[llvm-bugs] [Bug 50062] New: Constant Array Stack Overflow LL Crash

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Apr 21 08:54:24 PDT 2021 

https://bugs.llvm.org/show_bug.cgi?id=50062

            Bug ID: 50062
           Summary: Constant Array Stack Overflow LL Crash
           Product: clang
           Version: 10.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: LLVM Codegen
          Assignee: unassignedclangbugs at nondot.org
          Reporter: powersalfie at gmail.com
                CC: llvm-bugs at lists.llvm.org, neeilans at live.com,
                    richard-llvm at metafoo.co.uk

Overview:
I am working on a matrix frontend compiler which outputs LLVM IR. We utilise
Clang as the linker and to generate target code. In our language we represent
matrices as a linear list of numbers. We use ConstantArrays to store the
compile time representation of the data in a heap allocated array and as such
we have fairly large arrays. From experimentation we observed that the limit to
the size of constant arrays seems to be 256^2. Any more than that and clang
crashes. This is reproducible with any IR that allocated a large constant array
to a value. I suspect given that this happens only after 256^2, that this is
regarding some representation internally but I have not had the time to
investigate. 

Reproducing IR (excluding all 66049 elements of an array):

%malloccall11 = tail call i8* @malloc(i32 trunc (i64 mul nuw (i64 ptrtoint
(double* getelementptr (double, double* null, i32 1) to i64), i64 66049) to
i32))
  %matTmpData = bitcast i8* %malloccall11 to [66049 x double]*
  store [66049 x double] [double 0x4000CCCCC0000000, ... ] [66049 x double]*
%matTmpData

Whilst this may be a hard limit for Clang as understandably the use-case is
quite unique Clang does not handle this gracefully and instead seems to crash. 

Stack dump:
0.      Program arguments: clang++-10 -c ./output.ll 
1.      Code generation
2.      Running pass 'Function Pass Manager' on module './output.ll'.
3.      Running pass 'X86 DAG->DAG Instruction Selection' on function '@main'
 #0 0x00007f3017bc6f2f llvm::sys::PrintStackTrace(llvm::raw_ostream&)
(/lib/x86_64-linux-gnu/libLLVM-10.so.1+0xa16f2f)
 #1 0x00007f3017bc51e0 llvm::sys::RunSignalHandlers()
(/lib/x86_64-linux-gnu/libLLVM-10.so.1+0xa151e0)
 #2 0x00007f3017bc667d llvm::sys::CleanupOnSignal(unsigned long)
(/lib/x86_64-linux-gnu/libLLVM-10.so.1+0xa1667d)
 #3 0x00007f3017b1c4e0 (/lib/x86_64-linux-gnu/libLLVM-10.so.1+0x96c4e0)
 #4 0x00007f301e33abb0 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x14bb0)
 #5 0x00007f30181b8a44 llvm::SelectionDAG::ReplaceAllUsesWith(llvm::SDNode*,
llvm::SDValue const*) (/lib/x86_64-linux-gnu/libLLVM-10.so.1+0x1008a44)
 #6 0x00007f301802cef1 (/lib/x86_64-linux-gnu/libLLVM-10.so.1+0xe7cef1)
 #7 0x00007f301802924c (/lib/x86_64-linux-gnu/libLLVM-10.so.1+0xe7924c)
 #8 0x00007f3018027b99 llvm::SelectionDAG::Combine(llvm::CombineLevel,
llvm::AAResults*, llvm::CodeGenOpt::Level)
(/lib/x86_64-linux-gnu/libLLVM-10.so.1+0xe77b99)
 #9 0x00007f30181cb072 llvm::SelectionDAGISel::CodeGenAndEmitDAG()
(/lib/x86_64-linux-gnu/libLLVM-10.so.1+0x101b072)
#10 0x00007f30181cabd7
llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&)
(/lib/x86_64-linux-gnu/libLLVM-10.so.1+0x101abd7)
#11 0x00007f30181c8566
llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&)
(/lib/x86_64-linux-gnu/libLLVM-10.so.1+0x1018566)
#12 0x00007f3019904bb8 (/lib/x86_64-linux-gnu/libLLVM-10.so.1+0x2754bb8)
#13 0x00007f3017e63ee8
llvm::MachineFunctionPass::runOnFunction(llvm::Function&)
(/lib/x86_64-linux-gnu/libLLVM-10.so.1+0xcb3ee8)
#14 0x00007f3017ccc646 llvm::FPPassManager::runOnFunction(llvm::Function&)
(/lib/x86_64-linux-gnu/libLLVM-10.so.1+0xb1c646)
#15 0x00007f3017ccc8c3 llvm::FPPassManager::runOnModule(llvm::Module&)
(/lib/x86_64-linux-gnu/libLLVM-10.so.1+0xb1c8c3)
#16 0x00007f3017cccd70 llvm::legacy::PassManagerImpl::run(llvm::Module&)
(/lib/x86_64-linux-gnu/libLLVM-10.so.1+0xb1cd70)
#17 0x00007f301cf1ff33 clang::EmitBackendOutput(clang::DiagnosticsEngine&,
clang::HeaderSearchOptions const&, clang::CodeGenOptions const&,
clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout
const&, llvm::Module*, clang::BackendAction,
std::unique_ptr<llvm::raw_pwrite_stream,
std::default_delete<llvm::raw_pwrite_stream> >)
(/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x1361f33)
#18 0x00007f301d19e955 clang::CodeGenAction::ExecuteAction()
(/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x15e0955)
#19 0x00007f301d807718 clang::FrontendAction::Execute()
(/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x1c49718)
#20 0x00007f301d7c0121
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x1c02121)
#21 0x00007f301d86c16f
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x1cae16f)
#22 0x000000000041229d cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (/usr/lib/llvm-10/bin/clang+0x41229d)
#23 0x00000000004105b1 (/usr/lib/llvm-10/bin/clang+0x4105b1)
#24 0x00007f301d50f2d2 (/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x19512d2)
#25 0x00007f3017b1c2e7
llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>)
(/lib/x86_64-linux-gnu/libLLVM-10.so.1+0x96c2e7)
#26 0x00007f301d50e80f
clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>
>, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >*, bool*) const
(/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x195080f)
#27 0x00007f301d4e6baf
clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&,
clang::driver::Command const*&) const
(/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x1928baf)
#28 0x00007f301d4e6d5a
clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&,
llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) const
(/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x1928d5a)
#29 0x00007f301d4fa13c
clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&,
llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&)
(/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x193c13c)
#30 0x000000000041002f main (/usr/lib/llvm-10/bin/clang+0x41002f)
#31 0x00007f3016ca1cb2 __libc_start_main ./csu/../csu/libc-start.c:314:16
#32 0x000000000040d7ce _start (/usr/lib/llvm-10/bin/clang+0x40d7ce)
clang: error: clang frontend command failed due to signal (use -v to see
invocation)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210421/d656dfc8/attachment-0001.html>

More information about the llvm-bugs mailing list