[Bug]: Clang Optimizer SEGFAULT while attempting to compile under certain conditions

[Fernthedev]

Description

Under the circumstances explained in this test file, clang's optimizer segfaults. I can't tell with certainty what causes this SEGFAULT but hopefully this small test case is sufficient. If -O0 is provided as a compile flag, the SEGFAULT no longer occurs.

As the crash suggests, here are the diagnostic files: https://gist.github.com/Fernthedev/8e10c49fcf775b4a34bb51ed3e586eda

Building the project to reproduce the crash

The branch test-case of the repository is designed to work out of the box with no configuration outside of Ninja, CMake and NDK.

• Create a ndkpath.txt file pointing to your ndk installation
• Invoke pwsh .\build.ps1 or manually invoke CMake if you prefer

Appreciate any guidance and fixes, good day.

Upstream bug

No response

Commit to cherry-pick

No response

Affected versions

r23, r24

Canary version

No response

Host OS

Windows

Host OS version

Windows 10 21H2 (19044.1526)

Affected ABIs

arm64-v8a

[stephenhines]

The attached preprocessed TestFmt-aa59b0.cpp file appears truncated (last line is #endif // __has_keyword(__is_unsi), so I can't reproduce this more directly. Can you try reattaching that file as well as the TestFmt-aa59b0.sh script (which appears empty in the gist)?

[Fernthedev]

Apologies, I should've double checked the provided information. Thank you for looking into it, here's the updated information:

• TestFmt-7a1724.cpp
• build.log
• TestFmt-7a1724.sh

Hopefully this is sufficient for diagnosing though if more information is required I'll be happy to provide.

[stephenhines]

Those work! Thank you for getting back to me quickly. It seems to happen even with our latest toolchains, so I'm going to have to resolve this with upstream LLVM first.

[DanAlbert]

To give a sense of what that means for a timeline to a fix: that makes it very unlikely that it'll be in r23c (which I'm hoping to ship soon, but I've been saying that for quite a while and haven't had the time). If upstream fixes this soon we can probably get it into r25 though (and if not, hopefully one of the r25 minor releases). It won't be in r24 since that's already done and just waiting for the release process to finish, and unless upstream moves very fast this probably won't make it into an r24 minor release before r25 replaces it.

[Fernthedev]

Alright thanks for looking into it! Very amazed to see the fast and helpful response. I'll be looking forward to r25 or the release that ends up incorporating the fix. Good luck!

[stephenhines]

Reduced test cpp file (using cvise):

struct basic_string_view {
  char data_;
  long size_;
  constexpr basic_string_view(const char *) : data_(), size_() {}
};
struct basic_format_string {
  basic_string_view str_;
  template <typename S> consteval basic_format_string(S s) : str_(s) {}
};
struct source_location {};
using sl = source_location;
struct BasicFmtStrSrcLoc : basic_format_string {
  using ParentType = basic_format_string;
  sl sourceLocation;
  template <typename S> consteval BasicFmtStrSrcLoc(S s) : ParentType(s) {}
};
template <typename...> using FmtStrSrcLoc = BasicFmtStrSrcLoc;
enum LogLevel { INF };
struct Logger {
  template <LogLevel> static void fmtLogTest4(FmtStrSrcLoc<>);
};
void t() { Logger::fmtLogTest4<INF>(""); }

Somewhat reduced command line (but I am sure I can do better here too):

$CLANG "-cc1" "-triple" "aarch64-none-linux-android24" "-emit-obj" "--mrelax-relocations" "-mnoexecstack" "-disable-free" "-disable-llvm-verifier" "-discard-value-names" "-main-file-name" "TestFmt.cpp" "-mrelocation-model" "pic" "-pic-level" "2" "-fhalf-no-semantic-interposition" "-mframe-pointer=non-leaf" "-fno-rounding-math" "-mconstructor-aliases" "-target-cpu" "generic" "-target-feature" "+neon" "-target-abi" "aapcs" "-fallow-half-arguments-and-returns" "-debug-info-kind=constructor" "-dwarf-version=4" "-debugger-tuning=gdb" "-ffunction-sections" "-fdata-sections" "-fcoverage-compilation-dir=E:\\SSDUse\\ProgrammingProjects\\CLionProjects\\paper\\build" "-sys-header-deps" "-D" "FMT_HEADER_ONLY" "-D" "MOD_ID=\"paper\"" "-D" "VERSION=\"0.1.0\"" "-D" "paperlog_EXPORTS" "-D" "ANDROID" "-D" "_FORTIFY_SOURCE=2" "-D" "NDEBUG" "-D" "FMT_HEADER_ONLY" "-O3" "-Wformat" "-Werror=format-security" "-std=gnu++20" "-fdeprecated-macro" "-fdebug-compilation-dir=E:\\SSDUse\\ProgrammingProjects\\CLionProjects\\paper\\build" "-ferror-limit" "19" "-stack-protector" "2" "-fno-signed-char" "-fgnuc-version=4.2.1" "-fcxx-exceptions" "-fexceptions" "-vectorize-loops" "-vectorize-slp" "-target-feature" "+outline-atomics" "-D__GCC_HAVE_DWARF2_CFI_ASM=1" "-x" "c++" "TestFmt-7a1724.cpp"

Let me poke around a bit more, because this likely needs to be an LLVM IR reproducer (crash is during code generation), but this at least is a good point to have reached so far.

