search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
29.17k stars 12.03k forks source link

[DAGCombiner] visitFREEZE() crashes #60413

Closed JonPsson closed 1 year ago

JonPsson commented 1 year ago 
(gdb) p N->dump()
t293: v4i32 = <<Deleted Node!>>

Looks like visitFREEZE() is visited with a deleted node somehow. There are multiple freeze nodes on the DAG but this time isGuaranteedNotToBeUndefOrPoisonForTargetNode() is never called.

./bin/llc -mtriple=s390x-linux-gnu ./tc_freeze-02b.ll -o /dev/null

testcase.tar.gz

RKSimon commented 1 year ago 
Type-legalized selection DAG: %bb.0 'm:entry'
SelectionDAG has 84 nodes:
  t0: ch,glue = EntryToken
  t110: v4i32 = BUILD_VECTOR Constant:i32<127>, Constant:i32<127>, Constant:i32<127>, Constant:i32<127>
  t115: i32,ch = load<(dereferenceable load (s8) from @e + 3), anyext from i8> t0, GlobalAddress:i64<ptr @e> + 3, undef:i64
  t117: i32,ch = load<(dereferenceable load (s24) from `ptr getelementptr inbounds (%struct.anon.0.1.2.3.8.77.0.1.2.3.76, ptr @f, i64 0, i32 2)`, align 4), anyext from i24> t0, GlobalAddress:i64<ptr @f> + 4, undef:i64
  t118: i32 = freeze t117
        t156: v4i32 = BUILD_VECTOR t117, t117, t117, t118
      t157: v4i32 = freeze t156
    t176: v4i32 = and t157, t175
  t158: v4i32 = setcc t176, t110, setugt:ch
  t175: v4i32 = BUILD_VECTOR Constant:i32<16777215>, Constant:i32<16777215>, Constant:i32<16777215>, Constant:i32<16777215>
        t177: v4i32 = BUILD_VECTOR undef:i32, undef:i32, undef:i32, t117
      t178: v4i32 = freeze t177
    t198: v4i32 = and t178, t175
  t179: v4i32 = setcc t198, t110, setugt:ch
        t275: v4i32 = BUILD_VECTOR t117, t117, t117, undef:i32
      t276: v4i32 = freeze t275
    t291: v4i32 = and t276, t175
  t277: v4i32 = setcc t291, t110, setugt:ch
        t292: v4i32 = BUILD_VECTOR t117, t117, t117, t117
      t293: v4i32 = freeze t292
    t313: v4i32 = and t293, t175
  t294: v4i32 = setcc t313, t110, setugt:ch
                        t312: i32 = extract_vector_elt t294, Constant:i32<0>
                        t311: i32 = extract_vector_elt t294, Constant:i32<1>
                        t310: i32 = extract_vector_elt t294, Constant:i32<2>
                        t309: i32 = extract_vector_elt t294, Constant:i32<3>
                        t290: i32 = extract_vector_elt t277, Constant:i32<0>
                        t289: i32 = extract_vector_elt t277, Constant:i32<1>
                        t288: i32 = extract_vector_elt t277, Constant:i32<2>
                        t287: i32 = extract_vector_elt t277, Constant:i32<3>
                        t197: i32 = extract_vector_elt t179, Constant:i32<0>
                        t196: i32 = extract_vector_elt t179, Constant:i32<1>
                        t195: i32 = extract_vector_elt t179, Constant:i32<2>
                        t194: i32 = extract_vector_elt t179, Constant:i32<3>
                        t174: i32 = extract_vector_elt t158, Constant:i32<0>
                        t173: i32 = extract_vector_elt t158, Constant:i32<1>
                        t172: i32 = extract_vector_elt t158, Constant:i32<2>
                        t171: i32 = extract_vector_elt t158, Constant:i32<3>
                      t266: v16i8 = BUILD_VECTOR t312, t311, t310, t309, t290, t289, t288, t287, t197, t196, t195, t194, t174, t173, t172, t171
                    t138: ch = store<(store (s16) into %stack.2), trunc to v16i1> t0, t266, FrameIndex:i64<2>, undef:i64
                  t328: i32,ch = load<(load (s16) from %stack.2), anyext from i16> t138, FrameIndex:i64<2>, undef:i64
                        t101: v16i8 = freeze undef:v16i8
                      t333: ch = store<(store (s16) into %stack.1), trunc to v16i1> t0, t101, FrameIndex:i64<1>, undef:i64
                    t334: i32,ch = load<(load (s16) from %stack.1), anyext from i16> t333, FrameIndex:i64<1>, undef:i64
                  t106: i32 = xor t334, Constant:i32<-1>
                t134: i32 = or t328, t106
              t137: i32 = and t134, Constant:i32<65535>
            t135: i32 = setcc t137, Constant:i32<0>, seteq:ch
          t332: i32 = and t135, Constant:i32<1>
                t121: i32 = and t118, Constant:i32<16777215>
              t119: i32 = setcc t121, Constant:i32<128>, setult:ch
            t330: i32 = and t119, Constant:i32<1>
                  t327: i32 = and t117, Constant:i32<16777215>
                t320: i32 = setcc t327, Constant:i32<128>, setult:ch
              t326: i32 = and t320, Constant:i32<1>
              t116: i32 = and t115, Constant:i32<1>
            t321: i32 = select t326, t116, Constant:i32<0>
          t322: i32 = select t330, t321, Constant:i32<0>
        t323: i32 = select t332, t322, Constant:i32<0>
      t324: ch = store<(store (s8) into @g, align 2), trunc to i8> t0, t323, GlobalAddress:i64<ptr @g> 0, undef:i64
      t2: ch = lifetime.start<0 to 4> t0, TargetFrameIndex:i64<0>
    t95: ch = TokenFactor t324, t115:1, t2, t117:1
  t69: ch = SystemZISD::RET_FLAG t95
RKSimon commented 1 year ago

CC @LebedevRI who touched this code recently

Naville commented 1 year ago

Sounds similar / related to D141256?

Naville commented 1 year ago

Yeah, this is a regression from the suggested changes by @LebedevRI in D141256, in this case, N is already a deleted node before the "re-fetch operand", so calling getOperand(0) on it broke