nathanchance wrote:
This change introduces a crash with `-fsanitize=array-bounds`. A reproducer
from `cvise`:
```c
struct irq_data {
struct irq_domain *domain;
} irq_domain_fix_revmap_d;
struct irq_domain {
struct irq_domain *parent;
int revmap_size;
struct irq_data *revmap[] __attribute__((__counted_by__(revmap_size)));
};
long irq_domain_fix_revmap_d_0;
int irq_domain_pop_irq() {
irq_domain_fix_revmap_d.domain->revmap[irq_domain_fix_revmap_d_0] = 0;
return 0;
}
```
```
clang:
/mnt/nvme/tmp/cvise.buvTN27aMk/src/llvm/include/llvm/IR/DataLayout.h:652:
TypeSize llvm::StructLayout::getElementOffset(unsigned int) const: Assertion
`Idx < NumElements && "Invalid element idx!"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and
include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: clang -O2 -fsanitize=array-bounds -c -o /dev/null
irqdomain.i
1. <eof> parser at end of file
2. irqdomain.i:10:5: LLVM IR generation of declaration 'irq_domain_pop_irq'
3. irqdomain.i:10:5: Generating code for declaration 'irq_domain_pop_irq'
#0 0x00005622f687d9e8 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x41069e8)
#1 0x00005622f687b61e llvm::sys::RunSignalHandlers()
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x410461e)
#2 0x00005622f6800926 CrashRecoverySignalHandler(int)
CrashRecoveryContext.cpp:0:0
#3 0x00007f1204079710 (/usr/lib/libc.so.6+0x3e710)
#4 0x00007f12040c983c (/usr/lib/libc.so.6+0x8e83c)
#5 0x00007f1204079668 gsignal (/usr/lib/libc.so.6+0x3e668)
#6 0x00007f12040614b8 abort (/usr/lib/libc.so.6+0x264b8)
#7 0x00007f12040613dc (/usr/lib/libc.so.6+0x263dc)
#8 0x00007f1204071d26 (/usr/lib/libc.so.6+0x36d26)
#9 0x00005622f6ae11bb
clang::CodeGen::CGBuilderTy::CreateStructGEP(clang::CodeGen::Address, unsigned
int, llvm::Twine const&) CGCall.cpp:0:0
#10 0x00005622f6bcd204 emitAddrOfFieldStorage(clang::CodeGen::CodeGenFunction&,
clang::CodeGen::Address, clang::FieldDecl const*) CGExpr.cpp:0:0
#11 0x00005622f6bb0082
clang::CodeGen::CodeGenFunction::EmitLValueForField(clang::CodeGen::LValue,
clang::FieldDecl const*)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4439082)
#12 0x00005622f6bbef07
clang::CodeGen::CodeGenFunction::EmitMemberExpr(clang::MemberExpr const*)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4447f07)
#13 0x00005622f6bb7c9f
clang::CodeGen::CodeGenFunction::EmitLValueHelper(clang::Expr const*,
clang::CodeGen::KnownNonNull_t)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4440c9f)
#14 0x00005622f6bb62ad
clang::CodeGen::CodeGenFunction::EmitCheckedLValue(clang::Expr const*,
clang::CodeGen::CodeGenFunction::TypeCheckKind)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x443f2ad)
#15 0x00005622f6be69ed (anonymous
namespace)::ScalarExprEmitter::VisitMemberExpr(clang::MemberExpr*)
CGExprScalar.cpp:0:0
#16 0x00005622f6bd2fad
clang::CodeGen::CodeGenFunction::EmitScalarExpr(clang::Expr const*, bool)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x445bfad)
#17 0x00005622f6baba93 clang::CodeGen::CodeGenFunction::EmitAnyExpr(clang::Expr
const*, clang::CodeGen::AggValueSlot, bool)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4434a93)
#18 0x00005622f6bac39d
clang::CodeGen::CodeGenFunction::EmitAnyExprToTemp(clang::Expr const*)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x443539d)
#19 0x00005622f6bb481f
clang::CodeGen::CodeGenFunction::EmitBoundsCheck(clang::Expr const*,
clang::Expr const*, llvm::Value*, clang::QualType, bool)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x443d81f)
#20 0x00005622f6bcb0e3
clang::CodeGen::CodeGenFunction::EmitArraySubscriptExpr(clang::ArraySubscriptExpr
const*, bool)::$_0::operator()(bool) const CGExpr.cpp:0:0
#21 0x00005622f6bb7286
clang::CodeGen::CodeGenFunction::EmitArraySubscriptExpr(clang::ArraySubscriptExpr
const*, bool)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4440286)
#22 0x00005622f6bb629b
clang::CodeGen::CodeGenFunction::EmitCheckedLValue(clang::Expr const*,
clang::CodeGen::CodeGenFunction::TypeCheckKind)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x443f29b)
#23 0x00005622f6bdf6cb (anonymous
namespace)::ScalarExprEmitter::VisitBinAssign(clang::BinaryOperator const*)
CGExprScalar.cpp:0:0
#24 0x00005622f6bd2fad
clang::CodeGen::CodeGenFunction::EmitScalarExpr(clang::Expr const*, bool)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x445bfad)
#25 0x00005622f6baba93 clang::CodeGen::CodeGenFunction::EmitAnyExpr(clang::Expr
const*, clang::CodeGen::AggValueSlot, bool)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4434a93)
