[llvm-bugs] [Bug 46857] New: crash in llvm::SplitBlockPredecessors

via llvm-bugs llvm-bugs at lists.llvm.org
Mon Jul 27 01:25:06 PDT 2020 

https://bugs.llvm.org/show_bug.cgi?id=46857

            Bug ID: 46857
           Summary: crash in llvm::SplitBlockPredecessors
           Product: clang
           Version: trunk
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: C
          Assignee: unassignedclangbugs at nondot.org
          Reporter: llozano at chromium.org
                CC: blitzrakete at gmail.com, dgregor at apple.com,
                    erik.pilkington at gmail.com, llvm-bugs at lists.llvm.org,
                    richard-llvm at metafoo.co.uk

Created attachment 23775
  --> https://bugs.llvm.org/attachment.cgi?id=23775&action=edit
shell script for reproducer.

we have hit a crash with the following backtrace:

chromeos-kernel-4_4-4.4.231-r2340: clang-12:
/var/tmp/portage/sys-devel/llvm-11.0_pre394483_p20200618-r4/work/llvm-11.0_pre394483_p20200618/llvm/lib/Transforms/Utils/BasicBlockUtils.cpp:787:
llvm::BasicBlock *llvm::SplitBlockPredecessors(llvm::BasicBlock *,
ArrayRef<llvm::BasicBlock *>, const char *, llvm::DominatorTree *,
llvm::LoopInfo *, llvm::MemorySSAUpdater *, bool): Assertion
`!isa<CallBrInst>(Preds[i]->getTerminator()) && "Cannot split an edge from a
CallBrInst"' failed.
chromeos-kernel-4_4-4.4.231-r2340: PLEASE submit a bug report to
https://bugs.llvm.org/ and include the crash backtrace, preprocessed source,
and associated run script.
chromeos-kernel-4_4-4.4.231-r2340: Stack dump:
chromeos-kernel-4_4-4.4.231-r2340: 0.   Program arguments: /usr/bin/clang-12
-cc1 -triple x86_64-cros-linux-gnu -S -disable-free -main-file-name
v4l2-ctrls.c -mrelocation-model static -fno-delete-null-pointer-checks -mllvm
-warn-stack-size=2048 -mframe-pointer=all -relaxed-aliasing
-mdisable-tail-calls -fmath-errno -fno-rounding-math -no-integrated-as
-mconstructor-aliases -mcmodel=kernel -target-cpu x86-64 -target-feature
+retpoline-indirect-calls -target-feature +retpoline-indirect-branches
-target-feature -sse -target-feature -mmx -target-feature -sse2 -target-feature
-3dnow -target-feature -avx -target-feature -x87 -target-feature
+retpoline-external-thunk -disable-red-zone -fdebug-info-for-profiling
-fno-split-dwarf-inlining -debug-info-kind=constructor -dwarf-version=4
-debugger-tuning=gdb -nostdsysteminc -nobuiltininc -resource-dir
/usr/lib64/clang/12.0.0 -isystem /usr/lib64/clang/12.0.0/include -include
/build/eve/tmp/portage/sys-kernel/chromeos-kernel-4_4-4.4.231-r2340/work/chromeos-kernel-4_4-4.4.231/include/linux/kconfig.h
-D _FORTIFY_SOURCE=2 -I
/build/eve/tmp/portage/sys-kernel/chromeos-kernel-4_4-4.4.231-r2340/work/chromeos-kernel-4_4-4.4.231/arch/x86/include
-I arch/x86/include/generated/uapi -I arch/x86/include/generated -I
/build/eve/tmp/portage/sys-kernel/chromeos-kernel-4_4-4.4.231-r2340/work/chromeos-kernel-4_4-4.4.231/include
-I include -I
/build/eve/tmp/portage/sys-kernel/chromeos-kernel-4_4-4.4.231-r2340/work/chromeos-kernel-4_4-4.4.231/arch/x86/include/uapi
-I arch/x86/include/generated/uapi -I
/build/eve/tmp/portage/sys-kernel/chromeos-kernel-4_4-4.4.231-r2340/work/chromeos-kernel-4_4-4.4.231/include/uapi
