Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[flang] stack-overflow in Fortran::evaluate::GetShapeHelper::CreateShape #122002

Open
yype opened this issue Jan 7, 2025 · 2 comments · May be fixed by #122364
Open

[flang] stack-overflow in Fortran::evaluate::GetShapeHelper::CreateShape #122002

yype opened this issue Jan 7, 2025 · 2 comments · May be fixed by #122364
Assignees
@klausler
Labels
crash Prefer [crash-on-valid] or [crash-on-invalid] flang:frontend generated by fuzzer

Comments

@yype
Copy link

yype commented Jan 7, 2025

Hi there, flang crashes from a stack-overflow on the following test case:

complex, parameter :: n(n)
end

Tested version(s): 19.1.0, trunk (ASAN build)

This test case can crash flang without the presence of ASAN: https://godbolt.org/z/GMz8xbf39

Partial ASAN dump:

Click me 
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.	Program arguments: <path>/bin/flang -fc1 -triple x86_64-unknown-linux-gnu -emit-obj -mrelocation-model pic -pic-level 2 -pic-is-pie -target-cpu x86-64 -resource-dir <path>/lib/clang/20 -mframe-pointer=all -o /tmp/asan_crash2-188458.o -x f95-cpp-input /tmp/asan_crash2.f90
  #0 0x000055ef32c6c84b backtrace (<path>/bin/flang+0x2e6884b)
  #1 0x000055ef33e1c91d llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) /repo/llvm-project-250107-trunk/llvm/lib/Support/Unix/Signals.inc:727:8
  #2 0x000055ef33e14e37 llvm::sys::RunSignalHandlers() /repo/llvm-project-250107-trunk/llvm/lib/Support/Signals.cpp:0:5
  #3 0x000055ef33e1e5e4 SignalHandler(int) /repo/llvm-project-250107-trunk/llvm/lib/Support/Unix/Signals.inc:0:3
  #4 0x00007f3113df5520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
  #5 0x000055ef32cb315b __asan_memset (<path>/bin/flang+0x2eaf15b)
  #6 0x000055ef3a56265f Fortran::evaluate::GetShapeHelper::CreateShape(int, Fortran::evaluate::NamedEntity&) const /repo/llvm-project-250107-trunk/flang/lib/Evaluate/shape.cpp:81:36
  ... manually truncated
#873 0x000055ef38d950c1 std::optional<std::vector<std::optional<Fortran::evaluate::Expr<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>>, std::allocator<std::optional<Fortran::evaluate::Expr<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>>>>> Fortran::evaluate::GetShape<Fortran::evaluate::Expr<Fortran::evaluate::SomeKind<(Fortran::common::TypeCategory)0>>>(Fortran::evaluate::FoldingContext&, Fortran::evaluate::Expr<Fortran::evaluate::SomeKind<(Fortran::common::TypeCategory)0>> const&, bool) /repo/llvm-project-250107-trunk/flang/include/flang/Evaluate/shape.h:250:12
#874 0x000055ef39596d47 std::optional<Fortran::evaluate::Expr<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>> Fortran::evaluate::ApplyElementwise<Fortran::evaluate::Convert<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>, (Fortran::common::TypeCategory)0>, Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>, Fortran::evaluate::SomeKind<(Fortran::common::TypeCategory)0>>(Fortran::evaluate::FoldingContext&, Fortran::evaluate::Operation<Fortran::evaluate::Convert<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>, (Fortran::common::TypeCategory)0>, Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>, Fortran::evaluate::SomeKind<(Fortran::common::TypeCategory)0>>&, std::function<Fortran::evaluate::Expr<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>> (Fortran::evaluate::Expr<Fortran::evaluate::SomeKind<(Fortran::common::TypeCategory)0>>&&)>&&) /repo/llvm-project-250107-trunk/flang/lib/Evaluate/fold-implementation.h:0:36
#875 0x000055ef3959660e ~_Function_base /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:243:11
#876 0x000055ef3959660e ApplyElementwise<Fortran::evaluate::Convert<Fortran::evaluate::Type<Fortran::common::TypeCategory::Integer, 8>, Fortran::common::TypeCategory::Integer>, Fortran::evaluate::Type<Fortran::common::TypeCategory::Integer, 8>, Fortran::evaluate::SomeKind<Fortran::common::TypeCategory::Integer> > /repo/llvm-project-250107-trunk/flang/lib/Evaluate/fold-implementation.h:1632:3
#877 0x000055ef3959660e Fortran::evaluate::Expr<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>> Fortran::evaluate::FoldOperation<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>, (Fortran::common::TypeCategory)0>(Fortran::evaluate::FoldingContext&, Fortran::evaluate::Convert<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>, (Fortran::common::TypeCategory)0>&&) /repo/llvm-project-250107-trunk/flang/lib/Evaluate/fold-implementation.h:1721:18
#878 0x000055ef3957b73c operator()<Fortran::evaluate::Convert<Fortran::evaluate::Type<Fortran::common::TypeCategory::Integer, 8>, Fortran::common::TypeCategory::Integer> > /repo/llvm-project-250107-trunk/flang/lib/Evaluate/fold-implementation.h:0:18
#879 0x000055ef3957b73c Fortran::evaluate::Expr<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>> Fortran::common::log2visit::Log2VisitHelper<5ul, 8ul, Fortran::evaluate::Expr<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::ExpressionBase<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>::Rewrite(Fortran::evaluate::FoldingContext&, Fortran::evaluate::Expr<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>&&)::'lambda'(auto&&), std::variant<Fortran::evaluate::Parentheses<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Negate<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Add<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Subtract<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Multiply<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Divide<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Power<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Extremum<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Convert<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>, (Fortran::common::TypeCategory)0>, Fortran::evaluate::Convert<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>, (Fortran::common::TypeCategory)2>, Fortran::evaluate::Convert<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>, (Fortran::common::TypeCategory)1>, Fortran::evaluate::ImpliedDoIndex, Fortran::evaluate::TypeParamInquiry, Fortran::evaluate::DescriptorInquiry, Fortran::evaluate::Constant<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::ArrayConstructor<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Designator<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::FunctionRef<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>>>(Fortran::evaluate::ExpressionBase<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>::Rewrite(Fortran::evaluate::FoldingContext&, Fortran::evaluate::Expr<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>&&)::'lambda'(auto&&)&&, unsigned long, std::variant<Fortran::evaluate::Parentheses<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Negate<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Add<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Subtract<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Multiply<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Divide<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Power<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Extremum<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Convert<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>, (Fortran::common::TypeCategory)0>, Fortran::evaluate::Convert<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>, (Fortran::common::TypeCategory)2>, Fortran::evaluate::Convert<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>, (Fortran::common::TypeCategory)1>, Fortran::evaluate::ImpliedDoIndex, Fortran::evaluate::TypeParamInquiry, Fortran::evaluate::DescriptorInquiry, Fortran::evaluate::Constant<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::ArrayConstructor<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::Designator<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>, Fortran::evaluate::FunctionRef<Fortran::evaluate::Type<(Fortran::common::TypeCategory)0, 8>>>&&) /repo/llvm-project-250107-trunk/flang/include/flang/Common/visit.h:46:7
AddressSanitizer:DEADLYSIGNAL
=================================================================
==592121==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe133f3b18 (pc 0x55ef32cb315b bp 0x7ffe133f4350 sp 0x7ffe133f3b20 T0)
    #0 0x55ef32cb315b  (<path>/bin/flang-20+0x2eaf15b) (BuildId: b0badf8d95053aba610642d45dedc2818ec6eece)
    ... manually truncated

