New user self-registration is disabled due to spam. For an account please email bugs-admin@lists.llvm.org with your e-mail address and full name.

Bug 33997 - clang-cl crash building Firefox
Summary: clang-cl crash building Firefox
Status: RESOLVED FIXED
Alias: None
Product: clang
Classification: Unclassified
Component: -New Bugs (show other bugs)
Version: 5.0
Hardware: PC Windows XP
: P enhancement
Assignee: Unassigned Clang Bugs
URL:
Keywords:
: 34287 (view as bug list)
Depends on:
Blocks: 33849
  Show dependency tree
 
Reported: 2017-07-30 16:53 PDT by Mike Hommey
Modified: 2017-08-24 09:22 PDT (History)
9 users (show)

See Also:
Fixed By Commit(s):


Attachments
Unified_cpp_layout_style2-74f457.sh (1.61 KB, application/x-shellscript)
2017-07-30 16:55 PDT, Mike Hommey
Details
Unified_cpp_layout_style2-74f457.sh (7.68 KB, application/x-shellscript)
2017-07-30 16:56 PDT, Mike Hommey
Details
slightly reduced preprocessed source (283.29 KB, application/gzip)
2017-08-03 10:07 PDT, Hans Wennborg
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Hommey 2017-07-30 16:53:09 PDT
Got this error on Firefox CI when trying to build with clang trunk as well as the tip of the release_50 branch (although I'm not 100% sure about the latter, the crash still says clang version 6):

23:25:12     INFO -  Wrote crash dump file "C:\Users\task_1501450873\AppData\Local\Temp\clang-cl.exe-5d77f6.dmp"
23:25:12     INFO -  #0 0x0102cce5 llvm::LexicalScopes::getOrCreateLexicalScope(class llvm::DILocalScope const *,class llvm::DILocation const *) (z:\build\build\src\clang\bin\clang-cl.exe+0x4bcce5)
23:25:12     INFO -  #1 0x0102ca0e llvm::LexicalScopes::getMachineBasicBlocks(class llvm::DILocation const *,class llvm::SmallPtrSetImpl<class llvm::MachineBasicBlock const *> &) (z:\build\build\src\clang\bin\clang-cl.exe+0x4bca0e)
23:25:12     INFO -  #2 0x02281259 clang::FriendDecl::anchor(void) (z:\build\build\src\clang\bin\clang-cl.exe+0x1711259)
23:25:12     INFO -  #3 0x00fcd3ea llvm::SparseBitVectorElement<128>::intersectWithComplement(struct llvm::SparseBitVectorElement<128> const &,bool &) (z:\build\build\src\clang\bin\clang-cl.exe+0x45d3ea)
23:25:12     INFO -  clang-cl.exe: error: clang frontend command failed due to signal (use -v to see invocation)
23:25:12     INFO -  clang version 6.0.0 (trunk 309511)
23:25:12     INFO -  Target: i686-pc-windows-msvc
23:25:12     INFO -  Thread model: posix
23:25:12     INFO -  InstalledDir: z:\build\build\src\clang\bin
23:25:12     INFO -  clang-cl.exe: note: diagnostic msg: PLEASE submit a bug report to http://llvm.org/bugs/ and include the crash backtrace, preprocessed source, and associated run script.
23:25:12     INFO -  clang-cl.exe: note: diagnostic msg:
23:25:12     INFO -  ********************
23:25:12     INFO -  PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
23:25:12     INFO -  Preprocessed source(s) and associated run script(s) are located at:
23:25:12     INFO -  clang-cl.exe: note: diagnostic msg: C:\Users\task_1501450873\AppData\Local\Temp\Unified_cpp_layout_style2-74f457.cpp
23:25:12     INFO -  clang-cl.exe: note: diagnostic msg: C:\Users\task_1501450873\AppData\Local\Temp\Unified_cpp_layout_style2-74f457.sh
23:25:12     INFO -  clang-cl.exe: note: diagnostic msg:
23:25:12     INFO -  ********************

