<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 20, 2015 at 2:01 PM, Adrian Prantl <span dir="ltr"><<a href="mailto:aprantl@apple.com" target="_blank">aprantl@apple.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5"><br>
> On Aug 20, 2015, at 12:27 PM, David Blaikie <<a href="mailto:dblaikie@gmail.com">dblaikie@gmail.com</a>> wrote:<br>
><br>
><br>
><br>
> On Thu, Aug 20, 2015 at 11:40 AM, Adrian Prantl <<a href="mailto:aprantl@apple.com">aprantl@apple.com</a>> wrote:<br>
><br>
>> On Aug 20, 2015, at 11:34 AM, David Blaikie <<a href="mailto:dblaikie@gmail.com">dblaikie@gmail.com</a>> wrote:<br>
>><br>
>><br>
>><br>
>> On Thu, Aug 20, 2015 at 11:23 AM, Adrian Prantl via llvm-commits <<a href="mailto:llvm-commits@lists.llvm.org">llvm-commits@lists.llvm.org</a>> wrote:<br>
>> Author: adrian<br>
>> Date: Thu Aug 20 13:23:56 2015<br>
>> New Revision: 245588<br>
>><br>
>> URL: <a href="http://llvm.org/viewvc/llvm-project?rev=245588&view=rev" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project?rev=245588&view=rev</a><br>
>> Log:<br>
>> Fix a debug location handling bug in GVN.<br>
>> Caught by the famous "DebugLoc describes the currect SubProgram" assertion.<br>
>><br>
>> Huzzah! \o/ ;) (sorry, I know they're a pain to track down, but it's a great way to find debug info quality bugs that would produce really shitty debug info if it weren't for this assertion)<br>
><br>
> Oh yes.<br>
><br>
>><br>
>> When GVN is removing a nonlocal load it updates the debug location of the<br>
>> SSA value it replaced the load with with the one of the load.<br>
>><br>
>> I guess I'm not quite following here (knowing next to nothing about GVN) - could you explain this in more detail? What transformation is GVN performing on a call?<br>
><br>
> GVN is eliminating the load (and store) to @f and replaces all uses of the load with the value that is stored in @f, which is %call. It then used to transfer the DebugLoc of the load to the value it’s replacing it with (in this case %call). This triggers the assertion because %call happens to be, well, a call.<br>
><br>
>><br>
>> In the<br>
>> testcase this actually overwrites a valid debug location with an empty one.<br>
>><br>
>> In reality GVN has to make an arbitrary choice between two equally valid<br>
>> debug locations. This patch changes to behavior to only update the<br>
>> location if the value doesn't already have a debug location.<br>
>><br>
>> Added:<br>
>> llvm/trunk/test/DebugInfo/gvn.ll<br>
>> Modified:<br>
>> llvm/trunk/lib/Transforms/Scalar/GVN.cpp<br>
>><br>
>> Modified: llvm/trunk/lib/Transforms/Scalar/GVN.cpp<br>
>> URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/Scalar/GVN.cpp?rev=245588&r1=245587&r2=245588&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/Scalar/GVN.cpp?rev=245588&r1=245587&r2=245588&view=diff</a><br>
>> ==============================================================================<br>
>> --- llvm/trunk/lib/Transforms/Scalar/GVN.cpp (original)<br>
>> +++ llvm/trunk/lib/Transforms/Scalar/GVN.cpp Thu Aug 20 13:23:56 2015<br>
>> @@ -1744,7 +1744,8 @@ bool GVN::processNonLocalLoad(LoadInst *<br>
>> if (isa<PHINode>(V))<br>
>> V->takeName(LI);<br>
>> if (Instruction *I = dyn_cast<Instruction>(V))<br>
>> - I->setDebugLoc(LI->getDebugLoc());<br>
>> + if (LI->getDebugLoc())<br>
