<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Excessive recursion in llvm::ScalarEvolution::getRangeRef"
   href="https://bugs.llvm.org/show_bug.cgi?id=50235">50235</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Excessive recursion in llvm::ScalarEvolution::getRangeRef
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>clang
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>12.0
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Static Analyzer
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>dcoughlin@apple.com
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>martin.thomson@gmail.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>dcoughlin@apple.com, llvm-bugs@lists.llvm.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>This ultimately crashes for the file that I'm using.

The stack is long, but it starts with:

```
#0  0x00007fdfd438e39a in ?? () from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#1  0x00007fdfd4377970 in ?? () from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#2  0x00007fdfd438d42b in ?? () from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#3  0x00007fdfd4377f26 in ?? () from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#4  0x00007fdfd4377970 in ?? () from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#5  0x00007fdfd43783db in llvm::computeKnownBits(llvm::Value const*,
llvm::DataLayout const&, unsigned int, llvm::AssumptionCache*,
llvm::Instruction const*, llvm::DominatorTree const*,
llvm::OptimizationRemarkEmitter*, bool) ()
   from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#6  0x00007fdfd43151f2 in
llvm::ScalarEvolution::GetMinTrailingZerosImpl(llvm::SCEV const*) ()
   from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#7  0x00007fdfd4301716 in llvm::ScalarEvolution::GetMinTrailingZeros(llvm::SCEV
const*) ()
   from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#8  0x00007fdfd4315525 in llvm::ScalarEvolution::getRangeRef(llvm::SCEV const*,
llvm::ScalarEvolution::RangeSignHint) ()
   from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#9  0x00007fdfd43181b0 in llvm::ScalarEvolution::getRangeRef(llvm::SCEV const*,
llvm::ScalarEvolution::RangeSignHint) ()
   from /lib/x86_64-linux-gnu/libLLVM-12.so.1
```

That last line repeats a few times, until it ends on:

```
#7575 0x00007fdfd43181b0 in llvm::ScalarEvolution::getRangeRef(llvm::SCEV
const*, llvm::ScalarEvolution::RangeSignHint) () from
/lib/x86_64-linux-gnu/libLLVM-12.so.1
#7576 0x00007fdfd43181b0 in llvm::ScalarEvolution::getRangeRef(llvm::SCEV
const*, llvm::ScalarEvolution::RangeSignHint) () from
/lib/x86_64-linux-gnu/libLLVM-12.so.1
#7577 0x00007fdfd43181b0 in llvm::ScalarEvolution::getRangeRef(llvm::SCEV
const*, llvm::ScalarEvolution::RangeSignHint) () from
/lib/x86_64-linux-gnu/libLLVM-12.so.1
#7578 0x00007fdfd4309cf3 in ?? () from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#7579 0x00007fdfd42fd46f in
llvm::ScalarEvolution::getAddExpr(llvm::SmallVectorImpl<llvm::SCEV const*>&,
llvm::SCEV::NoWrapFlags, unsigned int) () from
/lib/x86_64-linux-gnu/libLLVM-12.so.1
#7580 0x00007fdfd42febc8 in
llvm::ScalarEvolution::getAddExpr(llvm::SmallVectorImpl<llvm::SCEV const*>&,
llvm::SCEV::NoWrapFlags, unsigned int) () from
/lib/x86_64-linux-gnu/libLLVM-12.so.1
#7581 0x00007fdfd430a2cb in
llvm::ScalarEvolution::getGEPExpr(llvm::GEPOperator*,
llvm::SmallVectorImpl<llvm::SCEV const*> const&) () from
/lib/x86_64-linux-gnu/libLLVM-12.so.1
#7582 0x00007fdfd4314cf9 in
llvm::ScalarEvolution::createNodeForGEP(llvm::GEPOperator*) () from
/lib/x86_64-linux-gnu/libLLVM-12.so.1
#7583 0x00007fdfd430f009 in llvm::ScalarEvolution::createSCEV(llvm::Value*) ()
from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#7584 0x00007fdfd430a3b7 in llvm::ScalarEvolution::getSCEV(llvm::Value*) ()
from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#7585 0x00007fdfd431f611 in
llvm::ScalarEvolution::computeExitLimitFromICmp(llvm::Loop const*,
llvm::ICmpInst*, bool, bool, bool) () from
/lib/x86_64-linux-gnu/libLLVM-12.so.1
#7586 0x00007fdfd431efc5 in
llvm::ScalarEvolution::computeExitLimitFromCondImpl(llvm::ScalarEvolution::ExitLimitCache&,
llvm::Loop const*, llvm::Value*, bool, bool, bool) () from
/lib/x86_64-linux-gnu/libLLVM-12.so.1
#7587 0x00007fdfd431ecbf in
llvm::ScalarEvolution::computeExitLimitFromCondCached(llvm::ScalarEvolution::ExitLimitCache&,
llvm::Loop const*, llvm::Value*, bool, bool, bool) () from
/lib/x86_64-linux-gnu/libLLVM-12.so.1
#7588 0x00007fdfd431e83a in
llvm::ScalarEvolution::computeExitLimitFromCond(llvm::Loop const*,
llvm::Value*, bool, bool, bool) () from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#7589 0x00007fdfd431e7ba in llvm::ScalarEvolution::computeExitLimit(llvm::Loop
const*, llvm::BasicBlock*, bool) () from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#7590 0x00007fdfd431be99 in
llvm::ScalarEvolution::computeBackedgeTakenCount(llvm::Loop const*, bool) ()
from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#7591 0x00007fdfd431aeb3 in
llvm::ScalarEvolution::getBackedgeTakenInfo(llvm::Loop const*) () from
/lib/x86_64-linux-gnu/libLLVM-12.so.1
#7592 0x00007fdfd4330c0f in
llvm::ScalarEvolution::hasLoopInvariantBackedgeTakenCount(llvm::Loop const*) ()
from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#7593 0x00007fdfd3e0e955 in ?? () from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#7594 0x00007fdfd3e114fd in ?? () from /lib/x86_64-linux-gnu/libLLVM-12.so.1
#7595 0x00007fdfd4299211 in llvm::LPPassManager::runOnFunction(llvm::Function&)
() from /lib/x86_64-linux-gnu/libLLVM-12.so.1
```

And a few more lines that look to be stable.  The height of the stack seems
stable.

This might be related to <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Segfault: infinite recursion in ScalarEvolution"
   href="show_bug.cgi?id=43249">Bug 43249</a> but I can't tell.

The file that causes this is at
<a href="https://hg.mozilla.org/projects/nss/file/e78141a928f4b1d98525aacf03043f17e56cac22/gtests/pk11_gtest/pk11_hpke_unittest.cc">https://hg.mozilla.org/projects/nss/file/e78141a928f4b1d98525aacf03043f17e56cac22/gtests/pk11_gtest/pk11_hpke_unittest.cc</a>
Building that requires a bit of work (which I'm happy to walk someone through
if that is needed).  I don't have a shorter repro, sorry.

I'm using the Ubuntu 21.04 distribution with clang version 12.  It crashes in
earlier versions as well (Ubuntu 20.04 has clang 10; Ubuntu 18.04 with whatever
version that has).</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>