[llvm-bugs] [Bug 43276] New: JumpThreading and BasicAliasAnalysis
via llvm-bugs
llvm-bugs at lists.llvm.org
Wed Sep 11 05:27:58 PDT 2019
https://bugs.llvm.org/show_bug.cgi?id=43276
Bug ID: 43276
Summary: JumpThreading and BasicAliasAnalysis
Product: libraries
Version: trunk
Hardware: PC
OS: Windows NT
Status: NEW
Severity: enhancement
Priority: P
Component: Scalar Optimizations
Assignee: unassignedbugs at nondot.org
Reporter: serguei.katkov at azul.com
CC: llvm-bugs at lists.llvm.org
The intermittent crash is observed on JumpThreading pass.
The reason of the crash is as follows:
1) JumpThreading uses AliasAnalysis
2) JumpThreading is able to destroy BasicBlocks in a some loop.
3) BasicAliasAnalysis is able to use LoopInfo to get a set of exit blocks.
If JumpThreading kills the block in a loop, LoopInfo in BAA is not aware about
it and iterating over blocks in a loop traverses the destroyed block. Taking a
successors from destroyed block may lead to crash.
To create a stable reproducer I needed to apply the following patch:
====================================================
diff --git a/llvm/lib/Analysis/CFG.cpp b/llvm/lib/Analysis/CFG.cpp
index 8215b4ecbb0..981f25a96c7 100644
--- a/llvm/lib/Analysis/CFG.cpp
+++ b/llvm/lib/Analysis/CFG.cpp
@@ -192,6 +192,7 @@ bool llvm::isPotentiallyReachableFromMany(
// All blocks in a single loop are reachable from all other blocks. From
// any of these blocks, we can skip directly to the exits of the loop,
// ignoring any other blocks inside the loop body.
+ Outer->verifyLoop();
Outer->getExitBlocks(Worklist);
} else {
Worklist.append(succ_begin(BB), succ_end(BB));
====================================================
After that the following reproducer causes a crash:
----------------------------------------------------
target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128-ni:1"
target triple = "x86_64-unknown-linux-gnu"
@global = external global i8*
define i32 @wibble() {
bb:
br label %bb1
bb1: ; preds = %bb
br label %bb18
bb2: ; No predecessors!
br label %bb3
bb3: ; preds = %bb19, %bb2
%tmp = phi i8* [ %tmp22, %bb19 ], [ undef, %bb2 ]
%tmp4 = phi i8* [ %tmp21, %bb19 ], [ undef, %bb2 ]
%tmp5 = bitcast i8* %tmp to i64*
%tmp6 = getelementptr inbounds i8, i8* %tmp4, i64 848
%tmp7 = bitcast i8* %tmp6 to i8**
br label %bb11
bb11: ; preds = %bb16, %bb3
%tmp12 = load atomic i8*, i8** %tmp7 unordered, align 8
%tmp13 = icmp eq i8* %tmp12, null
br i1 %tmp13, label %bb17, label %bb14
bb14: ; preds = %bb11
br label %bb15
bb15: ; preds = %bb14
br label %bb16
bb16: ; preds = %bb15
store atomic i64 undef, i64* %tmp5 unordered, align 8
br label %bb11
bb17: ; preds = %bb11
ret i32 undef
bb18: ; preds = %bb1
br label %bb19
bb19: ; preds = %bb18
%tmp20 = getelementptr i8, i8* undef, i64 16
%tmp21 = load atomic i8*, i8** @global unordered, align 8
%tmp22 = getelementptr inbounds i8, i8* %tmp21, i64 936
br label %bb3
}
