[llvm-bugs] [Bug 52076] New: Segmentation fault: loop-unroller and instcombiner cause stack overflow during isel

via llvm-bugs llvm-bugs at lists.llvm.org
Tue Oct 5 04:21:35 PDT 2021


https://bugs.llvm.org/show_bug.cgi?id=52076

            Bug ID: 52076
           Summary: Segmentation fault: loop-unroller and instcombiner
                    cause stack overflow during isel
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Common Code Generator Code
          Assignee: unassignedbugs at nondot.org
          Reporter: paulsson at linux.vnet.ibm.com
                CC: llvm-bugs at lists.llvm.org

This simple (reduced) program causes clang to crash:

int a, d;
long b, e;
short c;
int f[2];
void g() {
  e = 0;
  for (; e >= -23; e--) {
    int *h = &d;
    c = 24;
    for (; c; --c) {
      int *i = &f[1];
      b = 0;
      for (; b != 17; b++)
        a ^= h == i;
    }
  }
}
int main() {}

, when compiled with these options:

clang -O3 -march=arch13 crash0_aftercreduce.c -o a.out -mllvm
-unroll-allow-remainder=false -mllvm -unroll-count=2

I see that the loop-unroller passes now create a huge amount of identical xor
instructions:

  %xor.1 = xor i32 %xor, zext (i1 icmp eq (i32* getelementptr inbounds ([2 x
i32], [2 x i32]* @f, i64 0, i64 1), i32* @d) to i32)
  %xor.2 = xor i32 %xor.1, zext (i1 icmp eq (i32* getelementptr inbounds ([2 x
i32], [2 x i32]* @f, i64 0, i64 1), i32* @d) to i32)
  %xor.3 = xor i32 %xor.2, zext (i1 icmp eq (i32* getelementptr inbounds ([2 x
i32], [2 x i32]* @f, i64 0, i64 1), i32* @d) to i32)
 ...

After GVN, these now lie in the same BB, also meaning the same DAG later on...
It looks like there are now about ~10k of them! These are all the same, and it
seems to me they could be eliminated more or less down to just 1 or 2, since
they seem to "toggle" the icmp result over and over...

InstCombine however does not remove any of them (maybe it really can't, not
sure), but instead inlines them all into one instruction like (i32 xor (i32 xor
(i32 xor...

SelectionDAGBuilder then crashes during DAG construction. If InstCombine relies
on DAGCombiner to optimize the xor sequence, it shouldn't have as the DAG can't
even be built with this amount of them...

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20211005/94a800b1/attachment.html>


More information about the llvm-bugs mailing list