Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"StepValue is not an integer" assertion failed with x86_64 allmodconfig Linux kernel #49784

Closed
nathanchance opened this issue May 22, 2021 · 20 comments
Closed

"StepValue is not an integer" assertion failed with x86_64 allmodconfig Linux kernel #49784

nathanchance opened this issue May 22, 2021 · 20 comments
Labels
bugzilla Issues migrated from bugzilla loopoptim

Comments

@nathanchance
Copy link
Member

Bugzilla Link 50440
Version trunk
OS Windows NT
Blocks #4440
Attachments [Reduced fshttps://user-images.githubusercontent.com/11478138/143762157-7e93fcb4-2876-4415-b9d4-611ae97db2e6.gz)
CC @davidbolvansky,@efriedma-quic,@fhahn,@isanbard,@aqjune,@preames,@nickdesaulniers,@nikic,@tstellar

Extended Description

After Profile Guided Optimization support was added to the Linux kernel 1, there is a crash in fs/gfs2/rgrp.o:

$ make -skj"$(nproc)" LLVM=1 LLVM_IAS=1 O=build/x86_64 distclean allmodconfig fs/gfs2/rgrp.o
clang: /home/nathan/cbl/github/tc-build/llvm-project/llvm/lib/Analysis/IVDescriptors.cpp:959: llvm::InductionDescriptor::InductionDescriptor(llvm::Value *, llvm::InductionDescriptor::InductionKind, const llvm::SCEV *, llvm::BinaryOperator *, SmallVectorImpl<llvm::Instruction *> *): Assertion `(IK == IK_FpInduction || Step->getType()->isIntegerTy()) && "StepValue is not an integer"' failed.
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: /home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang -Qunused-arguments -fmacro-prefix-map=/home/nathan/cbl/src/linux-next/= -Wall -Wundef -Werror=strict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -fshort-wchar -fno-PIE -Werror=implicit-function-declaration -Werror=implicit-int -Werror=return-type -Wno-format-security -std=gnu89 -Werror=unknown-warning-option -integrated-as -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -fcf-protection=none -m64 -mno-80387 -mstack-alignment=8 -mtune=generic -mno-red-zone -mcmodel=kernel -Wno-sign-compare -fno-asynchronous-unwind-tables -mretpoline-external-thunk -fno-delete-null-pointer-checks -Wno-frame-address -Wno-address-of-packed-member -O2 -Wframe-larger-than=2048 -fstack-protector-strong -Wno-format-invalid-specifier -Wno-gnu -mno-global-merge -Wno-unused-const-variable -ftrivial-auto-var-init=pattern -fno-stack-clash-protection -pg -mfentry -falign-functions=64 -Wdeclaration-after-statement -Wvla -Wno-pointer-sign -Wno-array-bounds -fno-strict-overflow -fno-stack-check -Werror=date-time -Werror=incompatible-pointer-types -Wno-initializer-overrides -Wno-format -Wno-sign-compare -Wno-format-zero-length -Wno-pointer-to-enum-cast -Wno-tautological-constant-out-of-range-compare -fprofile-generate -fsanitize=kernel-address -mllvm -asan-mapping-offset=0xdffffc0000000000 -mllvm -asan-globals=1 -mllvm -asan-instrumentation-with-call-threshold=0 -mllvm -asan-stack=0 --param asan-instrument-allocas=1 -fsanitize=array-bounds -fsanitize=shift -fsanitize=integer-divide-by-zero -fsanitize=object-size -fsanitize=bool -fsanitize=enum -fsanitize-coverage=trace-pc -fsanitize-coverage=trace-cmp -nostdinc -isystem /home/nathan/cbl/github/tc-build/build/llvm/stage1/lib/clang/13.0.0/include -I/home/nathan/cbl/src/linux-next/arch/x86/include -I./arch/x86/include/generated -I/home/nathan/cbl/src/linux-next/include -I./include -I/home/nathan/cbl/src/linux-next/arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I/home/nathan/cbl/src/linux-next/include/uapi -I./include/generated/uapi -include /home/nathan/cbl/src/linux-next/include/linux/compiler-version.h -include /home/nathan/cbl/src/linux-next/include/linux/kconfig.h -include /home/nathan/cbl/src/linux-next/include/linux/compiler_types.h -D__KERNEL__ -DCONFIG_X86_X32_ABI -DCC_USING_NOP_MCOUNT -DCC_USING_FENTRY -Ifs/gfs2 -I /home/nathan/cbl/src/linux-next/fs/gfs2 -I ./fs/gfs2 -DMODULE -DKBUILD_BASENAME="rgrp" -DKBUILD_MODNAME="gfs2" -D__KBUILD_MODNAME=kmod_gfs2 -c -Wp,-MMD,fs/gfs2/.rgrp.o.d -fcolor-diagnostics -o fs/gfs2/rgrp.o /home/nathan/cbl/src/linux-next/fs/gfs2/rgrp.c

