This is an archive of the discontinued LLVM Phabricator instance.

Differential D121580

[SCCP] Fix crash when function arg is a unused basic block's address
AbandonedPublic

Authored by bcl5980 on Mar 14 2022, 1:33 AM.

Details

Reviewers
spatel
fhahn
sepavloff
nikic
craig.topper
SjoerdMeijer
nickdesaulniers
Summary

For now if Solver never touch a basic block, DTU will erase the basic block even if the basic block address is referenced by function args.
So check the kernel arg is block address or not, if it is we need to mark the basic block executable.

Fix #54238, #54251

Diff Detail

Unit TestsFailed

TimeTest
60,050 msx64 debian > MLIR.Examples/standalone::test.toy
60,050 msx64 debian > libFuzzer.libFuzzer::large.test

Event Timeline

bcl5980 created this revision.Mar 14 2022, 1:33 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 14 2022, 1:33 AM
Herald added a subscriber: hiraditya. · View Herald Transcript
bcl5980 requested review of this revision.Mar 14 2022, 1:33 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 14 2022, 1:33 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
Harbormaster completed remote builds in B154059: Diff 415025.Mar 14 2022, 2:19 AM
nikic added a reviewer: nickdesaulniers.Mar 15 2022, 1:22 AM

Per the discussion on https://github.com/llvm/llvm-project/issues/54238, my understanding is that considering the block dead is okay semantically, so I'm not sure preventing that is the right fix here. Why does the "usual" replacement of the blockaddress with 1 not work here and crash instead?

bcl5980 abandoned this revision.Mar 15 2022, 2:49 AM

OK, thanks for the review. I will close this revision

nickdesaulniers added a comment.Mar 15 2022, 11:20 AM

The issue is in [runIPSCCP](https://github.com/llvm/llvm-project/blob/687d20de7ffc69dd4ecdb9808aeb6d3cffcf3871/llvm/lib/Transforms/Scalar/SCCP.cpp#L500-L533). We don't clean up uses of any BlockAddresses before deleting the BasicBlock that's dead. So we basically need to do the same transform that was observed here. I'm working on a fix.

nickdesaulniers added a comment.Mar 15 2022, 3:00 PM

https://reviews.llvm.org/D121744

Revision Contents

PathSize
llvm/
lib/
Transforms/
Utils/
8 lines
test/
Transforms/
SCCP/
18 lines

Diff 415025

llvm/lib/Transforms/Utils/SCCPSolver.cpp

Context not available.
if (AI->hasByValAttr() && !F->onlyReadsMemory()) { if (AI->hasByValAttr() && !F->onlyReadsMemory()) {
markOverdefined(&*AI); markOverdefined(&*AI);
continue; continue;
} else if (const BlockAddress *BA = dyn_cast<BlockAddress>(CAI)) {
markBlockExecutable(BA->getBasicBlock());
} else if (const ConstantExpr *CE = dyn_cast<ConstantExpr>(CAI)) {
for (Value *Op : CE->operands()) {
const BlockAddress *BA = dyn_cast<BlockAddress>(Op);
if (BA != nullptr)
markBlockExecutable(BA->getBasicBlock());
}
} }
if (auto *STy = dyn_cast<StructType>(AI->getType())) { if (auto *STy = dyn_cast<StructType>(AI->getType())) {
Context not available.

llvm/test/Transforms/SCCP/issue54238.ll

  • This file was added.
; NOTE: Assertions have been autogenerated by utils/update_test_checks.py UTC_ARGS: --check-attributes
; RUN: opt -passes=ipsccp -S %s | FileCheck %s
; https://github.com/llvm/llvm-project/issues/54238
define i32 @main() {
call void @set_return_addr(i64* bitcast (i8* blockaddress(@main, %redirected) to i64*))
ret i32 0
redirected:
ret i32 0
}
define internal void @set_return_addr(i64* %addr) {
%addr.addr = alloca i64*, i32 0, align 8
; CHECK: redirected
store i64* %addr, i64** %addr.addr, align 8
ret void
}