This is an archive of the discontinued LLVM Phabricator instance.

Differential D106046

tsan: make obtaining current PC faster
ClosedPublic

Authored by dvyukov on Jul 15 2021, 2:05 AM.

Details

Reviewers
vitalybuka
melver
Commits
rGbaa7f58973d4: tsan: make obtaining current PC faster
rGe33446ea58b8: tsan: make obtaining current PC faster
Summary

We obtain the current PC is all interceptors and collectively
common interceptor code contributes to overall slowdown
(in particular cheaper str/mem* functions).

The current way to obtain the current PC involves:

4493e1:       e8 3a f3 fe ff          callq  438720 <_ZN11__sanitizer10StackTrace12GetCurrentPcEv>
4493e9:       48 89 c6                mov    %rax,%rsi

and the called function is:

uptr StackTrace::GetCurrentPc() {

438720:       48 8b 04 24             mov    (%rsp),%rax
438724:       c3                      retq

The new way uses address of a local label and involves just:

44a888:       48 8d 35 fa ff ff ff    lea    -0x6(%rip),%rsi

I am not switching all uses of StackTrace::GetCurrentPc to GET_CURRENT_PC
because it may lead some differences in produced reports and break tests.
The difference comes from the fact that currently we have PC pointing
to the CALL instruction, but the new way does not yield any code on its own
so the PC points to a random instruction in the function and symbolizing
that instruction can produce additional inlined frames (if the random
instruction happen to relate to some inlined function).

Diff Detail

Event Timeline

dvyukov created this revision.Jul 15 2021, 2:05 AM
Herald added subscribers: s.egerton, simoncook, fedor.sergeev. · View Herald TranscriptJul 15 2021, 2:05 AM
dvyukov requested review of this revision.Jul 15 2021, 2:05 AM
Herald added a project: Restricted Project. · View Herald TranscriptJul 15 2021, 2:05 AM
Herald added a subscriber: Restricted Project. · View Herald Transcript
Harbormaster completed remote builds in B114173: Diff 358868.Jul 15 2021, 2:37 AM
melver accepted this revision.Jul 15 2021, 5:56 AM
melver added inline comments.
compiler-rt/lib/sanitizer_common/sanitizer_stacktrace.h
199

Previously the PC was obtained by a call and we sort of were guaranteed that the compiler wouldn't move code around.

Should this now include compiler barriers before/after?

This revision is now accepted and ready to land.Jul 15 2021, 5:56 AM
dvyukov added inline comments.Jul 15 2021, 8:00 AM
compiler-rt/lib/sanitizer_common/sanitizer_stacktrace.h
199

I am not sure what a compiler barrier will give us here. It can pessimize codegen and the PC still points to a random instruction. So I would wait until we have a reason to add the barrier.
And in the end compiler can move code around calls as well.

Closed by commit rGe33446ea58b8: tsan: make obtaining current PC faster (authored by dvyukov). · Explain WhyJul 15 2021, 8:34 AM
This revision was automatically updated to reflect the committed changes.
dvyukov added a commit: rGe33446ea58b8: tsan: make obtaining current PC faster.
thakis added a subscriber: thakis.Jul 15 2021, 9:19 AM

This seems to break building on arm macs: http://45.33.8.238/macm1/14037/step_4.txt

Please take a look.

dvyukov added a comment.Jul 15 2021, 9:20 AM

Looking. Thanks for the report.

thakis added a comment.Jul 15 2021, 9:53 AM

Looks like it's Mac builds on general, my Intel Mac is just slow to cycle: http://45.33.8.238/mac/33533/step_4.txt

dvyukov added a comment.Jul 15 2021, 10:00 AM

I've mailed https://reviews.llvm.org/D106078 that fixes it.

dvyukov added a comment.Jul 15 2021, 10:16 AM

FTR another fix for issues reported by bots:
https://reviews.llvm.org/D106081

https://lab.llvm.org/buildbot#builders/94/builds/4914
https://lab.llvm.org/buildbot#builders/100/builds/7355

thakis added a comment.Jul 15 2021, 2:55 PM

The tree's been broken for over 6h by now. Can we revert for now? (Or, ideally, like 5h ago?)

thakis added a reverting change: rG557855e047ae: Revert "tsan: make obtaining current PC faster".Jul 15 2021, 4:30 PM
thakis added a comment.Jul 15 2021, 4:30 PM

Reverted this (and follow-up https://reviews.llvm.org/D106081) in 557855e047aea53023165756586697c0f1cbc3ce.

