[LLVMbugs] [Bug 10106] New: LTO crash possibly related to zero-length arrays

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Wed Jun 8 22:02:12 PDT 2011


           Summary: LTO crash possibly related to zero-length arrays
           Product: libraries
           Version: trunk
          Platform: PC
        OS/Version: Windows NT
            Status: NEW
          Severity: normal
          Priority: P
         Component: Common Code Generator Code
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: xocotl at gmail.com
                CC: llvmbugs at cs.uiuc.edu

Created an attachment (id=6714)
 --> (http://llvm.org/bugs/attachment.cgi?id=6714)
reduced simplified with bugpoint A.bc

In my code, I've got something like

value = buffer[(writeIndex - 1) & (buflen - 1)];

which if I change to the incorrect

value = buffer[(writeIndex - 1) & buflen];

no longer crashes the code generator. buflen is a constant 32 which gets fed
in, so there's something clever it must be trying to do. In any case, I've
attached the simplified .bc file from running Bugpoint on it. Hopefully that is
of some use.

The structs involved here look like

#define CDC_BUFLEN (32)

struct PSB_Ring_Type
    uintptr_t ReadIndex, WriteIndex;
    uint8_t   Buffer[0];

struct PSB_CDC_Side_Type
    struct PSB_Ring_Type Ring;
    uint8_t              Buffer[CDC_BUFLEN];
    uint32_t             BaudRate;

struct PSB_CDC_Type
    struct PSB_CDC_Side_Type FromMe, ToMe;

I'm thinking it might have something to do with calculating the address of
PSB_Ring_Type's Buffer, or parts of the structure after it. In any case, this
crashes the assembler when LTO is used.

Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list