SUMMARY: AddressSanitizer: stack-overflow (<path>/bin/flang-20+0x2eaf15b) (BuildId: b0badf8d95053aba610642d45dedc2818ec6eece) 
==592121==ABORTING
flang-20: error: unable to execute command: Aborted
flang-20: error: flang frontend command failed due to signal (use -v to see invocation)
flang version 20.0.0git (https://github.com/llvm/llvm-project.git ac604b2fa6ff0344a555954069721c0db7b874f9)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: <path>/bin
Build config: +assertions, +asan
flang-20: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
flang-20: note: diagnostic msg: /tmp/asan_crash2-82ca71
flang-20: note: diagnostic msg: /tmp/asan_crash2-82ca71.sh
flang-20: note: diagnostic msg: 

********************

The test case was generated by a fuzzer.
@llvmbot llvmbot added the flang Flang issues not falling into any other category label Jan 7, 2025
@yype
Copy link
Author

yype commented Jan 7, 2025

Here is another test case that crashes flang a bit earlier at Fortran::evaluate::GetShapeHelper::operator(), which might be related.

SUBROUTINE sub00(a,b,n,m)
  complex(2) n,m
  complex(3) a(n,m), b(size((LOG ((x * (a) - a + b / a - a))+1 - x)))
  a = a ** n
  DO 10 j = 1,m
    a = n ** a
    10   PRINT *, g
END SUBROUTINE sub00

https://godbolt.org/z/nKT1KK6sf

@EugeneZelenko EugeneZelenko added flang:frontend crash Prefer [crash-on-valid] or [crash-on-invalid] generated by fuzzer and removed flang Flang issues not falling into any other category labels Jan 7, 2025
@llvmbot
Copy link
Member

llvmbot commented Jan 7, 2025

@llvm/issue-subscribers-flang-frontend

Author: yype (yype)

Hi there, flang crashes from a stack-overflow on the following test case: 
complex, parameter :: n(n)
end

Tested version(s): 19.1.0, trunk (ASAN build)

This test case can crash flang without the presence of ASAN: https://godbolt.org/z/GMz8xbf39

Partial ASAN dump:

