search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
27.84k stars 11.47k forks source link

[CodeGen] Backend crash with machine code errors #59318

Open HazyFish opened 1 year ago

HazyFish commented 1 year ago

Description

Using debug build, the following code crashes msp430, x86_64, i686 backends with 2 machine code errors:

We have seen this in both i686(https://godbolt.org/z/8qzGqWz1e), x86_64J(https://godbolt.org/z/nE6f813x1), and msp430(https://godbolt.org/z/Ts66Yq3sf)

Minimal Reproduction

https://godbolt.org/z/nE6f813x1

Code

define void @f(i1* %0, i1 %1) {
BB:
  br label %BB1

BB1:                                              ; preds = %BB4, %BB1, %BB
  %P = phi i32 [ 0, %BB4 ], [ 1, %BB1 ], [ 0, %BB ]
  %B3 = lshr i1 %1, true
  br i1 false, label %BB1, label %BB3

BB3:                                              ; preds = %BB1
  switch i32 %P, label %SW_D6 [
    i32 3, label %BB4
    i32 5, label %BB2
  ]

BB4:                                              ; preds = %SW_D6, %BB3
  br i1 true, label %BB1, label %BB2

BB2:                                              ; preds = %BB3, %BB4
  ret void

SW_D6:                                            ; preds = %SW_D6, %BB3
  store i1 %B3, i1* %0
  br i1 %B3, label %BB4, label %SW_D6
}

Stack Trace


# Machine code for function f: NoPHIs, TracksLiveness, TiedOpsRewritten
Function Live Ins: $r12 in %1, $r13 in %2

bb.0.BB:
  successors: %bb.2(0x80000000); %bb.2(100.00%)
  liveins: $r12, $r13
  %1:gr16 = COPY $r12
  JMP %bb.2

bb.1.BB4:
; predecessors: %bb.2
  successors: %bb.2(0x80000000); %bb.2(100.00%)

  JMP %bb.2

bb.2.SW_D6:
; predecessors: %bb.2, %bb.1, %bb.0
  successors: %bb.1(0x04000000), %bb.2(0x7c000000); %bb.1(3.12%), %bb.2(96.88%)

  %4:gr8 = AND8rc %4:gr8(tied-def 0), 1, implicit-def dead $sr
  MOV8mr %1:gr16, 0, %4:gr8 :: (store (s8) into %ir.0)
  %5:gr16 = SUBREG_TO_REG 0, %8:gr8, %subreg.subreg_8bit
  BIT16rc %5:gr16, 1, implicit-def $sr
  JCC %bb.1, 1, implicit $sr
  JMP %bb.2

# End machine code for function f.

*** Bad machine code: Reading virtual register without a def ***
- function:    f
- basic block: %bb.2 SW_D6 (0x24c70c0)
- instruction: %5:gr16 = SUBREG_TO_REG 0, %8:gr8, %subreg.subreg_8bit
- operand 2:   %8:gr8

