[llvm-bugs] [Bug 28640] New: clang crashes on valid code at -O3 on x86_64-linux-gnu with "Bad machine code: Virtual register defs don't dominate all uses."

via llvm-bugs llvm-bugs at lists.llvm.org
Thu Jul 21 01:59:01 PDT 2016


https://llvm.org/bugs/show_bug.cgi?id=28640

            Bug ID: 28640
           Summary: clang crashes on valid code at -O3 on x86_64-linux-gnu
                    with "Bad machine code: Virtual register defs don't
                    dominate all uses."
           Product: clang
           Version: trunk
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: LLVM Codegen
          Assignee: unassignedclangbugs at nondot.org
          Reporter: helloqirun at gmail.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

The current clang trunk crashes at -O3 when compiling the following test case
on x86_64-linux-gnu in 32-bit mode. The 64-bit mode works fine.


$ clang-trunk -v
clang version 4.0.0 (trunk 276095)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/local/bin
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/4.9
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/4.9.3
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/5
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/5.3.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/3.4.6
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.4
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.4.7
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.6
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.6.4
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.8.5
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9.3
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5.3.0
Found candidate GCC installation:
/usr/local/bin/../lib/gcc/x86_64-pc-linux-gnu/6.1.0
Found candidate GCC installation:
/usr/local/bin/../lib/gcc/x86_64-unknown-linux-gnu/5.3.0
Selected GCC installation: /usr/local/bin/../lib/gcc/x86_64-pc-linux-gnu/6.1.0
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Selected multilib: .;@m64




$ clang-trunk -m32 -O3 abc.c
abc.c:7:9: warning: incompatible pointer types initializing 'char *' with an
expression of type 'void ()'
      [-Wincompatible-pointer-types]
  char *f = fn1;
        ^   ~~~
abc.c:20:12: warning: incompatible pointer types initializing 'char **' with an
expression of type 'char *'; take the address with
      & [-Wincompatible-pointer-types]
                  char **k = f;
                         ^   ~
                             &
abc.c:25:8: warning: expression result unused [-Wunused-value]
              h ? : (j = e);
              ^~~~~~~~~~~~~
abc.c:40:9: warning: incompatible pointer types initializing 'char *' with an
expression of type 'int *'
      [-Wincompatible-pointer-types]
  char *l = &g;
        ^   ~~
abc.c:41:3: warning: expression result unused [-Wunused-value]
  *l;
  ^~

# Machine code for function fn1: Properties: <Post SSA, tracking liveness,
HasVRegs>
Frame Objects:
  fi#0: size=4, align=4, at location [SP+4]

BB#0: derived from LLVM BB %entry
        %vreg7<def> = MOV32r0 %EFLAGS<imp-def,dead>; GR32_ABCD:%vreg7
        CMP32mi8 %noreg, 1, %noreg, <ga:@b>, %noreg, 0, %EFLAGS<imp-def>;
mem:LD4[@b](tbaa=!2)
        JNE_1 <BB#2>, %EFLAGS<imp-use,kill>
    Successors according to CFG: BB#1(0x30000000 / 0x80000000 = 37.50%)
BB#2(0x50000000 / 0x80000000 = 62.50%)

BB#1:
    Predecessors according to CFG: BB#0
        %vreg8<def> = COPY %vreg7:sub_8bit; GR8:%vreg8 GR32_ABCD:%vreg7
        %vreg29<def> = COPY %vreg7; GR32:%vreg29 GR32_ABCD:%vreg7
        %vreg30<def> = COPY %vreg8; GR8:%vreg30,%vreg8
        %vreg31<def> = IMPLICIT_DEF; GR32:%vreg31
        JMP_1 <BB#10>
    Successors according to CFG: BB#10(?%)

BB#2: derived from LLVM BB %for.body
    Predecessors according to CFG: BB#0
        %vreg0<def> = MOV32rm %noreg, 1, %noreg, <ga:@c>, %noreg;
mem:LD4[@c](tbaa=!2) GR32:%vreg0
        TEST32rr %vreg0, %vreg0, %EFLAGS<imp-def>; GR32:%vreg0
        JNE_1 <BB#4>, %EFLAGS<imp-use,kill>
    Successors according to CFG: BB#3(0x30000000 / 0x80000000 = 37.50%)
BB#4(0x50000000 / 0x80000000 = 62.50%)

