[clang-tools-extra] [clang] [llvm] [CodeGen] Revamp counted_by calculations (PR #70606)

[Nathan Chancellor via cfe-commits]

nathanchance wrote:

This change introduces a crash with `-fsanitize=array-bounds`. A reproducer from `cvise`:

```c
struct irq_data {
  struct irq_domain *domain;
} irq_domain_fix_revmap_d;
struct irq_domain {
  struct irq_domain *parent;
  int revmap_size;
  struct irq_data *revmap[] __attribute__((__counted_by__(revmap_size)));
};
long irq_domain_fix_revmap_d_0;
int irq_domain_pop_irq() {
  irq_domain_fix_revmap_d.domain->revmap[irq_domain_fix_revmap_d_0] = 0;
  return 0;
}
```

```
clang: /mnt/nvme/tmp/cvise.buvTN27aMk/src/llvm/include/llvm/IR/DataLayout.h:652: TypeSize llvm::StructLayout::getElementOffset(unsigned int) const: Assertion `Idx < NumElements && "Invalid element idx!"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: clang -O2 -fsanitize=array-bounds -c -o /dev/null irqdomain.i
1.	<eof> parser at end of file
2.	irqdomain.i:10:5: LLVM IR generation of declaration 'irq_domain_pop_irq'
3.	irqdomain.i:10:5: Generating code for declaration 'irq_domain_pop_irq'
 #0 0x00005622f687d9e8 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x41069e8)
 #1 0x00005622f687b61e llvm::sys::RunSignalHandlers() (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x410461e)
 #2 0x00005622f6800926 CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
 #3 0x00007f1204079710 (/usr/lib/libc.so.6+0x3e710)
 #4 0x00007f12040c983c (/usr/lib/libc.so.6+0x8e83c)
 #5 0x00007f1204079668 gsignal (/usr/lib/libc.so.6+0x3e668)
 #6 0x00007f12040614b8 abort (/usr/lib/libc.so.6+0x264b8)
 #7 0x00007f12040613dc (/usr/lib/libc.so.6+0x263dc)
 #8 0x00007f1204071d26 (/usr/lib/libc.so.6+0x36d26)
 #9 0x00005622f6ae11bb clang::CodeGen::CGBuilderTy::CreateStructGEP(clang::CodeGen::Address, unsigned int, llvm::Twine const&) CGCall.cpp:0:0
#10 0x00005622f6bcd204 emitAddrOfFieldStorage(clang::CodeGen::CodeGenFunction&, clang::CodeGen::Address, clang::FieldDecl const*) CGExpr.cpp:0:0
#11 0x00005622f6bb0082 clang::CodeGen::CodeGenFunction::EmitLValueForField(clang::CodeGen::LValue, clang::FieldDecl const*) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4439082)
#12 0x00005622f6bbef07 clang::CodeGen::CodeGenFunction::EmitMemberExpr(clang::MemberExpr const*) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4447f07)
#13 0x00005622f6bb7c9f clang::CodeGen::CodeGenFunction::EmitLValueHelper(clang::Expr const*, clang::CodeGen::KnownNonNull_t) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4440c9f)
#14 0x00005622f6bb62ad clang::CodeGen::CodeGenFunction::EmitCheckedLValue(clang::Expr const*, clang::CodeGen::CodeGenFunction::TypeCheckKind) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x443f2ad)
#15 0x00005622f6be69ed (anonymous namespace)::ScalarExprEmitter::VisitMemberExpr(clang::MemberExpr*) CGExprScalar.cpp:0:0
#16 0x00005622f6bd2fad clang::CodeGen::CodeGenFunction::EmitScalarExpr(clang::Expr const*, bool) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x445bfad)
#17 0x00005622f6baba93 clang::CodeGen::CodeGenFunction::EmitAnyExpr(clang::Expr const*, clang::CodeGen::AggValueSlot, bool) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4434a93)
#18 0x00005622f6bac39d clang::CodeGen::CodeGenFunction::EmitAnyExprToTemp(clang::Expr const*) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x443539d)
#19 0x00005622f6bb481f clang::CodeGen::CodeGenFunction::EmitBoundsCheck(clang::Expr const*, clang::Expr const*, llvm::Value*, clang::QualType, bool) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x443d81f)
#20 0x00005622f6bcb0e3 clang::CodeGen::CodeGenFunction::EmitArraySubscriptExpr(clang::ArraySubscriptExpr const*, bool)::$_0::operator()(bool) const CGExpr.cpp:0:0
#21 0x00005622f6bb7286 clang::CodeGen::CodeGenFunction::EmitArraySubscriptExpr(clang::ArraySubscriptExpr const*, bool) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4440286)
#22 0x00005622f6bb629b clang::CodeGen::CodeGenFunction::EmitCheckedLValue(clang::Expr const*, clang::CodeGen::CodeGenFunction::TypeCheckKind) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x443f29b)
