clang crashed when handling va_list

[PikachuHyA]

test case

#include <stdarg.h>
static int lemon_vsprintf(char *str, const char *zFormat, va_list ap){
  int v = va_arg(ap, int);
  return 0;
}
static int lemon_sprintf(char *str, const char *format, ...) {
    va_list ap;
    va_start(ap, format);
    lemon_vsprintf(str, format, ap);
    va_end(ap);
    return 0;
}

static void parseonetoken() {
    char zLine[50];
    lemon_sprintf(zLine, "#line %d ", 1);
}
void Parse() { parseonetoken(); }

build with clang -c -fclangir reg.c -Xclang -emit-cir -o reg.cir, then crashed
the clang is built with 8311717

NYI Target lowering is now required. To workaround use -fno-clangir-call-conv-lowering. This flag is going to be removed at some point.
UNREACHABLE executed at clang/lib/CIR/Dialect/Transforms/TargetLowering/Targets/LoweringPrepareItaniumCXXABI.cpp:172!
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: /tmp/install-llvm-github/bin/clang -c -fclangir reg.c -Xclang -emit-cir -o reg.cir
1.	<eof> parser at end of file
 #0 0x0000000002084338 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/tmp/install-llvm-github/bin/clang+0x2084338)
 #1 0x0000000002081e2e llvm::sys::RunSignalHandlers() (/tmp/install-llvm-github/bin/clang+0x2081e2e)
 #2 0x00000000020836c9 llvm::sys::CleanupOnSignal(unsigned long) (/tmp/install-llvm-github/bin/clang+0x20836c9)
 #3 0x0000000001ffcb36 CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
 #4 0x00007f2c594ef1e0 __restore_rt sigaction.c:0:0
 #5 0x00007f2c58fcdbb5 raise (/lib64/libc.so.6+0x3dbb5)
 #6 0x00007f2c58fb68a4 abort (/lib64/libc.so.6+0x268a4)
 #7 0x00000000020032c0 llvm::install_out_of_memory_new_handler() (/tmp/install-llvm-github/bin/clang+0x20032c0)
 #8 0x0000000004341a99 (/tmp/install-llvm-github/bin/clang+0x4341a99)
 #9 0x000000000431e1cc (anonymous namespace)::LoweringPreparePass::lowerVAArgOp(mlir::cir::VAArgOp) LoweringPrepare.cpp:0:0
#10 0x000000000431a49c (anonymous namespace)::LoweringPreparePass::runOnOperation() LoweringPrepare.cpp:0:0
#11 0x00000000049eabc6 mlir::detail::OpToOpPassAdaptor::run(mlir::Pass*, mlir::Operation*, mlir::AnalysisManager, bool, unsigned int) (/tmp/install-llvm-github/bin/clang+0x49eabc6)
#12 0x00000000049eb3f2 mlir::detail::OpToOpPassAdaptor::runPipeline(mlir::OpPassManager&, mlir::Operation*, mlir::AnalysisManager, bool, unsigned int, mlir::PassInstrumentor*, mlir::PassInstrumentation::PipelineParentInfo const*) (/tmp/install-llvm-github/bin/clang+0x49eb3f2)
#13 0x00000000049ed9ae mlir::PassManager::run(mlir::Operation*) (/tmp/install-llvm-github/bin/clang+0x49ed9ae)
#14 0x00000000033f81cf cir::runCIRToCIRPasses(mlir::ModuleOp, mlir::MLIRContext*, clang::ASTContext&, bool, bool, llvm::StringRef, bool, llvm::StringRef, bool, llvm::StringRef, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&, bool, bool, bool, bool, bool) (/tmp/install-llvm-github/bin/clang+0x33f81cf)
#15 0x00000000032fd2ed cir::CIRGenConsumer::HandleTranslationUnit(clang::ASTContext&)::'lambda'()::operator()() const (/tmp/install-llvm-github/bin/clang+0x32fd2ed)
#16 0x00000000032fc4e7 cir::CIRGenConsumer::HandleTranslationUnit(clang::ASTContext&) (/tmp/install-llvm-github/bin/clang+0x32fc4e7)
#17 0x00000000055e0a49 clang::ParseAST(clang::Sema&, bool, bool) (/tmp/install-llvm-github/bin/clang+0x55e0a49)
#18 0x0000000002ace4af clang::FrontendAction::Execute() (/tmp/install-llvm-github/bin/clang+0x2ace4af)
#19 0x0000000002a3f2ad clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/tmp/install-llvm-github/bin/clang+0x2a3f2ad)
#20 0x0000000002baeb8e clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/tmp/install-llvm-github/bin/clang+0x2baeb8e)
#21 0x0000000000ed300b cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/tmp/install-llvm-github/bin/clang+0xed300b)
#22 0x0000000000ecf5ee ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#23 0x0000000002894df9 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::$_0>(long) Job.cpp:0:0
#24 0x0000000001ffc876 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/tmp/install-llvm-github/bin/clang+0x1ffc876)
#25 0x00000000028944c2 clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (/tmp/install-llvm-github/bin/clang+0x28944c2)
#26 0x00000000028531cc clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/tmp/install-llvm-github/bin/clang+0x28531cc)
#27 0x00000000028534d7 clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (/tmp/install-llvm-github/bin/clang+0x28534d7)
#28 0x0000000002870968 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (/tmp/install-llvm-github/bin/clang+0x2870968)
#29 0x0000000000ecec2f clang_main(int, char**, llvm::ToolContext const&) (/tmp/install-llvm-github/bin/clang+0xecec2f)
#30 0x0000000000ede517 main (/tmp/install-llvm-github/bin/clang+0xede517)
#31 0x00007f2c58fb81b2 __libc_start_main (/lib64/libc.so.6+0x281b2)
#32 0x0000000000ecd22e _start (/tmp/install-llvm-github/bin/clang+0xecd22e)
clang: error: clang frontend command failed with exit code 134 (use -v to see invocation)
clang version 20.0.0git (8311717092e3c988f00d7488a571e016d9fc7d28)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /tmp/install-llvm-github/bin
Build config: +assertions
clang: error: unable to execute command: Aborted
clang: note: diagnostic msg: Error generating preprocessed source(s).

also crashed with clang -c -fclangir -fno-clangir-call-conv-lowering reg.c -Xclang -emit-cir -o reg.cir

if remove lemon_vsprintf(str, format, ap); in function lemon_sprintf, it works.

NOTE: this case is simplified from building sqlite https://github.com/sqlite/sqlite , the original file is https://github.com/sqlite/sqlite/blob/master/tool/lemon.c

[smeenai]

Thanks for the report! #974 might possibly be related, but -fno-clangir-call-conv-lowering isn't solving your issue, so I'm not 100% sure. If you have the time to do so, would you be able to build Clang with the lowering patches locally reverted, to see if that fixes it?

[smeenai]

Looking into it a bit more, I think va_arg is just not implemented for architectures other than AArch64 yet; the target lowering message is probably a red herring here.

[PikachuHyA]

emmm. I find code here

clangir/clang/lib/CIR/Dialect/Transforms/TargetLowering/Targets/LoweringPrepareItaniumCXXABI.cpp

Lines 167 to 173 in 199228d

	mlir::Value LoweringPrepareItaniumCXXABI::lowerVAArg(
	CIRBaseBuilderTy &builder, mlir::cir::VAArgOp op,
	const ::cir::CIRDataLayout &datalayout) {
	// There is no generic cir lowering for var_arg, here we fail
	// so to prevent attempt of calling lowerVAArg for ItaniumCXXABI
	cir_cconv_unreachable("NYI");
	}

[smeenai]

Yup, but that code goes back to #573, so it's been like this since May as far as I can tell. In other words, this is still something we need to fix, but I don't think it's related to the recent calling convention lowering work.

[bcardosolopes]

FWIW, I disabled the new callconv stuff in 6cf9c5d

[ivanmurashko]

I am going to take the issue