A crash bug due to recursiveCopy? #141

zyz9740 · 2023-01-06T13:18:42Z

Source:

#include <string.h>

int main() { 
    memcpy(0, "", 2);
    return 0;
}

Reproduce:
/opt/cheerp/bin/clang -target cheerp-wasm random.c -o random_cheerp.js

Log:

PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.	Program arguments: /opt/cheerp/bin/opt -march=cheerp -cheerp-linear-output=wasm -cheerp-lto -passes=function(CheerpLowerInvoke),function(simplifycfg),CallConstructors,GlobalDepsAnalyzer,TypeOptimizer,function(CheerpLowerSwitch),I64Lowering,function(ReplaceNopCastsAndByteSwaps),FreeAndDeleteRemoval,default<Os>,PartialExecuter,function(simplifycfg) -o /tmp/random-ecf230.bc /tmp/random-081082.bc
 #0 0x0000000001f9fe13 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/opt/cheerp/bin/opt+0x1f9fe13)
 #1 0x0000000001f9e0e0 llvm::sys::RunSignalHandlers() (/opt/cheerp/bin/opt+0x1f9e0e0)
 #2 0x0000000001fa02bf (/opt/cheerp/bin/opt+0x1fa02bf)
 #3 0x00007f27564183c0 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x143c0)
 #4 0x00000000018b69ea llvm::Value::setNameImpl(llvm::Twine const&) (/opt/cheerp/bin/opt+0x18b69ea)
 #5 0x00000000018b6dd9 llvm::Value::setName(llvm::Twine const&) (/opt/cheerp/bin/opt+0x18b6dd9)
 #6 0x0000000000e85568 (/opt/cheerp/bin/opt+0xe85568)
 #7 0x0000000001bf98fb llvm::StructMemFuncLowering::recursiveCopy(llvm::IRBuilder<llvm::ConstantFolder, llvm::IRBuilderDefaultInserter>*, llvm::Value*, llvm::Value*, llvm::Type*, llvm::Type*, llvm::Type*, unsigned int, llvm::SmallVector<llvm::Value*, 8u>&) (/opt/cheerp/bin/opt+0x1bf98fb)
 #8 0x0000000001bf98ba llvm::StructMemFuncLowering::recursiveCopy(llvm::IRBuilder<llvm::ConstantFolder, llvm::IRBuilderDefaultInserter>*, llvm::Value*, llvm::Value*, llvm::Type*, llvm::Type*, llvm::Type*, unsigned int, llvm::SmallVector<llvm::Value*, 8u>&) (/opt/cheerp/bin/opt+0x1bf98ba)
 #9 0x0000000001bfa933 llvm::StructMemFuncLowering::createGenericLoop(llvm::IRBuilder<llvm::ConstantFolder, llvm::IRBuilderDefaultInserter>*, llvm::BasicBlock*, llvm::BasicBlock*, llvm::BasicBlock*, llvm::Type*, llvm::Value*, llvm::Value*, llvm::Value*, llvm::StructMemFuncLowering::MODE, unsigned int, bool) (/opt/cheerp/bin/opt+0x1bfa933)
#10 0x0000000001bfb202 llvm::StructMemFuncLowering::createLoops(llvm::BasicBlock&, llvm::BasicBlock*, llvm::Type*, llvm::Value*, llvm::Value*, llvm::Value*, llvm::Type*, llvm::StructMemFuncLowering::MODE, unsigned int) (/opt/cheerp/bin/opt+0x1bfb202)
#11 0x0000000001bfbc28 llvm::StructMemFuncLowering::runOnBlock(llvm::BasicBlock&, bool) (/opt/cheerp/bin/opt+0x1bfbc28)
#12 0x0000000001bfbd20 llvm::StructMemFuncLowering::runOnFunction(llvm::Function&) (/opt/cheerp/bin/opt+0x1bfbd20)
#13 0x0000000001bfbdb6 llvm::StructMemFuncLoweringPass::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/opt/cheerp/bin/opt+0x1bfbdb6)
#14 0x0000000000fed04d (/opt/cheerp/bin/opt+0xfed04d)
#15 0x000000000189b377 llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/opt/cheerp/bin/opt+0x189b377)
#16 0x0000000000fed41d (/opt/cheerp/bin/opt+0xfed41d)
#17 0x00000000010864f1 llvm::CGSCCToFunctionPassAdaptor::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (/opt/cheerp/bin/opt+0x10864f1)
#18 0x000000000227627d (/opt/cheerp/bin/opt+0x227627d)
#19 0x00000000010830c8 llvm::PassManager<llvm::LazyCallGraph::SCC, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (/opt/cheerp/bin/opt+0x10830c8)
#20 0x00000000019bebed (/opt/cheerp/bin/opt+0x19bebed)
#21 0x0000000001084faf llvm::DevirtSCCRepeatedPass::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (/opt/cheerp/bin/opt+0x1084faf)
#22 0x00000000019bef7d (/opt/cheerp/bin/opt+0x19bef7d)
#23 0x00000000010845e5 llvm::ModuleToPostOrderCGSCCPassAdaptor::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/opt/cheerp/bin/opt+0x10845e5)
#24 0x00000000019bedbd (/opt/cheerp/bin/opt+0x19bedbd)
#25 0x000000000189a687 llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/opt/cheerp/bin/opt+0x189a687)
#26 0x00000000019bb635 llvm::ModuleInlinerWrapperPass::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/opt/cheerp/bin/opt+0x19bb635)
#27 0x000000000225877d (/opt/cheerp/bin/opt+0x225877d)
#28 0x000000000189a687 llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/opt/cheerp/bin/opt+0x189a687)
#29 0x0000000000d2272a llvm::runPassPipeline(llvm::StringRef, llvm::Module&, llvm::TargetMachine*, llvm::TargetLibraryInfoImpl*, llvm::ToolOutputFile*, llvm::ToolOutputFile*, llvm::ToolOutputFile*, llvm::StringRef, llvm::ArrayRef<llvm::StringRef>, llvm::ArrayRef<llvm::PassPlugin>, llvm::opt_tool::OutputKind, llvm::opt_tool::VerifierKind, bool, bool, bool, bool, bool, bool) (/opt/cheerp/bin/opt+0xd2272a)
#30 0x0000000000d31ad7 main (/opt/cheerp/bin/opt+0xd31ad7)
#31 0x00007f2755ed80b3 __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:342:3
#32 0x0000000000d1b32e _start (/opt/cheerp/bin/opt+0xd1b32e)
clang-16: error: unable to execute command: Segmentation fault (core dumped)
clang-16: error: optimizer command failed due to signal (use -v to see invocation)
Cheerp 1670679767-1~focal clang version 16.0.0
Target: cheerp-leaningtech-webbrowser-wasm
Thread model: posix
InstalledDir: /opt/cheerp/bin
clang-16: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-16: note: diagnostic msg: /tmp/random-c75a00.c
clang-16: note: diagnostic msg: /tmp/random-c75a00.sh
clang-16: note: diagnostic msg: 