[appujee]

The bug reproduces with clang-13 but clang-14 had the fix.
Crash: https://godbolt.org/z/63PMnzfYG

Using the same test case that @stephenhines mentioned.

$clang-13.0.1 -std=c++20 -Os -fstack-protector-strong -target aarch64-none-linux-android24 -ffunction-sections -fdata-sections -fcxx-exceptions -fexceptions -fvectorize

PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: /opt/compiler-explorer/clang-13.0.1/bin/clang++ -gdwarf-4 -g -o /app/output.s -mllvm --x86-asm-syntax=intel -S --gcc-toolchain=/opt/compiler-explorer/gcc-11.2.0 -fcolor-diagnostics -fno-crash-diagnostics -std=c++20 -Os -fstack-protector-strong -target aarch64-none-linux-android24 -ffunction-sections -fdata-sections -fcxx-exceptions -fexceptions -fvectorize <source>
1.	<eof> parser at end of file
2.	Optimizer
 #0 0x000055ecf28df35f PrintStackTraceSignalHandler(void*) Signals.cpp:0:0
 #1 0x000055ecf28dd220 llvm::sys::CleanupOnSignal(unsigned long) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x34dd220)
 #2 0x000055ecf282e218 CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
 #3 0x00007f155736d420 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x14420)
 #4 0x000055ecf2100b82 llvm::PointerType::get(llvm::Type*, unsigned int) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x2d00b82)
 #5 0x000055ecf21664da llvm::GetElementPtrInst::Create(llvm::Type*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::Twine const&, llvm::Instruction*) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x2d664da)
 #6 0x000055ecf22e3ecc llvm::InstCombinerImpl::visitGetElementPtrInst(llvm::GetElementPtrInst&) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x2ee3ecc)
 #7 0x000055ecf22e912f llvm::InstCombinerImpl::run() (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x2ee912f)
 #8 0x000055ecf22ead61 combineInstructionsOverFunction(llvm::Function&, llvm::InstCombineWorklist&, llvm::AAResults*, llvm::AssumptionCache&, llvm::TargetLibraryInfo&, llvm::TargetTransformInfo&, llvm::DominatorTree&, llvm::OptimizationRemarkEmitter&, llvm::BlockFrequencyInfo*, llvm::ProfileSummaryInfo*, unsigned int, llvm::LoopInfo*) InstructionCombining.cpp:0:0
 #9 0x000055ecf22ebc93 llvm::InstCombinePass::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x2eebc93)
#10 0x000055ecf38a6291 llvm::detail::PassModel<llvm::Function, llvm::InstCombinePass, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x44a6291)
#11 0x000055ecf08dcb78 llvm::detail::PassModel<llvm::Function, llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function> >, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x14dcb78)
#12 0x000055ecf20ecca0 llvm::ModuleToFunctionPassAdaptor::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x2cecca0)
#13 0x000055ecf08d5fe1 llvm::detail::PassModel<llvm::Module, llvm::ModuleToFunctionPassAdaptor, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x14d5fe1)
#14 0x000055ecf20e9d2a llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x2ce9d2a)
#15 0x000055ecf2bd1719 (anonymous namespace)::EmitAssemblyHelper::EmitAssemblyWithNewPassManager(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) BackendUtil.cpp:0:0
#16 0x000055ecf2bd6a55 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x37d6a55)
#17 0x000055ecf3833d7d clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x4433d7d)
#18 0x000055ecf468cd19 clang::ParseAST(clang::Sema&, bool, bool) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x528cd19)
#19 0x000055ecf3833e22 clang::CodeGenAction::ExecuteAction() (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x4433e22)
#20 0x000055ecf31e0ff1 clang::FrontendAction::Execute() (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x3de0ff1)
#21 0x000055ecf317f2b2 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x3d7f2b2)
#22 0x000055ecf32ad733 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x3ead733)
#23 0x000055ecf068611c cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x128611c)
#24 0x000055ecf06822fd ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0
#25 0x000055ecf302a605 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const::'lambda'()>(long) Job.cpp:0:0
#26 0x000055ecf282e803 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x342e803)
#27 0x000055ecf302c6be clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x3c2c6be)
#28 0x000055ecf30020ea clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&) const (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x3c020ea)
#29 0x000055ecf3002c3f clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) const (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x3c02c3f)
#30 0x000055ecf300c035 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x3c0c035)
#31 0x000055ecf059b56e main (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x119b56e)
#32 0x00007f1556e1b083 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24083)
#33 0x000055ecf0681e7a _start (/opt/compiler-explorer/clang-13.0.1/bin/clang+++0x1281e7a)

clang-14 works fine.
https://godbolt.org/z/34Ma4rGjj

[DanAlbert]

Great, thanks for confirming. With that I think all the LLVM issues triaged to r26 (aside from the lldb thing, which is another matter entirely) are fixed in the next toolchain and we're just waiting for prebuilts 👍