| Issue |
115632
|
| Summary |
clang-20 crashed with address_space attribute and dataflow sanitizer at O1 and above. Assertion `(i >= FTy->getNumParams() || FTy->getParamType(i) == Args[i]->getType()) && "Calling a function with a bad signature!"' failed.
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
iamanonymouscs
|
clang-20 crashed with ```address_space``` attribute and ```dataflow``` sanitizer at ```O1``` and above.
Compiler explorer: https://godbolt.org/z/vEMhdYY63
```
$cat mutant.c
void a(long b) {
__attribute__((address_space(6))) char *c = 0;
for (long d = 0; d < b; ++d)
c[d] = 0;
}
$clang-20 -fsanitize=dataflow -O1 mutant.c
clang: /root/llvm-project/llvm/lib/IR/Instructions.cpp:693: void llvm::CallInst::init(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::ArrayRef<llvm::OperandBundleDefT<llvm::Value*> >, const llvm::Twine&): Assertion `(i >= FTy->getNumParams() || FTy->getParamType(i) == Args[i]->getType()) && "Calling a function with a bad signature!"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: /opt/compiler-explorer/clang-assertions-trunk/bin/clang -gdwarf-4 -g -o /app/output.s -mllvm --x86-asm-syntax=intel -fno-verbose-asm -S --gcc-toolchain=/opt/compiler-explorer/gcc-snapshot -fcolor-diagnostics -fno-crash-diagnostics -fsanitize=dataflow -O1 <source>
1. <eof> parser at end of file
2. Optimizer
3. Running pass "dfsan" on module "<source>"
#0 0x0000000003bfb9a8 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x3bfb9a8)
#1 0x0000000003bf96ac llvm::sys::CleanupOnSignal(unsigned long) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x3bf96ac)
#2 0x0000000003b46ca8 CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
#3 0x000074f1da042520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
#4 0x000074f1da0969fc pthread_kill (/lib/x86_64-linux-gnu/libc.so.6+0x969fc)
#5 0x000074f1da042476 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x42476)
#6 0x000074f1da0287f3 abort (/lib/x86_64-linux-gnu/libc.so.6+0x287f3)
#7 0x000074f1da02871b (/lib/x86_64-linux-gnu/libc.so.6+0x2871b)
#8 0x000074f1da039e96 (/lib/x86_64-linux-gnu/libc.so.6+0x39e96)
#9 0x000000000352724e llvm::CallInst::init(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::ArrayRef<llvm::OperandBundleDefT<llvm::Value*>>, llvm::Twine const&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x352724e)
#10 0x000000000559e2e8 llvm::IRBuilderBase::CreateCall(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::Twine const&, llvm::MDNode*) (.constprop.0) DataFlowSanitizer.cpp:0:0
#11 0x00000000055a6c3c (anonymous namespace)::DFSanVisitor::visitMemSetInst(llvm::MemSetInst&) (.isra.0) DataFlowSanitizer.cpp:0:0
#12 0x00000000055b097d llvm::InstVisitor<(anonymous namespace)::DFSanVisitor, void>::visit(llvm::Instruction&) DataFlowSanitizer.cpp:0:0
#13 0x00000000055b39be (anonymous namespace)::DataFlowSanitizer::runImpl(llvm::Module&, llvm::function_ref<llvm::TargetLibraryInfo& (llvm::Function&)>) (.constprop.0) DataFlowSanitizer.cpp:0:0
#14 0x00000000055b5564 llvm::DataFlowSanitizerPass::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x55b5564)
#15 0x0000000003e9761e llvm::detail::PassModel<llvm::Module, llvm::DataFlowSanitizerPass, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x3e9761e)
#16 0x00000000035af7a0 llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x35af7a0)
#17 0x0000000003ea86fb (anonymous namespace)::EmitAssemblyHelper::RunOptimizationPipeline(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>&, std::unique_ptr<llvm::ToolOutputFile, std::default_delete<llvm::ToolOutputFile>>&, clang::BackendConsumer*) BackendUtil.cpp:0:0
#18 0x0000000003eabf25 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, llvm::IntrusiveRefCntPtr<llvm::vfs::FileSystem>, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>, clang::BackendConsumer*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x3eabf25)
#19 0x000000000457791e clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x457791e)
#20 0x000000000672364c clang::ParseAST(clang::Sema&, bool, bool) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x672364c)
#21 0x0000000004577d08 clang::CodeGenAction::ExecuteAction() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x4577d08)
#22 0x0000000004832e69 clang::FrontendAction::Execute() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x4832e69)
#23 0x00000000047b20de clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x47b20de)
#24 0x0000000004918c6e clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x4918c6e)
#25 0x0000000000ce9f2f cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0xce9f2f)
#26 0x0000000000ce1bea ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#27 0x00000000045baf09 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::'lambda'()>(long) Job.cpp:0:0
#28 0x0000000003b47154 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x3b47154)
#29 0x00000000045bb4ff clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (.part.0) Job.cpp:0:0
#30 0x00000000045817ed clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x45817ed)
#31 0x00000000045828dd clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x45828dd)
#32 0x0000000004589c95 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x4589c95)
#33 0x0000000000ce6dc9 clang_main(int, char**, llvm::ToolContext const&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0xce6dc9)
#34 0x0000000000bb3954 main (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0xbb3954)
#35 0x000074f1da029d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
#36 0x000074f1da029e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
#37 0x0000000000ce169e _start (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0xce169e)
clang: error: clang frontend command failed with exit code 134 (use -v to see invocation)
Compiler returned: 134
```
It does not crash on Clang-19.
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
