[llvm-bugs] [Bug 173764] clang assertion failure in CallInst::init: "Calling a function with a bad signature!" when optimizing strncat with __seg_gs address space

Sun, 28 Dec 2025 01:35:19 -0800

Issue 173764
Summary clang assertion failure in CallInst::init: "Calling a function with a bad signature!" when optimizing strncat with __seg_gs address space
Labels crash-on-invalid, llvm:instcombine
Assignees
Reporter AbyssStaror 
    ### Link for quick verification: https://godbolt.org/z/hx9Gafj66
```c
#include <string.h>
__seg_gs char a[10];  // __seg_gs address space variable (global)

void use_gs_memory() {
    strncat(a, "test", sizeof(a)); 
}
```
Go back to `clang 16.0.0 (assertions)`. The issue can only be reproducible with the optimization flag. Maybe relate to https://github.com/llvm/llvm-project/issues/140069.
Clang crashes during the `instcombine` pass when a standard library function `strncat` is called with an argument located in a non-default address space (like` __seg_gs`).The optimizer attempts to simplify the library call but fails to handle the address space difference, leading to an invalid IR signature.

## Stack dump
```console
clang++: /root/llvm-project/llvm/lib/IR/Instructions.cpp:757: void llvm::CallInst::init(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::ArrayRef<llvm::OperandBundleDefT<llvm::Value*> >, const llvm::Twine&): Assertion `(i >= FTy->getNumParams() || FTy->getParamType(i) == Args[i]->getType()) && "Calling a function with a bad signature!"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: /opt/compiler-explorer/clang-assertions-trunk/bin/clang++ -g -o /app/output.s -mllvm --x86-asm-syntax=intel -fno-verbose-asm -S --gcc-toolchain=/opt/compiler-explorer/gcc-snapshot -fcolor-diagnostics -fno-crash-diagnostics -x c -O3 <source>
1.	<eof> parser at end of file
2.	Optimizer
3.	Running pass "function<eager-inv>(mem2reg,instcombine<max-iterations=1;no-verify-fixpoint>,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-arithmetic;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>)" on module "<source>"
4.	Running pass "instcombine<max-iterations=1;no-verify-fixpoint>" on function "use_gs_memory"
 #0 0x00000000042ef648 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x42ef648)
 #1 0x00000000042eca74 llvm::sys::CleanupOnSignal(unsigned long) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x42eca74)
 #2 0x0000000004231818 CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
 #3 0x0000729bbb042520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #4 0x0000729bbb0969fc pthread_kill (/lib/x86_64-linux-gnu/libc.so.6+0x969fc)
 #5 0x0000729bbb042476 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x42476)
 #6 0x0000729bbb0287f3 abort (/lib/x86_64-linux-gnu/libc.so.6+0x287f3)
 #7 0x0000729bbb02871b (/lib/x86_64-linux-gnu/libc.so.6+0x2871b)
 #8 0x0000729bbb039e96 (/lib/x86_64-linux-gnu/libc.so.6+0x39e96)
 #9 0x0000000003b9b0df llvm::CallInst::init(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::ArrayRef<llvm::OperandBundleDefT<llvm::Value*>>, llvm::Twine const&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3b9b0df)
#10 0x0000000004352308 llvm::IRBuilderBase::CreateCall(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::Twine const&, llvm::MDNode*) (.constprop.0) BuildLibCalls.cpp:0:0
#11 0x0000000004354ea0 emitLibCall(llvm::LibFunc, llvm::Type*, llvm::ArrayRef<llvm::Type*>, llvm::ArrayRef<llvm::Value*>, llvm::IRBuilderBase&, llvm::TargetLibraryInfo const*, bool) BuildLibCalls.cpp:0:0
#12 0x00000000043554fb llvm::emitStrLen(llvm::Value*, llvm::IRBuilderBase&, llvm::DataLayout const&, llvm::TargetLibraryInfo const*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x43554fb)
#13 0x00000000044ef651 llvm::LibCallSimplifier::emitStrLenMemCpy(llvm::Value*, llvm::Value*, unsigned long, llvm::IRBuilderBase&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x44ef651)
#14 0x00000000044efaff llvm::LibCallSimplifier::optimizeStrNCat(llvm::CallInst*, llvm::IRBuilderBase&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x44efaff)
#15 0x00000000044f5531 llvm::LibCallSimplifier::optimizeStringMemoryLibCall(llvm::CallInst*, llvm::IRBuilderBase&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x44f5531)
#16 0x00000000044f59ef llvm::LibCallSimplifier::optimizeCall(llvm::CallInst*, llvm::IRBuilderBase&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x44f59ef)
#17 0x0000000003e60d2c llvm::InstCombinerImpl::tryOptimizeCall(llvm::CallInst*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3e60d2c)
