk/src/lib/Support/Unix/Signals.inc:314:0
> #1 0x18a4e25 llvm::sys::PrintStackTrace(llvm::raw_ostream&) clang/trunk/src/lib/Support/Unix/Signals.inc:406:0
> #2 0x18a3ee6 llvm::sys::RunSignalHandlers() clang/trunk/src/lib/Support/Signals.cpp:35:0
> #3 0x18a405f SignalHandler(int) clang/trunk/src/lib/Support/Unix/Signals.inc:211:0
> #4 0x7fd98cad1430 __restore_rt (/lib64/libpthread.so.0+0x10430)
> #5 0x7fd98bc7e9c8 __GI_raise (/lib64/libc.so.6+0x349c8)
> #6 0x7fd98bc8065a __GI_abort (/lib64/libc.so.6+0x3665a)
> #7 0x7fd98bc77187 __assert_fail_base (/lib64/libc.so.6+0x2d187)
> #8 0x7fd98bc77232 (/lib64/libc.so.6+0x2d232)
> #9 0x15a7529 llvm::ValueHandleBase::ValueHandleBase(llvm::ValueHandleBase::HandleBaseKind, llvm::Value*) clang/trunk/src/lib/IR/Value.cpp:51:0
> #10 0x17a0abd llvm::AssertingVH<llvm::Value>::AssertingVH(llvm::Value*) clang/trunk/src/include/llvm/IR/ValueHandle.h:218:0
> #11 0x17a0abd llvm::SCEVExpander::isInsertedInstruction(llvm::Instruction*) const clang/trunk/src/include/llvm/Analysis/ScalarEvolutionExpander.h:196:0
> #12 0x17a0abd AdjustInsertPositionForExpand clang/trunk/src/lib/Transforms/Scalar/LoopStrengthReduce.cpp:4443:0
> #13 0x17a0abd (anonymous namespace)::LSRInstance::Expand((anonymous namespace)::LSRFixup const&, (anonymous namespace)::Formula const&, llvm::ilist_iterator<llvm::Instruction>, llvm::SCEVExpander&, llvm::SmallVectorImpl<llvm::WeakVH>&) const [clone .constprop.666] clang/trunk/src/lib/Transforms/Scalar/LoopStrengthReduce.cpp:4462:0
> #14 0x17a9b35 Rewrite clang/trunk/src/lib/Transforms/Scalar/LoopStrengthReduce.cpp:4723:0
> #15 0x17a9b35 (anonymous namespace)::LSRInstance::ImplementSolution(llvm::SmallVectorImpl<(anonymous namespace)::Formula const*> const&, llvm::Pass*) [clone .isra.641] clang/trunk/src/lib/Transforms/Scalar/LoopStrengthReduce.cpp:4774:0
> #16 0x17b4c7f begin clang/trunk/src/include/llvm/ADT/SmallVector.h:113:0
> #17 0x17b4c7f ~SmallVectorImpl clang/trunk/src/include/llvm/ADT/SmallVector.h:370:0
> #18 0x17b4c7f ~SmallVector clang/trunk/src/include/llvm/ADT/SmallVector.h:868:0
> #19 0x17b4c7f LSRInstance clang/trunk/src/lib/Transforms/Scalar/LoopStrengthReduce.cpp:4867:0
> #20 0x17b4c7f (anonymous namespace)::LoopStrengthReduce::runOnLoop(llvm::Loop*, llvm::LPPassManager&) [clone .part.656] [clone .constprop.660] clang/trunk/src/lib/Transforms/Scalar/LoopStrengthReduce.cpp:5008:0
> #21 0x1ff24cb llvm::LPPassManager::runOnFunction(llvm::Function&) clang/trunk/src/lib/Analysis/LoopPass.cpp:232:0
> #22 0x157e14b llvm::FPPassManager::runOnFunction(llvm::Function&) clang/trunk/src/lib/IR/LegacyPassManager.cpp:1521:0
> #23 0x157e4db llvm::FPPassManager::runOnModule(llvm::Module&) clang/trunk/src/lib/IR/LegacyPassManager.cpp:1542:0
> #24 0x157dd7a runOnModule clang/trunk/src/lib/IR/LegacyPassManager.cpp:1598:0
> #25 0x157dd7a llvm::legacy::PassManagerImpl::run(llvm::Module&) clang/trunk/src/lib/IR/LegacyPassManager.cpp:1701:0
> #26 0x19b2183 llvm::PrettyStackTraceString::~PrettyStackTraceString() clang/trunk/src/include/llvm/Support/PrettyStackTrace.h:49:0
> #27 0x19b2183 EmitAssembly clang/trunk/src/tools/clang/lib/CodeGen/BackendUtil.cpp:639:0
> #28 0x19b2183 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, llvm::raw_pwrite_stream*) clang/trunk/src/tools/clang/lib/CodeGen/BackendUtil.cpp:652:0
> #29 0x1ed31fa clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) clang/trunk/src/tools/clang/lib/CodeGen/CodeGenAction.cpp:193:0
> #30 0x2147f8a clang::ParseAST(clang::Sema&, bool, bool) clang/trunk/src/tools/clang/lib/Parse/ParseAST.cpp:168:0
> #31 0x1ed32fb clang::CodeGenAction::ExecuteAction() clang/trunk/src/tools/clang/lib/CodeGen/CodeGenAction.cpp:798:0
> #32 0x1c52a76 clang::FrontendAction::Execute() clang/trunk/src/tools/clang/lib/Frontend/FrontendAction.cpp:439:0
> #33 0x1c2ea59 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) clang/trunk/src/tools/clang/lib/Frontend/CompilerInstance.cpp:839:0
> #34 0x1cce1f3 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) clang/trunk/src/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:222:0
> #35 0x8775d0 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) clang/trunk/src/tools/clang/tools/driver/cc1_main.cpp:116:0
> #36 0x8336f4 ExecuteCC1Tool clang/trunk/src/tools/clang/tools/driver/driver.cpp:301:0
> #37 0x8336f4 main clang/trunk/src/tools/clang/tools/driver/driver.cpp:366:0
> #38 0x7fd98bc6a700 __libc_start_main (/lib64/libc.so.6+0x20700)
> #39 0x874129 _start (clang/trunk/inst/bin/clang-3.8+0x874129)
> Stack dump:
> 0. Program arguments: clang -cc1 -triple x86_64-pc-windows-msvc -emit-obj -fcxx-exceptions -fexceptions -momit-leaf-frame-pointer -Os -fms-extensions -std=c++11 -x c++ test.cc
> 1. <eof> parser at end of file
> 2. Code generation
> 3. Running pass 'Function Pass Manager' on module 'test.cc'.
> 4. Running pass 'Loop Pass Manager' on function '@"\01?f1@?$C1 at H@@QEAAXXZ"'
> 5. Running pass 'Loop Strength Reduction' on basic block '%for.cond.i'
> Aborted
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20151116/33e04294/attachment-0001.html>
More information about the llvm-bugs
mailing list