[llvm] r321545 - Avoid modifying DbgInfo while looping in salvageDebuginfo

David Blaikie via llvm-commits llvm-commits at lists.llvm.org
Tue Jan 2 08:19:59 PST 2018 

It'd still be good to have a test case for this - perhaps you could narrow
it down by putting a (temporary/not committed) assertion that would fire if
the container was modified within the loop? Then use that to more
deterministically reduce a test case.

On Thu, Dec 28, 2017 at 3:43 PM Dimitry Andric via llvm-commits <
llvm-commits at lists.llvm.org> wrote:

> Author: dim
> Date: Thu Dec 28 15:42:44 2017
> New Revision: 321545
>
> URL: http://llvm.org/viewvc/llvm-project?rev=321545&view=rev
> Log:
> Avoid modifying DbgInfo while looping in salvageDebuginfo
>
> Summary:
> I have been getting rather difficult to reproduce SIGBUS crashes when
> compiling certain FreeBSD sources, and their stack traces pointed
> squarely at `SelectionDAG::salvageDebugInfo()`:
>
> ```
> Core was generated by
> `/usr/obj/share/dim/src/freebsd/clang600-import/amd64.amd64/tmp/usr/bin/cc
> -cc1 -'.
> Program terminated with signal SIGBUS, Bus error.
> #0  isInvalidated () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/CodeGen/SelectionDAG/SDNodeDbgValue.h:115
> 115       bool isInvalidated() const { return Invalid; }
> (gdb) bt
> #0  isInvalidated () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/CodeGen/SelectionDAG/SDNodeDbgValue.h:115
> #1  salvageDebugInfo () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:7116
> #2  0x00000000033b2516 in operator() () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:3595
> #3  __invoke<(lambda at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:3593:59)
> &, llvm::SDNode *, llvm::SDNode *> () at
> /usr/include/c++/v1/type_traits:4323
> #4  __call<(lambda at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:3593:59)
> &, llvm::SDNode *, llvm::SDNode *> () at
> /usr/include/c++/v1/__functional_base:349
> #5  operator() () at /usr/include/c++/v1/functional:1562
> #6  0x00000000033b0817 in operator() () at
> /usr/include/c++/v1/functional:1916
> #7  NodeDeleted () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/include/llvm/CodeGen/SelectionDAG.h:293
> #8  0x0000000003529dde in RemoveDeadNodes () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:610
> #9  0x00000000035556df in MorphNodeTo () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6794
> #10 0x00000000033a9acc in MorphNode () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:2594
> #11 0x00000000033ac80b in SelectCodeCommon () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:3601
> #12 0x00000000023d464b in SelectCode () at
> /usr/obj/share/dim/src/freebsd/clang600-import/amd64.amd64/tmp/obj-tools/lib/clang/libllvm/X86GenDAGISel.inc:282902
> #13 Select () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/Target/X86/X86ISelDAGToDAG.cpp:3072
> #14 0x00000000033a5afa in DoInstructionSelection () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:988
> #15 0x00000000033a4e1a in CodeGenAndEmitDAG () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:868
> #16 0x00000000033a2643 in SelectAllBasicBlocks () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:1624
> #17 0x000000000339f158 in runOnMachineFunction () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:466
> #18 0x00000000023d03c4 in runOnMachineFunction () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/Target/X86/X86ISelDAGToDAG.cpp:175
> #19 0x00000000035cc8c2 in runOnFunction () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/CodeGen/MachineFunctionPass.cpp:62
> #20 0x00000000030dca9a in runOnFunction () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/IR/LegacyPassManager.cpp:1520
> #21 0x00000000030dccf3 in runOnModule () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/IR/LegacyPassManager.cpp:1541
> #22 0x00000000030dd228 in runOnModule () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/IR/LegacyPassManager.cpp:1597
> #23 run () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/IR/LegacyPassManager.cpp:1700
> #24 0x00000000014db578 in EmitAssembly () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:815
> #25 EmitBackendOutput () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:1181
