search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
27.95k stars 11.53k forks source link

"inst not in same function as #dbg_assign" after hotcoldsplit #91814

Closed ellishg closed 4 months ago

ellishg commented 4 months ago

While investigating a clang crash https://github.com/apple/llvm-project/issues/8741, I was able to find a reduced IR that fails to verify after hotcoldsplit. 

opt -passes=hotcoldsplit -S < input.ll

input.ll

; RUN: opt -passes=hotcoldsplit -S < %s -o /dev/null 2>&1 | FileCheck %s

target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"

define void @_foo() !dbg !4 {
entry:
  br i1 false, label %if.then7, label %common.ret

common.ret:                                       ; preds = %entry
  call void @llvm.dbg.assign(metadata i64 0, metadata !7, metadata !DIExpression(DW_OP_LLVM_fragment, 0, 64), metadata !12, metadata ptr null, metadata !DIExpression()), !dbg !13
  ret void

if.then7:                                         ; preds = %entry
  %call21 = load i1, ptr null, align 4294967296
  store i64 0, ptr null, align 8, !DIAssignID !12
  unreachable
}

declare void @llvm.dbg.assign(metadata, metadata, metadata, metadata, metadata, metadata)

!llvm.dbg.cu = !{!0}
!llvm.module.flags = !{!3}

!0 = distinct !DICompileUnit(language: DW_LANG_C_plus_plus_14, file: !1, isOptimized: true, runtimeVersion: 0, emissionKind: FullDebug, enums: !2, splitDebugInlining: false, nameTableKind: None)
!1 = !DIFile(filename: "file.cpp", directory: "foo")
!2 = !{}
!3 = !{i32 2, !"Debug Info Version", i32 3}
!4 = distinct !DISubprogram(name: "foo", linkageName: "_foo", scope: !5, file: !1, line: 425, type: !6, scopeLine: 425, flags: DIFlagPrototyped | DIFlagAllCallsDescribed, spFlags: DISPFlagDefinition | DISPFlagOptimized, unit: !0, retainedNodes: !2)
!5 = !DINamespace(name: "llvm", scope: null)
!6 = distinct !DISubroutineType(types: !2)
!7 = !DILocalVariable(name: "Path", scope: !4, file: !1, line: 436, type: !8)
!8 = !DIDerivedType(tag: DW_TAG_typedef, name: "string", scope: !9, file: !1, line: 79, baseType: !10)
!9 = !DINamespace(name: "std", scope: null)
!10 = distinct !DICompositeType(tag: DW_TAG_class_type, name: "basic_string<char, std::char_traits<char>, std::allocator<char> >", scope: !11, file: !1, line: 85, size: 256, flags: DIFlagTypePassByReference | DIFlagNonTrivial, elements: !2, templateParams: !2, identifier: "_ZTSNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE")
!11 = !DINamespace(name: "__cxx11", scope: !9, exportSymbols: true)
!12 = distinct !DIAssignID()
!13 = !DILocation(line: 0, scope: !4)

The crash goes away if I add -hotcoldsplit-threshold=200, which tells me that splitting _foo() is causing the verifier to fail.

Is this a bug in hotcoldsplit? I'm skeptical because @llvm.dbg.assign() and !DIAssignID !12 are in two different blocks, so I'm wondering if this is valid IR. If this is not valid, then some prior pass must have broken it while I was using llvm-reduce to find a minimal reproducer.

CC @SLTozer becase you seem to have recent commits with DIAssignID.

OCHyams commented 4 months ago

Thanks for the reproducer @ellishg.

Is this a bug in hotcoldsplit? I'm skeptical because @llvm.dbg.assign() and !DIAssignID !12 are in two different blocks, so I'm wondering if this is valid IR

In this case it is a "bug" (/incomplete implementation). DIAssignID uses and attachments should be unique between functions but it's ok and expected for them to get spread across different blocks within a function.

91940 should fix this.

llvmbot commented 4 months ago

@llvm/issue-subscribers-debuginfo

Author: Ellis Hoag (ellishg)

While investigating a clang crash https://github.com/apple/llvm-project/issues/8741, I was able to find a reduced IR that fails to verify after `hotcoldsplit`. ``` opt -passes=hotcoldsplit -S < input.ll ``` # input.ll ```ll ; RUN: opt -passes=hotcoldsplit -S < %s -o /dev/null 2>&1 | FileCheck %s target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-unknown-linux-gnu" define void @_foo() !dbg !4 { entry: br i1 false, label %if.then7, label %common.ret common.ret: ; preds = %entry call void @llvm.dbg.assign(metadata i64 0, metadata !7, metadata !DIExpression(DW_OP_LLVM_fragment, 0, 64), metadata !12, metadata ptr null, metadata !DIExpression()), !dbg !13 ret void if.then7: ; preds = %entry %call21 = load i1, ptr null, align 4294967296 store i64 0, ptr null, align 8, !DIAssignID !12 unreachable } declare void @llvm.dbg.assign(metadata, metadata, metadata, metadata, metadata, metadata) !llvm.dbg.cu = !{!0} !llvm.module.flags = !{!3} !0 = distinct !DICompileUnit(language: DW_LANG_C_plus_plus_14, file: !1, isOptimized: true, runtimeVersion: 0, emissionKind: FullDebug, enums: !2, splitDebugInlining: false, nameTableKind: None) !1 = !DIFile(filename: "file.cpp", directory: "foo") !2 = !{} !3 = !{i32 2, !"Debug Info Version", i32 3} !4 = distinct !DISubprogram(name: "foo", linkageName: "_foo", scope: !5, file: !1, line: 425, type: !6, scopeLine: 425, flags: DIFlagPrototyped | DIFlagAllCallsDescribed, spFlags: DISPFlagDefinition | DISPFlagOptimized, unit: !0, retainedNodes: !2) !5 = !DINamespace(name: "llvm", scope: null) !6 = distinct !DISubroutineType(types: !2) !7 = !DILocalVariable(name: "Path", scope: !4, file: !1, line: 436, type: !8) !8 = !DIDerivedType(tag: DW_TAG_typedef, name: "string", scope: !9, file: !1, line: 79, baseType: !10) !9 = !DINamespace(name: "std", scope: null) !10 = distinct !DICompositeType(tag: DW_TAG_class_type, name: "basic_string<char, std::char_traits<char>, std::allocator<char> >", scope: !11, file: !1, line: 85, size: 256, flags: DIFlagTypePassByReference | DIFlagNonTrivial, elements: !2, templateParams: !2, identifier: "_ZTSNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE") !11 = !DINamespace(name: "__cxx11", scope: !9, exportSymbols: true) !12 = distinct !DIAssignID() !13 = !DILocation(line: 0, scope: !4) ``` The crash goes away if I add `-hotcoldsplit-threshold=200`, which tells me that splitting `_foo()` is causing the verifier to fail. Is this a bug in `hotcoldsplit`? I'm skeptical because `@llvm.dbg.assign()` and `!DIAssignID !12` are in two different blocks, so I'm wondering if this is valid IR. If this is not valid, then some prior pass must have broken it while I was using `llvm-reduce` to find a minimal reproducer. CC @SLTozer becase you seem to have recent commits with `DIAssignID`.