define void @zot(i8* align 8 dereferenceable_or_null(16) %arg, i32 %arg1) {
bb:
ret void
}
----------------------------------------------------
> opt -aa-pipeline=basic-aa -passes='require<loops>,jump-threading' repro-llvm.ll -S
The following blocks are unreachable in the loop: Stack dump:
0. Program arguments: /localhome/skatkov/work/llvm/build/buildDA/bin/opt
-aa-pipeline=basic-aa -passes=require<loops>,jump-threading repro-llvm.ll -S
#0 0x00007f140551e9f2 llvm::sys::PrintStackTrace(llvm::raw_ostream&)
/localhome/skatkov/work/llvm/src/llvm/lib/Support/Unix/Signals.inc:532:0
#1 0x00007f140551ea85 PrintStackTraceSignalHandler(void*)
/localhome/skatkov/work/llvm/src/llvm/lib/Support/Unix/Signals.inc:593:0
#2 0x00007f140551cc16 llvm::sys::RunSignalHandlers()
/localhome/skatkov/work/llvm/src/llvm/lib/Support/Signals.cpp:68:0
#3 0x00007f140551e46c SignalHandler(int)
/localhome/skatkov/work/llvm/src/llvm/lib/Support/Unix/Signals.inc:384:0
#4 0x00007f14025515d0 __restore_rt (/lib64/libpthread.so.0+0xf5d0)
#5 0x00007f14054e517a llvm::PointerIntPair<llvm::ilist_node_base<true>*, 1u,
unsigned int, llvm::PointerLikeTypeTraits<llvm::ilist_node_base<true>*>,
llvm::PointerIntPairInfo<llvm::ilist_node_base<true>*, 1u,
llvm::PointerLikeTypeTraits<llvm::ilist_node_base<true>*> > >::getInt() const
/localhome/skatkov/work/llvm/src/llvm/include/llvm/ADT/PointerIntPair.h:60:0
#6 0x00007f14054e45ce llvm::ilist_node_base<true>::isSentinel() const
/localhome/skatkov/work/llvm/src/llvm/include/llvm/ADT/ilist_node_base.h:45:0
#7 0x00007f14054e45ee llvm::ilist_node_base<true>::isKnownSentinel() const
/localhome/skatkov/work/llvm/src/llvm/include/llvm/ADT/ilist_node_base.h:46:0
#8 0x00007f14055470c1
llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::Function, true,
false, void>, false, true>::operator*() const
/localhome/skatkov/work/llvm/src/llvm/include/llvm/ADT/ilist_iterator.h:139:0
#9 0x00007f140555a57e llvm::GlobalObject const*
llvm::concat_iterator<llvm::GlobalObject const,
llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::Function, true,
false, void>, false, true>,
llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::GlobalVariable,
true, false, void>, false, true> >::getHelper<0ul>() const
/localhome/skatkov/work/llvm/src/llvm/include/llvm/ADT/STLExtras.h:866:0
#10 0x00007f140555311b llvm::GlobalObject const&
llvm::concat_iterator<llvm::GlobalObject const,
llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::Function, true,
false, void>, false, true>,
llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::GlobalVariable,
true, false, void>, false, true> >::get<0ul,
1ul>(std::integer_sequence<unsigned long, 0ul, 1ul>) const
/localhome/skatkov/work/llvm/src/llvm/include/llvm/ADT/STLExtras.h:879:0
#11 0x00007f140554aff9 llvm::concat_iterator<llvm::GlobalObject const,
llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::Function, true,
false, void>, false, true>,
llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::GlobalVariable,
true, false, void>, false, true> >::operator*() const
/localhome/skatkov/work/llvm/src/llvm/include/llvm/ADT/STLExtras.h:902:0
#12 0x00007f1405531a9d (anonymous
namespace)::AssemblyWriter::AssemblyWriter(llvm::formatted_raw_ostream&,
llvm::SlotTracker&, llvm::Module const*, llvm::AssemblyAnnotationWriter*, bool,
bool) /localhome/skatkov/work/llvm/src/llvm/lib/IR/AsmWriter.cpp:2457:0
#13 0x00007f140553bd58 llvm::Value::print(llvm::raw_ostream&,
llvm::ModuleSlotTracker&, bool) const
/localhome/skatkov/work/llvm/src/llvm/lib/IR/AsmWriter.cpp:4309:0
#14 0x00007f140553baa6 llvm::Value::print(llvm::raw_ostream&, bool) const
/localhome/skatkov/work/llvm/src/llvm/lib/IR/AsmWriter.cpp:4285:0
#15 0x00007f14055d0876 llvm::operator<<(llvm::raw_ostream&, llvm::Value const&)
/localhome/skatkov/work/llvm/src/llvm/include/llvm/IR/Value.h:716:0
#16 0x00007f1406d63d5d llvm::LoopBase<llvm::BasicBlock,
llvm::Loop>::verifyLoop() const
/localhome/skatkov/work/llvm/src/llvm/include/llvm/Analysis/LoopInfoImpl.h:342:0
#17 0x00007f1406c102b1
llvm::isPotentiallyReachableFromMany(llvm::SmallVectorImpl<llvm::BasicBlock*>&,
llvm::BasicBlock*, llvm::SmallPtrSetImpl<llvm::BasicBlock*> const*,
llvm::DominatorTree const*, llvm::LoopInfo const*)
/localhome/skatkov/work/llvm/src/llvm/lib/Analysis/CFG.cpp:196:0
#18 0x00007f1406c10888 llvm::isPotentiallyReachable(llvm::Instruction const*,
llvm::Instruction const*, llvm::SmallPtrSetImpl<llvm::BasicBlock*> const*,
llvm::DominatorTree const*, llvm::LoopInfo const*)
/localhome/skatkov/work/llvm/src/llvm/lib/Analysis/CFG.cpp:279:0
#19 0x00007f1406be3f63
llvm::BasicAAResult::isValueEqualInPotentialCycles(llvm::Value const*,
llvm::Value const*)
/localhome/skatkov/work/llvm/src/llvm/lib/Analysis/BasicAliasAnalysis.cpp:1931:0
#20 0x00007f1406be323a llvm::BasicAAResult::aliasCheck(llvm::Value const*,
llvm::LocationSize, llvm::AAMDNodes, llvm::Value const*, llvm::LocationSize,
llvm::AAMDNodes, llvm::AAQueryInfo&, llvm::Value const*, llvm::Value const*)
/localhome/skatkov/work/llvm/src/llvm/lib/Analysis/BasicAliasAnalysis.cpp:1757:0
#21 0x00007f1406be3044 llvm::BasicAAResult::aliasPHI(llvm::PHINode const*,
llvm::LocationSize, llvm::AAMDNodes const&, llvm::Value const*,
llvm::LocationSize, llvm::AAMDNodes const&, llvm::Value const*,
llvm::AAQueryInfo&)
/localhome/skatkov/work/llvm/src/llvm/lib/Analysis/BasicAliasAnalysis.cpp:1708:0
#22 0x00007f1406be39ba llvm::BasicAAResult::aliasCheck(llvm::Value const*,
llvm::LocationSize, llvm::AAMDNodes, llvm::Value const*, llvm::LocationSize,
llvm::AAMDNodes, llvm::AAQueryInfo&, llvm::Value const*, llvm::Value const*)
/localhome/skatkov/work/llvm/src/llvm/lib/Analysis/BasicAliasAnalysis.cpp:1861:0
#23 0x00007f1406be1af9 llvm::BasicAAResult::aliasGEP(llvm::GEPOperator const*,
llvm::LocationSize, llvm::AAMDNodes const&, llvm::Value const*,
