llvm-project
llvm-project copied to clipboard
Published
20 hours ago •
llvm
llvm
DAGCombiner crashes in SelectionDAG::ReplaceAllUsesWith (segfault)
And similar story when I tried compiling the driver: (linked to this one https://github.com/llvm/llvm-project/issues/55736)
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0. Program arguments: /usr/local/bin/llc -filetype=obj -o ./func.o ./driver.pp.ll
1. Running pass 'Function Pass Manager' on module './driver.pp.ll'.
2. Running pass 'AArch64 Instruction Selection' on function '@init'
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var `LLVM_SYMBOLIZER_PATH` to point to it):
0 llc 0x0000000104437db4 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) + 56
1 llc 0x0000000104436f58 llvm::sys::RunSignalHandlers() + 112
2 llc 0x00000001044383fc SignalHandler(int) + 304
3 libsystem_platform.dylib 0x0000000181ca74a4 _sigtramp + 56
4 llc 0x00000001042e1428 llvm::SelectionDAG::ReplaceAllUsesWith(llvm::SDNode*, llvm::SDValue const*) + 304
5 llc 0x00000001041638d0 (anonymous namespace)::DAGCombiner::CombineTo(llvm::SDNode*, llvm::SDValue const*, unsigned int, bool) + 84
6 llc 0x000000010419568c (anonymous namespace)::DAGCombiner::visitLOAD(llvm::SDNode*) + 1428
7 llc 0x00000001041670ac (anonymous namespace)::DAGCombiner::visit(llvm::SDNode*) + 5820
8 llc 0x0000000104164ff0 (anonymous namespace)::DAGCombiner::combine(llvm::SDNode*) + 192
9 llc 0x0000000104164554 llvm::SelectionDAG::Combine(llvm::CombineLevel, llvm::AAResults*, llvm::CodeGenOpt::Level) + 1516
10 llc 0x00000001042f467c llvm::SelectionDAGISel::CodeGenAndEmitDAG() + 132
11 llc 0x00000001042f4094 llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) + 4436
12 llc 0x00000001042f2494 llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&) + 2308
13 llc 0x0000000103b26ca8 llvm::MachineFunctionPass::runOnFunction(llvm::Function&) + 304
14 llc 0x0000000103e82fa8 llvm::FPPassManager::runOnFunction(llvm::Function&) + 672
15 llc 0x0000000103e88560 llvm::FPPassManager::runOnModule(llvm::Module&) + 60
16 llc 0x0000000103e834b8 llvm::legacy::PassManagerImpl::run(llvm::Module&) + 840
17 llc 0x00000001029fe500 main + 6992
18 dyld 0x00000001088e908c start + 520
zsh: segmentation fault /usr/local/bin/llc -filetype=obj -o ./func.o ./driver.pp.ll
/usr/local/bin/llc -filetype=obj -o ./func.o ./driver.pp.ll.log
bugpoint reduced:
; ModuleID = 'bugpoint-reduced-simplified.bc'
source_filename = "driver.pp"
target triple = "x86_64-unknown-linux-gnu"
@arr_32 = external global [16 x [10 x [24 x [10 x [14 x i32]]]]]
define void @init() {
bb:
br label %bb1
bb1: ; preds = %bb1, %bb
br i1 undef, label %bb1, label %.critedge
.critedge: ; preds = %bb2, %bb1
%i = trunc i32 undef to i1
br i1 %i, label %bb2, label %bb12
bb2: ; preds = %bb4, %.critedge
%i3 = trunc i32 undef to i1
br i1 %i3, label %bb4, label %.critedge
bb4: ; preds = %bb6, %bb2
%i5 = trunc i32 undef to i1
br i1 %i5, label %bb6, label %bb2
bb6: ; preds = %bb8, %bb4
%i7 = trunc i32 undef to i1
br i1 %i7, label %bb8, label %bb4
bb8: ; preds = %bb10, %bb6
%i9 = trunc i32 undef to i1
br i1 %i9, label %bb10, label %bb6
bb10: ; preds = %bb8
%i11 = load [16 x [10 x [24 x [10 x [14 x i32]]]]], ptr @arr_32, align 4
br label %bb8
bb12: ; preds = %.critedge
br i1 undef, label %.critedge42, label %.critedge106
.critedge42: ; preds = %.critedge42, %bb12
br i1 undef, label %.critedge42, label %.critedge106
.critedge106: ; preds = %.critedge42, %bb12
ret void
}
The crash seems to be induced by creation of a SDNode with NumOperands/NumValues exceeding 65535 (it is 537600), in that case NumValues/NumOperands overflows. With enabled assertions llc crashes with following stack trace:
llc: /home/filipp/Development/llvm-project/llvm/include/llvm/CodeGen/SelectionDAGNodes.h:1090: llvm::SDNode::SDNode(unsigned int, unsigned int, llvm::DebugLoc, llvm::SDVTList): Assertion `NumValues == VTs.NumVTs && "NumValues wasn't wide enough for its operands!"' failed.
