Found via devel/llvm60 (bug 227686) but base Clang crashes as well. cc -B/usr/local/bin -MMD -MF obj/third_party/libvpx/bundled_libvpx/vp9_encodemb.o.d -DV8_DEPRECATION_WARNINGS -DENABLE_PLUGINS=1 -DUSE_AURA=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -DNO_TCMALLOC -DDISABLE_NACL -DENABLE_TASK_MANAGER=1 -DENABLE_THEMES=1 -DUSE_PROPRIETARY_CODECS -DFULL_SAFE_BROWSING -DSAFE_BROWSING_CSD -DSAFE_BROWSING_DB_LOCAL -DCHROMIUM_BUILD -DFIELDTRIAL_TESTING_ENABLED -DTOOLKIT_QT -DCR_CLANG_REVISION=284979-2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -Igen -I../../../../qtwebengine-opensource-src-5.9.4/src/3rdparty/chromium -I../../../../qtwebengine-opensource-src-5.9.4/src/3rdparty/chromium/third_party/libvpx/source/config -I../../../../qtwebengine-opensource-src-5.9.4/src/3rdparty/chromium/third_party/libvpx/source/config/linux/ia32 -I../../../../qtwebengine-opensource-src-5.9.4/src/3rdparty/chromium/third_party/libvpx/source/libvpx -Igen/third_party/libvpx -I../../../../qtwebengine-opensource-src-5.9.4/src/3rdparty/chromium/third_party/libvpx/source/libvpx -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -Wno-unknown-attributes -Wno-unknown-warning-option -funwind-tables -fPIC -pipe -fcolor-diagnostics -fdebug-prefix-map=/wrkdirs/usr/ports/www/qt5-webengine/work/qtwebengine-opensource-src-5.9.4/src/3rdparty/chromium=. -pthread -m32 -msse2 -mfpmath=sse -mmmx -momit-leaf-frame-pointer -mstack-alignment=16 -mstackrealign -O2 -fno-ident -fdata-sections -ffunction-sections -g0 -fvisibility=hidden -Wheader-hygiene -Wstring-conversion -Wall -Wno-unused-variable -Wno-missing-field-initializers -Wno-unused-parameter -Wno-c++11-narrowing -Wno-covered-switch-default -Wno-deprecated-register -Wno-unneeded-internal-declaration -Wno-inconsistent-missing-override -Wno-shift-negative-value -Wno-undefined-var-template -Wno-nonportable-include-path -Wno-conversion -Wno-parentheses-equality -Wno-unused-function -c ../../../../qtwebengine-opensource-src-5.9.4/src/3rdparty/chromium/third_party/libvpx/source/libvpx/vp9/encoder/vp9_encodemb.c -o obj/third_party/libvpx/bundled_libvpx/vp9_encodemb.o Assertion failed: ((I.atEnd() || std::next(I) == def_instr_end()) && "getVRegDef assumes a single definition or no definition"), function getVRegDef, file /usr/src/contrib/llvm/lib/CodeGen/MachineRegisterInfo.cpp, line 366. Abort trap
Created attachment 192726 [details] vp9/encoder/vp9_encodemb.c (preprocessed, compressed)
Created attachment 192727 [details] command line args (for clang 6.0)
Can you bisect?
Note, -m32 or -target i386-unknown-freebsd12.0 won't trigger the crash. Make sure to run 32bit Clang binary.
Regression range: base r332632 (good) and base r332849 (bad). Probably a dupe of bug 227686. My guess, base r332833 and ports r467849 are culprits. http://beefy11.nyi.freebsd.org/data/head-i386-default/p467853_s332849/logs/iridium-browser-58.0_13.log http://beefy11.nyi.freebsd.org/data/head-i386-default/p467853_s332849/logs/qt5-webengine-5.9.4_1.log vs. green logs http://beefy11.nyi.freebsd.org/data/head-i386-default/p467743_s332632/logs/iridium-browser-58.0_13.log http://beefy11.nyi.freebsd.org/data/head-i386-default/p467743_s332632/logs/qt5-webengine-5.9.4_1.log
Another note: www/chromium isn't affected because of bug 226458.
Nevermind comment 4. I forgot to update jail/package on amd64.
I can reproduce, it's caused by r332833 (the upstream fixes for EFLAGS), similar to bug 227686, but I'm not sure if it has exactly the same cause. I'm going to make a minimized test case, and figure out which of the upstream revisions caused it.
