<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">I decided to start over with a different failing target, and managed to get a pretty small test case through a combination of iterative manual reduction and creduce (I un-shortened a few names while I was trimming out the last bits I could by hand):<div><br></div><div><br></div><div><div>$ ./clang -x c++ -c -o /dev/null -O3 - <<EOF</div><div>struct ReallyBadIterator {</div><div> int b;</div><div> ReallyBadIterator(int c) : b(c) {}</div><div> void operator+(long);</div><div>};</div><div>struct {</div><div> int size_;</div><div> unsigned size() { return size_; }</div><div>} really_bad_vector;</div><div><br></div><div>char *scribble(char *x);</div><div><br></div><div>int mystery_value;</div><div><br></div><div>void h() {</div><div> char *buf;</div><div> int as = (unsigned)really_bad_vector.size_ / mystery_value, at;</div><div> for (; mystery_value;) {</div><div> int au = at + as;</div><div> ReallyBadIterator i = really_bad_vector.size();</div><div> i + au;</div><div> buf = scribble(buf);</div><div> at = au;</div><div> }</div><div>}</div><div>EOF</div><div><br></div><div>Stack dump:</div><div>0.<span style="white-space:pre"> </span>Program arguments: /usr/local/google/home/dlj/tmp/bug-r347934.5/clang -cc1 -triple x86_64-grtev4-linux-gnu -emit-obj -disable-free -disable-llvm-verifier -discard-value-names -main-file-name - -mrelocation-model static -mthread-model posix -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb -momit-leaf-frame-pointer -coverage-notes-file /dev/null.gcno -resource-dir /usr/local/google/home/dlj/tmp/lib/clang/google3-trunk -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/7.3.0/../../../../include/c++/7.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/7.3.0/../../../../include/x86_64-linux-gnu/c++/7.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/7.3.0/../../../../include/x86_64-linux-gnu/c++/7.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/7.3.0/../../../../include/c++/7.3.0/backward -internal-isystem /usr/local/include -internal-isystem /usr/local/google/home/dlj/tmp/lib/clang/google3-trunk/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -fdeprecated-macro -fdebug-compilation-dir /usr/local/google/home/dlj/tmp/bug-r347934.5 -ferror-limit 19 -fmessage-length 211 -fobjc-runtime=gcc -fcxx-exceptions -fexceptions -fdiagnostics-show-option -fcolor-diagnostics -vectorize-loops -vectorize-slp -o /dev/null -x c++ - -faddrsig </div><div>1.<span style="white-space:pre"> </span><eof> parser at end of file</div><div>2.<span style="white-space:pre"> </span>Per-module optimization passes</div><div>3.<span style="white-space:pre"> </span>Running pass 'CallGraph Pass Manager' on module '-'.</div><div>4.<span style="white-space:pre"> </span>Running pass 'Combine redundant instructions' on function '@_Z1hv'</div><div>#0 0x0000560bad809b58 llvm::sys::RunSignalHandlers() /proc/self/cwd/third_party/llvm/llvm/lib/Support/Signals.cpp:68:18</div><div>#1 0x0000560bad80bc56 SignalHandler(int) /proc/self/cwd/third_party/llvm/llvm/lib/Support/Unix/Signals.inc:358:1</div><div>#2 0x00007ff8455269a0 __restore_rt (/usr/grte/v4/lib64/libpthread.so.0+0xf9a0)</div><div>#3 0x0000560bad20b5ff llvm::Use::get() const /proc/self/cwd/third_party/llvm/llvm/include/llvm/IR/Use.h:108:31</div><div>#4 0x0000560bad20b5ff llvm::PHINode::getOperand(unsigned int) const /proc/self/cwd/third_party/llvm/llvm/include/llvm/IR/Instructions.h:2714:0</div><div>#5 0x0000560bad20b5ff llvm::PHINode::getIncomingValue(unsigned int) const /proc/self/cwd/third_party/llvm/llvm/include/llvm/IR/Instructions.h:2603:0</div><div>#6 0x0000560bad20b5ff llvm::InstCombiner::visitPHINode(llvm::PHINode&) /proc/self/cwd/third_party/llvm/llvm/lib/Transforms/InstCombine/InstCombinePHI.cpp:1238:0</div><div>#7 0x0000560bad1da7f4 llvm::InstCombiner::run() /proc/self/cwd/third_party/llvm/llvm/lib/Transforms/InstCombine/InstructionCombining.cpp:3192:22</div><div>#8 0x0000560bad1dc1c4 