Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SimplyCFG] After 7c4180a36a9, Assertion failed: (idx < size()), function operator[] (in SwitchToLookupTable) #88607

Closed
DimitryAndric opened this issue Apr 13, 2024 · 1 comment · Fixed by #88616
Closed

[SimplyCFG] After 7c4180a36a9, Assertion failed: (idx < size()), function operator[] (in SwitchToLookupTable) #88607

DimitryAndric opened this issue Apr 13, 2024 · 1 comment · Fixed by #88616
Labels
llvm:transforms

Comments

@DimitryAndric
Copy link
Collaborator

As reported in https://bugs.freebsd.org/278320, clang 18 asserts on the science/dynare port, with:

+ clang -cc1 -triple x86_64-unknown-freebsd15.0 -S -disable-free -clear-ast-before-backend -mrelocation-model static '-mframe-pointer=all' -relaxed-aliasing '-ffp-contract=on' -fno-rounding-math -mconstructor-aliases '-funwind-tables=2' -target-cpu x86-64 -tune-cpu generic -O2 -Wall -Wextra -Wold-style-cast -Werror -Wno-misleading-indentation -Wno-parentheses -Wno-unqualified-std-cast-call -Wno-unused-parameter -Wno-vla-cxx-extension -fdeprecated-macro -stack-protector 2 '-fgnuc-version=4.2.1' -fcxx-exceptions -fexceptions -vectorize-loops -vectorize-slp -faddrsig DynamicModel-49621a.ii
Assertion failed: (idx < size()), function operator[], file /usr/src/contrib/llvm-project/llvm/include/llvm/ADT/SmallVector.h, line 304.
PLEASE submit a bug report to https://bugs.freebsd.org/submit/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: clang -cc1 -triple x86_64-unknown-freebsd15.0 -S -disable-free -clear-ast-before-backend -mrelocation-model static -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -O2 -Wall -Wextra -Wold-style-cast -Werror -Wno-misleading-indentation -Wno-parentheses -Wno-unqualified-std-cast-call -Wno-unused-parameter -Wno-vla-cxx-extension -fdeprecated-macro -stack-protector 2 -fgnuc-version=4.2.1 -fcxx-exceptions -fexceptions -vectorize-loops -vectorize-slp -faddrsig DynamicModel-49621a.ii
1.      <eof> parser at end of file
2.      Optimizer
 #0 0x0000000005aa5a41 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) /usr/src/contrib/llvm-project/llvm/lib/Support/Unix/Signals.inc:723:13
 #1 0x0000000005aa3a35 llvm::sys::RunSignalHandlers() /usr/src/contrib/llvm-project/llvm/lib/Support/Signals.cpp:106:18
 #2 0x0000000005aa6042 SignalHandler(int) /usr/src/contrib/llvm-project/llvm/lib/Support/Unix/Signals.inc:0:3
 #3 0x000000082ad71440 handle_signal /usr/src/lib/libthr/thread/thr_sig.c:0:3
 #4 0x000000082ad709fb thr_sighandler /usr/src/lib/libthr/thread/thr_sig.c:244:1
 #5 0x00000008278682d3 ([vdso]+0x2d3)
 #6 0x000000082e33d19a thr_kill /usr/obj/usr/src/amd64.amd64/lib/libsys/thr_kill.S:4:0
 #7 0x000000082d390714 _raise /usr/src/lib/libc/gen/raise.c:0:10
 #8 0x000000082d443cc9 abort /usr/src/lib/libc/stdlib/abort.c:67:17
 #9 0x000000082d374091 (/lib/libc.so.7+0x9c091)
#10 0x00000000072b944a SwitchToLookupTable(llvm::SwitchInst*, llvm::IRBuilder<llvm::ConstantFolder, llvm::IRBuilderDefaultInserter>&, llvm::DomTreeUpdater*, llvm::DataLayout const&, llvm::TargetTransformInfo const&) /usr/src/contrib/llvm-project/llvm/lib/Transforms/Utils/SimplifyCFG.cpp:0:0
#11 0x00000000072a02f5 (anonymous namespace)::SimplifyCFGOpt::simplifySwitch(llvm::SwitchInst*, llvm::IRBuilder<llvm::ConstantFolder, llvm::IRBuilderDefaultInserter>&) /usr/src/contrib/llvm-project/llvm/lib/Transforms/Utils/SimplifyCFG.cpp:7042:7
#12 0x00000000072979e9 (anonymous namespace)::SimplifyCFGOpt::simplifyOnce(llvm::BasicBlock*) /usr/src/contrib/llvm-project/llvm/lib/Transforms/Utils/SimplifyCFG.cpp:0:16