  1. parser at end of file
  2. Code generation
  3. Running pass 'Function Pass Manager' on module '/home/nathan/cbl/src/linux-next/fs/gfs2/rgrp.c'.
  4. Running pass 'Loop Pass Manager' on function '@gfs2_rgrp_verify'
  5. Running pass 'Canonicalize Freeze Instructions in Loops' on basic block '%cont21'
    #​0 0x0000000002a0e883 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x2a0e883)
    #​1 0x0000000002a0c6ee llvm::sys::RunSignalHandlers() (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x2a0c6ee)
    #​2 0x00000000029995a3 (anonymous namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long) CrashRecoveryContext.cpp:0:0
    #​3 0x00000000029996de CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
    #​4 0x00007f012020c870 __restore_rt sigaction.c:0:0
    #​5 0x00007f011fcc6d22 raise (/usr/lib/libc.so.6+0x3cd22)
    #​6 0x00007f011fcb0862 abort (/usr/lib/libc.so.6+0x26862)
    #​7 0x00007f011fcb0747 _nl_load_domain.cold loadmsgcat.c:0:0
    #​8 0x00007f011fcbf616 (/usr/lib/libc.so.6+0x35616)
    #​9 0x0000000001c832d6 llvm::InductionDescriptor::InductionDescriptor(llvm::Value*, llvm::InductionDescriptor::InductionKind, llvm::SCEV const*, llvm::BinaryOperator*, llvm::SmallVectorImplllvm::Instruction*) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x1c832d6)
    #​10 0x0000000001c84374 llvm::InductionDescriptor::isInductionPHI(llvm::PHINode    , llvm::Loop const*, llvm::ScalarEvolution*, llvm::InductionDescriptor&, llvm::SCEV const*, llvm::SmallVectorImplllvm::Instruction*) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x1c84374)
    #​11 0x0000000002a34cc4 (anonymous namespace)::CanonicalizeFreezeInLoopsImpl::run() CanonicalizeFreezeInLoops.cpp:0:0
    #​12 0x0000000002a35e4d (anonymous namespace)::CanonicalizeFreezeInLoops::runOnLoop(llvm::Loop    , llvm::LPPassManager&) CanonicalizeFreezeInLoops.cpp:0:0
    #​13 0x0000000001eb5a93 llvm::LPPassManager::runOnFunction(llvm::Function&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x1eb5a93)
    #​14 0x0000000002352868 llvm::FPPassManager::runOnFunction(llvm::Function&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x2352868)
    #​15 0x000000000235adb1 llvm::FPPassManager::runOnModule(llvm::Module&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x235adb1)
    #​16 0x0000000002353331 llvm::legacy::PassManagerImpl::run(llvm::Module&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x2353331)
    #​17 0x00000000030e1c46 (anonymous namespace)::EmitAssemblyHelper::EmitAssemblyWithNewPassManager(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_deletellvm::raw_pwrite_stream >) BackendUtil.cpp:0:0
    #​18 0x00000000030dc547 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_deletellvm::raw_pwrite_stream >) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x30dc547)
    #​19 0x0000000003570ff1 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) CodeGenAction.cpp:0:0
    #​20 0x0000000003ea8b14 clang::ParseAST(clang::Sema&, bool, bool) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x3ea8b14)
    #​21 0x00000000034c65d0 clang::FrontendAction::Execute() (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x34c65d0)
    #​22 0x000000000343adbf clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x343adbf)
    #​23 0x000000000356aec7 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x356aec7)
    #​24 0x000000000186f4f1 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x186f4f1)
    #​25 0x000000000186cf3d ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0
    #​26 0x00000000032dede2 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optionalllvm::StringRef >, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool) const::$_1>(long) Job.cpp:0:0
    #​27 0x00000000029994b7 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x29994b7)
    #​28 0x00000000032de947 clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optionalllvm::StringRef >, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool) const (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x32de947)
    #​29 0x00000000032a68a8 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&) const (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x32a68a8)
    #​30 0x00000000032a6ba7 clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) const (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x32a6ba7)
    #​31 0x00000000032bf621 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x32bf621)
    #​32 0x000000000186c806 main (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x186c806)
    #​33 0x00007f011fcb1b25 __libc_start_main (/usr/lib/libc.so.6+0x27b25)
    #​34 0x0000000001869b8e _start (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang+0x1869b8e)
    clang-13: error: clang frontend command failed with exit code 134 (use -v to see invocation)
    ClangBuiltLinux clang version 13.0.0 (https://github.com/llvm/llvm-project f50b87e)
    Target: x86_64-unknown-linux-gnu
    Thread model: posix
    InstalledDir: /home/nathan/cbl/github/tc-build/build/llvm/stage1/bin
    clang-13: note: diagnostic msg:

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-13: note: diagnostic msg: /tmp/rgrp-f2a81f.c
clang-13: note: diagnostic msg: /tmp/rgrp-f2a81f.sh
clang-13: note: diagnostic msg:

make[4]: *** [/home/nathan/cbl/src/linux-next/scripts/Makefile.build:273: fs/gfs2/rgrp.o] Error 134
make[4]: Target '__build' not remade because of errors.
make[3]: *** [/home/nathan/cbl/src/linux-next/scripts/Makefile.build:534: fs/gfs2] Error 2
make[3]: Target '__build' not remade because of errors.
make[2]: *** [/home/nathan/cbl/src/linux-next/Makefile:1954: fs] Error 2
make[2]: Target 'fs/gfs2/rgrp.o' not remade because of errors.
make1: *** [/home/nathan/cbl/src/linux-next/Makefile:353: __build_one_by_one] Error 2
make1: Target 'distclean' not remade because of errors.
make1: Target 'allmodconfig' not remade because of errors.
make1: Target 'fs/gfs2/rgrp.o' not remade because of errors.
make: *** [Makefile:222: __sub-make] Error 2
make: Target 'distclean' not remade because of errors.
make: Target 'allmodconfig' not remade because of errors.
make: Target 'fs/gfs2/rgrp.o' not remade because of errors.

I ended up reducing down the file and discovered that it seems to be an interaction between '-fprofile-generate', '-fsanitize=object-size', '-mno-sse', and '-O2'.

$ cat rgrp.i
gfs2_rgrp_verify_rgd_0;
struct gfs2_bitmap *gfs2_rgrp_verify_bi;
struct gfs2_bitmap {
int bi_bytes
} gfs2_bitcount(char *buffer, int buflen) {
char *end = buffer + buflen;
for (; buffer < end; buffer++)
;
}
gfs2_rgrp_verify() {
for (; gfs2_rgrp_verify_rgd_0;)
gfs2_bitcount(gfs2_rgrp_verify_bi, gfs2_rgrp_verify_bi->bi_bytes);
}

$ clang -fprofile-generate -fsanitize=object-size -mno-sse -O2 -c -o /dev/null rgrp.i
...
clang: /home/nathan/cbl/github/tc-build/llvm-project/llvm/lib/Analysis/IVDescriptors.cpp:959: llvm::InductionDescriptor::InductionDescriptor(llvm::Value *, llvm::InductionDescriptor::InductionKind, const llvm::SCEV *, llvm::BinaryOperator *, SmallVectorImpl<llvm::Instruction *> *): Assertion `(IK == IK_FpInduction || Step->getType()->isIntegerTy()) && "StepValue is not an integer"' failed.
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: clang -fprofile-generate -fsanitize=object-size -mno-sse -O2 -c -o /dev/null rgrp.i

