This is an archive of the discontinued LLVM Phabricator instance.

Differential D97969

[SelectionDAG] Assert that operands to SelectionDAG::getNode are not DELETED_NODE to catch issues like PR49393 earlier.
ClosedPublic

Authored by craig.topper on Mar 4 2021, 11:37 AM.

Details

Reviewers
spatel
RKSimon
efriedma
arsenm
Commits
rGad532be01251: [SelectionDAG] Assert that operands to SelectionDAG::getNode are not…
Summary

I'm not sure this would catch all such issues, but it would catch some.

The problem for PR49393 was that we were holding a reference to a node that
wasn't connect edto the DAG across a function that could delete unused nodes. In
this particular case we managed to try to use the deleted node while it was in
the deleted state before its memory got recycled.

It could also happen that we delete the node, something allocates a new node
which recycles the memory. Then we try to use the reference we were holding and
it is now a completely different node with different valid opcode. This patch
would not catch that.

Diff Detail

Event Timeline

craig.topper created this revision.Mar 4 2021, 11:37 AM
Herald added subscribers: ecnelises, hiraditya. · View Herald TranscriptMar 4 2021, 11:37 AM
craig.topper requested review of this revision.Mar 4 2021, 11:37 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 4 2021, 11:37 AM
Herald added a subscriber: wdng. · View Herald Transcript
lebedev.ri added a subscriber: lebedev.ri.Mar 4 2021, 11:42 AM

Won't be SDValue::Node deallocated by then, or worse, potentially reallocated?
I guess that is still fine because it would trip ASAN?

craig.topper edited the summary of this revision. (Show Details)Mar 4 2021, 11:47 AM
craig.topper added a comment.Mar 4 2021, 12:09 PM
In D97969#2604352, @lebedev.ri wrote:

Won't be SDValue::Node deallocated by then, or worse, potentially reallocated?
I guess that is still fine because it would trip ASAN?

When an SDNode is deallocated it gets remembered in a free list in the RecylingAllocator. The opcode field had __asan_unpoison_memory_region called on it. See SelectionDAG::DeallocateNode

spatel accepted this revision.Mar 4 2021, 1:26 PM

LGTM

This revision is now accepted and ready to land.Mar 4 2021, 1:26 PM
lebedev.ri added a comment.Mar 4 2021, 10:27 PM
In D97969#2604423, @craig.topper wrote:
In D97969#2604352, @lebedev.ri wrote:

Won't be SDValue::Node deallocated by then, or worse, potentially reallocated?
I guess that is still fine because it would trip ASAN?

When an SDNode is deallocated it gets remembered in a free list in the RecylingAllocator. The opcode field had __asan_unpoison_memory_region called on it. See SelectionDAG::DeallocateNode

SGTM

This revision was landed with ongoing or failed builds.Mar 4 2021, 11:17 PM
Closed by commit rGad532be01251: [SelectionDAG] Assert that operands to SelectionDAG::getNode are not… (authored by craig.topper). · Explain Why
This revision was automatically updated to reflect the committed changes.
craig.topper added a commit: rGad532be01251: [SelectionDAG] Assert that operands to SelectionDAG::getNode are not….
Harbormaster completed remote builds in B92130: Diff 328255.Mar 5 2021, 2:40 AM

