[llvm-bugs] [Bug 39545] New: Hot/cold splitting in ./SingleSource/Regression/C++/EH/Regression-C++-class_hierarchy changes program output
via llvm-bugs
llvm-bugs at lists.llvm.org
Fri Nov 2 16:32:53 PDT 2018
https://bugs.llvm.org/show_bug.cgi?id=39545
Bug ID: 39545
Summary: Hot/cold splitting in
./SingleSource/Regression/C++/EH/Regression-C++-class_
hierarchy changes program output
Product: libraries
Version: trunk
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P
Component: Interprocedural Optimizations
Assignee: unassignedbugs at nondot.org
Reporter: vsk at apple.com
CC: llvm-bugs at lists.llvm.org
Created attachment 21077
--> https://bugs.llvm.org/attachment.cgi?id=21077&action=edit
IR with hot/cold splitting
When running this test program with -hot-cold-split=true (with
https://reviews.llvm.org/D53887 applied), we’re supposed to see this output:
```
Caught exception: 0: base class
Caught exception: 1: base class
Caught exception: 2: base class
Caught exception: 3: base class
Caught exception: 4: base class
Caught exception: 5: base class
Caught exception: 6: base class
Caught exception: 7: base class
Caught exception: 8: base class
Caught exception: 9: base class
Caught exception: 0: derived class
Caught exception: 1: derived class
Caught exception: 2: derived class
Caught exception: 3: derived class
Caught exception: 4: derived class
Caught exception: 5: derived class
Caught exception: 6: derived class
Caught exception: 7: derived class
Caught exception: 8: derived class
Caught exception: 9: derived class
Caught exception: 0: base class
Caught exception: std::exception
Caught exception: std::exception
Caught unknown exception
Caught unknown exception
```
Instead, we see this:
```
Caught unknown exception
Caught unknown exception
Caught unknown exception
Caught unknown exception
Caught unknown exception
Caught unknown exception
Caught unknown exception
Caught unknown exception
Caught unknown exception
Caught unknown exception
Caught exception: 0: derived class
Caught exception: 1: derived class
Caught exception: 2: derived class
Caught exception: 3: derived class
Caught exception: 4: derived class
Caught exception: 5: derived class
Caught exception: 6: derived class
Caught exception: 7: derived class
Caught exception: 8: derived class
Caught exception: 9: derived class
Caught unknown exception
Caught exception: std::exception
Caught exception: std::exception
<segfault>
```
Here’s where we crash:
Regression-C++-class_hierarchy`main.cold.2:
0x100001d47 <+0>: pushq %rbp
0x100001d48 <+1>: movq %rsp, %rbp
0x100001d4b <+4>: pushq %rbx
0x100001d4c <+5>: pushq %rax
0x100001d4d <+6>: cmpl $0x1, %edi
0x100001d50 <+9>: jne 0x100001d6c ; <+37>
0x100001d52 <+11>: movq %rsi, %rdi
0x100001d55 <+14>: callq 0x100001dcc ; symbol stub for:
__cxa_begin_catch
0x100001d5a <+19>: movb 0x8(%rax), %cl
0x100001d5d <+22>: addb $0x30, %cl
0x100001d60 <+25>: movq 0x10(%rax), %rdx
-> 0x100001d64 <+29>: movb %cl, (%rdx)
In the outlined catch path, we pass 0x101 (why?) to __cxa_begin_catch:
(lldb) reg read $rdi
rdi = 0x0000000000000101
__cxa_begin_catch then returns a pointer to:
(lldb) x/8 $rax
0x100202e60: 0x00001f04 0x00000001 0x00000000 0x00000000
0x100202e70: 0x00000000 0x00000000 0x00000000 0x00000000
Clearly [$rax+16] is null, and we crash when we attempt to dereference that.
But something looks like it's gone wrong by the point __cxa_begin_catch is
called.
Looking at the IR before and after outlining, the issue isn't immediately
jumping out at me. I've filed this because I'm worried this isn't just an issue
with D53887, i.e. that there might be a more general problem with how
CodeExtractor handles landingpads. I've attached the IR here.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20181102/fb343ecb/attachment-0001.html>
More information about the llvm-bugs
mailing list