I have the two mentioned files and will attach them. I also have the minidump if that helps. For good measure, I'll try a Linux build as well.
Comment 1 Mike Hommey 2017-07-30 16:55:19 PDT
Created attachment 18873 [details]
Unified_cpp_layout_style2-74f457.sh
Comment 2 Mike Hommey 2017-07-30 16:56:26 PDT
Created attachment 18874 [details]
Unified_cpp_layout_style2-74f457.sh
Comment 3 Mike Hommey 2017-07-30 16:57:54 PDT
Erf, can't attach files larger than 1MB... so here's a link to the file, but it's likely to die in a couple weeks:
https://queue.taskcluster.net/v1/task/ebW-b89iTiaXBEJjYVEK8Q/runs/0/artifacts/public/build/Unified_cpp_layout_style2-74f457.cpp
Comment 4 Mike Hommey 2017-07-30 17:15:34 PDT
Oh, and this doesn't happen on revision 293859, which is what we're currently using on CI for clang-cl.
Comment 5 Mike Hommey 2017-07-30 18:23:59 PDT
I confirmed in does happen with the tip of branches/release_50. It also happens with clang version 5.0.0 (trunk 306000).
Comment 6 Hans Wennborg 2017-08-01 10:50:44 PDT
Running creduce now.
Comment 7 Mike Hommey 2017-08-01 14:27:15 PDT
I'm running creduce too, but it's taking forever.

In the meanwhile, I identified the crash started at r297994 on 32-bits. Interestingly, it starts at a different revision on 64-bits. Bisection is not finished, but I'm closing in around r2963xx.
Comment 8 Mike Hommey 2017-08-01 15:09:02 PDT
Additional information: The crash happens with -debug-info-kind=limited (which is on the command line in the .sh) but not with -debug-info-kind=line-tables-only (or no -debug-info-kind at all)
Comment 9 Mike Hommey 2017-08-01 16:32:42 PDT
r297994 is https://reviews.llvm.org/D30919
Comment 10 Mike Hommey 2017-08-01 17:54:40 PDT
Summarizing a little: the same code crashes the compiler for i686 and x86-64 targets, with stack traces starting in the same function, but different code paths and regression commits.

For i686:
https://queue.taskcluster.net/v1/task/Uc0z217NR8SuZEKXKyL1Mg/runs/0/artifacts/public/build/Unified_cpp_layout_style2-1423d0.sh
https://queue.taskcluster.net/v1/task/Uc0z217NR8SuZEKXKyL1Mg/runs/0/artifacts/public/build/Unified_cpp_layout_style2-1423d0.cpp

The first revision to fail is 297994: https://github.com/llvm-mirror/llvm/commit/b70598b6c68514ad181960cfccc90ce4db583264

with the following stacktrace:
#0 0x0180a7a5 llvm::LexicalScopes::getOrCreateLexicalScope(class llvm::DILocalScope const *,class llvm::DILocation const *) (z:\32-297994\clang\bin\clang-cl.exe+0x48a7a5)
#1 0x0180a4ce llvm::LexicalScopes::getMachineBasicBlocks(class llvm::DILocation const *,class llvm::SmallPtrSetImpl<class llvm::MachineBasicBlock const *> &) (z:\32-297994\clang\bin\clang-cl.exe+0x48a4ce)
#2 0x029acdff clang::MacroDefinition::getMacroInfo(void)const  (z:\32-297994\clang\bin\clang-cl.exe+0x162cdff)
#3 0x017b5aaa llvm::SparseBitVectorElement<128>::intersectWithComplement(struct llvm::SparseBitVectorElement<128> const &,bool &) (z:\32-297994\clang\bin\clang-cl.exe+0x435aaa)

For x86-64:
https://queue.taskcluster.net/v1/task/fm4kWJ54Sn6BZ7EfMLJOAQ/runs/0/artifacts/public/build/Unified_cpp_layout_style2-3b4821.sh
https://queue.taskcluster.net/v1/task/fm4kWJ54Sn6BZ7EfMLJOAQ/runs/0/artifacts/public/build/Unified_cpp_layout_style2-3b4821.cpp

