This is an archive of the discontinued LLVM Phabricator instance.

Differential D32378

Insert invariant.group.barrier for pointers comparisons
AbandonedPublic

Authored by Prazek on Apr 21 2017, 2:52 PM.

Details

Reviewers
rjmccall
rsmith
Summary

This code was wrongly devirtualized before:

A* a = new A;
a->foo();
A* b = new(a) B;

if (a == b)
  b->foo();

Now we insert barrier before comparing dynamic pointers.

Diff Detail

Event Timeline

Prazek created this revision.Apr 21 2017, 2:52 PM
Prazek added a child revision: D32110: Emit invariant.group loads with empty group md.Apr 21 2017, 2:53 PM
Prazek retitled this revision from Insert invariant.group.barrier for pointers comparsons to Insert invariant.group.barrier for pointers comparisons.Apr 21 2017, 3:06 PM
rsmith added inline comments.Apr 21 2017, 3:41 PM
lib/CodeGen/CGExprScalar.cpp
3066–3067

I think we need to do this regardless of optimization level -- if we LTO together a -O0 translation unit with a -O2 translation unit, we still need this protection for the comparisons in the -O0 TU.

(IIRC we chose to make -fstrict-vtable-pointers an IR-level ABI break, but we shouldn't do the same thing for optimization level.)

Prazek marked an inline comment as done.Apr 23 2017, 9:40 AM
Prazek added inline comments.
lib/CodeGen/CGExprScalar.cpp
3066–3067

sounds good

Prazek updated this revision to Diff 96311.Apr 23 2017, 9:40 AM
Prazek marked an inline comment as done.

Addressing Richard's comment

Prazek marked an inline comment as done.Apr 23 2017, 9:40 AM
Prazek added a comment.Apr 23 2017, 9:52 AM

This is actually good catch, we also need to do it when inserting barrier in placement new.
I think that for the ctors and dtors we can do it only with optimizations enabled, because if optimizations are not enabled then ctors and dtors won't have the invariant.group in stores.

Prazek updated this revision to Diff 96371.Apr 24 2017, 3:28 AM

Don't add barrier if compared with nullptr. With this it reduces added
barriers to compares by half. Note that we will transform barrier(null) -> barrier
in llvm

Prazek added a parent revision: D32423: Constant fold launder of null and undef.Apr 24 2017, 3:42 AM
hubert.reinterpretcast added a subscriber: hubert.reinterpretcast.Apr 30 2017, 8:38 PM

Has it been discussed whether this is something to be addressed in the optimizer as opposed to the front-end?

lib/CodeGen/CGExprScalar.cpp
3069

Consider:

extern "C" int printf(const char *, ...);
void *operator new(decltype(sizeof 0), void *);

struct A {
  virtual void foo() { printf("%s\n", __PRETTY_FUNCTION__); }
  int m;
  int *zip() { return &m; }
};

struct B : A {
  virtual void foo() { printf("%s\n", __PRETTY_FUNCTION__); }
};

int main(void) {
  A *ap = new A;
  ap->foo();
  int *const apz = ap->zip();
  B *bp = new (ap) B;
  if (apz == bp->zip()) {
    bp->foo();
  }
}
Prazek added a comment.May 3 2017, 8:41 AM
In D32378#741989, @hubert.reinterpretcast wrote:

Has it been discussed whether this is something to be addressed in the optimizer as opposed to the front-end?

The example that you showed is excellent. I didn't know that LLVM does the transformation with pointers and it clearly shows that we need the different approach.
I got following idea how to solve it in the middle end - drop all invariant.group metadata when we replace dominated uses based on the comparison. This works for simple cases, but it doesn't when the changed pointer
is passed to a not inlined function, or returned. The solution I see that does not satisfy me, is to put barriers between passed/returned pointer. I will bring it to mailing list

Prazek planned changes to this revision.May 3 2017, 9:24 AM
Prazek abandoned this revision.Feb 20 2018, 5:33 AM

