This is an archive of the discontinued LLVM Phabricator instance.

[DAGCombiner] Handle pre/post-inc stores in replaceStoreChain
AbandonedPublic

Authored by apazos on Dec 8 2015, 1:53 PM.

Download Raw Diff

Details

Reviewers

t.p.northover
resistor
hfinkel

Summary

The code in DAGCombiner::replaceStoreChain and CombineTo do not properly handle store operations with pre/post increment.

This causes assertion in CombineTo call: assert(N->getNumValues() == NumTo && "Broken CombineTo call!"). In addition, replaceStoreChain might replace a store with pre-increment with an unindexed store which accesses the wrong base ptr, causing incorrect code to be generated.

Diff Detail

Repository: rL LLVM

Event Timeline

apazos updated this revision to Diff 42216.Dec 8 2015, 1:53 PM

apazos retitled this revision from to [DAGCombiner] Skip pre/post-inc stores in findBetterNeighborChains.

apazos updated this object.

Adding Owen to the review.

apazos added a reviewer: resistor.Dec 8 2015, 1:56 PM

Your proposed fix seems conservatively correct to me. I'd recommend getting a review from one of the ARM maintainers, perhaps tnorthover?

Hi Tim,

Do you have another suggestion for fixing this issue?

DAGCombiner::replaceStoreChain with try to run CombineTo with a Token node (always one result) with a store operation that can have more than one result (if it has pre/post inc).

Instead of skipping store with pre/post inc instructions, I inlined CombineTo and fixed the code to handle stoer with pre/post inc correctly without causing the assertion. Let me know what you think.

zzheng added a subscriber: zzheng.Dec 12 2015, 6:10 PM

zzheng added inline comments.

lib/CodeGen/SelectionDAG/DAGCombiner.cpp
11756	Inlining/Specializing CombineTo() here would cause extra maintenance overhead. Can we change CombineTo() to handle such special cases?

apazos added inline comments.Dec 14 2015, 12:27 PM

lib/CodeGen/SelectionDAG/DAGCombiner.cpp
11756–11758	There are other instances in the code where we are already doing similar inlining (see CommitTargetLoweringOpt() in the same file) because we want to replace uses of a particular value while leaving the other values untouched (use of ReplaceAllUsesOfValueWith instead of ReplaceAllUsesWith).

I investigated further and there are two issues in SDValue DAGCombiner::replaceStoreChain:

CombineTo will assert if the store node passed in is a pre/post inc store.

It will not match the type of Token node because of the Chain + updated base ptr results.

The new store created is not an indexed store when the store node passed in is a pre/post inc store.

So in my failing tests I see a replacement store to a wrong location which is causing crashes.

I decided to then create indexed stores that match the type of the store node passed in and fixed the CombineTo calls.

apazos added a subscriber: hfinkel.Jan 7 2016, 3:24 PM

Can someone help review this change please? I would like to check in this bug fix.

Do you have any test cases for this change?

lib/CodeGen/SelectionDAG/DAGCombiner.cpp
11730	The '// Chain' does not add anything here.
11738	Why is this code here? Can't you have a pre/post-inc truncating store (I'm pretty sure that you can). Seems like it should be outside this 'else' block.
11742	SDValue Offset = ST->getOffset();
11745	Why do you specifically delete these nodes here? Dead nodes are normally cleaned up automatically once their use counts drop to zero (DAGCombiner::Run calls recursivelyDeleteUnusedNodes).

Hi Hal, thanks for looking at this, I have updated the code.

The failing scenario comes from a LTO config and it is hard to produce a reduced test case.

But code inspection shows the issues too: if the store instr being passed in is indexed
(1) the original CombineTo call will assert because Token and original store instr will have different number of result operands.
(2) The replacement store won't be indexed and we will have a new store operation that will read from the wrong base ptr, if the original store has pre-increment (which is the case in my internal LTO test failure).

flyingforyou mentioned this in D16463: [DAGCombiner] Don't add volatile or indexed stores to ChainedStores.Jan 26 2016, 7:40 PM

Aside from the getOffset substitution, LGTM. When you commit, please specifically note why you don't have a reduced test case.

As a general note, it seems like we need to make it easier to use bugpoint on cases that come from LTO. This issue that it is difficult to reduce LTO crashes seems to come up a lot and it quite unfortunate.

lib/CodeGen/SelectionDAG/DAGCombiner.cpp
11742	Please use ST->getOffset() instead of ST->getOperand(3).

This revision is now accepted and ready to land.Feb 2 2016, 6:31 PM

Looks like patch was not committed.

In https://reviews.llvm.org/D16463, the check for indexed, prevents this failure.

