<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/68585>68585</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
clang crash(Segmentation fault) at -O2/3 (13 Regression)
</td>
</tr>
<tr>
<th>Labels</th>
<td>
clang
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
jun-wei-zeng
</td>
</tr>
</table>
<pre>
Clang at -O2/3 crashes.
When I compiled this code with different optimization levels on different versions of clang, I found that `-O2` caused ICE starting from `clang-13.0.0`, while `-O3` caused ICE starting from `clang-15.0.0`.
Compiler explorer: https://godbolt.org/z/s9rWe464P
```c
$ cat test.c
int a[];
int b, c, d, g;
long e;
void h() {
b = 5 ^ b & b >> 8 & 15;
b = 8 ^ a[b];
b = 8 ^ a[b & 15];
}
void i() {
int f[][5] = {1, 5, 5, 5, 10, 10, 5};
for (; e;) {
h();
g = 4;
for (; g; g--)
if (f[g][g])
;
else
for (;;)
;
c = 0;
for (; c <= 7; c++) {
d = 7;
for (; d >= 2; d--)
for (int k = 0; k < 6; k++)
for (int j = 0; j < 7; j++)
h();
}
}
}
$
$ clang-16 -O2 test.c
test.c:1:5: warning: tentative array definition assumed to have one element
int a[];
^
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: /home/jwzeng/compilers/llvm/llvm-16.0.0/bin/clang-16 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name test.c -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -mllvm -treat-scalable-fixed-error-as-warning -debugger-tuning=gdb -fcoverage-compilation-dir=/home/jwzeng/workplace/compiler_testing/scripts/testing-20231008-100t8csmith-v3-ubuntu/result/crash-S_1113912547/reduce1 -resource-dir /home/jwzeng/compilers/llvm/llvm-16.0.0/lib/clang/16 -I /home/jwzeng/tools/csmith/include -internal-isystem /home/jwzeng/compilers/llvm/llvm-16.0.0/lib/clang/16/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/home/jwzeng/workplace/compiler_testing/scripts/testing-20231008-100t8csmith-v3-ubuntu/result/crash-S_1113912547/reduce1 -ferror-limit 19 -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/test-ced2bc.o -x c test.c
1. <eof> parser at end of file
2. Optimizer
#0 0x0000561623103b68 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/home/jwzeng/compilers/llvm/llvm-16.0.0/bin/clang-16+0x3103b68)
#1 0x0000561623101aae llvm::sys::RunSignalHandlers() (/home/jwzeng/compilers/llvm/llvm-16.0.0/bin/clang-16+0x3101aae)
#2 0x00005616231041ed SignalHandler(int) Signals.cpp:0:0
#3 0x00007f74165fb520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
#4 0x00005616225eb1f1 computeKnownBitsFromOperator(llvm::Operator const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#5 0x00005616225d9de5 computeKnownBits(llvm::Value const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#6 0x00005616225f3cd3 computeKnownBitsFromShiftOperator(llvm::Operator const*, llvm::APInt const&, llvm::KnownBits&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&, llvm::function_ref<llvm::KnownBits (llvm::KnownBits const&, llvm::KnownBits const&)>) ValueTracking.cpp:0:0
#7 0x00005616225eb67c computeKnownBitsFromOperator(llvm::Operator const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#8 0x00005616225d9de5 computeKnownBits(llvm::Value const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#9 0x00005616225ebe2e computeKnownBitsFromOperator(llvm::Operator const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
...
...
...
#255 0x000056162258bfbc llvm::ScalarEvolution::getSCEVAtScope(llvm::SCEV const*, llvm::Loop const*) (/home/jwzeng/compilers/llvm/llvm-16.0.0/bin/clang-16+0x258bfbc)
