This is an archive of the discontinued LLVM Phabricator instance.

Fix a block color copying problem in LICM
ClosedPublic

Authored by andrew.w.kaylor on Mar 22 2018, 9:38 PM.

Download Raw Diff

Details

Reviewers

junbuml
rnk
• dberlin

Commits

rGa237866faff4: Fix a block copying problem in LICM
rL328336: Fix a block copying problem in LICM

Summary

This fixes a problem in LICM where copying the ColorVector in SafetyInfo::BlockColors from one block to another can cause a crash if creating the new entry forces the map to be re-allocated. I have seen this problem occur in a real-world situation, but I don't have a small reproducer.

Diff Detail

Repository: rL LLVM

Event Timeline

andrew.w.kaylor created this revision.Mar 22 2018, 9:38 PM

Sigh.
(a quick scan of things named Map in LLVM doesn't find any other obvious cases of this).

I wonder if we shouldn't have a debug/expensive checks mode where it moves all the memory on find and construct to make all these situations fail obviously and instantly so it could be found by bots.

• dberlin accepted this revision.Mar 22 2018, 10:11 PM

This revision is now accepted and ready to land.Mar 22 2018, 10:11 PM

In D44817#1046470, @dberlin wrote:

Sigh.
(a quick scan of things named Map in LLVM doesn't find any other obvious cases of this).

I wonder if we shouldn't have a debug/expensive checks mode where it moves all the memory on find and construct to make all these situations fail obviously and instantly so it could be found by bots.

There used to be a case exactly like this in WinEHPrepare::replaceUseWithLoad(), which is how I knew how to fix this when I saw it crash. The debug mode is a good idea. Could that trigger off of one of the sanitizers somehow?

Wow, thank you so much for fixing this.

Closed by commit rL328336: Fix a block copying problem in LICM (authored by akaylor). · Explain WhyMar 23 2018, 10:39 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

llvm/

trunk/

lib/

Transforms/

Scalar/

LICM.cpp

10 lines

Diff 139611

llvm/trunk/lib/Transforms/Scalar/LICM.cpp

Show First 20 Lines • Show All 887 Lines • ▼ Show 20 Lines	while (!PredBBs.empty()) {
assert(CurLoop->contains(PredBB) &&		assert(CurLoop->contains(PredBB) &&
"Expect all predecessors are in the loop");		"Expect all predecessors are in the loop");
if (PN->getBasicBlockIndex(PredBB) >= 0) {		if (PN->getBasicBlockIndex(PredBB) >= 0) {
BasicBlock *NewPred = SplitBlockPredecessors(		BasicBlock *NewPred = SplitBlockPredecessors(
ExitBB, PredBB, ".split.loop.exit", DT, LI, true);		ExitBB, PredBB, ".split.loop.exit", DT, LI, true);
// Since we do not allow splitting EH-block with BlockColors in		// Since we do not allow splitting EH-block with BlockColors in
// canSplitPredecessors(), we can simply assign predecessor's color to		// canSplitPredecessors(), we can simply assign predecessor's color to
// the new block.		// the new block.
if (!BlockColors.empty())		if (!BlockColors.empty()) {
BlockColors[NewPred] = BlockColors[PredBB];		// Grab a reference to the ColorVector to be inserted before getting the
		// reference to the vector we are copying because inserting the new
		// element in BlockColors might cause the map to be reallocated.
		ColorVector &ColorsForNewBlock = BlockColors[NewPred];
		ColorVector &ColorsForOldBlock = BlockColors[PredBB];
		ColorsForNewBlock = ColorsForOldBlock;
		}
}		}
PredBBs.remove(PredBB);		PredBBs.remove(PredBB);
}		}
}		}

/// When an instruction is found to only be used outside of the loop, this		/// When an instruction is found to only be used outside of the loop, this
/// function moves it to the exit blocks and patches up SSA form as needed.		/// function moves it to the exit blocks and patches up SSA form as needed.
/// This method is guaranteed to remove the original instruction from its		/// This method is guaranteed to remove the original instruction from its
▲ Show 20 Lines • Show All 635 Lines • Show Last 20 Lines