[llvm-bugs] [Bug 133898] FastISel::handlePHINodesInSuccessorBlocks crashes on valid IR (LLVM 20.1.0)

Sat, 05 Apr 2025 10:22:35 -0700

Issue 133898
Summary FastISel::handlePHINodesInSuccessorBlocks crashes on valid IR (LLVM 20.1.0)
Labels
Assignees
Reporter wihn2021 
    **Reproducible demo (via Compiler Explorer):**  
🔗 https://gcc.godbolt.org/z/PGKcj7xn3

```
warning: overriding the module target triple with x86_64-unknown-linux-gnu [-Woverride-module]
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: /opt/compiler-explorer/clang-20.1.0/bin/clang++ -g -o /app/output.s -masm=intel -fno-verbose-asm -S -x ir -fcolor-diagnostics -fno-crash-diagnostics <source>
1.	Code generation
2.	Running pass 'Function Pass Manager' on module '<source>'.
3.	Running pass 'X86 DAG->DAG Instruction Selection' on function '@s4114_inner'
 #0 0x0000000003a59568 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x3a59568)
 #1 0x0000000003a576ac llvm::sys::CleanupOnSignal(unsigned long) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x3a576ac)
 #2 0x00000000039a69e8 CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
 #3 0x00007030b2e42520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #4 0x0000000004bfb426 llvm::FastISel::handlePHINodesInSuccessorBlocks(llvm::BasicBlock const*) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x4bfb426)
 #5 0x0000000004c008dc llvm::FastISel::selectInstruction(llvm::Instruction const*) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x4c008dc)
 #6 0x0000000004d1a8ba llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x4d1a8ba)
 #7 0x0000000004d1c327 llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x4d1c327)
 #8 0x0000000004d08361 llvm::SelectionDAGISelLegacy::runOnMachineFunction(llvm::MachineFunction&) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x4d08361)
 #9 0x0000000002e678f5 llvm::MachineFunctionPass::runOnFunction(llvm::Function&) (.part.0) MachineFunctionPass.cpp:0:0
#10 0x00000000033c4012 llvm::FPPassManager::runOnFunction(llvm::Function&) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x33c4012)
#11 0x00000000033c42a1 llvm::FPPassManager::runOnModule(llvm::Module&) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x33c42a1)
#12 0x00000000033c5c09 llvm::legacy::PassManagerImpl::run(llvm::Module&) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x33c5c09)
#13 0x0000000003d01a28 clang::emitBackendOutput(clang::CompilerInstance&, clang::CodeGenOptions&, llvm::StringRef, llvm::Module*, clang::BackendAction, llvm::IntrusiveRefCntPtr<llvm::vfs::FileSystem>, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>, clang::BackendConsumer*) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x3d01a28)
#14 0x00000000043aa0bb clang::CodeGenAction::ExecuteAction() (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x43aa0bb)
#15 0x0000000004682ca1 clang::FrontendAction::Execute() (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x4682ca1)
#16 0x000000000460260b clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x460260b)
#17 0x000000000476e173 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x476e173)
#18 0x0000000000d116c1 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0xd116c1)
#19 0x0000000000d09eed ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#20 0x00000000043f5b49 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::'lambda'()>(long) Job.cpp:0:0
#21 0x00000000039a6e13 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x39a6e13)
#22 0x00000000043f5d69 clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (.part.0) Job.cpp:0:0
#23 0x00000000043b9ebd clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x43b9ebd)
#24 0x00000000043bae51 clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x43bae51)
#25 0x00000000043c51ec clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0x43c51ec)
#26 0x0000000000d0e391 clang_main(int, char**, llvm::ToolContext const&) (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0xd0e391)
#27 0x0000000000bd3bc4 main (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0xbd3bc4)
#28 0x00007030b2e29d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
#29 0x00007030b2e29e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
#30 0x0000000000d09985 _start (/opt/compiler-explorer/clang-20.1.0/bin/clang+++0xd09985)
clang++: error: clang frontend command failed with exit code 139 (use -v to see invocation)
Compiler returned: 139
```
source LLVM IR code
```
; ModuleID = 's4114_inner'
source_filename = "s4114_inner"

@flat_2d_array = external global [65536 x float], align 64
@x              = external global [32000 x float], align 64
@a              = external global [32000 x float], align 64
@b              = external global [32000 x float], align 64
@c              = external global [32000 x float], align 64
@d              = external global [32000 x float], align 64
@e              = external global [32000 x float], align 64
@aa             = external global [256 x [256 x float]], align 64
@bb             = external global [256 x [256 x float]], align 64
@cc             = external global [256 x [256 x float]], align 64
@tt             = external global [256 x [256 x float]], align 64
@indx           = external global [32000 x i32], align 64
@xx             = external global float*, align 8
@yy             = external global float*, align 8

declare i32 @dummy(float*, float*, float*, float*, float*, float*, float*, float*, float)

define void @s4114_inner(i32* nocapture readonly %ip, i32 %n1) {
entry:
  ; Compute the initial value for i = n1 - 1
  %start = sub nsw i32 %n1, 1
  br label %for.outer

; Outer loop over nl
for.outer:
  %nl = phi i32 [ 0, %entry ], [ %nl.next, %for.inc.outer ]
  br label %for.inner

; Inner loop over i
for.inner:
  %i.01 = phi i32 [ %start, %for.outer ], [ %i.next, %for.inner ]
  %cmp.i = icmp slt i32 %i.01, 32000
  br i1 %cmp.i, label %loop.body, label %for.inc.outer

loop.body:
  ; k = ip[i]
  %ip.idx = getelementptr inbounds i32, i32* %ip, i32 %i.01
  %k      = load i32, i32* %ip.idx, align 4

  ; a[i] = b[i] + c[31999 - k] * d[i]
  %c.idx = sub nsw i32 31999, %k
  %c.base = getelementptr inbounds [32000 x float], [32000 x float]* @c, i32 0, i32 0
  %c.effective.idx = getelementptr inbounds float, float* %c.base, i32 %c.idx
  %c.val = load float, float* %c.effective.idx, align 4

  %d.base = getelementptr inbounds [32000 x float], [32000 x float]* @d, i32 0, i32 0
  %d.effective.idx = getelementptr inbounds float, float* %d.base, i32 %i.01
  %d.val = load float, float* %d.effective.idx, align 4

  %mul.cd = fmul float %c.val, %d.val

  %b.base = getelementptr inbounds [32000 x float], [32000 x float]* @b, i32 0, i32 0
  %b.effective.idx = getelementptr inbounds float, float* %b.base, i32 %i.01
  %b.val = load float, float* %b.effective.idx, align 4

  %add.bc = fadd float %b.val, %mul.cd

  %a.base = getelementptr inbounds [32000 x float], [32000 x float]* @a, i32 0, i32 0
  %a.effective.idx = getelementptr inbounds float, float* %a.base, i32 %i.01
  store float %add.bc, float* %a.effective.idx, align 4

  ; k += 5 (not used further, but preserved from C code)
  %k.plus.5 = add i32 %k, 5

  ; Increment i
  %i.next = add nuw nsw i32 %i.01, 1
  br label %for.inner

; After finishing inner loop, call dummy
for.inc.outer:
  %nl.next = add nuw nsw i32 %nl, 1
  %a.ptr   = getelementptr inbounds [32000 x float], [32000 x float]* @a,  i32 0, i32 0
  %b.ptr   = getelementptr inbounds [32000 x float], [32000 x float]* @b,  i32 0, i32 0
  %c.ptr   = getelementptr inbounds [32000 x float], [32000 x float]* @c,  i32 0, i32 0
  %d.ptr   = getelementptr inbounds [32000 x float], [32000 x float]* @d,  i32 0, i32 0
  %e.ptr   = getelementptr inbounds [32000 x float], [32000 x float]* @e,  i32 0, i32 0
  %aa.ptr  = getelementptr inbounds [256 x [256 x float]], [256 x [256 x float]]* @aa,   i32 0, i32 0, i32 0
  %bb.ptr  = getelementptr inbounds [256 x [256 x float]], [256 x [256 x float]]* @bb,   i32 0, i32 0, i32 0
  %cc.ptr  = getelementptr inbounds [256 x [256 x float]], [256 x [256 x float]]* @cc,   i32 0, i32 0, i32 0

  %dummy.ret = call i32 @dummy(float* %a.ptr, float* %b.ptr, float* %c.ptr, float* %d.ptr, float* %e.ptr,
                               float* %aa.ptr, float* %bb.ptr, float* %cc.ptr, float 0.000000e+00)

  ; Check if we reached nl == 100000
  %cmp.nl = icmp eq i32 %nl.next, 100000
  br i1 %cmp.nl, label %for.outer.end, label %for.outer

for.outer.end:
  ret void
}
```

_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

Reply via email to