LLVM IR crashes but not sure why

jarrettchisholm · April 22, 2023, 3:48pm

The following LLVM IR code runs fine:

define i32 @main() {
entry:
  %a = alloca i32, align 4
  
  store i32 1, i32* %a, align 4
  
  %b = alloca i32*, align 8
  
  %0 = load i32*, i32** %b, align 8
  store i32 1, i32* %0, align 4
  
  ret i32 0
}

However, if I comment out the first 2 lines it crashes with the following stack trace:

PLEASE submit a bug report to Issues · llvm/llvm-project · GitHub and include the crash backtrace.
Stack dump:
0. Program arguments: C:\Users\Jarrett\projects\llvm-project\build\Release\bin\lli.exe …\test.ll
Exception Code: 0xC0000005
#0 0x00000289630e0005
#1 0x0000000000000001
#2 0x00007ff69ff79cb6 (C:\Users\Jarrett\projects\llvm-project\build\Release\bin\lli.exe+0x5a9cb6)
#3 0x00007ff69fa1f76d (C:\Users\Jarrett\projects\llvm-project\build\Release\bin\lli.exe+0x4f76d)
#4 0x00007ff69fa221b9 (C:\Users\Jarrett\projects\llvm-project\build\Release\bin\lli.exe+0x521b9)
#5 0x00007ff6a08a2210 (C:\Users\Jarrett\projects\llvm-project\build\Release\bin\lli.exe+0xed2210)
#6 0x00007ff8c15c7604 (C:\Windows\System32\KERNEL32.DLL+0x17604)
#7 0x00007ff8c2aa26a1 (C:\Windows\SYSTEM32\ntdll.dll+0x526a1)

I’m unable to figure out why commenting out the first 2 lines would cause it to crash.

Anyone have any ideas?

jrtc27 · April 22, 2023, 6:30pm

*%b is uninitialised junk that you read and dereference. Allocating %a changes your stack frame layout and presumably happens to move %b such that it aliases with a valid pointer from a previous stack frame on your specific machine with your specific build of LLVM.

This is the equivalent of:

int
main(void)
{
  int a;

  *&a = 1; /* i.e. a = 1 */

  int *b;

  tmp = *&b; /* i.e. tmp = b */
  *tmp = 1; /* i.e. *b = 1 */

  return (0);
}

jarrettchisholm · April 22, 2023, 11:05pm

Thanks for the explanation @jrtc27!