FastIsel: take care to update iterators when removing instructions.

We keep a few iterators into the basic block we're selecting while
performing FastISel. Usually this is fine, but occasionally code wants
to remove already-emitted instructions. When this happens we have to be
careful to update those iterators so they're not pointint at dangling
memory.

llvm-svn: 349365
This commit is contained in:
Tim Northover 2018-12-17 17:25:53 +00:00
parent 2d6833c9c9
commit 256a16d031
6 changed files with 47 additions and 7 deletions
llvm
lib
test/CodeGen/AArch64

View File

@ -547,6 +547,15 @@ void FastISel::removeDeadCode(MachineBasicBlock::iterator I,
assert(I.isValid() && E.isValid() && std::distance(I, E) > 0 && assert(I.isValid() && E.isValid() && std::distance(I, E) > 0 &&
"Invalid iterator!"); "Invalid iterator!");
while (I != E) { while (I != E) {
if (LastFlushPoint == I)
LastFlushPoint = E;
if (SavedInsertPt == I)
SavedInsertPt = E;
if (EmitStartPt == I)
EmitStartPt = E.isValid() ? &*E : nullptr;
if (LastLocalValue == I)
LastLocalValue = E.isValid() ? &*E : nullptr;
MachineInstr *Dead = &*I; MachineInstr *Dead = &*I;
++I; ++I;
Dead->eraseFromParent(); Dead->eraseFromParent();

View File

@ -2016,8 +2016,9 @@ bool AArch64FastISel::selectLoad(const Instruction *I) {
if (RetVT == MVT::i64 && VT <= MVT::i32) { if (RetVT == MVT::i64 && VT <= MVT::i32) {
if (WantZExt) { if (WantZExt) {
// Delete the last emitted instruction from emitLoad (SUBREG_TO_REG). // Delete the last emitted instruction from emitLoad (SUBREG_TO_REG).
std::prev(FuncInfo.InsertPt)->eraseFromParent(); MachineBasicBlock::iterator I(std::prev(FuncInfo.InsertPt));
ResultReg = std::prev(FuncInfo.InsertPt)->getOperand(0).getReg(); ResultReg = std::prev(I)->getOperand(0).getReg();
removeDeadCode(I, std::next(I));
} else } else
ResultReg = fastEmitInst_extractsubreg(MVT::i32, ResultReg, ResultReg = fastEmitInst_extractsubreg(MVT::i32, ResultReg,
/*IsKill=*/true, /*IsKill=*/true,
@ -2038,7 +2039,8 @@ bool AArch64FastISel::selectLoad(const Instruction *I) {
break; break;
} }
} }
MI->eraseFromParent(); MachineBasicBlock::iterator I(MI);
removeDeadCode(I, std::next(I));
MI = nullptr; MI = nullptr;
if (Reg) if (Reg)
MI = MRI.getUniqueVRegDef(Reg); MI = MRI.getUniqueVRegDef(Reg);
@ -4508,7 +4510,8 @@ bool AArch64FastISel::optimizeIntExtLoad(const Instruction *I, MVT RetVT,
MI->getOperand(1).getSubReg() == AArch64::sub_32) && MI->getOperand(1).getSubReg() == AArch64::sub_32) &&
"Expected copy instruction"); "Expected copy instruction");
Reg = MI->getOperand(1).getReg(); Reg = MI->getOperand(1).getReg();
MI->eraseFromParent(); MachineBasicBlock::iterator I(MI);
removeDeadCode(I, std::next(I));
} }
updateValueMap(I, Reg); updateValueMap(I, Reg);
return true; return true;

View File

@ -2951,7 +2951,8 @@ bool ARMFastISel::tryToFoldLoadIntoMI(MachineInstr *MI, unsigned OpNo,
unsigned ResultReg = MI->getOperand(0).getReg(); unsigned ResultReg = MI->getOperand(0).getReg();
if (!ARMEmitLoad(VT, ResultReg, Addr, LI->getAlignment(), isZExt, false)) if (!ARMEmitLoad(VT, ResultReg, Addr, LI->getAlignment(), isZExt, false))
return false; return false;
MI->eraseFromParent(); MachineBasicBlock::iterator I(MI);
removeDeadCode(I, std::next(I));
return true; return true;
} }

View File

@ -2354,7 +2354,8 @@ bool PPCFastISel::tryToFoldLoadIntoMI(MachineInstr *MI, unsigned OpNo,
PPCSubTarget->hasSPE() ? PPC::EVLDD : PPC::LFD)) PPCSubTarget->hasSPE() ? PPC::EVLDD : PPC::LFD))
return false; return false;
MI->eraseFromParent(); MachineBasicBlock::iterator I(MI);
removeDeadCode(I, std::next(I));
return true; return true;
} }

View File

@ -3998,7 +3998,8 @@ bool X86FastISel::tryToFoldLoadIntoMI(MachineInstr *MI, unsigned OpNo,
} }
Result->addMemOperand(*FuncInfo.MF, createMachineMemOperandFor(LI)); Result->addMemOperand(*FuncInfo.MF, createMachineMemOperandFor(LI));
MI->eraseFromParent(); MachineBasicBlock::iterator I(MI);
removeDeadCode(I, std::next(I));
return true; return true;
} }

View File

@ -0,0 +1,25 @@
; RUN: llc -mtriple=arm64-apple-ios -o - %s -fast-isel=1 -O0 | FileCheck %s
; The zext can be folded into the load and removed, but doing so can invalidate
; pointers internal to FastISel and cause a crash so it must be done carefully.
define i32 @test() {
; CHECK-LABEL: test:
; CHECK: ldrh
; CHECK: bl _callee
; CHECK-NOT: uxth
entry:
store i32 undef, i32* undef, align 4
%t81 = load i16, i16* undef, align 2
call void @callee()
%t82 = zext i16 %t81 to i32
%t83 = shl i32 %t82, 16
%t84 = or i32 undef, %t83
br label %end
end:
%val = phi i32 [%t84, %entry]
ret i32 %val
}
declare void @callee()