[Bug tree-optimization/123588] New: [16 regression] Clang miscompiled

sjames at gcc dot gnu.org via Gcc-bugs Wed, 14 Jan 2026 13:00:37 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=123588


            Bug ID: 123588
           Summary: [16 regression] Clang miscompiled
           Product: gcc
           Version: 16.0
            Status: UNCONFIRMED
          Keywords: wrong-code
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: sjames at gcc dot gnu.org
  Target Milestone: ---

Clang is miscompiled, showing up when e.g. building Firefox (working around
PR123229) or when building compiler-rt*, in its lexing:
Another bt:
```
1.     
/var/tmp/portage/llvm-core/libclc-21.1.8/work/libclc/clc/include/clc/clctypes.h:28:9
<Spelling=/var/tmp/portage/llvm-core/libclc-21.1.8/work/libclc/clc/include/clc/clctypes.h:25:
22>: current parser token '__stdint_join3'
 #0 0x00007f75e262a62a llvm::sys::PrintStackTrace(llvm::raw_ostream&, int)
/usr/src/debug/llvm-core/llvm-21.1.8/llvm/lib/Support/Unix/Signals.inc:838:3
 #1 0x00007f75e2626dc4 llvm::sys::RunSignalHandlers()
/usr/src/debug/llvm-core/llvm-21.1.8/llvm/lib/Support/Signals.cpp:104:20
 #2 0x00007f75e251b49c HandleCrash
/usr/src/debug/llvm-core/llvm-21.1.8/llvm/lib/Support/CrashRecoveryContext.cpp:73:5
 #3 0x00007f75e251b49c CrashRecoverySignalHandler
/usr/src/debug/llvm-core/llvm-21.1.8/llvm/lib/Support/CrashRecoveryContext.cpp:390:62
 #4 0x00007f75e0e45dc0 (/usr/lib64/libc.so.6+0x45dc0)
 #5 0x00007f75ec182e7e clang::Token::isNot(clang::tok::TokenKind) const
/usr/src/debug/llvm-core/clang-21.1.8/clang/include/clang/Lex/Token.h:103:47
 #6 0x00007f75ec182e7e clang::MacroArgs::getArgLength(clang::Token const*)
/usr/src/debug/llvm-core/clang-21.1.8/clang/lib/Lex/MacroArgs.cpp:109:23
 #7 0x00007f75ec21dde8 clang::TokenLexer::ExpandFunctionArguments()
/usr/src/debug/llvm-core/clang-21.1.8/clang/lib/Lex/TokenLexer.cpp:511:47
 #8 0x00007f75ec21e958 clang::TokenLexer::Init(clang::Token&,
clang::SourceLocation, clang::MacroInfo*, clang::MacroArgs*)
/usr/src/debug/llvm-core/clang-21.1.8/clang/lib/Lex/TokenLexer.cpp:90:3
 #9 0x00007f75ec1e21b4 clang::Preprocessor::EnterMacro(clang::Token&,
clang::SourceLocation, clang::MacroInfo*, clang::MacroArgs*)
/usr/src/debug/llvm-core/clang-21.1.8/clang/lib/Lex/PPLexerChange.cpp:151:19
#10 0x00007f75ec1f7a12
clang::Preprocessor::HandleMacroExpandedIdentifier(clang::Token&,
clang::MacroDefinition const&)
/usr/src/debug/llvm-core/clang-21.1.8/clang/lib/Lex/PPMacroExpansion.cpp:580:1
[...]
```

```
$ CLANG=~/data/build/llvm-project-test/bin/clang valgrind -q
--exit-on-first-error=yes --error-exitcode=1 --trace-children=yes
/tmp/Unified_c_media_libopus5-a15333.sh
==71476== Invalid read of size 2
==71476==    at 0xE157492: isNot (Token.h:103)
==71476==    by 0xE157492: clang::MacroArgs::getArgLength(clang::Token const*)
(MacroArgs.cpp:110)
==71476==    by 0xE207256: clang::TokenLexer::ExpandFunctionArguments()
(TokenLexer.cpp:463)
==71476==    by 0xE207D27: clang::TokenLexer::Init(clang::Token&,
clang::SourceLocation, clang::MacroInfo*, clang::MacroArgs*)
(TokenLexer.cpp:85)
==71476==    by 0xE1C2CD3: clang::Preprocessor::EnterMacro(clang::Token&,
clang::SourceLocation, clang::MacroInfo*, clang::MacroArgs*)
(PPLexerChange.cpp:151)
==71476==    by 0xE1DC861:
clang::Preprocessor::HandleMacroExpandedIdentifier(clang::Token&,
clang::MacroDefinition const&) (PPMacroExpansion.cpp:578)
==71476==    by 0xE1FB853: clang::Preprocessor::HandleIdentifier(clang::Token&)
(Preprocessor.cpp:834)
==71476==    by 0xE1FE60B: clang::Preprocessor::Lex(clang::Token&)
(Preprocessor.cpp:896)
==71476==    by 0xE15859F: clang::MacroArgs::getPreExpArgument(unsigned int,
clang::Preprocessor&) (MacroArgs.cpp:188)
==71476==    by 0xE207234: clang::TokenLexer::ExpandFunctionArguments()
(TokenLexer.cpp:456)
==71476==    by 0xE207D27: clang::TokenLexer::Init(clang::Token&,
clang::SourceLocation, clang::MacroInfo*, clang::MacroArgs*)
(TokenLexer.cpp:85)
==71476==    by 0xE1C2CD3: clang::Preprocessor::EnterMacro(clang::Token&,
clang::SourceLocation, clang::MacroInfo*, clang::MacroArgs*)
(PPLexerChange.cpp:151)
==71476==    by 0xE1DC861:
clang::Preprocessor::HandleMacroExpandedIdentifier(clang::Token&,
clang::MacroDefinition const&) (PPMacroExpansion.cpp:578)
==71476==  Address 0x11e22ec0 is 16 bytes after a block of size 240 alloc'd
==71476==    at 0x48849D8: malloc (vg_replace_malloc.c:447)
==71476==    by 0xE15729B: safe_malloc (MemAlloc.h:26)
==71476==    by 0xE15729B: clang::MacroArgs::create(clang::MacroInfo const*,
llvm::ArrayRef<clang::Token>, bool, clang::Preprocessor&) (MacroArgs.cpp:51)
==71476==    by 0xE1DA425:
clang::Preprocessor::ReadMacroCallArgumentList(clang::Token&,
clang::MacroInfo*, clang::SourceLocation&) (PPMacroExpansion.cpp:997)
==71476==    by 0xE1DC948:
clang::Preprocessor::HandleMacroExpandedIdentifier(clang::Token&,
clang::MacroDefinition const&) (PPMacroExpansion.cpp:460)
==71476==    by 0xE1FB853: clang::Preprocessor::HandleIdentifier(clang::Token&)
(Preprocessor.cpp:834)
==71476==    by 0xE1FE60B: clang::Preprocessor::Lex(clang::Token&)
(Preprocessor.cpp:896)
==71476==    by 0xE9DEDB3: clang::Parser::ConsumeParen() (Parser.h:642)
==71476==    by 0xEB34BB9:
clang::Parser::ExpectAndConsume(clang::tok::TokenKind, unsigned int,
llvm::StringRef) (Parser.cpp:129)
==71476==    by 0xEA05EE8:
clang::Parser::ParseGNUAttributes(clang::ParsedAttributes&,
clang::Parser::LateParsedAttrList*, clang::Declarator*) (ParseDecl.cpp:253)
==71476==    by 0xEA06E11:
clang::Parser::MaybeParseGNUAttributes(clang::Declarator&,
clang::Parser::LateParsedAttrList*) (Parser.h:2175)
==71476==    by 0xEA1B84E:
clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&,
clang::DeclaratorContext, clang::ParsedAttributes&,
clang::Parser::ParsedTemplateInfo&, clang::SourceLocation*,
clang::Parser::ForRangeInit*) (ParseDecl.cpp:2168)
==71476==    by 0xEB323B0:
clang::Parser::ParseDeclOrFunctionDefInternal(clang::ParsedAttributes&,
clang::ParsedAttributes&, clang::ParsingDeclSpec&, clang::AccessSpecifier)
(Parser.cpp:1187)
==71476==
==71476==
==71476== Exit program on first error (--exit-on-first-error=yes)
```


Looking at clang::MacroArgs::getArgLength
(https://github.com/llvm/llvm-project/blob/9c7904bac281caf68be377daa4366c1f166c39f2/clang/lib/Lex/MacroArgs.cpp#L109),
it's an uncountable loop, and indeed -fno-tree-vectorize works OK.

__attribute__((noipa)) on clang::MacroArgs::getArgLength still has it crash
(yay), and __attribute__((optimize("O0"))) makes it work.


```
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-pc-linux-gnu/16/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-pc-linux-gnu
Configured with:
/var/tmp/portage/sys-devel/gcc-16.0.9999/work/gcc-16.0.9999/configure
--host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --prefix=/usr
--bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/16
--includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/16/include
--datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/16
--mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/16/man
--infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/16/info
--with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/16/include/g++-v16
--disable-silent-rules --disable-dependency-tracking
--with-python-dir=/share/gcc-data/x86_64-pc-linux-gnu/16/python
--enable-libphobos --enable-objc-gc
--enable-languages=c,c++,d,objc,obj-c++,fortran,ada,rust --enable-obsolete
--enable-secureplt --disable-werror --with-system-zlib --enable-nls
--without-included-gettext --disable-libunwind-exceptions
--enable-checking=yes,extra,rtl,df --with-bugurl=https://bugs.gentoo.org/
--with-pkgversion='Gentoo 16.0.9999 p, commit
c02f07c848e266c320ee1a46d5041d11a5cef8b6' --with-gcc-major-version-only
--enable-libstdcxx-time --enable-lto --disable-libstdcxx-pch --enable-shared
--enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu
--with-tls=gnu2 --enable-multilib --with-multilib-list=m32,m64
--disable-fixed-point --enable-targets=all --enable-offload-defaulted
--enable-offload-targets=nvptx-none --enable-libgomp --disable-libssp
--enable-libada --enable-cet --disable-systemtap --enable-valgrind-annotations
--enable-valgrind-interop --disable-vtable-verify --disable-libvtv --with-zstd
--without-isl --enable-default-pie --enable-host-pie --enable-host-bind-now
--enable-default-ssp --disable-fixincludes
--with-gxx-libcxx-include-dir=/usr/include/c++/v1 --enable-linker-build-id
--enable-linker-build-id --enable-linker-build-id --enable-linker-build-id
--with-build-config='bootstrap-O3 bootstrap-lto bootstrap-cet'
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 16.0.1 20260114 (experimental)
c6115e9cf9486789c0f2d08dbefc87b920457822 (Gentoo 16.0.9999 p, commit
c02f07c848e266c320ee1a46d5041d11a5cef8b6)
```

[Bug tree-optimization/123588] New: [16 regression] Clang miscompiled

Reply via email to