combineInstructionsOverFunction(llvm::Function&, llvm::InstCombineWorklist&, llvm::AAResults*, llvm::AssumptionCache&, llvm::TargetLibraryInfo&, llvm::DominatorTree&, llvm::OptimizationRemarkEmitter&, bool, llvm::LoopInfo*) /proc/self/cwd/third_party/llvm/llvm/lib/Transforms/InstCombine/InstructionCombining.cpp:3424:13</div><div>#9 0x0000560bad1dc56f llvm::InstructionCombiningPass::runOnFunction(llvm::Function&) /proc/self/cwd/third_party/llvm/llvm/lib/Transforms/InstCombine/InstructionCombining.cpp:3485:1</div><div>#10 0x0000560bad72b78c llvm::FPPassManager::runOnFunction(llvm::Function&) /proc/self/cwd/third_party/llvm/llvm/lib/IR/LegacyPassManager.cpp:1645:11</div><div>#11 0x0000560bad542bc0 (anonymous namespace)::CGPassManager::RunPassOnSCC(llvm::Pass*, llvm::CallGraphSCC&, llvm::CallGraph&, bool&, bool&) /proc/self/cwd/third_party/llvm/llvm/lib/Analysis/CallGraphSCCPass.cpp:178:25</div><div>#12 0x0000560bad542bc0 (anonymous namespace)::CGPassManager::RunAllPassesOnSCC(llvm::CallGraphSCC&, llvm::CallGraph&, bool&) /proc/self/cwd/third_party/llvm/llvm/lib/Analysis/CallGraphSCCPass.cpp:442:0</div><div>#13 0x0000560bad542bc0 (anonymous namespace)::CGPassManager::runOnModule(llvm::Module&) /proc/self/cwd/third_party/llvm/llvm/lib/Analysis/CallGraphSCCPass.cpp:498:0</div><div>#14 0x0000560bad72bf15 (anonymous namespace)::MPPassManager::runOnModule(llvm::Module&) /proc/self/cwd/third_party/llvm/llvm/lib/IR/LegacyPassManager.cpp:1744:27</div><div>#15 0x0000560bad72bf15 llvm::legacy::PassManagerImpl::run(llvm::Module&) /proc/self/cwd/third_party/llvm/llvm/lib/IR/LegacyPassManager.cpp:1857:0</div><div>#16 0x0000560baad3e598 (anonymous namespace)::EmitAssemblyHelper::EmitAssembly(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) /proc/self/cwd/third_party/llvm/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:868:3</div><div>#17 0x0000560baad3e598 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) /proc/self/cwd/third_party/llvm/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:1299:0</div><div>#18 0x0000560baad152d2 std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >::~unique_ptr() /proc/self/cwd/third_party/crosstool/v18/stable/toolchain/bin/../lib/gcc/x86_64-grtev4-linux-gnu/4.9.x-google/../../../../x86_64-grtev4-linux-gnu/include/c++/4.9.x-google/bits/unique_ptr.h:235:6</div><div>#19 0x0000560baad152d2 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) /proc/self/cwd/third_party/llvm/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:293:0</div><div>#20 0x0000560bab73a853 __gnu_cxx::__normal_iterator<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >*, std::vector<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >, std::allocator<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> > > > >::__normal_iterator(std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >* const&) /proc/self/cwd/third_party/crosstool/v18/stable/toolchain/bin/../lib/gcc/x86_64-grtev4-linux-gnu/4.9.x-google/../../../../x86_64-grtev4-linux-gnu/include/c++/4.9.x-google/bits/stl_iterator.h:729:20</div><div>#21 0x0000560bab73a853 std::vector<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >, std::allocator<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> > > >::begin() /proc/self/cwd/third_party/crosstool/v18/stable/toolchain/bin/../lib/gcc/x86_64-grtev4-linux-gnu/4.9.x-google/../../../../x86_64-grtev4-linux-gnu/include/c++/4.9.x-google/bits/stl_vector.h:597:0</div><div>#22 0x0000560bab73a853 void clang::finalize<std::vector<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >, std::allocator<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> > > > >(std::vector<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >, std::allocator<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> > > >&, clang::Sema const&) /proc/self/cwd/third_party/llvm/llvm/tools/clang/include/clang/Sema/TemplateInstCallback.h:55:0</div><div>#23 0x0000560bab73a853 