Revision Contents

PathSize
llvm/
lib/
CodeGen/
SelectionDAG/
21 lines

Diff 328398

llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 4,413 Lines▼ Show 20 LinesSDValue SelectionDAG::getNode(unsigned Opcode, const SDLoc &DL, EVT VT,
SDNodeFlags Flags; SDNodeFlags Flags;
if (Inserter) if (Inserter)
Flags = Inserter->getFlags(); Flags = Inserter->getFlags();
return getNode(Opcode, DL, VT, Operand, Flags); return getNode(Opcode, DL, VT, Operand, Flags);
} }
SDValue SelectionDAG::getNode(unsigned Opcode, const SDLoc &DL, EVT VT, SDValue SelectionDAG::getNode(unsigned Opcode, const SDLoc &DL, EVT VT,
SDValue Operand, const SDNodeFlags Flags) { SDValue Operand, const SDNodeFlags Flags) {
assert(Operand.getOpcode() != ISD::DELETED_NODE &&
"Operand is DELETED_NODE!");
// Constant fold unary operations with an integer constant operand. Even // Constant fold unary operations with an integer constant operand. Even
// opaque constant will be folded, because the folding of unary operations // opaque constant will be folded, because the folding of unary operations
// doesn't create new constants with different values. Nevertheless, the // doesn't create new constants with different values. Nevertheless, the
// opaque flag is preserved during folding to prevent future folding with // opaque flag is preserved during folding to prevent future folding with
// other constants. // other constants.
if (ConstantSDNode *C = dyn_cast<ConstantSDNode>(Operand)) { if (ConstantSDNode *C = dyn_cast<ConstantSDNode>(Operand)) {
const APInt &Val = C->getAPIntValue(); const APInt &Val = C->getAPIntValue();
switch (Opcode) { switch (Opcode) {
▲ Show 20 LinesShow All 819 Lines▼ Show 20 LinesSDValue SelectionDAG::getNode(unsigned Opcode, const SDLoc &DL, EVT VT,
SDNodeFlags Flags; SDNodeFlags Flags;
if (Inserter) if (Inserter)
Flags = Inserter->getFlags(); Flags = Inserter->getFlags();
return getNode(Opcode, DL, VT, N1, N2, Flags); return getNode(Opcode, DL, VT, N1, N2, Flags);
} }
SDValue SelectionDAG::getNode(unsigned Opcode, const SDLoc &DL, EVT VT, SDValue SelectionDAG::getNode(unsigned Opcode, const SDLoc &DL, EVT VT,
SDValue N1, SDValue N2, const SDNodeFlags Flags) { SDValue N1, SDValue N2, const SDNodeFlags Flags) {
assert(N1.getOpcode() != ISD::DELETED_NODE &&
N2.getOpcode() != ISD::DELETED_NODE &&
"Operand is DELETED_NODE!");
ConstantSDNode *N1C = dyn_cast<ConstantSDNode>(N1); ConstantSDNode *N1C = dyn_cast<ConstantSDNode>(N1);
ConstantSDNode *N2C = dyn_cast<ConstantSDNode>(N2); ConstantSDNode *N2C = dyn_cast<ConstantSDNode>(N2);
ConstantFPSDNode *N1CFP = dyn_cast<ConstantFPSDNode>(N1); ConstantFPSDNode *N1CFP = dyn_cast<ConstantFPSDNode>(N1);
ConstantFPSDNode *N2CFP = dyn_cast<ConstantFPSDNode>(N2); ConstantFPSDNode *N2CFP = dyn_cast<ConstantFPSDNode>(N2);
// Canonicalize constant to RHS if commutative. // Canonicalize constant to RHS if commutative.
if (TLI->isCommutativeBinOp(Opcode)) { if (TLI->isCommutativeBinOp(Opcode)) {
if (N1C && !N2C) { if (N1C && !N2C) {
▲ Show 20 LinesShow All 459 Lines▼ Show 20 LinesSDValue SelectionDAG::getNode(unsigned Opcode, const SDLoc &DL, EVT VT,
if (Inserter) if (Inserter)
Flags = Inserter->getFlags(); Flags = Inserter->getFlags();
return getNode(Opcode, DL, VT, N1, N2, N3, Flags); return getNode(Opcode, DL, VT, N1, N2, N3, Flags);
} }
SDValue SelectionDAG::getNode(unsigned Opcode, const SDLoc &DL, EVT VT, SDValue SelectionDAG::getNode(unsigned Opcode, const SDLoc &DL, EVT VT,
SDValue N1, SDValue N2, SDValue N3, SDValue N1, SDValue N2, SDValue N3,
const SDNodeFlags Flags) { const SDNodeFlags Flags) {