The first revision to fail is 296388: https://github.com/llvm-mirror/clang/commit/2b9de2a12492f72ff26b796e6230a256c06697ca

with the following stacktrace:
#0 0x00007ff6b74f3449 llvm::LexicalScopes::getOrCreateLexicalScope(class llvm::DILocalScope const *,class llvm::DILocation const *) (z:\64-296388\clang\bin\clang-cl.exe+0x5b3449)
#1 0x00007ff6b74f295c llvm::LexicalScopes::extractLexicalScopes(class llvm::SmallVectorImpl<struct std::pair<class llvm::MachineInstr const *,class llvm::MachineInstr const *> > &,class llvm::DenseMap<class llvm::MachineInstr const *,class llvm::LexicalScope *,struct llvm::DenseMapInfo<class llvm::MachineInstr const *>,struct llvm::detail::DenseMapPair<class llvm::MachineInstr const *,class llvm::LexicalScope *> > &) (z:\64-296388\clang\bin\clang-cl.exe+0x5b295c)
#2 0x00007ff6b74f3715 llvm::LexicalScopes::initialize(class llvm::MachineFunction const &) (z:\64-296388\clang\bin\clang-cl.exe+0x5b3715)
#3 0x00007ff6b748304e llvm::SparseBitVector<128>::intersectWithComplement(class llvm::SparseBitVector<128> const &) (z:\64-296388\clang\bin\clang-cl.exe+0x54304e)
#4 0x00007ff6b7398ba4 llvm::MachineFunctionPass::runOnFunction(class llvm::Function &) (z:\64-296388\clang\bin\clang-cl.exe+0x458ba4)
#5 0x00007ff6b7505686 llvm::FPPassManager::runOnFunction(class llvm::Function &) (z:\64-296388\clang\bin\clang-cl.exe+0x5c5686)
#6 0x00007ff6b75057e3 llvm::FPPassManager::runOnModule(class llvm::Module &) (z:\64-296388\clang\bin\clang-cl.exe+0x5c57e3)
#7 0x00007ff6b7505a4f llvm::FPPassManager::runOnModule(class llvm::Module &) (z:\64-296388\clang\bin\clang-cl.exe+0x5c5a4f)
#8 0x00007ff6b7505110 llvm::legacy::PassManagerImpl::run(class llvm::Module &) (z:\64-296388\clang\bin\clang-cl.exe+0x5c5110)
#9 0x00007ff6b79d91f4 clang::EmbedBitcode(class llvm::Module *,class clang::CodeGenOptions const &,class llvm::MemoryBufferRef) (z:\64-296388\clang\bin\clang-cl.exe+0xa991f4)
#10 0x00007ff6b79da0f1 clang::EmitBackendOutput(class clang::DiagnosticsEngine &,class clang::HeaderSearchOptions const &,class clang::CodeGenOptions const &,class clang::TargetOptions const &,class clang::LangOptions const &,class llvm::DataLayout const &,class llvm::Module *,enum clang::BackendAction,class std::unique_ptr<class llvm::raw_pwrite_stream,struct std::default_delete<class llvm::raw_pwrite_stream> >) (z:\64-296388\clang\bin\clang-cl.exe+0xa9a0f1)
#11 0x00007ff6b8d465eb clang::BackendConsumer::HandleTranslationUnit(class clang::ASTContext &) (z:\64-296388\clang\bin\clang-cl.exe+0x1e065eb)
#12 0x00007ff6b81fc9b6 clang::ParseAST(class clang::Sema &,bool,bool) (z:\64-296388\clang\bin\clang-cl.exe+0x12bc9b6)
#13 0x00007ff6b7c97b08 clang::ASTFrontendAction::ExecuteAction(void) (z:\64-296388\clang\bin\clang-cl.exe+0xd57b08)
#14 0x00007ff6b7c979e8 clang::FrontendAction::Execute(void) (z:\64-296388\clang\bin\clang-cl.exe+0xd579e8)
#15 0x00007ff6b7c6a83f clang::CompilerInstance::ExecuteAction(class clang::FrontendAction &) (z:\64-296388\clang\bin\clang-cl.exe+0xd2a83f)
#16 0x00007ff6b7ce8732 clang::ExecuteCompilerInvocation(class clang::CompilerInstance *) (z:\64-296388\clang\bin\clang-cl.exe+0xda8732)
#17 0x00007ff6b6f8514e clang::TextDiagnosticBuffer::~TextDiagnosticBuffer(void) (z:\64-296388\clang\bin\clang-cl.exe+0x4514e)
#18 0x00007ff6b6f816c1 clang::ChainedDiagnosticConsumer::EndSourceFile(void) (z:\64-296388\clang\bin\clang-cl.exe+0x416c1)
#19 0x00007ff6b6f8330c clang::ChainedDiagnosticConsumer::finish(void) (z:\64-296388\clang\bin\clang-cl.exe+0x4330c)
#20 0x00007ff6b8bbc6ad clang::LogDiagnosticPrinter::BeginSourceFile(class clang::LangOptions const &,class clang::Preprocessor const *) (z:\64-296388\clang\bin\clang-cl.exe+0x1c7c6ad)
#21 0x00007ffeebcb13d2 (C:\Windows\system32\KERNEL32.DLL+0x13d2)
#22 0x00007ffeedea54e4 (C:\Windows\SYSTEM32\ntdll.dll+0x154e4)
Comment 11 Hans Wennborg 2017-08-03 10:07:11 PDT
Created attachment 18901 [details]
slightly reduced preprocessed source

