[llvm-bugs] [Bug 52594] New: After 9c4baf5101e, Assertion failed: (!Op->getType()->isPointerTy() && "Can't extend pointer!"), function getZeroExtendExpr, file llvm/lib/Analysis/ScalarEvolution.cpp, line 1585.

via llvm-bugs llvm-bugs at lists.llvm.org
Tue Nov 23 13:24:23 PST 2021


https://bugs.llvm.org/show_bug.cgi?id=52594

            Bug ID: 52594
           Summary: After 9c4baf5101e, Assertion failed:
                    (!Op->getType()->isPointerTy() && "Can't extend
                    pointer!"), function getZeroExtendExpr, file
                    llvm/lib/Analysis/ScalarEvolution.cpp, line 1585.
           Product: new-bugs
           Version: trunk
          Hardware: PC
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: dimitry at andric.com
                CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org

As reported in https://bugs.freebsd.org/260000, after clang 13 was imported
into the base system, building libarchive with address sanitizer results in the
following assertion:

Assertion failed: (!Op->getType()->isPointerTy() && "Can't extend pointer!"),
function getZeroExtendExpr, file
/root/freebsd/contrib/llvm-project/llvm/lib/Analysis/ScalarEvolution.cpp, line
1582.
PLEASE submit a bug report to https://bugs.freebsd.org/submit/ and include the
crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /usr/bin/cc -cc1 -triple i386-unknown-freebsd14.0
-emit-obj --mrelax-relocations -disable-free -main-file-name
archive_read_support_format_tar.c -mrelocation-model pic -pic-level 2
-fhalf-no-semantic-interposition -mframe-pointer=all -fno-rounding-math
-mconstructor-aliases -munwind-tables -target-cpu i686 -target-feature +mmx
-target-feature +sse -target-feature +sse2 -debug-info-kind=standalone
-dwarf-version=4 -debugger-tuning=gdb --compress-debug-sections=zlib
-fcoverage-compilation-dir=/usr/obj/usr/home/markj/src/freebsd/amd64.amd64/obj-lib32/lib/libarchive
-sys-header-deps -D COMPAT_32BIT -D PIC -D HAVE_ICONV=1 -D HAVE_ICONV_H=1 -D
ICONV_CONST= -D HAVE_BZLIB_H=1 -D HAVE_LIBLZMA=1 -D HAVE_LZMA_H=1 -D
HAVE_ZSTD_H=1 -D HAVE_LIBZSTD=1 -D
PLATFORM_CONFIG_H=\"/usr/home/markj/src/freebsd/lib/libarchive/config_freebsd.h\"
-D WITH_OPENSSL -O2 -Wno-format-zero-length -Wsystem-headers -Werror -Wall
-Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes
-Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings
-Wswitch -Wshadow -Wunused-parameter -Wchar-subscripts -Wnested-externs
-Wredundant-decls -Wold-style-definition -Wno-pointer-sign
-Wmissing-variable-declarations -Wthread-safety -Wno-empty-body
-Wno-string-plus-int -Wno-unused-const-variable
-Wno-error=unused-but-set-variable -std=gnu99 -fconst-strings
-fdebug-compilation-dir=/usr/obj/usr/home/markj/src/freebsd/amd64.amd64/obj-lib32/lib/libarchive
-ferror-limit 19 -fsanitize=address -fsanitize-recover=address
-fsanitize-address-use-after-scope -fno-assume-sane-operator-new
-stack-protector 2 -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp
-faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -x c
archive_read_support_format_tar-29e157.c
1.      <eof> parser at end of file
2.      Code generation
3.      Running pass 'Function Pass Manager' on module
'archive_read_support_format_tar-29e157.c'.
4.      Running pass 'Loop Pass Manager' on function '@tar_read_header'
5.      Running pass 'Loop Strength Reduction' on basic block '%while.cond45.i'
#0 0x00000000050964e0 PrintStackTrace
/root/freebsd/contrib/llvm-project/llvm/lib/Support/Unix/Signals.inc:565:13
#1 0x00000000050947f5 RunSignalHandlers
/root/freebsd/contrib/llvm-project/llvm/lib/Support/Signals.cpp:98:18
#2 0x0000000005096c10 SignalHandler
/root/freebsd/contrib/llvm-project/llvm/lib/Support/Unix/Signals.inc:0:3
#3 0x000000080a8e85d0 handle_signal
/root/freebsd/lib/libthr/thread/thr_sig.c:0:3
Abort trap (core dumped)

This regressed after https://github.com/llvm/llvm-project/commit/9c4baf5101e
("[ScalarEvolution] Strictly enforce pointer/int type rules"), which added the
assertion.

The important thing is that it's caused by a combination of targeting (32-bit)
i386, and using address sanitizer. Minimized test case:

// clang -cc1 -triple i386-- -S -O2 -fsanitize=address
archive_read_support_format_tar-min.c
long long b;
char c;
void *d;
void e();
int f() {
  int a;
  char *g = d;
  a = b = 0;
  while (*g) {
    b++;
    if (b)
      return 0;
    g++;
  }
  switch (b) {
  case 1:
    break;
  default:
    return 0;
  }
  while (*g && g < &c + a)
    g++;
  e(g);
  return 0;
}

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20211123/81238e5f/attachment.html>


More information about the llvm-bugs mailing list