review.tizen.org Git - platform/upstream/llvm.git/commit

author	Fraser Cormack <fraser@codeplay.com>
	Thu, 24 Mar 2022 11:03:26 +0000 (11:03 +0000)
committer	Fraser Cormack <fraser@codeplay.com>
	Wed, 30 Mar 2022 12:17:55 +0000 (13:17 +0100)
commit	43a91a8474f55241404199f6b8798ac6467c2687
tree	0d640eec2d9cc52184aaeb88384f91cbfdbe9771	tree \| snapshot
parent	8a4077fac05407fd09d5d8f50347045d279bdac8	commit \| diff

[SelectionDAG] Don't create illegally-typed nodes while constant folding

This patch fixes a (seemingly very rare) crash during vector constant
folding introduced in D113300.

Normally, during legalization, if we create an illegally-typed node during
a failed attempt at constant folding it's cleaned up before being
visited, due to it having no uses.

If, however, an illegally-typed node is created during one round of
legalization and isn't cleaned up, it's possible for a second round of
legalization to create new illegally-typed nodes which add extra uses to
the old illegal nodes. This means that we can end up visiting the old
nodes before they're known to be dead, at which point we crash.

I'm not happy about this fix. Creating illegal types at all seems like a
bad idea, but we all-too-often rely on illegal constants being
successfully folded and being fixed up afterwards. However, we can't
rely on constant folding actually happening, and we don't have a
foolproof way of peering into the future.

Perhaps the correct fix is to revisit the node-iteration order during
legalization, ensuring we visit all uses of nodes before the nodes
themselves. Or alternatively we could try and clean up dead nodes
immediately after failing constant folding.

Reviewed By: RKSimon

Differential Revision: https://reviews.llvm.org/D122382

llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp		diff \| blob \| history
llvm/test/CodeGen/RISCV/rvv/constant-folding-crash.ll	[new file with mode: 0644]	blob