<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [InlineCost] CallAnalyzer crashes when analyzing bitcasted callee"

   href="https://bugs.llvm.org/show_bug.cgi?id=35469">35469</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>[InlineCost] CallAnalyzer crashes when analyzing bitcasted callee

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Interprocedural Analyses

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>kavon.farvardin@gmail.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=19489" name="attach_19489" title="backtrace of infinite recursion crash">attachment 19489</a> <a href="attachment.cgi?id=19489&action=edit" title="backtrace of infinite recursion crash">[details]</a></span>

backtrace of infinite recursion crash

The following IR crashes LLVM when running -inline -early-cse. It is not

specific to early-cse, since other passes following inline also crash it, such

as instcombine, gvn, etc.

define void @func1() {

  %t = bitcast void ()* @func2 to void ()*

  tail call void %t()

  ret void

}

define void @func2() {

  %t = bitcast void ()* @func2 to void ()*

  tail call void %t()

  ret void

}

It appears to be the bitcast that is throwing off CallAnalyzer, and sends it

into an infinite loop. My best guess is that somewhere it assumes it is an

indirect call, but somewhere else it sees that the callee is known, and so it

recurses forever trying to analyze @func2. I have attached a backtrace to aid

in debugging.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>