dvyukov reopened this revision.Jul 16 2021, 9:40 AM
This revision is now accepted and ready to land.Jul 16 2021, 9:40 AM
dvyukov updated this revision to Diff 359370.Jul 16 2021, 9:56 AM

Rework the change after numerious bot breakages and reverts.
As some bot breakages shown new inlined frames can also affect
stack printing in sanitizer_common (for some malloc-related reports),
so removing the inlined frames only in tsan does not work.
Also relying on hardcoded function names is fragile.
Additionally with reduced debug info compiler may strip namespaces
and class names from debug info, so that e.g.
"__tsan::ScopedInterceptor::Foo" becomes just "Foo". Stripping such
frames is especially problematic and can collide with user frames.
I've also tried a different approach: for some stacks throw away
inlined functions for the top frame. This does not rely on matching
function names. It almost worked except that for tsan racing stacks
we don't really know if top PC is a user PC (need inline frames)
or it comes from an str/mem interceptor (don't need inline frames).
The current version gives up on introducing no code and adds a NOP,
which becomes the carrier of the proper debug info. This makes
everything much simpler and hopefully more reliable. But unfortunately
it makes the code arch-dependent, so for now it's x86-only.

Benchmarking shows it's still ~4x faster:

#include <stdio.h>

attribute((noinline)) unsigned long get_current_pc1() {
return (unsigned long)__builtin_return_address(0);
}

#define get_current_pc2() ({ here: asm("nop"); ((unsigned long) && here) + 1; })

int main(int argc, char** argv) {
const unsigned long iters = 1e10;
volatile unsigned long pc = 0;
if (argc == 1) {

		for (unsigned long i = 0; i < iters; i++)
			pc = get_current_pc1();

} else {

		for (unsigned long i = 0; i < iters; i++)
			pc = get_current_pc2();

}
}

pc1: 10.38
pc2: 2.58
pc1: 10.87
pc2: 2.56
pc1: 10.99
pc2: 2.59

dvyukov added a comment.Jul 16 2021, 9:57 AM

PTAL

dvyukov mentioned this in D106088: tsan: strip more top inlined internal frames.Jul 16 2021, 9:59 AM
dvyukov mentioned this in D106078: sanitizer_common: allow multiple GET_CURRENT_PC() in a function.
Harbormaster completed remote builds in B114537: Diff 359370.Jul 16 2021, 10:24 AM
vitalybuka accepted this revision.Jul 16 2021, 11:20 AM
pcc added a subscriber: pcc.Jul 16 2021, 11:29 AM
pcc added inline comments.
compiler-rt/lib/sanitizer_common/sanitizer_stacktrace.h
209

Maybe since this has to be arch-dependent anyway, instead of the NOP, you could put the LEA instruction here?

dvyukov updated this revision to Diff 359598.Jul 17 2021, 11:40 PM

Switch to using LEA RIP directly.

dvyukov added inline comments.Jul 17 2021, 11:52 PM
compiler-rt/lib/sanitizer_common/sanitizer_stacktrace.h
209

Right!
If we are x86-only and use asm anyway, that's reasonable.
This removes nop byte and avoids pedantic warnings re taking address of a label.
Unfortunately RIP is not supported in MOV instructions (?) (we need 0 offset anyway), so we still inject 4 byte offset.
Also, an asm block can be inlined now, so we could use this to simply speed up StackTrace::GetCurrentPc() for everybody. But StackTrace::GetCurrentPc() would appear on top of most stacks, and again unfortunately attribute artificial does not do what it claims to do. Well, maybe it marks the code with some fancy artificial attribute in later versions of DWARF, but it does not help, I still see it in our stacks. Maybe we could improve llvm-symbolizer to ignore artificial functions, we there does not seem to be a way to do this with addr2line symbolizer.
There is also attribute((no_debug)) (which I learnt about from D43259), but it's clang-only. I am also not sure if we it will work reliably, or it's merely a coincidence that it works. If we simply leave an instruction w/o debug info, I think some DWARF users will use line info from the previous instructions, which is not necessary the caller function, but may be some other inlined function in the caller.
So for now I stayed with a macro.

And now the test started failing because 2 subsequent GET_CURRENT_PC() invocations started to yield the same PC. Compiler figured out that asm blocks can be merged. I guess we could avoid that with volatile asm, but I think it's fine, we don't need specifically different PCs.

PTAL

Harbormaster completed remote builds in B114713: Diff 359598.Jul 18 2021, 12:19 AM
melver accepted this revision.Jul 19 2021, 2:48 AM

Given this is x86-only now, hopefully there won't be any new surprises.

