[llvm-bugs] [Bug 75698] Segmentation fault happened when using -Os.

[LLVM Bugs via llvm-bugs]

Issue	75698
Summary	Segmentation fault happened when using -Os.
Labels	new issue
Assignees
Reporter	bfsyrgz

    For the following two c files, I performed the equivalent transformation of loop from **file1.c** to **file2.c**. I ran these two files respectively using different optimization levels including **-O0**, **-O1**, **-O2**, **-O3**, **-Os**, **-Ofast**. The exact output results(i.e. checksum values) are:
```
             -O0             -O1 -O2             -O3             -Os             -Ofast 
file1.c      544B63A3        544B63A3        2D7F89A7        2D7F89A7 5EF6A4E1        2D7F89A7    
file2.c      544B63A3        544B63A3 2D7F89A7        2D7F89A7        Segmentation    2D7F89A7 
```
using command line:
```
clang <filename.c> <optimization level> -lm -I $CSMITH_HOME/include && ./a.out
```
Besides, I ran the command line ```gcc <filename.c> <optimization level> -fsanitize=undefined -I /usr/include/csmith/ && ./a.out```, and the terminal showed that my programs have no undefined behavior.

Please help me to explain why **file2.c** produced **Segmentation fault** when using the optimization level **-Os**, thank you.

