summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Object/COFFObjectFile.cpp
diff options
context:
space:
mode:
authorChandler Carruth <chandlerc@gmail.com>2013-08-14 08:56:41 +0000
committerChandler Carruth <chandlerc@gmail.com>2013-08-14 08:56:41 +0000
commit2de93afee306c64afc2f4b9dd1cbb4ac520ad3cf (patch)
tree44b3c5d6b00695b60543a20f025c088e6bc25486 /llvm/lib/Object/COFFObjectFile.cpp
parentd03748cf5eec9dabc4bfec9c12c6e558aa1a1825 (diff)
downloadbcm5719-llvm-2de93afee306c64afc2f4b9dd1cbb4ac520ad3cf.tar.gz
bcm5719-llvm-2de93afee306c64afc2f4b9dd1cbb4ac520ad3cf.zip
Fix a really terrifying but improbable bug in mem2reg. If you have seen
extremely subtle miscompilations (such as a load getting replaced with the value stored *below* the load within a basic block) related to promoting an alloca to an SSA value, there is the dim possibility that you hit this. Please let me know if you won this unfortunate lottery. The first half of mem2reg's core logic (as it is used both in the standalone mem2reg pass and in SROA) builds up a mapping from 'Instruction *' to the index of that instruction within its basic block. This allows quickly establishing which store dominate a particular load even for large basic blocks. We cache this information throughout the run of mem2reg over a function in order to amortize the cost of computing it. This is not in and of itself a strange pattern in LLVM. However, it introduces a very important constraint: absolutely no instruction can be deleted from the program without updating the mapping. Otherwise a newly allocated instruction might get the same pointer address, and then end up with a wrong index. Yes, LLVM routinely suffers from a *single threaded* variant of the ABA problem. Most places in LLVM don't find avoiding this an imposition because they don't both delete and create new instructions iteratively, but mem2reg *loves* to do this... All the time. Fortunately, the mem2reg code was really careful about updating this cache to handle this eventuallity... except when it comes to the debug declare intrinsic. Oops. The fix is to invalidate that pointer in the cache when we delete it, the same as we do when deleting alloca instructions and other instructions. I've also caused the same bug in new code while working on a fix to PR16867, so this seems to be a really unfortunate pattern. Hopefully in subsequent patches the deletion of dead instructions can be consolidated sufficiently to make it less likely that we'll see future occurences of this bug. Sorry for not having a test case, but I have literally no idea how to reliably trigger this kind of thing. It may be single-threaded, but it remains an ABA problem. It would require a really amazing number of stars to align. llvm-svn: 188367
Diffstat (limited to 'llvm/lib/Object/COFFObjectFile.cpp')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud