[llvm-bugs] [Bug 46176] New: Crash when using LLVM10 built with MSVC for x86-32 Debug

via llvm-bugs llvm-bugs at lists.llvm.org
Tue Jun 2 14:01:32 PDT 2020 

https://bugs.llvm.org/show_bug.cgi?id=46176

            Bug ID: 46176
           Summary: Crash when using LLVM10 built with MSVC for x86-32
                    Debug
           Product: libraries
           Version: 10.0
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P
         Component: Backend: X86
          Assignee: unassignedbugs at nondot.org
          Reporter: srj at google.com
                CC: craig.topper at gmail.com, llvm-bugs at lists.llvm.org,
                    llvm-dev at redking.me.uk, spatel+llvm at rotateright.com

(Reporting on behalf of Alex Reinking, who found this while debugging Halide:)

# Overview:

There is an apparently 100% reproducible crash when using LLVM 10 build using
MSVC 2017 or 2019, for Windows x86 (32-bit), Debug mode only. 

The crash appears due to a double-free in the destructor of SmallVector,
perhaps due to a bug in the copy/move/operator= operations of SmallVector. In
particular, the object whose destructor triggers the crash is a lambda
capture-by-value clone of a small-vector that was initially created on the
stack.

The stack trace looks like:

```
     ntdll.dll!77289c43()    Unknown
     ntdll.dll![Frames below may be incorrect and/or missing, no symbols loaded
for ntdll.dll]    Unknown
     [External Code]    
>    demo.exe!llvm::SmallVectorImpl<llvm::LLT>::~SmallVectorImpl<llvm::LLT>() Line 336    C++
     demo.exe!llvm::SmallVector<llvm::LLT,4>::~SmallVector<llvm::LLT,4>() Line
844    C++
     [External Code]    
     demo.exe!llvm::LegalityPredicates::all<std::function<bool
__cdecl(llvm::LegalityQuery const &)>>(std::function<bool
__cdecl(llvm::LegalityQuery const &)> P0, std::function<bool
__cdecl(llvm::LegalityQuery const &)> P1) Line 194    C++
    
demo.exe!llvm::LegalizeRuleSet::actionForCartesianProduct(llvm::LegalizeActions::LegalizeAction
Action, std::initializer_list<llvm::LLT> Types0,
std::initializer_list<llvm::LLT> Types1) Line 448    C++
    
demo.exe!llvm::LegalizeRuleSet::legalForCartesianProduct(std::initializer_list<llvm::LLT>
Types0, std::initializer_list<llvm::LLT> Types1) Line 518    C++
     demo.exe!main() Line 15    C++
```

In the debugger output window we see: `Invalid address specified to
RtlValidateHeap( 02150000, 01B5ECC8 )`, which looks a lot like it's trying to
free a stack address. The 2nd argument is the pointer passed to free (stored in
SmallVector's BeginX field).

# Steps To Repeat:

Note that Visual Studio 16.6.x (the latest) exposes a bug in LLVM that has now
been patched, but prevents it from compiling. The instructions below use Visual
Studio 15.9.23 (2017) instead.

## Without vcpkg

Get and compile LLVM:
```
D:\>"C:\Program Files (x86)\Microsoft Visual
Studio\2017\Community\VC\Auxiliary\Build\vcvarsall.bat" amd64_x86
D:\>git clone https://github.com/llvm/llvm-project.git --depth 1 -b
release/10.x
D:\>mkdir llvm-x86
D:\llvm-x86>cmake -G Ninja ^
                  -DCMAKE_BUILD_TYPE=Debug ^
                  -DCMAKE_INSTALL_PREFIX=../llvm-x86-install ^
                  -DLLVM_ENABLE_TERMINFO=OFF ^
                  -DLLVM_TARGETS_TO_BUILD=X86 ^
                  -DLLVM_ENABLE_ASSERTIONS=ON ^
                  -DLLVM_ENABLE_EH=ON ^
                  -DLLVM_ENABLE_RTTI=ON ^
                  -DLLVM_BUILD_32_BITS=ON ^
                  ..\llvm-project\llvm
D:\llvm-x86>cmake --build . --target install
D:\llvm-x86>cd ..
D:\>cd this-gist
D:\this-gist>mkdir build
D:\this-gist\build>cmake -G Ninja -DCMAKE_BUILD_TYPE=Debug
-DCMAKE_PREFIX_PATH=D:/llvm-x86-install ..
D:\this-gist\build>demo
BOOM!
```

