This is an archive of the discontinued LLVM Phabricator instance.

Differential D5401

Fixing line numbers of inlined allocas
ClosedPublic

Authored by wolfgangp on Sep 18 2014, 10:50 AM.

Details

Reviewers
dblaikie
echristo
Summary

When a function is inlined (for example, as a result of it carrying the attribute alwaysinline), the cloned instructions receive the call site’s line number information (per r210459). After cloning, the cloned alloca instructions are moved to the caller’s entry block, retaining the call site’s line number information.
When, subsequently, new instructions are generated at the start of the caller’s entry block (such as instructions generated by the stack-protector pass), they pick up the line number information from the entry block’s first instruction, which may be one of the cloned alloca instructions.

This can cause incorrect line number information being generated for the start of the calling function, with an inlined function’s call site being associated with the first stack-protector instruction, for example. Since the stack-protector instruction is likely deemed to be the end of the function prologue, breakpoints that are set using the function name will be set at the wrong location.

Example:

int attribute((always_inline)) foo()
{

int arr[10];
arr[0] = 5;
int sum = 4;
return sum;

}

extern void bar();

int main()
{

bar();
int i = foo();   <== breaking at ‘main’ will stop here because main’s function prologue gets foo’s call site’s line number.
return i;

}

The proposed fix is to modify the cloned alloca instructions’ debug information when they are moved to the caller’s entry block. Instead of the call site’s information they would get the same information as the instructions already at the start of the caller’s entry block, i.e. they place where they’re being moved to.

Note to the test case: the sspstrong attribute on the 'main' function is not necessary to make the test case pass, but if one were to generate a .o file the incorrect line numbers for the function prologue would not appear without the stack-protector instructions being generated.

Diff Detail

Event Timeline

wolfgangp updated this revision to Diff 13813.Sep 18 2014, 10:50 AM
wolfgangp retitled this revision from to Fixing line numbers of inlined allocas.
wolfgangp updated this object.
wolfgangp edited the test plan for this revision. (Show Details)
wolfgangp added a subscriber: Unknown Object (MLST).
wolfgangp added a comment.Oct 3 2014, 5:45 PM

ping...

wolfgangp added reviewers: echristo, dblaikie.Oct 13 2014, 1:07 PM
wolfgangp added a comment.Oct 15 2014, 9:40 AM

ping

aprantl added a subscriber: aprantl.Oct 15 2014, 9:54 AM

Wouldn't it be a better fix to use the proper location for the alloca and rather fix the backend to follow the inlinedAt references in the alloca's debug location when deciding the end of the prologue?

dblaikie edited edge metadata.Oct 15 2014, 10:34 AM

So currently if you have an instruction with no DebugLoc that's inlined
into a function with debug info, that instruction appears to get the
DebugLoc of the call site, yes? (if I'm understanding this correctly)

We could, maybe, ish, fix this by describing the instruction as inlined -
but our DebugLoc schema doesn't really have a way to describe "no specific
location, but it's inlined within this scope" (line/col 0, but with a
scope, maybe? Is line/col 0 the same as no DebugLoc? I guess it probably
is, but I'm not sure).

& what this patch is proposing is to special case static allocas with no
DebugLoc and assign them the same DebugLoc as other static allocas? (what
if there aren't any?) which should be the null DebugLoc. I suspect the more
general solution than this is to just ensure that instructions with no
DebugLoc continue to have no DebugLoc when they're inlined (they certainly
shouldn't end up with the call sites DebugLoc - without inlining info, etc).

But, yes, potentially from a source fidelity perspective we could see if a
0 line/col(/file) DebugLoc with scoping information could be used to
produce reasonable output, and then special case the prologue handling code
to be a bit smarter about instructions with DebugLocs... but I don't know
how smart that would end up being.

aprantl added a comment.Oct 15 2014, 10:44 AM
In D5401#8, @dblaikie wrote:

So currently if you have an instruction with no DebugLoc that's inlined
into a function with debug info, that instruction appears to get the
DebugLoc of the call site, yes? (if I'm understanding this correctly)

We could, maybe, ish, fix this by describing the instruction as inlined -
but our DebugLoc schema doesn't really have a way to describe "no specific
location, but it's inlined within this scope" (line/col 0, but with a
scope, maybe? Is line/col 0 the same as no DebugLoc? I guess it probably
is, but I'm not sure).

