[llvm-bugs] [Bug 35209] New: Crash in ::AddressingModeMatcher::matchOperationAddr(llvm::User*, unsigned int, unsigned int, bool*)

via llvm-bugs llvm-bugs at lists.llvm.org
Sun Nov 5 09:35:09 PST 2017 

https://bugs.llvm.org/show_bug.cgi?id=35209

            Bug ID: 35209
           Summary: Crash in
                    ::AddressingModeMatcher::matchOperationAddr(llvm::User
                    *, unsigned int, unsigned int, bool*)
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Common Code Generator Code
          Assignee: unassignedbugs at nondot.org
          Reporter: arichardson.kde at gmail.com
                CC: llvm-bugs at lists.llvm.org

After updating my clang checkout I noticed that the FreeBSD kernel compiled for
QEMU MIPS64 didn't boot anymore due to ata_xpt.c being miscompiled. I worked
around the issue by adding a printf() in
https://github.com/CTSRD-CHERI/cheribsd/commit/44e9de344eebb4dd7f855950f19a895f36d52f91
. With the latest trunk compiling this file now caused a crash and I managed to
bisect it and found that  https://reviews.llvm.org/rL314794 was the first
commit exposing this crash.

Crash backtrace: 
> #0 0x0000000003499044 PrintStackTraceSignalHandler(void*) (./bin/clang+0x3499044)
> #1 0x0000000003499396 SignalHandler(int) (./bin/clang+0x3499396)
> #2 0x00007fa9081d1390 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x11390)
> #3 0x0000000002bf3e16 (anonymous namespace)::AddressingModeMatcher::matchOperationAddr(llvm::User*, unsigned int, unsigned int, bool*) (./bin/clang+0x2bf3e16)
> #4 0x0000000002bf3126 (anonymous namespace)::AddressingModeMatcher::matchAddr(llvm::Value*, unsigned int) (./bin/clang+0x2bf3126)
> #5 0x0000000002be8559 (anonymous namespace)::CodeGenPrepare::optimizeMemoryInst(llvm::Instruction*, llvm::Value*, llvm::Type*, unsigned int) (./bin/clang+0x2be8559)
> #6 0x0000000002be12e7 (anonymous namespace)::CodeGenPrepare::optimizeInst(llvm::Instruction*, bool&) (./bin/clang+0x2be12e7)
> #7 0x0000000002bdaaa1 (anonymous namespace)::CodeGenPrepare::runOnFunction(llvm::Function&) (./bin/clang+0x2bdaaa1)
> #8 0x0000000002f9f17f llvm::FPPassManager::runOnFunction(llvm::Function&) (./bin/clang+0x2f9f17f)
> #9 0x0000000002f9f3d3 llvm::FPPassManager::runOnModule(llvm::Module&) (./bin/clang+0x2f9f3d3)
> #10 0x0000000002f9f8d6 llvm::legacy::PassManagerImpl::run(llvm::Module&) (./bin/clang+0x2f9f8d6)
> #11 0x00000000036172cc clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) (./bin/clang+0x36172cc)
> #12 0x0000000003b1f7d6 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (./bin/clang+0x3b1f7d6)
> #13 0x00000000041de596 clang::ParseAST(clang::Sema&, bool, bool) (./bin/clang+0x41de596)
> #14 0x0000000003a8e418 clang::FrontendAction::Execute() (./bin/clang+0x3a8e418)
> #15 0x0000000003a21b71 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (./bin/clang+0x3a21b71)
> #16 0x0000000003b19d30 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (./bin/clang+0x3b19d30)
> #17 0x0000000001f206d6 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (./bin/clang+0x1f206d6)
> #18 0x0000000001f1eb82 main (./bin/clang+0x1f1eb82)
> #19 0x00007fa906d26830 __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:325:0
> #20 0x0000000001f1c029 _start (./bin/clang+0x1f1c029)
> Stack dump:
> 0.      Program arguments: ./bin/clang -cc1 -internal-isystem /local/scratch/alr48/cheri/build/upstream-llvm-build/lib/clang/6.0.0/include -nostdsysteminc -triple mips64-unknown-freebsd12.0 -emit-obj -mrelocation-model static -ffreestanding -target-cpu mips64 -target-abi n64 -mllvm -mips-ssection-threshold=0 -mllvm -mgpopt -target-linker-version 302.3 -coverage-notes-file /Users/alex/cheri/build/freebsd-mips-build/Users/alex/cheri/freebsd-mips/mips.mips64/sys/MALTA64/ata_xpt.gcno -nostdsysteminc -nobuiltininc -sys-header-deps -D _KERNEL -D HAVE_KERNEL_OPTION_HEADERS -D KERNLOADADDR=0xffffffff80100000 -D __printf__=__freebsd_kprintf__ -O2 -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -Wmissing-include-dirs -Wno-unknown-pragmas -Wno-error-tautological-compare -Wno-error-empty-body -Wno-error-parentheses-equality -Wno-error-unused-function -Wno-error-pointer-sign -Wno-error-shift-negative-value -Wno-error-address-of-packed-member -Werror -std=iso9899:1999 -fwrapv -fcolor-diagnostics -vectorize-loops -vectorize-slp -o /dev/null /local/scratch/alr48/cheri/upstream-llvm/tools/clang/test/CodeGen/ata_xpt-bdf4d9-reduce.test.c
> 1.      <eof> parser at end of file
> 2.      Code generation
> 3.      Running pass 'Function Pass Manager' on module '/local/scratch/alr48/cheri/upstream-llvm/tools/clang/test/CodeGen/ata_xpt-bdf4d9-reduce.test.c'.
> 4.      Running pass 'CodeGen Prepare' on function '@probestart'
> /home/alr48/bisect-monorepo.sh: line 12: 234626 Segmentation fault      (core dumped) ./bin/clang -cc1 -internal-isystem /local/scratch/alr48/cheri/build/upstream-llvm-build/lib/clang/6.0.0/include -nostdsysteminc -triple mips64-unknown-freebsd12.0 -emit-obj -mrelocation-model static -ffreestanding -target-cpu mips64 -target-abi n64 -mllvm -mips-ssection-threshold=0 -mllvm -mgpopt -target-linker-version 302.3 -coverage-notes-file /Users/alex/cheri/build/freebsd-mips-build/Users/alex/cheri/freebsd-mips/mips.mips64/sys/MALTA64/ata_xpt.gcno -nostdsysteminc -nobuiltininc -sys-header-deps -D _KERNEL -D HAVE_KERNEL_OPTION_HEADERS -D KERNLOADADDR=0xffffffff80100000 -D __printf__=__freebsd_kprintf__ -O2 -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -Wmissing-include-dirs -Wno-unknown-pragmas -Wno-error-tautological-compare -Wno-error-empty-body -Wno-error-parentheses-equality -Wno-error-unused-function -Wno-error-pointer-sign -Wno-error-shift-negative-value -Wno-error-address-of-packed-member -Werror -std=iso9899:1999 -fwrapv -fcolor-diagnostics -vectorize-loops -vectorize-slp -o /dev/null /local/scratch/alr48/cheri/upstream-llvm/tools/clang/test/CodeGen/ata_xpt-bdf4d9-reduce.test.c

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20171105/ba495e1a/attachment-0001.html>

More information about the llvm-bugs mailing list