[llvm-bugs] [Bug 26742] New: llvm.eh.sjlj.setjmp builtin lowering may result in a compiler crash in pic mode

via llvm-bugs llvm-bugs at lists.llvm.org
Thu Feb 25 12:52:08 PST 2016 

https://llvm.org/bugs/show_bug.cgi?id=26742

            Bug ID: 26742
           Summary: llvm.eh.sjlj.setjmp builtin lowering may result in a
                    compiler crash in pic mode
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: Backend: X86
          Assignee: unassignedbugs at nondot.org
          Reporter: qcolombet at apple.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

Created attachment 15947
  --> https://llvm.org/bugs/attachment.cgi?id=15947&action=edit
Reproducer

Lowering of the llvm.eh.sjlj.setjmp builtin on i386 may result in a compiler
crash in pic mode.
The problem is that in this particular mode, the builtin needs to access the
global base reg which is never set. We thus ended up with a use of a virtual
register without any definition.

The definition of the global base reg is supposed to be interested by the CGBR
pass. However, by the time we run this pass (right after ISel), we do not know
we needed it and the pass does nothing.
We actually discover that we need the global base reg when we do the expansion
of the pseudo instruction a little bit after isel, which is too late.

To reproduce:
llc test.ll -relocation-model=pic -verify-machineinstrs

Result:
# After Expand ISel Pseudo-instructions
# Machine code for function test: SSA
Frame Objects:
  fi#-1: size=4, align=16, fixed, at location [SP+4]

BB#0: derived from LLVM BB %entry
    %vreg0<def> = MOV32rm <fi#-1>, 1, %noreg, 0, %noreg;
mem:LD4[FixedStack-1](align=16) GR32:%vreg0
    %vreg4<def> = LEA32r %vreg5, 0, %noreg, <BB#3>[TF=2], %noreg; GR32:%vreg4
GR32_NOSP:%vreg5
    MOV32mr %vreg0<kill>, 1, %noreg, 4, %noreg, %vreg4; GR32:%vreg0,%vreg4
    EH_SjLj_Setup <BB#3>, <regmask>
    Successors according to CFG: BB#1(?%) BB#3(?%)

BB#1: derived from LLVM BB %entry
    Predecessors according to CFG: BB#0
    %vreg2<def> = MOV32r0 %EFLAGS<imp-def>; GR32:%vreg2
    Successors according to CFG: BB#2(?%)

BB#2: derived from LLVM BB %entry
    Predecessors according to CFG: BB#1 BB#3
    %vreg1<def> = PHI %vreg2, <BB#1>, %vreg3, <BB#3>; GR32:%vreg1,%vreg2,%vreg3
    %EAX<def> = COPY %vreg1; GR32:%vreg1
    RETL %EAX

BB#3: derived from LLVM BB %entry, ADDRESS TAKEN
    Predecessors according to CFG: BB#0
    %vreg3<def> = MOV32ri 1; GR32:%vreg3
    JMP_1 <BB#2>
    Successors according to CFG: BB#2(?%)

# End machine code for function test.

*** Bad machine code: Reading virtual register without a def ***
- function:    test
- basic block: BB#0 entry (0x7fb8c184b5d8)
- instruction: %vreg4<def> = LEA32r
- operand 1:   %vreg5
LLVM ERROR: Found 1 machine code errors.

Note:
Without the verifier report, you get random crashes in passes that try to
access the definition of vreg5.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160225/952c7df7/attachment.html>

More information about the llvm-bugs mailing list