| Issue |
56038
|
| Summary |
clang crashes at -O1 and above on x86_64-linux-gnu: Assertion `isSafeToSpeculativelyExecute(I) && "Instruction is not safe to speculatively execute!"' failed
|
| Labels |
|
| Assignees |
|
| Reporter |
zhendongsu
|
It appears to be a regression from 14.0.0.
```
[523] % clangtk -v
clang version 15.0.0 (https://github.com/llvm/llvm-project.git e7c72d69ac0d504f52bed643b298b50904c6b387)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /local/suz-local/opfuzz/bin
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6.5.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7.5.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/8
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7.5.0
Candidate multilib: .;@m64
Selected multilib: .;@m64
Found CUDA installation: /usr/local/cuda, version 11.0
[524] %
[524] % clangtk -O1 small.c
clang-15: /local/suz-local/software/clangbuild/llvm-project/llvm/lib/Transforms/Utils/SimplifyCFG.cpp:381: llvm::InstructionCost computeSpeculationCost(const llvm::User*, const llvm::TargetTransformInfo&): Assertion `isSafeToSpeculativelyExecute(I) && "Instruction is not safe to speculatively execute!"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: /local/suz-local/software/local/clang-trunk/bin/clang-15 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj --mrelax-relocations -disable-free -clear-ast-before-backend -main-file-name small.c -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -mllvm -treat-scalable-fixed-error-as-warning -debugger-tuning=gdb -fcoverage-compilation-dir=/local/suz-local/software/emitesting/bugs/20220614-clangtk-m64-O3-mllvm-enable-constraint-elimination-mllvm-opaque-pointers-mllvm-enable-newgvn-build-134053/delta -resource-dir /local/suz-local/software/local/clang-trunk/lib/clang/15.0.0 -I /usr/local/include/csmith -I /local/suz-local/software/local/include -internal-isystem /local/suz-local/software/local/clang-trunk/lib/clang/15.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O1 -fdebug-compilation-dir=/local/suz-local/software/emitesting/bugs/20220614-clangtk-m64-O3-mllvm-enable-constraint-elimination-mllvm-opaque-pointers-mllvm-enable-newgvn-build-134053/delta -ferror-limit 19 -fgnuc-version=4.2.1 -fcolor-diagnostics -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/small-9ee862.o -x c small.c
1. <eof> parser at end of file
2. Optimizer
#0 0x00005629827ae4df PrintStackTraceSignalHandler(void*) Signals.cpp:0:0
#1 0x00005629827abf0c SignalHandler(int) Signals.cpp:0:0
#2 0x00007fd8140c1980 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x12980)
#3 0x00007fd812d72e87 raise /build/glibc-uZu3wS/glibc-2.27/signal/../sysdeps/unix/sysv/linux/raise.c:51:0
#4 0x00007fd812d747f1 abort /build/glibc-uZu3wS/glibc-2.27/stdlib/abort.c:81:0
#5 0x00007fd812d643fa __assert_fail_base /build/glibc-uZu3wS/glibc-2.27/assert/assert.c:89:0
#6 0x00007fd812d64472 (/lib/x86_64-linux-gnu/libc.so.6+0x30472)
#7 0x0000562982940460 dominatesMergePoint(llvm::Value*, llvm::BasicBlock*, llvm::SmallPtrSetImpl<llvm::Instruction*>&, llvm::InstructionCost&, llvm::InstructionCost, llvm::TargetTransformInfo const&, unsigned int) SimplifyCFG.cpp:0:0
#8 0x000056297fedc11c (anonymous namespace)::SimplifyCFGOpt::SpeculativelyExecuteBB(llvm::BranchInst*, llvm::BasicBlock*, llvm::TargetTransformInfo const&) (.isra.1492) SimplifyCFG.cpp:0:0
#9 0x000056298295fc76 (anonymous namespace)::SimplifyCFGOpt::simplifyCondBranch(llvm::BranchInst*, llvm::IRBuilder<llvm::ConstantFolder, llvm::IRBuilderDefaultInserter>&) SimplifyCFG.cpp:0:0
#10 0x0000562982963105 llvm::simplifyCFG(llvm::BasicBlock*, llvm::TargetTransformInfo const&, llvm::DomTreeUpdater*, llvm::SimplifyCFGOptions const&, llvm::ArrayRef<llvm::WeakVH>) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x3d2d105)
#11 0x0000562982678c4f iterativelySimplifyCFG(llvm::Function&, llvm::TargetTransformInfo const&, llvm::DomTreeUpdater*, llvm::SimplifyCFGOptions const&) SimplifyCFGPass.cpp:0:0
#12 0x0000562982679e3a simplifyFunctionCFGImpl(llvm::Function&, llvm::TargetTransformInfo const&, llvm::DominatorTree*, llvm::SimplifyCFGOptions const&) SimplifyCFGPass.cpp:0:0
#13 0x000056298267b982 llvm::SimplifyCFGPass::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x3a45982)