>> + I->setDebugLoc(LI->getDebugLoc());<br>
>> if (V->getType()->getScalarType()->isPointerTy())<br>
>> MD->invalidateCachedPointerInfo(V);<br>
>> markInstructionForDeletion(LI);<br>
>><br>
>> Added: llvm/trunk/test/DebugInfo/gvn.ll<br>
>> URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/test/DebugInfo/gvn.ll?rev=245588&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/test/DebugInfo/gvn.ll?rev=245588&view=auto</a><br>
>> ==============================================================================<br>
>> --- llvm/trunk/test/DebugInfo/gvn.ll (added)<br>
>> +++ llvm/trunk/test/DebugInfo/gvn.ll Thu Aug 20 13:23:56 2015<br>
>> @@ -0,0 +1,135 @@<br>
>> +; RUN: opt < %s -O2 -gvn -S | FileCheck %s<br>
>> +;<br>
>> +; Produced at -O2 from:<br>
>><br>
>> Do you have the original reproduction -cc1 line, by chance? I'd be curious to see if this test case can be simplified a bit further to make the interesting part(s) more obvious.<br>
><br>
> Testcase-golfing! :-)<br>
><br>
> It’s very hard to reduce it any more from source, because it needs this specific chain of simplify-cfg and gvn:<br>
> clang -cc1 -triple arm64-apple-ios -emit-llvm -gdwarf-2 -O2 file.c -o -<br>
><br>
> Hmm, can't seem to reproduce it with this (& I don't mind just the full command line that crashes clang - rather than having to take it from clang to opt, etc, if you have that) - any ideas? (I'm trying to reproduce at r245521, FWIW)<br>
<br>
</div></div>This is the setup I used for delta/creduce:<br>
<br>
$ cat test.sh<br>
set -e<br>
clang-3.8 -cc1 -triple arm64-apple-ios -emit-llvm -main-file-name action.c -gdwarf-2 -O2 -x c action.i -o action.ll &>/dev/null<br>
FileCheck test.sh <action.ll<br>
echo SUCCESS<br>
# CHECK: tail call i32 @pid_for_task({{.*\)[^,]+$}}<br></blockquote><div><br>Ah, sorry, I see - you were checking for the IR, rather than the crash. Fair (I was expecting a crash - but that would've require more (unnecessary for the issue at hand) code). I'll work with that :)<br> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
$ cat action.i<br>
struct context {<br>
int cur_pid<br>
};<br>
<span class="">int a, b, c, f, d;<br>
</span>int pid_for_task(int);<br>
sample(struct context *p1)<br>
{<br>
if (c)<br>
b = a;<br>
<span class=""> if (a && p1->cur_pid)<br>
</span> sample_internal();<br>
}<br>
callback() {<br>
f = pid_for_task(d);<br>
sample(&f);<br>
}<br>
<br>
I noticed that when running the test through opt running through opt -gvn alone did not reproduce the error, but running through opt -O2 -gvn did, although none of the passes running before gvn (or after) changed the IR, so it is possible that there is nondeterminism involved.<br>
I also tried to add an assertion into GVN and running bugpoint on the IR, but it failed to reduce the testcase any further.<br>
<span class="HOEnZb"><font color="#888888"><br>
-- adrian<br>
</font></span><div class="HOEnZb"><div class="h5">><br>
><br>
> -- adrian<br>
><br>
>> +; struct context {<br>
>> +; int cur_pid<br>
>> +; };<br>
>> +; int a, b, c, f, d;<br>
>> +; int pid_for_task(int);<br>
>> +; sample(struct context *p1)<br>
>> +; {<br>
>> +; if (c)<br>
>> +; b = a;<br>
>> +; if (a && p1->cur_pid)<br>
>> +; sample_internal();<br>
>> +; }<br>
>> +; callback() {<br>
>> +; f = pid_for_task(d);<br>
>> +; sample(&f);<br>
