[llvm] Reland [SimplifyCFG] Delete the unnecessary range check for small mask operation (PR #70542)

Nathan Chancellor via llvm-commits llvm-commits at lists.llvm.org
Sat Nov 4 10:26:09 PDT 2023 

nathanchance wrote:

This change appears to cause a crash for me when building with `-fsanitize=thread`. A reduced LLVM IR reproducer from `llvm-reduce`:

```llvm
; ModuleID = 'gfx_v8_0.i'
source_filename = "gfx_v8_0.i"
target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-i128:128-f80:128-n8:16:32:64-S128"
target triple = "x86_64-pc-linux-gnu"

@max_shader_engines = dso_local global i32 0, align 4

; Function Attrs: nounwind sanitize_thread uwtable
define dso_local void @gfx_v8_0_setup_rb() #0 {
entry:
  %num_se = alloca i32, align 4
  %tmp = alloca i32, align 4
  %__ret_warn_on = alloca i32, align 4
  call void @llvm.lifetime.start.p0(i64 4, ptr %num_se) #4
  %0 = load i32, ptr @max_shader_engines, align 4, !tbaa !5
  %tobool = icmp ne i32 %0, 0
  br i1 %tobool, label %cond.true, label %cond.false

cond.true:                                        ; preds = %entry
  %1 = load i32, ptr @max_shader_engines, align 4, !tbaa !5
  br label %cond.end

cond.false:                                       ; preds = %entry
  br label %cond.end

cond.end:                                         ; preds = %cond.false, %cond.true
  %cond = phi i32 [ %1, %cond.true ], [ 1, %cond.false ]
  store i32 %cond, ptr %tmp, align 4, !tbaa !5
  %2 = load i32, ptr %tmp, align 4, !tbaa !5
  store i32 %2, ptr %num_se, align 4, !tbaa !5
  call void @llvm.lifetime.start.p0(i64 4, ptr %__ret_warn_on) #4
  %3 = load i32, ptr %num_se, align 4, !tbaa !5
  %cmp = icmp eq i32 %3, 1
  br i1 %cmp, label %lor.end, label %lor.lhs.false

lor.lhs.false:                                    ; preds = %cond.end
  %4 = load i32, ptr %num_se, align 4, !tbaa !5
  %cmp1 = icmp eq i32 %4, 2
  br i1 %cmp1, label %lor.end, label %lor.rhs

lor.rhs:                                          ; preds = %lor.lhs.false
  %5 = load i32, ptr %num_se, align 4, !tbaa !5
  %cmp2 = icmp eq i32 %5, 4
  br label %lor.end

lor.end:                                          ; preds = %lor.rhs, %lor.lhs.false, %cond.end
  %6 = phi i1 [ true, %lor.lhs.false ], [ true, %cond.end ], [ %cmp2, %lor.rhs ]
  %lor.ext = zext i1 %6 to i32
  store i32 %lor.ext, ptr %__ret_warn_on, align 4, !tbaa !5
  %7 = load i32, ptr %__ret_warn_on, align 4, !tbaa !5
  %8 = call i1 @llvm.is.constant.i32(i32 %7)
  br i1 %8, label %if.then, label %if.else

if.then:                                          ; preds = %lor.end
  br label %if.end5

if.else:                                          ; preds = %lor.end
  %9 = load i32, ptr %__ret_warn_on, align 4, !tbaa !5
  %conv = sext i32 %9 to i64
  %expval = call i64 @llvm.expect.i64(i64 %conv, i64 0)
  %tobool3 = icmp ne i64 %expval, 0
  br i1 %tobool3, label %if.then4, label %if.end

if.then4:                                         ; preds = %if.else
  call void asm sideeffect "", "~{dirflag},~{fpsr},~{flags}"() #4, !srcloc !9
  br label %if.end

if.end:                                           ; preds = %if.then4, %if.else
  br label %if.end5

if.end5:                                          ; preds = %if.end, %if.then
  call void @llvm.lifetime.end.p0(i64 4, ptr %__ret_warn_on) #4
  call void @llvm.lifetime.end.p0(i64 4, ptr %num_se) #4
  ret void
}

; Function Attrs: nocallback nofree nosync nounwind willreturn memory(argmem: readwrite)
declare void @llvm.lifetime.start.p0(i64 immarg, ptr nocapture) #1

; Function Attrs: convergent nocallback nofree nosync nounwind willreturn memory(none)
declare i1 @llvm.is.constant.i32(i32) #2

; Function Attrs: nocallback nofree nosync nounwind willreturn memory(none)
declare i64 @llvm.expect.i64(i64, i64) #3

; Function Attrs: nocallback nofree nosync nounwind willreturn memory(argmem: readwrite)
declare void @llvm.lifetime.end.p0(i64 immarg, ptr nocapture) #1

attributes #0 = { nounwind sanitize_thread uwtable "min-legal-vector-width"="0" "no-trapping-math"="true" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+cmov,+cx8,+fxsr,+mmx,+sse,+sse2,+x87" "tune-cpu"="generic" }
attributes #1 = { nocallback nofree nosync nounwind willreturn memory(argmem: readwrite) }
attributes #2 = { convergent nocallback nofree nosync nounwind willreturn memory(none) }
attributes #3 = { nocallback nofree nosync nounwind willreturn memory(none) }
attributes #4 = { nounwind }

!llvm.module.flags = !{!0, !1, !2, !3}
!llvm.ident = !{!4}

!0 = !{i32 1, !"wchar_size", i32 4}
!1 = !{i32 8, !"PIC Level", i32 2}
!2 = !{i32 7, !"PIE Level", i32 2}
!3 = !{i32 7, !"uwtable", i32 2}
!4 = !{!"ClangBuiltLinux clang version 18.0.0 (https://github.com/llvm/llvm-project 7c4180a36a905b7ed46c09df77af1b65e356f92a)"}
!5 = !{!6, !6, i64 0}
!6 = !{!"int", !7, i64 0}
!7 = !{!"omnipotent char", !8, i64 0}
!8 = !{!"Simple C/C++ TBAA"}
!9 = !{i64 299}
```