#18 0x0000000003e697c9 llvm::InstCombinerImpl::visitCallBase(llvm::CallBase&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3e697c9)
#19 0x0000000003e6b0c7 llvm::InstCombinerImpl::visitCallInst(llvm::CallInst&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3e6b0c7)
#20 0x0000000003e0d2e3 llvm::InstCombinerImpl::run() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3e0d2e3)
#21 0x0000000003e0f1c6 combineInstructionsOverFunction(llvm::Function&, llvm::InstructionWorklist&, llvm::AAResults*, llvm::AssumptionCache&, llvm::TargetLibraryInfo&, llvm::TargetTransformInfo&, llvm::DominatorTree&, llvm::OptimizationRemarkEmitter&, llvm::BlockFrequencyInfo*, llvm::BranchProbabilityInfo*, llvm::ProfileSummaryInfo*, llvm::InstCombineOptions const&) (.isra.0) InstructionCombining.cpp:0:0
#22 0x0000000003e10734 llvm::InstCombinePass::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3e10734)
#23 0x00000000045a1c6e llvm::detail::PassModel<llvm::Function, llvm::InstCombinePass, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x45a1c6e)
#24 0x0000000003c36df1 llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3c36df1)
#25 0x000000000128cafe llvm::detail::PassModel<llvm::Function, llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function>>, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x128cafe)
#26 0x0000000003c353aa llvm::ModuleToFunctionPassAdaptor::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3c353aa)
#27 0x000000000128cdae llvm::detail::PassModel<llvm::Module, llvm::ModuleToFunctionPassAdaptor, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x128cdae)
#28 0x0000000003c34d61 llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3c34d61)
#29 0x00000000045add2d (anonymous namespace)::EmitAssemblyHelper::RunOptimizationPipeline(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>&, std::unique_ptr<llvm::ToolOutputFile, std::default_delete<llvm::ToolOutputFile>>&, clang::BackendConsumer*) BackendUtil.cpp:0:0
#30 0x00000000045b194f clang::emitBackendOutput(clang::CompilerInstance&, clang::CodeGenOptions&, llvm::StringRef, llvm::Module*, clang::BackendAction, llvm::IntrusiveRefCntPtr<llvm::vfs::FileSystem>, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>, clang::BackendConsumer*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x45b194f)
#31 0x0000000004c50517 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x4c50517)
#32 0x0000000006a0c53c clang::ParseAST(clang::Sema&, bool, bool) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x6a0c53c)
#33 0x0000000004c50978 clang::CodeGenAction::ExecuteAction() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x4c50978)
#34 0x0000000004f46ff5 clang::FrontendAction::Execute() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x4f46ff5)
#35 0x0000000004ec728e clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x4ec728e)
#36 0x000000000504137d clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x504137d)
#37 0x0000000000de5c4c cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0xde5c4c)
#38 0x0000000000ddc69a ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&, llvm::IntrusiveRefCntPtr<llvm::vfs::FileSystem>) driver.cpp:0:0
#39 0x0000000000ddc81d int llvm::function_ref<int (llvm::SmallVectorImpl<char const*>&)>::callback_fn<clang_main(int, char**, llvm::ToolContext const&)::'lambda'(llvm::SmallVectorImpl<char const*>&)>(long, llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0
#40 0x0000000004cc3049 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::'lambda'()>(long) Job.cpp:0:0
#41 0x0000000004231cb4 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x4231cb4)
#42 0x0000000004cc365f clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (.part.0) Job.cpp:0:0
#43 0x0000000004c84142 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x4c84142)
#44 0x0000000004c850ee clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x4c850ee)
#45 0x0000000004c8c545 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x4c8c545)
#46 0x0000000000de2041 clang_main(int, char**, llvm::ToolContext const&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0xde2041)
#47 0x0000000000c8d094 main (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0xc8d094)
#48 0x0000729bbb029d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
#49 0x0000729bbb029e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
#50 0x0000000000ddc135 _start (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0xddc135)
clang++: error: clang frontend command failed with exit code 134 (use -v to see invocation)
Compiler returned: 134
```

_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

Reply via email to