BB#3:
    Predecessors according to CFG: BB#2
        %vreg16<def> = LEA32r <fi#0>, 1, %noreg, 0, %noreg; GR32:%vreg16
        %vreg29<def> = IMPLICIT_DEF; GR32:%vreg29
        %vreg30<def> = IMPLICIT_DEF; GR8:%vreg30
        %vreg31<def> = COPY %vreg16; GR32:%vreg31,%vreg16
        JMP_1 <BB#10>
    Successors according to CFG: BB#10(?%)

BB#4: derived from LLVM BB %for.cond4.preheader
    Predecessors according to CFG: BB#2
        %vreg1<def> = MOV32rm %noreg, 1, %noreg, <ga:@a>, %noreg; mem:LD4[@a]
GR32:%vreg1
    Successors according to CFG: BB#5(?%)

BB#5: derived from LLVM BB %for.cond4
    Predecessors according to CFG: BB#4 BB#13
        CMP32ri8 %vreg0, 4, %EFLAGS<imp-def>; GR32:%vreg0
        JG_1 <BB#13>, %EFLAGS<imp-use,kill>
        JMP_1 <BB#6>
    Successors according to CFG: BB#6(0x04000000 / 0x80000000 = 3.12%)
BB#13(0x7c000000 / 0x80000000 = 96.88%)

BB#6: derived from LLVM BB %for.body8.preheader
    Predecessors according to CFG: BB#5
        %vreg20<def> = MOV32rm %noreg, 1, %noreg, <ga:@fn1>, %noreg;
mem:LD4[bitcast (void ()* @fn1 to i8**)](tbaa=!6) GR32:%vreg20
        %vreg2<def> = MOV8rm %vreg20, 1, %noreg, 0, %noreg;
mem:LD1[%4](tbaa=!3) GR8:%vreg2 GR32:%vreg20
    Successors according to CFG: BB#7(?%)

BB#7: derived from LLVM BB %for.body8
    Predecessors according to CFG: BB#6 BB#7
        TEST8rr %vreg2, %vreg2, %EFLAGS<imp-def>; GR8:%vreg2
        JE_1 <BB#7>, %EFLAGS<imp-use,kill>
    Successors according to CFG: BB#7(0x7c000000 / 0x80000000 = 96.88%)
BB#8(0x04000000 / 0x80000000 = 3.12%)

BB#8: derived from LLVM BB %for.cond13.preheader
    Predecessors according to CFG: BB#7
    Successors according to CFG: BB#9(?%)

BB#9: derived from LLVM BB %for.cond13
    Predecessors according to CFG: BB#8 BB#9
        JMP_1 <BB#9>
    Successors according to CFG: BB#9(?%)

BB#10: derived from LLVM BB %for.cond20
    Predecessors according to CFG: BB#10 BB#1 BB#3
        %vreg21<def,tied1> = SAR32ri %vreg21<tied0>, 31, %EFLAGS<imp-def,dead>;
GR32:%vreg21
        MOV32mr %noreg, 1, %noreg, <ga:@d>, %noreg, %vreg5;
mem:ST4[@d](align=8)(tbaa=!9) GR32:%vreg5
        MOV32mr %noreg, 1, %noreg, <ga:@d+4>, %noreg, %vreg21;
mem:ST4[@d+4](tbaa=!9) GR32:%vreg21
        %vreg22<def> = COPY %vreg29; GR32:%vreg22,%vreg29
        %vreg22<def,tied1> = SHL32ri %vreg22<tied0>, 8, %EFLAGS<imp-def,dead>;
GR32:%vreg22
        %vreg23<def> = MOVZX32rr8 %vreg30; GR32:%vreg23 GR8:%vreg30
        %vreg24<def> = COPY %vreg23; GR32:%vreg24,%vreg23
        %vreg24<def,dead,tied1> = OR32rr %vreg24<tied0>, %vreg22,
%EFLAGS<imp-def>; GR32:%vreg24,%vreg22
        JNE_1 <BB#10>, %EFLAGS<imp-use,kill>
        JMP_1 <BB#11>
    Successors according to CFG: BB#11(0x04000000 / 0x80000000 = 3.12%)
BB#10(0x7c000000 / 0x80000000 = 96.88%)