#13 0x0000000007295bef (anonymous namespace)::SimplifyCFGOpt::run(llvm::BasicBlock*) /usr/src/contrib/llvm-project/llvm/lib/Transforms/Utils/SimplifyCFG.cpp:7608:13
#14 0x0000000007295bef llvm::simplifyCFG(llvm::BasicBlock*, llvm::TargetTransformInfo const&, llvm::DomTreeUpdater*, llvm::SimplifyCFGOptions const&, llvm::ArrayRef<llvm::WeakVH>) /usr/src/contrib/llvm-project/llvm/lib/Transforms/Utils/SimplifyCFG.cpp:7619:8
#15 0x00000000071475ca iterativelySimplifyCFG(llvm::Function&, llvm::TargetTransformInfo const&, llvm::DomTreeUpdater*, llvm::SimplifyCFGOptions const&) /usr/src/contrib/llvm-project/llvm/lib/Transforms/Scalar/SimplifyCFGPass.cpp:255:11
#16 0x0000000007146e4f simplifyFunctionCFGImpl(llvm::Function&, llvm::TargetTransformInfo const&, llvm::DominatorTree*, llvm::SimplifyCFGOptions const&) /usr/src/contrib/llvm-project/llvm/lib/Transforms/Scalar/SimplifyCFGPass.cpp:273:18
#17 0x0000000007146e4f simplifyFunctionCFG(llvm::Function&, llvm::TargetTransformInfo const&, llvm::DominatorTree*, llvm::SimplifyCFGOptions const&) /usr/src/contrib/llvm-project/llvm/lib/Transforms/Scalar/SimplifyCFGPass.cpp:301:18
#18 0x0000000007145fce llvm::SimplifyCFGPass::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) /usr/src/contrib/llvm-project/llvm/lib/Transforms/Scalar/SimplifyCFGPass.cpp:363:7
#19 0x000000000590dc12 llvm::detail::PassModel<llvm::Function, llvm::SimplifyCFGPass, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) /usr/src/contrib/llvm-project/llvm/include/llvm/IR/PassManagerInternal.h:89:5
#20 0x00000000056befe1 llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) /usr/src/contrib/llvm-project/llvm/include/llvm/IR/PassManager.h:547:10
#21 0x000000000314f312 llvm::detail::PassModel<llvm::Function, llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function>>, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) /usr/src/contrib/llvm-project/llvm/include/llvm/IR/PassManagerInternal.h:89:5
#22 0x00000000056c1832 llvm::ModuleToFunctionPassAdaptor::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) /usr/src/contrib/llvm-project/llvm/lib/IR/PassManager.cpp:128:23
#23 0x0000000003149992 llvm::detail::PassModel<llvm::Module, llvm::ModuleToFunctionPassAdaptor, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) /usr/src/contrib/llvm-project/llvm/include/llvm/IR/PassManagerInternal.h:89:5
#24 0x00000000056be421 llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) /usr/src/contrib/llvm-project/llvm/include/llvm/IR/PassManager.h:547:10
#25 0x00000000031462ab llvm::SmallPtrSetImplBase::isSmall() const /usr/src/contrib/llvm-project/llvm/include/llvm/ADT/SmallPtrSet.h:195:33
#26 0x00000000031462ab llvm::SmallPtrSetImplBase::~SmallPtrSetImplBase() /usr/src/contrib/llvm-project/llvm/include/llvm/ADT/SmallPtrSet.h:83:10
#27 0x00000000031462ab llvm::PreservedAnalyses::~PreservedAnalyses() /usr/src/contrib/llvm-project/llvm/include/llvm/IR/PassManager.h:172:7
#28 0x00000000031462ab (anonymous namespace)::EmitAssemblyHelper::RunOptimizationPipeline(clang::BackendAction, std::__1::unique_ptr<llvm::raw_pwrite_stream, std::__1::default_delete<llvm::raw_pwrite_stream>>&, std::__1::unique_ptr<llvm::ToolOutputFile, std::__1::default_delete<llvm::ToolOutputFile>>&, clang::BackendConsumer*) /usr/src/contrib/llvm-project/clang/lib/CodeGen/BackendUtil.cpp:1101:5
#29 0x000000000313ee28 (anonymous namespace)::EmitAssemblyHelper::EmitAssembly(clang::BackendAction, std::__1::unique_ptr<llvm::raw_pwrite_stream, std::__1::default_delete<llvm::raw_pwrite_stream>>, clang::BackendConsumer*) /usr/src/contrib/llvm-project/clang/lib/CodeGen/BackendUtil.cpp:0:3
#30 0x000000000313ee28 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, llvm::IntrusiveRefCntPtr<llvm::vfs::FileSystem>, std::__1::unique_ptr<llvm::raw_pwrite_stream, std::__1::default_delete<llvm::raw_pwrite_stream>>, clang::BackendConsumer*) /usr/src/contrib/llvm-project/clang/lib/CodeGen/BackendUtil.cpp:1328:13
#31 0x0000000003154574 std::__1::unique_ptr<llvm::raw_pwrite_stream, std::__1::default_delete<llvm::raw_pwrite_stream>>::reset[abi:sn180100](llvm::raw_pwrite_stream*) /usr/obj/usr/src/amd64.amd64/tmp/usr/include/c++/v1/__memory/unique_ptr.h:263:29
#32 0x0000000003154574 std::__1::unique_ptr<llvm::raw_pwrite_stream, std::__1::default_delete<llvm::raw_pwrite_stream>>::~unique_ptr[abi:sn180100]() /usr/obj/usr/src/amd64.amd64/tmp/usr/include/c++/v1/__memory/unique_ptr.h:236:71
#33 0x0000000003154574 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) /usr/src/contrib/llvm-project/clang/lib/CodeGen/CodeGenAction.cpp:379:3
#34 0x0000000003aea286 std::__1::vector<std::__1::unique_ptr<clang::TemplateInstantiationCallback, std::__1::default_delete<clang::TemplateInstantiationCallback>>, std::__1::allocator<std::__1::unique_ptr<clang::TemplateInstantiationCallback, std::__1::default_delete<clang::TemplateInstantiationCallback>>>>::begin[abi:sn180100]() /usr/obj/usr/src/amd64.amd64/tmp/usr/include/c++/v1/vector:1369:28
#35 0x0000000003aea286 void clang::finalize<std::__1::vector<std::__1::unique_ptr<clang::TemplateInstantiationCallback, std::__1::default_delete<clang::TemplateInstantiationCallback>>, std::__1::allocator<std::__1::unique_ptr<clang::TemplateInstantiationCallback, std::__1::default_delete<clang::TemplateInstantiationCallback>>>>>(std::__1::vector<std::__1::unique_ptr<clang::TemplateInstantiationCallback, std::__1::default_delete<clang::TemplateInstantiationCallback>>, std::__1::allocator<std::__1::unique_ptr<clang::TemplateInstantiationCallback, std::__1::default_delete<clang::TemplateInstantiationCallback>>>>&, clang::Sema const&) /usr/src/contrib/llvm-project/clang/include/clang/Sema/TemplateInstCallback.h:54:16
#36 0x0000000003aea286 clang::ParseAST(clang::Sema&, bool, bool) /usr/src/contrib/llvm-project/clang/lib/Parse/ParseAST.cpp:183:3
#37 0x000000000341cc7f clang::FrontendAction::Execute() /usr/src/contrib/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1073:10
#38 0x000000000334d28d llvm::Error::getPtr() const /usr/src/contrib/llvm-project/llvm/include/llvm/Support/Error.h:276:42
#39 0x000000000334d28d llvm::Error::operator bool() /usr/src/contrib/llvm-project/llvm/include/llvm/Support/Error.h:239:16
#40 0x000000000334d28d clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /usr/src/contrib/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:1057:23
#41 0x00000000034e7c1c clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /usr/src/contrib/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:272:25
#42 0x0000000002729621 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /usr/src/contrib/llvm-project/clang/tools/driver/cc1_main.cpp:294:15
#43 0x00000000027389ab ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) /usr/src/contrib/llvm-project/clang/tools/driver/driver.cpp:365:12
#44 0x0000000002737a97 clang_main(int, char**, llvm::ToolContext const&) /usr/src/contrib/llvm-project/clang/tools/driver/driver.cpp:405:12
#45 0x00000000027351ad main /usr/src/usr.bin/clang/clang/clang-driver.cpp:17:10
#46 0x000000082d3655ea __libc_start1 /usr/src/lib/libc/csu/libc_start1.c:157:2
Abort trap

