Created attachment 24881 [details] Reduced fs/gfs2/rgrp.c After Profile Guided Optimization support was added to the Linux kernel [1], there is a crash in fs/gfs2/rgrp.o: $ make -skj"$(nproc)" LLVM=1 LLVM_IAS=1 O=build/x86_64 distclean allmodconfig fs/gfs2/rgrp.o clang: /home/nathan/cbl/github/tc-build/llvm-project/llvm/lib/Analysis/IVDescriptors.cpp:959: llvm::InductionDescriptor::InductionDescriptor(llvm::Value *, llvm::InductionDescriptor::InductionKind, const llvm::SCEV *, llvm::BinaryOperator *, SmallVectorImpl<llvm::Instruction *> *): Assertion `(IK == IK_FpInduction || Step->getType()->isIntegerTy()) && "StepValue is not an integer"' failed. PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script. Stack dump: 0. Program arguments: /home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang -Qunused-arguments -fmacro-prefix-map=/home/nathan/cbl/src/linux-next/= -Wall -Wundef -Werror=strict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -fshort-wchar -fno-PIE -Werror=implicit-function-declaration -Werror=implicit-int -Werror=return-type -Wno-format-security -std=gnu89 -Werror=unknown-warning-option -integrated-as -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -fcf-protection=none -m64 -mno-80387 -mstack-alignment=8 -mtune=generic -mno-red-zone -mcmodel=kernel -Wno-sign-compare -fno-asynchronous-unwind-tables -mretpoline-external-thunk -fno-delete-null-pointer-checks -Wno-frame-address -Wno-address-of-packed-member -O2 -Wframe-larger-than=2048 -fstack-protector-strong -Wno-format-invalid-specifier -Wno-gnu -mno-global-merge -Wno-unused-const-variable -ftrivial-auto-var-init=pattern -fno-stack-clash-protection -pg -mfentry -falign-functions=64 -Wdeclaration-after-statement -Wvla -Wno-pointer-sign -Wno-array-bounds -fno-strict-overflow -fno-stack-check -Werror=date-time -Werror=incompatible-pointer-types -Wno-initializer-overrides -Wno-format -Wno-sign-compare -Wno-format-zero-length -Wno-pointer-to-enum-cast -Wno-tautological-constant-out-of-range-compare -fprofile-generate -fsanitize=kernel-address -mllvm -asan-mapping-offset=0xdffffc0000000000 -mllvm -asan-globals=1 -mllvm -asan-instrumentation-with-call-threshold=0 -mllvm -asan-stack=0 --param asan-instrument-allocas=1 -fsanitize=array-bounds -fsanitize=shift -fsanitize=integer-divide-by-zero -fsanitize=object-size -fsanitize=bool -fsanitize=enum -fsanitize-coverage=trace-pc -fsanitize-coverage=trace-cmp -nostdinc -isystem /home/nathan/cbl/github/tc-build/build/llvm/stage1/lib/clang/13.0.0/include -I/home/nathan/cbl/src/linux-next/arch/x86/include -I./arch/x86/include/generated -I/home/nathan/cbl/src/linux-next/include -I./include -I/home/nathan/cbl/src/linux-next/arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I/home/nathan/cbl/src/linux-next/include/uapi -I./include/generated/uapi -include /home/nathan/cbl/src/linux-next/include/linux/compiler-version.h -include /home/nathan/cbl/src/linux-next/include/linux/kconfig.h -include /home/nathan/cbl/src/linux-next/include/linux/compiler_types.h -D__KERNEL__ -DCONFIG_X86_X32_ABI -DCC_USING_NOP_MCOUNT -DCC_USING_FENTRY -Ifs/gfs2 -I /home/nathan/cbl/src/linux-next/fs/gfs2 -I ./fs/gfs2 -DMODULE -DKBUILD_BASENAME=\"rgrp\" -DKBUILD_MODNAME=\"gfs2\" -D__KBUILD_MODNAME=kmod_gfs2 -c -Wp,-MMD,fs/gfs2/.rgrp.o.d -fcolor-diagnostics -o fs/gfs2/rgrp.o /home/nathan/cbl/src/linux-next/fs/gfs2/rgrp.c 1. <eof> parser at end of file 2. Code generation 3. Running pass 'Function Pass Manager' on module '/home/nathan/cbl/src/linux-next/fs/gfs2/rgrp.c'. 