Revision Contents

PathSize
lib/
CodeGen/
20 lines
test/
CodeGenCXX/
66 lines

Diff 96371

lib/CodeGen/CGExprScalar.cpp

Show First 20 LinesShow All 1,692 Lines▼ Show 20 LinesValue *ScalarExprEmitter::VisitCastExpr(CastExpr *CE) {
} }
case CK_ZeroToOCLQueue: { case CK_ZeroToOCLQueue: {
assert(DestTy->isQueueT() && "CK_ZeroToOCLQueue cast on non queue_t type"); assert(DestTy->isQueueT() && "CK_ZeroToOCLQueue cast on non queue_t type");
return llvm::Constant::getNullValue(ConvertType(DestTy)); return llvm::Constant::getNullValue(ConvertType(DestTy));
} }
case CK_IntToOCLSampler: case CK_IntToOCLSampler:
return CGF.CGM.createOpenCLIntToSamplerConversion(E, CGF); return CGF.CGM.createOpenCLIntToSamplerConversion(E, CGF);
} // end of switch } // end of switch
llvm_unreachable("unknown scalar cast"); llvm_unreachable("unknown scalar cast");
} }
Value *ScalarExprEmitter::VisitStmtExpr(const StmtExpr *E) { Value *ScalarExprEmitter::VisitStmtExpr(const StmtExpr *E) {
CodeGenFunction::StmtExprEvaluation eval(CGF); CodeGenFunction::StmtExprEvaluation eval(CGF);
▲ Show 20 LinesShow All 1,347 Lines▼ Show 20 Lines if (LHSTy->isVectorType() && !E->getType()->isVectorType()) {
return EmitScalarConversion(Result, CGF.getContext().BoolTy, E->getType(), return EmitScalarConversion(Result, CGF.getContext().BoolTy, E->getType(),
E->getExprLoc()); E->getExprLoc());
} }
if (LHS->getType()->isFPOrFPVectorTy()) { if (LHS->getType()->isFPOrFPVectorTy()) {
Result = Builder.CreateFCmp(FCmpOpc, LHS, RHS, "cmp"); Result = Builder.CreateFCmp(FCmpOpc, LHS, RHS, "cmp");
} else if (LHSTy->hasSignedIntegerRepresentation()) { } else if (LHSTy->hasSignedIntegerRepresentation()) {
Result = Builder.CreateICmp(SICmpOpc, LHS, RHS, "cmp"); Result = Builder.CreateICmp(SICmpOpc, LHS, RHS, "cmp");
} else { } else { // Unsigned integers and pointers.
// Unsigned integers and pointers. if (CGF.CGM.getCodeGenOpts().StrictVTablePointers &&
!isa<llvm::ConstantPointerNull>(LHS) &&
rsmithUnsubmitted
Done
ReplyInline Actions

I think we need to do this regardless of optimization level -- if we LTO together a -O0 translation unit with a -O2 translation unit, we still need this protection for the comparisons in the -O0 TU.

(IIRC we chose to make -fstrict-vtable-pointers an IR-level ABI break, but we shouldn't do the same thing for optimization level.)

rsmith: I think we need to do this regardless of optimization level -- if we LTO together a -O0…
PrazekAuthorUnsubmitted
Done
ReplyInline Actions

sounds good

Prazek: sounds good
!isa<llvm::ConstantPointerNull>(RHS)) {
// Based on comparisons of pointers to dynamic objects, the optimizer
hubert.reinterpretcastUnsubmitted
Not Done
ReplyInline Actions

Consider:

extern "C" int printf(const char *, ...);
void *operator new(decltype(sizeof 0), void *);

struct A {
  virtual void foo() { printf("%s\n", __PRETTY_FUNCTION__); }
  int m;
  int *zip() { return &m; }
};

struct B : A {
  virtual void foo() { printf("%s\n", __PRETTY_FUNCTION__); }
};

int main(void) {
  A *ap = new A;
  ap->foo();
  int *const apz = ap->zip();
  B *bp = new (ap) B;
  if (apz == bp->zip()) {
    bp->foo();
  }
}
hubert.reinterpretcast: Consider: ``` extern "C" int printf(const char *, ...); void *operator new(decltype(sizeof 0)…
// can replace one pointer with another. This might result in
// replacing pointer after barrier to pointer before barrier,
// resulting in invalid devirtualization. Compare with null is safe.
if (auto *RD = LHSTy->getPointeeCXXRecordDecl())
if (!RD->isCompleteDefinition() || RD->isDynamicClass())
LHS = Builder.CreateInvariantGroupBarrier(LHS);
if (auto *RD = RHSTy->getPointeeCXXRecordDecl())
if (!RD->isCompleteDefinition() || RD->isDynamicClass())
RHS = Builder.CreateInvariantGroupBarrier(RHS);
}
Result = Builder.CreateICmp(UICmpOpc, LHS, RHS, "cmp"); Result = Builder.CreateICmp(UICmpOpc, LHS, RHS, "cmp");
} }
// If this is a vector comparison, sign extend the result to the appropriate // If this is a vector comparison, sign extend the result to the appropriate
// vector integer type and return it (don't convert to bool). // vector integer type and return it (don't convert to bool).
if (LHSTy->isVectorType()) if (LHSTy->isVectorType())
return Builder.CreateSExt(Result, ConvertType(E->getType()), "sext"); return Builder.CreateSExt(Result, ConvertType(E->getType()), "sext");
▲ Show 20 LinesShow All 683 LinesShow Last 20 Lines

