[llvm-bugs] [Bug 51923] New: Clang segfaults with loop unroll(enable)

via llvm-bugs llvm-bugs at lists.llvm.org
Mon Sep 20 21:23:14 PDT 2021 

https://bugs.llvm.org/show_bug.cgi?id=51923

            Bug ID: 51923
           Summary: Clang segfaults with loop unroll(enable)
           Product: new-bugs
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: Vsevolod.Livinskij at frtk.ru
                CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org

Created attachment 25276
  --> https://bugs.llvm.org/attachment.cgi?id=25276&action=edit
Original reproducer

The bus is reproducible with -O2 and -O3, but it takes about one minute to
fail.
I suspect that "if" statement is not required, we need it to avoid UB at
runtime.

I didn't investigate the bug, but it looks like clang tries to unroll the loop
too many times and either gets stuck or ignores the internal limit.

I've also attached the original reproducer (it fails with -O3), because it
failed with a slightly different stack trace.

Reproducer:
extern short var_16;
extern short arr_99[];
void test() {
  if (!var_16)
#pragma clang loop unroll(enable)
    for (short a = 5652; a; a += 2)
      for (long b = 0; b < -6ULL; b += -18446744073709551612ULL)
        arr_99[b] = 0;
}

Error:
> clang++ -O2 -c func.cpp
Segmentation fault

Stack trace from GDB:
 #35 0x000055bc1b532567 StrengthenNoWrapFlags(llvm::ScalarEvolution*,
llvm::SCEVTypes, llvm::ArrayRef<llvm::SCEV const*>, llvm::SCEV::NoWrapFlags)
ScalarEvolution.cpp:0:0
 #36 0x000055bc1b5362f6
llvm::ScalarEvolution::getAddExpr(llvm::SmallVectorImpl<llvm::SCEV const*>&,
llvm::SCEV::NoWrapFlags, unsigned int)
(/testing/llvm/bin/bin/clang-14+0x145d2f6)
 #37 0x000055bc1b527008 llvm::ScalarEvolution::createSCEV(llvm::Value*)
(.part.0) ScalarEvolution.cpp:0:0
 #38 0x000055bc1b527a4e llvm::ScalarEvolution::getSCEV(llvm::Value*) (.part.0)
ScalarEvolution.cpp:0:0
 #39 0x000055bc1b546505 llvm::ScalarEvolution::applyLoopGuards(llvm::SCEV
const*, llvm::Loop const*) (/testing/llvm/bin/bin/clang-14+0x146d505)
 #40 0x000055bc1b54c959 llvm::ScalarEvolution::howFarToZero(llvm::SCEV const*,
llvm::Loop const*, bool, bool) (/testing/llvm/bin/bin/clang-14+0x1473959)
 #41 0x000055bc1b54e3bd
llvm::ScalarEvolution::computeExitLimitFromICmp(llvm::Loop const*,
llvm::ICmpInst*, bool, bool, bool) (/testing/llvm/bin/bin/clang-14+0x14753bd)
 #42 0x000055bc1b54e972
llvm::ScalarEvolution::computeExitLimitFromCondImpl(llvm::ScalarEvolution::ExitLimitCache&,
llvm::Loop const*, llvm::Value*, bool, bool, bool)
(/testing/llvm/bin/bin/clang-14+0x1475972)
 #43 0x000055bc1b54eb83
llvm::ScalarEvolution::computeExitLimitFromCondCached(llvm::ScalarEvolution::ExitLimitCache&,
llvm::Loop const*, llvm::Value*, bool, bool, bool)
(/testing/llvm/bin/bin/clang-14+0x1475b83)
 #44 0x000055bc1b54ecbd
llvm::ScalarEvolution::computeExitLimitFromCond(llvm::Loop const*,
llvm::Value*, bool, bool, bool) (/testing/llvm/bin/bin/clang-14+0x1475cbd)
 #45 0x000055bc1b51f9f0 llvm::ScalarEvolution::computeExitLimit(llvm::Loop
const*, llvm::BasicBlock*, bool) (/testing/llvm/bin/bin/clang-14+0x14469f0)
 #46 0x000055bc1b51fef7
llvm::ScalarEvolution::computeBackedgeTakenCount(llvm::Loop const*, bool)
(/testing/llvm/bin/bin/clang-14+0x1446ef7)
 #47 0x000055bc1b520aa2 llvm::ScalarEvolution::getBackedgeTakenInfo(llvm::Loop
const*) (/testing/llvm/bin/bin/clang-14+0x1447aa2)
 #48 0x000055bc1b521b40
llvm::ScalarEvolution::getConstantMaxBackedgeTakenCount(llvm::Loop const*)
(/testing/llvm/bin/bin/clang-14+0x1448b40)
 #49 0x000055bc1b530fec llvm::ScalarEvolution::getRangeRef(llvm::SCEV const*,
llvm::ScalarEvolution::RangeSignHint)
(/testing/llvm/bin/bin/clang-14+0x1457fec)

LLVM version:
clang version 14.0.0 (https://github.com/llvm/llvm-project.git
55f0b337087136554122f942fea951a357bc4a49)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /testing/llvm/bin/bin
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Candidate multilib: x32;@mx32
Selected multilib: .;@m64

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210921/71e37eb8/attachment.html>

More information about the llvm-bugs mailing list