[llvm-bugs] [Bug 38762] New: [DebugInfo][Dexter] Unreachable line stepped onto after speculating 2 insns

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Aug 29 08:14:43 PDT 2018 

https://bugs.llvm.org/show_bug.cgi?id=38762

            Bug ID: 38762
           Summary: [DebugInfo][Dexter] Unreachable line stepped onto
                    after speculating 2 insns
           Product: new-bugs
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: jeremy.morse.llvm at gmail.com
                CC: chackz0x12 at gmail.com, greg.bedwell at sony.com,
                    international.phantom at gmail.com,
                    llvm-bugs at lists.llvm.org,
                    paul_robinson at playstation.sony.com

If SimplifyCFGs speculates more than one insn when flattening phi's to selects,
unreached lines and illegal values can be seen. Giving a non-broken case for
context, if you take this test:

-------->8--------
int
main()
{
  volatile int foo = 0;
  int read1 = foo;
  int brains = foo;

  if (read1 > 3) {
    //brains *= 2;
    brains += 1;
  }

  return brains;
}
--------8<--------

When compiled -O2 -g on trunk, the increment of brains is speculated into a
"select" IR insn, and becomes a conditional mov (on x86_64). If one steps
through under gdb/lldb then the DebugInfo carefully ensures the speculated
increment isn't visible to the user: we step from the if-condition straight to
the return.

However, if you uncomment the multiplication line, the if-block is still
speculated by SimplifyCFG to a select (probably because
constant-mul-and-addition can be done in one lea insn on x86), and we start
observing unreached lines in the debugger. Specifically, we step from the 'if'
condition, onto the addition, then back to the 'if' again, which is misleading
because that addition doesn't really "happen" because it's speculated.
Additionally, the result of the speculation is visible in the "brains" variable
when we step onto the "if" a second time, when it's technically never
calculated by the program.

Found using DExTer ( https://github.com/SNSystems/dexter ).

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180829/feebcc23/attachment-0001.html>

More information about the llvm-bugs mailing list