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace.
Stack dump:
0. Program arguments: /home/filipp/Development/llvm-project/build/bin/llc -filetype=obj crash.ll
1. Running pass 'Function Pass Manager' on module 'crash.ll'.
2. Running pass 'X86 DAG->DAG Instruction Selection' on function '@init'
#0 0x00000000048152da llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) /home/filipp/Development/llvm-project/llvm/lib/Support/Unix/Signals.inc:567:11
#1 0x000000000481548b PrintStackTraceSignalHandler(void*) /home/filipp/Development/llvm-project/llvm/lib/Support/Unix/Signals.inc:641:1
#2 0x0000000004813ae6 llvm::sys::RunSignalHandlers() /home/filipp/Development/llvm-project/llvm/lib/Support/Signals.cpp:104:5
#3 0x0000000004815bb5 SignalHandler(int) /home/filipp/Development/llvm-project/llvm/lib/Support/Unix/Signals.inc:412:1
#4 0x00007f88d0933420 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x14420)
#5 0x00007f88d038e00b raise /build/glibc-SzIz7B/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
#6 0x00007f88d036d859 abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:81:7
#7 0x00007f88d036d729 get_sysdep_segment_value /build/glibc-SzIz7B/glibc-2.31/intl/loadmsgcat.c:509:8
#8 0x00007f88d036d729 _nl_load_domain /build/glibc-SzIz7B/glibc-2.31/intl/loadmsgcat.c:970:34
#9 0x00007f88d037efd6 (/lib/x86_64-linux-gnu/libc.so.6+0x33fd6)
#10 0x0000000001a7df4d llvm::SDNode::SDNode(unsigned int, unsigned int, llvm::DebugLoc, llvm::SDVTList) /home/filipp/Development/llvm-project/llvm/include/llvm/CodeGen/SelectionDAGNodes.h:1091:3
#11 0x000000000454bd24 llvm::SDNode* llvm::SelectionDAG::newSDNode<llvm::SDNode, unsigned int&, unsigned int, llvm::DebugLoc const&, llvm::SDVTList&>(unsigned int&, unsigned int&&, llvm::DebugLoc const&, llvm::SDVTList&) /home/filipp/Development/llvm-project/llvm/include/llvm/CodeGen/SelectionDAG.h:402:5
#12 0x00000000045353dd llvm::SelectionDAG::getNode(unsigned int, llvm::SDLoc const&, llvm::SDVTList, llvm::ArrayRef<llvm::SDValue>, llvm::SDNodeFlags) /home/filipp/Development/llvm-project/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:9302:9
#13 0x0000000004526d5d llvm::SelectionDAG::getNode(unsigned int, llvm::SDLoc const&, llvm::SDVTList, llvm::ArrayRef<llvm::SDValue>) /home/filipp/Development/llvm-project/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:9193:10
#14 0x00000000044849f8 llvm::SelectionDAGBuilder::visitLoad(llvm::LoadInst const&) /home/filipp/Development/llvm-project/llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp:4194:20
#15 0x000000000447ea07 llvm::SelectionDAGBuilder::visit(unsigned int, llvm::User const&) /home/filipp/Development/llvm-project/llvm/include/llvm/IR/Instruction.def:172:1
#16 0x000000000447dd9f llvm::SelectionDAGBuilder::visit(llvm::Instruction const&) /home/filipp/Development/llvm-project/llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp:1156:8
#17 0x0000000004574158 llvm::SelectionDAGISel::SelectBasicBlock(llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::Instruction, true, false, void>, false, true>, llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::Instruction, true, false, void>, false, true>, bool&) /home/filipp/Development/llvm-project/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:679:3
#18 0x0000000004573c9b llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) /home/filipp/Development/llvm-project/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:1604:11
#19 0x0000000004571246 llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&) /home/filipp/Development/llvm-project/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:468:3
#20 0x000000000264890a (anonymous namespace)::X86DAGToDAGISel::runOnMachineFunction(llvm::MachineFunction&) /home/filipp/Development/llvm-project/llvm/lib/Target/X86/X86ISelDAGToDAG.cpp:191:7
#21 0x00000000035ba245 llvm::MachineFunctionPass::runOnFunction(llvm::Function&) /home/filipp/Development/llvm-project/llvm/lib/CodeGen/MachineFunctionPass.cpp:91:8
#22 0x0000000003caa716 llvm::FPPassManager::runOnFunction(llvm::Function&) /home/filipp/Development/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1430:23
#23 0x0000000003caf542 llvm::FPPassManager::runOnModule(llvm::Module&) /home/filipp/Development/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1476:16
#24 0x0000000003caafe9 (anonymous namespace)::MPPassManager::runOnModule(llvm::Module&) /home/filipp/Development/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1545:23
#25 0x0000000003caab5d llvm::legacy::PassManagerImpl::run(llvm::Module&) /home/filipp/Development/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:535:16
#26 0x0000000003caf821 llvm::legacy::PassManager::run(llvm::Module&) /home/filipp/Development/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1672:3
#27 0x0000000000d0a02c compileModule(char**, llvm::LLVMContext&) /home/filipp/Development/llvm-project/llvm/tools/llc/llc.cpp:736:41
...