It isn't. No DebugLoc means reuse the location of the previous insn, or, if there was no previous insn, it means we are in the function prologue. Line 0 on the other hand is actually emitted in the line table and carries the special meaning: this is compiler-generated code with no source that could be associated with it. LLDB, for instance, treats line 0 as "always skip over this, the developer would never want to stop here". Clang uses this for ObjC retain/release calls inserted by the compiler, for instance.

& what this patch is proposing is to special case static allocas with no
DebugLoc and assign them the same DebugLoc as other static allocas? (what
if there aren't any?) which should be the null DebugLoc. I suspect the more
general solution than this is to just ensure that instructions with no
DebugLoc continue to have no DebugLoc when they're inlined (they certainly
shouldn't end up with the call sites DebugLoc - without inlining info, etc).

But, yes, potentially from a source fidelity perspective we could see if a
0 line/col(/file) DebugLoc with scoping information could be used to
produce reasonable output, and then special case the prologue handling code
to be a bit smarter about instructions with DebugLocs... but I don't know
how smart that would end up being.

echristo edited edge metadata.Oct 15 2014, 10:46 AM

if there aren't any?) which should be the null DebugLoc. I suspect the more
general solution than this is to just ensure that instructions with no
DebugLoc continue to have no DebugLoc when they're inlined (they certainly
shouldn't end up with the call sites DebugLoc - without inlining info, etc).

This is likely the right solution.

aprantl added a comment.Oct 15 2014, 10:58 AM
In D5401#10, @echristo wrote:

if there aren't any?) which should be the null DebugLoc. I suspect the more
general solution than this is to just ensure that instructions with no
DebugLoc continue to have no DebugLoc when they're inlined (they certainly
shouldn't end up with the call sites DebugLoc - without inlining info, etc).

This is likely the right solution.

Agreed, especially since we want the alloca in this example to be counted towards the prologue.

  • adrian
wolfgangp added a comment.Oct 15 2014, 11:22 AM
In D5401#11, @aprantl wrote:
In D5401#10, @echristo wrote:

if there aren't any?) which should be the null DebugLoc. I suspect the more
general solution than this is to just ensure that instructions with no
DebugLoc continue to have no DebugLoc when they're inlined (they certainly
shouldn't end up with the call sites DebugLoc - without inlining info, etc).

This is likely the right solution.

Agreed, especially since we want the alloca in this example to be counted towards the prologue.

  • adrian

Thank you for the input, gentlemen. I'm concerned by the following comment in fixupLineNumbers() in Transforms/Utils/InlineFunction.cpp:

// If the inlined instruction has no line number, make it look as if it
 // originates from the call location. This is important for
 // ((__always_inline__, __nodebug__)) functions which must use caller
 // location for all instructions in their function body.
 BI->setDebugLoc(TheCallDL);
dblaikie added a comment.Oct 15 2014, 11:30 AM
In D5401#12, @wolfgangp wrote:
In D5401#11, @aprantl wrote:
In D5401#10, @echristo wrote:

if there aren't any?) which should be the null DebugLoc. I suspect the more
general solution than this is to just ensure that instructions with no
DebugLoc continue to have no DebugLoc when they're inlined (they certainly
shouldn't end up with the call sites DebugLoc - without inlining info, etc).

This is likely the right solution.

Agreed, especially since we want the alloca in this example to be counted towards the prologue.

  • adrian

Thank you for the input, gentlemen. I'm concerned by the following comment in fixupLineNumbers() in Transforms/Utils/InlineFunction.cpp:

// If the inlined instruction has no line number, make it look as if it
 // originates from the call location. This is important for
 // ((__always_inline__, __nodebug__)) functions which must use caller
 // location for all instructions in their function body.
 BI->setDebugLoc(TheCallDL);

worth being concerned about - I wonder if we could detect that case specifically and special-case it.

I can imagine a few ways - literally checking whether the function we're inlining has the nodebug attribute (does that even persist to IR? Or does the frontend handle it entirely). Checking if the function we're inlining is a known debug info function (might have to build the FunctionDIs to have that around to reference... )...

What would happen to your test case if we had nodebug on the callee? I guess your solution would still work for that (adjusting the debugloc of the allocas) - maybe we're just going to have to clear the allocas' DebugLocs anyway?

To sum up:

If we special case non-debug functions when inlining, attributing their instructions to the call site, but non-debug instructions in debug functions were just persisted with no debug location then we'd still need to special case allocas from non-debug functions to avoid this bug in that case.

So it sounds like we need to special case the static allocas, but the special case should probably be to not add a debugloc for them (unlike other instructions).

Then there remains an open question as to whether, for debugloc-less instructions in non-nodebug functions, should they be treated the same as instructions in nodebug functions (attributed to the call site) or unattributed? (for now I'm happy to leave them handled the same way as nodebug instructions, attributing them to the call site)

echristo added a comment.Oct 15 2014, 11:37 AM

To sum up:

If we special case non-debug functions when inlining, attributing their instructions to the call site, but non-debug instructions in debug functions were just persisted with no debug location then we'd still need to special case allocas from non-debug functions to avoid this bug in that case.

Yep.

So it sounds like we need to special case the static allocas, but the special case should probably be to not add a debugloc for them (unlike other instructions).

Agreed.

Then there remains an open question as to whether, for debugloc-less instructions in non-nodebug functions, should they be treated the same as instructions in nodebug functions (attributed to the call site) or unattributed? (for now I'm happy to leave them handled the same way as nodebug instructions, attributing them to the call site)

Probably just leave them as is for now. It's not a great solution, but unless we want to construct a "nodebug" line node I think this is going to be the best.

wolfgangp added a comment.Oct 15 2014, 1:01 PM
In D5401#13, @dblaikie wrote:

What would happen to your test case if we had nodebug on the callee? I guess your solution would still work for that (adjusting the debugloc of the allocas) - maybe we're just going to have to clear the allocas' DebugLocs anyway?

FWIW, nodebug on the callee doesn't change anything since the callee's allocas have no DebugLoc in either case.

My original thought of adjusting the allocas' DebugLocs instead of just removing them was that an inlined alloca is equivalent to a caller's alloca and should be treated as such in every respect, but that's probably not exactly correct wrt debug information.

To sum up:

If we special case non-debug functions when inlining, attributing their instructions to the call site, but non-debug instructions in debug functions were just persisted with no debug location then we'd still need to special case allocas from non-debug functions to avoid this bug in that case.

So it sounds like we need to special case the static allocas, but the special case should probably be to not add a debugloc for them (unlike other instructions).

Yes. I'll prepare another patch.

Then there remains an open question as to whether, for debugloc-less instructions in non-nodebug functions, should they be treated the same as instructions in nodebug functions (attributed to the call site) or unattributed? (for now I'm happy to leave them handled the same way as nodebug instructions, attributing them to the call site)

wolfgangp updated this revision to Diff 14973.Oct 15 2014, 6:03 PM
wolfgangp edited edge metadata.

New patch avoiding updating the DebugLoc for static allocas when they are inlined.
No change to the test case.

dblaikie added inline comments.Oct 17 2014, 10:12 AM
lib/Transforms/Utils/InlineFunction.cpp
813

To avoid isa + cast, we'd probably write this as:

if (auto *AI = dyn_cast<AllocaInst>(BI))
  if (isa<Constant>(AI->getArraySize()))
    continue;

Also, given that static allocas are so special, is there not a more direct way to test for them than isa<Constant> on the array size?

test/DebugInfo/debug-info-always-inline.ll
8

Should we add nodebug to this function just to demonstrate why the other solutions we discussed were insufficient? (eg: we can't describe it as inlining, etc)

One day we might want to describe it as inlining in the non-nodebug case (and update the prologue handling code to cope with this), but we'd still need to do this for nodebug.

Or test both & describe that one /could/ change but mention the prologue complications.

Or just write a comment describing the gotchas here.

wolfgangp added inline comments.Oct 17 2014, 11:53 AM
lib/Transforms/Utils/InlineFunction.cpp
813

Regarding the static allocas, there is AllocaInst::isStaticAlloca() but it's not usable here because it tests for the instruction being part of the entry block, which the freshly inlined alloca is not (yet). Otherwise, isStaticAlloca also just tests for a constant array size.

Thanks for the pointer on the dyn_cast, I'll make that change.

Actually, I'm thinking now that my change is in the wrong place. It should be inside the if (DL.isUnkown()) branch. We only want to skip allocas that have no debug information to begin with, not the ones that do.

test/DebugInfo/debug-info-always-inline.ll
8

I think nodebug is handled by the front end, so the difference in the IR is simply that the individual instructions have no debug information. There does not seem to be any distinction on the function level.