This revision was landed with ongoing or failed builds.Jul 19 2021, 4:05 AM
Closed by commit rGbaa7f58973d4: tsan: make obtaining current PC faster (authored by dvyukov). · Explain Why
This revision was automatically updated to reflect the committed changes.
dvyukov added a commit: rGbaa7f58973d4: tsan: make obtaining current PC faster.

Revision Contents

PathSize
compiler-rt/
lib/
sanitizer_common/
21 lines
tests/
24 lines
tsan/
rtl/
16 lines

Diff 359740

compiler-rt/lib/sanitizer_common/sanitizer_stacktrace.h

Show First 20 LinesShow All 190 Lines▼ Show 20 Lines#define GET_CURRENT_PC_BP \
uptr bp = GET_CURRENT_FRAME(); \ uptr bp = GET_CURRENT_FRAME(); \
uptr pc = StackTrace::GetCurrentPc() uptr pc = StackTrace::GetCurrentPc()
#define GET_CURRENT_PC_BP_SP \ #define GET_CURRENT_PC_BP_SP \
GET_CURRENT_PC_BP; \ GET_CURRENT_PC_BP; \
uptr local_stack; \ uptr local_stack; \
uptr sp = (uptr)&local_stack uptr sp = (uptr)&local_stack
// GET_CURRENT_PC() is equivalent to StackTrace::GetCurrentPc().
melverUnsubmitted
Not Done
ReplyInline Actions

Previously the PC was obtained by a call and we sort of were guaranteed that the compiler wouldn't move code around.

Should this now include compiler barriers before/after?

melver: Previously the PC was obtained by a call and we sort of were guaranteed that the compiler…
dvyukovAuthorUnsubmitted
Done
ReplyInline Actions

I am not sure what a compiler barrier will give us here. It can pessimize codegen and the PC still points to a random instruction. So I would wait until we have a reason to add the barrier.
And in the end compiler can move code around calls as well.

dvyukov: I am not sure what a compiler barrier will give us here. It can pessimize codegen and the PC…
// Optimized x86 version is faster than GetCurrentPc because
// it does not involve a function call, instead it reads RIP register.
// Reads of RIP by an instruction return RIP pointing to the next
// instruction, which is exactly what we want here, thus 0 offset.
// It needs to be a macro because otherwise we will get the name
// of this function on the top of most stacks. Attribute artificial
// does not do what it claims to do, unfortunatley. And attribute
// __nodebug__ is clang-only. If we would have an attribute that
// would remove this function from debug info, we could simply make
// StackTrace::GetCurrentPc() faster.
pccUnsubmitted
Not Done
ReplyInline Actions

Maybe since this has to be arch-dependent anyway, instead of the NOP, you could put the LEA instruction here?

pcc: Maybe since this has to be arch-dependent anyway, instead of the NOP, you could put the LEA…
dvyukovAuthorUnsubmitted
Done
ReplyInline Actions

Right!
If we are x86-only and use asm anyway, that's reasonable.
This removes nop byte and avoids pedantic warnings re taking address of a label.
Unfortunately RIP is not supported in MOV instructions (?) (we need 0 offset anyway), so we still inject 4 byte offset.
Also, an asm block can be inlined now, so we could use this to simply speed up StackTrace::GetCurrentPc() for everybody. But StackTrace::GetCurrentPc() would appear on top of most stacks, and again unfortunately attribute artificial does not do what it claims to do. Well, maybe it marks the code with some fancy artificial attribute in later versions of DWARF, but it does not help, I still see it in our stacks. Maybe we could improve llvm-symbolizer to ignore artificial functions, we there does not seem to be a way to do this with addr2line symbolizer.
There is also attribute((no_debug)) (which I learnt about from D43259), but it's clang-only. I am also not sure if we it will work reliably, or it's merely a coincidence that it works. If we simply leave an instruction w/o debug info, I think some DWARF users will use line info from the previous instructions, which is not necessary the caller function, but may be some other inlined function in the caller.
So for now I stayed with a macro.

And now the test started failing because 2 subsequent GET_CURRENT_PC() invocations started to yield the same PC. Compiler figured out that asm blocks can be merged. I guess we could avoid that with volatile asm, but I think it's fine, we don't need specifically different PCs.