********************

Version:

Cheerp 1670679767-1~focal clang version 16.0.0
Target: cheerp-leaningtech-webbrowser-wasm
Thread model: posix
InstalledDir: /opt/cheerp/bin

The text was updated successfully, but these errors were encountered:

LLVM is smart enough to be able to remove a gep if the source and indexes are constants. However, it was assumed that it would always emit a gep instruction, which would cause a crash when trying to cast it. Upon further inspection, I believe that this casting to a GEPOperator and then getting the result element type is overkill, and we could just simply use the type of the value. This fixes: leaningtech/cheerp-meta#141

LLVM is smart enough to be able to fold a gep if the source and indices are constants. However, it was assumed that it would always emit a gep instruction, which would cause a crash when trying to cast it. Upon further inspection, I believe that the surrounding if statement was meant as a way of working around one of such folds. The new code should work for the general case, so I've removed it. This fixes: leaningtech/cheerp-meta#141

zyz9740 changed the title ~~A crash bug due to llvm::Value::setNameImpl~~ A crash bug due to recursiveCopy? Jan 6, 2023

yuri91 added the crash the compiler crashes label Mar 14, 2023

Hyxogen mentioned this issue Feb 6, 2024

structmemfunclowering: fix crash when gep is optimized away leaningtech/cheerp-compiler#203

Merged

yuri91 closed this as completed in leaningtech/cheerp-compiler#203 Feb 6, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

A crash bug due to recursiveCopy? #141

A crash bug due to recursiveCopy? #141

zyz9740 commented Jan 6, 2023

A crash bug due to recursiveCopy? #141

A crash bug due to recursiveCopy? #141

Comments

zyz9740 commented Jan 6, 2023