assert(N1.getOpcode() != ISD::DELETED_NODE &&
N2.getOpcode() != ISD::DELETED_NODE &&
N3.getOpcode() != ISD::DELETED_NODE &&
"Operand is DELETED_NODE!");
// Perform various simplifications. // Perform various simplifications.
switch (Opcode) { switch (Opcode) {
case ISD::FMA: { case ISD::FMA: {
assert(VT.isFloatingPoint() && "This operator only applies to FP types!"); assert(VT.isFloatingPoint() && "This operator only applies to FP types!");
assert(N1.getValueType() == VT && N2.getValueType() == VT && assert(N1.getValueType() == VT && N2.getValueType() == VT &&
N3.getValueType() == VT && "FMA types must match!"); N3.getValueType() == VT && "FMA types must match!");
ConstantFPSDNode *N1CFP = dyn_cast<ConstantFPSDNode>(N1); ConstantFPSDNode *N1CFP = dyn_cast<ConstantFPSDNode>(N1);
ConstantFPSDNode *N2CFP = dyn_cast<ConstantFPSDNode>(N2); ConstantFPSDNode *N2CFP = dyn_cast<ConstantFPSDNode>(N2);
▲ Show 20 LinesShow All 1,868 Lines▼ Show 20 LinesSDValue SelectionDAG::getNode(unsigned Opcode, const SDLoc &DL, EVT VT,
switch (NumOps) { switch (NumOps) {
case 0: return getNode(Opcode, DL, VT); case 0: return getNode(Opcode, DL, VT);
case 1: return getNode(Opcode, DL, VT, Ops[0], Flags); case 1: return getNode(Opcode, DL, VT, Ops[0], Flags);
case 2: return getNode(Opcode, DL, VT, Ops[0], Ops[1], Flags); case 2: return getNode(Opcode, DL, VT, Ops[0], Ops[1], Flags);
case 3: return getNode(Opcode, DL, VT, Ops[0], Ops[1], Ops[2], Flags); case 3: return getNode(Opcode, DL, VT, Ops[0], Ops[1], Ops[2], Flags);
default: break; default: break;
} }
#ifndef NDEBUG
for (auto &Op : Ops)
assert(Op.getOpcode() != ISD::DELETED_NODE &&
"Operand is DELETED_NODE!");
#endif
switch (Opcode) { switch (Opcode) {
default: break; default: break;
case ISD::BUILD_VECTOR: case ISD::BUILD_VECTOR:
// Attempt to simplify BUILD_VECTOR. // Attempt to simplify BUILD_VECTOR.
if (SDValue V = FoldBUILD_VECTOR(DL, VT, Ops, *this)) if (SDValue V = FoldBUILD_VECTOR(DL, VT, Ops, *this))
return V; return V;
break; break;
case ISD::CONCAT_VECTORS: case ISD::CONCAT_VECTORS:
▲ Show 20 LinesShow All 57 Lines▼ Show 20 LinesSDValue SelectionDAG::getNode(unsigned Opcode, const SDLoc &DL, SDVTList VTList,
return getNode(Opcode, DL, VTList, Ops, Flags); return getNode(Opcode, DL, VTList, Ops, Flags);
} }
SDValue SelectionDAG::getNode(unsigned Opcode, const SDLoc &DL, SDVTList VTList, SDValue SelectionDAG::getNode(unsigned Opcode, const SDLoc &DL, SDVTList VTList,
ArrayRef<SDValue> Ops, const SDNodeFlags Flags) { ArrayRef<SDValue> Ops, const SDNodeFlags Flags) {
if (VTList.NumVTs == 1) if (VTList.NumVTs == 1)
return getNode(Opcode, DL, VTList.VTs[0], Ops); return getNode(Opcode, DL, VTList.VTs[0], Ops);
#ifndef NDEBUG
for (auto &Op : Ops)
assert(Op.getOpcode() != ISD::DELETED_NODE &&
"Operand is DELETED_NODE!");
#endif
switch (Opcode) { switch (Opcode) {
case ISD::STRICT_FP_EXTEND: case ISD::STRICT_FP_EXTEND:
assert(VTList.NumVTs == 2 && Ops.size() == 2 && assert(VTList.NumVTs == 2 && Ops.size() == 2 &&
"Invalid STRICT_FP_EXTEND!"); "Invalid STRICT_FP_EXTEND!");
assert(VTList.VTs[0].isFloatingPoint() && assert(VTList.VTs[0].isFloatingPoint() &&
Ops[1].getValueType().isFloatingPoint() && "Invalid FP cast!"); Ops[1].getValueType().isFloatingPoint() && "Invalid FP cast!");
assert(VTList.VTs[0].isVector() == Ops[1].getValueType().isVector() && assert(VTList.VTs[0].isVector() == Ops[1].getValueType().isVector() &&
"STRICT_FP_EXTEND result type should be vector iff the operand " "STRICT_FP_EXTEND result type should be vector iff the operand "
▲ Show 20 LinesShow All 2,552 LinesShow Last 20 Lines