clang-16: error: unable to execute command: Segmentation fault (core dumped)
clang-16: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 16.0.0
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/jwzeng/compilers/llvm/llvm-16.0.0/bin
clang-16: note: diagnostic msg:
********************
PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-16: note: diagnostic msg: /tmp/test-321019.c
clang-16: note: diagnostic msg: /tmp/test-321019.sh
clang-16: note: diagnostic msg:
********************
```
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzcWdty3DjOfhr5BsUuiWrJ3Re-aPdh4vrzr72xd3LpoihITUciVSTVdvL0W6DkPvgwk51kqnZT5ahJEAQ-EABBMsI5VWvEiyi7jLLVmej91tiLh16zR1TsG-r6rDDl14tlI3QNwgO75hHfpCCtcFt0kyheRfFi-H7eooYrkKbtVIMl-K1yIE2J8Kj8FkpVVWhRezCdV636JrwyGhrcYePA6COGHVqnjHZgKpCkOuJLuILK9JrECg9RHhOUPAYpeoclXC3X4LywXukaKmtaYglzWZJO4kkc5TFJedyqBofp6XdOz8bpJ8YuByst4FPXGIs2Shew9b5zUbqI-Cbim9qUhWn8xNg64ptvEd-4uf2M03x6cyyJgIU_Ofb5FKTw4NH5yUhT2oMYnBSllwdaQSZJ-pT0qfeDjdE14L67M6qEbcRnEZ9DdD5SAQqI0hVkEGVravM8UNZRuoZZ6CbZXsYz9yxwE5riGM4bw88Sjrii89URIvUaEVlVjZZmlzQ3SI3OLxOyMDv9JPHhm5HsA5rKWCDx6eWwDqdq4Hk1jmYA1EHX9IR2JKcOH8Zo2n4cQFXEQKDrAXX4OeUBOBEKgI3DsX_QMOA8nfdipgwQ4_cg0vCSOM5DL-KX4e_Y9hKex48VHckohxBYAQ-9V_bumclXX_Z4QnMJeWjuFb805mjqw2HqQ5gaMD-8O_UNn-3DCQ7NQ4NPjzJqyOWcdrCT1Brb6SKJ0kVGWfworFa6pqZH7YVXOwRhrfgKJVZKq7BvCef6lnY5A1uxQzAaARtsUfv3cza4M1sPnZuP68XtGlxftMqDgKKvwWJnrA9CT_cS5bd9MZGmjfimaXbPP6yz5gGlj_hGOdeji_gGhC5Badn0JYLf4rBZQyHkF2-FREqWzmJnjURHm58zvR3INFM4Z6QSHkuwvQYnrer8uPfdeiG_QNm3HSELJNoW5zfW1Fa0IGzd0woQcIj4ZmtajPjm4ZFKScQ3Y22w7oUVSR72WL4plCa2vbOkTIB5q7oG4WmW3-dT1usv2jxq1ijdP7Fa98CwVZ6Z4gFYqZwoGmSVRQQmGxSWCedZgZWxyGgNUJcHvqB9h1ZVCm0gS2FLthNNj0yLFh2wVijNKtUMhDF4gLUWGyNDEWOtKbGBTklgnZIs1DTgQ0c51ikE1lZWtMg6o7SncrHSFDKsaoXfMrRWG2BV1TFpNLnJR-nKaGCVNsxS4VO6ZsQLrJVGO2976Y1lolHCEcyq149Kl8yTYS5KVxyYF7ZGz2TX0-qxfArM9xoDoUaNlhC3tAi0yig8c1I0wwqqJywJF-lwbEwKYCUWfV2jJUEhS1Z1WQCrpNmhFTWywcfDupSKDH0jEB6N_dI1IRj3QXFPK6vC8BB0FCUjjfGYp0kcz1gSx34mXav8lu1S1he99n3ENxZd31AehGhnt_dJkqTzhGfT8zBa9hITYBaHaCdofylCG1U8R2jENxSjV2_J8cY0JGNASuk5JiQL7teiYcp9dR7bn4LizxT0ztIsI0XznaxBQS1lxDdj4u0TjjQSiMnk9ecN3tfa8Ika8rXWkfUNOX88-z9XEeoAq0I0_5eHbDUkYaOoTCRzYFWte8nGQ3KUrqYTPkmA7ZA2BPUNWWNM544JrumAVaIsrVM1sNX9_W_L5f2Hxe_r-9XnxacNv19uru4Xt_8fpasEmKHl8m03GsMklryQEwPsCeRJ9Uxo94_SJZqKDo2dsA4tXRRolzUV0LY5cHLivB5O_mj3VZunMcRPcRzHWZ7ktGBpkc8gBH26iNKF--qGxo1V2ocCdDdUsdmByYrHe-NoB2sjnlMlU9qHYw8dGH60DEX8Mn4akR2dSyKeJi-wJ0LgW9g_9fpW1Vo0H4QuB8Wznw6PlJ_C4y_gTRMs4QTIcBQjKAPZTWRHtT0O_w6S0lHSeXU-TfKsKjIej-iHneKNvG9UISfOTAaAU57x-BTe9Bgez7BIqiRcH3uP_0c1_lJ5t7Gmve7QCm_sic-fiRCqYcQX5PbD8OLmSvvnsfx0bC98HOl1uAeXQ9QsyTChjf7amt5BOAV0IeLmw_R_9mi_Homew-90XqCw_KJ0_c4SZqfWlvMSs1fWnlgYpP4vmBfxND-1rkplmb7py9utqvzf7dC_bS2ORVe9llQy7i1WUbp8Qyec2Hcg_4kRx2tPV7Hv88D5y2zKz-Wvm02zXzqb5i99iRx_UV9OJpPXzSMilbHsxd45K6pCHqG-pUuLXe9M0_twJCJijf52uf594W-l6U6PC0R_Z3E-GtMdDf3MEj3i3tfA_WC6gHDEo0av6fYF3gA-oex9cHsrdEmDt1i3w4uE0VCJvvEETxqL4U6O5R_LDkSorNGejmejYKhEeK4t-6DWhXMAye0dAtsFGiIovRtvu6dKnh9rYTQ9jNyFeyfpfO_SPvJtLYoSwvWZuDvj1NMwdKWdF02D5UrZH3lNeLUc2nik31KJWhvnlYTWhdee59eiH_g7etcdn3cWd3eL5Qe4-7CGzfXHj9efr_7xG2yuPq5v4e46kC__9Rt8Wt9cf7rbP6rcvPU8M3MUj-8-0ewZLEJ4mMAShN-L_M4lODn3pzyJk_nzWf8HJLjtX_DDz_LG8_v60D0rL9Jyns7FGV4k-TyfZecJj8-2FxJzzHnM47yYT6tcxLOUCxFXEpM4w6Q4UxfjjW6epEmSnU_SvIirOU-zc5zHqTiPpjG2QjUTisKJsfVZeJO7yGfZLDtrRIGNC__Vwvl4c-dRtjqzFyFqi7520TRulPPuIMEr3-DFkGnhmhjx2ettIPj98L8zEZ8lKXzC2qJzQ8ae9ba5-OtvisGEfwcAAP__qwLf9w">