clang::ParseAST(clang::Sema&, bool, bool) /proc/self/cwd/third_party/llvm/llvm/tools/clang/lib/Parse/ParseAST.cpp:177:0</div><div>#24 0x0000560bab583b6a clang::FrontendAction::Execute() /proc/self/cwd/third_party/llvm/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:921:10</div><div>#25 0x0000560bab40d848 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /proc/self/cwd/third_party/llvm/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:969:11</div><div>#26 0x0000560baaadccf2 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /proc/self/cwd/third_party/llvm/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:267:25</div><div>#27 0x0000560baaacc205 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /proc/self/cwd/third_party/llvm/llvm/tools/clang/tools/driver/cc1_main.cpp:219:13</div><div>#28 0x0000560baaada07a ExecuteCC1Tool(llvm::ArrayRef<char const*>, llvm::StringRef) /proc/self/cwd/third_party/llvm/llvm/tools/clang/tools/driver/driver.cpp:310:12</div><div>#29 0x0000560baaada07a main /proc/self/cwd/third_party/llvm/llvm/tools/clang/tools/driver/driver.cpp:382:0</div><div>#30 0x00007ff845294bbd __libc_start_main (/usr/grte/v4/lib64/libc.so.6+0x38bbd)</div><div>#31 0x0000560baaacbb69 _start /usr/grte/v4/debug-src/src/csu/../sysdeps/x86_64/start.S:121:0</div><div>clang: error: unable to execute command: Segmentation fault</div><div>clang: error: clang frontend command failed due to signal (use -v to see invocation)</div><div>clang version google3-trunk (trunk r347980)</div><div>Target: x86_64-grtev4-linux-gnu</div><div>Thread model: posix</div><div>InstalledDir: /usr/local/google/home/dlj/tmp/bug-r347934.5/.</div><div><br></div></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Dec 5, 2018 at 3:59 PM <<a href="mailto:warren.ristow@sony.com">warren.ristow@sony.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div class="gmail-m_-5240285387256014966WordSection1">
<p class="MsoNormal">> OK, in that case I will keep working on a reduced test case. Once I have something I can share, I will forward to you.<u></u><u></u></p>
<p class="MsoNormal">><u></u> <u></u></p>
<p class="MsoNormal">> Sorry about the revert, and thanks for your help.<u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Sorry for the trouble in the first place. Thanks for looking further! It’s very much appreciated.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">-Warren</span><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:11pt;font-family:Calibri,sans-serif">From:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif"> David Jones <<a href="mailto:dlj@google.com" target="_blank">dlj@google.com</a>>
<br>
<b>Sent:</b> Wednesday, December 5, 2018 3:17 PM<br>
<b>To:</b> Ristow, Warren <<a href="mailto:warren.ristow@sony.com" target="_blank">warren.ristow@sony.com</a>><br>
<b>Cc:</b> <a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a>; Reid Kleckner <<a href="mailto:rnk@google.com" target="_blank">rnk@google.com</a>><br>
<b>Subject:</b> Re: [llvm] r347934 - [SCEV] Guard movement of insertion point for loop-invariants<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal">On Wed, Dec 5, 2018 at 2:56 PM <<a href="mailto:warren.ristow@sony.com" target="_blank">warren.ristow@sony.com</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Hi David,</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">[+ Reid]</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">> ...</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">> I suspect your change is exposing a pre-existing bug; but unfortunately, it does very</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">> cleanly resolve to exactly r347934, and it occurs with multiple targets.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">> Could you advise on a fix? Unfortunately, I'm not familiar with this code, so the best</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">> option I can offer is a revert. (If you won't able to author a timely fix, please let</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">> me know so I can submit the revert for you.)</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Sorry to hear about that. I definitely won't be able to author a timely fix, so please do go ahead