This regressed with 7c4180a ("Reland [SimplifyCFG] Delete the unnecessary range check for small mask operation (#70542)") by @vfdff, cc @zmodem @nikic @nathanchance .

Minimized test case:

// clang -cc1 -triple x86_64-- -S -O1 DynamicModel-min.cpp
struct __map_const_iterator {
  int operator*();
  void operator++();
  int operator!=(__map_const_iterator);
} typedef const_iterator;
struct {
  const_iterator begin();
  const_iterator end();
} __trans_tmp_1;
enum ExprNodeOutputType {
  matlabStaticModel,
  matlabDynamicModel,
  CDynamicModel,
  juliaStaticModel,
  juliaDynamicModel,
  matlabOutsideModel,
  matlabDynamicSteadyStateOperator,
  occbinDifferenceFile
};
bool RIGHT_ARRAY_SUBSCRIPT___trans_tmp_1;
void RIGHT_ARRAY_SUBSCRIPT(ExprNodeOutputType output_type) {
  RIGHT_ARRAY_SUBSCRIPT___trans_tmp_1 =
      output_type == matlabDynamicModel || output_type == matlabOutsideModel ||
      output_type == matlabDynamicSteadyStateOperator ||
      output_type == occbinDifferenceFile;
}
struct DynamicModel {
  void writeDynamicModel(bool, bool) const;
};
void DynamicModel::writeDynamicModel(bool use_dll, bool julia) const {
  ExprNodeOutputType output_type(use_dll ? CDynamicModel
                                 : julia ? juliaDynamicModel
                                         : matlabDynamicModel);
  for (auto d : __trans_tmp_1)
    RIGHT_ARRAY_SUBSCRIPT(output_type);
}
@vfdff
Copy link
Contributor

vfdff commented Apr 13, 2024

Thanks @DimitryAndric for your report, I can reproduce the issue with reduced IR

opt -passes=simplifycfg --switch-to-lookup -S reduced.ll

target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128"
target triple = "aarch64-unknown-linux-gnu"

define void @_ZNK12DynamicModel17writeDynamicModelEbb() {
entry:
  %cond = select i1 false, i32 4, i32 1
  %spec.select = select i1 false, i32 2, i32 %cond
  switch i32 %spec.select, label %lor.rhs.i [
    i32 0, label %_Z21RIGHT_ARRAY_SUBSCRIPT18ExprNodeOutputType.exit
    i32 5, label %_Z21RIGHT_ARRAY_SUBSCRIPT18ExprNodeOutputType.exit
    i32 1, label %_Z21RIGHT_ARRAY_SUBSCRIPT18ExprNodeOutputType.exit
    i32 7, label %_Z21RIGHT_ARRAY_SUBSCRIPT18ExprNodeOutputType.exit
  ]

lor.rhs.i:                                        ; preds = %entry
  br label %_Z21RIGHT_ARRAY_SUBSCRIPT18ExprNodeOutputType.exit

_Z21RIGHT_ARRAY_SUBSCRIPT18ExprNodeOutputType.exit: ; preds = %lor.rhs.i, %entry, %entry, %entry, %entry
  %0 = phi i1 [ false, %entry ], [ false, %lor.rhs.i ], [ false, %entry ], [ false, %entry ], [ false, %entry ]
  ret void
}

vfdff added a commit to vfdff/llvm-project that referenced this issue Apr 13, 2024
@vfdff
[SimplifyCFG] Fix crash when there is unreachable large index
ce88ccf 
The large case index out of scope is dead code, but it is still
be created in TableContents in SwitchLookupTable::SwitchLookupTable
so make sure the table size after growing should not get smaller.

