diff options
| author | Evan Cheng <evan.cheng@apple.com> | 2012-10-02 23:49:13 +0000 |
|---|---|---|
| committer | Evan Cheng <evan.cheng@apple.com> | 2012-10-02 23:49:13 +0000 |
| commit | 2b87e06d265e83d61873075e8f8e9c51430ff332 (patch) | |
| tree | 7e5ba8eb7c9b2ef26b7ccfd88f10e87760243d5d | |
| parent | 394820b8e159a39a9a07aac9722ad8738680037d (diff) | |
| download | llvm-2b87e06d265e83d61873075e8f8e9c51430ff332.tar.gz llvm-2b87e06d265e83d61873075e8f8e9c51430ff332.tar.bz2 llvm-2b87e06d265e83d61873075e8f8e9c51430ff332.tar.xz | |
Fix a serious X86 instruction selection bug. In
X86DAGToDAGISel::PreprocessISelDAG(), isel is moving load inside
callseq_start / callseq_end so it can be folded into a call. This can
create a cycle in the DAG when the call is glued to a copytoreg. We
have been lucky this hasn't caused too many issues because the pre-ra
scheduler has special handling of call sequences. However, it has
caused a crash in a specific tailcall case.
rdar://12393897
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@165072 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/Target/X86/X86ISelDAGToDAG.cpp | 17 | ||||
| -rw-r--r-- | test/CodeGen/X86/2012-10-02-DAGCycle.ll | 16 |
2 files changed, 30 insertions, 3 deletions
diff --git a/lib/Target/X86/X86ISelDAGToDAG.cpp b/lib/Target/X86/X86ISelDAGToDAG.cpp index b4c71548a2..98778c3091 100644 --- a/lib/Target/X86/X86ISelDAGToDAG.cpp +++ b/lib/Target/X86/X86ISelDAGToDAG.cpp @@ -362,7 +362,7 @@ X86DAGToDAGISel::IsProfitableToFold(SDValue N, SDNode *U, SDNode *Root) const { /// MoveBelowCallOrigChain - Replace the original chain operand of the call with /// load's chain operand and move load below the call's chain operand. static void MoveBelowOrigChain(SelectionDAG *CurDAG, SDValue Load, - SDValue Call, SDValue OrigChain) { + SDValue Call, SDValue OrigChain) { SmallVector<SDValue, 8> Ops; SDValue Chain = OrigChain.getOperand(0); if (Chain.getNode() == Load.getNode()) @@ -386,11 +386,22 @@ static void MoveBelowOrigChain(SelectionDAG *CurDAG, SDValue Load, CurDAG->UpdateNodeOperands(OrigChain.getNode(), &Ops[0], Ops.size()); CurDAG->UpdateNodeOperands(Load.getNode(), Call.getOperand(0), Load.getOperand(1), Load.getOperand(2)); + + bool IsGlued = Call.getOperand(0).getNode()->getGluedUser() == Call.getNode(); + unsigned NumOps = Call.getNode()->getNumOperands(); Ops.clear(); Ops.push_back(SDValue(Load.getNode(), 1)); - for (unsigned i = 1, e = Call.getNode()->getNumOperands(); i != e; ++i) + for (unsigned i = 1, e = NumOps; i != e; ++i) Ops.push_back(Call.getOperand(i)); - CurDAG->UpdateNodeOperands(Call.getNode(), &Ops[0], Ops.size()); + if (!IsGlued) + CurDAG->UpdateNodeOperands(Call.getNode(), &Ops[0], NumOps); + else + // If call's chain was glued to the call (tailcall), and now the load + // is moved between them. Remove the glue to avoid a cycle (where the + // call is glued to its old chain and the load is using the old chain + // as its new chain). + CurDAG->MorphNodeTo(Call.getNode(), Call.getOpcode(), + Call.getNode()->getVTList(), &Ops[0], NumOps-1); } /// isCalleeLoad - Return true if call address is a load and it can be diff --git a/test/CodeGen/X86/2012-10-02-DAGCycle.ll b/test/CodeGen/X86/2012-10-02-DAGCycle.ll new file mode 100644 index 0000000000..9d2b7ea852 --- /dev/null +++ b/test/CodeGen/X86/2012-10-02-DAGCycle.ll @@ -0,0 +1,16 @@ +; RUN: llc -mtriple=i386-apple-macosx -relocation-model=pic < %s +; rdar://12393897 + +%TRp = type { i32, %TRH*, i32, i32 } +%TRH = type { i8*, i8*, i8*, i8*, {}* } + +define i32 @t(%TRp* inreg %rp) nounwind optsize ssp { +entry: + %handler = getelementptr inbounds %TRp* %rp, i32 0, i32 1 + %0 = load %TRH** %handler, align 4 + %sync = getelementptr inbounds %TRH* %0, i32 0, i32 4 + %sync12 = load {}** %sync, align 4 + %1 = bitcast {}* %sync12 to i32 (%TRp*)* + %call = tail call i32 %1(%TRp* inreg %rp) nounwind optsize + ret i32 %call +} |