version: clang+llvm 14.0.0
os: ubuntu 22.04

**file1.c**
```
#include "csmith.h"

static uint32_t g_a65[2];

struct S1 {
  int32_t f0;
  int16_t f1;
 const volatile int32_t f2;
};

static uint16_t g_2[2][2] = {{1UL, 1UL}, {1UL, 1UL}};
static volatile int32_t g_3 = 0x6FF23B1AL;
static int32_t g_4 = 1L;
static uint8_t g_11[3][1] = {{1UL}, {1UL}, {1UL}};
static int32_t g_21 = 0L;
static int32_t *volatile g_20 = &g_21;
static uint32_t g_25 = 0UL;
static const struct S1 g_27 = {-3L, 0L, 2L};
static uint32_t *g_31 = &g_25;
static uint32_t **g_30 = &g_31;
static uint32_t ***const volatile g_29 = &g_30;
static int32_t *g_35 = (void *)0;
static int32_t **volatile g_34 = &g_35;
static uint64_t g_45 = 0x9A97A8D1D9D65FE9LL;
static int32_t g_47 = (-1L);

static void func_1(void);
static int32_t *func_5(int32_t *p_6, const int32_t p_9);

static void func_1(void) {
  uint32_t l_43 = 0UL;
  uint8_t *l_10 = &g_11[1][0];
  int32_t l_38 = (-8L);
 uint64_t *l_44 = &g_45;
  int8_t l_57 = 7L;
  uint32_t *l_95 = &g_25;
  (*g_34) = func_5(&g_4, g_4);
  g_47 &= ((((*l_10) = (safe_lshift_func_uint64_t_u_u(((*l_44) ^= ((l_38 <= ((((safe_sub_func_int64_t_s_s((safe_lshift_func_int64_t_s_u(g_4, 37)), l_43)) || l_38), g_11[1][0]) ^ 0x18D7C584EDB553A8LL)) < 4294967295UL)), 63))) || 0UL), (*g_20));
  (*g_35) = 0x2FD17BA7L;
  int ii_5 = 0;
  // strength reduction
  for (l_38 = 1; (l_38 >= 0); l_38 -= 1) {
 g_a65[ii_5] = g_11[2][0] * l_38 + (**g_30);
    ii_5++;
    (*g_35) = (safe_add_func_uint32_t_u_u(((safe_mod_func_int64_t_s_s(((safe_lshift_func_int8_t_s_s(((((((safe_sub_func_uint16_t_u_u(((((*l_10) = g_2[l_38][l_38]), ((249UL && g_3) < 0xECLL)), g_47), g_27.f1)), g_47) >= 0xAB8BF514L), l_43), l_57) && g_2[l_38][l_38]), g_2[0][1])) || g_47), 0x3564F69674B172ABLL)) == g_25), 0x914D865EL));
    for (g_45 = 0; (g_45 <= 1); g_45 += 1) {
      g_2[l_38][g_45] = (((l_43 = g_27.f1), &g_31) == &l_95);
    }
  }
}

static int32_t *func_5(int32_t *p_6, const int32_t p_9) {
  uint32_t *l_24 = &g_25;
  if ((safe_lshift_func_uint8_t_u_s((0x9BA5F27AL != ((*l_24) |= (p_9 && g_4))), g_4))) {
    int32_t *l_32[1] = {&g_21};
    (*g_29) = &l_24;
 return l_32[0];
  }
  return &g_21;
}

int main(void) {
 int i, j;
  int print_hash_value = 0;
  platform_main_begin();
 crc32_gentab();
  func_1();
  for (i = 0; i < 2; i++) {
    for (j = 0; j < 2; j++) {
      transparent_crc(g_2[i][j], "g_2[i][j]", print_hash_value);
    }
  }
  transparent_crc(g_3, "g_3", print_hash_value);
  transparent_crc(g_4, "g_4", print_hash_value);
 for (i = 0; i < 3; i++) {
    for (j = 0; j < 1; j++) {
 transparent_crc(g_11[i][j], "g_11[i][j]", print_hash_value);
    }
 }
  transparent_crc(g_21, "g_21", print_hash_value);
 transparent_crc(g_25, "g_25", print_hash_value);
 transparent_crc(g_27.f0, "g_27.f0", print_hash_value);
 transparent_crc(g_27.f1, "g_27.f1", print_hash_value);
 transparent_crc(g_27.f2, "g_27.f2", print_hash_value);
 transparent_crc(g_45, "g_45", print_hash_value);
  transparent_crc(g_47, "g_47", print_hash_value);
  for (i = 0; i < 2; i++) {
 transparent_crc(g_a65[i], "g_a65[i]", print_hash_value);
  }
 platform_main_end(crc32_context ^ 0xFFFFFFFFUL, print_hash_value);
 return 0;
}
```
**file2.c**
```
#include "csmith.h"

static uint32_t g_a65[2];

struct S1 {
  int32_t f0;
  int16_t f1;
  const volatile int32_t f2;
};

static uint16_t g_2[2][2] = {{1UL, 1UL}, {1UL, 1UL}};
static volatile int32_t g_3 = 0x6FF23B1AL;
static int32_t g_4 = 1L;
static uint8_t g_11[3][1] = {{1UL}, {1UL}, {1UL}};
static int32_t g_21 = 0L;
static int32_t *volatile g_20 = &g_21;
static uint32_t g_25 = 0UL;
static const struct S1 g_27 = {-3L, 0L, 2L};
static uint32_t *g_31 = &g_25;
static uint32_t **g_30 = &g_31;
static uint32_t ***const volatile g_29 = &g_30;
static int32_t *g_35 = (void *)0;
static int32_t **volatile g_34 = &g_35;
static uint64_t g_45 = 0x9A97A8D1D9D65FE9LL;
static int32_t g_47 = (-1L);

static void func_1(void);
static int32_t *func_5(int32_t *p_6, const int32_t p_9);

static void func_1(void) {
  uint32_t l_43 = 0UL;
  uint8_t *l_10 = &g_11[1][0];
  int32_t l_38 = (-8L);
 uint64_t *l_44 = &g_45;
  int8_t l_57 = 7L;
  uint32_t *l_95 = &g_25;
  (*g_34) = func_5(&g_4, g_4);
  g_47 &= ((((*l_10) = (safe_lshift_func_uint64_t_u_u(((*l_44) ^= ((l_38 <= ((((safe_sub_func_int64_t_s_s((safe_lshift_func_int64_t_s_u(g_4, 37)), l_43)) || l_38), g_11[1][0]) ^ 0x18D7C584EDB553A8LL)) < 4294967295UL)), 63))) || 0UL), (*g_20));
  (*g_35) = 0x2FD17BA7L;
  l_38 = 1;
  uint32_t s_5 = g_11[2][0] * l_38 + (**g_30);
  int ii_5 = 0;
  // strength reduction
  for (; (l_38 >= 0); l_38 -= 1) {
    g_a65[ii_5] = s_5;
 s_5 = s_5 - g_11[2][0] * 1;
    ii_5++;
    (*g_35) = (safe_add_func_uint32_t_u_u(((safe_mod_func_int64_t_s_s(((safe_lshift_func_int8_t_s_s(((((((safe_sub_func_uint16_t_u_u(((((*l_10) = g_2[l_38][l_38]), ((249UL && g_3) < 0xECLL)), g_47), g_27.f1)), g_47) >= 0xAB8BF514L), l_43), l_57) && g_2[l_38][l_38]), g_2[0][1])) || g_47), 0x3564F69674B172ABLL)) == g_25), 0x914D865EL));
    for (g_45 = 0; (g_45 <= 1); g_45 += 1) {
      g_2[l_38][g_45] = (((l_43 = g_27.f1), &g_31) == &l_95);
    }
  }
}

static int32_t *func_5(int32_t *p_6, const int32_t p_9) {
  uint32_t *l_24 = &g_25;
  if ((safe_lshift_func_uint8_t_u_s((0x9BA5F27AL != ((*l_24) |= (p_9 && g_4))), g_4))) {
    int32_t *l_32[1] = {&g_21};
    (*g_29) = &l_24;
 return l_32[0];
  }
  return &g_21;
}

int main(void) {
 int i, j;
  int print_hash_value = 0;
  platform_main_begin();
 crc32_gentab();
  func_1();
  for (i = 0; i < 2; i++) {
    for (j = 0; j < 2; j++) {
      transparent_crc(g_2[i][j], "g_2[i][j]", print_hash_value);
    }
  }
  transparent_crc(g_3, "g_3", print_hash_value);
  transparent_crc(g_4, "g_4", print_hash_value);
 for (i = 0; i < 3; i++) {
    for (j = 0; j < 1; j++) {
 transparent_crc(g_11[i][j], "g_11[i][j]", print_hash_value);
    }
 }
  transparent_crc(g_21, "g_21", print_hash_value);
 transparent_crc(g_25, "g_25", print_hash_value);
 transparent_crc(g_27.f0, "g_27.f0", print_hash_value);
 transparent_crc(g_27.f1, "g_27.f1", print_hash_value);
 transparent_crc(g_27.f2, "g_27.f2", print_hash_value);
 transparent_crc(g_45, "g_45", print_hash_value);
  transparent_crc(g_47, "g_47", print_hash_value);
  for (i = 0; i < 2; i++) {
 transparent_crc(g_a65[i], "g_a65[i]", print_hash_value);
  }
 platform_main_end(crc32_context ^ 0xFFFFFFFFUL, print_hash_value);
 return 0;
}
```

_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs