<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/55511>55511</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
clang crashes on valid code at -Os and above on x86_64-linux-gnu: Segmentation fault
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
zhendongsu
</td>
</tr>
</table>
<pre>
It appears to be a recent regression.
```
[523] % clangtk -v
clang version 15.0.0 (https://github.com/llvm/llvm-project.git 6e23cd2bf073ab5eb5a103b935af54046d007c52)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /local/suz-local/opfuzz/bin
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6.5.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7.5.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/8
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Candidate multilib: .;@m64
Selected multilib: .;@m64
[524] %
[524] % clangtk -Os small.c
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: /local/suz-local/software/local/clang-trunk/bin/clang-15 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj --mrelax-relocations -disable-free -clear-ast-before-backend -main-file-name small.c -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -mllvm -treat-scalable-fixed-error-as-warning -debugger-tuning=gdb -fcoverage-compilation-dir=/local/suz-local/software/emitesting/bugs/20220516-clangtk-m64-O3-build-161829/delta -resource-dir /local/suz-local/software/local/clang-trunk/lib/clang/15.0.0 -I /usr/local/include/csmith -I /local/suz-local/software/local/include -internal-isystem /local/suz-local/software/local/clang-trunk/lib/clang/15.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -Os -fdebug-compilation-dir=/local/suz-local/software/emitesting/bugs/20220516-clangtk-m64-O3-build-161829/delta -ferror-limit 19 -fgnuc-version=4.2.1 -fcolor-diagnostics -vectorize-loops -vectorize-slp -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/small-3a128b.o -x c small.c
1. <eof> parser at end of file
2. Optimizer
#0 0x000055a1b9f28adf PrintStackTraceSignalHandler(void*) Signals.cpp:0:0
#1 0x000055a1b9f2654c SignalHandler(int) Signals.cpp:0:0
#2 0x00007fa786e8a980 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x12980)
#3 0x000055a1b8fb063b computeKnownBitsFromAssume(llvm::Value const*, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#4 0x000055a1b8facdad computeKnownBits(llvm::Value const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#5 0x000055a1b8fad41b computeKnownBits(llvm::Value const*, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#6 0x000055a1b8faac1b computeKnownBitsFromOperator(llvm::Operator const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#7 0x000055a1b8fad215 computeKnownBits(llvm::Value const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#8 0x000055a1b8faa2aa computeKnownBitsFromOperator(llvm::Operator const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#9 0x000055a1b8fad215 computeKnownBits(llvm::Value const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#10 0x000055a1b8faa45a computeKnownBitsFromOperator(llvm::Operator const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#11 0x000055a1b8fad215 computeKnownBits(llvm::Value const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#12 0x000055a1b8fad41b computeKnownBits(llvm::Value const*, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#13 0x000055a1b8fb05d8 computeKnownBits(llvm::Value const*, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#14 0x000055a1b8fb2bdb llvm::computeKnownBits(llvm::Value const*, llvm::DataLayout const&, unsigned int, llvm::AssumptionCache*, llvm::Instruction const*, llvm::DominatorTree const*, llvm::OptimizationRemarkEmitter*, bool) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2ae9bdb)
#15 0x000055a1b8f1e842 llvm::ScalarEvolution::GetMinTrailingZerosImpl(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2a55842)
#16 0x000055a1b8f1e5d6 llvm::ScalarEvolution::GetMinTrailingZeros(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2a555d6)
#17 0x000055a1b8f1e97c llvm::ScalarEvolution::GetMinTrailingZerosImpl(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2a5597c)
#18 0x000055a1b8f1e5d6 llvm::ScalarEvolution::GetMinTrailingZeros(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2a555d6)
#19 0x000055a1b8f1ea4c llvm::ScalarEvolution::GetMinTrailingZerosImpl(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2a55a4c)
#20 0x000055a1b8f1e5d6 llvm::ScalarEvolution::GetMinTrailingZeros(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2a555d6)
#21 0x000055a1b8f2f66f llvm::ScalarEvolution::getRangeRef(llvm::SCEV const*, llvm::ScalarEvolution::RangeSignHint) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2a6666f)
#22 0x000055a1b8f316c5 llvm::ScalarEvolution::isKnownNonNegative(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2a686c5)
#23 0x000055a1b8f52077 llvm::ScalarEvolution::getGEPExpr(llvm::GEPOperator*, llvm::SmallVectorImpl<llvm::SCEV const*> const&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2a89077)
#24 0x000055a1b8f5222d llvm::ScalarEvolution::createNodeForGEP(llvm::GEPOperator*) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2a8922d)
#25 0x000055a1b8f385db llvm::ScalarEvolution::createSCEV(llvm::Value*) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2a6f5db)
#26 0x000055a1b8f39c4f llvm::ScalarEvolution::getSCEV(llvm::Value*) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2a70c4f)
#27 0x000055a1b8f4d252 llvm::ScalarEvolution::computeSCEVAtScope(llvm::SCEV const*, llvm::Loop const*) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2a84252)
#28 0x000055a1b8f4dc45 llvm::ScalarEvolution::getSCEVAtScope(llvm::SCEV const*, llvm::Loop const*) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2a84c45)
#29 0x000055a1b8f4da84 llvm::ScalarEvolution::computeSCEVAtScope(llvm::SCEV const*, llvm::Loop const*) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2a84a84)
#30 0x000055a1b8f4dc45 llvm::ScalarEvolution::getSCEVAtScope(llvm::SCEV const*, llvm::Loop const*) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x2a84c45)
...
clang-15: error: unable to execute command: Segmentation fault
clang-15: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 15.0.0 (https://github.com/llvm/llvm-project.git 6e23cd2bf073ab5eb5a103b935af54046d007c52)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /local/suz-local/opfuzz/bin
clang-15: note: diagnostic msg:
********************
PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-15: note: diagnostic msg: /tmp/small-ba1158.c
clang-15: note: diagnostic msg: /tmp/small-ba1158.sh
clang-15: note: diagnostic msg:
********************
[525] %
[525] % cat small.c
int a[6], b, c, d, e, f, g, i;
int main() {
for (c = 0; c > -2; c--)
;
f = ~(c - 1);
if (f < 2)
for (; d; d--)
for (i = 0; i < 10; i++)
for (g = 0; g < 6; g++)
for (e = 0; e < 3; e++)
for (c = 0; c < 6; c++) {
b = a[(b ^ 5) & 15];
b = a[(b ^ 5) & 15];
b = a[(b ^ 5) & 15];
}
return 0;
}
```
Compiler Explorer: https://godbolt.org/z/vnos8Toqv
@fhahn
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzlWltzozoS_jXOi0ouEAbjhzw4jjOT2pzJnCQ7p2pfUgIE1gkgFglPJr9-uwW-QG5zSebMZFMOxpL68nVL3Y1QpJIvh6eG8KoSvNbEKBIJwkktYlEa-MpqobVU5XjkHI-ceXcNnO7T_vSPfOaN_GMyYj6Jc15m5obQddtrf5O1qJENcf2xM3ZgYLgyptIjbz5iJ_DJpFk10ThWBfzI8_Xmi1a1-lvEZgwDSCCYFycsSp2pxyNfRD53HS-aeT5P_YkzCRLHmcY-G7FZK_uK15kwIITchsF1MKFNeVOqzyXNZdnc0qxsunGrWvCEFCoROY6ulJa3bddpqQ3Pc5Ecyxq7UC8V8xy-dXNHN_eqSpu7O7iJZNkSnqimTEjMy0Qm3AjybrEgsmXGDZiiY9boGlnKCI0Qx3CVQRjsKchOwh9k2GHfZ-k6L88zeAWWY5guL892-gosX0fTzvWXIoc1IJIX8fliq1nR5EYiFXAZj7yj0cQpgslA5FOD7MqfbFb-Q23baHCuiS5A7XHcDvt4tpxfLoluogJWNidRk0G4qVRtMAh9W3DARaN1IzTcEEAHJorzJhHErASJa65XJOLxjal5LEZsQSoQVKsYIhvg06qp22ak5FqrWHIEXjcl0XEtK9MFv0sDTEjSFBVqZpsc6Jp9rFVW84JAsGkKCJv6iTihVWo-81rsdVsTUQPibrr4sWlzfULj2CXQKatcPBrECBVgRKqivwmlRS1yfkvhCvxxjmhCE6l5lAua1kIAyxxiPeXa0EikqhYUjSMAPC24LGkqYWTJC7FxGLE8O27UBklSSWiGC83FGn6y9ofU8AUSihTsIWilZGkEhM3jUpXQnBbcrKio61LBj7SisSrRKRChjyE30LRUtMbVIwE8jgVOMESDbWKjQOVcci0AT9qUn2WZUIOowNzHIN_YWE_jqkE70WACTU0pbEMmSlGjxgVOG7Sn4IZqsH9rFnkrEtQLZWgK_ilBAzCbgFmZiRoZQQPIyZIIpMcK0hnPgLcqKtmuRLAxAn3e7egqoQ3yA283GU5a5jDm-G5Au-VCYYXRc49GjcwT6gZuCBmNnYDhDSfg2nbOosjvnmdtsLBtGBvatExP96JJR9atJRysQfVVN-grhW5WIrUzoeQ5