<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Feb 22, 2015 at 1:34 AM, Romanova, Katya <span dir="ltr"><<a href="mailto:Katya_Romanova@playstation.sony.com" target="_blank">Katya_Romanova@playstation.sony.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">Hello,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">I encountered a problem triggered by Jump-Threading optimization.  This pass is creating an unreachable block with an instruction that is not well formed, which then causes the
 subsequent GVN pass to enter an infinite loop.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">Here are the details:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">Consider the following small testcase. I reduced it from a huge project that was failing during LTO. Unfortunately,  I was not given any source files, only the bitcode.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal">-----------------------------------------------------------------------------<u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">small.ll<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">----------------------------------------------------------------<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">%"class.ls_file::Path" = type { [1024 x i8], i8*, i8*, i8*}<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">; Function Attrs: nounwind sspstrong uwtable<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">define void @foo(%"class.ls_file::Path"* %this, i8* nocapture readonly %pPath) #0 {<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  %1 = load i8* %pPath, align 1
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  switch i8 %1, label %.loopexit.i.i [<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">    i8 92, label %2<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">    i8 47, label %2<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  ]
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">; <label>:2                                       ; preds = %0, %0<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  %3 = load i8* %pPath, align 1
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  %4 = icmp eq i8 %3, 46<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  br i1 %4, label %.critedge.i.i, label %.outer.i.i
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">.critedge.i.i:                                    ; preds = %.critedge.i.i, %.critedge.i.i, %2<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  %.0.i.i = phi i8* [ %pPath, %2 ], [ %5, %.critedge.i.i ], [ %5, %.critedge.i.i ]<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  %5 = getelementptr inbounds i8* %.0.i.i, i64 1
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  %6 = load i8* %5, align 1
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  switch i8 %6, label %.outer.i.i [<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">    i8 92, label %.critedge.i.i<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">    i8 47, label %.critedge.i.i<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  ]
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">.outer.i.i:                                       ; preds = %.critedge.i.i, %2<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  %.2.ph2.i.i = phi i8* [ %5, %.critedge.i.i ], [ %pPath, %2 ]<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  %7 = load i8* %.2.ph2.i.i, align 1
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  %8 = icmp eq i8 %7, 0
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  br label %.loopexit.i.i
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">.loopexit.i.i:                                    ; preds = %7<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  ret void
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">}<u></u><u></u></span></p>
<div style="border:none;border-bottom:solid windowtext 1.0pt;padding:0in 0in 1.0pt 0in">
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
</div>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">If you run GVN after jump threading, opt will go into infinite recursion.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">opt  -jump-threading small.ll -o test2.o<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">opt -gvn test2.o -o test3.o<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">Segmentation fault (core dumped)<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">Here’s why it’s happening:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">Jump threading transforms this block:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">.critedge.i.i:                                    ; preds = %.critedge.i.i, %.critedge.i.i, %2<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  %.0.i.i = phi i8* [ %pPath, %2 ], [ %5, %.critedge.i.i ], [ %5, %.critedge.i.i ]<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  %5 = getelementptr inbounds i8* %.0.i.i, i64 1
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  %6 = load i8* %5, align 1
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  switch i8 %6, label %.outer.i.i [<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">    i8 92, label %.critedge.i.i<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">    i8 47, label %.critedge.i.i<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  ]
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">into the following block:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">.critedge.i.i:                                    ; preds = %.critedge.i.i, %.critedge.i.i<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  %2 = getelementptr inbounds i8* %2, i64 1<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  %3 = load i8* %2, align 1<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  switch i8 %3, label %.outer.i.i [<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">    i8 92, label %.critedge.i.i<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">    i8 47, label %.critedge.i.i<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">  ]<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">Note that the block .critedge.i.i is now unreachable and it contains the following instruction:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">%2 = getelementptr inbounds i8* %2, i64 1                   <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">This instruction doesn’t appear to be well formed. However, one could argue that it is – formally %2 def does dominate all %2 uses because both are located in an unreachable block,