## With vcpkg

Compile with:
```
> mkdir build
> cd build
> cmake -G Ninja -DCMAKE_BUILD_TYPE=Debug -DCMAKE_TOOLCHAIN_FILE=D:/vcpkg/scripts/buildsystems/vcpkg.cmake ..
```

Compiler info:
```
Microsoft (R) C/C++ Optimizing Compiler Version 19.26.28806 for x86
Copyright (C) Microsoft Corporation.  All rights reserved.
```

CMake info:
```
cmake version 3.17.2
```

vcpkg list (only x86-windows is relevant):
```
glew:x64-windows                                   2.1.0-7          The OpenGL
Extension Wrangler Library (GLEW) is ...
glew:x86-windows                                   2.1.0-7          The OpenGL
Extension Wrangler Library (GLEW) is ...
libjpeg-turbo:x64-windows                          2.0.4           
libjpeg-turbo is a JPEG image codec that uses SI...
libjpeg-turbo:x86-windows                          2.0.4           
libjpeg-turbo is a JPEG image codec that uses SI...
libpng:x64-windows                                 1.6.37-7         libpng is a
library implementing an interface fo...
libpng:x86-windows                                 1.6.37-7         libpng is a
library implementing an interface fo...
llvm:x64-windows                                   10.0.0           The LLVM
Compiler Infrastructure
llvm:x86-windows                                   10.0.0           The LLVM
Compiler Infrastructure
llvm[clang-tools-extra]:x64-windows                                 Build Clang
tools.
llvm[clang-tools-extra]:x86-windows                                 Build Clang
tools.
llvm[clang]:x64-windows                                             Build C
Language Family Front-end.
llvm[clang]:x86-windows                                             Build C
Language Family Front-end.
llvm[disable-abi-breaking-checks]:x64-windows                       Build LLVM
with LLVM_ABI_BREAKING_CHECKS=FORCE_OFF.
llvm[disable-abi-breaking-checks]:x86-windows                       Build LLVM
with LLVM_ABI_BREAKING_CHECKS=FORCE_OFF.
llvm[disable-assertions]:x64-windows                                Build LLVM
without assertions.
llvm[disable-assertions]:x86-windows                                Build LLVM
without assertions.
llvm[disable-clang-static-analyzer]:x64-windows                     Build
without static analyzer.
llvm[disable-clang-static-analyzer]:x86-windows                     Build
without static analyzer.
llvm[enable-rtti]:x64-windows                                       Build LLVM
with run-time type information.
llvm[enable-rtti]:x86-windows                                       Build LLVM
with run-time type information.
llvm[lld]:x64-windows                                               Build LLVM
linker.
llvm[lld]:x86-windows                                               Build LLVM
linker.
llvm[target-all]:x64-windows                                        Build with
all backends.
llvm[target-all]:x86-windows                                        Build with
all backends.
llvm[tools]:x64-windows                                             Build LLVM
tools.
llvm[tools]:x86-windows                                             Build LLVM
tools.
openblas:x64-windows                               0.3.9-1          OpenBLAS is
an optimized BLAS library based on G...
opencl:x64-windows                                 2.2-2            C/C++
headers and ICD loader (Installable Client...
opengl:x64-windows                                 0.0-5            Open
Graphics Library (OpenGL)[3][4][5] is a cro...
opengl:x86-windows                                 0.0-5            Open
Graphics Library (OpenGL)[3][4][5] is a cro...
zlib:x64-windows                                   1.2.11-6         A
compression library
zlib:x86-windows                                   1.2.11-6         A
compression library
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200602/feeaefeb/attachment-0001.html>

More information about the llvm-bugs mailing list