[llvm-bugs] [Bug 40628] New: [DebugInfo at O2] Salvaged memory loads can observe subsequent memory writes
via llvm-bugs
llvm-bugs at lists.llvm.org
Wed Feb 6 07:26:43 PST 2019
https://bugs.llvm.org/show_bug.cgi?id=40628
Bug ID: 40628
Summary: [DebugInfo at O2] Salvaged memory loads can observe
subsequent memory writes
Product: libraries
Version: trunk
Hardware: PC
OS: Linux
Status: CONFIRMED
Keywords: wrong-debug
Severity: normal
Priority: P
Component: Scalar Optimizations
Assignee: unassignedbugs at nondot.org
Reporter: jeremy.morse.llvm at gmail.com
CC: aprantl at apple.com, bjorn.a.pettersson at ericsson.com,
chackz0x12 at gmail.com, dblaikie at gmail.com,
greg.bedwell at sony.com,
international.phantom at gmail.com,
llvm-bugs at lists.llvm.org, paul.robinson at am.sony.com
Blocks: 38768
In this [0] review Bjorn suggested that introducing new dbg.value records that
use DW_OP_deref might be sketchy (see inline comments). It turns out that
adding DW_OP_deref is indeed unsafe, and already leads to poor debug experience
on trunk (I'm using r352480). Compile the following with -O2 -g -fno-linine:
--------8<--------
int
foo(int *bar, int arg, int more)
{
int redundant = *bar;
int loaded = *bar;
arg &= more + loaded;
*bar = 0;
return more + *bar;
}
int
main() {
int lala = 987654;
return foo(&lala, 1, 2);
}
-------->8--------
Here, the two loads of *bar get CSE'd and "redundant" is salvaged. It picks up
a DW_OP_deref to achieve this. There are two line numbers in "foo" that one can
step onto with gdb: "*bar = 0" and the return statement. On the first, printing
"redundant" produces 987654, on the second printing "redundant" produces 0.
This isn't an accurate representation of the original program as the value of
redundant should not change.
Off the top of my head I can't see any way to fix salvage operations that add
DW_OP_deref: while we could terminate the location range to stop at the next
write to memory, I doubt any LLVM passes that move memory instructions
currently examine what intervening dbg.values do, meaning there's a risk of
dbg.values seeing the wrong stored value if stores get moved.
IMHO the easiest quickest soundest fix is to not salvage such instructions:
doing so on a clang-3.4 build gives a 1.1% drop in variable location coverage
and 1% drop in scope bytes coverage. This would suck quite considerably,
however AFAIK there are currently no guard-rails for this kind of DIExpression.
[0] https://reviews.llvm.org/D56788
Referenced Bugs:
https://bugs.llvm.org/show_bug.cgi?id=38768
[Bug 38768] [meta][DebugInfo] Umbrella bug for poor debug experiences
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20190206/ba14cec5/attachment.html>
More information about the llvm-bugs
mailing list