llvm::LocationSize, llvm::AAMDNodes const&, llvm::Value const*, llvm::Value
const*, llvm::AAQueryInfo&)
/localhome/skatkov/work/llvm/src/llvm/lib/Analysis/BasicAliasAnalysis.cpp:1349:0
#24 0x00007f1406be381a llvm::BasicAAResult::aliasCheck(llvm::Value const*,
llvm::LocationSize, llvm::AAMDNodes, llvm::Value const*, llvm::LocationSize,
llvm::AAMDNodes, llvm::AAQueryInfo&, llvm::Value const*, llvm::Value const*)
/localhome/skatkov/work/llvm/src/llvm/lib/Analysis/BasicAliasAnalysis.cpp:1844:0
#25 0x00007f1406be3044 llvm::BasicAAResult::aliasPHI(llvm::PHINode const*,
llvm::LocationSize, llvm::AAMDNodes const&, llvm::Value const*,
llvm::LocationSize, llvm::AAMDNodes const&, llvm::Value const*,
llvm::AAQueryInfo&)
/localhome/skatkov/work/llvm/src/llvm/lib/Analysis/BasicAliasAnalysis.cpp:1708:0
#26 0x00007f1406be39ba llvm::BasicAAResult::aliasCheck(llvm::Value const*,
llvm::LocationSize, llvm::AAMDNodes, llvm::Value const*, llvm::LocationSize,
llvm::AAMDNodes, llvm::AAQueryInfo&, llvm::Value const*, llvm::Value const*)
/localhome/skatkov/work/llvm/src/llvm/lib/Analysis/BasicAliasAnalysis.cpp:1861:0
#27 0x00007f1406be0351 llvm::BasicAAResult::alias(llvm::MemoryLocation const&,
llvm::MemoryLocation const&, llvm::AAQueryInfo&)
/localhome/skatkov/work/llvm/src/llvm/lib/Analysis/BasicAliasAnalysis.cpp:857:0
#28 0x00007f1406bc7678
llvm::AAResults::Model<llvm::BasicAAResult>::alias(llvm::MemoryLocation const&,
llvm::MemoryLocation const&, llvm::AAQueryInfo&)
/localhome/skatkov/work/llvm/src/llvm/include/llvm/Analysis/AliasAnalysis.h:901:0
#29 0x00007f1406bbf737 llvm::AAResults::alias(llvm::MemoryLocation const&,
llvm::MemoryLocation const&, llvm::AAQueryInfo&)
/localhome/skatkov/work/llvm/src/llvm/lib/Analysis/AliasAnalysis.cpp:113:0
#30 0x00007f1406bc086c llvm::AAResults::getModRefInfo(llvm::StoreInst const*,
llvm::MemoryLocation const&, llvm::AAQueryInfo&)
/localhome/skatkov/work/llvm/src/llvm/lib/Analysis/AliasAnalysis.cpp:470:0
#31 0x00007f1406bc07dc llvm::AAResults::getModRefInfo(llvm::StoreInst const*,
llvm::MemoryLocation const&)
/localhome/skatkov/work/llvm/src/llvm/lib/Analysis/AliasAnalysis.cpp:460:0
#32 0x00007f1406d2d340 llvm::AAResults::getModRefInfo(llvm::StoreInst const*,
llvm::Value const*, llvm::LocationSize)
/localhome/skatkov/work/llvm/src/llvm/include/llvm/Analysis/AliasAnalysis.h:550:0
#33 0x00007f1406d2d15a llvm::FindAvailablePtrLoadStore(llvm::Value*,
llvm::Type*, bool, llvm::BasicBlock*,
llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::Instruction, true,
false, void>, false, false>&, unsigned int, llvm::AAResults*, bool*, unsigned
int*) /localhome/skatkov/work/llvm/src/llvm/lib/Analysis/Loads.cpp:449:0
#34 0x00007f140670cf2a
llvm::JumpThreadingPass::SimplifyPartiallyRedundantLoad(llvm::LoadInst*)
/localhome/skatkov/work/llvm/src/llvm/lib/Transforms/Scalar/JumpThreading.cpp:1378:0
#35 0x00007f140670c481 llvm::JumpThreadingPass::ProcessBlock(llvm::BasicBlock*)