-I include/generated/uapi -I
/build/eve/tmp/portage/sys-kernel/chromeos-kernel-4_4-4.4.231-r2340/work/chromeos-kernel-4_4-4.4.231/drivers/media/v4l2-core
-I drivers/media/v4l2-core -D __KERNEL__ -D CONFIG_AS_CFI=1 -D
CONFIG_AS_CFI_SIGNAL_FRAME=1 -D CONFIG_AS_CFI_SECTIONS=1 -D CONFIG_AS_FXSAVEQ=1
-D CONFIG_AS_SSSE3=1 -D CONFIG_AS_CRC32=1 -D CONFIG_AS_AVX=1 -D
CONFIG_AS_AVX2=1 -D CONFIG_AS_SHA1_NI=1 -D CONFIG_AS_SHA256_NI=1 -D RETPOLINE
-D CC_HAVE_ASM_GOTO -D CC_USING_FENTRY -I
/build/eve/tmp/portage/sys-kernel/chromeos-kernel-4_4-4.4.231-r2340/work/chromeos-kernel-4_4-4.4.231/drivers/media/dvb-core
-I
/build/eve/tmp/portage/sys-kernel/chromeos-kernel-4_4-4.4.231-r2340/work/chromeos-kernel-4_4-4.4.231/drivers/media/dvb-frontends
-I
/build/eve/tmp/portage/sys-kernel/chromeos-kernel-4_4-4.4.231-r2340/work/chromeos-kernel-4_4-4.4.231/drivers/media/tuners
-D KBUILD_STR(s)=#s -D KBUILD_BASENAME=KBUILD_STR(v4l2_ctrls) -D
KBUILD_MODNAME=KBUILD_STR(videodev) -isysroot /build/eve
-fmacro-prefix-map=/build/eve/tmp/portage/sys-kernel/chromeos-kernel-4_4-4.4.231-r2340/work/chromeos-kernel-4_4-4.4.231/=
-Os -Wno-tautological-constant-compare
-Wno-tautological-unsigned-enum-zero-compare -Wno-unknown-warning-option
-Wno-section -Wno-final-dtor-non-final-class -Werror=poison-system-directories
-Wall -Wundef -Wstrict-prototypes -Wno-trigraphs
-Werror-implicit-function-declaration -Wno-format-security -Wno-sign-compare
-Wno-frame-address -Wno-format-truncation -Wno-format-overflow
-Wno-int-in-bool-context -Wno-address-of-packed-member -Wno-attribute-alias
-Wno-format-invalid-specifier -Wno-gnu -Wno-duplicate-decl-specifier
-Wno-tautological-compare -Wno-unused-const-variable
-Wdeclaration-after-statement -Wno-pointer-sign -Wno-stringop-truncation
-Wno-zero-length-bounds -Wno-array-bounds -Wno-stringop-overflow -Wno-restrict
-Wno-maybe-uninitialized -Werror=implicit-int -Werror=strict-prototypes
-Werror=date-time -Wno-packed-not-aligned -Wno-initializer-overrides
-Wno-unused-value -Wno-format -Wno-sign-compare -Wno-format-zero-length
-Wno-uninitialized -Wno-pointer-to-enum-cast -Wno-implicit-int-float-conversion
-Werror -std=gnu89 -fno-dwarf-directory-asm -fdebug-compilation-dir
/build/eve/var/cache/portage/sys-kernel/chromeos-kernel-4_4 -ferror-limit 19
-pg -mfentry -fwrapv -stack-protector 2 -ftrivial-auto-var-init=pattern
-mstack-alignment=8 -fcf-protection=none
-fprofile-sample-use=/build/eve/tmp/portage/sys-kernel/chromeos-kernel-4_4-4.4.231-r2340/work/chromeos-kernel-4_4-R86-13333.0-1594632882.gcov.compbinary.afdo
-fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -o
/build/eve/tmp/portage/sys-kernel/chromeos-kernel-4_4-4.4.231-r2340/temp/v4l2-ctrls-6e5145.s
-x c
/build/eve/tmp/portage/sys-kernel/chromeos-kernel-4_4-4.4.231-r2340/work/chromeos-kernel-4_4-4.4.231/drivers/media/v4l2-core/v4l2-ctrls.c
chromeos-kernel-4_4-4.4.231-r2340: 1.   <eof> parser at end of file
chromeos-kernel-4_4-4.4.231-r2340: 2.   Optimizer
chromeos-kernel-4_4-4.4.231-r2340:  #0 0x000000000487d058
llvm::sys::PrintStackTrace(llvm::raw_ostream&) (/usr/bin/clang-12+0x487d058)