BB#11: derived from LLVM BB %for.end24
    Predecessors according to CFG: BB#10
        %vreg27<def> = MOV32r0 %EFLAGS<imp-def,dead>; GR32_ABCD:%vreg27
        TEST32rr %vreg31, %vreg31, %EFLAGS<imp-def>; GR32:%vreg31
        %vreg25<def> = SETNEr %EFLAGS<imp-use,kill>; GR8:%vreg25
        %vreg28<def> = COPY %vreg27; GR32_ABCD:%vreg28,%vreg27
        %vreg28:sub_8bit<def> = COPY %vreg25; GR32_ABCD:%vreg28 GR8:%vreg25
        MOV32mr %noreg, 1, %noreg, <ga:@d>, %noreg, %vreg28;
mem:ST4[@d](align=8)(tbaa=!9) GR32_ABCD:%vreg28
        MOV32mi %noreg, 1, %noreg, <ga:@d+4>, %noreg, 0; mem:ST4[@d+4](tbaa=!9)
    Successors according to CFG: BB#12(?%)

BB#12: derived from LLVM BB %for.cond27
    Predecessors according to CFG: BB#11 BB#12
        JMP_1 <BB#12>
    Successors according to CFG: BB#12(?%)

BB#13: derived from LLVM BB %for.cond29thread-pre-split
    Predecessors according to CFG: BB#5
        TEST32rr %vreg1, %vreg1, %EFLAGS<imp-def>; GR32:%vreg1
        JE_1 <BB#5>, %EFLAGS<imp-use,kill>
        JMP_1 <BB#14>
    Successors according to CFG: BB#5(0x7c000000 / 0x80000000 = 96.88%)
BB#14(0x04000000 / 0x80000000 = 3.12%)

BB#14: derived from LLVM BB %cond.end36.preheader
    Predecessors according to CFG: BB#13
    Successors according to CFG: BB#15(?%)

BB#15: derived from LLVM BB %cond.end36
    Predecessors according to CFG: BB#14 BB#15
        JMP_1 <BB#15>
    Successors according to CFG: BB#15(?%)

# End machine code for function fn1.

*** Bad machine code: Reading virtual register without a def ***
- function:    fn1
- basic block: BB#10 for.cond20 (0x528b098)
- instruction: MOV32mr
- operand 5:   %vreg5

*** Bad machine code: Virtual register defs don't dominate all uses. ***
- function:    fn1
- v. register: %vreg21
fatal error: error in backend: Found 2 machine code errors.
clang-4.0: error: clang frontend command failed with exit code 70 (use -v to
see invocation)
clang version 4.0.0 (trunk 276095)
Target: i386-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/local/bin
clang-4.0: note: diagnostic msg: PLEASE submit a bug report to
http://llvm.org/bugs/ and include the crash backtrace, preprocessed source, and
associated run script.
clang-4.0: note: diagnostic msg:
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-4.0: note: diagnostic msg: /tmp/abc-73fac7.c
clang-4.0: note: diagnostic msg: /tmp/abc-73fac7.sh
clang-4.0: note: diagnostic msg:

********************




$ cat abc.c

int a, b, c;
long long d;
void fn1 ()
{
  char e;
  char *f = fn1;
  int g;
  for (; b;)
    {
      long h;
      long *i = &h;
      for (; c;)
        {
          for (; c <= 4;)
            {
              int j;
              for (; g <= 80; g++)
                {
                  char **k = f;
                  if ((j /= *f) && h ? : (g %= g) | * *k)
                    for (;;)
                      ;
                }
              h ? : (j = e);
              for (; g;)
              lblBF8C6610:
                d = j;
              d = i || 0;
              for (;;)
                ;
            }
          for (; a; a = (*i = c) ? : (c = 0))
            ;
        }
      goto lblBF8C6610;
    }
  if (0 >= (g ^= 0))
    goto lblBF8C6610;
  char *l = &g;
  *l;
}

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160721/ef729e4b/attachment-0001.html>


More information about the llvm-bugs mailing list