> #26 0x00000000014d5b26 in HandleTranslationUnit () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:292
> #27 0x0000000001c4c332 in ParseAST () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/tools/clang/lib/Parse/ParseAST.cpp:159
> #28 0x00000000015d546c in Execute () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:897
> #29 0x0000000001cec311 in ExecuteAction () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:991
> #30 0x00000000014b4f81 in ExecuteCompilerInvocation () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:252
> #31 0x00000000014aa73f in cc1_main () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/tools/clang/tools/driver/cc1_main.cpp:221
> #32 0x00000000014b2928 in ExecuteCC1Tool () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/tools/clang/tools/driver/driver.cpp:309
> #33 main () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/tools/clang/tools/driver/driver.cpp:388
> (gdb) frame 1
> #1  salvageDebugInfo () at
> /share/dim/src/freebsd/clang600-import/contrib/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:7116
> 7116        if (DV->isInvalidated())
> (gdb) disassemble
> Dump of assembler code for function salvageDebugInfo():
> [...]
>    0x0000000003557348 <+744>:   nopl   0x0(%rax,%rax,1)
>    0x0000000003557350 <+752>:   mov    (%r12),%r13
> => 0x0000000003557354 <+756>:   cmpb   $0x0,0x31(%r13)
>    0x0000000003557359 <+761>:   jne    0x35573b0 <salvageDebugInfo()+848>
> (gdb) info registers
> [...]
> r13            0x5a5a5a5a5a5a5a5a       6510615555426900570
> ```
>
> The `0x5a5a5a5a5a5a5a5a` value in `r13` indicates the memory was either
> uninitialized, or already freed.
>
> Unfortunately I do not have a simple self-contained test case for this.
> However, it seems pretty clear that the call to `AddDbgValue()` in
> `salvageDebugInfo()` causes the problems, since it modifies
> `SelectionDag::DbgInfo` while looping through one of its DenseMaps:
>
> ```
> void SelectionDAG::salvageDebugInfo(SDNode &N) {
> [...]
>   for (auto DV : GetDbgValues(&N)) {
>     if (DV->isInvalidated())
>       continue;
> [...]
>         AddDbgValue(Clone, N0.getNode(), false);
> [...]
>   }
> }
> ```
>
> At least, if I comment out the `AddDbgValue()` call, the crashes go
> away.  I propose to change this function slightly, similar to the
> `SelectionDAG::transferDbgValues()` function just above it, to save the
> cloned SDDbgValues in a separate SmallVector, and only call
> AddDbgValue() on them after the for loop is done.
>
> Reviewers: aprantl, bogner, bkramer, davide
>
> Reviewed By: davide
>
> Subscribers: davide, krytarowski, JDevlieghere, emaste, llvm-commits
>
> Differential Revision: https://reviews.llvm.org/D41589
>
> Modified:
>     llvm/trunk/lib/CodeGen/SelectionDAG/SelectionDAG.cpp
>
> Modified: llvm/trunk/lib/CodeGen/SelectionDAG/SelectionDAG.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/CodeGen/SelectionDAG/SelectionDAG.cpp?rev=321545&r1=321544&r2=321545&view=diff
>
> ==============================================================================
> --- llvm/trunk/lib/CodeGen/SelectionDAG/SelectionDAG.cpp (original)
> +++ llvm/trunk/lib/CodeGen/SelectionDAG/SelectionDAG.cpp Thu Dec 28
> 15:42:44 2017
> @@ -7128,6 +7128,8 @@ void SelectionDAG::transferDbgValues(SDV
>  void SelectionDAG::salvageDebugInfo(SDNode &N) {
>    if (!N.getHasDebugValue())
>      return;
> +
> +  SmallVector<SDDbgValue *, 2> ClonedDVs;
>    for (auto DV : GetDbgValues(&N)) {
>      if (DV->isInvalidated())
>        continue;
> @@ -7151,13 +7153,16 @@ void SelectionDAG::salvageDebugInfo(SDNo
>          SDDbgValue *Clone =
>              getDbgValue(DV->getVariable(), DIExpr, N0.getNode(),
> N0.getResNo(),
>                          DV->isIndirect(), DV->getDebugLoc(),
> DV->getOrder());
> +        ClonedDVs.push_back(Clone);
>          DV->setIsInvalidated();
> -        AddDbgValue(Clone, N0.getNode(), false);
>          DEBUG(dbgs() << "SALVAGE: Rewriting";
> N0.getNode()->dumprFull(this);
>                dbgs() << " into " << *DIExpr << '\n');
>        }
>      }
>    }
> +
> +  for (SDDbgValue *Dbg : ClonedDVs)
> +    AddDbgValue(Dbg, Dbg->getSDNode(), false);
>  }
>
>  namespace {
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180102/3e6f9dc7/attachment.html>

More information about the llvm-commits mailing list