[middle-end] Crash in llvm::scc_begin #118169
Description
Description
version: llvm-19.1.4, llvm-13
path: llvm-19.1.4/llvm/include/llvm/ADT/SCCIterator.h
call scc_begin when the llvm::Function is declaration, will trigger crash
F is a decaration: declare i32 @printf(ptr noundef, ...) #1
for (scc_iterator<Function *> I = llvm::scc_begin(&F),
IE = llvm::scc_end(&F);
I != IE; ++I) static scc_iterator begin(const GraphT &G) {
return scc_iterator(GT::getEntryNode(G));
}GT::getEntryNode(G) will return a invalid NodeRef
template <> struct GraphTraits<Function *> : public GraphTraits<BasicBlock *> {
static NodeRef getEntryNode(Function *F) {
return &F->getEntryBlock();
}DFSVisitOne will use it
scc_iterator(NodeRef entryN) : visitNum(0) {
DFSVisitOne(entryN);
GetNextSCC();
}N is invalid, visit nodeVisitNumbers[N] will crash
template <class GraphT, class GT>
void scc_iterator<GraphT, GT>::DFSVisitOne(NodeRef N) {
++visitNum;
nodeVisitNumbers[N] = visitNum;
SCCNodeStack.push_back(N);
VisitStack.push_back(StackElement(N, GT::child_begin(N), visitNum));
#if 0 // Enable if needed when debugging.
dbgs() << "TarjanSCC: Node " << N <<
" : visitNum = " << visitNum << "\n";
#endif
}Testcase
test.ll
; ModuleID = 'test.c'
source_filename = "test.c"
target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-i128:128-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"
@.str = private unnamed_addr constant [8 x i8] c"func a\0A\00", align 1
@.str.1 = private unnamed_addr constant [8 x i8] c"func b\0A\00", align 1
@.str.2 = private unnamed_addr constant [5 x i8] c"end\0A\00", align 1
; Function Attrs: noinline nounwind optnone uwtable
define dso_local void @a() #0 {
%1 = call i32 (ptr, ...) @printf(ptr noundef @.str)
ret void
}
declare i32 @printf(ptr noundef, ...) #1
; Function Attrs: noinline nounwind optnone uwtable
define dso_local void @b() #0 {
%1 = call i32 (ptr, ...) @printf(ptr noundef @.str.1)
ret void
}
; Function Attrs: noinline nounwind optnone uwtable
define dso_local i32 @main() #0 {
%1 = alloca i32, align 4
%2 = alloca i32, align 4
store i32 0, ptr %1, align 4
store i32 1, ptr %2, align 4
call void @b()
%3 = load i32, ptr %2, align 4
%4 = icmp sgt i32 %3, 0
br i1 %4, label %5, label %11
5: ; preds = %0
%6 = load i32, ptr %2, align 4
%7 = icmp sgt i32 %6, -1
br i1 %7, label %8, label %9
8: ; preds = %5
call void @b()
store i32 1, ptr %1, align 4
br label %18
9: ; preds = %5
br label %10
10: ; preds = %15, %9
call void @a()
br label %16
11: ; preds = %0
%12 = load i32, ptr %2, align 4
%13 = icmp slt i32 %12, -1
br i1 %13, label %14, label %15
14: ; preds = %11
br label %16
15: ; preds = %11
br label %10
16: ; preds = %14, %10
%17 = call i32 (ptr, ...) @printf(ptr noundef @.str.2)
br label %18
18: ; preds = %16, %8
%19 = load i32, ptr %1, align 4
ret i32 %19
}
attributes #0 = { noinline nounwind optnone uwtable "frame-pointer"="all" "min-legal-vector-width"="0" "no-trapping-math"="true" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+cmov,+cx8,+fxsr,+mmx,+sse,+sse2,+x87" "tune-cpu"="generic" }
attributes #1 = { "frame-pointer"="all" "no-trapping-math"="true" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+cmov,+cx8,+fxsr,+mmx,+sse,+sse2,+x87" "tune-cpu"="generic" }
!llvm.module.flags = !{!0, !1, !2, !3, !4}
!llvm.ident = !{!5}
!0 = !{i32 1, !"wchar_size", i32 4}
!1 = !{i32 8, !"PIC Level", i32 2}
!2 = !{i32 7, !"PIE Level", i32 2}
!3 = !{i32 7, !"uwtable", i32 2}
!4 = !{i32 7, !"frame-pointer", i32 2}
!5 = !{!"clang version 19.1.4"}
llvm pass code
for (auto &F : M) {
for (scc_iterator<Function *> I = llvm::scc_begin(&F),
IE = llvm::scc_end(&F);
I != IE; ++I) {
}
}command
opt -debug-pass-manager -load-pass-plugin=build/xxx/xxx.so -passes=xxx -disable-output test.ll > "test.ll.txt" 2>&1