[PATCH] D76994: [DAG] Fix PR45049: LegalizeTypes crash
Jonathan Roelofs via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Sat Mar 28 12:22:38 PDT 2020
jroelofs created this revision.
jroelofs added reviewers: rspringer, jyknight, echristo, bogner, tra, niravd.
Herald added subscribers: llvm-commits, hiraditya.
Herald added a project: LLVM.
Sometimes LegalizeTypes knows about common subexpressions before SelectionDAG does, leading to accidental SDValue removal before its reference count was truly zero.
Fixes: https://bugs.llvm.org/show_bug.cgi?id=45049
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D76994
Files:
llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.cpp
llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.h
llvm/test/CodeGen/X86/legalize-types-remapid.ll
Index: llvm/test/CodeGen/X86/legalize-types-remapid.ll
===================================================================
--- llvm/test/CodeGen/X86/legalize-types-remapid.ll
+++ llvm/test/CodeGen/X86/legalize-types-remapid.ll
@@ -14,3 +14,18 @@
store volatile i32 %t0.i0.cast.i1, i32* @c
ret void
}
+
+define void @PR45049() local_unnamed_addr {
+so_basic:
+ %a0 = load i1, i1* undef, align 1
+ %a1 = select i1 %a0, i542 4374501449566023848745004454235242730706338861786424872851541212819905998398751846447026354046107648, i542 0 ; constant is: i542 1 << 331
+ %a00 = zext i1 %a0 to i542
+ %a11 = shl i542 %a00, 331
+ %a2 = shl i542 %a00, 330
+ %a4 = or i542 %a1, %a2
+ %a05 = zext i1 %a0 to i488
+ %a55 = shl i488 %a05, 111
+ store i542 %a4, i542* undef, align 8
+ store i488 %a55, i488* undef, align 8
+ ret void
+}
Index: llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.h
===================================================================
--- llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.h
+++ llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.h
@@ -159,7 +159,9 @@
const SDValue &getSDValue(TableId &Id) {
RemapId(Id);
assert(Id && "TableId should be non-zero");
- return IdToValueMap[Id];
+ auto I = IdToValueMap.find(Id);
+ assert(I != IdToValueMap.end() && "cannot find Id in map");
+ return I->second;
}
public:
@@ -180,21 +182,25 @@
TableId NewId = getTableId(SDValue(New, i));
TableId OldId = getTableId(SDValue(Old, i));
- if (OldId != NewId)
+ if (OldId != NewId) {
ReplacedValues[OldId] = NewId;
- // Delete Node from tables.
+ // Delete Node from tables. We cannot do this when OldId == NewId,
+ // because NewId can still have table references to it in
+ // ReplacedValues.
+ IdToValueMap.erase(OldId);
+ PromotedIntegers.erase(OldId);
+ ExpandedIntegers.erase(OldId);
+ SoftenedFloats.erase(OldId);
+ PromotedFloats.erase(OldId);
+ SoftPromotedHalfs.erase(OldId);
+ ExpandedFloats.erase(OldId);
+ ScalarizedVectors.erase(OldId);
+ SplitVectors.erase(OldId);
+ WidenedVectors.erase(OldId);
+ }
+
ValueToIdMap.erase(SDValue(Old, i));
- IdToValueMap.erase(OldId);
- PromotedIntegers.erase(OldId);
- ExpandedIntegers.erase(OldId);
- SoftenedFloats.erase(OldId);
- PromotedFloats.erase(OldId);
- SoftPromotedHalfs.erase(OldId);
- ExpandedFloats.erase(OldId);
- ScalarizedVectors.erase(OldId);
- SplitVectors.erase(OldId);
- WidenedVectors.erase(OldId);
}
}
Index: llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.cpp
===================================================================
--- llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.cpp
+++ llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.cpp
@@ -185,6 +185,10 @@
UI != UE; ++UI)
assert(UI->getNodeId() == NewNode && "NewNode used by non-NewNode!");
}
+
+ // Check that all of the replacements still exist.
+ for (auto I = ReplacedValues.begin(), E = ReplacedValues.end(); I != E; ++I)
+ assert(IdToValueMap.count(I->second) && "remapped value missing");
}
/// This is the main entry point for the type legalizer. This does a top-down
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D76994.253370.patch
Type: text/x-patch
Size: 3262 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20200328/e8160e5a/attachment-0001.bin>
More information about the llvm-commits
mailing list