[llvm-bugs] [Bug 48824] New: Assertion `(!isa<llvm::Constant>(EvaluatedGEP.TotalOffset) || EvaluatedGEP.OffsetOverflows == Builder.getFalse()) && "If the offset got constant-folded, we don't expect that there was an " "overflow."'

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Jan 20 12:46:14 PST 2021 

https://bugs.llvm.org/show_bug.cgi?id=48824

            Bug ID: 48824
           Summary: Assertion
                    `(!isa<llvm::Constant>(EvaluatedGEP.TotalOffset) ||
                    EvaluatedGEP.OffsetOverflows == Builder.getFalse()) &&
                    "If the offset got constant-folded, we don't expect
                    that there was an " "overflow."'
           Product: clang
           Version: trunk
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: Frontend
          Assignee: unassignedclangbugs at nondot.org
          Reporter: vince.a.bridgers at gmail.com
                CC: llvm-bugs at lists.llvm.org, neeilans at live.com,
                    richard-llvm at metafoo.co.uk

This was found in a downstream compiler for an out-of-tree target using
randomized testing, but is reproduced on tip of tree using an in-tree target.
Two simple minimized reproducers show this crash. 

It appears that the indices or address calculations expressed in these samples
are not properly checked for maximum representation limits for the target? That
seems to be why this is only reproducible for a 16-bit target like the msp430.


clang command line
---
clang -c -fsanitize=undefined --target=msp430-unknown test.c

Two test cases show this ... 

case 1
--- 
a;
_Complex b[][1];
c() { b[a][8920]; }

case 2
---
int **a[];
int main() { 
  (*a)[28001000]; 
}

Relevant backtrace (edited)
---
clang: <root>/clang/lib/CodeGen/CGExprScalar.cpp:4980: llvm::Value*
clang::CodeGen::CodeGenFunction::EmitCheckedInBoundsGEP(llvm::Value*,
llvm::ArrayRef<llvm::Value*>, bool, bool, clang::SourceLocation, const
llvm::Twine&): Assertion `(!isa<llvm::Constant>(EvaluatedGEP.TotalOffset) ||
EvaluatedGEP.OffsetOverflows == Builder.getFalse()) && "If the offset got
constant-folded, we don't expect that there was an " "overflow."' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff4ff6387 in raise () from /lib64/libc.so.6
(gdb) bt
<trimmed>
#4  0x0000000005b2abee in
clang::CodeGen::CodeGenFunction::EmitCheckedInBoundsGEP (this=0x7fffffff6a30,
Ptr=0x123f99a0, IdxList=..., SignedIndices=true, IsSubtraction=false, Loc=...,
Name=...)
    at <root>/clang/lib/CodeGen/CGExprScalar.cpp:4980
#5  0x0000000005ad7a65 in emitArraySubscriptGEP (CGF=..., ptr=0x123f99a0,
indices=..., inbounds=true, signedIndices=true, loc=..., name=...) at
<root>/clang/lib/CodeGen/CGExpr.cpp:3577
#6  0x0000000005ad7f45 in emitArraySubscriptGEP (CGF=..., addr=...,
indices=..., eltType=..., inbounds=true, signedIndices=true, loc=...,
arrayType=0x7fffffff5750, Base=0x123b2918, name=...)
    at <root>/clang/lib/CodeGen/CGExpr.cpp:3674
#7  0x0000000005ad92bd in
clang::CodeGen::CodeGenFunction::EmitArraySubscriptExpr (this=0x7fffffff6a30,
E=0x123b2930, Accessed=true) at <root>/clang/lib/CodeGen/CGExpr.cpp:3839
#8  0x0000000005aca6c9 in clang::CodeGen::CodeGenFunction::EmitCheckedLValue
(this=0x7fffffff6a30, E=0x123b2930,
TCK=clang::CodeGen::CodeGenFunction::TCK_Load)
    at <root>/clang/lib/CodeGen/CGExpr.cpp:1252
#9  0x0000000005b1311b in (anonymous
namespace)::ScalarExprEmitter::EmitCheckedLValue (this=0x7fffffff6550,
E=0x123b2930, TCK=clang::CodeGen::CodeGenFunction::TCK_Load)
    at <root>/clang/lib/CodeGen/CGExprScalar.cpp:245
#10 0x0000000005b133c6 in (anonymous
namespace)::ScalarExprEmitter::EmitLoadOfLValue (this=0x7fffffff6550,
E=0x123b2930) at <root>/clang/lib/CodeGen/CGExprScalar.cpp:294
#11 0x0000000005b199bd in (anonymous
namespace)::ScalarExprEmitter::VisitArraySubscriptExpr (this=0x7fffffff6550,
E=0x123b2930) at <root>/clang/lib/CodeGen/CGExprScalar.cpp:1705
#12 0x0000000005b2c02a in clang::StmtVisitorBase<std::add_pointer, (anonymous
namespace)::ScalarExprEmitter, llvm::Value*>::Visit (this=0x7fffffff6550,
S=0x123b2930) at tools/clang/include/clang/AST/StmtNodes.inc:635
#13 0x0000000005b136c2 in (anonymous namespace)::ScalarExprEmitter::Visit
(this=0x7fffffff6550, E=0x123b2930) at
<root>/clang/lib/CodeGen/CGExprScalar.cpp:409
#14 0x0000000005b1bd41 in (anonymous
namespace)::ScalarExprEmitter::VisitCastExpr (this=0x7fffffff6550,
CE=0x123b2950) at <root>/clang/lib/CodeGen/CGExprScalar.cpp:2191
#15 0x0000000005b2ddc3 in clang::StmtVisitorBase<std::add_pointer, (anonymous
namespace)::ScalarExprEmitter, llvm::Value*>::VisitImplicitCastExpr
(this=0x7fffffff6550, S=0x123b2950)
    at tools/clang/include/clang/AST/StmtNodes.inc:919
<trimmed>

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210120/3b3d0056/attachment.html>

More information about the llvm-bugs mailing list