4. Running pass 'Loop Pass Manager' on function '@gfs2_rgrp_verify' 5. Running pass 'Canonicalize Freeze Instructions in Loops' on basic block '%cont21' #0 0x0000000002a0e883 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x2a0e883) #1 0x0000000002a0c6ee llvm::sys::RunSignalHandlers() (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x2a0c6ee) #2 0x00000000029995a3 (anonymous namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long) CrashRecoveryContext.cpp:0:0 #3 0x00000000029996de CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0 #4 0x00007f012020c870 __restore_rt sigaction.c:0:0 #5 0x00007f011fcc6d22 raise (/usr/lib/libc.so.6+0x3cd22) #6 0x00007f011fcb0862 abort (/usr/lib/libc.so.6+0x26862) #7 0x00007f011fcb0747 _nl_load_domain.cold loadmsgcat.c:0:0 #8 0x00007f011fcbf616 (/usr/lib/libc.so.6+0x35616) #9 0x0000000001c832d6 llvm::InductionDescriptor::InductionDescriptor(llvm::Value*, llvm::InductionDescriptor::InductionKind, llvm::SCEV const*, llvm::BinaryOperator*, llvm::SmallVectorImpl<llvm::Instruction*>*) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x1c832d6) #10 0x0000000001c84374 llvm::InductionDescriptor::isInductionPHI(llvm::PHINode*, llvm::Loop const*, llvm::ScalarEvolution*, llvm::InductionDescriptor&, llvm::SCEV const*, llvm::SmallVectorImpl<llvm::Instruction*>*) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x1c84374) #11 0x0000000002a34cc4 (anonymous namespace)::CanonicalizeFreezeInLoopsImpl::run() CanonicalizeFreezeInLoops.cpp:0:0 #12 0x0000000002a35e4d (anonymous namespace)::CanonicalizeFreezeInLoops::runOnLoop(llvm::Loop*, llvm::LPPassManager&) CanonicalizeFreezeInLoops.cpp:0:0 #13 0x0000000001eb5a93 llvm::LPPassManager::runOnFunction(llvm::Function&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x1eb5a93) #14 0x0000000002352868 llvm::FPPassManager::runOnFunction(llvm::Function&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x2352868) #15 0x000000000235adb1 llvm::FPPassManager::runOnModule(llvm::Module&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x235adb1) #16 0x0000000002353331 llvm::legacy::PassManagerImpl::run(llvm::Module&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x2353331) #17 0x00000000030e1c46 (anonymous namespace)::EmitAssemblyHelper::EmitAssemblyWithNewPassManager(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) BackendUtil.cpp:0:0 #18 0x00000000030dc547 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x30dc547) #19 0x0000000003570ff1 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) CodeGenAction.cpp:0:0 #20 0x0000000003ea8b14 clang::ParseAST(clang::Sema&, bool, bool) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x3ea8b14) #21 0x00000000034c65d0 clang::FrontendAction::Execute() (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x34c65d0) #22 0x000000000343adbf clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x343adbf) #23 0x000000000356aec7 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x356aec7) #24 0x000000000186f4f1 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x186f4f1) #25 0x000000000186cf3d ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0 #26 0x00000000032dede2 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const::$_1>(long) Job.cpp:0:0 #27 0x00000000029994b7 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x29994b7) #28 0x00000000032de947 clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x32de947) #29 0x00000000032a68a8 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&) const (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x32a68a8) #30 0x00000000032a6ba7 clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) const (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x32a6ba7) #31 0x00000000032bf621 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x32bf621) #32 0x000000000186c806 main (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x186c806) #33 0x00007f011fcb1b25 __libc_start_main (/usr/lib/libc.so.6+0x27b25) #34 0x0000000001869b8e _start (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x1869b8e) clang-13: error: clang frontend command failed with exit code 134 (use -v to see invocation) ClangBuiltLinux clang version 13.0.0 (https://github.com/llvm/llvm-project f50b87e9ef42efe80e2b3364df848d102075dd11) Target: x86_64-unknown-linux-gnu Thread model: posix InstalledDir: /home/nathan/cbl/github/tc-build/build/llvm/stage1/bin clang-13: note: diagnostic msg: ******************** PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT: Preprocessed source(s) and associated run script(s) are located at: clang-13: note: diagnostic msg: /tmp/rgrp-f2a81f.c clang-13: note: diagnostic msg: /tmp/rgrp-f2a81f.sh clang-13: note: diagnostic msg: ******************** make[4]: *** [/home/nathan/cbl/src/linux-next/scripts/Makefile.build:273: fs/gfs2/rgrp.o] Error 134 make[4]: Target '__build' not remade because of errors. make[3]: *** [/home/nathan/cbl/src/linux-next/scripts/Makefile.build:534: fs/gfs2] Error 2 make[3]: Target '__build' not remade because of errors. make[2]: *** [/home/nathan/cbl/src/linux-next/Makefile:1954: fs] Error 2 make[2]: Target 'fs/gfs2/rgrp.o' not remade because of errors. make[1]: *** [/home/nathan/cbl/src/linux-next/Makefile:353: __build_one_by_one] Error 2 make[1]: Target 'distclean' not remade because of errors. make[1]: Target 'allmodconfig' not remade because of errors. make[1]: Target 'fs/gfs2/rgrp.o' not remade because of errors. make: *** [Makefile:222: __sub-make] Error 2 make: Target 'distclean' not remade because of errors. make: Target 'allmodconfig' not remade because of errors. make: Target 'fs/gfs2/rgrp.o' not remade because of errors. I ended up reducing down the file and discovered that it seems to be an interaction between '-fprofile-generate', '-fsanitize=object-size', '-mno-sse', and '-O2'. $ cat rgrp.i gfs2_rgrp_verify_rgd_0; struct gfs2_bitmap *gfs2_rgrp_verify_bi; struct gfs2_bitmap { int bi_bytes } gfs2_bitcount(char *buffer, int buflen) { char *end = buffer + buflen; for (; buffer < end; buffer++) ; } gfs2_rgrp_verify() { for (; gfs2_rgrp_verify_rgd_0;) gfs2_bitcount(gfs2_rgrp_verify_bi, gfs2_rgrp_verify_bi->bi_bytes); } $ clang -fprofile-generate -fsanitize=object-size -mno-sse -O2 -c -o /dev/null rgrp.i ... clang: /home/nathan/cbl/github/tc-build/llvm-project/llvm/lib/Analysis/IVDescriptors.cpp:959: llvm::InductionDescriptor::InductionDescriptor(llvm::Value *, llvm::InductionDescriptor::InductionKind, const llvm::SCEV *, llvm::BinaryOperator *, SmallVectorImpl<llvm::Instruction *> *): Assertion `(IK == IK_FpInduction || Step->getType()->isIntegerTy()) && "StepValue is not an integer"' failed. PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script. Stack dump: 0. Program arguments: clang -fprofile-generate -fsanitize=object-size -mno-sse -O2 -c -o /dev/null rgrp.i 1. <eof> parser at end of file 2. Code generation 3. Running pass 'Function Pass Manager' on module 'rgrp.i'. 4. Running pass 'Loop Pass Manager' on function '@gfs2_rgrp_verify' 5. Running pass 'Canonicalize Freeze Instructions in Loops' on basic block '%for.body' #0 0x0000000002a0e883 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x2a0e883) #1 0x0000000002a0c6ee llvm::sys::RunSignalHandlers() (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x2a0c6ee) #2 0x00000000029995a3 (anonymous namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long) CrashRecoveryContext.cpp:0:0 #3 0x00000000029996de CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0 #4 0x00007f804b63b870 __restore_rt sigaction.c:0:0 #5 0x00007f804b0f5d22 raise (/usr/lib/libc.so.6+0x3cd22) #6 0x00007f804b0df862 abort (/usr/lib/libc.so.6+0x26862) #7 0x00007f804b0df747 _nl_load_domain.cold loadmsgcat.c:0:0 #8 0x00007f804b0ee616 (/usr/lib/libc.so.6+0x35616) #9 0x0000000001c832d6 llvm::InductionDescriptor::InductionDescriptor(llvm::Value*, llvm::InductionDescriptor::InductionKind, llvm::SCEV const*, llvm::BinaryOperator*, llvm::SmallVectorImpl<llvm::Instruction*>*) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x1c832d6) #10 0x0000000001c84374 llvm::InductionDescriptor::isInductionPHI(llvm::PHINode*, llvm::Loop const*, llvm::ScalarEvolution*, llvm::InductionDescriptor&, llvm::SCEV const*, llvm::SmallVectorImpl<llvm::Instruction*>*) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x1c84374) #11 0x0000000002a34cc4 (anonymous namespace)::CanonicalizeFreezeInLoopsImpl::run() CanonicalizeFreezeInLoops.cpp:0:0 #12 0x0000000002a35e4d (anonymous namespace)::CanonicalizeFreezeInLoops::runOnLoop(llvm::Loop*, llvm::LPPassManager&) CanonicalizeFreezeInLoops.cpp:0:0 #13 0x0000000001eb5a93 llvm::LPPassManager::runOnFunction(llvm::Function&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x1eb5a93) #14 0x0000000002352868 