Herald added a subscriber: llvm-commits. · View Herald TranscriptMar 26 2018, 3:00 PM

apazos abandoned this revision.Mar 26 2018, 3:06 PM

Revision Contents

Path

Size

lib/

CodeGen/

SelectionDAG/

DAGCombiner.cpp

17 lines

Diff 44777

lib/CodeGen/SelectionDAG/DAGCombiner.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 11,721 Lines • ▼ Show 20 Lines	bool DAGCombiner::MergeConsecutiveStores(StoreSDNode* St) {

return true;		return true;
}		}

SDValue DAGCombiner::replaceStoreChain(StoreSDNode *ST, SDValue BetterChain) {		SDValue DAGCombiner::replaceStoreChain(StoreSDNode *ST, SDValue BetterChain) {
SDLoc SL(ST);		SDLoc SL(ST);
SDValue ReplStore;		SDValue ReplStore;

// Replace the chain to avoid dependency.		// Replace the chain to avoid dependency.
		hfinkelUnsubmitted Not Done Reply Inline Actions The '// Chain' does not add anything here. hfinkel: The '// Chain' does not add anything here.
if (ST->isTruncatingStore()) {		if (ST->isTruncatingStore())
ReplStore = DAG.getTruncStore(BetterChain, SL, ST->getValue(),		ReplStore = DAG.getTruncStore(BetterChain, SL, ST->getValue(),
ST->getBasePtr(), ST->getMemoryVT(),		ST->getBasePtr(), ST->getMemoryVT(),
ST->getMemOperand());		ST->getMemOperand());
} else {		else
ReplStore = DAG.getStore(BetterChain, SL, ST->getValue(), ST->getBasePtr(),		ReplStore = DAG.getStore(BetterChain, SL, ST->getValue(), ST->getBasePtr(),
ST->getMemOperand());		ST->getMemOperand());

		hfinkelUnsubmitted Not Done Reply Inline Actions Why is this code here? Can't you have a pre/post-inc truncating store (I'm pretty sure that you can). Seems like it should be outside this 'else' block. hfinkel: Why is this code here? Can't you have a pre/post-inc truncating store (I'm pretty sure that you…
		unsigned Chain = (ST->getNumValues() > 1) ? 1 : 0;

		if (Chain) {
		SDValue Base = ST->getBasePtr();
		hfinkelUnsubmitted Not Done Reply Inline Actions SDValue Offset = ST->getOffset(); hfinkel: SDValue Offset = ST->getOffset();
		hfinkelUnsubmitted Not Done Reply Inline Actions Please use ST->getOffset() instead of ST->getOperand(3). hfinkel: Please use ST->getOffset() instead of ST->getOperand(3).
		ISD::MemIndexedMode AM = ST->getAddressingMode();
		SDValue Offset = ST->getOperand(3);
		ReplStore = DAG.getIndexedStore(ReplStore, SL, Base, Offset, AM);
		hfinkelUnsubmitted Not Done Reply Inline Actions Why do you specifically delete these nodes here? Dead nodes are normally cleaned up automatically once their use counts drop to zero (DAGCombiner::Run calls recursivelyDeleteUnusedNodes). hfinkel: Why do you specifically delete these nodes here? Dead nodes are normally cleaned up…
}		}

// Create token to keep both nodes around.		// Create token to keep both nodes around.
SDValue Token = DAG.getNode(ISD::TokenFactor, SL,		SDValue Token = DAG.getNode(ISD::TokenFactor, SL,
MVT::Other, ST->getChain(), ReplStore);		MVT::Other, ST->getChain(),
		ReplStore.getValue(Chain));

// Make sure the new and old chains are cleaned up.		// Make sure the new and old chains are cleaned up.
AddToWorklist(Token.getNode());		AddToWorklist(Token.getNode());

// Don't add users to work list.		// Don't add users to work list.
		zzhengUnsubmitted Not Done Reply Inline Actions Inlining/Specializing CombineTo() here would cause extra maintenance overhead. Can we change CombineTo() to handle such special cases? zzheng: Inlining/Specializing CombineTo() here would cause extra maintenance overhead. Can we change…
		if (Chain)
		return CombineTo(ST, ReplStore, Token, false);
		apazosAuthorUnsubmitted Not Done Reply Inline Actions There are other instances in the code where we are already doing similar inlining (see CommitTargetLoweringOpt() in the same file) because we want to replace uses of a particular value while leaving the other values untouched (use of ReplaceAllUsesOfValueWith instead of ReplaceAllUsesWith). apazos: There are other instances in the code where we are already doing similar inlining (see…
return CombineTo(ST, Token, false);		return CombineTo(ST, Token, false);
}		}

SDValue DAGCombiner::replaceStoreOfFPConstant(StoreSDNode *ST) {		SDValue DAGCombiner::replaceStoreOfFPConstant(StoreSDNode *ST) {
SDValue Value = ST->getValue();		SDValue Value = ST->getValue();
if (Value.getOpcode() == ISD::TargetConstantFP)		if (Value.getOpcode() == ISD::TargetConstantFP)
return SDValue();		return SDValue();

▲ Show 20 Lines • Show All 3,043 Lines • Show Last 20 Lines