<details>
<summary>Click me</summary>

PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.	Program arguments: &lt;path&gt;/bin/flang -fc1 -triple x86_64-unknown-linux-gnu -emit-obj -mrelocation-model pic -pic-level 2 -pic-is-pie -target-cpu x86-64 -resource-dir &lt;path&gt;/lib/clang/20 -mframe-pointer=all -o /tmp/asan_crash2-188458.o -x f95-cpp-input /tmp/asan_crash2.f90
  #<!-- -->0 0x000055ef32c6c84b backtrace (&lt;path&gt;/bin/flang+0x2e6884b)
  #<!-- -->1 0x000055ef33e1c91d llvm::sys::PrintStackTrace(llvm::raw_ostream&amp;, int) /repo/llvm-project-250107-trunk/llvm/lib/Support/Unix/Signals.inc:727:8
  #<!-- -->2 0x000055ef33e14e37 llvm::sys::RunSignalHandlers() /repo/llvm-project-250107-trunk/llvm/lib/Support/Signals.cpp:0:5
  #<!-- -->3 0x000055ef33e1e5e4 SignalHandler(int) /repo/llvm-project-250107-trunk/llvm/lib/Support/Unix/Signals.inc:0:3
  #<!-- -->4 0x00007f3113df5520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
  #<!-- -->5 0x000055ef32cb315b __asan_memset (&lt;path&gt;/bin/flang+0x2eaf15b)
  #<!-- -->6 0x000055ef3a56265f Fortran::evaluate::GetShapeHelper::CreateShape(int, Fortran::evaluate::NamedEntity&amp;) const /repo/llvm-project-250107-trunk/flang/lib/Evaluate/shape.cpp:81:36
  ... manually truncated
#<!-- -->873 0x000055ef38d950c1 std::optional&lt;std::vector&lt;std::optional&lt;Fortran::evaluate::Expr&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;&gt;, std::allocator&lt;std::optional&lt;Fortran::evaluate::Expr&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;&gt;&gt;&gt;&gt; Fortran::evaluate::GetShape&lt;Fortran::evaluate::Expr&lt;Fortran::evaluate::SomeKind&lt;(Fortran::common::TypeCategory)0&gt;&gt;&gt;(Fortran::evaluate::FoldingContext&amp;, Fortran::evaluate::Expr&lt;Fortran::evaluate::SomeKind&lt;(Fortran::common::TypeCategory)0&gt;&gt; const&amp;, bool) /repo/llvm-project-250107-trunk/flang/include/flang/Evaluate/shape.h:250:12
#<!-- -->874 0x000055ef39596d47 std::optional&lt;Fortran::evaluate::Expr&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;&gt; Fortran::evaluate::ApplyElementwise&lt;Fortran::evaluate::Convert&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;, (Fortran::common::TypeCategory)0&gt;, Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;, Fortran::evaluate::SomeKind&lt;(Fortran::common::TypeCategory)0&gt;&gt;(Fortran::evaluate::FoldingContext&amp;, Fortran::evaluate::Operation&lt;Fortran::evaluate::Convert&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;, (Fortran::common::TypeCategory)0&gt;, Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;, Fortran::evaluate::SomeKind&lt;(Fortran::common::TypeCategory)0&gt;&gt;&amp;, std::function&lt;Fortran::evaluate::Expr&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt; (Fortran::evaluate::Expr&lt;Fortran::evaluate::SomeKind&lt;(Fortran::common::TypeCategory)0&gt;&gt;&amp;&amp;)&gt;&amp;&amp;) /repo/llvm-project-250107-trunk/flang/lib/Evaluate/fold-implementation.h:0:36
#<!-- -->875 0x000055ef3959660e ~_Function_base /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:243:11
#<!-- -->876 0x000055ef3959660e ApplyElementwise&lt;Fortran::evaluate::Convert&lt;Fortran::evaluate::Type&lt;Fortran::common::TypeCategory::Integer, 8&gt;, Fortran::common::TypeCategory::Integer&gt;, Fortran::evaluate::Type&lt;Fortran::common::TypeCategory::Integer, 8&gt;, Fortran::evaluate::SomeKind&lt;Fortran::common::TypeCategory::Integer&gt; &gt; /repo/llvm-project-250107-trunk/flang/lib/Evaluate/fold-implementation.h:1632:3
#<!-- -->877 0x000055ef3959660e Fortran::evaluate::Expr&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt; Fortran::evaluate::FoldOperation&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;, (Fortran::common::TypeCategory)0&gt;(Fortran::evaluate::FoldingContext&amp;, Fortran::evaluate::Convert&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;, (Fortran::common::TypeCategory)0&gt;&amp;&amp;) /repo/llvm-project-250107-trunk/flang/lib/Evaluate/fold-implementation.h:1721:18
