This is an archive of the discontinued LLVM Phabricator instance.

Differential D40604

[GlobalISel][IRTranslator] Fix crash during translation of zero sized loads and stores
ClosedPublic

Authored by aemerson on Nov 29 2017, 7:49 AM.

Details

Reviewers
dsanders
Commits
rGd78d65c2a4ee: [GlobalISel][IRTranslator] Fix crash during translation of zero sized…
rL319465: [GlobalISel][IRTranslator] Fix crash during translation of zero sized…
Summary

[GlobalISel][IRTranslator] Fix crash during translation of zero sized loads/stores/args/returns.

This fixes PR35358.

Diff Detail

Repository
rL LLVM

Event Timeline

aemerson created this revision.Nov 29 2017, 7:49 AM
Herald added subscribers: javed.absar, kristof.beyls, rovka. · View Herald TranscriptNov 29 2017, 7:49 AM
dsanders added inline comments.Nov 29 2017, 8:38 AM
lib/CodeGen/GlobalISel/IRTranslator.cpp
342–343

I'm not sure this is correct for the load. If the load result has a use then I'd expect -verify-machineinstrs to complain about a missing def. I think we need to emit an IMPLICIT_DEF.

aemerson added inline comments.Nov 29 2017, 9:27 AM
lib/CodeGen/GlobalISel/IRTranslator.cpp
342–343

That would require getting an LLT for a zero size type to create a vreg and running into the initial cause of the crash.

Also, is there anything meaningful you can do with the load result? You can't bitcast it to anything (I think?) and storing it won't result in a store being generated, so no instructions are emitted for the verifier.

dsanders added inline comments.Nov 29 2017, 9:41 AM
lib/CodeGen/GlobalISel/IRTranslator.cpp
342–343

You can return them and pass them to functions but that's the only cases I can think of. If we eliminate those uses too then it will LGTM

aemerson added inline comments.Nov 29 2017, 10:08 AM
lib/CodeGen/GlobalISel/IRTranslator.cpp
342–343

Yep, returns don't handle this properly either, so I'll fix those too.

aemerson updated this revision to Diff 124929.Nov 30 2017, 6:23 AM
aemerson edited the summary of this revision. (Show Details)

Updated patch with additional checking for zero sized arguments and returns.

dsanders accepted this revision.Nov 30 2017, 9:54 AM

LGTM

This revision is now accepted and ready to land.Nov 30 2017, 9:54 AM
Closed by commit rL319465: [GlobalISel][IRTranslator] Fix crash during translation of zero sized… (authored by aemerson). · Explain WhyNov 30 2017, 12:06 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lib/
CodeGen/
GlobalISel/
13 lines
Target/
AArch64/
2 lines
test/
CodeGen/
AArch64/
GlobalISel/
13 lines

Diff 124929

lib/CodeGen/GlobalISel/IRTranslator.cpp

Show First 20 LinesShow All 232 Lines▼ Show 20 Lines else
MIRBuilder.buildFCmp(Pred, Res, Op0, Op1); MIRBuilder.buildFCmp(Pred, Res, Op0, Op1);
return true; return true;
} }
bool IRTranslator::translateRet(const User &U, MachineIRBuilder &MIRBuilder) { bool IRTranslator::translateRet(const User &U, MachineIRBuilder &MIRBuilder) {
const ReturnInst &RI = cast<ReturnInst>(U); const ReturnInst &RI = cast<ReturnInst>(U);
const Value *Ret = RI.getReturnValue(); const Value *Ret = RI.getReturnValue();
if (Ret && DL->getTypeStoreSize(Ret->getType()) == 0)
Ret = nullptr;
// The target may mess up with the insertion point, but // The target may mess up with the insertion point, but
// this is not important as a return is the last instruction // this is not important as a return is the last instruction
// of the block anyway. // of the block anyway.
return CLI->lowerReturn(MIRBuilder, Ret, !Ret ? 0 : getOrCreateVReg(*Ret)); return CLI->lowerReturn(MIRBuilder, Ret, !Ret ? 0 : getOrCreateVReg(*Ret));
} }
bool IRTranslator::translateBr(const User &U, MachineIRBuilder &MIRBuilder) { bool IRTranslator::translateBr(const User &U, MachineIRBuilder &MIRBuilder) {
const BranchInst &BrInst = cast<BranchInst>(U); const BranchInst &BrInst = cast<BranchInst>(U);
▲ Show 20 LinesShow All 83 Lines▼ Show 20 Lines
bool IRTranslator::translateLoad(const User &U, MachineIRBuilder &MIRBuilder) { bool IRTranslator::translateLoad(const User &U, MachineIRBuilder &MIRBuilder) {
const LoadInst &LI = cast<LoadInst>(U); const LoadInst &LI = cast<LoadInst>(U);
auto Flags = LI.isVolatile() ? MachineMemOperand::MOVolatile auto Flags = LI.isVolatile() ? MachineMemOperand::MOVolatile
: MachineMemOperand::MONone; : MachineMemOperand::MONone;
Flags |= MachineMemOperand::MOLoad; Flags |= MachineMemOperand::MOLoad;
if (DL->getTypeStoreSize(LI.getType()) == 0)
return true;
dsandersUnsubmitted
Not Done
ReplyInline Actions

