[LLVMdev] Crash on accessing deleted MBBs (new backend)
Andreas Fredriksson
deplinenoise at gmail.com
Fri Sep 28 12:17:39 PDT 2007
Hi,
I'm trying to write up my little m68k backend things have been going
smoothly. I've been working with the x86 backend as a template, fixing
things as I go.
Now I've run into branches and I have a crash I don't really
understand. Here's the sample IR I'm running llc on to generate
assembly:
define i32 @ilog2(i32 %x) {
entry:
%tmp718 = icmp eq i32 %x, 0 ; <i1> [#uses=1]
br i1 %tmp718, label %bb9, label %bb5
bb5: ; preds = %bb5, %entry
%indvar = phi i32 [ 0, %entry ], [ %indvar.next, %bb5 ]
; <i32> [#uses=2]
%x_addr.015.0 = phi i32 [ %x, %entry ], [ %tmp2, %bb5 ]
; <i32> [#uses=2]
%tmp2 = ashr i32 %x_addr.015.0, 1 ; <i32> [#uses=1]
%tmp7 = icmp ult i32 %x_addr.015.0, 2 ; <i1> [#uses=1]
%indvar.next = add i32 %indvar, 1 ; <i32> [#uses=1]
br i1 %tmp7, label %bb9, label %bb5
bb9: ; preds = %bb5, %entry
%result.013.1 = phi i32 [ -1, %entry ], [ %indvar, %bb5 ]
; <i32> [#uses=1]
ret i32 %result.013.1
llc -o=- -print-machineinstrs -march=m68k obj.o
This is the last "correct" output block:
# Machine code for ilog2():
Live Ins: D0 in VR#1030
Live Outs: D0
entry: 01917130, LLVM BB @003F93A0, ID#0:
Live Ins: %D0
%D1 = CLR_dr32
CMP_dr_dr32 %D0, %D1<kill>
%D1<dead> = SEQ
BEQ mbb<entry.bb9_crit_edge,01916610>
Successors according to CFG: 01916610 (#2) 01916530 (#1)
entry.bb5_crit_edge: 01916530, LLVM BB @019168D0, ID#1:
Live Ins: %D0
Predecessors according to CFG: 01917130 (#0)
%D1 = MOVE_imm_dr32 4294967295
BRA mbb<bb5,01916700>
Successors according to CFG: 01916700 (#3)
entry.bb9_crit_edge: 01916610, LLVM BB @003F8FA0, ID#2:
Predecessors according to CFG: 01917130 (#0)
%D1 = MOVE_imm_dr32 4294967295
BRA mbb<bb9,01915A30>
Successors according to CFG: 01915A30 (#6)
bb5: 01916700, LLVM BB @003F96D8, ID#3:
Live Ins: %D0 %D1
Predecessors according to CFG: 01916530 (#1) 01916C10 (#4)
%D2 = MOVE_imm_dr32 2
%D1 = ADDQ_dr_dr32_1 %D1<kill>
%D3 = ASR_imm_dr32 %D0, 1
CMP_dr_dr32 %D0<kill>, %D2<kill>
%D0<dead> = SLT
BLT mbb<bb5.bb9_crit_edge,01915940>
Successors according to CFG: 01915940 (#5) 01916C10 (#4)
bb5.bb5_crit_edge: 01916C10, LLVM BB @003FC060, ID#4:
Live Ins: %D1 %D3
Predecessors according to CFG: 01916700 (#3)
BRA mbb<bb5,01916700>
%D0 = MOVE_dr_dr32 %D3<kill>
Successors according to CFG: 01916700 (#3)
bb5.bb9_crit_edge: 01915940, LLVM BB @01914D50, ID#5:
Live Ins: %D1
Predecessors according to CFG: 01916700 (#3)
Successors according to CFG: 01915A30 (#6)
bb9: 01915A30, LLVM BB @003F9738, ID#6:
Live Ins: %D1
Predecessors according to CFG: 01916610 (#2) 01915940 (#5)
%D0 = MOVE_dr_dr32 %D1<kill>
RTS %D0<imp-use,kill>
# End machine code for ilog2().
Here's where things to south:
# Machine code for ilog2():
Live Ins: D0 in VR#1030
Live Outs: D0
entry: 01917130, LLVM BB @003F93A0, ID#0:
Live Ins: %D0
MOVE_dr_mem_pd32 %Da5, %Da7
%Da5 = MOVE_dr_dr32 %Da7
%Da7 = ADD_imm_dr32 4, %Da7
%D1 = CLR_dr32
CMP_dr_dr32 %D0, %D1<kill>
%D1<dead> = SEQ
BEQ mbb<entry.bb9_crit_edge,01916610>
Successors according to CFG: 01916610 (#4) 01916530 (#1)
entry.bb5_crit_edge: 01916530, LLVM BB @019168D0, ID#1:
Live Ins: %D0
Predecessors according to CFG: 01917130 (#0)
%D1 = MOVE_imm_dr32 4294967295
BRA mbb<bb5,01916700>
Successors according to CFG: 01916700 (#2)
bb5: 01916700, LLVM BB @003F96D8, ID#2:
Live Ins: %D0 %D1
Predecessors according to CFG: 01916530 (#1) 01916C10 (#3)
%D2 = MOVE_imm_dr32 2
%D1 = ADDQ_dr_dr32_1 %D1<kill>
%D3 = ASR_imm_dr32 %D0, 1
CMP_dr_dr32 %D0<kill>, %D2<kill>
%D0<dead> = SLT
BLT
llc crashes at this point because the target branch of the BLT (branch
if lower than) has gone away. On my win32 box it's filled with
0xfeeefeee (deleted data).
I've verified that the block is actually removed by the branch
folding, but for some reason this poor BLT instruction never hears
about that. What can I do to fix this?
Thanks,
Andreas
More information about the llvm-dev
mailing list