At 7c4180a36a905b7ed46c09df77af1b65e356f92a:

```
$ opt -O2 -disable-output reduced.ll
opt: /mnt/nvme/tmp/cvise.A8xoH9LhLH/src/llvm/lib/Transforms/Utils/SimplifyCFG.cpp:6097: (anonymous namespace)::SwitchLookupTable::SwitchLookupTable(Module &, uint64_t, ConstantInt *, const SmallVectorImpl<std::pair<ConstantInt *, Constant *>> &, Constant *, const DataLayout &, const StringRef &): Assertion `TableSize >= Values.size() && "Can't fit values in table!"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.	Program arguments: opt -O2 -disable-output reduced.ll
 #0 0x0000562678cfbb78 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/mnt/nvme/tmp/cvise.A8xoH9LhLH/install/llvm-bad/bin/opt+0x4f20b78)
 #1 0x0000562678cf973e llvm::sys::RunSignalHandlers() (/mnt/nvme/tmp/cvise.A8xoH9LhLH/install/llvm-bad/bin/opt+0x4f1e73e)
 #2 0x0000562678cfc358 SignalHandler(int) Signals.cpp:0:0
 #3 0x00007f98f65d1710 (/usr/lib/libc.so.6+0x3e710)
 #4 0x00007f98f662183c (/usr/lib/libc.so.6+0x8e83c)
 #5 0x00007f98f65d1668 gsignal (/usr/lib/libc.so.6+0x3e668)
 #6 0x00007f98f65b94b8 abort (/usr/lib/libc.so.6+0x264b8)
 #7 0x00007f98f65b93dc (/usr/lib/libc.so.6+0x263dc)
 #8 0x00007f98f65c9d26 (/usr/lib/libc.so.6+0x36d26)
 #9 0x0000562678e49bd6 SwitchToLookupTable(llvm::SwitchInst*, llvm::IRBuilder<llvm::ConstantFolder, llvm::IRBuilderDefaultInserter>&, llvm::DomTreeUpdater*, llvm::DataLayout const&, llvm::TargetTransformInfo const&) SimplifyCFG.cpp:0:0
#10 0x0000562678e30f58 (anonymous namespace)::SimplifyCFGOpt::simplifySwitch(llvm::SwitchInst*, llvm::IRBuilder<llvm::ConstantFolder, llvm::IRBuilderDefaultInserter>&) SimplifyCFG.cpp:0:0
#11 0x0000562678e24df2 (anonymous namespace)::SimplifyCFGOpt::run(llvm::BasicBlock*) SimplifyCFG.cpp:0:0
#12 0x0000562678e22062 llvm::simplifyCFG(llvm::BasicBlock*, llvm::TargetTransformInfo const&, llvm::DomTreeUpdater*, llvm::SimplifyCFGOptions const&, llvm::ArrayRef<llvm::WeakVH>) (/mnt/nvme/tmp/cvise.A8xoH9LhLH/install/llvm-bad/bin/opt+0x5047062)
#13 0x0000562678bfda0d iterativelySimplifyCFG(llvm::Function&, llvm::TargetTransformInfo const&, llvm::DomTreeUpdater*, llvm::SimplifyCFGOptions const&) SimplifyCFGPass.cpp:0:0
#14 0x0000562678bfd41c simplifyFunctionCFGImpl(llvm::Function&, llvm::TargetTransformInfo const&, llvm::DominatorTree*, llvm::SimplifyCFGOptions const&) SimplifyCFGPass.cpp:0:0
#15 0x0000562678bfc091 simplifyFunctionCFG(llvm::Function&, llvm::TargetTransformInfo const&, llvm::DominatorTree*, llvm::SimplifyCFGOptions const&) SimplifyCFGPass.cpp:0:0
#16 0x0000562678bfbe62 llvm::SimplifyCFGPass::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/mnt/nvme/tmp/cvise.A8xoH9LhLH/install/llvm-bad/bin/opt+0x4e20e62)
#17 0x00005626772d95ad llvm::detail::PassModel<llvm::Function, llvm::SimplifyCFGPass, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) BPFTargetMachine.cpp:0:0
#18 0x00005626787e8c74 llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/mnt/nvme/tmp/cvise.A8xoH9LhLH/install/llvm-bad/bin/opt+0x4a0dc74)
#19 0x00005626772d912d llvm::detail::PassModel<llvm::Function, llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function>>, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) BPFTargetMachine.cpp:0:0
#20 0x00005626787ecf03 llvm::ModuleToFunctionPassAdaptor::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/mnt/nvme/tmp/cvise.A8xoH9LhLH/install/llvm-bad/bin/opt+0x4a11f03)
#21 0x00005626772d8ecd llvm::detail::PassModel<llvm::Module, llvm::ModuleToFunctionPassAdaptor, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) BPFTargetMachine.cpp:0:0
#22 0x00005626787e7e54 llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/mnt/nvme/tmp/cvise.A8xoH9LhLH/install/llvm-bad/bin/opt+0x4a0ce54)
#23 0x0000562676d6aceb llvm::runPassPipeline(llvm::StringRef, llvm::Module&, llvm::TargetMachine*, llvm::TargetLibraryInfoImpl*, llvm::ToolOutputFile*, llvm::ToolOutputFile*, llvm::ToolOutputFile*, llvm::StringRef, llvm::ArrayRef<llvm::PassPlugin>, llvm::opt_tool::OutputKind, llvm::opt_tool::VerifierKind, bool, bool, bool, bool, bool, bool, bool) (/mnt/nvme/tmp/cvise.A8xoH9LhLH/install/llvm-bad/bin/opt+0x2f8fceb)
#24 0x0000562676d78eea main (/mnt/nvme/tmp/cvise.A8xoH9LhLH/install/llvm-bad/bin/opt+0x2f9deea)
#25 0x00007f98f65bacd0 (/usr/lib/libc.so.6+0x27cd0)
#26 0x00007f98f65bad8a __libc_start_main (/usr/lib/libc.so.6+0x27d8a)
#27 0x0000562676d645e5 _start (/mnt/nvme/tmp/cvise.A8xoH9LhLH/install/llvm-bad/bin/opt+0x2f895e5)
```

