<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/80673>80673</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            RewriteStatepointsForGC crash when any relocate pointer is stack allocated
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          Chronostasys
      </td>
    </tr>
</table>

<pre>
    Hi, I'm recently investing on stack escape analysis on my language and managed to add a pass using helper functions from `CaptureTracking.cpp` to move some memory from heap to stack, e.g. change some gc malloc functions to `alloca` instructions. All ir generated by this pass seems fine.

However `RewriteStatepointsForGC` started to crash after the allocas are added. Here's a minimum example ir:

```llvm
target datalayout = "e-m:o-i64:64-i128:128-n32:64-S128-P1"
target triple = "arm64-apple-macosx14.0.0"


declare ptr addrspace(1) @GC__malloc(i64, i8, i64) #3 gc "statepoint-example"

; Function Attrs: noinline nounwind optnone ssp uwtable(sync)
define i32 @main() gc "statepoint-example" {
  %alloca_ptr_addr_1 = alloca [8 x i8], align 1, addrspace(1)
  br label %1

1: ; preds = %0
  %a = call ptr addrspace(1) @GC__malloc(i64 4, i8 0, i64 0) #3
  %b = load i32, ptr addrspace(1) %alloca_ptr_addr_1, align 4
  ret i32 0
}

```

run the pass using following command:

```bash
opt -passes=rewrite-statepoints-for-gc test.ll -S
```

on my computer failed with:
```
PLEASE submit a bug report to https://github.com/Homebrew/homebrew-core/issues and include the crash backtrace.
Stack dump:
0.      Program arguments: opt -passes=rewrite-statepoints-for-gc test.ll -S
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var `LLVM_SYMBOLIZER_PATH` to point to it):
0  libLLVM.dylib 0x000000011165a5a4 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) + 56
1  libLLVM.dylib            0x000000011165a980 SignalHandler(int) + 332
2  libsystem_platform.dylib 0x000000018ef27a24 _sigtramp + 56
3 libLLVM.dylib            0x000000010fba55e8 findBasePointer(llvm::Value*, llvm::MapVector<llvm::Value*, llvm::Value*, llvm::DenseMap<llvm::Value*, unsigned int, llvm::DenseMapInfo<llvm::Value*, void>, llvm::detail::DenseMapPair<llvm::Value*, unsigned int>>, std::__1::vector<std::__1::pair<llvm::Value*, llvm::Value*>, std::__1::allocator<std::__1::pair<llvm::Value*, llvm::Value*>>>>&, llvm::MapVector<llvm::Value*, bool, llvm::DenseMap<llvm::Value*, unsigned int, llvm::DenseMapInfo<llvm::Value*, void>, llvm::detail::DenseMapPair<llvm::Value*, unsigned int>>, std::__1::vector<std::__1::pair<llvm::Value*, bool>, std::__1::allocator<std::__1::pair<llvm::Value*, bool>>>>&) + 300