I'm not sure this is correct for the load. If the load result has a use then I'd expect -verify-machineinstrs to complain about a missing def. I think we need to emit an IMPLICIT_DEF.

dsanders: I'm not sure this is correct for the load. If the load result has a use then I'd expect -verify…
aemersonAuthorUnsubmitted
Not Done
ReplyInline Actions

That would require getting an LLT for a zero size type to create a vreg and running into the initial cause of the crash.

Also, is there anything meaningful you can do with the load result? You can't bitcast it to anything (I think?) and storing it won't result in a store being generated, so no instructions are emitted for the verifier.

aemerson: That would require getting an LLT for a zero size type to create a vreg and running into the…
dsandersUnsubmitted
Not Done
ReplyInline Actions

You can return them and pass them to functions but that's the only cases I can think of. If we eliminate those uses too then it will LGTM

dsanders: You can return them and pass them to functions but that's the only cases I can think of. If we…
aemersonAuthorUnsubmitted
Not Done
ReplyInline Actions

Yep, returns don't handle this properly either, so I'll fix those too.

aemerson: Yep, returns don't handle this properly either, so I'll fix those too.
unsigned Res = getOrCreateVReg(LI); unsigned Res = getOrCreateVReg(LI);
unsigned Addr = getOrCreateVReg(*LI.getPointerOperand()); unsigned Addr = getOrCreateVReg(*LI.getPointerOperand());
MIRBuilder.buildLoad( MIRBuilder.buildLoad(
Res, Addr, Res, Addr,
*MF->getMachineMemOperand(MachinePointerInfo(LI.getPointerOperand()), *MF->getMachineMemOperand(MachinePointerInfo(LI.getPointerOperand()),
Flags, DL->getTypeStoreSize(LI.getType()), Flags, DL->getTypeStoreSize(LI.getType()),
getMemOpAlignment(LI), AAMDNodes(), nullptr, getMemOpAlignment(LI), AAMDNodes(), nullptr,
LI.getSyncScopeID(), LI.getOrdering())); LI.getSyncScopeID(), LI.getOrdering()));
return true; return true;
} }
bool IRTranslator::translateStore(const User &U, MachineIRBuilder &MIRBuilder) { bool IRTranslator::translateStore(const User &U, MachineIRBuilder &MIRBuilder) {
const StoreInst &SI = cast<StoreInst>(U); const StoreInst &SI = cast<StoreInst>(U);
auto Flags = SI.isVolatile() ? MachineMemOperand::MOVolatile auto Flags = SI.isVolatile() ? MachineMemOperand::MOVolatile
: MachineMemOperand::MONone; : MachineMemOperand::MONone;
Flags |= MachineMemOperand::MOStore; Flags |= MachineMemOperand::MOStore;
if (DL->getTypeStoreSize(SI.getValueOperand()->getType()) == 0)
return true;
unsigned Val = getOrCreateVReg(*SI.getValueOperand()); unsigned Val = getOrCreateVReg(*SI.getValueOperand());
unsigned Addr = getOrCreateVReg(*SI.getPointerOperand()); unsigned Addr = getOrCreateVReg(*SI.getPointerOperand());
MIRBuilder.buildStore( MIRBuilder.buildStore(
Val, Addr, Val, Addr,
*MF->getMachineMemOperand( *MF->getMachineMemOperand(
MachinePointerInfo(SI.getPointerOperand()), Flags, MachinePointerInfo(SI.getPointerOperand()), Flags,
DL->getTypeStoreSize(SI.getValueOperand()->getType()), DL->getTypeStoreSize(SI.getValueOperand()->getType()),
▲ Show 20 LinesShow All 898 Lines▼ Show 20 Lines if (BB.hasAddressTaken())
MBB->setHasAddressTaken(); MBB->setHasAddressTaken();
} }
// Make our arguments/constants entry block fallthrough to the IR entry block. // Make our arguments/constants entry block fallthrough to the IR entry block.
EntryBB->addSuccessor(&getMBB(F.front())); EntryBB->addSuccessor(&getMBB(F.front()));
// Lower the actual args into this basic block. // Lower the actual args into this basic block.
SmallVector<unsigned, 8> VRegArgs; SmallVector<unsigned, 8> VRegArgs;
for (const Argument &Arg: F.args()) for (const Argument &Arg: F.args()) {
if (DL->getTypeStoreSize(Arg.getType()) == 0)
continue; // Don't handle zero sized types.
VRegArgs.push_back(getOrCreateVReg(Arg)); VRegArgs.push_back(getOrCreateVReg(Arg));
}
if (!CLI->lowerFormalArguments(EntryBuilder, F, VRegArgs)) { if (!CLI->lowerFormalArguments(EntryBuilder, F, VRegArgs)) {
OptimizationRemarkMissed R("gisel-irtranslator", "GISelFailure", OptimizationRemarkMissed R("gisel-irtranslator", "GISelFailure",
MF->getFunction()->getSubprogram(), MF->getFunction()->getSubprogram(),
&MF->getFunction()->getEntryBlock()); &MF->getFunction()->getEntryBlock());
R << "unable to lower arguments: " << ore::NV("Prototype", F.getType()); R << "unable to lower arguments: " << ore::NV("Prototype", F.getType());
reportTranslationError(*MF, *TPC, *ORE, R); reportTranslationError(*MF, *TPC, *ORE, R);
return false; return false;
} }
▲ Show 20 LinesShow All 60 LinesShow Last 20 Lines

