Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ICE on valid code with -O1: computeKnownBits(const llvm::Value*, const llvm::APInt&, llvm::KnownBits&, unsigned int, const {anonymous}::Query&): Assertion `(Ty->isIntOrIntVectorTy(BitWidth) || Ty->isPtrOrPtrVectorTy()) && "Not integer or pointer type!"' #50229

Closed
chengniansun opened this issue Jun 26, 2021 · 5 comments
Labels

Comments

@chengniansun
Copy link

@chengniansun chengniansun commented Jun 26, 2021

Bugzilla Link 50885
Resolution FIXED
Resolved on Oct 11, 2021 20:29
Version trunk
OS Linux
Blocks #51489
CC @DougGregor,@RKSimon,@zygoloid,@rotateright
Fixed by commit(s) 7f55557 d6974c0

Extended Description

$ clang-trunk -v
clang version 13.0.0 (https://github.com/llvm/llvm-project.git 2e9c75d)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/cnsun/usr/bin
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Candidate multilib: x32;@MX32
Selected multilib: .;@m64

$ cat mutant.c
extern snprintf(char *, double, const *);
fill(buf, len) { snprintf(buf, len, "%s: %d"); }

$ clang-trunk -O1 mutant.c
mutant.c:1:40: warning: type specifier missing, defaults to 'int' [-Wimplicit-int]
extern snprintf(char *, double, const *);
~~~~~ ^
mutant.c:1:8: warning: type specifier missing, defaults to 'int' [-Wimplicit-int]
extern snprintf(char *, double, const *);

mutant.c:1:8: warning: incompatible redeclaration of library function 'snprintf' [-Wincompatible-library-redeclaration]
mutant.c:1:8: note: 'snprintf' is a builtin with type 'int (char *, unsigned long, const char *, ...)'
mutant.c:2:1: warning: type specifier missing, defaults to 'int' [-Wimplicit-int]
fill(buf, len) { snprintf(buf, len, "%s: %d"); }
^
mutant.c:2:27: warning: incompatible integer to pointer conversion passing 'int' to parameter of type 'char *' [-Wint-conversion]
fill(buf, len) { snprintf(buf, len, "%s: %d"); }
                          ^~~
mutant.c:1:23: note: passing argument to parameter here
extern snprintf(char *, double, const *);
                      ^
mutant.c:2:37: warning: incompatible pointer types passing 'char [7]' to parameter of type 'const int *' [-Wincompatible-pointer-types]
fill(buf, len) { snprintf(buf, len, "%s: %d"); }
                                    ^~~~~~~~
mutant.c:1:40: note: passing argument to parameter here
extern snprintf(char *, double, const *);
                                       ^
mutant.c:2:48: warning: non-void function does not return a value [-Wreturn-type]
fill(buf, len) { snprintf(buf, len, "%s: %d"); }
                                               ^
clang-13: /tmp/tmp.xjN6dMkdrg-clang-builder/llvm-project/llvm/lib/Analysis/ValueTracking.cpp:1855: void computeKnownBits(const llvm::Value*, const llvm::APInt&, llvm::KnownBits&, unsigned int, const {anonymous}::Query&): Assertion `(Ty->isIntOrIntVectorTy(BitWidth) || Ty->isPtrOrPtrVectorTy()) && "Not integer or pointer type!"' failed.
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: /scratch/software/clang-trunk/bin/clang-13 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj --mrelax-relocations -disable-free -main-file-name mutant.c -mrelocation-model static -mframe-pointer=none -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/scratch/cnsun/workspace/perses-fuzzer/default_c_finding_folder/crash_20210626_112833_0777/delta/perses_result -resource-dir /scratch/software/clang-trunk/lib/clang/13.0.0 -c-isystem . -c-isystem /usr/local/include/cmsith -internal-isystem /scratch/software/clang-trunk/lib/clang/13.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O1 -fdebug-compilation-dir=/scratch/cnsun/workspace/perses-fuzzer/default_c_finding_folder/crash_20210626_112833_0777/delta/perses_result -ferror-limit 19 -fgnuc-version=4.2.1 -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/mutant-250347.o -x c mutant.c
