[llvm-bugs] [Bug 28640] New: clang crashes on valid code at -O3 on x86_64-linux-gnu with "Bad machine code: Virtual register defs don't dominate all uses."
via llvm-bugs
llvm-bugs at lists.llvm.org
Thu Jul 21 01:59:01 PDT 2016
https://llvm.org/bugs/show_bug.cgi?id=28640
Bug ID: 28640
Summary: clang crashes on valid code at -O3 on x86_64-linux-gnu
with "Bad machine code: Virtual register defs don't
dominate all uses."
Product: clang
Version: trunk
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P
Component: LLVM Codegen
Assignee: unassignedclangbugs at nondot.org
Reporter: helloqirun at gmail.com
CC: llvm-bugs at lists.llvm.org
Classification: Unclassified
The current clang trunk crashes at -O3 when compiling the following test case
on x86_64-linux-gnu in 32-bit mode. The 64-bit mode works fine.
$ clang-trunk -v
clang version 4.0.0 (trunk 276095)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/local/bin
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/4.9
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/4.9.3
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/5
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/5.3.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/3.4.6
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.4
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.4.7
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.6
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.6.4
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.8.5
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9.3
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5.3.0
Found candidate GCC installation:
/usr/local/bin/../lib/gcc/x86_64-pc-linux-gnu/6.1.0
Found candidate GCC installation:
/usr/local/bin/../lib/gcc/x86_64-unknown-linux-gnu/5.3.0
Selected GCC installation: /usr/local/bin/../lib/gcc/x86_64-pc-linux-gnu/6.1.0
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Selected multilib: .;@m64
$ clang-trunk -m32 -O3 abc.c
abc.c:7:9: warning: incompatible pointer types initializing 'char *' with an
expression of type 'void ()'
[-Wincompatible-pointer-types]
char *f = fn1;
^ ~~~
abc.c:20:12: warning: incompatible pointer types initializing 'char **' with an
expression of type 'char *'; take the address with
& [-Wincompatible-pointer-types]
char **k = f;
^ ~
&
abc.c:25:8: warning: expression result unused [-Wunused-value]
h ? : (j = e);
^~~~~~~~~~~~~
abc.c:40:9: warning: incompatible pointer types initializing 'char *' with an
expression of type 'int *'
[-Wincompatible-pointer-types]
char *l = &g;
^ ~~
abc.c:41:3: warning: expression result unused [-Wunused-value]
*l;
^~
# Machine code for function fn1: Properties: <Post SSA, tracking liveness,
HasVRegs>
Frame Objects:
fi#0: size=4, align=4, at location [SP+4]
BB#0: derived from LLVM BB %entry
%vreg7<def> = MOV32r0 %EFLAGS<imp-def,dead>; GR32_ABCD:%vreg7
CMP32mi8 %noreg, 1, %noreg, <ga:@b>, %noreg, 0, %EFLAGS<imp-def>;
mem:LD4[@b](tbaa=!2)
JNE_1 <BB#2>, %EFLAGS<imp-use,kill>
Successors according to CFG: BB#1(0x30000000 / 0x80000000 = 37.50%)
