[llvm-commits] [llvm] r165072 - in /llvm/trunk: lib/Target/X86/X86ISelDAGToDAG.cpp test/CodeGen/X86/2012-10-02-DAGCycle.ll
Evan Cheng
evan.cheng at apple.com
Tue Oct 2 16:49:13 PDT 2012
Author: evancheng
Date: Tue Oct 2 18:49:13 2012
New Revision: 165072
URL: http://llvm.org/viewvc/llvm-project?rev=165072&view=rev
Log:
Fix a serious X86 instruction selection bug. In
X86DAGToDAGISel::PreprocessISelDAG(), isel is moving load inside
callseq_start / callseq_end so it can be folded into a call. This can
create a cycle in the DAG when the call is glued to a copytoreg. We
have been lucky this hasn't caused too many issues because the pre-ra
scheduler has special handling of call sequences. However, it has
caused a crash in a specific tailcall case.
rdar://12393897
Added:
llvm/trunk/test/CodeGen/X86/2012-10-02-DAGCycle.ll
Modified:
llvm/trunk/lib/Target/X86/X86ISelDAGToDAG.cpp
Modified: llvm/trunk/lib/Target/X86/X86ISelDAGToDAG.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Target/X86/X86ISelDAGToDAG.cpp?rev=165072&r1=165071&r2=165072&view=diff
==============================================================================
--- llvm/trunk/lib/Target/X86/X86ISelDAGToDAG.cpp (original)
+++ llvm/trunk/lib/Target/X86/X86ISelDAGToDAG.cpp Tue Oct 2 18:49:13 2012
@@ -362,7 +362,7 @@
/// MoveBelowCallOrigChain - Replace the original chain operand of the call with
/// load's chain operand and move load below the call's chain operand.
static void MoveBelowOrigChain(SelectionDAG *CurDAG, SDValue Load,
- SDValue Call, SDValue OrigChain) {
+ SDValue Call, SDValue OrigChain) {
SmallVector<SDValue, 8> Ops;
SDValue Chain = OrigChain.getOperand(0);
if (Chain.getNode() == Load.getNode())
@@ -386,11 +386,22 @@
CurDAG->UpdateNodeOperands(OrigChain.getNode(), &Ops[0], Ops.size());
CurDAG->UpdateNodeOperands(Load.getNode(), Call.getOperand(0),
Load.getOperand(1), Load.getOperand(2));
+
+ bool IsGlued = Call.getOperand(0).getNode()->getGluedUser() == Call.getNode();
+ unsigned NumOps = Call.getNode()->getNumOperands();
Ops.clear();
Ops.push_back(SDValue(Load.getNode(), 1));
- for (unsigned i = 1, e = Call.getNode()->getNumOperands(); i != e; ++i)
+ for (unsigned i = 1, e = NumOps; i != e; ++i)
Ops.push_back(Call.getOperand(i));
- CurDAG->UpdateNodeOperands(Call.getNode(), &Ops[0], Ops.size());
+ if (!IsGlued)
+ CurDAG->UpdateNodeOperands(Call.getNode(), &Ops[0], NumOps);
+ else
+ // If call's chain was glued to the call (tailcall), and now the load
+ // is moved between them. Remove the glue to avoid a cycle (where the
+ // call is glued to its old chain and the load is using the old chain
+ // as its new chain).
+ CurDAG->MorphNodeTo(Call.getNode(), Call.getOpcode(),
+ Call.getNode()->getVTList(), &Ops[0], NumOps-1);
}
/// isCalleeLoad - Return true if call address is a load and it can be
Added: llvm/trunk/test/CodeGen/X86/2012-10-02-DAGCycle.ll
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/CodeGen/X86/2012-10-02-DAGCycle.ll?rev=165072&view=auto
==============================================================================
--- llvm/trunk/test/CodeGen/X86/2012-10-02-DAGCycle.ll (added)
+++ llvm/trunk/test/CodeGen/X86/2012-10-02-DAGCycle.ll Tue Oct 2 18:49:13 2012
@@ -0,0 +1,16 @@
+; RUN: llc -mtriple=i386-apple-macosx -relocation-model=pic < %s
+; rdar://12393897
+
+%TRp = type { i32, %TRH*, i32, i32 }
+%TRH = type { i8*, i8*, i8*, i8*, {}* }
+
+define i32 @t(%TRp* inreg %rp) nounwind optsize ssp {
+entry:
+ %handler = getelementptr inbounds %TRp* %rp, i32 0, i32 1
+ %0 = load %TRH** %handler, align 4
+ %sync = getelementptr inbounds %TRH* %0, i32 0, i32 4
+ %sync12 = load {}** %sync, align 4
+ %1 = bitcast {}* %sync12 to i32 (%TRp*)*
+ %call = tail call i32 %1(%TRp* inreg %rp) nounwind optsize
+ ret i32 %call
+}
More information about the llvm-commits
mailing list