test/CodeGenCXX/strict-vtable-pointers.cpp

Show First 20 LinesShow All 251 Lines▼ Show 20 Linesvoid UnionsBarriers2(U2 &u) {
// CHECK-NEW-NOT: call i8* @llvm.invariant.group.barrier(i8* // CHECK-NEW-NOT: call i8* @llvm.invariant.group.barrier(i8*
// CHECK-NEW: 42 // CHECK-NEW: 42
u.z += 42; u.z += 42;
// CHECK-NEW: call i8* @llvm.invariant.group.barrier(i8* // CHECK-NEW: call i8* @llvm.invariant.group.barrier(i8*
// CHECK-NEW: call void @_Z4takeR15HoldingVirtuals( // CHECK-NEW: call void @_Z4takeR15HoldingVirtuals(
take(u.h); take(u.h);
} }
// CHECK-NEW-LABEL: define void @_Z7comparev()
void compare() {
A *a = new A;
a->foo();
// CHECK-NEW: call i8* @llvm.invariant.group.barrier(i8*
A *b = new (a) B;
// CHECK-NEW: %[[a:.*]] = call i8* @llvm.invariant.group.barrier(i8*
// CHECK-NEW: %[[a2:.*]] = bitcast i8* %[[a]] to %struct.A*
// CHECK-NEW: %[[b:.*]] = call i8* @llvm.invariant.group.barrier(i8*
// CHECK-NEW: %[[b2:.*]] = bitcast i8* %[[b]] to %struct.A*
// CHECK-NEW: %cmp = icmp eq %struct.A* %[[a2]], %[[b2]]
if (a == b)
b->foo();
}
// CHECK-NEW-LABEL: compare2
bool compare2(A *a, A *a2) {
// CHECK-NEW: %[[a:.*]] = call i8* @llvm.invariant.group.barrier(i8*
// CHECK-NEW: %[[a2:.*]] = bitcast i8* %[[a]] to %struct.A*
// CHECK-NEW: %[[b:.*]] = call i8* @llvm.invariant.group.barrier(i8*
// CHECK-NEW: %[[b2:.*]] = bitcast i8* %[[b]] to %struct.A*
// CHECK-NEW: %cmp = icmp ult %struct.A* %[[a2]], %[[b2]]
return a < a2;
}
// CHECK-NEW-LABEL: compareIntPointers
bool compareIntPointers(int *a, int *b) {
// CHECK-NEW-NOT: call i8* @llvm.invariant.group.barrier
return a == b;
}
struct HoldingOtherVirtuals {
B b;
};
// There is no need to add barriers for comparision of pointer to classes
// that are not dynamic.
// CHECK-NEW-LABEL: compare5
bool compare5(HoldingOtherVirtuals *a, HoldingOtherVirtuals *b) {
// CHECK-NEW-NOT: call i8* @llvm.invariant.group.barrier
return a == b;
}
// CHECK-NEW-LABEL: compareNull
bool compareNull(A *a) {
// CHECK-NEW-NOT: call i8* @llvm.invariant.group.barrier
if (a != nullptr)
return false;
if (!a)
return false;
return a == nullptr;
}
struct X;
// We have to also introduce the barriers if comparing pointers to incomplete
// objects
// CHECK-NEW-LABEL: define zeroext i1 @_Z8compare4P1XS0_
bool compare4(X *x, X *x2) {
// CHECK-NEW: %[[x:.*]] = call i8* @llvm.invariant.group.barrier(i8*
// CHECK-NEW: %[[xp:.*]] = bitcast i8* %[[x]] to %struct.X*
// CHECK-NEW: %[[x2:.*]] = call i8* @llvm.invariant.group.barrier(i8*
// CHECK-NEW: %[[x2p:.*]] = bitcast i8* %[[x2]] to %struct.X*
// CHECK-NEW: %cmp = icmp eq %struct.X* %[[xp]], %[[x2p]]
return x == x2;
}
/** DTORS **/ /** DTORS **/
// CHECK-DTORS-LABEL: define linkonce_odr void @_ZN10StaticBaseD2Ev( // CHECK-DTORS-LABEL: define linkonce_odr void @_ZN10StaticBaseD2Ev(
// CHECK-DTORS-NOT: call i8* @llvm.invariant.group.barrier( // CHECK-DTORS-NOT: call i8* @llvm.invariant.group.barrier(
// CHECK-DTORS-LABEL: {{^}}} // CHECK-DTORS-LABEL: {{^}}}
// CHECK-DTORS-LABEL: define linkonce_odr void @_ZN25DynamicFromVirtualStatic2D2Ev( // CHECK-DTORS-LABEL: define linkonce_odr void @_ZN25DynamicFromVirtualStatic2D2Ev(
// CHECK-DTORS-NOT: invariant.barrier // CHECK-DTORS-NOT: invariant.barrier
Show All 28 Lines