1.	<eof> parser at end of file
2.	Optimizer
 #&#8203;0 0x000055dafc17c184 PrintStackTraceSignalHandler(void*) Signals.cpp:0:0
 #&#8203;1 0x000055dafc17993e SignalHandler(int) Signals.cpp:0:0
 #&#8203;2 0x00007f60060ac3c0 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x153c0)
 #&#8203;3 0x00007f6005b4b18b raise /build/glibc-ZN95T4/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
 #&#8203;4 0x00007f6005b2a859 abort /build/glibc-ZN95T4/glibc-2.31/stdlib/abort.c:81:7
 #&#8203;5 0x00007f6005b2a729 get_sysdep_segment_value /build/glibc-ZN95T4/glibc-2.31/intl/loadmsgcat.c:509:8
 #&#8203;6 0x00007f6005b2a729 _nl_load_domain /build/glibc-ZN95T4/glibc-2.31/intl/loadmsgcat.c:970:34
 #&#8203;7 0x00007f6005b3bf36 (/lib/x86_64-linux-gnu/libc.so.6+0x36f36)
 #&#8203;8 0x000055dafb1bee5a computeKnownBits(llvm::Value const*, llvm::APInt const&, llvm::KnownBits&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
 #&#8203;9 0x000055dafb1c2f49 isKnownNonZero(llvm::Value const*, llvm::APInt const&, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#&#8203;10 0x000055dafb1c474d isKnownNonZero(llvm::Value const*, unsigned int, (anonymous namespace)::Query const&) ValueTracking.cpp:0:0
#&#8203;11 0x000055dafb1c4817 llvm::isKnownNonZero(llvm::Value const*, llvm::DataLayout const&, unsigned int, llvm::AssumptionCache*, llvm::Instruction const*, llvm::DominatorTree const*, bool) (/scratch/software/clang-trunk/bin/clang-13+0x29a3817)
#&#8203;12 0x000055dafc32dfea llvm::LibCallSimplifier::optimizeSnPrintF(llvm::CallInst*, llvm::IRBuilderBase&) (/scratch/software/clang-trunk/bin/clang-13+0x3b0cfea)
#&#8203;13 0x000055dafc33afc0 llvm::LibCallSimplifier::optimizeCall(llvm::CallInst*, llvm::IRBuilderBase&) (/scratch/software/clang-trunk/bin/clang-13+0x3b19fc0)
#&#8203;14 0x000055dafbb2ab82 llvm::InstCombinerImpl::tryOptimizeCall(llvm::CallInst*) (/scratch/software/clang-trunk/bin/clang-13+0x3309b82)
#&#8203;15 0x000055dafbb2f89c llvm::InstCombinerImpl::visitCallBase(llvm::CallBase&) (/scratch/software/clang-trunk/bin/clang-13+0x330e89c)
#&#8203;16 0x000055dafbb3174c llvm::InstCombinerImpl::visitCallInst(llvm::CallInst&) (/scratch/software/clang-trunk/bin/clang-13+0x331074c)
#&#8203;17 0x000055dafbaeefa8 llvm::InstCombinerImpl::run() (/scratch/software/clang-trunk/bin/clang-13+0x32cdfa8)
#&#8203;18 0x000055dafbaf16e3 combineInstructionsOverFunction(llvm::Function&, llvm::InstCombineWorklist&, llvm::AAResults*, llvm::AssumptionCache&, llvm::TargetLibraryInfo&, llvm::TargetTransformInfo&, llvm::DominatorTree&, llvm::OptimizationRemarkEmitter&, llvm::BlockFrequencyInfo*, llvm::ProfileSummaryInfo*, unsigned int, llvm::LoopInfo*) InstructionCombining.cpp:0:0
#&#8203;19 0x000055dafbaf3741 llvm::InstCombinePass::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/scratch/software/clang-trunk/bin/clang-13+0x32d2741)
#&#8203;20 0x000055dafd354456 llvm::detail::PassModel<llvm::Function, llvm::InstCombinePass, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/scratch/software/clang-trunk/bin/clang-13+0x4b33456)
#&#8203;21 0x000055dafb8b84d6 llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/scratch/software/clang-trunk/bin/clang-13+0x30974d6)
#&#8203;22 0x000055daf9d4d836 llvm::detail::PassModel<llvm::Function, llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function> >, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/scratch/software/clang-trunk/bin/clang-13+0x152c836)
#&#8203;23 0x000055dafb8b6ff9 llvm::ModuleToFunctionPassAdaptor::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/scratch/software/clang-trunk/bin/clang-13+0x3095ff9)