Attaching what I got from creduce so far (it's still running, slowly).

Invocation:

$ clang -cc1 -triple i686-pc-windows-msvc19.0.24213 -emit-obj -gcodeview -gcodeview -debug-info-kind=limited -fms-extensions -fms-compatibility -fms-compatibility-version=19.0.24213 -std=c++14 -fdelayed-template-parsing -x c++ a.ii
Comment 12 Hans Wennborg 2017-08-07 11:46:57 PDT
creduce finished:

struct already_AddRefed {
  ~already_AddRefed();
};
class RefPtr {
public:
  operator int *();
};
struct ServoCssRulesStrong {
  already_AddRefed Consume();
};
class GroupRule {
protected:
  GroupRule(already_AddRefed, int, int);
};
class ConditionRule : GroupRule {
  using GroupRule::GroupRule;
};
class CSSMediaRule : ConditionRule {
  using ConditionRule::ConditionRule;
};
class CSSMozDocumentRule : ConditionRule {
  using ConditionRule::ConditionRule;
};
class ServoDocumentRule : CSSMozDocumentRule {
  ServoDocumentRule(RefPtr, int, int);
};
class ServoMediaRule : CSSMediaRule {
  ServoMediaRule(RefPtr, int, int);
};
ServoCssRulesStrong Servo_MediaRule_GetRules(int *);
ServoCssRulesStrong Servo_DocumentRule_GetRules(int *);
ServoDocumentRule::ServoDocumentRule(RefPtr aRawRule, int aLine, int aColumn)
    : CSSMozDocumentRule(Servo_DocumentRule_GetRules(aRawRule).Consume(), aLine,
                         aColumn) {}

ServoMediaRule::ServoMediaRule(RefPtr aRawRule, int aLine, int aColumn)
    : CSSMediaRule(Servo_MediaRule_GetRules(aRawRule).Consume(), aLine,
                   aColumn) {}


