clang crashes on valid code at -O1 and above on x86_64-linux-gnu: Assertion `Val && "isa<> used on a null pointer"' failed

[zhendongsu]

[514] % clangtk -v
clang version 19.0.0git (https://github.com/llvm/llvm-project.git e5936b245e9af0cea69a7e4eae22a05b7ffcf5a3)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /local/suz-local/software/local/clang-trunk/bin
Build config: +assertions
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/11
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/11
Candidate multilib: .;@m64
Selected multilib: .;@m64
[515] % 
[515] % clangtk -O1 -w small.c
clang-19: /local/suz-local/software/clangbuild/llvm-project/llvm/include/llvm/Support/Casting.h:109: static bool llvm::isa_impl_cl<To, const From*>::doit(const From*) [with To = llvm::UndefValue; From = llvm::Constant]: Assertion `Val && "isa<> used on a null pointer"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: /local/suz-local/software/local/clang-trunk/bin/clang-19 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj -dumpdir a- -disable-free -clear-ast-before-backend -main-file-name small.c -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/local/suz-local/software/emitesting/bugs/20240522-clangtk-m64-O3-Weverything-pipe-fPIC-build-120609/delta -fcoverage-compilation-dir=/local/suz-local/software/emitesting/bugs/20240522-clangtk-m64-O3-Weverything-pipe-fPIC-build-120609/delta -resource-dir /local/suz-local/software/local/clang-trunk/lib/clang/19 -I /usr/local/include -I /local/suz-local/software/local/include -internal-isystem /local/suz-local/software/local/clang-trunk/lib/clang/19/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/11/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O1 -w -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fcolor-diagnostics -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/small-e990a2.o -x c small.c
1.	<eof> parser at end of file
2.	Optimizer
 #0 0x000056275ba594cf llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x409a4cf)
 #1 0x000056275ba569f4 SignalHandler(int) Signals.cpp:0:0
 #2 0x00007f0cce9b6420 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x14420)
 #3 0x00007f0cce3bd00b raise /build/glibc-e2p3jK/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
 #4 0x00007f0cce39c859 abort /build/glibc-e2p3jK/glibc-2.31/stdlib/abort.c:81:7
 #5 0x00007f0cce39c729 get_sysdep_segment_value /build/glibc-e2p3jK/glibc-2.31/intl/loadmsgcat.c:509:8
 #6 0x00007f0cce39c729 _nl_load_domain /build/glibc-e2p3jK/glibc-2.31/intl/loadmsgcat.c:970:34
 #7 0x00007f0cce3adfd6 (/lib/x86_64-linux-gnu/libc.so.6+0x33fd6)
 #8 0x000056275b648f39 llvm::InstCombinerImpl::foldCmpLoadFromIndexedGlobal(llvm::LoadInst*, llvm::GetElementPtrInst*, llvm::GlobalVariable*, llvm::CmpInst&, llvm::ConstantInt*) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x3c89f39)
 #9 0x000056275b649420 llvm::InstCombinerImpl::foldICmpInstWithConstantNotInt(llvm::ICmpInst&) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x3c8a420)
#10 0x000056275b66ec1f llvm::InstCombinerImpl::visitICmpInst(llvm::ICmpInst&) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x3cafc1f)
#11 0x000056275b5cfa50 llvm::InstCombinerImpl::run() (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x3c10a50)
#12 0x000056275b5d1322 combineInstructionsOverFunction(llvm::Function&, llvm::InstructionWorklist&, llvm::AAResults*, llvm::AssumptionCache&, llvm::TargetLibraryInfo&, llvm::TargetTransformInfo&, llvm::DominatorTree&, llvm::OptimizationRemarkEmitter&, llvm::BlockFrequencyInfo*, llvm::BranchProbabilityInfo*, llvm::ProfileSummaryInfo*, llvm::LoopInfo*, llvm::InstCombineOptions const&) (.isra.0) InstructionCombining.cpp:0:0
#13 0x000056275b5d25ed llvm::InstCombinePass::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x3c135ed)
#14 0x000056275bce1ea6 llvm::detail::PassModel<llvm::Function, llvm::InstCombinePass, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x4322ea6)
#15 0x000056275b4191cd llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x3a5a1cd)
#16 0x0000562759036716 llvm::detail::PassModel<llvm::Function, llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function>>, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x1677716)
#17 0x000056275b417add llvm::ModuleToFunctionPassAdaptor::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x3a58add)
#18 0x0000562759038946 llvm::detail::PassModel<llvm::Module, llvm::ModuleToFunctionPassAdaptor, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x1679946)
#19 0x000056275b41596d llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x3a5696d)
#20 0x000056275bcf36c8 (anonymous namespace)::EmitAssemblyHelper::RunOptimizationPipeline(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>&, std::unique_ptr<llvm::ToolOutputFile, std::default_delete<llvm::ToolOutputFile>>&, clang::BackendConsumer*) BackendUtil.cpp:0:0
#21 0x000056275bcf6a45 (anonymous namespace)::EmitAssemblyHelper::EmitAssembly(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>, clang::BackendConsumer*) BackendUtil.cpp:0:0
#22 0x000056275bcf7116 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, llvm::IntrusiveRefCntPtr<llvm::vfs::FileSystem>, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>, clang::BackendConsumer*) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x4338116)
#23 0x000056275c354469 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x4995469)
#24 0x000056275e0e626c clang::ParseAST(clang::Sema&, bool, bool) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x672726c)
#25 0x000056275c3548f8 clang::CodeGenAction::ExecuteAction() (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x49958f8)
#26 0x000056275c5e4bc9 clang::FrontendAction::Execute() (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x4c25bc9)
#27 0x000056275c569d2e clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x4baad2e)
#28 0x000056275c6cf346 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x4d10346)
#29 0x0000562758c2fffc cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x1270ffc)
#30 0x0000562758c291fa ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#31 0x0000562758c2cbce clang_main(int, char**, llvm::ToolContext const&) (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x126dbce)
#32 0x0000562758b2978b main (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x116a78b)
#33 0x00007f0cce39e083 __libc_start_main /build/glibc-e2p3jK/glibc-2.31/csu/../csu/libc-start.c:342:3
#34 0x0000562758c28c8e _start (/local/suz-local/software/local/clang-trunk/bin/clang-19+0x1269c8e)
clangtk: error: unable to execute command: Aborted
clangtk: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 19.0.0git (https://github.com/llvm/llvm-project.git e5936b245e9af0cea69a7e4eae22a05b7ffcf5a3)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /local/suz-local/software/local/clang-trunk/bin
Build config: +assertions
clangtk: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clangtk: note: diagnostic msg: /tmp/small-9882da.c
clangtk: note: diagnostic msg: /tmp/small-9882da.sh
clangtk: note: diagnostic msg: 

********************
[516] % 
[516] % cat small.c
int a, b[2], c;
static int *d[2] = {b, &b[1]};
int main() {
  d[a] && (c && 0);
  return 0;
}

[MitalAshok]

Bisect says this starts crashing with 108575f (#92885) @nikic

[nikic]

Reduced:

@table = internal constant [2 x ptr] [ptr @g, ptr getelementptr (i8, ptr @g, i64 4)], align 16
@g = external global [2 x i32]

define i1 @test(i64 %idx) {
  %gep = getelementptr inbounds [2 x ptr], ptr @table, i64 0, i64 %idx
  %v = load ptr, ptr %gep
  %cmp = icmp ne ptr %v, null
  ret i1 %cmp
}