<html>

    <head>

      <base href="https://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - Loop unrolling lead to program crash"

   href="https://llvm.org/bugs/show_bug.cgi?id=28828">28828</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Loop unrolling lead to program crash

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Loop Optimizer

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>feishenniubi@gmail.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=16869" name="attach_16869" title="The original program, in .ll form">attachment 16869</a> <a href="attachment.cgi?id=16869&action=edit" title="The original program, in .ll form">[details]</a></span>

The original program, in .ll form

Running the trunk version of the loop unroller will transform a non-crashing

program into a crashing one.

Here's how the original program behaves:

<span class="quote">> llc test.ll -o test.s

> g++ test.s -o test

> ./test</span >

// Program terminates normally

Here's how the loop-unrolled program behaves:

<span class="quote">> opt test.ll -loop-unroll -o test_opt.bc

> llc test_opt.bc -o test_opt.s

> g++ test_opt.s -o test_opt

> ./test_opt</span >

// Segmentation fault

I can reproduce the issue on two different Linux platforms: RHEL 7.2 and Ubuntu

14.04. Both platform use gcc 5.3 toolchain.

Also, I am not able to shrink the test case further using bugpoint due to an

unfixed bug in bugpoint itself: <a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - Bugpoint's basic block extraction produce codes that get rejected by the verifier"

   href="show_bug.cgi?id=28803">https://llvm.org/bugs/show_bug.cgi?id=28803</a></pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>