segmentation fault of target program caused by loop-reroll with "opt -mem2reg -loop-unswitch -indvars -loop-rotate -loop-unswitch -jump-threading -loop-unroll -jump-threading -loop-reroll"

[coffezhou]

Bugzilla Link	42267
Version	trunk
OS	Linux
Attachments	.bc file of the source code, small-opt.bc
CC	@efriedma-quic,@fhahn

Extended Description

$clang -v
clang version 9.0.0 (trunk 362492)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/jack-zhou/Documents/llvm/llvm_truck/llvm2/build/bin
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5.5.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6.5.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7.4.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/8
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7.4.0
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Candidate multilib: x32;@mx32
Selected multilib: .;@m64


$gcc small.c -o small1.out && ./small1.out
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

$clang small.c -o small2.out && ./small2.out
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000


$clang -O3 -c -emit-llvm  -mllvm -disable-llvm-optzns small.c

$opt -mem2reg -loop-unswitch -indvars -loop-rotate -loop-unswitch -jump-threading -loop-unroll -jump-threading  small.bc -o small-opt.bc

$clang small-opt.bc -o small3.out && ./small3.out
Segmentation fault (core dumped)

without loop-reroll pass, the output is correct.

$$opt -mem2reg -loop-unswitch -indvars -loop-rotate -loop-unswitch -jump-threading -loop-unroll -jump-threading  small.bc -o small-opt1.bc

$clang small-opt1.bc -o small4.out && ./small4.out
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

#include<stdio.h>
int a[8][10][2];
void main() {
  int b, c, d;
  for (b = 0; b < 8; b++)
    for (c = 0; c < 10; c++)
      for (d = 0; d < 2; d++)
        printf("%d", a[b][c][d]);
}

[fhahn]

small-before-reroll.bc
I've attached small-before-reroll.bc, which requires only -loop-reroll to trigger different behavior

opt -loop-reroll small-before-reroll.bc -o small-opt.bc 
clang small-opt.bc -o small3.out && ./small3.out
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001935631468168495753894372981769107551144159403213319694483121701077349723593702-187904742400206211048847123191027111677721701677721705160006147219694483121701077349016345576961852404336160041688918524002232036621151163515019400000000000000000000000000000000000000000000000

clang small-before-reroll -o small3.out && ./small3.out
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

[nikic]

The LoopReroll pass has been removed by #80972.