I'll describe the problems with the allocas/prologue in more detail. There is the more general question of what to do with inlined instructions without debug info, but that seems beyond the scope of this patch. Do you want me to add the gist of the discussion to the test case?

wolfgangp updated this revision to Diff 15108.Oct 17 2014, 5:22 PM

Updated InlineFunction.cpp to incorporate David's comments and moved the check for static allocas to inside the check for unknown DebugLoc.

Added commentary to the test case describing the issues addressed by the patch.

Hope I caught all the points in the discussion...

dblaikie accepted this revision.Oct 20 2014, 1:17 PM
dblaikie edited edge metadata.

Looks good. Thanks for your patience/help.

This revision is now accepted and ready to land.Oct 20 2014, 1:17 PM
wolfgangp closed this revision.Aug 14 2015, 2:31 PM

Committed with r220255.

Revision Contents

PathSize
lib/
Transforms/
Utils/
6 lines
test/
DebugInfo/
143 lines

Diff 15108

lib/Transforms/Utils/InlineFunction.cpp

Context not available.
// originates from the call location. This is important for // originates from the call location. This is important for
// ((__always_inline__, __nodebug__)) functions which must use caller // ((__always_inline__, __nodebug__)) functions which must use caller
// location for all instructions in their function body. // location for all instructions in their function body.
// Don't update static allocas, as they may get moved later.
if (auto *AI = dyn_cast<AllocaInst>(BI))
if (isa<Constant>(AI->getArraySize()))
continue;
BI->setDebugLoc(TheCallDL); BI->setDebugLoc(TheCallDL);
} else { } else {
BI->setDebugLoc(updateInlinedAtInfo(DL, TheCallDL, BI->getContext())); BI->setDebugLoc(updateInlinedAtInfo(DL, TheCallDL, BI->getContext()));
Context not available.

test/DebugInfo/debug-info-always-inline.ll

; RUN: opt < %s -always-inline -S | FileCheck %s
;
; Generated from the following C++ source with:
; clang -cc1 -disable-llvm-optzns -emit-llvm -g -stack-protector 2 test.cpp
;
; /* BEGIN SOURCE */
; int __attribute__((always_inline)) foo()
; {
dblaikieUnsubmitted
Not Done
ReplyInline Actions

Should we add nodebug to this function just to demonstrate why the other solutions we discussed were insufficient? (eg: we can't describe it as inlining, etc)

One day we might want to describe it as inlining in the non-nodebug case (and update the prologue handling code to cope with this), but we'd still need to do this for nodebug.

Or test both & describe that one /could/ change but mention the prologue complications.

Or just write a comment describing the gotchas here.

dblaikie: Should we add nodebug to this function just to demonstrate why the other solutions we discussed…
wolfgangpAuthorUnsubmitted
Not Done
ReplyInline Actions

I think nodebug is handled by the front end, so the difference in the IR is simply that the individual instructions have no debug information. There does not seem to be any distinction on the function level.

I'll describe the problems with the allocas/prologue in more detail. There is the more general question of what to do with inlined instructions without debug info, but that seems beyond the scope of this patch. Do you want me to add the gist of the discussion to the test case?

