Bug#588708: Segfault on LLVM IR file

[Erik de Castro Lopo]

Package: llvm-2.7
Version: 2.7-3
Severity: normal

I have a LLVM IR file (attached) that causes a segfault in the llc-2.7
command line program.

    prompt > llc-2.7 testasm.ll -o testasm.s
    0  libLLVM-2.7.so.1 0x00007f1ab1da247f
    1  libLLVM-2.7.so.1 0x00007f1ab1da2acd
    2  libpthread.so.0  0x00007f1ab118df60
    3  libLLVM-2.7.so.1 0x00007f1ab1d27c4a llvm::SelectionDAGISel::HandlePHINodesInSuccessorBlocks(llvm::BasicBlock*) + 826
    4  libLLVM-2.7.so.1 0x00007f1ab1d343b1 llvm::SelectionDAGISel::SelectBasicBlock(llvm::BasicBlock*, llvm::ilist_iterator<llvm::Instruction>, llvm::ilist_iterator<llvm::Instruction>, bool&) + 449
    5  libLLVM-2.7.so.1 0x00007f1ab1d38667 llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function&, llvm::MachineFunction&, llvm::MachineModuleInfo*, llvm::DwarfWriter*, llvm::TargetInstrInfo const&) + 1639
    6  libLLVM-2.7.so.1 0x00007f1ab1d39617 llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&) + 1367
    7  libLLVM-2.7.so.1 0x00007f1ab1a1e0d2 llvm::FPPassManager::runOnFunction(llvm::Function&) + 498
    8  libLLVM-2.7.so.1 0x00007f1ab1a1e24b llvm::FunctionPassManagerImpl::run(llvm::Function&) + 91
    9  libLLVM-2.7.so.1 0x00007f1ab1a1e3fe llvm::FunctionPassManager::run(llvm::Function&) + 110
    10 llc-2.7          0x000000000040864c main + 5212
    11 libc.so.6        0x00007f1ab0284c4d __libc_start_main + 253
    12 llc-2.7          0x0000000000406599
    Stack dump:
    0.      Program arguments: llc-2.7 testasm.ll -o testasm.s 
    1.      Running pass 'X86 DAG->DAG Instruction Selection' on function '@enterLeave'
    Segmentation fault


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash

Versions of packages llvm-2.7 depends on:
ii  libc6                         2.11.2-2   Embedded GNU C Library: Shared lib
ii  libffi5                       3.0.9-2    Foreign Function Interface library
ii  libgcc1                       1:4.4.4-6  GCC support library
ii  libllvm2.7                    2.7-3      Low-Level Virtual Machine (LLVM), 
ii  libstdc++6                    4.4.4-6    The GNU Standard C++ Library v3
ii  llvm-2.7-runtime              2.7-3      Low-Level Virtual Machine (LLVM), 

Versions of packages llvm-2.7 recommends:
ii  llvm-2.7-dev                  2.7-3      Low-Level Virtual Machine (LLVM), 

Versions of packages llvm-2.7 suggests:
ii  llvm-2.7-doc                  2.7-3      Low-Level Virtual Machine (LLVM), 

-- no debconf information
-------------- next part --------------
; Some random module!
%struct.Obj = type <{i32}>
@_ddcSlotPtr = external global %struct.Obj**, align 8
@_ddcSlotMax = external global %struct.Obj**, align 8
@_ddcSlotBase = external global %struct.Obj**, align 8
declare external ccc void @_panicOutOfSlots() align 8
declare external ccc void @_panicSlotUnderflow() align 8
define linkonce ccc i32 @enterLeave() align 8  
{
entry:
    ; _ENTER (13)
    %enter.0 = load %struct.Obj*** @_ddcSlotPtr
    %enter.1 = getelementptr inbounds %struct.Obj** %enter.0, i32 13
    store %struct.Obj** %enter.1, %struct.Obj*** @_ddcSlotPtr
    %enter.2 = load %struct.Obj*** @_ddcSlotMax
    %enter.3 = icmp ult %struct.Obj** %enter.1, %enter.2
    br i1 %enter.3, label %enter.good, label %enter.panic
    enter.panic:
    call ccc void ()* @_panicOutOfSlots(  ) noreturn
    br label %enter.good
    enter.good:
    ; ---===+++===---
    %init.0 = load %struct.Obj*** @_ddcSlotPtr
    br label %init.top
    init.top:
    %init.index = phi i64 [0, %init.top],[%init.index.next, %init.top]
    %init.tmp = add i64 %init.index, -13
    %init.index.next = add i64 %init.index, 1
    %init.done = icmp eq i64 %init.index.next, 13
    br i1 %init.done, label %init.end, label %init.top
    init.end:
    ; ---------------------------------------------------------------
    ; _LEAVE (13)
    %leave.0 = load %struct.Obj*** @_ddcSlotPtr
    %leave.1 = getelementptr inbounds %struct.Obj** %leave.0, i32 -13
    store %struct.Obj** %leave.1, %struct.Obj*** @_ddcSlotPtr
    %leave.2 = load %struct.Obj*** @_ddcSlotBase
    %leave.3 = icmp ult %struct.Obj** %leave.1, %leave.2
    br i1 %leave.3, label %leave.panic, label %leave.ok
    leave.panic:
    call ccc void ()* @_panicSlotUnderflow(  ) noreturn
    br label %leave.ok
    leave.ok:
    ; ---------------------------------------------------------------
    ret i32 42
}