#<!-- -->878 0x000055ef3957b73c operator()&lt;Fortran::evaluate::Convert&lt;Fortran::evaluate::Type&lt;Fortran::common::TypeCategory::Integer, 8&gt;, Fortran::common::TypeCategory::Integer&gt; &gt; /repo/llvm-project-250107-trunk/flang/lib/Evaluate/fold-implementation.h:0:18
#<!-- -->879 0x000055ef3957b73c Fortran::evaluate::Expr&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt; Fortran::common::log2visit::Log2VisitHelper&lt;5ul, 8ul, Fortran::evaluate::Expr&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::ExpressionBase&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;::Rewrite(Fortran::evaluate::FoldingContext&amp;, Fortran::evaluate::Expr&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;&amp;&amp;)::'lambda'(auto&amp;&amp;), std::variant&lt;Fortran::evaluate::Parentheses&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Negate&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Add&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Subtract&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Multiply&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Divide&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Power&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Extremum&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Convert&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;, (Fortran::common::TypeCategory)0&gt;, Fortran::evaluate::Convert&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;, (Fortran::common::TypeCategory)2&gt;, Fortran::evaluate::Convert&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;, (Fortran::common::TypeCategory)1&gt;, Fortran::evaluate::ImpliedDoIndex, Fortran::evaluate::TypeParamInquiry, Fortran::evaluate::DescriptorInquiry, Fortran::evaluate::Constant&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::ArrayConstructor&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Designator&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::FunctionRef&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;&gt;&gt;(Fortran::evaluate::ExpressionBase&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;::Rewrite(Fortran::evaluate::FoldingContext&amp;, Fortran::evaluate::Expr&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;&amp;&amp;)::'lambda'(auto&amp;&amp;)&amp;&amp;, unsigned long, std::variant&lt;Fortran::evaluate::Parentheses&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Negate&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Add&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Subtract&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Multiply&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Divide&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Power&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Extremum&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Convert&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;, (Fortran::common::TypeCategory)0&gt;, Fortran::evaluate::Convert&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;, (Fortran::common::TypeCategory)2&gt;, Fortran::evaluate::Convert&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;, (Fortran::common::TypeCategory)1&gt;, Fortran::evaluate::ImpliedDoIndex, Fortran::evaluate::TypeParamInquiry, Fortran::evaluate::DescriptorInquiry, Fortran::evaluate::Constant&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::ArrayConstructor&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::Designator&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;, Fortran::evaluate::FunctionRef&lt;Fortran::evaluate::Type&lt;(Fortran::common::TypeCategory)0, 8&gt;&gt;&gt;&amp;&amp;) /repo/llvm-project-250107-trunk/flang/include/flang/Common/visit.h:46:7
AddressSanitizer:DEADLYSIGNAL
=================================================================
==592121==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe133f3b18 (pc 0x55ef32cb315b bp 0x7ffe133f4350 sp 0x7ffe133f3b20 T0)
    #<!-- -->0 0x55ef32cb315b  (&lt;path&gt;/bin/flang-20+0x2eaf15b) (BuildId: b0badf8d95053aba610642d45dedc2818ec6eece)
    ... manually truncated

SUMMARY: AddressSanitizer: stack-overflow (&lt;path&gt;/bin/flang-20+0x2eaf15b) (BuildId: b0badf8d95053aba610642d45dedc2818ec6eece) 
==592121==ABORTING
flang-20: error: unable to execute command: Aborted
flang-20: error: flang frontend command failed due to signal (use -v to see invocation)
flang version 20.0.0git (https://github.com/llvm/llvm-project.git ac604b2fa6ff0344a555954069721c0db7b874f9)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: &lt;path&gt;/bin
Build config: +assertions, +asan
flang-20: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
flang-20: note: diagnostic msg: /tmp/asan_crash2-82ca71
flang-20: note: diagnostic msg: /tmp/asan_crash2-82ca71.sh
flang-20: note: diagnostic msg: 

********************

</details>

The test case was generated by a fuzzer.

klausler added a commit to klausler/llvm-project that referenced this issue Jan 9, 2025
@klausler
[flang] Fix crash from fuzzy test.
35a67cb 
Fixes llvm#122002.
@klausler klausler linked a pull request Jan 9, 2025 that will close this issue
Open
@klausler klausler self-assigned this Jan 9, 2025
klausler added a commit to klausler/llvm-project that referenced this issue Jan 9, 2025
@klausler
[flang] Fix crashes from fuzzy test.
92a08ed 
Fixes llvm#122002.
The compiler now survives both of the test cases in that bug report.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@klausler klausler

Labels
crash Prefer [crash-on-valid] or [crash-on-invalid] flang:frontend generated by fuzzer
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[flang] Fix crash from fuzzy test. klausler/llvm-project
4 participants
@EugeneZelenko @yype @klausler @llvmbot