>> +; }<br>
>> +<br>
>> +target datalayout = "e-m:o-i64:64-i128:128-n32:64-S128"<br>
>> +target triple = "arm64-apple-ios"<br>
>> +<br>
>> +%struct.context = type { i32 }<br>
>> +<br>
>> +@c = common global i32 0, align 4<br>
>> +@a = common global i32 0, align 4<br>
>> +@b = common global i32 0, align 4<br>
>> +@d = common global i32 0, align 4<br>
>> +@f = common global i32 0, align 4<br>
>> +<br>
>> +; Function Attrs: nounwind<br>
>> +declare i32 @sample_internal(...)<br>
>> +<br>
>> +; Function Attrs: nounwind<br>
>> +define i32 @callback() #0 {<br>
>> +entry:<br>
>> + %0 = load i32, i32* @d, align 4, !dbg !37<br>
>> +<br>
>> + ; Verify that the call still has a debug location after GVN.<br>
>> + ; CHECK: %call = tail call i32 @pid_for_task(i32 %0) #{{[0-9]}}, !dbg<br>
>> + %call = tail call i32 @pid_for_task(i32 %0) #3, !dbg !37<br>
>> +<br>
>> + store i32 %call, i32* @f, align 4, !dbg !37<br>
>> + tail call void @llvm.dbg.value(metadata %struct.context* bitcast (i32* @f to %struct.context*), i64 0, metadata !25, metadata !26) #3, !dbg !38<br>
>> + %1 = load i32, i32* @c, align 4, !dbg !40<br>
>> + %tobool.i = icmp eq i32 %1, 0, !dbg !40<br>
>> + %.pr.i = load i32, i32* @a, align 4, !dbg !41<br>
>> + br i1 %tobool.i, label %if.end.i, label %if.then.i, !dbg !42<br>
>> +<br>
>> +if.then.i: ; preds = %entry<br>
>> + store i32 %.pr.i, i32* @b, align 4, !dbg !43<br>
>> + br label %if.end.i, !dbg !43<br>
>> +<br>
>> +if.end.i: ; preds = %if.then.i, %entry<br>
>> + %tobool1.i = icmp eq i32 %.pr.i, 0, !dbg !41<br>
>> +<br>
>> + ; This instruction has no debug location -- in this<br>
>> + ; particular case it was removed by a bug in SimplifyCFG.<br>
>> + %2 = load i32, i32* @f, align 4<br>
>> +<br>
>> + ; GVN is supposed to replace the load of @f with a direct reference to %call.<br>
>> + ; CHECK: %tobool2.i = icmp eq i32 %call, 0, !dbg<br>
>> + %tobool2.i = icmp eq i32 %2, 0, !dbg !41<br>
>> +<br>
>> + %or.cond = or i1 %tobool1.i, %tobool2.i, !dbg !41<br>
>> + br i1 %or.cond, label %sample.exit, label %if.then.3.i, !dbg !41<br>
>> +<br>
>> +if.then.3.i: ; preds = %if.end.i<br>
>> + %call.i = tail call i32 bitcast (i32 (...)* @sample_internal to i32 ()*)() #3, !dbg !44<br>
>> + br label %sample.exit, !dbg !44<br>
>> +<br>
>> +sample.exit: ; preds = %if.end.i, %if.then.3.i<br>
>> + ret i32 undef, !dbg !45<br>
>> +}<br>
>> +<br>
>> +declare i32 @pid_for_task(i32) #1<br>
>> +<br>
>> +; Function Attrs: nounwind readnone<br>
>> +declare void @llvm.dbg.value(metadata, i64, metadata, metadata) #2<br>
>> +<br>
>> +attributes #0 = { nounwind }<br>
>> +attributes #2 = { nounwind readnone }<br>
>> +attributes #3 = { nounwind }<br>
>> +<br>
>> +!<a href="http://llvm.dbg.cu" rel="noreferrer" target="_blank">llvm.dbg.cu</a> = !{!0}<br>
>> +!llvm.module.flags = !{!22, !23}<br>
>> +!llvm.ident = !{!24}<br>
>> +<br>
>> +!0 = distinct !DICompileUnit(language: DW_LANG_C99, file: !1, producer: "clang version 3.8.0 (trunk 244473) (llvm/trunk 244644)", isOptimized: false, runtimeVersion: 0, emissionKind: 1, enums: !2, subprograms: !3, globals: !16)<br>
>> +!1 = !DIFile(filename: "test.c", directory: "/")<br>
>> +!2 = !{}<br>
>> +!3 = !{!4, !13}<br>
>> +!4 = !DISubprogram(name: "sample", scope: !5, file: !5, line: 6, type: !6, isLocal: false, isDefinition: true, scopeLine: 7, flags: DIFlagPrototyped, isOptimized: false, variables: !2)<br>
