[PATCH] D142444: [IPSCCP][FuncSpec] Fix compiler crash 60191.

Alexandros Lamprineas via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Tue Jan 24 02:24:22 PST 2023 

labrinea created this revision.
labrinea added reviewers: jhuber6, jdoerfert, ye-luo, chill, SjoerdMeijer.
Herald added subscribers: snehasish, ormris, hiraditya.
Herald added a project: All.
labrinea requested review of this revision.
Herald added a project: LLVM.

Found here https://github.com/llvm/llvm-project/issues/60191

The compiler would crash when specializing a function based on a function pointer whose call sites may expect less parameters than those of the function we are replacing the pointer with.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D142444

Files:
  llvm/lib/Transforms/IPO/FunctionSpecialization.cpp
  llvm/test/Transforms/FunctionSpecialization/compiler-crash-60191.ll


Index: llvm/test/Transforms/FunctionSpecialization/compiler-crash-60191.ll
===================================================================
--- /dev/null
+++ llvm/test/Transforms/FunctionSpecialization/compiler-crash-60191.ll
@@ -0,0 +1,70 @@
+; RUN: opt -S -mtriple=amdgcn-amd-amdhsa --passes="default<O3>" < %s
+
+define void @foo() {
+  call fastcc void @bar(ptr null, ptr null, i64 0, ptr addrspace(5) null, ptr addrspace(5) null, ptr null, ptr null, ptr null, ptr null, ptr null, ptr null)
+  call fastcc void @bar(ptr @func, ptr null, i64 0, ptr addrspace(5) null, ptr addrspace(5) null, ptr null, ptr null, ptr null, ptr null, ptr null, ptr null)
+  ret void
+}
+
+define internal fastcc void @bar(ptr %0, ptr %1, i64 %2, ptr addrspace(5) %3, ptr addrspace(5) %4, ptr %5, ptr %6, ptr %7, ptr %8, ptr %9, ptr %10) {
+  %12 = addrspacecast ptr addrspace(5) %3 to ptr
+  %13 = addrspacecast ptr addrspace(5) %4 to ptr
+  store i32 0, ptr addrspace(5) null, align 4
+  switch i64 %2, label %36 [
+    i64 1, label %14
+    i64 8, label %27
+    i64 0, label %20
+  ]
+
+common.ret:                                       ; preds = %36, %27, %20, %14
+  ret void
+
+14:                                               ; preds = %11
+  %15 = load ptr, ptr %1, align 8
+  %16 = load ptr, ptr %5, align 8
+  %17 = load ptr, ptr %0, align 8
+  %18 = load ptr, ptr null, align 8
+  %19 = load ptr, ptr %6, align 8
+  call void %0(ptr null, ptr null, ptr %15, ptr %16, ptr %17, ptr %18, ptr %19)
+  br label %common.ret
+
+20:                                               ; preds = %11
+  %21 = load ptr, ptr %1, align 8
+  %22 = load ptr, ptr %7, align 8
+  %23 = load ptr, ptr %6, align 8
+  %24 = load ptr, ptr %5, align 8
+  %25 = load ptr, ptr %0, align 8
+  %26 = load ptr, ptr null, align 8
+  call void %0(ptr %12, ptr %13, ptr %21, ptr %22, ptr %23, ptr %24, ptr %25, ptr %26)
+  br label %common.ret
+
+27:                                               ; preds = %11
+  %28 = load ptr, ptr %1, align 8
+  %29 = load ptr, ptr %9, align 8
+  %30 = load ptr, ptr %5, align 8
+  %31 = load ptr, ptr %6, align 8
+  %32 = load ptr, ptr %0, align 8
+  %33 = load ptr, ptr %7, align 8
+  %34 = load ptr, ptr null, align 8
+  %35 = load ptr, ptr %8, align 8
+  call void %0(ptr null, ptr null, ptr %28, ptr %29, ptr %30, ptr %31, ptr %32, ptr %33, ptr %34, ptr %35)
+  br label %common.ret
+
+36:                                               ; preds = %11
+  %37 = load ptr, ptr %1, align 8
+  %38 = load ptr, ptr %8, align 8
+  %39 = load ptr, ptr %5, align 8
+  %40 = load ptr, ptr %10, align 8
+  %41 = load ptr, ptr %7, align 8
+  %42 = load ptr, ptr %9, align 8
+  %43 = load ptr, ptr %0, align 8
+  %44 = load ptr, ptr null, align 8
+  %45 = load ptr, ptr %6, align 8
+  call void %0(ptr null, ptr null, ptr %37, ptr %38, ptr %39, ptr %40, ptr %41, ptr %42, ptr %43, ptr %44, ptr %45)
+  br label %common.ret
+}
+
+define internal void @func(ptr %0, ptr %1, ptr %2, ptr %3, ptr %4, ptr %5, ptr %6, ptr %7) {
+  ret void
+}
+
Index: llvm/lib/Transforms/IPO/FunctionSpecialization.cpp
===================================================================
--- llvm/lib/Transforms/IPO/FunctionSpecialization.cpp
+++ llvm/lib/Transforms/IPO/FunctionSpecialization.cpp
@@ -623,6 +623,8 @@
     auto *CS = cast<CallBase>(U);
     if (CS->getCalledOperand() != A)
       continue;
+    if (CS->arg_size() != CalledFunction->arg_size())
+      continue;
 
     // Get the cost of inlining the called function at this call site. Note
     // that this is only an estimate. The called function may eventually


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D142444.491677.patch
Type: text/x-patch
Size: 3601 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20230124/79225a26/attachment.bin>

More information about the llvm-commits mailing list