BitcodeReader.cpp bug under LTO

Hi guys,

We have found a bug of BitcodeReader.cpp in processing an LTO bitcode file. As LLVM doesn’t emit use-list for LTO bitcode files, many forward references will happen when BitcodeReader processes the bitcode file, and LLVM uses placeholders for those forward references and resolve them later.

When parseConstants() reads in a CST_CODE_CE_SELECT record, e.g.

select , ,

If “ty” here is a vector type and “cond” is a forward reference, LLVM uses i1 as the placeholder type of “cond” if it cannot find “cond” in ValueList, as the code follows:

Type *SelectorTy = Type::getInt1Ty(Context);

// The selector might be an i1 or an

// Get the type from the ValueList before getting a forward ref.

if (VectorType *VTy = dyn_cast(CurTy))

if (Value *V = ValueList[Record[0]])

if (SelectorTy != V->getType())

SelectorTy = VectorType::get(SelectorTy, VTy->getNumElements());

However, the program aborts in RAUW() if we find “selty” is a vector type later, because LLVM are trying to replace an i1 placeholder with an value.

A rough idea is to create a BitcodeReader-specific RAUW which doesn’t check type legitimacy and any other suggestion is welcome.

Bugzilla link: https://bugs.llvm.org/show_bug.cgi?id=46750

Regards,

Mindong

The DelayedShuffles code in BitcodeReader::parseConstants is solving a sort of similar issue; you might be able to borrow the same approach.

-Eli

Hi Eli,

Thanks for the advice! By delaying processing the “select” until we have resolved other records(like “aggregate ” in this case) as you did for “shuffle”, the test case passes now. But I wonder if it’s an ultimate solution: what if the selector of a “select” is the output of another forward-reference “select” that hasn’t been resolved yet? We still cannot determine its type then. Is it possible?

Regards,

Mindong

The issue is specifically the case where the condition of a select constant expression is itself a select or shuffle constant expression? The simplest solution is probably to just call getConstantFwdRef() early, to “set” the type of each expression. We know the result type of the constant expression when we first see it; the ambiguity is only the type of the condition operand.

-Eli

I don’t have a test case for that special case right now. The problem is that the code wants to determine condition’s type before see it, which is impossible IIUC, and calling getConstantFwdRef() earlier doesn’t help there because it also requires for a type. I’ll commit a patch for the bug I posted, but more efforts will be needed to solve it thoroughly .

-Mindong