4 libLLVM.dylib            0x000000010fba55e8 findBasePointer(llvm::Value*, llvm::MapVector<llvm::Value*, llvm::Value*, llvm::DenseMap<llvm::Value*, unsigned int, llvm::DenseMapInfo<llvm::Value*, void>, llvm::detail::DenseMapPair<llvm::Value*, unsigned int>>, std::__1::vector<std::__1::pair<llvm::Value*, llvm::Value*>, std::__1::allocator<std::__1::pair<llvm::Value*, llvm::Value*>>>>&, llvm::MapVector<llvm::Value*, bool, llvm::DenseMap<llvm::Value*, unsigned int, llvm::DenseMapInfo<llvm::Value*, void>, llvm::detail::DenseMapPair<llvm::Value*, unsigned int>>, std::__1::vector<std::__1::pair<llvm::Value*, bool>, std::__1::allocator<std::__1::pair<llvm::Value*, bool>>>>&) + 300
5 libLLVM.dylib            0x000000010fb9dad8 insertParsePoints(llvm::Function&, llvm::DominatorTree&, llvm::TargetTransformInfo&, llvm::SmallVectorImpl<llvm::CallBase*>&, llvm::MapVector<llvm::Value*, llvm::Value*, llvm::DenseMap<llvm::Value*, unsigned int, llvm::DenseMapInfo<llvm::Value*, void>, llvm::detail::DenseMapPair<llvm::Value*, unsigned int>>, std::__1::vector<std::__1::pair<llvm::Value*, llvm::Value*>, std::__1::allocator<std::__1::pair<llvm::Value*, llvm::Value*>>>>&, llvm::MapVector<llvm::Value*, bool, llvm::DenseMap<llvm::Value*, unsigned int, llvm::DenseMapInfo<llvm::Value*, void>, llvm::detail::DenseMapPair<llvm::Value*, unsigned int>>, std::__1::vector<std::__1::pair<llvm::Value*, bool>, std::__1::allocator<std::__1::pair<llvm::Value*, bool>>>>&) + 3480
6 libLLVM.dylib            0x000000010fb9bb58 llvm::RewriteStatepointsForGC::runOnFunction(llvm::Function&, llvm::DominatorTree&, llvm::TargetTransformInfo&, llvm::TargetLibraryInfo const&) + 4932
7  libLLVM.dylib            0x000000010fb9a71c llvm::RewriteStatepointsForGC::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) + 316
8  libLLVM.dylib 0x000000010fd30ea4 llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) + 212
9  opt 0x0000000104efbc70 llvm::runPassPipeline(llvm::StringRef, llvm::Module&, llvm::TargetMachine*, llvm::TargetLibraryInfoImpl*, llvm::ToolOutputFile*, llvm::ToolOutputFile*, llvm::ToolOutputFile*, llvm::StringRef, llvm::ArrayRef<llvm::PassPlugin>, llvm::opt_tool::OutputKind, llvm::opt_tool::VerifierKind, bool, bool, bool, bool, bool, bool) + 9632
10 opt                      0x0000000104f04da0 main + 10240
11 dyld                     0x000000018eb7d0e0 start + 2360
[1]    37903 segmentation fault  opt -passes=rewrite-statepoints-for-gc test.ll -S
```

