[llvm] r331824 - [SimplifyCFG] Fix a crash when folding PHIs.
Davide Italiano via llvm-commits
llvm-commits at lists.llvm.org
Tue May 8 16:28:15 PDT 2018
Author: davide
Date: Tue May 8 16:28:15 2018
New Revision: 331824
URL: http://llvm.org/viewvc/llvm-project?rev=331824&view=rev
Log:
[SimplifyCFG] Fix a crash when folding PHIs.
We enter MergeBlockIntoPredecessor with a block looking like this:
for.inc.us-lcssa: ; preds = %cond.end
%k.1.lcssa.ph = phi i32 [ %conv15, %cond.end ]
%t.3.lcssa.ph = phi i32 [ %k.1.lcssa.ph, %cond.end ]
br label %for.inc, !dbg !66
[note the first arg of the PHI being a PHI].
FoldSingleEntryPHINodes gets rid of both PHIs (calling, eraseFromParent).
But right before we call the function, we push into IncomingValues the
only argument of the PHIs, and shortly after we try to iterate over
something which has been invalidated before :(
The fix its not trying to remove PHIs which have an incoming value
coming from the same BB we're looking at.
Fixes PR37300 and rdar://problem/39910460
Differential Revision: https://reviews.llvm.org/D46568
Added:
llvm/trunk/test/Transforms/SimplifyCFG/fold-debug-info.ll
Modified:
llvm/trunk/lib/Transforms/Utils/BasicBlockUtils.cpp
Modified: llvm/trunk/lib/Transforms/Utils/BasicBlockUtils.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/Utils/BasicBlockUtils.cpp?rev=331824&r1=331823&r2=331824&view=diff
==============================================================================
--- llvm/trunk/lib/Transforms/Utils/BasicBlockUtils.cpp (original)
+++ llvm/trunk/lib/Transforms/Utils/BasicBlockUtils.cpp Tue May 8 16:28:15 2018
@@ -149,10 +149,11 @@ bool llvm::MergeBlockIntoPredecessor(Bas
return false;
// Begin by getting rid of unneeded PHIs.
- SmallVector<Value *, 4> IncomingValues;
+ SmallVector<AssertingVH<Value>, 4> IncomingValues;
if (isa<PHINode>(BB->front())) {
for (PHINode &PN : BB->phis())
- if (PN.getIncomingValue(0) != &PN)
+ if (!isa<PHINode>(PN.getIncomingValue(0)) ||
+ cast<PHINode>(PN.getIncomingValue(0))->getParent() != BB)
IncomingValues.push_back(PN.getIncomingValue(0));
FoldSingleEntryPHINodes(BB, MemDep);
}
@@ -168,8 +169,8 @@ bool llvm::MergeBlockIntoPredecessor(Bas
PredBB->getInstList().splice(PredBB->end(), BB->getInstList());
// Eliminate duplicate dbg.values describing the entry PHI node post-splice.
- for (auto *Incoming : IncomingValues) {
- if (isa<Instruction>(Incoming)) {
+ for (auto Incoming : IncomingValues) {
+ if (isa<Instruction>(*Incoming)) {
SmallVector<DbgValueInst *, 2> DbgValues;
SmallDenseSet<std::pair<DILocalVariable *, DIExpression *>, 2>
DbgValueSet;
Added: llvm/trunk/test/Transforms/SimplifyCFG/fold-debug-info.ll
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Transforms/SimplifyCFG/fold-debug-info.ll?rev=331824&view=auto
==============================================================================
--- llvm/trunk/test/Transforms/SimplifyCFG/fold-debug-info.ll (added)
+++ llvm/trunk/test/Transforms/SimplifyCFG/fold-debug-info.ll Tue May 8 16:28:15 2018
@@ -0,0 +1,102 @@
+;; Check that we don't crash. PR37300.
