[AVR] compiler segfaults

[gergoerdi]

On this linked repository, running cargo build --release fails with a segmentation fault:

/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/librustc_driver-e0c8ab3d159f8c4e.so(+0x328ffe3)[0x7fe530e8ffe3]
/lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7fe52d842520]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so(+0x5736edf)[0x7fe52c136edf]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so(+0x573570a)[0x7fe52c13570a]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so(+0x57347c4)[0x7fe52c1347c4]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so(+0x56d9481)[0x7fe52c0d9481]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so(_ZN4llvm12RegAllocBase16allocatePhysRegsEv+0x14c)[0x7fe52c13020c]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so(+0x5797f30)[0x7fe52c197f30]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so(_ZN4llvm13FPPassManager13runOnFunctionERNS_8FunctionE+0xb11)[0x7fe52c387461]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so(_ZN4llvm13FPPassManager11runOnModuleERNS_6ModuleE+0x2f)[0x7fe52c38692f]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so(_ZN4llvm6legacy15PassManagerImpl3runERNS_6ModuleE+0x210)[0x7fe52c20b29e]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/librustc_driver-e0c8ab3d159f8c4e.so(+0x2757582)[0x7fe530357582]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/librustc_driver-e0c8ab3d159f8c4e.so(+0x2756f45)[0x7fe530356f45]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/librustc_driver-e0c8ab3d159f8c4e.so(+0x2754e97)[0x7fe530354e97]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/librustc_driver-e0c8ab3d159f8c4e.so(+0x2785f9d)[0x7fe530385f9d]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/librustc_driver-e0c8ab3d159f8c4e.so(+0x2784ecc)[0x7fe530384ecc]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/librustc_driver-e0c8ab3d159f8c4e.so(+0x2783d2e)[0x7fe530383d2e]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/librustc_driver-e0c8ab3d159f8c4e.so(+0x26898f4)[0x7fe5302898f4]
/home/cactus/sdk/rust/rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/librustc_driver-e0c8ab3d159f8c4e.so(+0x4045b33)[0x7fe531c45b33]
/lib/x86_64-linux-gnu/libc.so.6(+0x94b43)[0x7fe52d894b43]
/lib/x86_64-linux-gnu/libc.so.6(+0x126a00)[0x7fe52d926a00]
warning: `worduino-avr` (bin "worduino-avr") generated 2 warnings (run `cargo fix --bin "worduino-avr"` to apply 2 suggestions)
error: could not compile `worduino-avr`; 2 warnings emitted

Caused by:
  process didn't exit successfully: `rustc --crate-name worduino_avr src/main.rs --error-format=json --json=diagnostic-rendered-ansi,artifacts,future-incompat --crate-type bin --emit=dep-info,link -C opt-level=3 -C lto -C metadata=6d6db11dfacad857 -C extra-filename=-6d6db11dfacad857 --out-dir /home/cactus/prog/rust/avr/bugs/segfault/target/avr-atmega32u4/release/deps --target /home/cactus/prog/rust/avr/bugs/segfault/avr-atmega32u4.json -L dependency=/home/cactus/prog/rust/avr/bugs/segfault/target/avr-atmega32u4/release/deps -L dependency=/home/cactus/prog/rust/avr/bugs/segfault/target/release/deps --extern avr_config=/home/cactus/prog/rust/avr/bugs/segfault/target/avr-atmega32u4/release/deps/libavr_config-8902202b8ad51356.rlib --extern avr_std_stub=/home/cactus/prog/rust/avr/bugs/segfault/target/avr-atmega32u4/release/deps/libavr_std_stub-c3510b4296c6559e.rlib --extern 'noprelude:compiler_builtins=/home/cactus/prog/rust/avr/bugs/segfault/target/avr-atmega32u4/release/deps/libcompiler_builtins-d2b51c47ad38c941.rlib' --extern 'noprelude:core=/home/cactus/prog/rust/avr/bugs/segfault/target/avr-atmega32u4/release/deps/libcore-195cf775332e0617.rlib' --extern worduino_engine=/home/cactus/prog/rust/avr/bugs/segfault/target/avr-atmega32u4/release/deps/libworduino_engine-a6a2c489fed3cc79.rlib -Z unstable-options --emit=llvm-bc` (signal: 11, SIGSEGV: invalid memory reference)

[gergoerdi]

I tried making the reproducer as small as possible, but at some point it becomes extremely sensitive to seemingly trivial changes: for example, if I remove the unused score field from Player, suddenly the segfault goes away.

[gergoerdi]

Tried it with latest nightly, crashes just the same:

$ rustup toolchain install nightly-2023-01-24
$ rustup component add rust-src --toolchain nightly-2023-01-24-x86_64-unknown-linux-gnu
$ rustup override set nightly-2023-01-24
$ cargo build --release
...
error: could not compile `worduino-avr`; 2 warnings emitted

Caused by:
  process didn't exit successfully: `rustc --crate-name worduino_avr src/main.rs --error-format=json --json=diagnostic-rendered-ansi,artifacts,future-incompat --diagnostic-width=150 --crate-type bin --emit=dep-info,link -C opt-level=3 -C lto -C metadata=65b5fd88837c4926 -C extra-filename=-65b5fd88837c4926 --out-dir /home/cactus/prog/rust/avr/bugs/segfault/target/avr-atmega32u4/release/deps --target /home/cactus/prog/rust/avr/bugs/segfault/avr-atmega32u4.json -L dependency=/home/cactus/prog/rust/avr/bugs/segfault/target/avr-atmega32u4/release/deps -L dependency=/home/cactus/prog/rust/avr/bugs/segfault/target/release/deps --extern avr_config=/home/cactus/prog/rust/avr/bugs/segfault/target/avr-atmega32u4/release/deps/libavr_config-9dd7198fde59ab9f.rlib --extern avr_std_stub=/home/cactus/prog/rust/avr/bugs/segfault/target/avr-atmega32u4/release/deps/libavr_std_stub-a6f7257e58f8cef6.rlib --extern 'noprelude:compiler_builtins=/home/cactus/prog/rust/avr/bugs/segfault/target/avr-atmega32u4/release/deps/libcompiler_builtins-04596a6bfc480d2b.rlib' --extern 'noprelude:core=/home/cactus/prog/rust/avr/bugs/segfault/target/avr-atmega32u4/release/deps/libcore-eac7e4ed729ade79.rlib' --extern worduino_engine=/home/cactus/prog/rust/avr/bugs/segfault/target/avr-atmega32u4/release/deps/libworduino_engine-6d2d2f69f1e30efe.rlib -Z unstable-options --emit=llvm-bc` (signal: 11, SIGSEGV: invalid memory reference)

[Noratrieb]

Can you try getting a backtrace where the segfault occurs by running the rustc command in a debugger?

[gergoerdi]

Can you try getting a backtrace where the segfault occurs by running the rustc command in a debugger?

Sure. BTW, is your question implying that you didn't manage to reproduce this with what I've provided so far? Do let me know if I'm missing some inputs that are relevant.

0x00007ffff2136edf in llvm::RAGreedy::calculateRegionSplitCost(llvm::LiveInterval const&, llvm::AllocationOrder&, llvm::BlockFrequency&, unsigned int&, bool) () from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so
=> 0x00007ffff2136edf <_ZN4llvm8RAGreedy24calculateRegionSplitCostERKNS_12LiveIntervalERNS_15AllocationOrderERNS_14BlockFrequencyERjb+4059>:	48 8b 49 10	mov    0x10(%rcx),%rcx
(gdb) bt
#0  0x00007ffff2136edf in llvm::RAGreedy::calculateRegionSplitCost(llvm::LiveInterval const&, llvm::AllocationOrder&, llvm::BlockFrequency&, unsigned int&, bool) () from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so
#1  0x00007ffff213570a in llvm::RAGreedy::tryRegionSplit(llvm::LiveInterval const&, llvm::AllocationOrder&, llvm::SmallVectorImpl<llvm::Register>&)
    () from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so
#2  0x00007ffff21347c4 in llvm::RAGreedy::trySplit(llvm::LiveInterval const&, llvm::AllocationOrder&, llvm::SmallVectorImpl<llvm::Register>&, llvm::SmallSet<llvm::Register, 16u, std::less<llvm::Register> > const&) ()
   from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so
#3  0x00007ffff20d9481 in non-virtual thunk to llvm::RAGreedy::selectOrSplit(llvm::LiveInterval const&, llvm::SmallVectorImpl<llvm::Register>&) ()
   from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so
#4  0x00007ffff213020c in llvm::RegAllocBase::allocatePhysRegs() ()
   from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so
#5  0x00007ffff2197f30 in llvm::RAGreedy::runOnMachineFunction(llvm::MachineFunction&) ()
   from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so
#6  0x00007ffff2387461 in llvm::FPPassManager::runOnFunction(llvm::Function&) ()
   from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so
#7  0x00007ffff238692f in llvm::FPPassManager::runOnModule(llvm::Module&) ()
   from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so
#8  0x00007ffff220b29e in llvm::legacy::PassManagerImpl::run(llvm::Module&) ()
   from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/libLLVM-15-rust-1.67.0-nightly.so
#9  0x00007ffff6357582 in LLVMRustWriteOutputFile ()
   from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/librustc_driver-e0c8ab3d159f8c4e.so
#10 0x00007ffff6356f45 in rustc_codegen_llvm::back::write::write_output_file ()
   from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/librustc_driver-e0c8ab3d159f8c4e.so
#11 0x00007ffff6354e97 in rustc_codegen_llvm::back::write::codegen ()
   from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/librustc_driver-e0c8ab3d159f8c4e.so
#12 0x00007ffff6385f9d in rustc_codegen_ssa::back::write::finish_intra_module_work::<rustc_codegen_llvm::LlvmCodegenBackend> ()
   from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/librustc_driver-e0c8ab3d159f8c4e.so
#13 0x00007ffff6384ecc in rustc_codegen_ssa::back::write::execute_work_item::<rustc_codegen_llvm::LlvmCodegenBackend> ()
   from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/librustc_driver-e0c8ab3d159f8c4e.so
#14 0x00007ffff6383d2e in std::sys_common::backtrace::__rust_begin_short_backtrace::<<rustc_codegen_llvm::LlvmCodegenBackend as rustc_codegen_ssa::traits::backend::ExtraBackendMethods>::spawn_named_thread<rustc_codegen_ssa::back::write::spawn_work<rustc_codegen_llvm::LlvmCodegenBackend>::{closure#0}, ()>::{closure#0}, ()> () from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/librustc_driver-e0c8ab3d159f8c4e.so
#15 0x00007ffff62898f4 in <<std::thread::Builder>::spawn_unchecked_<<rustc_codegen_llvm::LlvmCodegenBackend as rustc_codegen_ssa::traits::backend::ExtraBackendMethods>::spawn_named_thread<rustc_codegen_ssa::back::write::spawn_work<rustc_codegen_llvm::LlvmCodegenBackend>::{closure#0}, ()>::{closure#0}, ()>::{closure#1} as core::ops::function::FnOnce<()>>::call_once::{shim:vtable#0} ()
   from /home/cactus/.rustup/toolchains/nightly-2022-12-09-x86_64-unknown-linux-gnu/lib/librustc_driver-e0c8ab3d159f8c4e.so
#16 0x00007ffff7c45b33 in alloc::boxed::{impl#45}::call_once<(), dyn core::ops::function::FnOnce<(), Output=()>, alloc::alloc::Global> ()
    at library/alloc/src/boxed.rs:2000
#17 alloc::boxed::{impl#45}::call_once<(), alloc::boxed::Box<dyn core::ops::function::FnOnce<(), Output=()>, alloc::alloc::Global>, alloc::alloc::Glob--Type <RET> for more, q to quit, c to continue without paging--
al> () at library/alloc/src/boxed.rs:2000
#18 std::sys::unix::thread::{impl#2}::new::thread_start () at library/std/src/sys/unix/thread.rs:108
#19 0x00007ffff3894b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#20 0x00007ffff3926a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

[workingjubilee]

Just noting that this still reproduces even with avr-progmem 0.3.3, the latest fixes in rustc for AVR and repr(C), and turning off --emit=llvm-bc.

[gergoerdi]

Hmm. Isn't it also a bug in itself if --emit=llvm-bc changes the behaviour at all?

[workingjubilee]

Oh, probably.
That's why I noted that it is not at fault!

[Patryk27]

fwiw, on the newest llvm-project (with debug assertions enabled), this itself:

#![no_std]
#![no_main]

extern crate avr_std_stub;

use core::{hint::black_box, panic::PanicInfo};

fn reverse_bits(mut x: u8) -> u8 {
    let mut y: u8 = 0;
    let mut i = 7;

    while i > 0 {
        if x & 0x01 != 0 {
            y |= 0x80;
        }

        y = y.rotate_left(1);
        x >>= 1;
        i -= 1;
    }

    y
}

#[no_mangle]
pub extern "C" fn main() {
    let x = black_box(123);
    let x = reverse_bits(x);
    let x = black_box(x);

    loop {
        //
    }
}

... fails with:

LLVM ERROR: Cannot select: t49: i8 = ROL t38
  t38: i8 = or t37, t50
    t37: i8 = and t60, Constant:i8<-128>
      t60: i8 = LSL t2
        t2: i8,ch = CopyFromReg t0, Register:i8 %0
          t1: i8 = Register %0
      t12: i8 = Constant<-128>
    t50: i8 = ROL t34
      t34: i8 = or t33, t51
        t33: i8 = and t61, Constant:i8<-128>
          t61: i8 = LSL t60
            t60: i8 = LSL t2
              t2: i8,ch = CopyFromReg t0, Register:i8 %0
                t1: i8 = Register %0
          t12: i8 = Constant<-128>
        t51: i8 = ROL t29
          t29: i8 = or t28, t52
            t28: i8 = and t62, Constant:i8<-128>
              t62: i8 = LSL t61
                t61: i8 = LSL t60
                  t60: i8 = LSL t2

              t12: i8 = Constant<-128>
            t52: i8 = ROL t24
              t24: i8 = or t63, t53
                t63: i8 = and t55, Constant:i8<-128>
                  t55: i8 = <<Unknown Target Node #459>> t2

                  t12: i8 = Constant<-128>
                t53: i8 = ROL t19
                  t19: i8 = or t18, t54

Curiously, it works with 16-bit+ types; I'll see if there's anything I can do.

Edit: minimized:

define i8 @test(i8 %0) {
start:
  %1 = call i8 @llvm.fshl.i8(i8 %0, i8 %0, i8 1)
  ret i8 %1
}

declare i8 @llvm.fshl.i8(i8, i8, i8)

[Patryk27]

Okie, patch submitted:
https://reviews.llvm.org/D152063

With that patch, compiling your application, @gergoerdi, seems to pass; I'll let know once the patch is merged and applied to rustc 🙂