Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compiler Crash "Assertion !AS->hasBoundsExpr() failed" #525

Closed
secure-sw-dev-bot opened this issue Jan 16, 2022 · 2 comments
Closed

Compiler Crash "Assertion !AS->hasBoundsExpr() failed" #525

secure-sw-dev-bot opened this issue Jan 16, 2022 · 2 comments

Comments

@secure-sw-dev-bot
Copy link

This issue was copied from checkedc/checkedc-clang#526

I made a change that I was certain was incorrect, but I wanted to see what guidance I would get from the error message. Instead, it seems to have been sufficiently unpredictable as to crash the compiler.
It prints the error message including Assertion !AS->hasBoundsExpr() failed then pauses for several seconds before printing the stack trace.

Attached are the information printed in the terminal window, and files specified in the bug report instructions (remove extra ".txt" extension after downloading).
clangCrashTerminalOutput.txt
parson-3e2b4f.c.txt
parson-3e2b4f.sh.txt
tests-c3dc85.c.txt
@secure-sw-dev-bot
Copy link
Author

Comment from @AnnaKornfeldSimpson:

https://github.com/AnnaKornfeldSimpson/parson/tree/crashRepro
has files with unnecessary things cut out, and the diagnostic files.

Terminal output:
clang-6.0: /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:1478: bool {anonymous}::CheckBoundsDeclarations::AddBoundsCheck(clang::Expr*, {anonymous}::CheckBoundsDeclarations::OperationKind, bool): Assertion `!AS->hasBoundsExpr()' failed.
#0 0x00005652b1ca8089 llvm::sys::PrintStackTrace(llvm::raw_ostream&) /home/anna/repos/llvm/lib/Support/Unix/Signals.inc:398:0
#1 0x00005652b1ca811c PrintStackTraceSignalHandler(void*) /home/anna/repos/llvm/lib/Support/Unix/Signals.inc:462:0
#2 0x00005652b1ca62f7 llvm::sys::RunSignalHandlers() /home/anna/repos/llvm/lib/Support/Signals.cpp:49:0
#3 0x00005652b1ca78f5 SignalHandler(int) /home/anna/repos/llvm/lib/Support/Unix/Signals.inc:252:0
#4 0x00007f93c0363890 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x12890)
#5 0x00007f93bf22ce97 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x3ee97)
#6 0x00007f93bf22e801 abort (/lib/x86_64-linux-gnu/libc.so.6+0x40801)
#7 0x00007f93bf21e39a (/lib/x86_64-linux-gnu/libc.so.6+0x3039a)
#8 0x00007f93bf21e412 (/lib/x86_64-linux-gnu/libc.so.6+0x30412)
#9 0x00005652b4835f09 (anonymous namespace)::CheckBoundsDeclarations::AddBoundsCheck(clang::Expr*, (anonymous namespace)::CheckBoundsDeclarations::OperationKind, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:1479:0
#10 0x00005652b483986d (anonymous namespace)::CheckBoundsDeclarations::VisitCastExpr(clang::CastExpr*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2384:0
#11 0x00005652b4838b87 (anonymous namespace)::CheckBoundsDeclarations::TraverseStmt(clang::Stmt*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2176:0
#12 0x00005652b4838d5c (anonymous namespace)::CheckBoundsDeclarations::TraverseStmt(clang::Stmt*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2206:0
#13 0x00005652b4838d5c (anonymous namespace)::CheckBoundsDeclarations::TraverseStmt(clang::Stmt*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2206:0
#14 0x00005652b4838d5c (anonymous namespace)::CheckBoundsDeclarations::TraverseStmt(clang::Stmt*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2206:0
#15 0x00005652b4838d5c (anonymous namespace)::CheckBoundsDeclarations::TraverseStmt(clang::Stmt*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2206:0
#16 0x00005652b4838d5c (anonymous namespace)::CheckBoundsDeclarations::TraverseStmt(clang::Stmt*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2206:0
#17 0x00005652b4838d5c (anonymous namespace)::CheckBoundsDeclarations::TraverseStmt(clang::Stmt*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2206:0
#18 0x00005652b4838d5c (anonymous namespace)::CheckBoundsDeclarations::TraverseStmt(clang::Stmt*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2206:0
#19 0x00005652b483ab6d clang::Sema::CheckFunctionBodyBoundsDecls(clang::FunctionDecl*, clang::Stmt*) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2765:0

@secure-sw-dev-bot
Copy link
Author

Comment from @dtarditi:

Yes, this is a compiler bug. The following small piece of code will trigger this crash:

struct obj {
  _Array_ptr<_Nt_array_ptr<char>> names : count(num);
  size_t num;
};

void f(const struct obj *object ) {
   size_t i = 0;
   _Nt_array_ptr<const char> t : count(0) = _Dynamic_bounds_cast<_Nt_array_ptr<const char>>(object->names[i], count(0));}

It looks like we are accidentally walking a bounds expression that the compiler has inferred to use when implementing the dynamic check. We end up traversing the IR for the expression object->names[I] twice, which triggers the assert.

@secure-sw-dev-bot secure-sw-dev-bot mentioned this issue Jan 16, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@secure-sw-dev-bot