mirror of
https://github.com/RPCS3/llvm.git
synced 2025-01-19 08:24:12 +00:00
5e915e6e36
The symptom is seg-fault, and the root cause is that a SCEV contains a SCEVUnknown which has null-pointer to a llvm::Value. This is how the problem take place: =================================== 1). In the pristine input IR, there are two relevant instrutions Op1 and Op2, Op1's corresponding SCEV (denoted as SCEV(op1)) is a SCEVUnknown, and SCEV(Op2) contains SCEV(Op1). None of these instructions are dead. Op1 : V1 = ... ... Op2 : V2 = ... // directly or indirectly (data-flow) depends on Op1 2) Optimizer (LSR in my case) generates an instruction holding the equivalent value of Op1, making Op1 dead. Op1': V1' = ... Op1: V1 = ... ; now dead) Op2 : V2 = ... //Now deps on Op1', but the SCEV(Op2) still contains SCEV(Op1) 3) Op1 is deleted, and call-back function is called to reset SCEV(Op1) to indicate it is invalid. However, SCEV(Op2) is not invalidated as well. 4) Following pass get the cached, invalid SCEV(Op2), and try to manipulate it, and cause segfault. The fix: ======== It seems there is no clean yet inexpensive fix. I write to dev-list soliciting good solution, unforunately no ack. So, I decide to fix this problem in a brute-force way: When ScalarEvolution::getSCEV is called, check if the cached SCEV contains a invalid SCEVUnknow, if yes, remove the cached SCEV, and re-evaluate the SCEV from scratch. I compile buch of big *.c and *.cpp, fortunately, I don't see any increase in compile time. Misc: ===== The reduced test-case has 2357 lines of code+other-stuff, too big to commit. rdar://14283433 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@185843 91177308-0d34-0410-b5e6-96231b3b80d8
Analysis Opportunities: //===---------------------------------------------------------------------===// In test/Transforms/LoopStrengthReduce/quadradic-exit-value.ll, the ScalarEvolution expression for %r is this: {1,+,3,+,2}<loop> Outside the loop, this could be evaluated simply as (%n * %n), however ScalarEvolution currently evaluates it as (-2 + (2 * (trunc i65 (((zext i64 (-2 + %n) to i65) * (zext i64 (-1 + %n) to i65)) /u 2) to i64)) + (3 * %n)) In addition to being much more complicated, it involves i65 arithmetic, which is very inefficient when expanded into code. //===---------------------------------------------------------------------===// In formatValue in test/CodeGen/X86/lsr-delayed-fold.ll, ScalarEvolution is forming this expression: ((trunc i64 (-1 * %arg5) to i32) + (trunc i64 %arg5 to i32) + (-1 * (trunc i64 undef to i32))) This could be folded to (-1 * (trunc i64 undef to i32)) //===---------------------------------------------------------------------===//