>> +!5 = !DIFile(filename: "test.i", directory: "/")<br>
>> +!6 = !DISubroutineType(types: !7)<br>
>> +!7 = !{!8, !9}<br>
>> +!8 = !DIBasicType(name: "int", size: 32, align: 32, encoding: DW_ATE_signed)<br>
>> +!9 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !10, size: 64, align: 64)<br>
>> +!10 = !DICompositeType(tag: DW_TAG_structure_type, name: "context", file: !5, line: 1, size: 32, align: 32, elements: !11)<br>
>> +!11 = !{!12}<br>
>> +!12 = !DIDerivedType(tag: DW_TAG_member, name: "cur_pid", scope: !10, file: !5, line: 2, baseType: !8, size: 32, align: 32)<br>
>> +!13 = !DISubprogram(name: "callback", scope: !5, file: !5, line: 13, type: !14, isLocal: false, isDefinition: true, scopeLine: 13, isOptimized: false, function: i32 ()* @callback, variables: !2)<br>
>> +!14 = !DISubroutineType(types: !15)<br>
>> +!15 = !{!8}<br>
>> +!16 = !{!17, !18, !19, !20, !21}<br>
>> +!17 = !DIGlobalVariable(name: "a", scope: !0, file: !5, line: 4, type: !8, isLocal: false, isDefinition: true, variable: i32* @a)<br>
>> +!18 = !DIGlobalVariable(name: "b", scope: !0, file: !5, line: 4, type: !8, isLocal: false, isDefinition: true, variable: i32* @b)<br>
>> +!19 = !DIGlobalVariable(name: "c", scope: !0, file: !5, line: 4, type: !8, isLocal: false, isDefinition: true, variable: i32* @c)<br>
>> +!20 = !DIGlobalVariable(name: "f", scope: !0, file: !5, line: 4, type: !8, isLocal: false, isDefinition: true, variable: i32* @f)<br>
>> +!21 = !DIGlobalVariable(name: "d", scope: !0, file: !5, line: 4, type: !8, isLocal: false, isDefinition: true, variable: i32* @d)<br>
>> +!22 = !{i32 2, !"Dwarf Version", i32 2}<br>
>> +!23 = !{i32 2, !"Debug Info Version", i32 3}<br>
>> +!24 = !{!"clang version 3.8.0 (trunk 244473) (llvm/trunk 244644)"}<br>
>> +!25 = !DILocalVariable(name: "p1", arg: 1, scope: !4, file: !5, line: 6, type: !9)<br>
>> +!26 = !DIExpression()<br>
>> +!27 = !DILocation(line: 6, scope: !4)<br>
>> +!28 = !DILocation(line: 8, scope: !29)<br>
>> +!29 = distinct !DILexicalBlock(scope: !4, file: !5, line: 8)<br>
>> +!30 = !DILocation(line: 10, scope: !31)<br>
>> +!31 = distinct !DILexicalBlock(scope: !4, file: !5, line: 10)<br>
>> +!32 = !DILocation(line: 8, scope: !4)<br>
>> +!33 = !DILocation(line: 9, scope: !29)<br>
>> +!34 = !DILocation(line: 10, scope: !4)<br>
>> +!35 = !DILocation(line: 11, scope: !31)<br>
>> +!36 = !DILocation(line: 12, scope: !4)<br>
>> +!37 = !DILocation(line: 14, scope: !13)<br>
>> +!38 = !DILocation(line: 6, scope: !4, inlinedAt: !39)<br>
>> +!39 = distinct !DILocation(line: 15, scope: !13)<br>
>> +!40 = !DILocation(line: 8, scope: !29, inlinedAt: !39)<br>
>> +!41 = !DILocation(line: 10, scope: !31, inlinedAt: !39)<br>
>> +!42 = !DILocation(line: 8, scope: !4, inlinedAt: !39)<br>
>> +!43 = !DILocation(line: 9, scope: !29, inlinedAt: !39)<br>
>> +!44 = !DILocation(line: 11, scope: !31, inlinedAt: !39)<br>
>> +!45 = !DILocation(line: 16, scope: !13)<br>
>><br>
>><br>
>> _______________________________________________<br>
>> llvm-commits mailing list<br>
>> <a href="mailto:llvm-commits@lists.llvm.org">llvm-commits@lists.llvm.org</a><br>
>> <a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits</a><br>
<br>
</div></div></blockquote></div><br></div></div>