<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/82360>82360</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
Clang compiler crash/invalid code generation when given invalid LLVM code
</td>
</tr>
<tr>
<th>Labels</th>
<td>
clang
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
Patrick-6
</td>
</tr>
</table>
<pre>
Running `clang bug.ll -S` with the following incorrect LLVM code causes a compiler crash with `-O1`, `-O2`, `-O3`, `-Os` and `-Ofast`, and still generates a .S file with `-O0`.
Input file `bug.ll` with incorrect LLVM code (`%gep` is used in the line before it is assigned a value):
```llvm
define void @test(i64* %arr_ptr) {
store i64 4, i64* %gep
%gep = getelementptr i64, i64* %arr_ptr, i32 3
ret void
}
```
The following results were collected on Ubuntu 22.04.4 LTS (running in WSL2), with `clang --version`:
```plain
Ubuntu clang version 14.0.0-1ubuntu1.1
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
```
Here is the error message from running `clang buf.ll -S -O1` (higher optimization levels have identical stacktrace):
```plain
warning: overriding the module target triple with x86_64-pc-linux-gnu [-Woverride-module]
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: clang -O1 ./bug.ll -S
1. Code generation
2. Running pass 'Function Pass Manager' on module './bug.ll'.
3. Running pass 'Simple Register Coalescing' on function '@test'
#0 0x00007f2ebb5dcd01 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xe3fd01)
#1 0x00007f2ebb5daa3e llvm::sys::RunSignalHandlers() (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xe3da3e)
#2 0x00007f2ebb5dc0ab llvm::sys::CleanupOnSignal(unsigned long) (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xe3f0ab)
#3 0x00007f2ebb508dff (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xd6bdff)
#4 0x00007f2eba283520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
#5 0x00007f2ebbaf796b (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0x135a96b)
#6 0x00007f2ebbaf784a (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0x135a84a)
#7 0x00007f2ebbaee52d (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0x135152d)
#8 0x00007f2ebbaebb4d (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0x134eb4d)
#9 0x00007f2ebbae94fc (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0x134c4fc)
#10 0x00007f2ebb96328e llvm::MachineFunctionPass::runOnFunction(llvm::Function&) (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0x11c628e)
#11 0x00007f2ebb717390 llvm::FPPassManager::runOnFunction(llvm::Function&) (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xf7a390)
#12 0x00007f2ebb71e983 llvm::FPPassManager::runOnModule(llvm::Module&) (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xf81983)
#13 0x00007f2ebb717f36 llvm::legacy::PassManagerImpl::run(llvm::Module&) (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xf7af36)
#14 0x00007f2ec28c6201 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x1857201)
#15 0x00007f2ec2be81e0 clang::CodeGenAction::ExecuteAction() (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x1b791e0)
#16 0x00007f2ec3583b57 clang::FrontendAction::Execute() (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2514b57)
#17 0x00007f2ec34db3a6 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x246c3a6)
#18 0x00007f2ec35fd45b clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x258e45b)
#19 0x000000000041328b cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/usr/lib/llvm-14/bin/clang+0x41328b)
#20 0x00000000004114bc (/usr/lib/llvm-14/bin/clang+0x4114bc)
#21 0x00007f2ec3159ed2 (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x20eaed2)
#22 0x00007f2ebb508b6d llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xd6bb6d)
#23 0x00007f2ec31599c0 clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x20ea9c0)
#24 0x00007f2ec3124183 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&) const (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x20b5183)
#25 0x00007f2ec312440a clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) const (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x20b540a)
#26 0x00007f2ec313e507 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x20cf507)
#27 0x0000000000410f26 main (/usr/lib/llvm-14/bin/clang+0x410f26)
#28 0x00007f2eba26ad90 __libc_start_call_main ./csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#29 0x00007f2eba26ae40 call_init ./csu/../csu/libc-start.c:128:20
#30 0x00007f2eba26ae40 __libc_start_main ./csu/../csu/libc-start.c:379:5
#31 0x000000000040e3b5 _start (/usr/lib/llvm-14/bin/clang+0x40e3b5)
clang: error: clang frontend command failed with exit code 139 (use -v to see invocation)
Ubuntu clang version 14.0.0-1ubuntu1.1
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
clang: note: diagnostic msg: Error generating preprocessed source(s) - no preprocessable inputs.
```
Running `clang buf.ll -S -O0` only gives a warning:
```
warning: overriding the module target triple with x86_64-pc-linux-gnu [-Woverride-module]
1 warning generated.