BB#2(0x50000000 / 0x80000000 = 62.50%)
BB#1:
Predecessors according to CFG: BB#0
%vreg8<def> = COPY %vreg7:sub_8bit; GR8:%vreg8 GR32_ABCD:%vreg7
%vreg29<def> = COPY %vreg7; GR32:%vreg29 GR32_ABCD:%vreg7
%vreg30<def> = COPY %vreg8; GR8:%vreg30,%vreg8
%vreg31<def> = IMPLICIT_DEF; GR32:%vreg31
JMP_1 <BB#10>
Successors according to CFG: BB#10(?%)
BB#2: derived from LLVM BB %for.body
Predecessors according to CFG: BB#0
%vreg0<def> = MOV32rm %noreg, 1, %noreg, <ga:@c>, %noreg;
mem:LD4[@c](tbaa=!2) GR32:%vreg0
TEST32rr %vreg0, %vreg0, %EFLAGS<imp-def>; GR32:%vreg0
JNE_1 <BB#4>, %EFLAGS<imp-use,kill>
Successors according to CFG: BB#3(0x30000000 / 0x80000000 = 37.50%)
BB#4(0x50000000 / 0x80000000 = 62.50%)
BB#3:
Predecessors according to CFG: BB#2
%vreg16<def> = LEA32r <fi#0>, 1, %noreg, 0, %noreg; GR32:%vreg16
%vreg29<def> = IMPLICIT_DEF; GR32:%vreg29
%vreg30<def> = IMPLICIT_DEF; GR8:%vreg30
%vreg31<def> = COPY %vreg16; GR32:%vreg31,%vreg16
JMP_1 <BB#10>
Successors according to CFG: BB#10(?%)
BB#4: derived from LLVM BB %for.cond4.preheader
Predecessors according to CFG: BB#2
%vreg1<def> = MOV32rm %noreg, 1, %noreg, <ga:@a>, %noreg; mem:LD4[@a]
GR32:%vreg1
Successors according to CFG: BB#5(?%)
BB#5: derived from LLVM BB %for.cond4
Predecessors according to CFG: BB#4 BB#13
CMP32ri8 %vreg0, 4, %EFLAGS<imp-def>; GR32:%vreg0
JG_1 <BB#13>, %EFLAGS<imp-use,kill>
JMP_1 <BB#6>
Successors according to CFG: BB#6(0x04000000 / 0x80000000 = 3.12%)
BB#13(0x7c000000 / 0x80000000 = 96.88%)
BB#6: derived from LLVM BB %for.body8.preheader
Predecessors according to CFG: BB#5
%vreg20<def> = MOV32rm %noreg, 1, %noreg, <ga:@fn1>, %noreg;
mem:LD4[bitcast (void ()* @fn1 to i8**)](tbaa=!6) GR32:%vreg20
%vreg2<def> = MOV8rm %vreg20, 1, %noreg, 0, %noreg;
mem:LD1[%4](tbaa=!3) GR8:%vreg2 GR32:%vreg20
Successors according to CFG: BB#7(?%)
BB#7: derived from LLVM BB %for.body8
Predecessors according to CFG: BB#6 BB#7
TEST8rr %vreg2, %vreg2, %EFLAGS<imp-def>; GR8:%vreg2
JE_1 <BB#7>, %EFLAGS<imp-use,kill>
Successors according to CFG: BB#7(0x7c000000 / 0x80000000 = 96.88%)
BB#8(0x04000000 / 0x80000000 = 3.12%)
BB#8: derived from LLVM BB %for.cond13.preheader
Predecessors according to CFG: BB#7
Successors according to CFG: BB#9(?%)
BB#9: derived from LLVM BB %for.cond13
Predecessors according to CFG: BB#8 BB#9
JMP_1 <BB#9>
Successors according to CFG: BB#9(?%)
BB#10: derived from LLVM BB %for.cond20
Predecessors according to CFG: BB#10 BB#1 BB#3
%vreg21<def,tied1> = SAR32ri %vreg21<tied0>, 31, %EFLAGS<imp-def,dead>;
GR32:%vreg21
MOV32mr %noreg, 1, %noreg, <ga:@d>, %noreg, %vreg5;
mem:ST4[@d](align=8)(tbaa=!9) GR32:%vreg5
MOV32mr %noreg, 1, %noreg, <ga:@d+4>, %noreg, %vreg21;
mem:ST4[@d+4](tbaa=!9) GR32:%vreg21
%vreg22<def> = COPY %vreg29; GR32:%vreg22,%vreg29
%vreg22<def,tied1> = SHL32ri %vreg22<tied0>, 8, %EFLAGS<imp-def,dead>;
GR32:%vreg22
%vreg23<def> = MOVZX32rr8 %vreg30; GR32:%vreg23 GR8:%vreg30
%vreg24<def> = COPY %vreg23; GR32:%vreg24,%vreg23
%vreg24<def,dead,tied1> = OR32rr %vreg24<tied0>, %vreg22,
