<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [DeadStoreElimination w/ MemSSA] wrong code"

   href="https://bugs.llvm.org/show_bug.cgi?id=48036">48036</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>[DeadStoreElimination w/ MemSSA]  wrong code

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Scalar Optimizations

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>paulsson@linux.vnet.ibm.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=24117" name="attach_24117" title="extracted function">attachment 24117</a> <a href="attachment.cgi?id=24117&action=edit" title="extracted function">[details]</a></span>

extracted function

This SystemZ multistage bot is failing since weeks:

<a href="http://lab.llvm.org:8011/#/builders/8/builds/6">http://lab.llvm.org:8011/#/builders/8/builds/6</a>. Stage-2 llvm-objcopy has a

corrupt size value which causes a call to fallocate of an insane amount which

causes the abortion:

llvm-objcopy --decompress-debug-sections

./build-multistage/test/tools/llvm-objcopy/ELF/Output/compress-debug-sections.test.tmpz.o

./build-multistage/test/tools/llvm-objcopy/ELF/Output/compress-debug-sections.test.tmp2.o

llvm-objcopy: error: ... No space left on device

This is the llvm-objcopy compiled by clang (which was compiled by gcc).

A bisect showed that the first bad commit is 51ff04567, which makes

-enable-dse-memoryssa default to true. I narrowed it all down to one file

(llvm-objcopy/ELF/Object.cpp) and function to the point where I think I can see

just one store being DSE:ed in a function which seems to be incorrect.

To build:

1:

build as usual in $BUILD

2:

mkdir stage2

cd stage2

cmake -G Ninja ../llvm-project/llvm -DCMAKE_C_COMPILER=$BUILD/bin/clang

-DCMAKE_CXX_COMPILER=$BUILD/bin/clang++ -DCMAKE_BUILD_TYPE=Release

-DLLVM_ENABLE_ASSERTIONS=On

ninja check

/bin/llvm-objcopy --decompress-debug-sections

./test/tools/llvm-objcopy/ELF/Output/compress-debug-sections.test.tmpz.o

./test/tools/llvm-objcopy/ELF/Output/compress-debug-sections.test.tmp2.o

./bin/llvm-objcopy: error:

'./test/tools/llvm-objcopy/ELF/Output/compress-debug-sections.test.tmpz.o':

'./test/tools/llvm-objcopy/ELF/Output/compress-debug-sections.test.tmp2.o': No

space left on device

I found that if I recompiled ELF/Object.cpp with these options the error

disappears:

-mllvm -enable-dse-partial-store-merging=false -mllvm

-dse-memoryssa-defs-per-block-limit=3 -mllvm -dse-memoryssa-path-check-limit=1

-mllvm -dse-memoryssa-partial-store-limit=1 -mllvm -dse-memoryssa-scanlimit=19

-mllvm -dse-memoryssa-walklimit=85

Changing the last option to '86' instead produces the bad code again...

I found that it was enough to replace this function in Object.bc:

_ZN4llvm7objcopy3elf10ELFBuilderINS_6object7ELFTypeILNS_7support10endiannessE1ELb1EEEE11makeSectionERKNS3_13Elf_Shdr_ImplIS7_EE

I managed then to extract the right function and run with opt instead:

./bin/opt -mtriple=s390x-linux-gnu fun.ll -S -o out.opt.86.ll -basic-aa -aa

-memoryssa -dse -enable-dse-partial-overwrite-tracking=false

-enable-dse-partial-store-merging=false -dse-memoryssa-defs-per-block-limit=3

-dse-memoryssa-path-check-limit=1 -dse-memoryssa-partial-store-limit=1

-dse-memoryssa-scanlimit=19 -dse-memoryssa-walklimit=86 -debug-only=dse >&

dbg86_opt

./bin/opt -mtriple=s390x-linux-gnu fun.ll -S -o out.opt.85.ll -basic-aa -aa

-memoryssa -dse -enable-dse-partial-overwrite-tracking=false

-enable-dse-partial-store-merging=false -dse-memoryssa-defs-per-block-limit=3

-dse-memoryssa-path-check-limit=1 -dse-memoryssa-partial-store-limit=1

-dse-memoryssa-scanlimit=19 -dse-memoryssa-walklimit=85 -debug-only=dse >&

dbg85_opt

diff dbg85_opt dbg86_opt | grep "DSE: Remove Dead Store" | ...

<span class="quote">>     DSE: Remove Dead Store:</span >

There is one more store eliminated, which seems wrong to me. It is the saving

of the argument %DecompressedSize (:-)  which for some reason is removed:

define void

@_ZN4llvm7objcopy3elf17CompressedSection6createENS_8ArrayRefIhEEmm(... , i64

%DecompressedSize, ...) {

%ref.tmp = alloca %"class.llvm::objcopy::elf::CompressedSection", align 8

...

%DecompressedSize2.i = getelementptr inbounds

%"class.llvm::objcopy::elf::CompressedSection",

%"class.llvm::objcopy::elf::CompressedSection"* %ref.tmp, i64 0, i32 2

store i64 %DecompressedSize, i64* %DecompressedSize2.i, align 8, !tbaa !26

...

}

I can't see any other store to that address/element, and I have no idea why DSE

removes it...</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>