  1. parser at end of file
  2. Code generation
  3. Running pass 'Function Pass Manager' on module 'rgrp.i'.
  4. Running pass 'Loop Pass Manager' on function '@gfs2_rgrp_verify'
  5. Running pass 'Canonicalize Freeze Instructions in Loops' on basic block '%for.body'
    #​0 0x0000000002a0e883 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x2a0e883)
    #​1 0x0000000002a0c6ee llvm::sys::RunSignalHandlers() (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x2a0c6ee)
    #​2 0x00000000029995a3 (anonymous namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long) CrashRecoveryContext.cpp:0:0
    #​3 0x00000000029996de CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
    #​4 0x00007f804b63b870 __restore_rt sigaction.c:0:0
    #​5 0x00007f804b0f5d22 raise (/usr/lib/libc.so.6+0x3cd22)
    #​6 0x00007f804b0df862 abort (/usr/lib/libc.so.6+0x26862)
    #​7 0x00007f804b0df747 _nl_load_domain.cold loadmsgcat.c:0:0
    #​8 0x00007f804b0ee616 (/usr/lib/libc.so.6+0x35616)
    #​9 0x0000000001c832d6 llvm::InductionDescriptor::InductionDescriptor(llvm::Value*, llvm::InductionDescriptor::InductionKind, llvm::SCEV const*, llvm::BinaryOperator*, llvm::SmallVectorImplllvm::Instruction*) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x1c832d6)
    #​10 0x0000000001c84374 llvm::InductionDescriptor::isInductionPHI(llvm::PHINode    , llvm::Loop const*, llvm::ScalarEvolution*, llvm::InductionDescriptor&, llvm::SCEV const*, llvm::SmallVectorImplllvm::Instruction*) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x1c84374)
    #​11 0x0000000002a34cc4 (anonymous namespace)::CanonicalizeFreezeInLoopsImpl::run() CanonicalizeFreezeInLoops.cpp:0:0
    #​12 0x0000000002a35e4d (anonymous namespace)::CanonicalizeFreezeInLoops::runOnLoop(llvm::Loop    , llvm::LPPassManager&) CanonicalizeFreezeInLoops.cpp:0:0
    #​13 0x0000000001eb5a93 llvm::LPPassManager::runOnFunction(llvm::Function&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x1eb5a93)
    #​14 0x0000000002352868 llvm::FPPassManager::runOnFunction(llvm::Function&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x2352868)
    #​15 0x000000000235adb1 llvm::FPPassManager::runOnModule(llvm::Module&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x235adb1)
    #​16 0x0000000002353331 llvm::legacy::PassManagerImpl::run(llvm::Module&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x2353331)
    #​17 0x00000000030e1c46 (anonymous namespace)::EmitAssemblyHelper::EmitAssemblyWithNewPassManager(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_deletellvm::raw_pwrite_stream >) BackendUtil.cpp:0:0
    #​18 0x00000000030dc547 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_deletellvm::raw_pwrite_stream >) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x30dc547)
    #​19 0x0000000003570ff1 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) CodeGenAction.cpp:0:0
    #​20 0x0000000003ea8b14 clang::ParseAST(clang::Sema&, bool, bool) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x3ea8b14)
    #​21 0x00000000034c65d0 clang::FrontendAction::Execute() (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x34c65d0)
    #​22 0x000000000343adbf clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x343adbf)
    #​23 0x000000000356aec7 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x356aec7)
    #​24 0x000000000186f4f1 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x186f4f1)
    #​25 0x000000000186cf3d ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0
    #​26 0x00000000032dede2 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optionalllvm::StringRef >, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool) const::$_1>(long) Job.cpp:0:0
    #​27 0x00000000029994b7 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x29994b7)
    #​28 0x00000000032de947 clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optionalllvm::StringRef >, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool) const (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x32de947)
    #​29 0x00000000032a68a8 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&) const (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x32a68a8)
    #​30 0x00000000032a6ba7 clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) const (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x32a6ba7)
    #​31 0x00000000032bf621 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x32bf621)
    #​32 0x000000000186c806 main (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x186c806)
    #​33 0x00007f804b0e0b25 __libc_start_main (/usr/lib/libc.so.6+0x27b25)
    #​34 0x0000000001869b8e _start (/home/nathan/cbl/github/tc-build/build/llvm/stage1/bin/clang-13+0x1869b8e)
    clang-13: error: clang frontend command failed with exit code 134 (use -v to see invocation)
    ClangBuiltLinux clang version 13.0.0 (https://github.com/llvm/llvm-project f50b87e)
    Target: x86_64-unknown-linux-gnu
    Thread model: posix
    InstalledDir: /home/nathan/cbl/github/tc-build/build/llvm/stage1/bin
    clang-13: note: diagnostic msg: Error generating preprocessed source(s) - no preprocessable inputs.

$ clang -fsanitize=object-size -mno-sse -O2 -c -o /dev/null rgrp.i
...

I bisected this down to 54b6457, although that seems to be obvious because that pass was not run prior to that commit.

The full preprocessed source and interestingness test can be viewed here: https://github.com/nathanchance/creduce-files/tree/1abc3cbfdb5f52b1efc652c435fd3c17246df656/pgo-gfs2-crash
@nikic
Copy link
Contributor

nikic commented May 22, 2021

Bugpoint:

; RUN: opt -S -canon-freeze
define void @​test() {
entry:
%add.ptr.i = getelementptr inbounds i8, i8* undef, i64 undef
%cmp.i3 = icmp ugt i8* %add.ptr.i, undef
%0 = select i1 %cmp.i3, i64 undef, i64 0
br label %for.body

for.body: ; preds = %for.body, %entry
%pgocount.promoted20 = phi i64 [ %pgocount.promoted19, %for.body ], [ 0, %entry ]
%pgocount.promoted19 = add i64 %pgocount.promoted20, %0
br label %for.body
}

@nickdesaulniers
Copy link
Member

I bisected this down to 54b6457, although that seems to be obvious because that pass was not run prior to that commit.

It seems that the test case provided by nikic fails prior to 54b6457.

It fails since CanonicalizeFreezeInLoops was introduced in
d9a4a24.

@aqjune
Copy link
Contributor

aqjune commented Jun 1, 2021

I looked into this failure and observed something about InductionDescriptor::isInductionPHI that I couldn't understand.

  const SCEV *Step = AR->getStepRecurrence(*SE);

  if (PhiTy->isIntegerTy()) {
    D = InductionDescriptor(StartValue, IK_IntInduction, Step, BOp,
                            CastsToIgnore);
    return true;
  }

(from

llvm-project/llvm/lib/Analysis/IVDescriptors.cpp

Line 1254 in e6b086b

D = InductionDescriptor(StartValue, IK_IntInduction, Step, BOp,
)

Printing StartValue and Step shows:

  StartValue: i64 0
  Step: ((-1 * %.pre26) + (((sext i32 %3 to i64) + %.pre26) umax %.pre26))
  Step's type: %struct.gfs2_bitmap* <== ?

According to the output, it is clear that Step's type should be i64. However, it is printing a pointer type. Is this an expected behavior?

@nickdesaulniers
Copy link
Member

Filed llvm/llvm-bugzilla-archive#50573 to request a revert of https://reviews.llvm.org/rG54b64572407c8305c7bb8cc20c46a5e0c66b2979, so that we can use that bug as a clang-12.0.1 release blocker, until this can be resolved.

@davidbolvansky
Copy link
Collaborator

Looks like from the discusion in that patch review that the revert will cause noticeable perf regressions.. so be careful.

@nickdesaulniers
Copy link
Member

Tentatively marking this a 12.0.1 release blocker then; if the reverts are too messy then a fix-forward+cherry pick to release/12.x would be preferred. We can unmark either bug as release blocker once we have further input.

@efriedma-quic
Copy link
Collaborator

According to the output, it is clear that Step's type should be i64.
However, it is printing a pointer type. Is this an expected behavior?

See bug 46786 for discussion of weirdness surrounding integer/ptr types in SCEV.

@tstellar
Copy link
Collaborator

tstellar commented Jun 4, 2021

Is there a fix for this bug?

@efriedma-quic
Copy link
Collaborator

https://reviews.llvm.org/D103660 appears to fix the testcase from comment 1 on mainline. Haven't looked at the branch.

@nickdesaulniers
Copy link
Member

With
https://reviews.llvm.org/D103656
then
https://reviews.llvm.org/D103660
applied, those also fix the initial bug report in the bug description.

So when those are good to go, we should cherry pick those to release/12.x and close llvm/llvm-bugzilla-archive#50573 .

@nikic
Copy link
Contributor

nikic commented Jun 4, 2021

I doubt that the first of those patches qualifies for a backport. It's quite a significant change to SCEV.

Can you please clarify whether this is a regression? That is, did kernel PGO work with LLVM 11, but stopped working in LLVM 12? Or did it not work in LLVM 11 either (for other reasons)?

If this needs to be fixed on the release branch, the way to go about it would probably be an early bailout somewhere in IVDescriptors if we encounter a weird-looking addrec.

@nickdesaulniers
Copy link
Member

Can you please clarify whether this is a regression?
That is, did kernel PGO
work with LLVM 11, but stopped working in LLVM 12? Or did it not work in
LLVM 11 either (for other reasons)?

PGO of the Linux kernel has been supported since LLVM 12.

Ah, but it looks like 54b6457 first landed in release/11.x.

So then it was the kernel sources that changed that exposed this; LLVM has been "broken" since before we could support PGO in the kernel generally, we just haven't exposed it until recently.

In that case, I'm happy to remove this from the release blockers, and we can bump nascent kernel PGO support to rely on unreleased clang-13, or some combination of PGO+CONFIG_GFS2_FS depend on clang-13.

@efriedma-quic
Copy link
Collaborator

I doubt that the first of those patches qualifies for a backport. It's quite
a significant change to SCEV.

It's possible the second patch works without the first, possibly with some tweaks to the regression tests; I haven't tested it.

If this needs to be fixed on the release branch, the way to go about it
would probably be an early bailout somewhere in IVDescriptors if we
encounter a weird-looking addrec.

This would be more conservative for the release branch.

@nickdesaulniers
Copy link
Member

Nathan reports that the second patch resolves the issue. Not sure if that could be a candidate for release/12.x? We're going to have to modify the kernel either way, it would be nice to depend on a version of the compiler being released sooner rather than later.

@tstellar
Copy link
Collaborator

tstellar commented Jun 4, 2021

The second patch looks OK to me to backport (once it lands in main), but I would like to also get a second opinion from a reviewer or a patch author.

@preames
Copy link
Collaborator

preames commented Jun 4, 2021

JFYI, as far as I can tell, this is simply a bug in IVDescriptor.cpp. There's no requirement that the type of the getSCEV(V)->getType() is equal to V->getType(). The code seems to be assuming it is, that assumption does not always hold.

The case here with pointer vs integer is one, but you can also get mixed types for e.g. different width integers, or (if we bothered to analyze them) floating point induction variables. That's expected and by design.

Not familiar with the IVDescriptor code, but it looks on the surface like a local bailout would be entirely legal?

(There might be an opt quality issue on Nikita's reduced example, but that's different issue.)

@LebedevRI
Copy link
Member

mentioned in issue llvm/llvm-bugzilla-archive#50573

2 similar comments
@nickdesaulniers
Copy link
Member

mentioned in issue llvm/llvm-bugzilla-archive#50573

@nickdesaulniers
Copy link
Member

mentioned in issue llvm/llvm-bugzilla-archive#50573

@llvmbot llvmbot transferred this issue from llvm/llvm-bugzilla-archive Dec 11, 2021
@nathanchance
Copy link
Member Author

Should be resolved by:

8f3d169
8a567e5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bugzilla Issues migrated from bugzilla loopoptim
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@LebedevRI @tstellar @nikic @preames @nickdesaulniers @aqjune @nathanchance @davidbolvansky @efriedma-quic