Late GC lowering pass crashes due to trying to alloc bitvector with 0xffffffff elements

```julia
const TABLE = zeros(UInt64, 100)

@inline function lookup(x::UInt64)
    @inbounds TABLE[x]
end

@inline function add_simd()
    s = UInt64(0)
    @simd for n in UInt64.(1:30)
        s += lookup(n)
    end
    s
end

add_simd()
```

**Expected result:** No segmentation fault
**Actual result:** signal (11): Segmentation fault: 11. Julia crashes.

`@code_llvm add_simd()` also crashes the same way. `@code_native add_simd()` gives some more detail:
```
signal (11): Segmentation fault: 11
in expression starting at no file:0
set_unused_bits at /Users/osx/buildbot/slave/package_osx64/build/usr/include/llvm/ADT/BitVector.h:858 [inlined]
clear_unused_bits at /Users/osx/buildbot/slave/package_osx64/build/usr/include/llvm/ADT/BitVector.h:864 [inlined]
flip at /Users/osx/buildbot/slave/package_osx64/build/usr/include/llvm/ADT/BitVector.h:481 [inlined]
ComputeLiveness at /Users/osx/buildbot/slave/package_osx64/build/src/llvm-late-gc-lowering.cpp:1353
runOnFunction at /Users/osx/buildbot/slave/package_osx64/build/src/llvm-late-gc-lowering.cpp:2169
_ZN4llvm13FPPassManager13runOnFunctionERNS_8FunctionE at /Applications/Julia-1.1.app/Contents/Resources/julia/lib/julia/libLLVM.dylib (unknown line)
_ZN4llvm13FPPassManager11runOnModuleERNS_6ModuleE at /Applications/Julia-1.1.app/Contents/Resources/julia/lib/julia/libLLVM.dylib (unknown line)
_ZN4llvm6legacy15PassManagerImpl3runERNS_6ModuleE at /Applications/Julia-1.1.app/Contents/Resources/julia/lib/julia/libLLVM.dylib (unknown line)
operator() at /Users/osx/buildbot/slave/package_osx64/build/src/jitlayers.cpp:335
addModule at /Users/osx/buildbot/slave/package_osx64/build/usr/include/llvm/ExecutionEngine/Orc/IRCompileLayer.h:57
addModule at /Users/osx/buildbot/slave/package_osx64/build/src/jitlayers.cpp:454
jl_add_to_ee at /Users/osx/buildbot/slave/package_osx64/build/src/jitlayers.cpp:679 [inlined]
jl_finalize_function at /Users/osx/buildbot/slave/package_osx64/build/src/jitlayers.cpp:687
getAddressForFunction at /Users/osx/buildbot/slave/package_osx64/build/src/codegen.cpp:1281
jl_dump_function_asm at /Users/osx/buildbot/slave/package_osx64/build/src/codegen.cpp:1602
_dump_function_linfo at /Users/osx/buildbot/slave/package_osx64/build/usr/share/julia/stdlib/v1.1/InteractiveUtils/src/codeview.jl:97
_dump_function at /Users/osx/buildbot/slave/package_osx64/build/usr/share/julia/stdlib/v1.1/InteractiveUtils/src/codeview.jl:72
_dump_function at /Users/osx/buildbot/slave/package_osx64/build/usr/share/julia/stdlib/v1.1/InteractiveUtils/src/codeview.jl:59 [inlined]
#code_native#9 at /Users/osx/buildbot/slave/package_osx64/build/usr/share/julia/stdlib/v1.1/InteractiveUtils/src/codeview.jl:136 [inlined]
#code_native at ./none:0
jl_fptr_trampoline at /Users/osx/buildbot/slave/package_osx64/build/src/gf.c:1854
#code_native#10 at /Users/osx/buildbot/slave/package_osx64/build/usr/share/julia/stdlib/v1.1/InteractiveUtils/src/codeview.jl:138
jl_fptr_trampoline at /Users/osx/buildbot/slave/package_osx64/build/src/gf.c:1854
code_native at /Users/osx/buildbot/slave/package_osx64/build/usr/share/julia/stdlib/v1.1/InteractiveUtils/src/codeview.jl:138
jl_fptr_trampoline at /Users/osx/buildbot/slave/package_osx64/build/src/gf.c:1854
do_call at /Users/osx/buildbot/slave/package_osx64/build/src/interpreter.c:323
eval_stmt_value at /Users/osx/buildbot/slave/package_osx64/build/src/interpreter.c:362 [inlined]
eval_body at /Users/osx/buildbot/slave/package_osx64/build/src/interpreter.c:759
jl_interpret_toplevel_thunk_callback at /Users/osx/buildbot/slave/package_osx64/build/src/interpreter.c:885
unknown function (ip: 0xfffffffffffffffe)
unknown function (ip: 0x10db4ff2f)
unknown function (ip: 0x0)
jl_interpret_toplevel_thunk at /Users/osx/buildbot/slave/package_osx64/build/src/interpreter.c:894
jl_toplevel_eval_flex at /Users/osx/buildbot/slave/package_osx64/build/src/toplevel.c:764
jl_toplevel_eval at /Users/osx/buildbot/slave/package_osx64/build/src/toplevel.c:773 [inlined]
jl_toplevel_eval_in at /Users/osx/buildbot/slave/package_osx64/build/src/toplevel.c:793
eval at ./boot.jl:328
eval_user_input at /Users/osx/buildbot/slave/package_osx64/build/usr/share/julia/stdlib/v1.1/REPL/src/REPL.jl:85
macro expansion at /Users/osx/buildbot/slave/package_osx64/build/usr/share/julia/stdlib/v1.1/REPL/src/REPL.jl:117 [inlined]
#26 at ./task.jl:259
jl_apply at /Users/osx/buildbot/slave/package_osx64/build/src/./julia.h:1571 [inlined]
start_task at /Users/osx/buildbot/slave/package_osx64/build/src/task.c:572
Allocations: 3613583 (Pool: 3612916; Big: 667); GC: 7
Segmentation fault: 11
```
This fails on at least Julia 1.1 and master. It works on Julia 1.0, but if I tweak the script a bit, it crashes there too.
```
julia> versioninfo()
Julia Version 1.1.0-rc1.0
Commit ba87aa3962 (2018-12-31 23:36 UTC)
Platform Info:
  OS: macOS (x86_64-apple-darwin14.5.0)
  CPU: Intel(R) Core(TM) i7-6920HQ CPU @ 2.90GHz
  WORD_SIZE: 64
  LIBM: libopenlibm
  LLVM: libLLVM-6.0.1 (ORCJIT, skylake)
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Late GC lowering pass crashes due to trying to alloc bitvector with 0xffffffff elements #30621

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Late GC lowering pass crashes due to trying to alloc bitvector with 0xffffffff elements #30621

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions