<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Assertion `(!isa<llvm::Constant>(EvaluatedGEP.TotalOffset) || EvaluatedGEP.OffsetOverflows == Builder.getFalse()) && "If the offset got constant-folded, we don't expect that there was an " "overflow."'"

   href="https://bugs.llvm.org/show_bug.cgi?id=48824">48824</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Assertion `(!isa<llvm::Constant>(EvaluatedGEP.TotalOffset) || EvaluatedGEP.OffsetOverflows == Builder.getFalse()) && "If the offset got constant-folded, we don't expect that there was an " "overflow."'

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>clang

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Frontend

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedclangbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>vince.a.bridgers@gmail.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org, neeilans@live.com, richard-llvm@metafoo.co.uk

          </td>

        </tr></table>

      <p>

        <div>

        <pre>This was found in a downstream compiler for an out-of-tree target using

randomized testing, but is reproduced on tip of tree using an in-tree target.

Two simple minimized reproducers show this crash. 

It appears that the indices or address calculations expressed in these samples

are not properly checked for maximum representation limits for the target? That

seems to be why this is only reproducible for a 16-bit target like the msp430.

clang command line

---

clang -c -fsanitize=undefined --target=msp430-unknown test.c

Two test cases show this ... 

case 1

--- 

a;

_Complex b[][1];

c() { b[a][8920]; }

case 2

---

int **a[];

int main() { 

  (*a)[28001000]; 

}

Relevant backtrace (edited)

---

clang: <root>/clang/lib/CodeGen/CGExprScalar.cpp:4980: llvm::Value*

clang::CodeGen::CodeGenFunction::EmitCheckedInBoundsGEP(llvm::Value*,

llvm::ArrayRef<llvm::Value*>, bool, bool, clang::SourceLocation, const

llvm::Twine&): Assertion `(!isa<llvm::Constant>(EvaluatedGEP.TotalOffset) ||

EvaluatedGEP.OffsetOverflows == Builder.getFalse()) && "If the offset got

constant-folded, we don't expect that there was an " "overflow."' failed.

Program received signal SIGABRT, Aborted.

0x00007ffff4ff6387 in raise () from /lib64/libc.so.6

(gdb) bt

<trimmed>

#4  0x0000000005b2abee in

clang::CodeGen::CodeGenFunction::EmitCheckedInBoundsGEP (this=0x7fffffff6a30,

Ptr=0x123f99a0, IdxList=..., SignedIndices=true, IsSubtraction=false, Loc=...,

Name=...)

    at <root>/clang/lib/CodeGen/CGExprScalar.cpp:4980

#5  0x0000000005ad7a65 in emitArraySubscriptGEP (CGF=..., ptr=0x123f99a0,

indices=..., inbounds=true, signedIndices=true, loc=..., name=...) at

<root>/clang/lib/CodeGen/CGExpr.cpp:3577

#6  0x0000000005ad7f45 in emitArraySubscriptGEP (CGF=..., addr=...,

indices=..., eltType=..., inbounds=true, signedIndices=true, loc=...,

arrayType=0x7fffffff5750, Base=0x123b2918, name=...)

    at <root>/clang/lib/CodeGen/CGExpr.cpp:3674

#7  0x0000000005ad92bd in

clang::CodeGen::CodeGenFunction::EmitArraySubscriptExpr (this=0x7fffffff6a30,

E=0x123b2930, Accessed=true) at <root>/clang/lib/CodeGen/CGExpr.cpp:3839

#8  0x0000000005aca6c9 in clang::CodeGen::CodeGenFunction::EmitCheckedLValue

(this=0x7fffffff6a30, E=0x123b2930,

TCK=clang::CodeGen::CodeGenFunction::TCK_Load)

    at <root>/clang/lib/CodeGen/CGExpr.cpp:1252

#9  0x0000000005b1311b in (anonymous

namespace)::ScalarExprEmitter::EmitCheckedLValue (this=0x7fffffff6550,

E=0x123b2930, TCK=clang::CodeGen::CodeGenFunction::TCK_Load)

    at <root>/clang/lib/CodeGen/CGExprScalar.cpp:245

#10 0x0000000005b133c6 in (anonymous

namespace)::ScalarExprEmitter::EmitLoadOfLValue (this=0x7fffffff6550,

E=0x123b2930) at <root>/clang/lib/CodeGen/CGExprScalar.cpp:294

#11 0x0000000005b199bd in (anonymous

namespace)::ScalarExprEmitter::VisitArraySubscriptExpr (this=0x7fffffff6550,

E=0x123b2930) at <root>/clang/lib/CodeGen/CGExprScalar.cpp:1705

#12 0x0000000005b2c02a in clang::StmtVisitorBase<std::add_pointer, (anonymous

namespace)::ScalarExprEmitter, llvm::Value*>::Visit (this=0x7fffffff6550,

S=0x123b2930) at tools/clang/include/clang/AST/StmtNodes.inc:635

#13 0x0000000005b136c2 in (anonymous namespace)::ScalarExprEmitter::Visit

(this=0x7fffffff6550, E=0x123b2930) at

<root>/clang/lib/CodeGen/CGExprScalar.cpp:409

#14 0x0000000005b1bd41 in (anonymous

namespace)::ScalarExprEmitter::VisitCastExpr (this=0x7fffffff6550,

CE=0x123b2950) at <root>/clang/lib/CodeGen/CGExprScalar.cpp:2191

#15 0x0000000005b2ddc3 in clang::StmtVisitorBase<std::add_pointer, (anonymous

namespace)::ScalarExprEmitter, llvm::Value*>::VisitImplicitCastExpr

(this=0x7fffffff6550, S=0x123b2950)

    at tools/clang/include/clang/AST/StmtNodes.inc:919

<trimmed></pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>