Miscompilation without "-fbounds-safety"

[mikekben]

The program below does not terminate on a normal run of the compiler, but does terminate when the "-fbounds-safety" flag is passed. The behavior of the main LLVM compiler matches the "-fbounds-safety" case.

$ clang-fbound -O3 abc.c ; ./a.out
[does not terminate]

$ clang-fbound -fbounds-safety -O3 abc.c ; ./a.out
0

This is on the most recent commit:

clang-fbound --version
clang version 23.0.0git (https://github.com/swiftlang/llvm-project 842aebf7ecbd8d3b7915f07b5d38c9c1ffe71c1b)

The contents of abc.c:

int printf(const char *, ...);
int a, b, c;
unsigned d;
char e;
char(f)(char g, char h) { return g + h; }
int i() {
  char j = 0;
  for (; j <= 1; j++)
    ;
  int k[] = {1983903286, 1983903286};
  e = k[d];
  b = 0;
  for (; b; b++) {
    d = 0;
    for (; d == 6; d = f(d, 4))
      for (; c; c--)
        j = 0;
  }
  for (;;)
    if (j)
      return 0;
}
void main() {
  i();
  printf("%X\n", a);
}

[mikekben]

A partial diagnosis:

The error occurs in the last loop of i because ConstraintElimination changes the branch condition for if (j) to constant true, creating an infinite loop.

for.cond21:                                       ; preds = %for.cond21, %for.cond3
  %tobool22.not = icmp eq i8 %j.1, 0
  br i1 %tobool22.not, label %for.cond21, label %if.then

if.then:                                          ; preds = %for.cond21
  ret i32 0

After ConstraintEliminationPass on i:

for.cond21:                                       ; preds = %for.cond21, %for.cond3
  br i1 true, label %for.cond21, label %if.then

if.then:                                          ; preds = %for.cond21
  ret i32 0

May be related to this bug report: #11072 (comment)