Ubuntu
llvm-toolchain-snapshot package

clang crashed with SIGSEGV, reproducible with c file

Bug #1365701 reported by Tor Klingberg
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
LLVM
Unknown
Medium
llvm-toolchain-snapshot (Ubuntu)
New
Undecided
Unassigned

Bug Description

Every time I try to compile this short c file with clang with optimization level O1 or higher, clang itself crashes with a segmentation fault.

This report is run with clang-3.5, but clang-3.4 also crashes.
I attach the source file, crash backtrace, preprocessed source, and associated run script that clang created.

This is for clang on a 32-bit machine. On 64-bit it crashes only when cross-compiling for a 32-bit target with the -m32 flag.

ProblemType: Crash
DistroRelease: Ubuntu 14.04
Package: clang-3.5 1:3.5~svn201651-1ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-35.62-generic 3.13.11.6
Uname: Linux 3.13.0-35-generic i686
ApportVersion: 2.14.1-0ubuntu3.3
Architecture: i386
CurrentDesktop: Unity
Date: Thu Sep 4 22:32:11 2014
ExecutablePath: /usr/bin/clang
InstallationDate: Installed on 2012-09-16 (717 days ago)
InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release i386 (20120817.3)
ProcCmdline: /usr/bin/clang -cc1 -triple i386-pc-linux-gnu -emit-obj -disable-free -disable-llvm-verifier -main-file-name addup.c -mrelocation-model static -fmath-errno -masm-verbose -mconstructor-aliases -fuse-init-array -target-cpu pentium4 -target-linker-version 2.24 -momit-leaf-frame-pointer -resource-dir /usr/bin/../lib/clang/3.5 -internal-isystem /usr/local/include -internal-isystem /usr/bin/../lib/clang/3.5/include -internal-externc-isystem /usr/bin/../lib/gcc/i686-linux-gnu/4.8/include -internal-externc-isystem /usr/include/i386-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O1 -fdebug-compilation-dir /home/username/c -ferror-limit 19 -fmessage-length 114 -mstackrealign -fobjc-runtime=gcc -fdiagnostics-show-option -fcolor-diagnostics -vectorize-slp -o /tmp/addup-70c448.o -x c addup.c
SegvAnalysis:
 Segfault happened at: 0xb6baa5ca <_ZN4llvm12SelectionDAG7getNodeEjNS_5SDLocENS_3EVTENS_7SDValueE+282>: mov 0x4(%eax),%edx
 PC (0xb6baa5ca) ok
 source "0x4(%eax)" (0x00000203) not located in a known VMA region (needed readable region)!
 destination "%edx" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: llvm-toolchain-snapshot
StacktraceTop:
 llvm::SelectionDAG::getNode(unsigned int, llvm::SDLoc, llvm::EVT, llvm::SDValue) () from /usr/lib/i386-linux-gnu/libLLVM-3.5.so.1
 ?? () from /usr/lib/i386-linux-gnu/libLLVM-3.5.so.1
 ?? () from /usr/lib/i386-linux-gnu/libLLVM-3.5.so.1
 llvm::TargetLowering::LowerCallTo(llvm::TargetLowering::CallLoweringInfo&) const () from /usr/lib/i386-linux-gnu/libLLVM-3.5.so.1
 llvm::TargetLowering::makeLibCall(llvm::SelectionDAG&, llvm::RTLIB::Libcall, llvm::EVT, llvm::SDValue const*, unsigned int, bool, llvm::SDLoc, bool, bool) const () from /usr/lib/i386-linux-gnu/libLLVM-3.5.so.1
Title: clang crashed with SIGSEGV in llvm::SelectionDAG::getNode()
UpgradeStatus: Upgraded to trusty on 2014-03-31 (156 days ago)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo vboxsf

See original description
Revision history for this message
Tor Klingberg (tor-klingberg) wrote :
summary: - clang crashed with SIGSEGV
+ clang crashed with SIGSEGV, reproducible with c file
Revision history for this message
Tor Klingberg (tor-klingberg) wrote :
Revision history for this message
Tor Klingberg (tor-klingberg) wrote :
Revision history for this message
Tor Klingberg (tor-klingberg) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

Stacktrace:
 #0 0xb6baa5ca in ?? ()
 No symbol table info available.
 #1 0x00000000 in ?? ()
 No symbol table info available.
StacktraceSource:
 #0 0xb6baa5ca in ?? ()
 #1 0x00000000 in ?? ()
StacktraceTop:
 ?? ()
 ?? ()

Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
tags: added: apport-failed-retrace
tags: removed: need-i386-retrace
Tor Klingberg (tor-klingberg)
information type: Private → Public
Tor Klingberg (tor-klingberg)
description: updated
Revision history for this message
In , Tor Klingberg (tor-klingberg) wrote :

Created attachment 13004
The C source file that triggers the bug

When I try to compile a certain short C-file with clang for a 32-bit i386 target with optimization, I get this linker error:
/tmp/addup-b0948d.o:/home/tor/c/addup.c:function addup: error: undefined reference to '__multi3'

As I understand it, __multi3 is a 128-bit function, and not available on 32-bit i386. The C source does not use and 128-bit types, only 64-bit.

With the versions of clang-3.4 and 3.5 in the Ubuntu repositories, clang segfaults instead. Reported here: https://bugs.launchpad.net/ubuntu/+source/llvm-toolchain-snapshot/+bug/1365701

Revision history for this message
In , Tor Klingberg (tor-klingberg) wrote :

Created attachment 13005
Preprocessed source

Revision history for this message
In , Tor Klingberg (tor-klingberg) wrote :

Created attachment 13006
Run script

Bug Watch Updater (bug-watch-updater)
Changed in llvm:
importance: Unknown → Medium
status: Unknown → Confirmed
Revision history for this message
In , Eric-schweitz (eric-schweitz) wrote :

I was able to replicate this bug in 3.7.1. (Different source. Looks like the 128-bit multiply comes from indvars, btw.)

Revision history for this message
In , Eric-schweitz (eric-schweitz) wrote :

Created attachment 15837
Reduced bitcode test that emits __multi3 even though target is i386

I'm able to get a call to __multi3 from this test using:

opt -O2 reduce.bc -o file2
llc file2 -o file3
grep __multi3 file3

        movl $0, 16(%esp)
        movl $0, 12(%esp)
        calll __multi3 ;<-- on a 32-bit target?
        subl $4, %esp
        movl 76(%esp), %eax

Revision history for this message
In , Riyaz-h (riyaz-h) wrote :

The changes in https://reviews.llvm.org/D38668 will prevent this issue from manifesting as a using __multi3 on x86. However, one might want to independently look at why licm and/or indvars produces a i65 mul (that gets promoted to i128) for the reduced test submitted by Eric. Generating large multiply instructions on some platforms may lead to less efficient code.

Revision history for this message
In , Koutheir-attouchi (koutheir-attouchi) wrote :

This issue also happens when targeting ARM in 32-bits mode.

It can be fixed, similarly to the x86 fix, by calling setLibcallName(RTLIB::MUL_I128, nullptr) inside ARMTargetLowering::ARMTargetLowering(const TargetMachine &TM, const ARMSubtarget &STI) in the file "llvm/lib/Target/ARM/ARMISelLowering.cpp".

Bug Watch Updater (bug-watch-updater)
Changed in llvm:
status: Confirmed → Unknown
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.