[llvm] b8f68ad - [DebugInfo][InstrRef] Avoid crash when values optimised out late in sdag

Jeremy Morse via llvm-commits llvm-commits at lists.llvm.org
Wed Nov 24 02:35:12 PST 2021 

Author: Jeremy Morse
Date: 2021-11-24T10:34:48Z
New Revision: b8f68ad9cdb11d585acc6c38ad124b32efb6178a

URL: https://github.com/llvm/llvm-project/commit/b8f68ad9cdb11d585acc6c38ad124b32efb6178a
DIFF: https://github.com/llvm/llvm-project/commit/b8f68ad9cdb11d585acc6c38ad124b32efb6178a.diff

LOG: [DebugInfo][InstrRef] Avoid crash when values optimised out late in sdag

It appears that we can emit all the instructions for a function, including
debug instructions, and then optimise some of the values out late.
Specifically, in the attached test case, an argument gets optimised out
after DBG_VALUE / DBG_INSTR_REFs are created. This confuses
MachineFunction::finalizeDebugInstrRefs, which expects to be able to find a
defining instruction, and crashes instead.

Fix this by identifying when there's no defining instruction, and
translating that instead into a DBG_VALUE $noreg.

Differential Revision: https://reviews.llvm.org/D114476

Added: 
    llvm/test/DebugInfo/X86/instr-ref-sdag-empty-vreg.ll

Modified: 
    llvm/lib/CodeGen/MachineFunction.cpp

Removed: 
    


################################################################################
diff  --git a/llvm/lib/CodeGen/MachineFunction.cpp b/llvm/lib/CodeGen/MachineFunction.cpp
index 28c645df3f1d6..310c2721c3bd1 100644
--- a/llvm/lib/CodeGen/MachineFunction.cpp
+++ b/llvm/lib/CodeGen/MachineFunction.cpp
@@ -1170,9 +1170,10 @@ auto MachineFunction::salvageCopySSA(MachineInstr &MI)
 void MachineFunction::finalizeDebugInstrRefs() {
   auto *TII = getSubtarget().getInstrInfo();
 
-  auto MakeDbgValue = [&](MachineInstr &MI) {
+  auto MakeUndefDbgValue = [&](MachineInstr &MI) {
     const MCInstrDesc &RefII = TII->get(TargetOpcode::DBG_VALUE);
     MI.setDesc(RefII);
+    MI.getOperand(0).setReg(0);
     MI.getOperand(1).ChangeToRegister(0, false);
   };
 
@@ -1187,15 +1188,15 @@ void MachineFunction::finalizeDebugInstrRefs() {
       Register Reg = MI.getOperand(0).getReg();
 
       // Some vregs can be deleted as redundant in the meantime. Mark those
-      // as DBG_VALUE $noreg.
-      if (Reg == 0) {
-        MakeDbgValue(MI);
+      // as DBG_VALUE $noreg. Additionally, some normal instructions are
+      // quickly deleted, leaving dangling references to vregs with no def.
+      if (Reg == 0 || !RegInfo->hasOneDef(Reg)) {
+        MakeUndefDbgValue(MI);
         continue;
       }
 
       assert(Reg.isVirtual());
       MachineInstr &DefMI = *RegInfo->def_instr_begin(Reg);
-      assert(RegInfo->hasOneDef(Reg));
 
       // If we've found a copy-like instruction, follow it back to the
       // instruction that defines the source value, see salvageCopySSA docs

diff  --git a/llvm/test/DebugInfo/X86/instr-ref-sdag-empty-vreg.ll b/llvm/test/DebugInfo/X86/instr-ref-sdag-empty-vreg.ll
new file mode 100644
index 0000000000000..423da3c72fe06
--- /dev/null
+++ b/llvm/test/DebugInfo/X86/instr-ref-sdag-empty-vreg.ll
@@ -0,0 +1,45 @@
+; RUN: llc %s -o - -stop-before=finalize-isel \
+; RUN:  -experimental-debug-variable-locations \
+; RUN: | FileCheck %s
+
+;; The multiply by zero of %width below causes %width to become unused very late
+;; in SelectionDAG. As a result, DBG_INSTR_REFs are produced that refer to a
+;; vreg that is never defined, which risks a crash. Check that we don't crash,
+;; and produce an empty variable location.
+
+; CHECK: DBG_VALUE $noreg
+
+target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128"
+target triple = "x86_64-unknown-unknown"
+
+%class.Color = type { i8 }
+
+define hidden void @_Z14drawXZWideLineR4Vec3RK5Colorf(%class.Color* %color, float %width) local_unnamed_addr !dbg !7 {
+cond.false.i:
+  br label %_ZN4Vec39normalizeEv.exit, !dbg !12
+
+_ZN4Vec39normalizeEv.exit:                        ; preds = %cond.false.i
+  call void @llvm.dbg.value(metadata float %width, metadata !11, metadata !DIExpression()), !dbg !12
+  %mul.i = fmul float %width, 0.000000e+00, !dbg !12
+  ret void, !dbg !12
+}
+
+; Function Attrs: nofree nosync nounwind readnone speculatable willreturn
+declare void @llvm.dbg.value(metadata, metadata, metadata)
+
+!llvm.dbg.cu = !{!0}
+!llvm.module.flags = !{!3, !4, !5, !6}
+
+!0 = distinct !DICompileUnit(language: DW_LANG_C_plus_plus, file: !1, producer: "", isOptimized: true, runtimeVersion: 0, emissionKind: FullDebug)
+!1 = !DIFile(filename: "foo.cpp", directory: ".")
+!2 = !DIBasicType(name: "int", size: 8, encoding: DW_ATE_signed)
+!3 = !{i32 2, !"Dwarf Version", i32 4}
+!4 = !{i32 2, !"Debug Info Version", i32 3}
+!5 = !{i32 1, !"wchar_size", i32 2}
+!6 = !{i32 7, !"PIC Level", i32 2}
+!7 = distinct !DISubprogram(name: "foo", linkageName: "foo", scope: !1, file: !1, line: 6, type: !8, scopeLine: 6, flags: DIFlagPrototyped, spFlags: DISPFlagDefinition | DISPFlagOptimized, unit: !0, retainedNodes: !10)
+!8 = !DISubroutineType(types: !9)
+!9 = !{!2, !2}
+!10 = !{!11}
+!11 = !DILocalVariable(name: "baz", scope: !7, file: !1, line: 7, type: !2)
+!12 = !DILocation(line: 10, scope: !7)

More information about the llvm-commits mailing list