$ clang -cc1 -triple i686-pc-windows-msvc19.0.24213 -emit-obj -gcodeview -debug-info-kind=limited -std=c++14 /tmp/a.cc
Comment 13 Hans Wennborg 2017-08-07 11:49:57 PDT
Both revisions in #10 point to you. Even if they perhaps uncovered some pre-existing problem, perhaps you can take a look?
Comment 14 Mike Hommey 2017-08-07 14:37:08 PDT
Interestingly, the reduced test case triggers the crash on revision 296388 on 32-bits, while with the full source code, it only started happening on r297994.
Comment 15 Hans Wennborg 2017-08-22 16:48:18 PDT
*** Bug 34287 has been marked as a duplicate of this bug. ***
Comment 16 Hans Wennborg 2017-08-22 16:49:17 PDT
Adrian, have you had a chance to look at this?
Comment 17 Adrian Prantl 2017-08-22 16:51:19 PDT
No, sorry, I somehow missed this PR. I'll have a look now.
Comment 18 Adrian Prantl 2017-08-22 16:57:07 PDT
(lldb) 
frame #1: 0x000000010103e7f0 clang`llvm::LexicalScopes::getOrCreateLexicalScope(llvm::DILocalScope const*, llvm::DILocation const*) + 64 at /Volumes/Fusion/Data/llvm/lib/CodeGen/LexicalScopes.cpp:144
   141 	                                                     const DILocation *IA) {
   142 	  if (IA) {
   143 	    // Skip scopes inlined from a NoDebug compile unit.
-> 144 	    if (Scope->getSubprogram()->getUnit()->getEmissionKind() ==
    	                                           ^
   145 	        DICompileUnit::NoDebug)
   146 	      return getOrCreateLexicalScope(IA);
   147 	    // Create an abstract scope for inlined function.
(lldb) p Scope
(const llvm::DILocalScope *) $0 = 0x0000000110005e70
(lldb) p Scope->dump()
<0x110005e70> = !DILexicalBlockFile(scope: <0x110307760>, file: <0x110302808>, discriminator: 0)
(lldb) p Scope->getSubprogram()->dump()
<0x110307760> = !DISubprogram(name: "GroupRule", scope: <0x110303170>, type: <0x1103076e0>, isLocal: false, isDefinition: false, flags: DIFlagProtected | DIFlagArtificial | DIFlagPrototyped, isOptimized: false)
(lldb) p Scope->getSubprogram()->getUnit()
(llvm::DICompileUnit *) $1 = 0x0000000000000000
(lldb) 

That looks like broken IR.
Comment 19 Adrian Prantl 2017-08-23 10:05:24 PDT
I think this might be a bug in r296388 (and the Verifier).
Comment 20 Adrian Prantl 2017-08-23 11:32:07 PDT
This *should* fix it.

diff --git a/lib/CodeGen/CGDebugInfo.cpp b/lib/CodeGen/CGDebugInfo.cpp
index fe2de36ac4..008f27c7a8 100644
--- a/lib/CodeGen/CGDebugInfo.cpp
+++ b/lib/CodeGen/CGDebugInfo.cpp
@@ -3287,7 +3287,7 @@ void CGDebugInfo::EmitInlineFunctionStart(CGBuilderTy &Builder, GlobalDecl GD) {
   llvm::DISubprogram *SP = nullptr;
   if (FI != SPCache.end())
     SP = dyn_cast_or_null<llvm::DISubprogram>(FI->second);
-  if (!SP)
+  if (!SP || !SP->isDefinition())
     SP = getFunctionStub(GD);
   FnBeginRegionCount.push_back(LexicalBlockStack.size());
   LexicalBlockStack.emplace_back(SP);
Comment 21 Adrian Prantl 2017-08-23 11:51:58 PDT
Confirmed.
Comment 22 Hans Wennborg 2017-08-23 13:22:09 PDT
(In reply to Adrian Prantl from comment #21)
> Confirmed.

Awesome! Are you doing a patch, or would you like me to give it a go?
Comment 23 Adrian Prantl 2017-08-23 13:23:32 PDT
I'm on it, I just need to write a testcase and I'm also working on a Verifier patch (I would recommend not putting the Verifier change onto the release branch though, as it may also uncover similar bugs).
Comment 24 Adrian Prantl 2017-08-23 14:27:34 PDT
CFE r311601.
Comment 25 Hans Wennborg 2017-08-23 14:43:20 PDT
(In reply to Adrian Prantl from comment #24)
> CFE r311601.

Excellent. Let's have it sit in trunk for a bit, then I'll merge it.
Comment 26 Adrian Prantl 2017-08-23 14:52:56 PDT
Verifier check in LLVM r311608.
Comment 27 Mike Hommey 2017-08-23 17:15:44 PDT
I can confirm Firefox builds fine on both 32-bits and 64-bits with r311608
Comment 28 Hans Wennborg 2017-08-24 09:22:25 PDT
Merged to 5.0 in r311671.