I'm using LLVM 16 on a M2 mac book pro.

I would really appreciate if anyone can give me some advice on how to get the stack escape work.

</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzsWVtv47oR_jXMy8CGRPkiP_jBSTYni25wgs1igfbFGEkjmV1eBJKy1_31BSk5sXPb7LanB20jGA7Nyzc3zsdwhM6JRhMt2fScTS_PsPMbY5cXG2u0cR7d3p0VptovrwXjF_CR8bkCSyVpL_cg9JacF7oBo8F5LL8BuRJbAtQo9064MKD2IFE3HTahvwKFGhuqwBvAqgKEFp2DzgWcDcmWLNSdLr0w2kFtjQI2Sy6w9Z2lLxbLb0I347Jt2SwJGMpsCZxRBIqUsft-yYawDaNRq6A6jZsxlBvUzTC7KUGhlKY8kuZNkBV7McAL7bzt-sExrKQEYaEhTRY9VVDswW-E6w1wRMpBLTSNWXLJklX_fW12tCUbcD_TzgpPdx49tUZo766M_e0iCHIere99Ulp0G8DakwW_Iei1cYCWgr-oGsM1WWJ87gBBCS1Up4C-o2olgbAsWx3LZ7Ok_0i5VX2XR9uQhwo9StybzgPLLoFxTiPFspUZidmEZavZZCRSnrNslfJ8pDPe992FX7cp4_wEzVsR5A9IaNVsMsK2lTRSWBr3PZ2Mk3Fyv-r4u6JSButab4OF1rVYEuN5yvgC2CT57WK97kPFeB504xcg8vgdfiyA8SwL8WScu3vnjgaXPBaZncPVEHBYeW8dy1agjdBSaAJtOr0TugLTem00gXMtdDuPRUDK3V6XjC8Oeodog8h40FKh0IznQZ9XVAE2P-9XAzA-7YO7br1dB8vXaXRg3wtsep7D92Dq9DJYi1I0GtLYfOSmA2RhQWJBMmCnx2anwcpge2upckOYpsmxKrGzRCnfHAgYQgHJEIzQ6MNxBFxEYGmwCq4KM5_Hf8YbD1ZPDoCWfPT4oDqbXz672487badjJh3xTG2kNLvQKo1SqKuXsqZAt-m7TOthFCDIsezS9rk8egiyG9XGjpoSPDk_lhJGd6_o1PNiaVTbhUSvUUiqYCf85kGT03W3nz6s7j6A6wolPCAUXQOWWmN9YI2N923YyYxfMX7VCL_pinFpFONX10ZRYWnH-NVmaI5KExjkSjjXkYusLHQpu4qio3oKKrD85i2WBz67iwRfdaq9VzEZQ3xurWksKkDbdIq0jzn1yw57EBQdEgjK7VVhJGhU5IDxnLTrLMHedLDBLUEgt1E_SfyDLAgdxizcrr5cg7HgAkNtCEhvhTU66AhbjKz86dPXm_XdX2_Of__08W8fPq_DkuFoiWqGhvAhx-6tBpCiCOvG1V6KApLvSf-kaTqb4hQnUaGwIFu5vesbt1ZoH20Lp1jY9w-TLO7WxnlLqBifxWzSvs-Kc5jOhhx-LPfoeaTCIk_gTjQa5TXqSpINCfuAmGUDJ_II6fbOk1q3En1trHpiVU41nyOfwNqJxltU7Yle2VvUSuoCp1PKwwlZnaOj2-DcqNiDG76i7IjxVXDAQ-8Ntl-p9May7OJHc5_vvSTt6AbbFwE6Hf8Pqnq3P7f0o67Ni8u3RlQs-3C6siKPQp6i3KJ42YoTJbIPA6DzVT91vU77xvbgjKdD7Wv4z_S-JKJn4n-jlPtPv7t_JriFMfI9nC_45Q8I4AH3JGQDbyTDYTR5T_n_ij3ynvL_U-H8M1N--saUX1RY5eHmTNbfoh2y3p0k_eEC9mRrXBoldLDhiyV6MvolXjW_WNQu_J8SA_p4zl24oPTb66Nq5YnJFyhl4KFDGvz0vnwnnXfS-b8L559BOpN8YJ3ZW1mnKKb5kRdfqrXFQdvp3_UDB_1niKmf80kUFu0-zIDSaOePrJ4sDtey-ZtuesFsnKflT5h9YuyNqTr51JjVULu9iXXa0_gNS06DlQ73wPzle3FSV1lCJ_fiW3SvifgFlcLnD7STp0N0FhBrG0fWTaguynlyBG47HQy8FS1JoU8v-3feCt18pvoRQz2vZr9vbrDcRJzVD3ZVPPSezDJG_t75tvNXQj4D8i8Nv2DOylrch95jv0afyK4R-gnvmdavfaSE8KuX9xehq9dmfSUrakH2MO9A4W_724d1MTtkXZrEuD77HAe7TiYVJqBQ6IiQJnwy0FWaQrWX1Q8gcirmVUJD2b_fXNl9fXB6nrLpZViRzRdJBo4aRdpjrFjX2EkPv15be7YY2b_W6SujIX0hnYHRgHDDQWEZ3PUNWmtOXmx8hJ3pZAWWUMo9YNtaKgV6AlED6r3RBCVqaMSWQA0vXbDaipIC-MbswBtohsLcydujnbHfBlln1TKrFtkCz2iZzpN5ms2SyeJss5wv8kVeZymvC15jOpkndT3LMr4oiaY0nZyJJQ9x4ck05XzOF2MqkNJ0luaL6aRKFwWbJKRQyHHYXWNjm7NYDl3myWyencUyuovvxTjXtIM4yDhn08szu4wFx6JrHJskUjjvHlC88JKWLzDxUFvdbUgHJ4GleH5SX2skC8INvhhOVqrOOiuXr9R3Y3L0f0atNX-n0t-Xdhm_iub8MwAA__-FPmaw">