[llvm] a910337 - [FuncSpec] Conditional jump or move depends on uninitialised value(s).
Alexandros Lamprineas via llvm-commits
llvm-commits at lists.llvm.org
Tue Apr 26 23:29:15 PDT 2022
Author: Alexandros Lamprineas
Date: 2022-04-27T07:28:25+01:00
New Revision: a910337b5d01b2ad889abbd41db04314fcad664e
URL: https://github.com/llvm/llvm-project/commit/a910337b5d01b2ad889abbd41db04314fcad664e
DIFF: https://github.com/llvm/llvm-project/commit/a910337b5d01b2ad889abbd41db04314fcad664e.diff
LOG: [FuncSpec] Conditional jump or move depends on uninitialised value(s).
I found this bug when performing a two-stage build of clang with
Function Specialization enabled and tuned aggressively. The crash
appears only on release builds.
Fixes https://github.com/llvm/llvm-project/issues/55000.
Before accessing the contents of the ArgInfo iterator inside
SCCPInstVisitor::markArgInFuncSpecialization, we should be
checking that the iterator is valid.
Differential Revision: https://reviews.llvm.org/D124114
Added:
llvm/test/Transforms/FunctionSpecialization/bug55000-read-uninitialized-value.ll
Modified:
llvm/lib/Transforms/Utils/SCCPSolver.cpp
Removed:
################################################################################
diff --git a/llvm/lib/Transforms/Utils/SCCPSolver.cpp b/llvm/lib/Transforms/Utils/SCCPSolver.cpp
index 607928c835fb5..a9fe37ff26df0 100644
--- a/llvm/lib/Transforms/Utils/SCCPSolver.cpp
+++ b/llvm/lib/Transforms/Utils/SCCPSolver.cpp
@@ -539,7 +539,7 @@ void SCCPInstVisitor::markArgInFuncSpecialization(
LLVM_DEBUG(dbgs() << "SCCP: Marking argument "
<< NewArg->getNameOrAsOperand() << "\n");
- if (OldArg == Iter->Formal) {
+ if (Iter != Args.end() && OldArg == Iter->Formal) {
// Mark the argument constants in the new function.
markConstant(NewArg, Iter->Actual);
++Iter;
diff --git a/llvm/test/Transforms/FunctionSpecialization/bug55000-read-uninitialized-value.ll b/llvm/test/Transforms/FunctionSpecialization/bug55000-read-uninitialized-value.ll
new file mode 100644
index 0000000000000..dc63d08273f81
--- /dev/null
+++ b/llvm/test/Transforms/FunctionSpecialization/bug55000-read-uninitialized-value.ll
@@ -0,0 +1,60 @@
+; RUN: opt -function-specialization -func-specialization-max-iters=2 -func-specialization-size-threshold=20 -func-specialization-avg-iters-cost=20 -function-specialization-for-literal-constant=true -S < %s | FileCheck %s
+
+declare hidden i1 @compare(ptr) align 2
+declare hidden { i8, ptr } @getType(ptr) align 2
+
+; CHECK-LABEL: @foo
+; CHECK-LABEL: @foo.1
+; CHECK-LABEL: @foo.2
+
+define internal void @foo(ptr %TLI, ptr %DL, ptr %Ty, ptr %ValueVTs, ptr %Offsets, i64 %StartingOffset) {
+entry:
+ %VT = alloca i64, align 8
+ br i1 undef, label %if.then, label %if.end4
+
+if.then: ; preds = %entry
+ ret void
+
+if.end4: ; preds = %entry
+ %cmp = call zeroext i1 @compare(ptr undef)
+ br i1 %cmp, label %for.body, label %for.cond16
+
+for.body: ; preds = %if.end4
+ %add13 = add i64 %StartingOffset, undef
+ call void @foo(ptr %TLI, ptr %DL, ptr undef, ptr %ValueVTs, ptr %Offsets, i64 %add13)
+ unreachable
+
+for.cond16: ; preds = %for.cond34, %if.end4
+ %call27 = call { i8, ptr } @getType(ptr %VT)
+ br label %for.cond34
+
+for.cond34: ; preds = %for.body37, %for.cond16
+ br i1 undef, label %for.body37, label %for.cond16
+
+for.body37: ; preds = %for.cond34
+ %tobool39 = icmp ne ptr %Offsets, null
+ br label %for.cond34
+}
+
+define hidden { ptr, i32 } @bar(ptr %this) {
+entry:
+ %Offsets = alloca i64, align 8
+ %cmp26 = call zeroext i1 @compare(ptr undef)
+ br i1 %cmp26, label %for.body28, label %for.cond.cleanup27
+
+for.cond.cleanup27: ; preds = %entry
+ ret { ptr, i32 } undef
+
+for.body28: ; preds = %entry
+ %call33 = call zeroext i1 @compare(ptr undef)
+ br i1 %call33, label %if.then34, label %if.end106
+
+if.then34: ; preds = %for.body28
+ call void @foo(ptr %this, ptr undef, ptr undef, ptr undef, ptr null, i64 0)
+ unreachable
+
+if.end106: ; preds = %for.body28
+ call void @foo(ptr %this, ptr undef, ptr undef, ptr undef, ptr %Offsets, i64 0)
+ unreachable
+}
+
More information about the llvm-commits
mailing list