llvm::FPPassManager::runOnFunction(llvm::Function&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x2352868) #15 0x000000000235adb1 llvm::FPPassManager::runOnModule(llvm::Module&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x235adb1) #16 0x0000000002353331 llvm::legacy::PassManagerImpl::run(llvm::Module&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x2353331) #17 0x00000000030e1c46 (anonymous namespace)::EmitAssemblyHelper::EmitAssemblyWithNewPassManager(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) BackendUtil.cpp:0:0 #18 0x00000000030dc547 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x30dc547) #19 0x0000000003570ff1 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) CodeGenAction.cpp:0:0 #20 0x0000000003ea8b14 clang::ParseAST(clang::Sema&, bool, bool) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x3ea8b14) #21 0x00000000034c65d0 clang::FrontendAction::Execute() (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x34c65d0) #22 0x000000000343adbf clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x343adbf) #23 0x000000000356aec7 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x356aec7) #24 0x000000000186f4f1 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x186f4f1) #25 0x000000000186cf3d ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0 #26 0x00000000032dede2 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const::$_1>(long) Job.cpp:0:0 #27 0x00000000029994b7 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x29994b7) #28 0x00000000032de947 clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x32de947) #29 0x00000000032a68a8 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&) const (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x32a68a8) #30 0x00000000032a6ba7 clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) const (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x32a6ba7) #31 0x00000000032bf621 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x32bf621) #32 0x000000000186c806 main (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x186c806) #33 0x00007f804b0e0b25 __libc_start_main (/usr/lib/libc.so.6+0x27b25) #34 0x0000000001869b8e _start (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x1869b8e) clang-13: error: clang frontend command failed with exit code 134 (use -v to see invocation) ClangBuiltLinux clang version 13.0.0 (https://github.com/llvm/llvm-project f50b87e9ef42efe80e2b3364df848d102075dd11) Target: x86_64-unknown-linux-gnu Thread model: posix InstalledDir: /home/nathan/cbl/github/tc-build/build/llvm/stage1/bin clang-13: note: diagnostic msg: Error generating preprocessed source(s) - no preprocessable inputs. $ clang -fsanitize=object-size -mno-sse -O2 -c -o /dev/null rgrp.i ... I bisected this down to https://github.com/llvm/llvm-project/commit/54b64572407c8305c7bb8cc20c46a5e0c66b2979, although that seems to be obvious because that pass was not run prior to that commit. The full preprocessed source and interestingness test can be viewed here: https://github.com/nathanchance/creduce-files/tree/1abc3cbfdb5f52b1efc652c435fd3c17246df656/pgo-gfs2-crash [1]: https://git.kernel.org/next/linux-next/c/e1af496cbe9b4517428601a4e44fee3602dd3c15
Bugpoint: ; RUN: opt -S -canon-freeze define void @test() { entry: %add.ptr.i = getelementptr inbounds i8, i8* undef, i64 undef %cmp.i3 = icmp ugt i8* %add.ptr.i, undef %0 = select i1 %cmp.i3, i64 undef, i64 0 br label %for.body for.body: ; preds = %for.body, %entry %pgocount.promoted20 = phi i64 [ %pgocount.promoted19, %for.body ], [ 0, %entry ] %pgocount.promoted19 = add i64 %pgocount.promoted20, %0 br label %for.body }
> I bisected this down to https://github.com/llvm/llvm-project/commit/54b64572407c8305c7bb8cc20c46a5e0c66b2979, although that seems to be obvious because that pass was not run prior to that commit. It seems that the test case provided by nikic fails prior to https://github.com/llvm/llvm-project/commit/54b64572407c8305c7bb8cc20c46a5e0c66b2979. It fails since CanonicalizeFreezeInLoops was introduced in d9a4a244138c4ec7dcc1b316e2ca57c9c833bf6c.