#&#8203;24 0x000055daf9d4e0a6 llvm::detail::PassModel<llvm::Module, llvm::ModuleToFunctionPassAdaptor, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/scratch/software/clang-trunk/bin/clang-13+0x152d0a6)
#&#8203;25 0x000055dafb8b48df llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/scratch/software/clang-trunk/bin/clang-13+0x30938df)
#&#8203;26 0x000055dafc4ad6ad (anonymous namespace)::EmitAssemblyHelper::EmitAssemblyWithNewPassManager(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) BackendUtil.cpp:0:0
#&#8203;27 0x000055dafc4b092d clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) (/scratch/software/clang-trunk/bin/clang-13+0x3c8f92d)
#&#8203;28 0x000055dafd2d9e1f clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/scratch/software/clang-trunk/bin/clang-13+0x4ab8e1f)
#&#8203;29 0x000055dafe3914d9 clang::ParseAST(clang::Sema&, bool, bool) (/scratch/software/clang-trunk/bin/clang-13+0x5b704d9)
#&#8203;30 0x000055dafd2d8968 clang::CodeGenAction::ExecuteAction() (/scratch/software/clang-trunk/bin/clang-13+0x4ab7968)
#&#8203;31 0x000055dafcb88599 clang::FrontendAction::Execute() (/scratch/software/clang-trunk/bin/clang-13+0x4367599)
#&#8203;32 0x000055dafcb1b7e6 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/scratch/software/clang-trunk/bin/clang-13+0x42fa7e6)
#&#8203;33 0x000055dafcc66480 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/scratch/software/clang-trunk/bin/clang-13+0x4445480)
#&#8203;34 0x000055daf9a86696 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/scratch/software/clang-trunk/bin/clang-13+0x1265696)
#&#8203;35 0x000055daf9a829d8 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0
#&#8203;36 0x000055daf99b00e6 main (/scratch/software/clang-trunk/bin/clang-13+0x118f0e6)
#&#8203;37 0x00007f6005b2c0b3 __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:342:3
#&#8203;38 0x000055daf9a8254e _start (/scratch/software/clang-trunk/bin/clang-13+0x126154e)
clang-13: error: unable to execute command: Aborted (core dumped)
clang-13: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 13.0.0 (https://github.com/llvm/llvm-project.git 2e9c75daffddd65e37c3236708b5b133e6f5f2f5)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/cnsun/usr/bin
clang-13: note: diagnostic msg:
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-13: note: diagnostic msg: /tmp/mutant-5ed6a0.c
clang-13: note: diagnostic msg: /tmp/mutant-5ed6a0.sh
clang-13: note: diagnostic msg:

********************
@RKSimon
Copy link
Collaborator

@RKSimon RKSimon commented Jul 8, 2021

Reduced:

define i32 @​#50885 (i32 %buf, double %len, i32 * %str) {
%call = call i32 @​snprintf(i8* undef, double %len, i32* %str)
ret i32 %call
}
declare i32 @​snprintf(i8*, double, i32*)

It looks like we're not correctly checking the snprintf libcall signature, so the double arg is incorrectly assumed to be size_t.

@RKSimon
Copy link
Collaborator

@RKSimon RKSimon commented Jul 8, 2021

opt fuzz.ll -S -instcombine -o -

Assertion failed: (Ty->isIntOrIntVectorTy(BitWidth) || Ty->isPtrOrPtrVectorTy()) && "Not integer or pointer type!", file E:\llvm\llvm-project\llvm\lib\Analysis\ValueTracking.cpp, line 1857

@rotateright
Copy link
Contributor

@rotateright rotateright commented Jul 31, 2021

https://reviews.llvm.org/rG7f5555776513

Leaving open to block release 13.0 branch.

@tstellar
Copy link
Collaborator

@tstellar tstellar commented Aug 3, 2021

Merged: d6974c0

@tstellar
Copy link
Collaborator

@tstellar tstellar commented Nov 27, 2021

mentioned in issue #51489

@llvmbot llvmbot transferred this issue from llvm/llvm-bugzilla-archive Dec 11, 2021
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants