It appears to be a regression from 12.*. [758] % clangtk -v clang version 14.0.0 (https://github.com/llvm/llvm-project.git 8ed8d370880b5c4e7bbf52b50791710a9f4f834b) Target: x86_64-unknown-linux-gnu Thread model: posix InstalledDir: /local/suz-local/opfuzz/bin Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/8 Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6 Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6.5.0 Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7 Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7.5.0 Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/8 Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7.5.0 Candidate multilib: .;@m64 Candidate multilib: 32;@m32 Candidate multilib: x32;@mx32 Selected multilib: .;@m64 [759] % [759] % clangtk -O0 -w small.c; ./a.out [760] % [760] % clangtk -O1 -w small.c [761] % ./a.out Aborted [762] % [762] % cat small.c int printf(const char *, ...); int a, *b; int main() { int *c, *d, e; while (a) { int f[1]; while (a) printf(c); c = f; b = (int *)&d; } L: e = 1; if (a) { printf("%d", a); b = &e; (*c)++; } if (a) goto L; if (!e) __builtin_abort(); return 0; }
The bug is either in or exposed by CGP. I'm attaching a slight IR reduction that shows this diff: % llc -o - -disable-cgp=0 52496.ll | clang -x assembler - && ./a.out; echo $? 0 % llc -o - -disable-cgp=1 52496.ll | clang -x assembler - && ./a.out; echo $? 1
Created attachment 25452 [details] IR test for codegenprepare
I see that CGP is duplicating/sinking casts of alloca'd pointers around lifetime markers and that seems suspicious, but I'm not familiar with how that (or StackColoring?) works. cc'ing some other contributors based on commit logs in those areas.