and revert it.</span><u></u><u></u></p>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">OK... sorry for bringing out the big hammer. :-/<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<div>
<p class="MsoNormal">FYI: Committed revision 348426.<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">As it happens, while looking at the history of this SCEV div-by-0 area, in prep for a follow-up patch:</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><a href="https://reviews.llvm.org/D55232" target="_blank">https://reviews.llvm.org/D55232</a></span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">I noticed that an equivalent change was made about a year ago (r289412). Reid found it caused a problem
in instcombine when ASan was enabled. This issue you reported sounds very similar. Reid reverted that year-old commit at r289453:</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> ‘’’</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> Reverts r289412. It caused an OOB PHI operand access in instcombine when</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> ASan is enabled. Reduction in progress.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> ‘’’</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">> I don't feel I have a useful reproducer to share... between creduce and bugpoint, I've</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">> gotten one target down to 68k of .bc (which disassembles to about 180k of .ll). (And it</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">> would take a lot of effort to redact before I can share it.)</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Possibly Reid has access to a reduced test-case from back then (or can create one now)?</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">I'm not familiar with the code where the instcombine failure is happening. Without a test-case, I
feel my hands are tied. So a reduced test-case from either you or Reid would be greatly appreciated!</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">OK, in that case I will keep working on a reduced test case. Once I have something I can share, I will forward to you.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Sorry about the revert, and thanks for your help.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">--dlj<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Thanks,</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">-Warren</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="MsoNormal"><b><span style="font-size:11pt;font-family:Calibri,sans-serif">From:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif"> David Jones <<a href="mailto:dlj@google.com" target="_blank">dlj@google.com</a>>
<br>
<b>Sent:</b> Wednesday, December 5, 2018 2:25 PM<br>
<b>To:</b> Ristow, Warren <<a href="mailto:warren.ristow@sony.com" target="_blank">warren.ristow@sony.com</a>><br>
<b>Cc:</b> <a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a><br>
<b>Subject:</b> Re: [llvm] r347934 - [SCEV] Guard movement of insertion point for loop-invariants</span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal">Hi Warren --<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I've observed several Clang crashes on SEGV, which bisect to this change.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">The crashes generally look something like this:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal">$ opt -O2 -o /dev/null bugpoint-reduced-simplified.ll<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Stack dump:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">0. Program arguments: opt -O2 -o /dev/null bugpoint-reduced-simplified.ll <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">1. Running pass 'CallGraph Pass Manager' on module 'bugpoint-reduced-simplified.ll'.