Description
Instructions to reproduce:
git clone git@github.com:servo/html5ever.gitcd html5ever/markup5everCARGO_INCREMENTAL=0 RUSTFLAGS="-Zprofile -Ccodegen-units=1 -Cinline-threshold=0" cargo check- The build script of
markup5eversegfaults.
The actual function with the bug is an instance std::panicking::try in the proc_macro2 crate.
The cause seems to be an LLVM bug.
This LLVM IR is generated:
catch.i: ; preds = %.noexc
%120 = phi i64* [ getelementptr inbounds ([24 x i64], [24 x i64]* @__llvm_gcov_ctr.27, i64 0, i64 11), %.noexc ], !dbg !2861
%121 = landingpad { i8*, i32 }
catch i8* null, !dbg !2861
%122 = load i64, i64* %120, !dbg !2861
%123 = add i64 %122, 1, !dbg !2861
store i64 %123, i64* %120, !dbg !2861```Notice how the phi is inserted before the landingpad instruction. This causes the following asm to be generated:
.LBB27_14: // This is never executed
.loc 27 0 15 is_stmt 0
movq 160(%rsp), %rcx
movl $1, %esi
.Ltmp379: // Landing pad points to here!!!
leaq __llvm_gcov_ctr.27(%rip), %rdi
addq $120, %rdi
.loc 27 274 15
movq (%rcx), %r8
addq $1, %r8
movq %r8, (%rcx)So basically the initialization of %rcx is getting skipped by the incorrect landing pad, which in turn causes the crash.
Edit by @Amanieu, original bug report follows.
Just updated nightly on my CI machine
nightly-aarch64-unknown-linux-gnu updated - rustc 1.44.0-nightly (f509b26 2020-03-18) (from rustc 1.43.0-nightly (c20d7ee 2020-03-11))
and found out that tests stopped compiling few of dependencies like cssparser or string_cache or html5ever.
It probably happens because of my RUSTFLAGS
CARGO_INCREMENTAL=0;
RUSTFLAGS="-Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Coverflow-checks=off -Zno-landing-pads";
I created repository with reproduction
https://github.com/Lesiuk/rust-nightly-issue-reproduction
Bissect found that this PR introduced this issue #67502
searched toolchains c20d7ee through 3c6f982
regression in be055d9
Log from test run
Compiling html5ever v0.25.1
error: failed to run custom build command forhtml5ever v0.25.1Caused by:
process didn't exit successfully:/Users/XXXXXX/CLionProjects/issue/target/debug/build/html5ever-1a979961379450d7/build-script-build(signal: 6, SIGABRT: process abort signal)
--- stdout
cargo:rerun-if-changed=/Users/XXXXXX/.cargo/registry/src/github.com-1ecc6299db9ec823/html5ever-0.25.1/src/tree_builder/rules.rs--- stderr
fatal runtime error: failed to initiate panic, error 5warning: build failed, waiting for other jobs to finish...
error: build failed