Iridium can be updated to 2017.11 (based on the Chromium version 62.0.3202.94), but I will need some time to update the port or more manpower to achieve this goal before. Anyway I just realized that the Iridium developers are working on 65.x release http://lists.inai.de/pipermail/iridium/2018-April/000725.html
A commit references this bug: Author: dim Date: Mon Apr 23 23:07:58 UTC 2018 New revision: 332898 URL: https://svnweb.freebsd.org/changeset/base/332898 Log: Pull in r329771 from upstream llvm trunk (by Craig Topper): [X86] In X86FlagsCopyLowering, when rewriting a memory setcc we need to emit an explicit MOV8mr instruction. Previously the code only knew how to handle setcc to a register. This should fix a crash in the chromium build. This fixes various assertion failures while building ports targeting i386: * www/firefox: isReg() && "This is not a register operand!" * www/iridium, www/qt5-webengine: (I.atEnd() || std::next(I) == def_instr_end()) && "getVRegDef assumes a single definition or no definition" * devel/powerpc64-gcc: FromReg != ToReg && "Cannot replace a reg with itself" Reported by: jbeich PR: 225330, 227686, 227698, 227699 MFC after: 1 week X-MFC-With: r332833 Changes: head/contrib/llvm/lib/Target/X86/X86FlagsCopyLowering.cpp
A commit references this bug: Author: jbeich Date: Fri Apr 27 17:41:18 UTC 2018 New revision: 468476 URL: https://svnweb.freebsd.org/changeset/ports/468476 Log: devel/llvm60: apply i386 crashfix after r467849 PR: 227686, 227698 Approved by: portmgr blanket Changes: head/devel/llvm60/Makefile head/devel/llvm60/files/patch-fsvn-r332898
A commit references this bug: Author: dim Date: Fri Apr 27 19:21:42 UTC 2018 New revision: 333070 URL: https://svnweb.freebsd.org/changeset/base/333070 Log: MFC r332833: Recommit r332501, with an additional upstream fix for "Cannot lower EFLAGS copy that lives out of a basic block!" errors on i386. Pull in r325446 from upstream clang trunk (by me): [X86] Add 'sahf' CPU feature to frontend Summary: Make clang accept `-msahf` (and `-mno-sahf`) flags to activate the `+sahf` feature for the backend, for bug 36028 (Incorrect use of pushf/popf enables/disables interrupts on amd64 kernels). This was originally submitted in bug 36037 by Jonathan Looney <jonlooney@gmail.com>. As described there, GCC also uses `-msahf` for this feature, and the backend already recognizes the `+sahf` feature. All that is needed is to teach clang to pass this on to the backend. The mapping of feature support onto CPUs may not be complete; rather, it was chosen to match LLVM's idea of which CPUs support this feature (see lib/Target/X86/X86.td). I also updated the affected test case (CodeGen/attr-target-x86.c) to match the emitted output. Reviewers: craig.topper, coby, efriedma, rsmith Reviewed By: craig.topper Subscribers: emaste, cfe-commits Differential Revision: https://reviews.llvm.org/D43394 Pull in r328944 from upstream llvm trunk (by Chandler Carruth): [x86] Expose more of the condition conversion routines in the public API for X86's instruction information. I've now got a second patch under review that needs these same APIs. This bit is nicely orthogonal and obvious, so landing it. NFC. Pull in r329414 from upstream llvm trunk (by Craig Topper): [X86] Merge itineraries for CLC, CMC, and STC. These are very simple flag setting instructions that appear to only be a single uop. They're unlikely to need this separation. Pull in r329657 from upstream llvm trunk (by Chandler Carruth): [x86] Introduce a pass to begin more systematically fixing PR36028 and similar issues. The key idea is to lower COPY nodes populating EFLAGS by scanning the uses of EFLAGS and introducing dedicated code to preserve the necessary state in a GPR. In the vast majority of cases, these uses are cmovCC and jCC instructions. For such cases, we can very easily save and restore the necessary information by simply inserting a setCC into a GPR where the original flags are live, and then testing that GPR directly to feed the cmov or conditional branch. However, things are a bit more tricky if arithmetic is using the flags. This patch handles the vast majority of cases that seem to come up in practice: adc, adcx, adox, rcl, and rcr; all without taking advantage of partially preserved EFLAGS as LLVM doesn't currently model that at all. There are a large number of operations that techinaclly observe EFLAGS currently but shouldn't in this case -- they typically are using DF. Currently, they will not be handled by this approach. However, I have never seen this issue come up in practice. It is already pretty rare to have these patterns come up in practical code with LLVM. I had to resort to writing MIR tests to cover most of the logic in this pass already. I suspect even with its current amount of coverage of arithmetic users of EFLAGS it will be a significant improvement over the current use of pushf/popf. It will also produce substantially faster code in most of the common patterns. This patch also removes all of the old lowering for EFLAGS copies, and the hack that forced us to use a frame pointer when EFLAGS copies were found anywhere in a function so that the dynamic stack adjustment wasn't a problem. None of this is needed as we now lower all of these copies directly in MI and without require stack adjustments. Lots of thanks to Reid who came up with several aspects of this approach, and Craig who helped me work out a couple of things tripping me up while working on this. Differential Revision: https://reviews.llvm.org/D45146 Pull in r329673 from upstream llvm trunk (by Chandler Carruth): [x86] Model the direction flag (DF) separately from the rest of EFLAGS. This cleans up a number of operations that only claimed te use EFLAGS due to using DF. But no instructions which we think of us setting EFLAGS actually modify DF (other than things like popf) and so this needlessly creates uses of EFLAGS that aren't really there. In fact, DF is so restrictive it is pretty easy to model. Only STD, CLD, and the whole-flags writes (WRFLAGS and POPF) need to model this. I've also somewhat cleaned up some of the flag management instruction definitions to be in the correct .td file. Adding this extra register also uncovered a failure to use the correct datatype to hold X86 registers, and I've corrected that as necessary here. Differential Revision: https://reviews.llvm.org/D45154 Pull in r330264 from upstream llvm trunk (by Chandler Carruth): [x86] Fix PR37100 by teaching the EFLAGS copy lowering to rewrite uses across basic blocks in the limited cases where it is very straight forward to do so. This will also be useful for other places where we do some limited EFLAGS propagation across CFG edges and need to handle copy rewrites afterward. I think this is rapidly approaching the maximum we can and should be doing here. Everything else begins to require either heroic analysis to prove how to do PHI insertion manually, or somehow managing arbitrary PHI-ing of EFLAGS with general PHI insertion. Neither of these seem at all promising so if those cases come up, we'll almost certainly need to rewrite the parts of LLVM that produce those patterns. We do now require dominator trees in order to reliably diagnose patterns that would require PHI nodes. This is a bit unfortunate but it seems better than the completely mysterious crash we would get otherwise. Differential Revision: https://reviews.llvm.org/D45673 Together, these should ensure clang does not use pushf/popf sequences to save and restore flags, avoiding problems with unrelated flags (such as the interrupt flag) being restored unexpectedly. Requested by: jtl PR: 225330 MFC r332898: Pull in r329771 from upstream llvm trunk (by Craig Topper): [X86] In X86FlagsCopyLowering, when rewriting a memory setcc we need to emit an explicit MOV8mr instruction. Previously the code only knew how to handle setcc to a register. This should fix a crash in the chromium build. This fixes various assertion failures while building ports targeting i386: * www/firefox: isReg() && "This is not a register operand!" * www/iridium, www/qt5-webengine: (I.atEnd() || std::next(I) == def_instr_end()) && "getVRegDef assumes a single definition or no definition" * devel/powerpc64-gcc: FromReg != ToReg && "Cannot replace a reg with itself" Reported by: jbeich PR: 225330, 227686, 227698, 227699 Changes: _U stable/11/ stable/11/contrib/llvm/include/llvm/CodeGen/MachineBasicBlock.h stable/11/contrib/llvm/lib/CodeGen/MachineBasicBlock.cpp stable/11/contrib/llvm/lib/Target/X86/Disassembler/X86Disassembler.cpp stable/11/contrib/llvm/lib/Target/X86/X86.h stable/11/contrib/llvm/lib/Target/X86/X86FlagsCopyLowering.cpp stable/11/contrib/llvm/lib/Target/X86/X86ISelLowering.cpp stable/11/contrib/llvm/lib/Target/X86/X86ISelLowering.h stable/11/contrib/llvm/lib/Target/X86/X86InstrCompiler.td stable/11/contrib/llvm/lib/Target/X86/X86InstrInfo.cpp stable/11/contrib/llvm/lib/Target/X86/X86InstrInfo.h stable/11/contrib/llvm/lib/Target/X86/X86InstrInfo.td stable/11/contrib/llvm/lib/Target/X86/X86InstrSystem.td stable/11/contrib/llvm/lib/Target/X86/X86RegisterInfo.td stable/11/contrib/llvm/lib/Target/X86/X86Schedule.td stable/11/contrib/llvm/lib/Target/X86/X86ScheduleAtom.td stable/11/contrib/llvm/lib/Target/X86/X86TargetMachine.cpp stable/11/contrib/llvm/tools/clang/include/clang/Driver/Options.td stable/11/contrib/llvm/tools/clang/lib/Basic/Targets/X86.cpp stable/11/contrib/llvm/tools/clang/lib/Basic/Targets/X86.h stable/11/lib/clang/freebsd_cc_version.h stable/11/lib/clang/libllvm/Makefile