PTAL

dvyukov: Right! If we are x86-only and use asm anyway, that's reasonable. This removes nop byte and…
#if defined(__x86_64__)
# define GET_CURRENT_PC() \
({ \
uptr pc; \
asm("lea 0(%%rip), %0" : "=r"(pc)); \
pc; \
})
#else
# define GET_CURRENT_PC() StackTrace::GetCurrentPc()
#endif
#endif // SANITIZER_STACKTRACE_H #endif // SANITIZER_STACKTRACE_H

compiler-rt/lib/sanitizer_common/tests/sanitizer_stacktrace_test.cpp

Show First 20 LinesShow All 265 Lines▼ Show 20 LinesTEST(SlowUnwindTest, ShortStackTrace) {
EXPECT_EQ(0U, stack.size); EXPECT_EQ(0U, stack.size);
EXPECT_EQ(0U, stack.top_frame_bp); EXPECT_EQ(0U, stack.top_frame_bp);
stack.Unwind(pc, bp, nullptr, false, /*max_depth=*/1); stack.Unwind(pc, bp, nullptr, false, /*max_depth=*/1);
EXPECT_EQ(1U, stack.size); EXPECT_EQ(1U, stack.size);
EXPECT_EQ(pc, stack.trace[0]); EXPECT_EQ(pc, stack.trace[0]);
EXPECT_EQ(bp, stack.top_frame_bp); EXPECT_EQ(bp, stack.top_frame_bp);
} }
TEST(GetCurrentPc, Basic) {
// Test that PCs obtained via GET_CURRENT_PC()
// and StackTrace::GetCurrentPc() are all different
// and are close to the function start.
struct Local {
static NOINLINE void Test() {
const uptr pcs[] = {
(uptr)&Local::Test,
GET_CURRENT_PC(),
StackTrace::GetCurrentPc(),
StackTrace::GetCurrentPc(),
};
for (uptr i = 0; i < ARRAY_SIZE(pcs); i++)
Printf("pc%zu: %p\n", i, pcs[i]);
for (uptr i = 1; i < ARRAY_SIZE(pcs); i++) {
EXPECT_GT(pcs[i], pcs[0]);
EXPECT_LT(pcs[i], pcs[0] + 1000);
for (uptr j = 0; j < i; j++) EXPECT_NE(pcs[i], pcs[j]);
}
}
};
Local::Test();
}
// Dummy implementation. This should never be called, but is required to link // Dummy implementation. This should never be called, but is required to link
// non-optimized builds of this test. // non-optimized builds of this test.
void BufferedStackTrace::UnwindImpl(uptr pc, uptr bp, void *context, void BufferedStackTrace::UnwindImpl(uptr pc, uptr bp, void *context,
bool request_fast, u32 max_depth) { bool request_fast, u32 max_depth) {
UNIMPLEMENTED(); UNIMPLEMENTED();
} }
} // namespace __sanitizer } // namespace __sanitizer

compiler-rt/lib/tsan/rtl/tsan_interceptors.h

Show All 24 Lines
inline bool in_symbolizer() { inline bool in_symbolizer() {
cur_thread_init(); cur_thread_init();
return UNLIKELY(cur_thread()->in_symbolizer); return UNLIKELY(cur_thread()->in_symbolizer);
} }
#endif #endif
} // namespace __tsan } // namespace __tsan
#define SCOPED_INTERCEPTOR_RAW(func, ...) \ #define SCOPED_INTERCEPTOR_RAW(func, ...) \
cur_thread_init(); \ cur_thread_init(); \
ThreadState *thr = cur_thread(); \ ThreadState *thr = cur_thread(); \
const uptr caller_pc = GET_CALLER_PC(); \ const uptr caller_pc = GET_CALLER_PC(); \
ScopedInterceptor si(thr, #func, caller_pc); \ ScopedInterceptor si(thr, #func, caller_pc); \
const uptr pc = StackTrace::GetCurrentPc(); \ const uptr pc = GET_CURRENT_PC(); \
(void)pc; \ (void)pc; \
/**/ /**/
#define SCOPED_TSAN_INTERCEPTOR(func, ...) \ #define SCOPED_TSAN_INTERCEPTOR(func, ...) \
SCOPED_INTERCEPTOR_RAW(func, __VA_ARGS__); \ SCOPED_INTERCEPTOR_RAW(func, __VA_ARGS__); \
if (REAL(func) == 0) { \ if (REAL(func) == 0) { \
Report("FATAL: ThreadSanitizer: failed to intercept %s\n", #func); \ Report("FATAL: ThreadSanitizer: failed to intercept %s\n", #func); \
Die(); \ Die(); \
} \ } \
if (!thr->is_inited || thr->ignore_interceptors || thr->in_ignored_lib) \ if (!thr->is_inited || thr->ignore_interceptors || thr->in_ignored_lib) \
Show All 28 Lines