[LLVMbugs] [Bug 3332] New: Maintenance of CallGraph after self-inlining broken

bugzilla-daemon at cs.uiuc.edu bugzilla-daemon at cs.uiuc.edu
Thu Jan 15 08:26:09 PST 2009 

http://llvm.org/bugs/show_bug.cgi?id=3332

           Summary: Maintenance of CallGraph after self-inlining broken
           Product: libraries
           Version: trunk
          Platform: All
               URL: http://paste.lisp.org/display/73611
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: Transformation Utilities
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: ggreif at gmail.com
                CC: llvmbugs at cs.uiuc.edu


Obviously my private changes have unearthed a latent bug in InlineFunction.


Here is the relevant gdb session:

Breakpoint 5, UpdateCallGraphAfterInlining (CS=@0xbffff33c,
FirstNewBlock={<bidirectional_iterator<llvm::BasicBlock,ptrdiff_t>> =
{<iterator<std::bidirectional_iterator_tag,llvm::BasicBlock,ptrdiff_t,llvm::BasicBlock*,llvm::BasicBlock&>>
= {<No data fields>}, <No data fields>}, NodePtr = 0x6306850},
ValueMap=@0xbffff2d8, CG=@0x6303130) at InlineFunction.cpp:151
151       const Function *Caller =
CS.getInstruction()->getParent()->getParent();
(gdb) n
152       const Function *Callee = CS.getCalledFunction();
(gdb)
153       CallGraphNode *CalleeNode = CG[Callee];
(gdb)
154       CallGraphNode *CallerNode = CG[Caller];
(gdb)
158       for (CallGraphNode::iterator I = CalleeNode->begin(),
(gdb)
159            E = CalleeNode->end(); I != E; ++I) {
(gdb) call CalleeNode->dump()
Call graph node for function: 'fib'
  Calls function 'fib'
  Calls function 'fib'

(gdb) n
158       for (CallGraphNode::iterator I = CalleeNode->begin(),
(gdb) p CalleeNode->begin()
$99 = {
  _M_current = 0x6302d90
}
(gdb) p CalleeNode->end()
$100 = {
  _M_current = 0x6302da0
}
(gdb) n
160         const Instruction *OrigCall = I->first.getInstruction();
(gdb)
162         DenseMap<const Value*, Value*>::iterator VMI =
ValueMap.find(OrigCall);
(gdb)
164         if (VMI != ValueMap.end() && VMI->second) {
(gdb)
167           if (Instruction *NewCall = dyn_cast<Instruction>(VMI->second))
(gdb)
168             CallerNode->addCalledFunction(CallSite::get(NewCall),
I->second);
(gdb)
158       for (CallGraphNode::iterator I = CalleeNode->begin(),
(gdb) p CalleeNode->begin()
$101 = {
  _M_current = 0x6306f50
}
(gdb) p CalleeNode->end()
$102 = {
  _M_current = 0x6306f68
}
(gdb) p I
$103 = {
  _M_current = 0x6302d90
}
(gdb) p E
$104 = {
  _M_current = 0x6302da0
}
(gdb) 

Preliminary analysis is that the callsites in the CallGraphNode are iterated
over, but in the iteration the very vector of callsites is appended to, which
causes invalidation of the iterators.

This triggers for me on an existing testcase, and I'll paste it here later
along with a patch for a fix.


-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list