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">2. Running pass 'Combine redundant instructions' on function '@_Z[redacted]'<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#0 0x0000558aa2221628 llvm::sys::RunSignalHandlers() (opt+0x1f3b628)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#1 0x0000558aa2223746 SignalHandler(int) (opt+0x1f3d746)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#2 0x00007f5def60a9a0 __restore_rt (/usr/grte/v4/lib64/libpthread.so.0+0xf9a0)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#3 0x0000558aa1bbec7f llvm::InstCombiner::visitPHINode(llvm::PHINode&) (opt+0x18d8c7f)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#4 0x0000558aa1b8db24 llvm::InstCombiner::run() (opt+0x18a7b24)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#5 0x0000558aa1b8f504 combineInstructionsOverFunction(llvm::Function&, llvm::InstCombineWorklist&, llvm::AAResults*, llvm::AssumptionCache&, llvm::TargetLibraryInfo&, llvm::DominatorTree&,
llvm::OptimizationRemarkEmitter&, bool, llvm::LoopInfo*) (opt+0x18a9504)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#6 0x0000558aa1b8f8af llvm::InstructionCombiningPass::runOnFunction(llvm::Function&) (opt+0x18a98af)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#7 0x0000558aa207d2fc llvm::FPPassManager::runOnFunction(llvm::Function&) (opt+0x1d972fc)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#8 0x0000558aa1f062e0 (anonymous namespace)::CGPassManager::runOnModule(llvm::Module&) (opt+0x1c202e0)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#9 0x0000558aa207da85 llvm::legacy::PassManagerImpl::run(llvm::Module&) (opt+0x1d97a85)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#10 0x0000558aa0a8900b main (opt+0x7a300b)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#11 0x00007f5def378bbd __libc_start_main (/usr/grte/v4/lib64/libc.so.6+0x38bbd)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#12 0x0000558aa0a740e9 _start /usr/grte/v4/debug-src/src/csu/../sysdeps/x86_64/start.S:121:0<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">[1] 17713 segmentation fault opt -O2 -o /dev/null bugpoint-reduced-simplified.ll<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">gdb's backtrace is a bit more useful:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal">#0 0x000055555958b1d4 in llvm::Use::get (this=<optimized out>) at third_party/llvm/llvm/include/llvm/IR/Use.h:108<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#1 llvm::PHINode::getOperand (this=<optimized out>, i_nocapture=4294967295) at third_party/llvm/llvm/include/llvm/IR/Instructions.h:2714<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#2 llvm::PHINode::getIncomingValue (this=<optimized out>, i=4294967295) at third_party/llvm/llvm/include/llvm/IR/Instructions.h:2603<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#3 0x000055555c41abba in llvm::InstCombiner::visitPHINode (this=0x7ffff4e3b970, PN=...) at third_party/llvm/llvm/lib/Transforms/InstCombine/InstCombinePHI.cpp:1238<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#4 0x000055555c378489 in llvm::InstCombiner::run (this=<optimized out>) at third_party/llvm/llvm/lib/Transforms/InstCombine/InstructionCombining.cpp:3192<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#5 0x000055555c37b6d2 in combineInstructionsOverFunction (F=..., Worklist=..., AA=0x60600002b7c0, AC=..., TLI=..., DT=..., ORE=..., ExpensiveCombines=<optimized out>, LI=<optimized
out>)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> at third_party/llvm/llvm/lib/Transforms/InstCombine/InstructionCombining.cpp:3424<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#6 0x000055555c37be37 in llvm::InstructionCombiningPass::runOnFunction (this=<optimized out>, F=...) at third_party/llvm/llvm/lib/Transforms/InstCombine/InstructionCombining.cpp:3483<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#7 0x000055555d39b609 in llvm::FPPassManager::runOnFunction (this=<optimized out>, F=...) at third_party/llvm/llvm/lib/IR/LegacyPassManager.cpp:1644<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#8 0x000055555ce8f11b in (anonymous namespace)::CGPassManager::RunPassOnSCC (this=<optimized out>, P=0x614000009a40, CurSCC=..., CG=..., CallGraphUpToDate=<optimized out>, DevirtualizedCall=<optimized