```
and generates the file `bug.s` with the following content:
```asm
.text
.file "bug.ll"
.globl test # -- Begin function test
.p2align 4, 0x90
.type test,@function
test: # @test
.cfi_startproc
# %bb.0:
movq $4, 24(%rdi)
retq
.Lfunc_end0:
.size test, .Lfunc_end0-test
.cfi_endproc
# -- End function
.section ".note.GNU-stack","",@progbits
.addrsig
```
I've quickly tested with all available version of clang on compiler explorer (4.0.1 up to and including 17.0.1) with the `-O1` flag, and all off them crashed on the LLVM code shown above.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzMWVtz2za3_TX0C0YaELyIfPCDIttf23FOMnEvjxoQ2KRwAgEMAMp2f_0ZgKREKnKTqD2dL9NxRVwW1l7Ye-NGrRWNAriNsndRdndDO7fT5vYjdUawz4v8ptL89fZTp5RQDYpyzCRVDaq6ZiklWjxFOUbPwu2Q2wGqtZT62TcUimljgDn0-Pj7e8Q0B8RoZ8Eiipjet0KCQcxQu-u7RzlefIijHEdk03-Q6Ucy_bB-UKp4_1VT64ZaX2adkBI1oMBQF4ZbPqFaSJiMg6McLyN8F-F1__dn1XaubxXluDfuaNklWyJShDGzBlrfUFjUWeBIqCCEFApQBbU2gITztYPOHFF0oLKDiJRRMozukcJ_Uh72fRGH2kMctOAoSrED6yJSiDyNyBpFJKPGbFtnIlKiaPWu74OQdWHAPEWpl-PU3LMc2vRfKEruUAMOJOxBudaZvvW003GMDRIJQcmIYMAFYgP51d2ZFf3nrzN_MGA76Sx6BgOIaSmBOeBIK_Rb1SnXIUKWOF2m6PHXJy-uGRxOKPTH0yPxapHNcQZ7H1wsDmCs0MqP-ZWWraRC9WXDEH2voQ-K0yVe4kXchcp4GQ-0qWnARckavRT5Nk8XLVtIobqXRaO60TIDlKO95iB9w1Zb8TL6kXVUSuB3wviqiDx01kTkoRq5nKnU__3JqyJscB0wRhu0B2tpA6g2eo_M19FX99GH-pjxiu1EswODdOvEXvxJnbdRwgGkRTt6ACQ4KCcYlcg6yj47Q9llJ5wI90yNH9hbog9gjOCehme517yTgFxQCzkj2jHALsiGouzd4o8BARZ93ygb_Obj4_366R7ZrtoLh6hPLchAq41DTqOdc631JMlDRB4a4XZdtWR6H5GHEC39_xat0f8LzEXkQVjbgY3IQ8gGQjHZcQic-2xTnYzfoNZAazQD62PX6s70xb4ntVYzQb2Xmk4hy4xo3ZA0nryCiHf79iifzyflR6MbQ_eImqbzYeWJD263-BCjpXeEY-IM3WLfbeMzypCxvDuHGuJrxrzbUmtRRFYPnWJhZj_6gvdU0QZMRFY-kIYpicjqNE74CHDJJbgnsffz9gkaYR0YtNFUgmV-ynvMehwvIqtjGloNiSAiCUb4BWOMVzWBqso44zhGYV6SdZSs7avtf3w0Qrmg2q-99MWpkaHPW22dAbqPSB6yjXIhsZHCT6-oIvIweNUpEkOFz8eLOF1avYwj8g6_QFJzHHu3PlKMzyhSmsAlip869SQaReVPVHEJxobhr2TBaQIzFuRcKEyrSyw2Eqjq2g8Dl4gUnRoWDqn9tFwrC6bVjFAyJ4QLXtfXQPO84nU9g06n0JQUSUbwd0AzD5oH0JRkBM8wsxldWq_KvLqGbpxktMznUuTn2EVKr8UuUjrDXs2xATLCr8SOM8Jn2MUZdlWlV2KnUKVz7PIMu