chromeos-kernel-4_4-4.4.231-r2340:  #1 0x000000000487abc0
llvm::sys::RunSignalHandlers() (/usr/bin/clang-12+0x487abc0)
chromeos-kernel-4_4-4.4.231-r2340:  #2 0x000000000487d7b5
(/usr/bin/clang-12+0x487d7b5)
chromeos-kernel-4_4-4.4.231-r2340:  #3 0x00007f184565b540 __restore_rt
(/lib64/libpthread.so.0+0x12540)
chromeos-kernel-4_4-4.4.231-r2340:  #4 0x00007f1844b4fd31 raise
(/lib64/libc.so.6+0x35d31)
chromeos-kernel-4_4-4.4.231-r2340:  #5 0x00007f1844b51a41 abort
(/lib64/libc.so.6+0x37a41)
chromeos-kernel-4_4-4.4.231-r2340:  #6 0x00007f1844b48437
(/lib64/libc.so.6+0x2e437)
chromeos-kernel-4_4-4.4.231-r2340:  #7 0x00007f1844b484e2
(/lib64/libc.so.6+0x2e4e2)
chromeos-kernel-4_4-4.4.231-r2340:  #8 0x000000000488cd84
llvm::SplitBlockPredecessors(llvm::BasicBlock*,
llvm::ArrayRef<llvm::BasicBlock*>, char const*, llvm::DominatorTree*,
llvm::LoopInfo*, llvm::MemorySSAUpdater*, bool) (/usr/bin/clang-12+0x488cd84)
chromeos-kernel-4_4-4.4.231-r2340:  #9 0x00000000045c20d0
llvm::JumpThreadingPass::SplitBlockPreds(llvm::BasicBlock*,
llvm::ArrayRef<llvm::BasicBlock*>, char const*) (/usr/bin/clang-12+0x45c20d0)
chromeos-kernel-4_4-4.4.231-r2340: #10 0x00000000045c4915
llvm::JumpThreadingPass::DuplicateCondBranchOnPHIIntoPred(llvm::BasicBlock*,
llvm::SmallVectorImpl<llvm::BasicBlock*> const&) (/usr/bin/clang-12+0x45c4915)
chromeos-kernel-4_4-4.4.231-r2340: #11 0x00000000045c170a
llvm::JumpThreadingPass::ProcessBranchOnXOR(llvm::BinaryOperator*)
(/usr/bin/clang-12+0x45c170a)
chromeos-kernel-4_4-4.4.231-r2340: #12 0x00000000045b908e
llvm::JumpThreadingPass::runImpl(llvm::Function&, llvm::TargetLibraryInfo*,
llvm::LazyValueInfo*, llvm::AAResults*, llvm::DomTreeUpdater*, bool,
std::__1::unique_ptr<llvm::BlockFrequencyInfo,
std::__1::default_delete<llvm::BlockFrequencyInfo> >,
std::__1::unique_ptr<llvm::BranchProbabilityInfo,
std::__1::default_delete<llvm::BranchProbabilityInfo> >)
(/usr/bin/clang-12+0x45b908e)
chromeos-kernel-4_4-4.4.231-r2340: #13 0x00000000045b8640
llvm::JumpThreadingPass::run(llvm::Function&,
llvm::AnalysisManager<llvm::Function>&) (/usr/bin/clang-12+0x45b8640)
chromeos-kernel-4_4-4.4.231-r2340: #14 0x000000000596132d
(/usr/bin/clang-12+0x596132d)
chromeos-kernel-4_4-4.4.231-r2340: #15 0x00000000040cd615
llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function>
>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&)
(/usr/bin/clang-12+0x40cd615)
chromeos-kernel-4_4-4.4.231-r2340: #16 0x0000000005964764
(/usr/bin/clang-12+0x5964764)
chromeos-kernel-4_4-4.4.231-r2340: #17 0x000000000413a166
llvm::PassManager<llvm::LazyCallGraph::SCC,
llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>,
llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&,
llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&,
llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (/usr/bin/clang-12+0x413a166)
chromeos-kernel-4_4-4.4.231-r2340: #18 0x0000000004218860
(/usr/bin/clang-12+0x4218860)
chromeos-kernel-4_4-4.4.231-r2340: #19 0x000000000421748a
llvm::ModuleToPostOrderCGSCCPassAdaptor<llvm::DevirtSCCRepeatedPass<llvm::PassManager<llvm::LazyCallGraph::SCC,
llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>,
llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&> > >::run(llvm::Module&,
llvm::AnalysisManager<llvm::Module>&) (/usr/bin/clang-12+0x421748a)
chromeos-kernel-4_4-4.4.231-r2340: #20 0x00000000042166bd
(/usr/bin/clang-12+0x42166bd)
chromeos-kernel-4_4-4.4.231-r2340: #21 0x00000000040cb803
llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>
>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&)
(/usr/bin/clang-12+0x40cb803)
chromeos-kernel-4_4-4.4.231-r2340: #22 0x000000000421156f
llvm::ModuleInlinerWrapperPass::run(llvm::Module&,
llvm::AnalysisManager<llvm::Module>&) (/usr/bin/clang-12+0x421156f)
chromeos-kernel-4_4-4.4.231-r2340: #23 0x000000000596512d
(/usr/bin/clang-12+0x596512d)
chromeos-kernel-4_4-4.4.231-r2340: #24 0x00000000040cb803
llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>
>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&)
(/usr/bin/clang-12+0x40cb803)
chromeos-kernel-4_4-4.4.231-r2340: #25 0x000000000597061d
(/usr/bin/clang-12+0x597061d)
chromeos-kernel-4_4-4.4.231-r2340: #26 0x00000000040cb803
llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>
>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&)
(/usr/bin/clang-12+0x40cb803)
chromeos-kernel-4_4-4.4.231-r2340: #27 0x0000000004f204d8
(/usr/bin/clang-12+0x4f204d8)
chromeos-kernel-4_4-4.4.231-r2340: #28 0x0000000004f18a68
clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions
const&, clang::CodeGenOptions const&, clang::TargetOptions const&,
clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*,
clang::BackendAction, std::__1::unique_ptr<llvm::raw_pwrite_stream,
std::__1::default_delete<llvm::raw_pwrite_stream> >)
(/usr/bin/clang-12+0x4f18a68)
chromeos-kernel-4_4-4.4.231-r2340: #29 0x0000000005296e3e
(/usr/bin/clang-12+0x5296e3e)
chromeos-kernel-4_4-4.4.231-r2340: #30 0x00000000064a0ff5
clang::ParseAST(clang::Sema&, bool, bool) (/usr/bin/clang-12+0x64a0ff5)
chromeos-kernel-4_4-4.4.231-r2340: #31 0x00000000051c5e03
clang::FrontendAction::Execute() (/usr/bin/clang-12+0x51c5e03)
chromeos-kernel-4_4-4.4.231-r2340: #32 0x0000000005130527
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/usr/bin/clang-12+0x5130527)
chromeos-kernel-4_4-4.4.231-r2340: #33 0x00000000052903f4
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/usr/bin/clang-12+0x52903f4)
chromeos-kernel-4_4-4.4.231-r2340: #34 0x000000000310113c
cc1_main(llvm::ArrayRef<char const*>, char const*, void*)
(/usr/bin/clang-12+0x310113c)
chromeos-kernel-4_4-4.4.231-r2340: #35 0x00000000030fed8b
(/usr/bin/clang-12+0x30fed8b)
chromeos-kernel-4_4-4.4.231-r2340: #36 0x00000000030fe3a8 main
(/usr/bin/clang-12+0x30fe3a8)

This crash has been automatically bisected to the following hash:
c3b8bd1eea5b74b6cd4a89f3c221bc2dfa891248

"commit c3b8bd1eea5b74b6cd4a89f3c221bc2dfa891248
Author: Roman Lebedev <lebedev.ri at gmail.com>
Date:   Sat Jul 4 17:39:48 2020 +0300

    [InstCombine] Always try to invert non-canonical predicate of an icmp
"

Attached are shell script and source file for reproducer.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200727/1273dd21/attachment-0001.html>

More information about the llvm-bugs mailing list