[LLVMbugs] [Bug 11825] New: SimplifyCFG phi and getelementptr crash

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Sat Jan 21 17:06:41 PST 2012 

http://llvm.org/bugs/show_bug.cgi?id=11825

             Bug #: 11825
           Summary: SimplifyCFG phi and getelementptr crash
           Product: libraries
           Version: trunk
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: Transformation Utilities
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: empann at hotmail.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified


Created attachment 7922
  --> http://llvm.org/bugs/attachment.cgi?id=7922
Test case that crashes SimplifyCFG

The optimizer crashes in SimplifyCFG when it tries to optimize code not
reachable.

I am generating IR for an LTrim function (remove leading spaces in strings),
which the SimplifyCFG fails on cases when the string is empty.

If I would implement the same function in C++, it would look like this:

struct String { unsigned char* ptr; int offset, len; };
inline String trim(unsigned char* orig_ptr, int offset, int len){
    unsigned char* ptr = orig_ptr + offset;
    while(len > 0 && *ptr <= ' '){
        offset++;
        len--;
        ptr++;
    }
    String a = {ptr, offset, len};
    return a;
}
As everything is inlined, len can in some cases be 0 (or become 0 after
optimizations).

The ptr++ instruction is a GEP-instruction with a PHI-node as operand, but as
the PHI-node gets simplified to only have one incoming (because the loop is
never entered, since len=0), it gets replaced, resulting in a GEP-instruction
like this during the SimplifyCFG-pass:
%ptr = getelementptr i8* %ptr, i64 1
which is quite bad. Note that everything happens during the first pass
(SimplifyCFG).

When that intstruction gets inspected, in the end
Value::isDereferenceablePointer gets called that calls itself over and over
until stack overflow...

Running "opt -O1 infrek.ll" results in an endless recursion:
(gdb) bt
#0  llvm::Value::isDereferenceablePointer (this=0x12ae970) at Value.cpp:374
#1  0x0000000000c37034 in llvm::Value::isDereferenceablePointer
(this=0x12ae970) at Value.cpp:374
#2  0x0000000000c37034 in llvm::Value::isDereferenceablePointer
(this=0x12ae970) at Value.cpp:374
#3  0x0000000000c37034 in llvm::Value::isDereferenceablePointer
(this=0x12ae970) at Value.cpp:374
#4  0x0000000000c37034 in llvm::Value::isDereferenceablePointer
(this=0x12ae970) at Value.cpp:374
#5  0x0000000000c37034 in llvm::Value::isDereferenceablePointer
(this=0x12ae970) at Value.cpp:374
#6  0x0000000000c37034 in llvm::Value::isDereferenceablePointer
(this=0x12ae970) at Value.cpp:374
#7  0x0000000000c37034 in llvm::Value::isDereferenceablePointer
(this=0x12ae970) at Value.cpp:374
#8  0x0000000000a8b446 in llvm::isSafeToSpeculativelyExecute (V=0x12aecb8,
TD=0x0) at ValueTracking.cpp:1920
#9  0x000000000092135c in DominatesMergePoint (V=0x12aecb8, BB=0x12ae430,
AggressiveInsts=0x7fffffffce30, CostRemaining=@0x7fffffffcef0) at
SimplifyCFG.cpp:300
#10 0x00000000009213e7 in DominatesMergePoint (V=0x12aed70, BB=0x12ae430,
AggressiveInsts=0x7fffffffce30, CostRemaining=@0x7fffffffcef0) at
SimplifyCFG.cpp:313
#11 0x0000000000925660 in FoldTwoEntryPHINode (PN=0x12aee70, TD=0x12b0230) at
SimplifyCFG.cpp:1270
#12 0x000000000092c5cf in run (this=0x7fffffffd1a0, BB=0x12ae430) at
SimplifyCFG.cpp:2935
#13 0x000000000092c8e2 in llvm::SimplifyCFG (BB=0x12ae430, TD=0x12b0230) at
SimplifyCFG.cpp:2969
#14 0x00000000008286aa in IterativeSimplifyCFG (F=..., TD=0x12b0230) at
SimplifyCFGPass.cpp:295
#15 0x000000000082876c in runOnFunction (this=0x12b5090, F=...) at
SimplifyCFGPass.cpp:312
#16 0x0000000000c1c7fe in llvm::FPPassManager::runOnFunction (this=0x12b0070,
F=...) at PassManager.cpp:1518
#17 0x0000000000c1c4f0 in llvm::FunctionPassManagerImpl::run (this=0x12afd20,
F=...) at PassManager.cpp:1468
#18 0x0000000000c1c19b in llvm::FunctionPassManager::run (this=0x12ae1d0,
F=...) at PassManager.cpp:1397
#19 0x00000000006d7fcf in main (argc=3, argv=0x7fffffffd6d8) at opt.cpp:688

I attach the infrek.ll file which I have tried to reduce as much as possible.

I am using LLVM from trunk that is built today (2012-01-21).

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list