#14 0x000056298095d601 llvm::detail::PassModel<llvm::Function, llvm::SimplifyCFGPass, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x1d27601)
#15 0x0000562981f3dc8a llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x3307c8a)
#16 0x00005629802cdf21 llvm::detail::PassModel<llvm::Function, llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function>>, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x1697f21)
#17 0x00005629815f1dab llvm::CGSCCToFunctionPassAdaptor::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x29bbdab)
#18 0x00005629802cec51 llvm::detail::PassModel<llvm::LazyCallGraph::SCC, llvm::CGSCCToFunctionPassAdaptor, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x1698c51)
#19 0x00005629815ea7f3 llvm::PassManager<llvm::LazyCallGraph::SCC, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x29b47f3)
#20 0x000056298206bf91 llvm::detail::PassModel<llvm::LazyCallGraph::SCC, llvm::PassManager<llvm::LazyCallGraph::SCC, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x3435f91)
#21 0x00005629815edd20 llvm::DevirtSCCRepeatedPass::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x29b7d20)
#22 0x000056298206bf51 llvm::detail::PassModel<llvm::LazyCallGraph::SCC, llvm::DevirtSCCRepeatedPass, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x3435f51)
#23 0x00005629815ec2ff llvm::ModuleToPostOrderCGSCCPassAdaptor::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x29b62ff)
#24 0x000056298206c011 llvm::detail::PassModel<llvm::Module, llvm::ModuleToPostOrderCGSCCPassAdaptor, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x3436011)
#25 0x0000562981f3bfc4 llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x3305fc4)
#26 0x0000562982070a9e llvm::ModuleInlinerWrapperPass::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x343aa9e)
#27 0x00005629838ea151 llvm::detail::PassModel<llvm::Module, llvm::ModuleInlinerWrapperPass, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x4cb4151)
#28 0x0000562981f3bfc4 llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x3305fc4)
#29 0x0000562982b1c18f (anonymous namespace)::EmitAssemblyHelper::RunOptimizationPipeline(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>&, std::unique_ptr<llvm::ToolOutputFile, std::default_delete<llvm::ToolOutputFile>>&) (.constprop.782) BackendUtil.cpp:0:0
#30 0x0000562982b1f090 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x3ee9090)
#31 0x000056298387cc5b clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x4c46c5b)
#32 0x00005629844d74b9 clang::ParseAST(clang::Sema&, bool, bool) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x58a14b9)
#33 0x000056298387b920 clang::CodeGenAction::ExecuteAction() (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x4c45920)
#34 0x00005629831f12e9 clang::FrontendAction::Execute() (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x45bb2e9)
#35 0x000056298318ae6a clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x4554e6a)
#36 0x00005629832be803 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x4688803)
#37 0x000056297fff2751 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x13bc751)
#38 0x000056297ffeb8d9 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0
#39 0x000056297ffee7ff clang_main(int, char**) (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x13b87ff)
#40 0x00007fd812d55c87 __libc_start_main /build/glibc-uZu3wS/glibc-2.27/csu/../csu/libc-start.c:344:0
#41 0x000056297ffeb14a _start (/local/suz-local/software/local/clang-trunk/bin/clang-15+0x13b514a)
clang-15: error: unable to execute command: Aborted
clang-15: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 15.0.0 (https://github.com/llvm/llvm-project.git e7c72d69ac0d504f52bed643b298b50904c6b387)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /local/suz-local/opfuzz/bin
clang-15: note: diagnostic msg:
********************
PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-15: note: diagnostic msg: /tmp/small-9860c0.c
clang-15: note: diagnostic msg: /tmp/small-9860c0.sh
clang-15: note: diagnostic msg:
********************
[525] %
[525] % cat small.c
short a(short b, short c) { return b == c ? b : b % c; }
static int d, e[2];
int main() {
a(&e[1] != &d, -1);
return 0;
}
```
Compiler Explorer: https://godbolt.org/z/fqeM6TcGK
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