 so every path to the use is passing through the def (because there are 0 paths like that).<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">That is likely the reason why –verify doesn’t complain about it.</span></p></div></div></blockquote><div><br></div><div>Why is jump-threading creating this funky instruction?</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">And this is where the problem actually happens:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">When -gvn pass is invoked afterwards, it goes into an infinite recursion in function ‘<span style="background:white">PHITranslateSubExpr</span>’ (located in
 PHITransAddr.cpp). When processing a GEP instruction (%2), this function calls itself recursively with its first operand (which is also %2).<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:14.0pt;font-family:"Cambria","serif";background:white">// Handle getelementptr with at least one PHI translatable operand.<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:14.0pt;font-family:"Cambria","serif";background:white">  if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(Inst)) {<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:14.0pt;font-family:"Cambria","serif";background:white">    SmallVector<Value*, 8> GEPOps;<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:14.0pt;font-family:"Cambria","serif";background:white">    bool AnyChanged = false;<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:14.0pt;font-family:"Cambria","serif";background:white">    for (unsigned i = 0, e = GEP->getNumOperands(); i != e; ++i) {<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:14.0pt;font-family:"Cambria","serif";background:white">      Value *GEPOp = PHITranslateSubExpr(GEP->getOperand(i), CurBB, PredBB, DT);                     // <- it
 goes into infinite recursion here.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif";background:white">      if (GEPOp == 0) return 0;</span><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">There are several different ways to fix this problem.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p><u></u><span style="font-size:14.0pt;font-family:"Cambria","serif""><span>(1)<span style="font:7.0pt "Times New Roman"">                       
</span></span></span><u></u><span style="font-size:14.0pt;font-family:"Cambria","serif"">We have to remove the unreachable code immediately after or during Jump-Threading pass;<u></u><u></u></span></p>
<p><u></u><span style="font-size:14.0pt;font-family:"Cambria","serif""><span>(2)<span style="font:7.0pt "Times New Roman"">                       
</span></span></span><u></u><span style="font-size:14.0pt;font-family:"Cambria","serif"">GVN should skip unreachable code;<u></u><u></u></span></p>
<p><u></u><span style="font-size:14.0pt;font-family:"Cambria","serif""><span>(3)<span style="font:7.0pt "Times New Roman"">                       
</span></span></span><u></u><span style="font-size:14.0pt;font-family:"Cambria","serif"">GVN shouldn’t recursively invoke the same function with the same arguments. 
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">Here is an extra check that implements the 3<sup>rd</sup> approach. Please review.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal">===================================================================<u></u><u></u></p>
<p class="MsoNormal">--- PHITransAddr.cpp    (revision 229821)<u></u><u></u></p>
<p class="MsoNormal">+++ PHITransAddr.cpp    (working copy)<u></u><u></u></p>
<p class="MsoNormal">@@ -217,10 +217,13 @@<u></u><u></u></p>
<p class="MsoNormal">     SmallVector<Value*, 8> GEPOps;<u></u><u></u></p>
<p class="MsoNormal">     bool AnyChanged = false;<u></u><u></u></p>
<p class="MsoNormal">     for (unsigned i = 0, e = GEP->getNumOperands(); i != e; ++i) {<u></u><u></u></p>
<p class="MsoNormal">-      Value *GEPOp = PHITranslateSubExpr(GEP->getOperand(i), CurBB, PredBB, DT);<u></u><u></u></p>
<p class="MsoNormal">+      Value *Operand= GEP->getOperand(i);<u></u><u></u></p>
<p class="MsoNormal">+      if (GEP==Operand)<u></u><u></u></p>
<p class="MsoNormal">+        continue;<u></u><u></u></p>
<p class="MsoNormal">+      Value *GEPOp = PHITranslateSubExpr(Operand, CurBB, PredBB, DT);<u></u><u></u></p>
<p class="MsoNormal">       if (!GEPOp) return nullptr;<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">-      AnyChanged |= GEPOp != GEP->getOperand(i);<u></u><u></u></p>
<p class="MsoNormal">+      AnyChanged |= GEPOp != Operand;<u></u><u></u></p>
<p class="MsoNormal">       GEPOps.push_back(GEPOp);<u></u><u></u></p>
<p class="MsoNormal">     }<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span style="font-family:"Cambria","serif"">===================================================================</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">One thing to note here is – unreachable code, if not removed, could push invalid code through subsequent passes. This invalid code will not be caught by the verifier. If  these
 passes are not paranoid enough, the bad code may cause all sorts of issues. The case above is one example.<span class="HOEnZb"><font color="#888888"><u></u><u></u></font></span></span></p><span class="HOEnZb"><font color="#888888">
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">Katya.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""> <u></u><u></u></span></p>
</font></span></div>
</div>

<br>_______________________________________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@cs.uiuc.edu">llvm-commits@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits</a><br>
<br></blockquote></div><br></div></div>