[SimplifyCFG] Fix a crash when folding PHIs.

We enter MergeBlockIntoPredecessor with a block looking like this: for.inc.us-lcssa: ; preds = %cond.end %k.1.lcssa.ph = phi i32 [ %conv15, %cond.end ] %t.3.lcssa.ph = phi i32 [ %k.1.lcssa.ph, %cond.end ] br label %for.inc, !dbg !66 [note the first arg of the PHI being a PHI]. FoldSingleEntryPHINodes gets rid of both PHIs (calling, eraseFromParent). But right before we call the function, we push into IncomingValues the only argument of the PHIs, and shortly after we try to iterate over something which has been invalidated before :( The fix its not trying to remove PHIs which have an incoming value coming from the same BB we're looking at. Fixes PR37300 and rdar://problem/39910460 Differential Revision: https://reviews.llvm.org/D46568 llvm-svn: 331824
2018-05-08 23:28:15 +00:00 · 2018-05-08 23:28:15 +00:00 · 48283ba3a1
parent be01d2e3de
commit 48283ba3a1
2 changed files with 107 additions and 4 deletions
--- a/llvm/lib/Transforms/Utils/BasicBlockUtils.cpp
+++ b/llvm/lib/Transforms/Utils/BasicBlockUtils.cpp
@ -149,10 +149,11 @@ bool llvm::MergeBlockIntoPredecessor(BasicBlock *BB, DominatorTree *DT,
        return false;

  // Begin by getting rid of unneeded PHIs.
-  SmallVector<Value *, 4> IncomingValues;
+  SmallVector<AssertingVH<Value>, 4> IncomingValues;
  if (isa<PHINode>(BB->front())) {
    for (PHINode &PN : BB->phis())
-      if (PN.getIncomingValue(0) != &PN)
+      if (!isa<PHINode>(PN.getIncomingValue(0)) ||
+          cast<PHINode>(PN.getIncomingValue(0))->getParent() != BB)
        IncomingValues.push_back(PN.getIncomingValue(0));
    FoldSingleEntryPHINodes(BB, MemDep);
  }
@ -168,8 +169,8 @@ bool llvm::MergeBlockIntoPredecessor(BasicBlock *BB, DominatorTree *DT,
  PredBB->getInstList().splice(PredBB->end(), BB->getInstList());

  // Eliminate duplicate dbg.values describing the entry PHI node post-splice.
-  for (auto *Incoming : IncomingValues) {
-    if (isa<Instruction>(Incoming)) {
+  for (auto Incoming : IncomingValues) {
+    if (isa<Instruction>(*Incoming)) {
      SmallVector<DbgValueInst *, 2> DbgValues;
      SmallDenseSet<std::pair<DILocalVariable *, DIExpression *>, 2>
          DbgValueSet;
--- a/llvm/test/Transforms/SimplifyCFG/fold-debug-info.ll
+++ b/llvm/test/Transforms/SimplifyCFG/fold-debug-info.ll
@ -0,0 +1,102 @@
+;; Check that we don't crash. PR37300.
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
+; RUN: opt %s -S -simplifycfg | FileCheck %s
+
+define void @patatino() {
+; CHECK-LABEL: @patatino(
+; CHECK-NEXT:  bb:
+; CHECK-NEXT:    ret void
+;
+bb:
+  %tmp = icmp eq i32 7, 0
+  br label %bb3
+bb3:                                              ; preds = %bb2, %bb
+  br label %bb36
+bb5:                                              ; preds = %bb4
+  %tmp7 = icmp ne i32 7, 0
+  %tmp8 = and i1 true, %tmp7
+  br i1 %tmp8, label %bb16, label %bb14
+bb9:                                              ; preds = %bb33, %bb10
+  br label %bb18
+bb10:                                             ; preds = %bb19, %bb13
+  %tmp11 = add nsw i32 2, 1
+  %tmp12 = icmp eq i32 %tmp11, 0
+  br i1 %tmp12, label %bb17, label %bb9
+bb13:                                             ; preds = %bb18, %bb13
+  br label %bb10
+bb14:                                             ; preds = %bb17, %bb6, %bb5
+  br label %bb35
+bb16:                                             ; preds = %bb6
+  br label %bb31
+bb17:                                             ; preds = %bb32, %bb10
+  br label %bb14
+bb18:                                             ; preds = %bb9
+  br label %bb13
+bb21:                                             ; preds = %bb31, %bb23
+  %tmp22 = phi i32 [ 0, %bb23 ], [ 0, %bb31 ]
+  br label %bb27
+bb23:                                             ; preds = %bb29, %bb28, %bb26
+  %tmp24 = add nsw i32 %tmp22, 1
+  %tmp25 = icmp eq i32 %tmp24, 0
+  br i1 %tmp25, label %bb32, label %bb21
+bb27:                                             ; preds = %bb21
+  br label %bb30
+bb28:                                             ; preds = %bb30
+  br label %bb23
+bb30:                                             ; preds = %bb30, %bb27
+  br label %bb28
+bb31:                                             ; preds = %bb16
+  br label %bb21
+bb32:                                             ; preds = %bb23
+  br label %bb17
+bb35:                                             ; preds = %bb14
+  br label %bb3
+bb36:                                             ; preds = %bb3, %bb3
+  br label %bb37
+bb37:                                             ; preds = %bb36
+  %tmp39 = and i1 %tmp, true
+  br i1 %tmp39, label %bb40, label %bb67
+bb40:                                             ; preds = %bb38
+  br i1 %tmp, label %bb42, label %bb41
+bb41:                                             ; preds = %bb40
+  br label %bb43
+bb42:                                             ; preds = %bb40
+  br label %bb66
+bb43:                                             ; preds = %bb41
+  br label %bb44
+bb44:                                             ; preds = %bb61, %bb43
+  %tmp45 = phi i32 [ 0, %bb61 ], [ 0, %bb43 ]
+  %tmp46 = phi i32 [ %tmp62, %bb61 ], [ 0, %bb43 ]
+  br label %bb51
+bb48:                                             ; preds = %bb47
+  br label %bb49
+bb49:                                             ; preds = %bb48
+  %tmp50 = phi i32 [ 0, %bb48 ]
+  br label %bb61
+bb51:                                             ; preds = %bb44
+  br label %bb52
+bb52:                                             ; preds = %bb55, %bb51
+  %tmp53 = phi i32 [ %tmp46, %bb51 ], [ 0, %bb55 ]
+  br label %bb55
+bb54:                                             ; preds = %bb52
+  br label %bb55
+bb55:                                             ; preds = %bb54, %bb52
+  %tmp56 = phi i32 [ 0, %bb54 ], [ 0, %bb52 ]
+  %tmp57 = shl i32 %tmp56, 16
+  br i1 false, label %bb52, label %bb58
+bb58:                                             ; preds = %bb55
+  %tmp59 = phi i32 [ 0, %bb55 ]
+  %tmp60 = phi i32 [ %tmp53, %bb55 ]
+  br label %bb61
+bb61:                                             ; preds = %bb58, %bb49
+  %tmp62 = phi i32 [ %tmp59, %bb58 ], [ %tmp50, %bb49 ]
+  %tmp63 = add nsw i32 %tmp45, 1
+  %tmp64 = icmp eq i32 %tmp63, 0
+  br i1 %tmp64, label %bb65, label %bb44
+bb65:                                             ; preds = %bb61
+  br label %bb66
+bb66:                                             ; preds = %bb65, %bb42
+  br label %bb67
+bb67:                                             ; preds = %bb66, %bb38
+  ret void
+}