lib/Target/AArch64/AArch64CallLowering.cpp

Show First 20 LinesShow All 253 Lines▼ Show 20 Linesbool AArch64CallLowering::lowerFormalArguments(MachineIRBuilder &MIRBuilder,
MachineFunction &MF = MIRBuilder.getMF(); MachineFunction &MF = MIRBuilder.getMF();
MachineBasicBlock &MBB = MIRBuilder.getMBB(); MachineBasicBlock &MBB = MIRBuilder.getMBB();
MachineRegisterInfo &MRI = MF.getRegInfo(); MachineRegisterInfo &MRI = MF.getRegInfo();
auto &DL = F.getParent()->getDataLayout(); auto &DL = F.getParent()->getDataLayout();
SmallVector<ArgInfo, 8> SplitArgs; SmallVector<ArgInfo, 8> SplitArgs;
unsigned i = 0; unsigned i = 0;
for (auto &Arg : F.args()) { for (auto &Arg : F.args()) {
if (DL.getTypeStoreSize(Arg.getType()) == 0)
continue;
ArgInfo OrigArg{VRegs[i], Arg.getType()}; ArgInfo OrigArg{VRegs[i], Arg.getType()};
setArgFlags(OrigArg, i + AttributeList::FirstArgIndex, DL, F); setArgFlags(OrigArg, i + AttributeList::FirstArgIndex, DL, F);
bool Split = false; bool Split = false;
LLT Ty = MRI.getType(VRegs[i]); LLT Ty = MRI.getType(VRegs[i]);
unsigned Dst = VRegs[i]; unsigned Dst = VRegs[i];
splitToValueTypes(OrigArg, SplitArgs, DL, MRI, F.getCallingConv(), splitToValueTypes(OrigArg, SplitArgs, DL, MRI, F.getCallingConv(),
[&](unsigned Reg, uint64_t Offset) { [&](unsigned Reg, uint64_t Offset) {
▲ Show 20 LinesShow All 133 LinesShow Last 20 Lines

test/CodeGen/AArch64/GlobalISel/arm64-irtranslator.ll

Show First 20 LinesShow All 1,630 Lines▼ Show 20 Lines
; CHECK: [[VAL:%[0-9]+]]:_(s64) = G_INTRINSIC_W_SIDE_EFFECTS intrinsic(@llvm.aarch64.ldxr), [[ADDR]](p0) :: (volatile load 4 from %ir.addr) ; CHECK: [[VAL:%[0-9]+]]:_(s64) = G_INTRINSIC_W_SIDE_EFFECTS intrinsic(@llvm.aarch64.ldxr), [[ADDR]](p0) :: (volatile load 4 from %ir.addr)
; CHECK: G_TRUNC [[VAL]](s64) ; CHECK: G_TRUNC [[VAL]](s64)
%val = call i64 @llvm.aarch64.ldxr.p0i32(i32* %addr) %val = call i64 @llvm.aarch64.ldxr.p0i32(i32* %addr)
%trunc = trunc i64 %val to i32 %trunc = trunc i64 %val to i32
ret i32 %trunc ret i32 %trunc
} }
declare i64 @llvm.aarch64.ldxr.p0i32(i32*) nounwind declare i64 @llvm.aarch64.ldxr.p0i32(i32*) nounwind
%zerosize_type = type {}
define %zerosize_type @test_empty_load_store(%zerosize_type *%ptr, %zerosize_type %in) noinline optnone {
; CHECK-LABEL: name: test_empty_load_store
; CHECK-NOT: G_STORE
; CHECK-NOT: G_LOAD
; CHECK: RET_ReallyLR
entry:
store %zerosize_type undef, %zerosize_type* undef, align 4
%val = load %zerosize_type, %zerosize_type* %ptr, align 4
ret %zerosize_type %in
}