[llvm-dev] Potential infinite loop in MemorySSAUpdater

Daniel Berlin via llvm-dev llvm-dev at lists.llvm.org
Sat Sep 23 10:12:07 PDT 2017 

On Sat, Sep 23, 2017 at 9:55 AM, Godala, Bhargav-reddy <
Bhargav-reddy.Godala at amd.com> wrote:

>
> With regards
> Bhargav Reddy Godala
> Software Engineer 2
> Bangalore, India
> E-mail: Bhargav-reddy.Godala at amd.com Ext 30678
>
>
>
> On 23-Sep-2017, at 9:27 PM, Daniel Berlin <dberlin at dberlin.org> wrote:
>
>
>
> On Sat, Sep 23, 2017 at 8:38 AM, Godala, Bhargav-reddy via llvm-dev <
> llvm-dev at lists.llvm.org> wrote:
>
>> Hi,
>>
>> Can some one explain the intended behaviour of following loop in void
>> MemorySSAUpdater::insertDef(MemoryDef *MD, bool RenameUses) function.
>>
>>   while (!FixupList.empty()) {
>>     unsigned StartingPHISize = InsertedPHIs.size();
>>     fixupDefs(FixupList);
>>     FixupList.clear();
>>     // Put any new phis on the fixup list, and process them
>>     FixupList.append(InsertedPHIs.end() - StartingPHISize,
>> InsertedPHIs.end());
>>   }
>>
>> With the latest code on trunk compilation of perlbench SPEC CPU 2017 INT
>> benchmark with “-O3 -inline-threshold=1000 and -enable-gvn-hoist” options
>> is looping infinitely on the above loop.
>>
>
>
>
>>
>> Above loop never terminates unless elements from InsertedPHIs are removed
>> as and when they are processed.
>>
>
> Yes, the loop is slightly off.
>
>
> The intention is to process any new phis added by fixupdefs.
> However, it really should be InsertedPHIs.start() + StartingPHISize.
>
>
> Even in that case it still is infinite, as there is no call to clear
> already processed elements(MemoryPhi) in InsertedPHIs. fixupDefs function
> only inserts new elements but not remove any that are processed.
>

It is not iterating over inserted phis, it is iterating over the phis added
by fixupdefs.

Thus, it does not matter whether things are removed from insertedphis, and
it definitely is not infinite in that case.
1. insertedphis represents the set of  phis inserted during updating for a
given def/use. It should never be cleared until a new insertuse/insertdef
call happens.
You can see it is cleared at the beginning of each insertuse/insertdef.

2. Prior to this loop, insertedphis will contain the initial set of phis
required by a  new def insertion.  This in turn may require new phis.  That
is what this loop does. It fixes up the defs that inserting a new phi
requires, and iteratively processes any new phis that process  creates.

The number of phis you must have to inserted is bounded by the number of
basic blocks.  At worst, you will insert a single phi at every merge
point.  This is a finite number.  So the number of phis the loop must go
through is finite.

So let's go through the loop itself.

At the beginning, the fixup list will contain a single def.
Let's look at a fixed version of the loop:

  while (!FixupList.empty()) {
    unsigned StartingPHISize = InsertedPHIs.size();
    fixupDefs(FixupList);
    FixupList.clear();
    // Put any new phis on the fixup list, and process them
    FixupList.append(InsertedPHIs.begin() + StartingPHISize,
InsertedPHIs.end());
  }


Fixup list contains 1 def.
Let's say Insertedphis looks like this { A, B }
StartingPHISize = 2
we fix up the def, which may create new phis
Let's say insertedphis now looks like this {A, B, C, D}
We clear the fixuplist
We now append only the new phis to the fixup list.  That is, those that
come *after* StartingPHISize in the list.
Fixuplist will now contain {C, D}
Iteration 1 ends

Iteration 2:
Fixup list is {C, D}
Insertedphis looks like {A, B, C, D }
StartingPHISize = 4
we fixup these defs.  Assume it creates a new phi
Insertedphis looks like {A, B, C, D, E }
We clear the fixup list.
We now append only the new phis to the fixup list.
FIxuplist will now contain {E}
Iteration 2 ends

Fixup list is {E}
Insertedphis looks like {A, B, C, D, E }
StartingPHISize = 5
we fixup these defs. Assume it creates no new phis
Insertedphis looks like {A, B, C, D, E }
We clear the fixup list.
InsertedPHIs.begin() + StartingPHISize == InsertedPHIs.end(), so we add
nothing
The fixuplist is empty, so the loop ends.

We are guaranteed insertedphis can only grow to the number of basic blocks.
Once it contains a phi for every basic block, the loop must terminate,
because no new phis can be added.

The only way the loop can be finite is if we add phis where phis already
exist, as MemorySSA is a single phi per block form,.
That would be a bug if that occurs.

Otherwise, the loop must terminate when a phi is in every block other than
start.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20170923/fd45407f/attachment.html>

More information about the llvm-dev mailing list