#23 0x00005622f6bdf6cb (anonymous namespace)::ScalarExprEmitter::VisitBinAssign(clang::BinaryOperator const*) CGExprScalar.cpp:0:0
#24 0x00005622f6bd2fad clang::CodeGen::CodeGenFunction::EmitScalarExpr(clang::Expr const*, bool) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x445bfad)
#25 0x00005622f6baba93 clang::CodeGen::CodeGenFunction::EmitAnyExpr(clang::Expr const*, clang::CodeGen::AggValueSlot, bool) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4434a93)
#26 0x00005622f6baba1c clang::CodeGen::CodeGenFunction::EmitIgnoredExpr(clang::Expr const*) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4434a1c)
#27 0x00005622f6c914db clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x451a4db)
#28 0x00005622f6c9ef40 clang::CodeGen::CodeGenFunction::EmitCompoundStmtWithoutScope(clang::CompoundStmt const&, bool, clang::CodeGen::AggValueSlot) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4527f40)
#29 0x00005622f6b98fe5 clang::CodeGen::CodeGenFunction::EmitFunctionBody(clang::Stmt const*) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4421fe5)
#30 0x00005622f6b99cb6 clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl, llvm::Function*, clang::CodeGen::CGFunctionInfo const&) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4422cb6)
#31 0x00005622f6a77d7c clang::CodeGen::CodeGenModule::EmitGlobalFunctionDefinition(clang::GlobalDecl, llvm::GlobalValue*) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4300d7c)
#32 0x00005622f6a70043 clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl, llvm::GlobalValue*) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x42f9043)
#33 0x00005622f6a74952 clang::CodeGen::CodeGenModule::EmitGlobal(clang::GlobalDecl) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x42fd952)
#34 0x00005622f6a6ec91 clang::CodeGen::CodeGenModule::EmitTopLevelDecl(clang::Decl*) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x42f7c91)
#35 0x00005622f703715c (anonymous namespace)::CodeGeneratorImpl::HandleTopLevelDecl(clang::DeclGroupRef) ModuleBuilder.cpp:0:0
#36 0x00005622f702dc56 clang::BackendConsumer::HandleTopLevelDecl(clang::DeclGroupRef) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x48b6c56)
#37 0x00005622f82db83a clang::ParseAST(clang::Sema&, bool, bool) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x5b6483a)
#38 0x00005622f742bd8f clang::FrontendAction::Execute() (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4cb4d8f)
#39 0x00005622f739d7bd clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4c267bd)
#40 0x00005622f74f5178 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4d7e178)
#41 0x00005622f51e8af2 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x2a71af2)
#42 0x00005622f51e4f3d ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#43 0x00005622f71fde09 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::$_0>(long) Job.cpp:0:0
#44 0x00005622f68006a6 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x40896a6)
#45 0x00005622f71fd512 clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4a86512)
#46 0x00005622f71b86c7 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4a416c7)
#47 0x00005622f71b8c07 clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4a41c07)
#48 0x00005622f71d8bc9 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4a61bc9)
#49 0x00005622f51e43f6 clang_main(int, char**, llvm::ToolContext const&) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x2a6d3f6)
#50 0x00005622f51f5241 main (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x2a7e241)
#51 0x00007f1204062cd0 (/usr/lib/libc.so.6+0x27cd0)
#52 0x00007f1204062d8a __libc_start_main (/usr/lib/libc.so.6+0x27d8a)
#53 0x00005622f51e14e5 _start (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x2a6a4e5)
clang: error: clang frontend command failed with exit code 134 (use -v to see invocation)
ClangBuiltLinux clang version 18.0.0 (https://github.com/llvm/llvm-project bc09ec696209b3aea74d49767b15c2f34e363933)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin
clang: note: diagnostic msg: Error generating preprocessed source(s) - no preprocessable inputs.
````

https://github.com/llvm/llvm-project/pull/70606