*** Bad machine code: Virtual register defs don't dominate all uses. ***
- function:    f
- v. register: %4
LLVM ERROR: Found 2 machine code errors.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.  Program arguments: ./llvm-project-latest/build-debug/bin/llc -mtriple=msp430 ./crash-reports/dagisel-msp430/1.ll
1.  Running pass 'Function Pass Manager' on module './crash-reports/dagisel-msp430/1.ll'.
2.  Running pass 'Simple Register Coalescing' on function '@f'
 #0 0x00007fc19ea0f29a llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/Support/Unix/Signals.inc:567:11
 #1 0x00007fc19ea0f44b PrintStackTraceSignalHandler(void*) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/Support/Unix/Signals.inc:641:1
 #2 0x00007fc19ea0dac6 llvm::sys::RunSignalHandlers() /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/Support/Signals.cpp:104:5
 #3 0x00007fc19ea0fb75 SignalHandler(int) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/Support/Unix/Signals.inc:412:1
 #4 0x00007fc19d1cb980 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x12980)
 #5 0x00007fc19c4c7e87 raise /build/glibc-CVJwZb/glibc-2.27/signal/../sysdeps/unix/sysv/linux/raise.c:51:0
 #6 0x00007fc19c4c97f1 abort /build/glibc-CVJwZb/glibc-2.27/stdlib/abort.c:81:0
 #7 0x00007fc19e884514 llvm::report_fatal_error(llvm::Twine const&, bool) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/Support/ErrorHandling.cpp:125:5
 #8 0x00007fc1a2306083 llvm::MachineFunction::verify(llvm::Pass*, char const*, bool) const /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/CodeGen/MachineVerifier.cpp:348:22
 #9 0x00007fc1a206a6ff llvm::LiveRangeCalc::findReachingDefs(llvm::LiveRange&, llvm::MachineBasicBlock&, llvm::SlotIndex, unsigned int, llvm::ArrayRef<llvm::SlotIndex>) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/CodeGen/LiveRangeCalc.cpp:212:7
#10 0x00007fc1a206a5be llvm::LiveRangeCalc::extend(llvm::LiveRange&, llvm::SlotIndex, unsigned int, llvm::ArrayRef<llvm::SlotIndex>) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/CodeGen/LiveRangeCalc.cpp:105:7
#11 0x00007fc1a2045772 llvm::LiveIntervals::extendToIndices(llvm::LiveRange&, llvm::ArrayRef<llvm::SlotIndex>, llvm::ArrayRef<llvm::SlotIndex>) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/CodeGen/LiveIntervals.cpp:627:22
#12 0x00007fc1a24bd02e llvm::LiveIntervals::extendToIndices(llvm::LiveRange&, llvm::ArrayRef<llvm::SlotIndex>) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/include/llvm/CodeGen/LiveIntervals.h:187:5
#13 0x00007fc1a24ae833 (anonymous namespace)::RegisterCoalescer::joinVirtRegs(llvm::CoalescerPair&) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/CodeGen/RegisterCoalescer.cpp:3701:3
#14 0x00007fc1a24a8dc0 (anonymous namespace)::RegisterCoalescer::joinIntervals(llvm::CoalescerPair&) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/CodeGen/RegisterCoalescer.cpp:3705:50
#15 0x00007fc1a24a5212 (anonymous namespace)::RegisterCoalescer::joinCopy(llvm::MachineInstr*, bool&) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/CodeGen/RegisterCoalescer.cpp:2041:7
#16 0x00007fc1a24a2e13 (anonymous namespace)::RegisterCoalescer::copyCoalesceWorkList(llvm::MutableArrayRef<llvm::MachineInstr*>) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/CodeGen/RegisterCoalescer.cpp:3932:10
#17 0x00007fc1a24a2b65 (anonymous namespace)::RegisterCoalescer::copyCoalesceInMBB(llvm::MachineBasicBlock*) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/CodeGen/RegisterCoalescer.cpp:4053:7
#18 0x00007fc1a24a08e0 (anonymous namespace)::RegisterCoalescer::joinAllIntervals() /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/CodeGen/RegisterCoalescer.cpp:4081:29
#19 0x00007fc1a249f5d2 (anonymous namespace)::RegisterCoalescer::runOnMachineFunction(llvm::MachineFunction&) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/CodeGen/RegisterCoalescer.cpp:0:5
#20 0x00007fc1a21a5375 llvm::MachineFunctionPass::runOnFunction(llvm::Function&) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/CodeGen/MachineFunctionPass.cpp:91:8
#21 0x00007fc1a1357b36 llvm::FPPassManager::runOnFunction(llvm::Function&) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/IR/LegacyPassManager.cpp:1430:23
#22 0x00007fc1a135c962 llvm::FPPassManager::runOnModule(llvm::Module&) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/IR/LegacyPassManager.cpp:1476:16
#23 0x00007fc1a1358409 (anonymous namespace)::MPPassManager::runOnModule(llvm::Module&) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/IR/LegacyPassManager.cpp:1545:23
#24 0x00007fc1a1357f7d llvm::legacy::PassManagerImpl::run(llvm::Module&) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/IR/LegacyPassManager.cpp:535:16
#25 0x00007fc1a135cc41 llvm::legacy::PassManager::run(llvm::Module&) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/lib/IR/LegacyPassManager.cpp:1672:3
#26 0x00000000004199ac compileModule(char**, llvm::LLVMContext&) /home/henry/aflplusplus-isel/llvm-project-latest/llvm/tools/llc/llc.cpp:736:41
#27 0x0000000000417d52 main /home/henry/aflplusplus-isel/llvm-project-latest/llvm/tools/llc/llc.cpp:417:13
#28 0x00007fc19c4aac87 __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:344:0
#29 0x000000000041755a _start (./llvm-project-latest/build-debug/bin/llc+0x41755a)
HazyFish commented 1 year ago

cc @DataCorrupted

llvmbot commented 1 year ago

@llvm/issue-subscribers-backend-x86

llvmbot commented 1 year ago

@llvm/issue-subscribers-backend-msp430

HazyFish commented 1 year ago

Another reproduction on x86_64 https://godbolt.org/z/hEj3enWs6