/localhome/skatkov/work/llvm/src/llvm/lib/Transforms/Scalar/JumpThreading.cpp:1209:0
#36 0x00007f1406708fc2 llvm::JumpThreadingPass::runImpl(llvm::Function&,
llvm::TargetLibraryInfo*, llvm::LazyValueInfo*, llvm::AAResults*,
llvm::DomTreeUpdater*, bool, std::unique_ptr<llvm::BlockFrequencyInfo,
std::default_delete<llvm::BlockFrequencyInfo> >,
std::unique_ptr<llvm::BranchProbabilityInfo,
std::default_delete<llvm::BranchProbabilityInfo> >)
/localhome/skatkov/work/llvm/src/llvm/lib/Transforms/Scalar/JumpThreading.cpp:397:0
#37 0x00007f1406708ada llvm::JumpThreadingPass::run(llvm::Function&,
llvm::AnalysisManager<llvm::Function>&)
/localhome/skatkov/work/llvm/src/llvm/lib/Transforms/Scalar/JumpThreading.cpp:343:0
#38 0x00007f1408d633a6 llvm::detail::PassModel<llvm::Function,
llvm::JumpThreadingPass, llvm::PreservedAnalyses,
llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&,
llvm::AnalysisManager<llvm::Function>&)
/localhome/skatkov/work/llvm/src/llvm/include/llvm/IR/PassManagerInternal.h:80:0
#39 0x00007f140577cf47 llvm::PassManager<llvm::Function,
llvm::AnalysisManager<llvm::Function> >::run(llvm::Function&,
llvm::AnalysisManager<llvm::Function>&)
/localhome/skatkov/work/llvm/src/llvm/include/llvm/IR/PassManager.h:519:0
#40 0x00007f1408d6fd62
llvm::ModuleToFunctionPassAdaptor<llvm::PassManager<llvm::Function,
llvm::AnalysisManager<llvm::Function> > >::run(llvm::Module&,
llvm::AnalysisManager<llvm::Module>&)
/localhome/skatkov/work/llvm/src/llvm/include/llvm/IR/PassManager.h:1309:0
#41 0x00007f1408d6276e llvm::detail::PassModel<llvm::Module,
llvm::ModuleToFunctionPassAdaptor<llvm::PassManager<llvm::Function,
llvm::AnalysisManager<llvm::Function> > >, llvm::PreservedAnalyses,
llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&,
llvm::AnalysisManager<llvm::Module>&)
/localhome/skatkov/work/llvm/src/llvm/include/llvm/IR/PassManagerInternal.h:80:0
#42 0x00007f140577cbb1 llvm::PassManager<llvm::Module,
llvm::AnalysisManager<llvm::Module> >::run(llvm::Module&,
llvm::AnalysisManager<llvm::Module>&)
/localhome/skatkov/work/llvm/src/llvm/include/llvm/IR/PassManager.h:519:0
#43 0x000000000047f99e llvm::runPassPipeline(llvm::StringRef, llvm::Module&,
llvm::TargetMachine*, llvm::ToolOutputFile*, llvm::ToolOutputFile*,
llvm::ToolOutputFile*, llvm::StringRef, llvm::opt_tool::OutputKind,
llvm::opt_tool::VerifierKind, bool, bool, bool, bool, bool)
/localhome/skatkov/work/llvm/src/llvm/tools/opt/NewPMDriver.cpp:359:0
#44 0x00000000004a555a main
/localhome/skatkov/work/llvm/src/llvm/tools/opt/opt.cpp:679:0
#45 0x00007f14018e6495 __libc_start_main (/lib64/libc.so.6+0x22495)
#46 0x000000000046c029 _start
(/localhome/skatkov/work/llvm/build/buildDA/bin/opt+0x46c029)
Segmentation fault (core dumped)
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20190911/af1a93af/attachment-0001.html>
More information about the llvm-bugs
mailing list