I looked into this failure and observed something about InductionDescriptor::isInductionPHI that I couldn't understand. ``` const SCEV *Step = AR->getStepRecurrence(*SE); if (PhiTy->isIntegerTy()) { D = InductionDescriptor(StartValue, IK_IntInduction, Step, BOp, CastsToIgnore); return true; } ``` (from https://github.com/llvm/llvm-project/blob/e6b086bef2c0597ed14b2aefbb3f6d74b94fd49e/llvm/lib/Analysis/IVDescriptors.cpp#L1254) Printing StartValue and Step shows: ``` StartValue: i64 0 Step: ((-1 * %.pre26) + (((sext i32 %3 to i64) + %.pre26) umax %.pre26)) Step's type: %struct.gfs2_bitmap* <== ? ``` According to the output, it is clear that Step's type should be i64. However, it is printing a pointer type. Is this an expected behavior?
Filed https://bugs.llvm.org/show_bug.cgi?id=50573 to request a revert of https://reviews.llvm.org/rG54b64572407c8305c7bb8cc20c46a5e0c66b2979, so that we can use that bug as a clang-12.0.1 release blocker, until this can be resolved.
Looks like from the discusion in that patch review that the revert will cause noticeable perf regressions.. so be careful.
Tentatively marking this a 12.0.1 release blocker then; if the reverts are too messy then a fix-forward+cherry pick to release/12.x would be preferred. We can unmark either bug as release blocker once we have further input.
(In reply to Juneyoung Lee from comment #3) > According to the output, it is clear that Step's type should be i64. > However, it is printing a pointer type. Is this an expected behavior? See bug 46786 for discussion of weirdness surrounding integer/ptr types in SCEV.
Is there a fix for this bug?
https://reviews.llvm.org/D103660 appears to fix the testcase from comment 1 on mainline. Haven't looked at the branch.
With https://reviews.llvm.org/D103656 then https://reviews.llvm.org/D103660 applied, those also fix the initial bug report in the bug description. So when those are good to go, we should cherry pick those to release/12.x and close https://bugs.llvm.org/show_bug.cgi?id=50573.
I doubt that the first of those patches qualifies for a backport. It's quite a significant change to SCEV. Can you please clarify whether this is a regression? That is, did kernel PGO work with LLVM 11, but stopped working in LLVM 12? Or did it not work in LLVM 11 either (for other reasons)? If this needs to be fixed on the release branch, the way to go about it would probably be an early bailout somewhere in IVDescriptors if we encounter a weird-looking addrec.
(In reply to Nikita Popov from comment #11) > Can you please clarify whether this is a regression? > That is, did kernel PGO > work with LLVM 11, but stopped working in LLVM 12? Or did it not work in > LLVM 11 either (for other reasons)? PGO of the Linux kernel has been supported since LLVM 12. Ah, but it looks like 54b64572407c8305c7bb8cc20c46a5e0c66b2979 first landed in release/11.x. So then it was the kernel sources that changed that exposed this; LLVM has been "broken" since before we could support PGO in the kernel generally, we just haven't exposed it until recently. In that case, I'm happy to remove this from the release blockers, and we can bump nascent kernel PGO support to rely on unreleased clang-13, or some combination of PGO+CONFIG_GFS2_FS depend on clang-13.
(In reply to Nikita Popov from comment #11) > I doubt that the first of those patches qualifies for a backport. It's quite > a significant change to SCEV. It's possible the second patch works without the first, possibly with some tweaks to the regression tests; I haven't tested it. > If this needs to be fixed on the release branch, the way to go about it > would probably be an early bailout somewhere in IVDescriptors if we > encounter a weird-looking addrec. This would be more conservative for the release branch.
Nathan reports that the second patch resolves the issue. Not sure if that could be a candidate for release/12.x? We're going to have to modify the kernel either way, it would be nice to depend on a version of the compiler being released sooner rather than later.
The second patch looks OK to me to backport (once it lands in main), but I would like to also get a second opinion from a reviewer or a patch author.
JFYI, as far as I can tell, this is simply a bug in IVDescriptor.cpp. There's no requirement that the type of the getSCEV(V)->getType() is equal to V->getType(). The code seems to be assuming it is, that assumption does not always hold. The case here with pointer vs integer is one, but you can also get mixed types for e.g. different width integers, or (if we bothered to analyze them) floating point induction variables. That's expected and by design. Not familiar with the IVDescriptor code, but it looks on the surface like a local bailout would be entirely legal? (There might be an opt quality issue on Nikita's reduced example, but that's different issue.)