%EFLAGS<imp-def>; GR32:%vreg24,%vreg22
JNE_1 <BB#10>, %EFLAGS<imp-use,kill>
JMP_1 <BB#11>
Successors according to CFG: BB#11(0x04000000 / 0x80000000 = 3.12%)
BB#10(0x7c000000 / 0x80000000 = 96.88%)
BB#11: derived from LLVM BB %for.end24
Predecessors according to CFG: BB#10
%vreg27<def> = MOV32r0 %EFLAGS<imp-def,dead>; GR32_ABCD:%vreg27
TEST32rr %vreg31, %vreg31, %EFLAGS<imp-def>; GR32:%vreg31
%vreg25<def> = SETNEr %EFLAGS<imp-use,kill>; GR8:%vreg25
%vreg28<def> = COPY %vreg27; GR32_ABCD:%vreg28,%vreg27
%vreg28:sub_8bit<def> = COPY %vreg25; GR32_ABCD:%vreg28 GR8:%vreg25
MOV32mr %noreg, 1, %noreg, <ga:@d>, %noreg, %vreg28;
mem:ST4[@d](align=8)(tbaa=!9) GR32_ABCD:%vreg28
MOV32mi %noreg, 1, %noreg, <ga:@d+4>, %noreg, 0; mem:ST4[@d+4](tbaa=!9)
Successors according to CFG: BB#12(?%)
BB#12: derived from LLVM BB %for.cond27
Predecessors according to CFG: BB#11 BB#12
JMP_1 <BB#12>
Successors according to CFG: BB#12(?%)
BB#13: derived from LLVM BB %for.cond29thread-pre-split
Predecessors according to CFG: BB#5
TEST32rr %vreg1, %vreg1, %EFLAGS<imp-def>; GR32:%vreg1
JE_1 <BB#5>, %EFLAGS<imp-use,kill>
JMP_1 <BB#14>
Successors according to CFG: BB#5(0x7c000000 / 0x80000000 = 96.88%)
BB#14(0x04000000 / 0x80000000 = 3.12%)
BB#14: derived from LLVM BB %cond.end36.preheader
Predecessors according to CFG: BB#13
Successors according to CFG: BB#15(?%)
BB#15: derived from LLVM BB %cond.end36
Predecessors according to CFG: BB#14 BB#15
JMP_1 <BB#15>
Successors according to CFG: BB#15(?%)
# End machine code for function fn1.
*** Bad machine code: Reading virtual register without a def ***
- function: fn1
- basic block: BB#10 for.cond20 (0x528b098)
- instruction: MOV32mr
- operand 5: %vreg5
*** Bad machine code: Virtual register defs don't dominate all uses. ***
- function: fn1
- v. register: %vreg21
fatal error: error in backend: Found 2 machine code errors.
clang-4.0: error: clang frontend command failed with exit code 70 (use -v to
see invocation)
clang version 4.0.0 (trunk 276095)
Target: i386-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/local/bin
clang-4.0: note: diagnostic msg: PLEASE submit a bug report to
http://llvm.org/bugs/ and include the crash backtrace, preprocessed source, and
associated run script.
clang-4.0: note: diagnostic msg:
********************
PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-4.0: note: diagnostic msg: /tmp/abc-73fac7.c
clang-4.0: note: diagnostic msg: /tmp/abc-73fac7.sh
clang-4.0: note: diagnostic msg:
********************
$ cat abc.c
int a, b, c;
long long d;
void fn1 ()
{
char e;
char *f = fn1;
int g;
for (; b;)
{
long h;
long *i = &h;
for (; c;)
{
for (; c <= 4;)
{
int j;
for (; g <= 80; g++)
{
char **k = f;
if ((j /= *f) && h ? : (g %= g) | * *k)
for (;;)
;
}
h ? : (j = e);
for (; g;)
lblBF8C6610:
d = j;
d = i || 0;
for (;;)
;
}
for (; a; a = (*i = c) ? : (c = 0))
;
}
goto lblBF8C6610;
}
if (0 >= (g ^= 0))
goto lblBF8C6610;
char *l = &g;
*l;
}
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160721/ef729e4b/attachment-0001.html>
More information about the llvm-bugs
mailing list