zJEv2ojiRRV_TtCDiJ4c-mwoZSfj8f3LA2PvSxO3eBPfl7oz9ZDP09TfLsLGY5raCf4PzeK0XW-5xPjvzqABcMa0KxRBicmYjV272nIYl0ielQokxqD4WmA8kHcCVFNVr0HnFdDwJAE2sISPr68hZ16_n39aXh__Nb84YdeLk9Pr-eUfIAG4KzSNgYgO6DDaUY-7LIzGEKBuSdxPWS4G-5G3ECodeUtSQcEsasINwdipUoKBsx3JcOR5ZQDbHcQ_20ZAkucQ59aBPx8q12iWspAnKflYg99scrnCDHUpM3Dhe8hGOdCycK1kMmKQCmek7dLjuMIU5Nj_HXN3wDzwJzEZcgNRz3NiHadpyqdhIEI-Cx1yfQ2BB6wsriFHA6ftMnlg0kNHZWxRPdYK1-eRc-sy4LItza0cb1_jMI2cwIsITsfGiH9hjjuSRp_UqphDei9g3oU2-0P29eafeN5Adsf0YK2zILu-Le2IBdjTlDAZSoGFgcHfwIhDSvpSqEYTTHW6sqXBrCX_sxH1lw3rAM1lhaF3bmDGP2K0SR8MjxN4pBiC-WoI84-n8AC20-Efh-cP4CUT976vfm0PBQMIPH4AAk638wryO0z1HpxN4-_isOnQYQzqybczH8OhMxnnb9eZs7frTMxcztCZE_-NOhPRum_bmez3zhQI4V5h4ifht0L4KYoOio6IRfCEutPqu61-zA0_419U059ZQ0x7sxArtAqfIRY8Xol7DE-7x3jcBH5EpCpkicv4CncpHh7T1dT2WeVCFLy-WcLjA-4xtCMjpXI0XVee_vgGjK1cGRczsOuudkXLD-ohV4QTtqfpJW4u1Mu1yptuow4-74T5Q5bgUgnFcvYfUSt9WlR5zyuXi-WnPfQvj8X3QdM-lmCIxU-C78Dys3GAln0c0yGO2TT-TXwCmvaxhG_EJ7MhDj75XXwCmvawMOdt-IQNChCWBkH6HI5MmAvgKy5E-pT-i-f4WCa4_fC-24p4abwB_KV9vIOKBAJe7D-np9Q2a35Q5QeRQcJZi5_rtiAEJfswBlWJz5zp9Cvc9m75cXlb9UtmaNuV0kO34abXJ7ujZledt3gMtrfsFSwvbYJwBgD7JpgMTcBY8pwJYtztFx9UIk5UDcCfNMRroAAd-ygGtYMX-r2q7QkUaP_7RdxrTcHUH1Q9bFApeLN48jWR46eqPXVAqb7ag8JgkjD_2WKtq51R9bm5jFX1ZADYX0BnSlWvGhuggPP7JRwLhwjjybMhrnPMr4cOdO-jmw3RwaDf2n_w6SH0nLfqv_Y6HvdOEG0pvDmx74HwpinxbSy-_he3IgbX4RN3wcsEOy9Fhu_W7ZMfSXmTmyc4tWeO0lqVBt_NdGyATObw7Jo0Voi2r0AQfaMFoWvbBk-eslx377q3GP5fzzDtG7dURuD37kUcKXRm2bWOZT_w2Zsa3cGQ-dXVfPGeXL1fkpPzs7Pzv04_vCMnp2fLS3J1bpuP_v2OXED2vrgabY5jfHzoYEeocZI_erhjO6AWxB5ygF5utiy_0gT9l4gRd10_3Lw3_BEWevUdnngpf-BJHv-B0z3bNrBW_xUplPSEw5gARtj9GLzEeEnwYo_ZpHjJ8CLxONGWDg-f2FAEEWl6tNn7ThWecQhjMvKOiQMEBG-XhDJ7T-neG0VCtgyB0FKMpktLTYlrd9q23TJFtjhoQViPRycR2Sf2MpCxHSF3OknLx23vIQzaT49mS5XtqDJLFdjbR4i2ZGJHJiyZZ28fJXvMcp28eEu4b-z9v8jSoTOBCfzwl8Rvs0UAERD96_0CdKPp8aaxFqapS4u0m6ubvuF51fYYnD31IGoCz0a5qoWNjIOArpJI5WasajzlgJFxDestvFL_XfeX2sRJV3xVkoPk0Etm3owfGGlycdjmDXsCTWgCqWPNc4n5KBF4bgAPYdi4FKm1wO57b9IfTHzkoKnzw-8_Iuf7vuserA5n6YwncTgTieBhGjIeuU6aRlDSBy4XIjzIeSRyfWhdwkrxmVgWcA_eOJCHm_Me7swJnXCchG4cuWkUuG4wCXwHrCJgTedj1ANteFAfWpXscZGJk0tt9K4TgjNuLQsrDvjzxqxUfXi3ggyuykw3B1b6odX-fwU3sOI">