diff options
| author | Chandler Carruth <chandlerc@gmail.com> | 2011-11-14 08:50:16 +0000 | 
|---|---|---|
| committer | Chandler Carruth <chandlerc@gmail.com> | 2011-11-14 08:50:16 +0000 | 
| commit | ed5aa547bc376ca43aaaa0e9ad2033a7e4022006 (patch) | |
| tree | 0d5027f4d339f5a9e6fa3f1853b78eb061c8ffbf /llvm/lib/CodeGen/InlineSpiller.cpp | |
| parent | 182b00a2e02436c3569f81f7472268a708192d6a (diff) | |
| download | bcm5719-llvm-ed5aa547bc376ca43aaaa0e9ad2033a7e4022006.tar.gz bcm5719-llvm-ed5aa547bc376ca43aaaa0e9ad2033a7e4022006.zip | |
Fix an overflow bug in MachineBranchProbabilityInfo. This pass relied on
the sum of the edge weights not overflowing uint32, and crashed when
they did. This is generally safe as BranchProbabilityInfo tries to
provide this guarantee. However, the CFG can get modified during codegen
in a way that grows the *sum* of the edge weights. This doesn't seem
unreasonable (imagine just adding more blocks all with the default
weight of 16), but it is hard to come up with a case that actually
triggers 32-bit overflow. Fortuately, the single-source GCC build is
good at this. The solution isn't very pretty, but its no worse than the
previous code. We're already summing all of the edge weights on each
query, we can sum them, check for an overflow, compute a scale, and sum
them again.
I've included a *greatly* reduced test case out of the GCC source that
triggers it. It's a pretty lame test, as it clearly is just barely
triggering the overflow. I'd like to have something that is much more
definitive, but I don't understand the fundamental pattern that triggers
an explosion in the edge weight sums.
The buggy code is duplicated within this file. I'll colapse them into
a single implementation in a subsequent commit.
llvm-svn: 144526
Diffstat (limited to 'llvm/lib/CodeGen/InlineSpiller.cpp')
0 files changed, 0 insertions, 0 deletions

