[llvm-bugs] [Bug 48036] New: [DeadStoreElimination w/ MemSSA] wrong code

via llvm-bugs llvm-bugs at lists.llvm.org
Sat Oct 31 10:02:54 PDT 2020 

https://bugs.llvm.org/show_bug.cgi?id=48036

            Bug ID: 48036
           Summary: [DeadStoreElimination w/ MemSSA]  wrong code
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Scalar Optimizations
          Assignee: unassignedbugs at nondot.org
          Reporter: paulsson at linux.vnet.ibm.com
                CC: llvm-bugs at lists.llvm.org

Created attachment 24117
  --> https://bugs.llvm.org/attachment.cgi?id=24117&action=edit
extracted function

This SystemZ multistage bot is failing since weeks:
http://lab.llvm.org:8011/#/builders/8/builds/6. Stage-2 llvm-objcopy has a
corrupt size value which causes a call to fallocate of an insane amount which
causes the abortion:

llvm-objcopy --decompress-debug-sections
./build-multistage/test/tools/llvm-objcopy/ELF/Output/compress-debug-sections.test.tmpz.o
./build-multistage/test/tools/llvm-objcopy/ELF/Output/compress-debug-sections.test.tmp2.o
llvm-objcopy: error: ... No space left on device

This is the llvm-objcopy compiled by clang (which was compiled by gcc).

A bisect showed that the first bad commit is 51ff04567, which makes
-enable-dse-memoryssa default to true. I narrowed it all down to one file
(llvm-objcopy/ELF/Object.cpp) and function to the point where I think I can see
just one store being DSE:ed in a function which seems to be incorrect.

To build:
1:
build as usual in $BUILD

2:
mkdir stage2
cd stage2
cmake -G Ninja ../llvm-project/llvm -DCMAKE_C_COMPILER=$BUILD/bin/clang
-DCMAKE_CXX_COMPILER=$BUILD/bin/clang++ -DCMAKE_BUILD_TYPE=Release
-DLLVM_ENABLE_ASSERTIONS=On
ninja check

/bin/llvm-objcopy --decompress-debug-sections
./test/tools/llvm-objcopy/ELF/Output/compress-debug-sections.test.tmpz.o
./test/tools/llvm-objcopy/ELF/Output/compress-debug-sections.test.tmp2.o
./bin/llvm-objcopy: error:
'./test/tools/llvm-objcopy/ELF/Output/compress-debug-sections.test.tmpz.o':
'./test/tools/llvm-objcopy/ELF/Output/compress-debug-sections.test.tmp2.o': No
space left on device

I found that if I recompiled ELF/Object.cpp with these options the error
disappears:

-mllvm -enable-dse-partial-store-merging=false -mllvm
-dse-memoryssa-defs-per-block-limit=3 -mllvm -dse-memoryssa-path-check-limit=1
-mllvm -dse-memoryssa-partial-store-limit=1 -mllvm -dse-memoryssa-scanlimit=19
-mllvm -dse-memoryssa-walklimit=85

Changing the last option to '86' instead produces the bad code again...

I found that it was enough to replace this function in Object.bc:
_ZN4llvm7objcopy3elf10ELFBuilderINS_6object7ELFTypeILNS_7support10endiannessE1ELb1EEEE11makeSectionERKNS3_13Elf_Shdr_ImplIS7_EE

I managed then to extract the right function and run with opt instead:

./bin/opt -mtriple=s390x-linux-gnu fun.ll -S -o out.opt.86.ll -basic-aa -aa
-memoryssa -dse -enable-dse-partial-overwrite-tracking=false
-enable-dse-partial-store-merging=false -dse-memoryssa-defs-per-block-limit=3
-dse-memoryssa-path-check-limit=1 -dse-memoryssa-partial-store-limit=1
-dse-memoryssa-scanlimit=19 -dse-memoryssa-walklimit=86 -debug-only=dse >&
dbg86_opt

./bin/opt -mtriple=s390x-linux-gnu fun.ll -S -o out.opt.85.ll -basic-aa -aa
-memoryssa -dse -enable-dse-partial-overwrite-tracking=false
-enable-dse-partial-store-merging=false -dse-memoryssa-defs-per-block-limit=3
-dse-memoryssa-path-check-limit=1 -dse-memoryssa-partial-store-limit=1
-dse-memoryssa-scanlimit=19 -dse-memoryssa-walklimit=85 -debug-only=dse >&
dbg85_opt

diff dbg85_opt dbg86_opt | grep "DSE: Remove Dead Store" | ...
>     DSE: Remove Dead Store:

There is one more store eliminated, which seems wrong to me. It is the saving
of the argument %DecompressedSize (:-)  which for some reason is removed:

define void
@_ZN4llvm7objcopy3elf17CompressedSection6createENS_8ArrayRefIhEEmm(... , i64
%DecompressedSize, ...) {

%ref.tmp = alloca %"class.llvm::objcopy::elf::CompressedSection", align 8
...
%DecompressedSize2.i = getelementptr inbounds
%"class.llvm::objcopy::elf::CompressedSection",
%"class.llvm::objcopy::elf::CompressedSection"* %ref.tmp, i64 0, i32 2
store i64 %DecompressedSize, i64* %DecompressedSize2.i, align 8, !tbaa !26
...
}

I can't see any other store to that address/element, and I have no idea why DSE
removes it...

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20201031/826480bd/attachment-0001.html>

More information about the llvm-bugs mailing list