Fix llvm#88607
@vfdff vfdff mentioned this issue Apr 13, 2024
Merged
vfdff added a commit to vfdff/llvm-project that referenced this issue Apr 14, 2024
@vfdff
[SimplifyCFG] Fix crash when there is unreachable large index
8cf963a 
The large case index out of scope is dead code, but it is still
be created in TableContents in SwitchLookupTable::SwitchLookupTable
so make sure the table size after growing should not get smaller.

Fix llvm#88607
vfdff added a commit that referenced this issue Apr 15, 2024
@vfdff
[SimplifyCFG] Fix crash when there is unreachable large index (#88616)
37b7207 
The large case index out of scope is dead code, but it is still be
created for TableContents in SwitchLookupTable::SwitchLookupTable,
so make sure the table size after growing should not get smaller.

Fix #88607
bazuzi pushed a commit to bazuzi/llvm-project that referenced this issue Apr 15, 2024
@vfdff @bazuzi
[SimplifyCFG] Fix crash when there is unreachable large index (llvm#8…
bb09408 
…8616)

The large case index out of scope is dead code, but it is still be
created for TableContents in SwitchLookupTable::SwitchLookupTable,
so make sure the table size after growing should not get smaller.

Fix llvm#88607
freebsd-git pushed a commit to freebsd/freebsd-src that referenced this issue Apr 15, 2024
@DimitryAndric
Merge commit 37b7207651b4 from llvm-project (by zhongyunde@huawei.com):
514c98b 
  [SimplifyCFG] Fix crash when there is unreachable large index (#88616)

  The large case index out of scope is dead code, but it is still be
  created for TableContents in SwitchLookupTable::SwitchLookupTable,
  so make sure the table size after growing should not get smaller.

  Fix llvm/llvm-project#88607

This should fix "Assertion failed: (idx < size()), function operator[]"
when building the science/dynare port.

PR:		276104, 278320
Reported by:	yuri
MFC after:	1 month
aniplcc pushed a commit to aniplcc/llvm-project that referenced this issue Apr 15, 2024
@vfdff @aniplcc
[SimplifyCFG] Fix crash when there is unreachable large index (llvm#8…
13e4698 
…8616)

The large case index out of scope is dead code, but it is still be
created for TableContents in SwitchLookupTable::SwitchLookupTable,
so make sure the table size after growing should not get smaller.

Fix llvm#88607
freebsd-git pushed a commit to freebsd/freebsd-src that referenced this issue Apr 20, 2024
@DimitryAndric
Merge commit 37b7207651b4 from llvm-project (by zhongyunde@huawei.com):
40d5cf3 
  [SimplifyCFG] Fix crash when there is unreachable large index (#88616)

  The large case index out of scope is dead code, but it is still be
  created for TableContents in SwitchLookupTable::SwitchLookupTable,
  so make sure the table size after growing should not get smaller.

  Fix llvm/llvm-project#88607

This should fix "Assertion failed: (idx < size()), function operator[]"
when building the science/dynare port.

PR:		276104, 278320
Reported by:	yuri
MFC after:	1 month

(cherry picked from commit 514c98b)
freebsd-git pushed a commit to freebsd/freebsd-src that referenced this issue Apr 20, 2024
@DimitryAndric
Merge commit 37b7207651b4 from llvm-project (by zhongyunde@huawei.com):
5b763c0 
  [SimplifyCFG] Fix crash when there is unreachable large index (#88616)

  The large case index out of scope is dead code, but it is still be
  created for TableContents in SwitchLookupTable::SwitchLookupTable,
  so make sure the table size after growing should not get smaller.

  Fix llvm/llvm-project#88607

This should fix "Assertion failed: (idx < size()), function operator[]"
when building the science/dynare port.

PR:		276104, 278320
Reported by:	yuri
MFC after:	1 month

(cherry picked from commit 514c98b)
tmatheson-arm pushed a commit to tmatheson-arm/llvm-project that referenced this issue Apr 22, 2024
@vfdff @tmatheson-arm
[SimplifyCFG] Fix crash when there is unreachable large index (llvm#8…
aa09879 
…8616)

The large case index out of scope is dead code, but it is still be
created for TableContents in SwitchLookupTable::SwitchLookupTable,
so make sure the table size after growing should not get smaller.

Fix llvm#88607
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
llvm:transforms
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[SimplifyCFG] Fix crash when there is unreachable large index vfdff/llvm-project
3 participants
@vfdff @DimitryAndric @EugeneZelenko