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
+; RUN: opt %s -S -simplifycfg | FileCheck %s
+
+define void @patatino() {
+; CHECK-LABEL: @patatino(
+; CHECK-NEXT: bb:
+; CHECK-NEXT: ret void
+;
+bb:
+ %tmp = icmp eq i32 7, 0
+ br label %bb3
+bb3: ; preds = %bb2, %bb
+ br label %bb36
+bb5: ; preds = %bb4
+ %tmp7 = icmp ne i32 7, 0
+ %tmp8 = and i1 true, %tmp7
+ br i1 %tmp8, label %bb16, label %bb14
+bb9: ; preds = %bb33, %bb10
+ br label %bb18
+bb10: ; preds = %bb19, %bb13
+ %tmp11 = add nsw i32 2, 1
+ %tmp12 = icmp eq i32 %tmp11, 0
+ br i1 %tmp12, label %bb17, label %bb9
+bb13: ; preds = %bb18, %bb13
+ br label %bb10
+bb14: ; preds = %bb17, %bb6, %bb5
+ br label %bb35
+bb16: ; preds = %bb6
+ br label %bb31
+bb17: ; preds = %bb32, %bb10
+ br label %bb14
+bb18: ; preds = %bb9
+ br label %bb13
+bb21: ; preds = %bb31, %bb23
+ %tmp22 = phi i32 [ 0, %bb23 ], [ 0, %bb31 ]
+ br label %bb27
+bb23: ; preds = %bb29, %bb28, %bb26
+ %tmp24 = add nsw i32 %tmp22, 1
+ %tmp25 = icmp eq i32 %tmp24, 0
+ br i1 %tmp25, label %bb32, label %bb21
+bb27: ; preds = %bb21
+ br label %bb30
+bb28: ; preds = %bb30
+ br label %bb23
+bb30: ; preds = %bb30, %bb27
+ br label %bb28
+bb31: ; preds = %bb16
+ br label %bb21
+bb32: ; preds = %bb23
+ br label %bb17
+bb35: ; preds = %bb14
+ br label %bb3
+bb36: ; preds = %bb3, %bb3
+ br label %bb37
+bb37: ; preds = %bb36
+ %tmp39 = and i1 %tmp, true
+ br i1 %tmp39, label %bb40, label %bb67
+bb40: ; preds = %bb38
+ br i1 %tmp, label %bb42, label %bb41
+bb41: ; preds = %bb40
+ br label %bb43
+bb42: ; preds = %bb40
+ br label %bb66
+bb43: ; preds = %bb41
+ br label %bb44
+bb44: ; preds = %bb61, %bb43
+ %tmp45 = phi i32 [ 0, %bb61 ], [ 0, %bb43 ]
+ %tmp46 = phi i32 [ %tmp62, %bb61 ], [ 0, %bb43 ]
+ br label %bb51
+bb48: ; preds = %bb47
+ br label %bb49
+bb49: ; preds = %bb48
+ %tmp50 = phi i32 [ 0, %bb48 ]
+ br label %bb61
+bb51: ; preds = %bb44
+ br label %bb52
+bb52: ; preds = %bb55, %bb51
+ %tmp53 = phi i32 [ %tmp46, %bb51 ], [ 0, %bb55 ]
+ br label %bb55
+bb54: ; preds = %bb52
+ br label %bb55
+bb55: ; preds = %bb54, %bb52
+ %tmp56 = phi i32 [ 0, %bb54 ], [ 0, %bb52 ]
+ %tmp57 = shl i32 %tmp56, 16
+ br i1 false, label %bb52, label %bb58
+bb58: ; preds = %bb55
+ %tmp59 = phi i32 [ 0, %bb55 ]
+ %tmp60 = phi i32 [ %tmp53, %bb55 ]
+ br label %bb61
+bb61: ; preds = %bb58, %bb49
+ %tmp62 = phi i32 [ %tmp59, %bb58 ], [ %tmp50, %bb49 ]
+ %tmp63 = add nsw i32 %tmp45, 1
+ %tmp64 = icmp eq i32 %tmp63, 0
+ br i1 %tmp64, label %bb65, label %bb44
+bb65: ; preds = %bb61
+ br label %bb66
+bb66: ; preds = %bb65, %bb42
+ br label %bb67
+bb67: ; preds = %bb66, %bb38
+ ret void
+}
More information about the llvm-commits
mailing list