out>)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> at third_party/llvm/llvm/lib/Analysis/CallGraphSCCPass.cpp:178<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#9 (anonymous namespace)::CGPassManager::RunAllPassesOnSCC (this=<optimized out>, CurSCC=..., CG=..., DevirtualizedCall=<optimized out>) at third_party/llvm/llvm/lib/Analysis/CallGraphSCCPass.cpp:442<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#10 (anonymous namespace)::CGPassManager::runOnModule (this=0x614000009840, M=...) at third_party/llvm/llvm/lib/Analysis/CallGraphSCCPass.cpp:498<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#11 0x000055555d39ca7a in (anonymous namespace)::MPPassManager::runOnModule (this=<optimized out>, M=...) at third_party/llvm/llvm/lib/IR/LegacyPassManager.cpp:1744<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#12 llvm::legacy::PassManagerImpl::run (this=0x619000020f50, M=...) at third_party/llvm/llvm/lib/IR/LegacyPassManager.cpp:1857<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">#13 0x00005555588bfb58 in main (argc=<optimized out>, argv=<optimized out>) at third_party/llvm/llvm/tools/opt/opt.cpp:828<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I've spent the last 48 hours attempting to reduce a test case (both mechanically and manually). Unfortunately, I don't feel I have a useful reproducer to share... between creduce
and bugpoint, I've gotten one target down to 68k of .bc (which disassembles to about 180k of .ll). (And it would take a lot of effort to redact before I can share it.)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">The stack trace pretty clearly points to an unchecked out-of-range return value here:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><a href="https://git.llvm.org/klaus/llvm/blob/master/lib/Transforms/InstCombine/InstCombinePHI.cpp#L-1238" target="_blank">https://git.llvm.org/klaus/llvm/blob/master/lib/Transforms/InstCombine/InstCombinePHI.cpp#L-1238</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I suspect your change is exposing a pre-existing bug; but unfortunately, it does very cleanly resolve to exactly r347934, and it occurs with multiple targets.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Could you advise on a fix? Unfortunately, I'm not familiar with this code, so the best option I can offer is a revert. (If you won't able to author a timely fix, please let me know
so I can submit the revert for you.)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">--David Jones<u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<div>
<p class="MsoNormal">On Thu, Nov 29, 2018 at 4:05 PM Warren Ristow via llvm-commits <<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt">
<p class="MsoNormal">Author: wristow<br>
Date: Thu Nov 29 16:02:54 2018<br>
New Revision: 347934<br>
<br>
URL: <a href="http://llvm.org/viewvc/llvm-project?rev=347934&view=rev" target="_blank">
http://llvm.org/viewvc/llvm-project?rev=347934&view=rev</a><br>
Log:<br>
[SCEV] Guard movement of insertion point for loop-invariants<br>
<br>
r320789 suppressed moving the insertion point of SCEV expressions with<br>
dev/rem operations to the loop header in non-loop-invariant situations.<br>
This, and similar, hoisting is also unsafe in the loop-invariant case,<br>
since there may be a guard against a zero denominator. This is an<br>
adjustment to the fix of r320789 to suppress the movement even in the<br>
loop-invariant case.<br>
<br>
This fixes PR30806.<br>
<br>
Differential Revision: <a href="https://reviews.llvm.org/D54713" target="_blank">