The issue was previously reported as https://github.com/llvm/llvm-project/issues/7622
This particular crash could be fixed by changing SDNode::NumValues and SDNode::NumOperands type to unsigned, by reordering some SDValue's fields its size could be preserved on 64-bit platforms after that change: https://reviews.llvm.org/D140114 (not sure if the problem with extremely large inputs/values count should be fixed this way though, with widened fields llc will crash on another assertion while processing the file from the linked issue).
From the rust issue - a very concise repro:
define void @crash([65536 x i8] %foo, ptr %_0) {
store [65536 x i8] %foo, ptr %_0, align 1
ret void
}
@llvm/issue-subscribers-backend-aarch64
Author: None (AnFunctionArray)
And similar story when I tried compiling the driver: (linked to this one https://github.com/llvm/llvm-project/issues/55736)
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0. Program arguments: /usr/local/bin/llc -filetype=obj -o ./func.o ./driver.pp.ll
1. Running pass 'Function Pass Manager' on module './driver.pp.ll'.
2. Running pass 'AArch64 Instruction Selection' on function '@<!-- -->init'
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var `LLVM_SYMBOLIZER_PATH` to point to it):
0 llc 0x0000000104437db4 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) + 56
1 llc 0x0000000104436f58 llvm::sys::RunSignalHandlers() + 112
2 llc 0x00000001044383fc SignalHandler(int) + 304
3 libsystem_platform.dylib 0x0000000181ca74a4 _sigtramp + 56
4 llc 0x00000001042e1428 llvm::SelectionDAG::ReplaceAllUsesWith(llvm::SDNode*, llvm::SDValue const*) + 304
5 llc 0x00000001041638d0 (anonymous namespace)::DAGCombiner::CombineTo(llvm::SDNode*, llvm::SDValue const*, unsigned int, bool) + 84
6 llc 0x000000010419568c (anonymous namespace)::DAGCombiner::visitLOAD(llvm::SDNode*) + 1428
7 llc 0x00000001041670ac (anonymous namespace)::DAGCombiner::visit(llvm::SDNode*) + 5820
8 llc 0x0000000104164ff0 (anonymous namespace)::DAGCombiner::combine(llvm::SDNode*) + 192
9 llc 0x0000000104164554 llvm::SelectionDAG::Combine(llvm::CombineLevel, llvm::AAResults*, llvm::CodeGenOpt::Level) + 1516
10 llc 0x00000001042f467c llvm::SelectionDAGISel::CodeGenAndEmitDAG() + 132
11 llc 0x00000001042f4094 llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) + 4436
12 llc 0x00000001042f2494 llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&) + 2308
13 llc 0x0000000103b26ca8 llvm::MachineFunctionPass::runOnFunction(llvm::Function&) + 304
14 llc 0x0000000103e82fa8 llvm::FPPassManager::runOnFunction(llvm::Function&) + 672
15 llc 0x0000000103e88560 llvm::FPPassManager::runOnModule(llvm::Module&) + 60
16 llc 0x0000000103e834b8 llvm::legacy::PassManagerImpl::run(llvm::Module&) + 840
17 llc 0x00000001029fe500 main + 6992
18 dyld 0x00000001088e908c start + 520
zsh: segmentation fault /usr/local/bin/llc -filetype=obj -o ./func.o ./driver.pp.ll
/usr/local/bin/llc -filetype=obj -o ./func.o ./driver.pp.ll.log
@EugeneZelenko I don't think this is aarch64-specific, @coolreader18's repro happens on x86 too https://llvm.godbolt.org/z/cWThs4dTb