0xrdiU2S2t2xPYBOU8aZZ6QYhqR7ynbCQVjqvOZbkgUnfqgxuJZCjkV5ldGSByznBQw4znPHKt4lZR4wvPho6c25uD_d4b1iiYlnhEkZwShLJLvIPi-X3-n9Maiq8kVcVkkM3LJuXp1kk_ISWgoex1WhxPNn_etPFL9ZymuaJ3kM4rTRMVIwXKC43657oe83wv3jrLPoPiHzrWd34JPqu8EbZS2TjB7rxqhYFi-Jk1-AsrBPAE1bPeh9Q5gEdPKr6LnTf0m4D-gvtGq355-o9EjVc2lJicxn5wRqvkE9bx41Hh9BjiIsB5ceIOs431Np8SXDsIxIdnM1_T22QgH23Fln3TiUNNOui0HCQ6-0TG5R1Fy_32THigvWNuGaU_7yC6yFZnsCfzEZ7OJr6CIAV-Yi8He3hdegHUORgm-c2twkVC1KmOYR_J0CWJJViRVtpoSejBaudMMTBn9LS4ki9MqW824rGZcUl4lNJ-L05_ew1lHMbisz9vkvzeCL_JNc5bQeRQXc-1qnmbVLIp7ZifaB83o1yy_MstHwfW6FpBm1YznuKT2_9I4IUWFGIu3e3_emqa6tTH01QdnsmE7asYYXoc42KB5Gdn0h_Ep3f7M2ZMOxyNPK5xByUNvcthlBQpTjgSfcYzTiv0gpu8yw4xn8xNnJXByrawYKHAygyfnG9kq55OUtvGHvk_A_OnzdeMd8cWdNvy0Bvk603488WxN0L-_gAkh9t1Z6NIeucr5jHVyLkrJZhmIG3EYF-3NJt7o_Z4qfh74F13mVNivAVTOCk-pf8ysk8y83bKXlzjuPypqBfNpOFwBBFecNfYFW2eo8OfcvvoMjkrpY02bU30_ZHDbSms5uG3w5r_hFCWb5VOSzuUlaVwkb8obAp9-lVhHzWdZ4qyjb_DWKvwXTddDEvx7ZldZPN9zkezc7BTTHzX7F13Zt23-RVePwrq3thV7KuXvwJweNnKboyu0VHgvCEf775dp9Jd_RK0U05la80U3TiDDq7eY3U1-zxaUCyvJWyr_u2pdqxOrMzzbEJDV2aKAa5Ijv2j94Mrg-82Ai_lFQU55idF266ltraPGbRmVMqyP4e6MWc986X_aV8uhtRF5UK2Tgz3nnZa7KFlnRZSs4_w0ank-KqQYhT5CCXc-UP_Toy8C-pJ5OOJBCT6Czi_CRtCZKZesuAierEpP-4Qdz_XHkFQZ6lF_bAZCz-MMjF7V3zifbirrYbuG2OBfNRUSeH-7Cy_C9S8gcRJ8rLOAFgfkNLIASEw2V-V_3-X70WSl_bljjfjxCIf2NtTch-v38TJWNZeviAvrQ2yBlJ7U00p6BdrO2eVfXPZfeEs73eb7xkgr-YoacQivV6c7-IuY_8oVfTyyOL6r8csWenc5Pb2FJ8HJm5p947GQBYdzX5tI7X5UrlyGndvxy-NGuIwIGW-6yamykbqSES4dhAUjQYsFegeNmFxoh6vsY4eWUCkaFeEyvIHhlxJPBn5tYQCLyCZK8QjSNwnlyRp9-59nMt6iH9FZLfpY9l50DHoUkayqlpN3LVzu9eFLMDkNJEkagj8zXJyyKi4NuC_9x_LRE92C4jOYpRV_TuxBk2aLr6mB4idio5b3PivMRAi4MBT4WVn6EFv-539-W4TnJj89ZBP-kl7E1uim8lvHY3_KubGi-YvQ-TkiqwOgL51gn-VrmMMxMVEpET1QIUMUjnlG10Pi0er06gwvrdQGjE9fPg_FqGt9Aju9F3mnjFe-yof50WOPb9SolrQ5PhRJiXRd-xb7_o2pf9j0PU4PxnannxWilT7A8obfJrxMSnoDt_EKF2mySjG-2d0WVR4XaZXkuE4LypO0LFYpJJRxqHjB2Y24JZikmBAcJ1me4iVmmGFc8CwpyprUcZRi2FMhl34ZWGrT3IT3sNuCJDm-kbQCacNTPyHDwkCi7O7G3IZlo-oaG6VYCuvsCcEJJ-F2E3ScP91H5EGoA5WC90ae3rDQ8w5UyGEKjU2OYtx0Rt5e_7AXbPm_AAAA__9k_MS7">