<html>
<head>
<base href="https://llvm.org/bugs/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW --- - Crash in InnerLoopVectorizer::vectorizeLoop()"
href="https://llvm.org/bugs/show_bug.cgi?id=26509">26509</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Crash in InnerLoopVectorizer::vectorizeLoop()
</td>
</tr>
<tr>
<th>Product</th>
<td>libraries
</td>
</tr>
<tr>
<th>Version</th>
<td>3.8
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>FreeBSD
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>Loop Optimizer
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>andrew@fubar.geek.nz
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=15847" name="attach_15847" title="Minimised source">attachment 15847</a> <a href="attachment.cgi?id=15847&action=edit" title="Minimised source">[details]</a></span>
Minimised source
I'm getting the following crash from clang 3.8 when building FreeBSD on an
AArch64 server. I've attached the minimised C source that crashed.
The this pointer in frame 0 contains the value free puts into buffers when
freed indicating a use after free bug.
% lldb
/scratch/andrew/obj/scratch/andrew/clang380-import/tmp/scratch/andrew/clang380-import/usr.bin/clang/clang/clang
-c clang.core
(lldb) target create
"/scratch/andrew/obj/scratch/andrew/clang380-import/tmp/scratch/andrew/clang380-import/usr.bin/clang/clang/clang"
--core "clang.core"
Core file '/home/andrew/clang/clang.core' (aarch64) was loaded.
(lldb) bt
* thread #1: tid = 0, 0x00000000010452f0 clang`(anonymous
namespace)::InnerLoopVectorizer::vectorizeLoop() [inlined]
llvm::Type::getContext(this=0x5a5a5a5a5a5a5a5a) const at Type.h:115, name =
'clang', stop reason = signal SIGSEGV
* frame #0: 0x00000000010452f0 clang`(anonymous
namespace)::InnerLoopVectorizer::vectorizeLoop() [inlined]
llvm::Type::getContext(this=0x5a5a5a5a5a5a5a5a) const at Type.h:115
frame #1: 0x00000000010452f0 clang`(anonymous
namespace)::InnerLoopVectorizer::vectorizeLoop() + 268 at
LoopVectorize.cpp:3167
frame #2: 0x00000000010451e4 clang`(anonymous
namespace)::InnerLoopVectorizer::vectorizeLoop(this=0x0000007fffffbcc8) + 6628
at LoopVectorize.cpp:3289
frame #3: 0x000000000103ee5c clang`(anonymous
namespace)::InnerLoopVectorizer::vectorize(this=0x0000007fffffbcc8,
L=<unavailable>, MinimumBitWidths=<unavailable>)::LoopVectorizationLegality*,
llvm::MapVector<llvm::Instruction*, unsigned long,
llvm::DenseMap<llvm::Instruction*, unsigned int,
llvm::DenseMapInfo<llvm::Instruction*>,
llvm::detail::DenseMapPair<llvm::Instruction*, unsigned int> >,
std::__1::vector<std::__1::pair<llvm::Instruction*, unsigned long>,
std::__1::allocator<std::__1::pair<llvm::Instruction*, unsigned long> > > >) +
3776 at LoopVectorize.cpp:336
frame #4: 0x0000000001039104 clang`(anonymous
namespace)::LoopVectorize::processLoop(this=<unavailable>,
L=0x0000000042cb13c0) + 15152 at LoopVectorize.cpp:1889
frame #5: 0x0000000001035490 clang`(anonymous
namespace)::LoopVectorize::runOnFunction(this=0x0000000042c0d300,
F=<unavailable>) + 1388 at LoopVectorize.cpp:1659
frame #6: 0x0000000001dacb84
clang`llvm::FPPassManager::runOnFunction(this=0x0000007fffffc6e0,
F=0x0000000042c0d300) + 296 at LegacyPassManager.cpp:1550
frame #7: 0x0000000001dacdc0
clang`llvm::FPPassManager::runOnModule(this=0x0000000042c306c0,
M=<unavailable>) + 48 at LegacyPassManager.cpp:1571
frame #8: 0x0000000001dad1cc
clang`llvm::legacy::PassManagerImpl::run(llvm::Module&) + 160 at
LegacyPassManager.cpp:1627
frame #9: 0x0000000001dad12c
clang`llvm::legacy::PassManagerImpl::run(this=<unavailable>,
M=0x0000000042d38080) + 496 at LegacyPassManager.cpp:1730
frame #10: 0x0000000000628ba0
clang`clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::CodeGenOptions
const&, clang::TargetOptions const&, clang::LangOptions const&,
llvm::StringRef, llvm::Module*, clang::BackendAction, llvm::raw_pwrite_stream*)
+ 1472 at BackendUtil.cpp:703
frame #11: 0x00000000006285e0
clang`clang::EmitBackendOutput(Diags=<unavailable>, CGOpts=<unavailable>,
TOpts=<unavailable>, LOpts=<unavailable>, TDesc=<unavailable>, M=<unavailable>,
Action=<unavailable>, OS=<unavailable>) + 5228 at BackendUtil.cpp:720
frame #12: 0x0000000000626df0
clang`clang::BackendConsumer::HandleTranslationUnit(this=0x0000000042ca0280,
C=<unavailable>) + 456 at CodeGenAction.cpp:189
frame #13: 0x00000000007fa880 clang`clang::ParseAST(S=0x0000000042cf9000,
PrintStats=<unavailable>, SkipFunctionBodies=<unavailable>) + 544 at
ParseAST.cpp:168
frame #14: 0x000000000043c190
clang`clang::FrontendAction::Execute(this=<unavailable>) + 88 at
FrontendAction.cpp:439
frame #15: 0x000000000045a0cc
clang`clang::CompilerInstance::ExecuteAction(this=0x0000000042ca0000,
Act=0x0000000042cae0c0) + 1040 at CompilerInstance.cpp:840
frame #16: 0x00000000004084f8
clang`clang::ExecuteCompilerInvocation(Clang=0x0000000042ca0000) + 2316 at
ExecuteCompilerInvocation.cpp:222
frame #17: 0x000000000040075c clang`cc1_main(Argv=<unavailable>,
Argv0=<unavailable>, MainAddr=<unavailable>) + 916 at cc1_main.cpp:116
frame #18: 0x0000000000406e4c clang`main [inlined]
ExecuteCC1Tool(llvm::ArrayRef<char const*>, llvm::StringRef) + 80 at
driver.cpp:301
frame #19: 0x0000000000406dfc clang`main(argc_=<unavailable>,
argv_=<unavailable>) + 9612 at driver.cpp:366
frame #20: 0x0000000000400328 clang`__start + 360
I use the following to compile the attached code.
/scratch/andrew/obj/scratch/andrew/clang380-import/tmp/scratch/andrew/clang380-import/usr.bin/clang/clang/clang
"-cc1" "-triple" "aarch64-unknown-freebsd11.0" "-emit-obj" "-O2"
"-vectorize-loops" "-x" "c" "tip-339c01.c"</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>