https://reviews.llvm.org/D54713</a><br>
<br>
Added:<br>
llvm/trunk/test/Transforms/LoopVectorize/pr30806.ll<br>
Modified:<br>
llvm/trunk/lib/Analysis/ScalarEvolutionExpander.cpp<br>
<br>
Modified: llvm/trunk/lib/Analysis/ScalarEvolutionExpander.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Analysis/ScalarEvolutionExpander.cpp?rev=347934&r1=347933&r2=347934&view=diff" target="_blank">
http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Analysis/ScalarEvolutionExpander.cpp?rev=347934&r1=347933&r2=347934&view=diff</a><br>
==============================================================================<br>
--- llvm/trunk/lib/Analysis/ScalarEvolutionExpander.cpp (original)<br>
+++ llvm/trunk/lib/Analysis/ScalarEvolutionExpander.cpp Thu Nov 29 16:02:54 2018<br>
@@ -1732,49 +1732,50 @@ Value *SCEVExpander::expand(const SCEV *<br>
// Compute an insertion point for this SCEV object. Hoist the instructions<br>
// as far out in the loop nest as possible.<br>
Instruction *InsertPt = &*Builder.GetInsertPoint();<br>
- for (Loop *L = SE.LI.getLoopFor(Builder.GetInsertBlock());;<br>
- L = L->getParentLoop())<br>
- if (SE.isLoopInvariant(S, L)) {<br>
- if (!L) break;<br>
- if (BasicBlock *Preheader = L->getLoopPreheader())<br>
- InsertPt = Preheader->getTerminator();<br>
- else {<br>
- // LSR sets the insertion point for AddRec start/step values to the<br>
- // block start to simplify value reuse, even though it's an invalid<br>
- // position. SCEVExpander must correct for this in all cases.<br>
- InsertPt = &*L->getHeader()->getFirstInsertionPt();<br>
- }<br>
- } else {<br>
- // We can move insertion point only if there is no div or rem operations<br>
- // otherwise we are risky to move it over the check for zero denominator.<br>
- auto SafeToHoist = [](const SCEV *S) {<br>
- return !SCEVExprContains(S, [](const SCEV *S) {<br>
- if (const auto *D = dyn_cast<SCEVUDivExpr>(S)) {<br>
- if (const auto *SC = dyn_cast<SCEVConstant>(D->getRHS()))<br>
- // Division by non-zero constants can be hoisted.<br>
- return SC->getValue()->isZero();<br>
- // All other divisions should not be moved as they may be<br>
- // divisions by zero and should be kept within the<br>
- // conditions of the surrounding loops that guard their<br>
- // execution (see PR35406).<br>
- return true;<br>
- }<br>
- return false;<br>
- });<br>
- };<br>
- // If the SCEV is computable at this level, insert it into the header<br>
- // after the PHIs (and after any other instructions that we've inserted<br>
- // there) so that it is guaranteed to dominate any user inside the loop.<br>
- if (L && SE.hasComputableLoopEvolution(S, L) && !PostIncLoops.count(L) &&<br>
- SafeToHoist(S))<br>
- InsertPt = &*L->getHeader()->getFirstInsertionPt();<br>
- while (InsertPt->getIterator() != Builder.GetInsertPoint() &&<br>
- (isInsertedInstruction(InsertPt) ||<br>
- isa<DbgInfoIntrinsic>(InsertPt))) {<br>
- InsertPt = &*std::next(InsertPt->getIterator());<br>
+<br>
+ // We can move insertion point only if there is no div or rem operations<br>
+ // otherwise we are risky to move it over the check for zero denominator.<br>
+ auto SafeToHoist = [](const SCEV *S) {<br>
+ return !SCEVExprContains(S, [](const SCEV *S) {<br>
+ if (const auto *D = dyn_cast<SCEVUDivExpr>(S)) {<br>
+ if (const auto *SC = dyn_cast<SCEVConstant>(D->getRHS()))<br>
+ // Division by non-zero constants can be hoisted.<br>
+ return SC->getValue()->isZero();<br>
+ // All other divisions should not be moved as they may be<br>
+ // divisions by zero and should be kept within the<br>
+ // conditions of the surrounding loops that guard their<br>
+ // execution (see PR35406).<br>
+ return true;<br>
+ }<br>
+ return false;<br>
+ });<br>
+ };<br>
+ if (SafeToHoist(S)) {<br>
+ for (Loop *L = SE.LI.getLoopFor(Builder.GetInsertBlock());;<br>
+ L = L->getParentLoop()) {<br>
+ if (SE.isLoopInvariant(S, L)) {<br>
+ if (!L) break;<br>
+ if (BasicBlock *Preheader = L->getLoopPreheader())<br>
+ InsertPt = Preheader->getTerminator();<br>
