[llvm-bugs] [Bug 39177] New: Summary: LibCallSimplifier (of instcombine) crashes on aliased lib function
via llvm-bugs
llvm-bugs at lists.llvm.org
Thu Oct 4 09:31:02 PDT 2018
https://bugs.llvm.org/show_bug.cgi?id=39177
Bug ID: 39177
Summary: Summary: LibCallSimplifier (of instcombine) crashes on
aliased lib function
Product: libraries
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: Transformation Utilities
Assignee: unassignedbugs at nondot.org
Reporter: julian.buening at rwth-aachen.de
CC: llvm-bugs at lists.llvm.org
Created attachment 20959
--> https://bugs.llvm.org/attachment.cgi?id=20959&action=edit
minimal test case
While trying to test some programs with KLEE, David Laprell came up with an
issue previously noted here:
http://lists.llvm.org/pipermail/llvm-dev/2017-July/115957.html
David was able to reduce the input to KLEE (still linking against klee-uclibc)
to a minimum.
>From this I was able to reduce it to the attached program crashing opt
-instcombine / clang -O1 (version 8.0.0, trunk 343759). In this program,
"frwite" is aliased to "__fwrite_alias".
The core issue seems to be in lib/Transforms/Utils/BuildLibCalls.cpp's method
llvm::emitFWrite():
Constant *F = M->getOrInsertFunction(
FWriteName, DL.getIntPtrType(Context), B.getInt8PtrTy(),
DL.getIntPtrType(Context), DL.getIntPtrType(Context), File->getType());
if (File->getType()->isPointerTy())
inferLibFuncAttributes(*M->getFunction(FWriteName), *TLI);
The code assumes that after calling getOrInsertFunction(), it is safe to say
that a function of FWriteName will exist.
This is not true, as getOrInsertFunction() returns a GlobalAlias, but
getFunction() returns nullptr (as GlobalAlias cannot be casted to Function).
The same pattern (and thus problem) seems to be present accross most
llvm::emit* functions in BuildLibCalls.cpp, but I haven't investigated it
further.
Steps to reproduce:
$ ../llvm-trunk/build/bin/clang -Xclang -disable-O0-optnone -c -emit-llvm
crash.c
$ ../llvm-trunk/build/bin/opt -instcombine crash.bc -o crash.opt.bc
Stack dump:
0. Program arguments: ../llvm-trunk/build/bin/opt -instcombine crash.bc -o
crash.opt.bc
1. Running pass 'Function Pass Manager' on module 'crash.bc'.
2. Running pass 'Combine redundant instructions' on function '@main'
[...]
#4 0x00007f742729e1b0 __restore_rt (/lib64/libpthread.so.0+0x121b0)
#5 0x0000000001245bd6 llvm::GlobalValue::getParent() const
/home/jb/llvm-trunk/build/../include/llvm/IR/GlobalValue.h:567:0
#6 0x00000000018f1e9d llvm::TargetLibraryInfoImpl::getLibFunc(llvm::Function
const&, llvm::LibFunc&) const
/home/jb/llvm-trunk/build/../lib/Analysis/TargetLibraryInfo.cpp:1375:0
#7 0x0000000001616716 llvm::TargetLibraryInfo::getLibFunc(llvm::Function
const&, llvm::LibFunc&) const
/home/jb/llvm-trunk/build/../include/llvm/Analysis/TargetLibraryInfo.h:237:0
#8 0x0000000002872a22 llvm::inferLibFuncAttributes(llvm::Function&,
llvm::TargetLibraryInfo const&)
/home/jb/llvm-trunk/build/../lib/Transforms/Utils/BuildLibCalls.cpp:126:0
#9 0x0000000002876ab1 llvm::emitFWrite(llvm::Value*, llvm::Value*,
llvm::Value*, llvm::IRBuilder<llvm::ConstantFolder,
llvm::IRBuilderDefaultInserter>&, llvm::DataLayout const&,
llvm::TargetLibraryInfo const*)
/home/jb/llvm-trunk/build/../lib/Transforms/Utils/BuildLibCalls.cpp:1093:0
[...]
Segmentation fault (core dumped)
This behavior was found in the course of the SYMBIOSYS research project at
COMSYS, RWTH Aachen University. This research is supported by the European
Research Council (ERC) under the EU's Horizon 2020 Research and Innovation
Programme grant agreement n. 647295 (SYMBIOSYS).
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20181004/a9b0b3fa/attachment.html>
More information about the llvm-bugs
mailing list