[llvm-bugs] [Bug 37000] New: Assertion `NumValues == VTs.NumVTs && "NumValues wasn't wide enough for its operands!"' failed

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Apr 4 07:33:32 PDT 2018 

https://bugs.llvm.org/show_bug.cgi?id=37000

            Bug ID: 37000
           Summary: Assertion `NumValues == VTs.NumVTs && "NumValues
                    wasn't wide enough for its operands!"' failed
           Product: tools
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: llc
          Assignee: unassignedbugs at nondot.org
          Reporter: glider at google.com
                CC: llvm-bugs at lists.llvm.org

Created attachment 20156
  --> https://bugs.llvm.org/attachment.cgi?id=20156&action=edit
Reproducer

The attached IR piece triggers the following bug in llc (and Clang):

$ llc s_p_i.ll 

llc:
/usr/local/google/src/llvm-msan-fix/llvm/include/llvm/CodeGen/SelectionDAGNodes.h:1032:
llvm::SDNode::SDNode(unsigned int, unsigned int, llvm::DebugLoc,
llvm::SDVTList): Assertion `NumValues == VTs.NumVTs && "NumValues wasn't wide
enough for its operands!"' failed.
#0 0x00005629a4e7224a llvm::sys::PrintStackTrace(llvm::raw_ostream&)
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x1f8d24a)
#1 0x00005629a4e6ff86 llvm::sys::RunSignalHandlers()
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x1f8af86)
#2 0x00005629a4e702f5 SignalHandler(int)
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x1f8b2f5)
#3 0x00007f107e7ba0c0 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x110c0)
#4 0x00007f107d34bfcf gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x32fcf)
#5 0x00007f107d34d3fa abort (/lib/x86_64-linux-gnu/libc.so.6+0x343fa)
#6 0x00007f107d344e37 (/lib/x86_64-linux-gnu/libc.so.6+0x2be37)
#7 0x00007f107d344ee2 (/lib/x86_64-linux-gnu/libc.so.6+0x2bee2)
#8 0x00005629a4cf4a71 llvm::SDNode::SDNode(unsigned int, unsigned int,
llvm::DebugLoc, llvm::SDVTList)
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x1e0fa71)
#9 0x00005629a4cf4af5 llvm::SDNode* llvm::SelectionDAG::newSDNode<llvm::SDNode,
unsigned int&, unsigned int, llvm::DebugLoc const&, llvm::SDVTList>(unsigned
int&&&, unsigned int&&, llvm::DebugLoc const&&&, llvm::SDVTList&&) (.isra.630)
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x1e0faf5)
#10 0x00005629a4d191ae llvm::SelectionDAG::getNode(unsigned int, llvm::SDLoc
const&, llvm::SDVTList, llvm::ArrayRef<llvm::SDValue>)
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x1e341ae)
#11 0x00005629a4d19395
llvm::SelectionDAG::getMergeValues(llvm::ArrayRef<llvm::SDValue>, llvm::SDLoc
const&)
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x1e34395)
#12 0x00005629a4cca280 llvm::SelectionDAGBuilder::getValueImpl(llvm::Value
const*)
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x1de5280)
#13 0x00005629a4ccaba2 llvm::SelectionDAGBuilder::getValue(llvm::Value const*)
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x1de5ba2)
#14 0x00005629a4cd6bef llvm::SelectionDAGBuilder::visitStore(llvm::StoreInst
const&)
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x1df1bef)
#15 0x00005629a4cf237e llvm::SelectionDAGBuilder::visit(llvm::Instruction
const&)
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x1e0d37e)
#16 0x00005629a4d3bbef
llvm::SelectionDAGISel::SelectBasicBlock(llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::Instruction,
true, false, void>, false, true>,
llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::Instruction, true,
false, void>, false, true>, bool&)
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x1e56bef)
#17 0x00005629a4d4066a
llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&)
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x1e5b66a)
#18 0x00005629a4d42593
llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&)
(.part.887)
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x1e5d593)
#19 0x00005629a407b924 (anonymous
namespace)::X86DAGToDAGISel::runOnMachineFunction(llvm::MachineFunction&)
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x1196924)
#20 0x00005629a457d755
llvm::MachineFunctionPass::runOnFunction(llvm::Function&)
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x1698755)
#21 0x00005629a48ddbd9 llvm::FPPassManager::runOnFunction(llvm::Function&)
(/usr/local/google/src/llvm-msan-fix/llvm/llvm_cmake_build/bin//llc+0x19f8bd9)

The bug goes away if I change the array size from 65536 to e.g. 32768.

A similar bug has also been reported by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6716

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180404/7b6281e8/attachment-0001.html>

More information about the llvm-bugs mailing list