+ else<br>
+ // LSR sets the insertion point for AddRec start/step values to the<br>
+ // block start to simplify value reuse, even though it's an invalid<br>
+ // position. SCEVExpander must correct for this in all cases.<br>
+ InsertPt = &*L->getHeader()->getFirstInsertionPt();<br>
+ } else {<br>
+ // If the SCEV is computable at this level, insert it into the header<br>
+ // after the PHIs (and after any other instructions that we've inserted<br>
+ // there) so that it is guaranteed to dominate any user inside the loop.<br>
+ if (L && SE.hasComputableLoopEvolution(S, L) && !PostIncLoops.count(L))<br>
+ InsertPt = &*L->getHeader()->getFirstInsertionPt();<br>
+ while (InsertPt->getIterator() != Builder.GetInsertPoint() &&<br>
+ (isInsertedInstruction(InsertPt) ||<br>
+ isa<DbgInfoIntrinsic>(InsertPt)))<br>
+ InsertPt = &*std::next(InsertPt->getIterator());<br>
+ break;<br>
}<br>
- break;<br>
}<br>
+ }<br>
<br>
// Check to see if we already expanded this here.<br>
auto I = InsertedExpressions.find(std::make_pair(S, InsertPt));<br>
<br>
Added: llvm/trunk/test/Transforms/LoopVectorize/pr30806.ll<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Transforms/LoopVectorize/pr30806.ll?rev=347934&view=auto" target="_blank">
http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Transforms/LoopVectorize/pr30806.ll?rev=347934&view=auto</a><br>
==============================================================================<br>
--- llvm/trunk/test/Transforms/LoopVectorize/pr30806.ll (added)<br>
+++ llvm/trunk/test/Transforms/LoopVectorize/pr30806.ll Thu Nov 29 16:02:54 2018<br>
@@ -0,0 +1,65 @@<br>
+; RUN: opt -loop-vectorize -S < %s 2>&1 | FileCheck %s<br>
+<br>
+; Produced from test-case:<br>
+;<br>
+; void testGuardedInnerLoop(uint32_t *ptr, uint32_t denom, uint32_t numer, uint32_t outer_lim)<br>
+; {<br>
+; for(uint32_t outer_i = 0; outer_i < outer_lim; ++outer_i) {<br>
+; if (denom > 0) {<br>
+; const uint32_t lim = numer / denom;<br>
+;<br>
+; for (uint32_t i = 0; i < lim; ++i)<br>
+; ptr[i] = 1;<br>
+; }<br>
+; }<br>
+; }<br>
+<br>
+<br>
+target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128-ni:1"<br>
+target triple = "x86_64-unknown-linux-gnu"<br>
+<br>
+define void @testGuardedInnerLoop(i32* %ptr, i32 %denom, i32 %numer, i32 %outer_lim) {<br>
+entry:<br>
+ %cmp1 = icmp eq i32 %outer_lim, 0<br>
+ br i1 %cmp1, label %exit, label %loop1.preheader<br>
+<br>
+; Verify that a 'udiv' does not appear between the 'loop1.preheader' label, and<br>
+; whatever label comes next.<br>
+loop1.preheader:<br>
+; CHECK-LABEL: loop1.preheader:<br>
+; CHECK-NOT: udiv<br>
+; CHECK-LABEL: :<br>
+ br label %loop1<br>
+<br>
+loop1:<br>
+ %outer_i = phi i32 [ %inc1, %loop2.exit ], [ 0, %loop1.preheader ]<br>
+ %0 = add i32 %denom, -1<br>
+ %1 = icmp ult i32 %0, %numer<br>
+ br i1 %1, label %loop2.preheader, label %loop2.exit<br>
+<br>
+; Verify that a 'udiv' does appear between the 'loop2.preheader' label, and<br>
+; whatever label comes next.<br>
+loop2.preheader:<br>
+; CHECK-LABEL: loop2.preheader:<br>
+; CHECK: udiv<br>
+; CHECK-LABEL: :<br>
+ %lim = udiv i32 %numer, %denom<br>
+ %2 = zext i32 %lim to i64<br>
+ br label %loop2<br>
+<br>
+loop2:<br>
+ %indvar.loop2 = phi i64 [ 0, %loop2.preheader ], [ %indvar.loop2.next, %loop2 ]<br>
+ %arrayidx = getelementptr inbounds i32, i32* %ptr, i64 %indvar.loop2<br>
+ store i32 1, i32* %arrayidx, align 4<br>
+ %indvar.loop2.next = add nuw nsw i64 %indvar.loop2, 1<br>
+ %cmp2 = icmp ult i64 %indvar.loop2.next, %2<br>
+ br i1 %cmp2, label %loop2, label %loop2.exit<br>
+<br>
+loop2.exit:<br>
+ %inc1 = add nuw i32 %outer_i, 1<br>
+ %exitcond = icmp eq i32 %inc1, %outer_lim<br>
+ br i1 %exitcond, label %exit, label %loop1<br>
+<br>
+exit:<br>
+ ret void<br>
+}<br>
<br>
<br>
_______________________________________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits</a><u></u><u></u></p>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</blockquote></div>