| Issue |
136048
|
| Summary |
Calling `BasicBlock::getFirstNonPHIOrDbgOrAlloca` on a `catchswitch` block yields an invalid (end) iterator.
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
tylanphear
|
When calling `BasicBlock::getFirstNonPHIOrDbgOrAlloca()` on a basic block like the following:
```
catch.dispatch: ; preds = %init.attempt.i664
%0 = catchswitch within none [label %catch] unwind to caller
```
Instead of yielding an iterator to `%0`, we get the end iterator. This is because `getFirstNonPHIOrDbgOrAlloca()` tries to skip over EHPad instructions (like `catchswitch`) but doesn't account for the fact that `catchswitch` is *both* an EHPad instruction and a terminator.
This was found when testing builds with assertions/sentinel-tracking enabled: with certain input IRs, a crash in SLPVectorizer occurs, as the iterator from `getFirstNonPHIOrDbgOrAlloca()` gets dereferenced unconditionally without checking if it is the end iterator. But logically, it shouldn't have to do so; calling this method on a non-empty block with a terminator should always yield a valid iterator (besides, a `catchswitch` instruction is a valid non-PHI or dbg or alloca instruction). This is supported by its use throughout LLVM: a simple search of the codebase shows that most of the time this method is called, the resulting iterator is unconditionally dereferenced.
Example failing test (reduced from Boost 1.75.0 sources):
```llvm-ir
; REQUIRES: asserts
; RUN: opt -passes=slp-vectorizer < %s -disable-output
target datalayout = "e-m:w-p270:32:32-p271:32:32-p272:64:64-i64:64-i128:128-f80:128-n8:16:32:64-S128"
target triple = "x86_64-pc-windows-msvc19.40.33811"
%"class.boost::execution_exception" = type { i32, %"class.boost::unit_test::basic_cstring", %"struct.boost::execution_exception::location" }
%"class.boost::unit_test::basic_cstring" = type { ptr, ptr }
%"struct.boost::execution_exception::location" = type { %"class.boost::unit_test::basic_cstring", i64, %"class.boost::unit_test::basic_cstring" }
define void @"?run@framework@unit_test@boost@@YAXK_N@Z"() personality ptr null {
entry:
br label %for.cond109
for.cond109: ; preds = %if.end153, %entry
%setup_error.sroa.0.1 = phi ptr [ null, %entry ], [ null, %if.end153 ]
%setup_error.sroa.6.1 = phi ptr [ null, %entry ], [ null, %if.end153 ]
br label %init.attempt.i664
init.attempt.i664: ; preds = %for.cond109
%call.i666 = invoke ptr null(ptr null)
to label %invoke.cont.i668 unwind label %catch.dispatch
invoke.cont.i668: ; preds = %init.attempt.i664
ret void
catch.dispatch: ; preds = %init.attempt.i664
%0 = catchswitch within none [label %catch] unwind to caller
catch: ; preds = %catch.dispatch
%1 = catchpad within %0 [ptr null, i32 0, ptr null]
br i1 false, label %if.end153, label %invoke.cont149
invoke.cont149: ; preds = %catch
%m_begin2.i.i = getelementptr %"class.boost::execution_exception", ptr null, i64 0, i32 1, i32 0
%2 = load ptr, ptr %m_begin2.i.i, align 8
%3 = load ptr, ptr null, align 8
br label %if.end153
if.end153: ; preds = %invoke.cont149, %catch
%setup_error.sroa.0.2 = phi ptr [ %setup_error.sroa.0.1, %catch ], [ %2, %invoke.cont149 ]
%setup_error.sroa.6.2 = phi ptr [ %setup_error.sroa.6.1, %catch ], [ %3, %invoke.cont149 ]
catchret from %1 to label %for.cond109
}
```
![]()
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