#26 0x00005622f6baba1c
clang::CodeGen::CodeGenFunction::EmitIgnoredExpr(clang::Expr const*)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4434a1c)
#27 0x00005622f6c914db clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt
const*, llvm::ArrayRef<clang::Attr const*>)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x451a4db)
#28 0x00005622f6c9ef40
clang::CodeGen::CodeGenFunction::EmitCompoundStmtWithoutScope(clang::CompoundStmt
const&, bool, clang::CodeGen::AggValueSlot)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4527f40)
#29 0x00005622f6b98fe5
clang::CodeGen::CodeGenFunction::EmitFunctionBody(clang::Stmt const*)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4421fe5)
#30 0x00005622f6b99cb6
clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl,
llvm::Function*, clang::CodeGen::CGFunctionInfo const&)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4422cb6)
#31 0x00005622f6a77d7c
clang::CodeGen::CodeGenModule::EmitGlobalFunctionDefinition(clang::GlobalDecl,
llvm::GlobalValue*)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4300d7c)
#32 0x00005622f6a70043
clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl,
llvm::GlobalValue*)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x42f9043)
#33 0x00005622f6a74952
clang::CodeGen::CodeGenModule::EmitGlobal(clang::GlobalDecl)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x42fd952)
#34 0x00005622f6a6ec91
clang::CodeGen::CodeGenModule::EmitTopLevelDecl(clang::Decl*)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x42f7c91)
#35 0x00005622f703715c (anonymous
namespace)::CodeGeneratorImpl::HandleTopLevelDecl(clang::DeclGroupRef)
ModuleBuilder.cpp:0:0
#36 0x00005622f702dc56
clang::BackendConsumer::HandleTopLevelDecl(clang::DeclGroupRef)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x48b6c56)
#37 0x00005622f82db83a clang::ParseAST(clang::Sema&, bool, bool)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x5b6483a)
#38 0x00005622f742bd8f clang::FrontendAction::Execute()
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4cb4d8f)
#39 0x00005622f739d7bd
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4c267bd)
#40 0x00005622f74f5178
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4d7e178)
#41 0x00005622f51e8af2 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x2a71af2)
#42 0x00005622f51e4f3d ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&,
llvm::ToolContext const&) driver.cpp:0:0
#43 0x00005622f71fde09 void llvm::function_ref<void
()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>,
std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char>>*, bool*) const::$_0>(long) Job.cpp:0:0
#44 0x00005622f68006a6
llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x40896a6)
#45 0x00005622f71fd512
clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>,
std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char>>*, bool*) const
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4a86512)
#46 0x00005622f71b86c7
clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&,
clang::driver::Command const*&, bool) const
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4a416c7)
#47 0x00005622f71b8c07
clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&,
llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool)
const (/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4a41c07)
#48 0x00005622f71d8bc9
clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&,
llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x4a61bc9)
#49 0x00005622f51e43f6 clang_main(int, char**, llvm::ToolContext const&)
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x2a6d3f6)
#50 0x00005622f51f5241 main
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x2a7e241)
#51 0x00007f1204062cd0 (/usr/lib/libc.so.6+0x27cd0)
#52 0x00007f1204062d8a __libc_start_main (/usr/lib/libc.so.6+0x27d8a)
#53 0x00005622f51e14e5 _start
(/mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin/clang-18+0x2a6a4e5)
clang: error: clang frontend command failed with exit code 134 (use -v to see
invocation)
ClangBuiltLinux clang version 18.0.0 (https://github.com/llvm/llvm-project
bc09ec696209b3aea74d49767b15c2f34e363933)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /mnt/nvme/tmp/cvise.buvTN27aMk/install/llvm-bad/bin
clang: note: diagnostic msg: Error generating preprocessed source(s) - no
preprocessable inputs.
````
https://github.com/llvm/llvm-project/pull/70606
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