At 1021404619724568d62f53e575b61ae84e82ca02:

```
$ opt -O2 -disable-output reduced.ll
```

Bisect log below, if there is any additional information I can provide or patches I can test, I am more than happy to do so.

```
# bad: [d301a2895053fb335de0ba456d8cf80855a24fd9] [OpenMP] Guard Virtual Memory Management API and Types (#70986)
# good: [7b5505b0d597eddadd5ffd4bbf80a7e8804ec809] [PowerPC] Change registers used in test due to ABI breakage. NFC. (#70758)
git bisect start 'd301a2895053fb335de0ba456d8cf80855a24fd9' '7b5505b0d597eddadd5ffd4bbf80a7e8804ec809'
# bad: [1061c0150b587c721aaddd8250d562976dbcd7d6] [libc++] Remove legacy feature suse-linux-enterprise-server-11 (#71103)
git bisect bad 1061c0150b587c721aaddd8250d562976dbcd7d6
# bad: [e9db60c05e2fb96ff40cbb1f78790abc5de9237e] Reapply [clang-repl] [test] Make an XFAIL more precise (#70991)
git bisect bad e9db60c05e2fb96ff40cbb1f78790abc5de9237e
# bad: [b5b251aac80fbcfa224b0a83efa0a12bd747fafe] [OpenMP] Add support for Solaris/x86_64 (#70593)
git bisect bad b5b251aac80fbcfa224b0a83efa0a12bd747fafe
# good: [46732e2abb34fd7a5c1d52b959d4d07f118479dd] [GISel] Remove BitVector from RegBank. Use tablegen CoverageData tables directly. NFC (#71105)
git bisect good 46732e2abb34fd7a5c1d52b959d4d07f118479dd
# bad: [65dc96c2cfa480b070c7913ac5e313c98ca96520] [RISCV] Fix wrong implication for zvknhb. (#66860)
git bisect bad 65dc96c2cfa480b070c7913ac5e313c98ca96520
# good: [1021404619724568d62f53e575b61ae84e82ca02] [GISel] Make RegBank constructor constexpr. NFC (#71109)
git bisect good 1021404619724568d62f53e575b61ae84e82ca02
# bad: [7c4180a36a905b7ed46c09df77af1b65e356f92a] Reland [SimplifyCFG] Delete the unnecessary range check for small mask operation (#70542)
git bisect bad 7c4180a36a905b7ed46c09df77af1b65e356f92a
# first bad commit: [7c4180a36a905b7ed46c09df77af1b65e356f92a] Reland [SimplifyCFG] Delete the unnecessary range check for small mask operation (#70542)
```


https://github.com/llvm/llvm-project/pull/70542

More information about the llvm-commits mailing list