<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Clang segfaults with loop unroll(enable)"
   href="https://bugs.llvm.org/show_bug.cgi?id=51923">51923</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Clang segfaults with loop unroll(enable)
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>new-bugs
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>enhancement
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>new bugs
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedbugs@nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>Vsevolod.Livinskij@frtk.ru
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>htmldeveloper@gmail.com, llvm-bugs@lists.llvm.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=25276" name="attach_25276" title="Original reproducer">attachment 25276</a> <a href="attachment.cgi?id=25276&action=edit" title="Original reproducer">[details]</a></span>
Original reproducer

The bus is reproducible with -O2 and -O3, but it takes about one minute to
fail.
I suspect that "if" statement is not required, we need it to avoid UB at
runtime.

I didn't investigate the bug, but it looks like clang tries to unroll the loop
too many times and either gets stuck or ignores the internal limit.

I've also attached the original reproducer (it fails with -O3), because it
failed with a slightly different stack trace.

Reproducer:
extern short var_16;
extern short arr_99[];
void test() {
  if (!var_16)
#pragma clang loop unroll(enable)
    for (short a = 5652; a; a += 2)
      for (long b = 0; b < -6ULL; b += -18446744073709551612ULL)
        arr_99[b] = 0;
}

Error:
<span class="quote">> clang++ -O2 -c func.cpp</span >
Segmentation fault

Stack trace from GDB:
 #35 0x000055bc1b532567 StrengthenNoWrapFlags(llvm::ScalarEvolution*,
llvm::SCEVTypes, llvm::ArrayRef<llvm::SCEV const*>, llvm::SCEV::NoWrapFlags)
ScalarEvolution.cpp:0:0
 #36 0x000055bc1b5362f6
llvm::ScalarEvolution::getAddExpr(llvm::SmallVectorImpl<llvm::SCEV const*>&,
llvm::SCEV::NoWrapFlags, unsigned int)
(/testing/llvm/bin/bin/clang-14+0x145d2f6)
 #37 0x000055bc1b527008 llvm::ScalarEvolution::createSCEV(llvm::Value*)
(.part.0) ScalarEvolution.cpp:0:0
 #38 0x000055bc1b527a4e llvm::ScalarEvolution::getSCEV(llvm::Value*) (.part.0)
ScalarEvolution.cpp:0:0
 #39 0x000055bc1b546505 llvm::ScalarEvolution::applyLoopGuards(llvm::SCEV
const*, llvm::Loop const*) (/testing/llvm/bin/bin/clang-14+0x146d505)
 #40 0x000055bc1b54c959 llvm::ScalarEvolution::howFarToZero(llvm::SCEV const*,
llvm::Loop const*, bool, bool) (/testing/llvm/bin/bin/clang-14+0x1473959)
 #41 0x000055bc1b54e3bd
llvm::ScalarEvolution::computeExitLimitFromICmp(llvm::Loop const*,
llvm::ICmpInst*, bool, bool, bool) (/testing/llvm/bin/bin/clang-14+0x14753bd)
 #42 0x000055bc1b54e972
llvm::ScalarEvolution::computeExitLimitFromCondImpl(llvm::ScalarEvolution::ExitLimitCache&,
llvm::Loop const*, llvm::Value*, bool, bool, bool)
(/testing/llvm/bin/bin/clang-14+0x1475972)
 #43 0x000055bc1b54eb83
llvm::ScalarEvolution::computeExitLimitFromCondCached(llvm::ScalarEvolution::ExitLimitCache&,
llvm::Loop const*, llvm::Value*, bool, bool, bool)
(/testing/llvm/bin/bin/clang-14+0x1475b83)
 #44 0x000055bc1b54ecbd
llvm::ScalarEvolution::computeExitLimitFromCond(llvm::Loop const*,
llvm::Value*, bool, bool, bool) (/testing/llvm/bin/bin/clang-14+0x1475cbd)
 #45 0x000055bc1b51f9f0 llvm::ScalarEvolution::computeExitLimit(llvm::Loop
const*, llvm::BasicBlock*, bool) (/testing/llvm/bin/bin/clang-14+0x14469f0)
 #46 0x000055bc1b51fef7
llvm::ScalarEvolution::computeBackedgeTakenCount(llvm::Loop const*, bool)
(/testing/llvm/bin/bin/clang-14+0x1446ef7)
 #47 0x000055bc1b520aa2 llvm::ScalarEvolution::getBackedgeTakenInfo(llvm::Loop
const*) (/testing/llvm/bin/bin/clang-14+0x1447aa2)
 #48 0x000055bc1b521b40
llvm::ScalarEvolution::getConstantMaxBackedgeTakenCount(llvm::Loop const*)
(/testing/llvm/bin/bin/clang-14+0x1448b40)
 #49 0x000055bc1b530fec llvm::ScalarEvolution::getRangeRef(llvm::SCEV const*,
llvm::ScalarEvolution::RangeSignHint)
(/testing/llvm/bin/bin/clang-14+0x1457fec)

LLVM version:
clang version 14.0.0 (<a href="https://github.com/llvm/llvm-project.git">https://github.com/llvm/llvm-project.git</a>
55f0b337087136554122f942fea951a357bc4a49)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /testing/llvm/bin/bin
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Candidate multilib: x32;@mx32
Selected multilib: .;@m64</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>