wolfgangp: I think nodebug is handled by the front end, so the difference in the IR is simply that the…
; int arr[10];
; arr[0] = 5;
; int sum = 4;
; return sum;
; }
;
; extern void bar();
;
; int main()
; {
; bar();
; int i = foo();
; return i;
; }
; /* END SOURCE */
; The patch that includes this test case, is addressing the following issue:
;
; When functions are inlined, instructions without debug information
; are attributed with the call site's DebugLoc. After inlining, inlined static
; allocas are moved to the caller's entry block, adjacent to the caller's original
; static alloca instructions. By retaining the call site's DebugLoc, these instructions
; may cause instructions that are subsequently inserted at the entry block to pick
; up the same DebugLoc.
;
; In the offending case stack protection inserts an instruction at the caller's
; entry block, which inadvertently picks up the inlined call's DebugLoc, because
; the entry block's first instruction is the recently moved inlined alloca instruction.
;
; The stack protection instruction then becomes part of the function prologue, with the
; result that the line number that is associated with the stack protection instruction
; is deemed to be the end of the function prologue. Since this line number is the
; call site's line number, setting a breakpoint at the function in the debugger
; will make the user stop at the line of the inlined call.
; Note that without the stack protection instruction this effect would not occur
; because the allocas all get collapsed into a single instruction that reserves
; stack space and have no further influence on the prologue's line number information.
; The selected solution is to not attribute static allocas with the call site's
; DebugLoc.
; At some point in the future, it may be desirable to describe the inlining
; in the alloca instructions, but then the code that handles prologues must
; be able to handle this correctly, including the late insertion of instructions
; into it.
; In this context it is also important to distingush between functions
; with the "nodebug" attribute and those without it. Alloca instructions from
; nodebug functions should continue to have no DebugLoc, whereas those from
; non-nodebug functions (i.e. functions with debug information) may want to
; have their DebugLocs augmented with inlining information.
; Make sure that after inlining the call to foo() the alloca instructions for
; arr.i and sum.i do not retain debug information.
; CHECK: %arr.i = alloca [10 x i32], align {{[0-9]*$}}
; CHECK: %sum.i = alloca i32, align {{[0-9]*$}}
; ModuleID = 'test.cpp'
target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"
; Function Attrs: alwaysinline nounwind sspstrong
define i32 @_Z3foov() #0 {
entry:
%arr = alloca [10 x i32], align 16
%sum = alloca i32, align 4
call void @llvm.dbg.declare(metadata !{[10 x i32]* %arr}, metadata !14), !dbg !18
%arrayidx = getelementptr inbounds [10 x i32]* %arr, i32 0, i64 0, !dbg !19
store i32 5, i32* %arrayidx, align 4, !dbg !19
call void @llvm.dbg.declare(metadata !{i32* %sum}, metadata !20), !dbg !21
store i32 4, i32* %sum, align 4, !dbg !21
%0 = load i32* %sum, align 4, !dbg !22
ret i32 %0, !dbg !22
}
; Function Attrs: nounwind readnone
declare void @llvm.dbg.declare(metadata, metadata) #1
; Function Attrs: nounwind sspstrong
define i32 @main() #2 {
entry:
%retval = alloca i32, align 4
%i = alloca i32, align 4
store i32 0, i32* %retval
call void @_Z3barv(), !dbg !23
call void @llvm.dbg.declare(metadata !{i32* %i}, metadata !24), !dbg !25
%call = call i32 @_Z3foov(), !dbg !25
store i32 %call, i32* %i, align 4, !dbg !25
%0 = load i32* %i, align 4, !dbg !26
ret i32 %0, !dbg !26
}
declare void @_Z3barv() #3
attributes #0 = { alwaysinline nounwind sspstrong "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-realign-stack" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" }
attributes #1 = { nounwind readnone }
attributes #2 = { nounwind sspstrong "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-realign-stack" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" }
attributes #3 = { "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-realign-stack" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" }
!llvm.dbg.cu = !{!0}
!llvm.module.flags = !{!11, !12}
!llvm.ident = !{!13}
!0 = metadata !{i32 786449, metadata !1, i32 4, metadata !"clang version 3.6.0 (217844)", i1 false, metadata !"", i32 0, metadata !2, metadata !2, metadata !3, metadata !2, metadata !2, metadata !"", i32 1} ; [ DW_TAG_compile_unit ] [/home/user/test/<stdin>] [DW_LANG_C_plus_plus]
!1 = metadata !{metadata !"<stdin>", metadata !"/home/user/test"}
!2 = metadata !{}
!3 = metadata !{metadata !4, metadata !10}
!4 = metadata !{i32 786478, metadata !5, metadata !6, metadata !"foo", metadata !"foo", metadata !"_Z3foov", i32 1, metadata !7, i1 false, i1 true, i32 0, i32 0, null, i32 256, i1 false, i32 ()* @_Z3foov, null, null, metadata !2, i32 2} ; [ DW_TAG_subprogram ] [line 1] [def] [scope 2] [foo]
!5 = metadata !{metadata !"test.cpp", metadata !"/home/user/test"}
!6 = metadata !{i32 786473, metadata !5} ; [ DW_TAG_file_type ] [/home/user/test/test.cpp]
!7 = metadata !{i32 786453, i32 0, null, metadata !"", i32 0, i64 0, i64 0, i64 0, i32 0, null, metadata !8, i32 0, null, null, null} ; [ DW_TAG_subroutine_type ] [line 0, size 0, align 0, offset 0] [from ]
!8 = metadata !{metadata !9}
!9 = metadata !{i32 786468, null, null, metadata !"int", i32 0, i64 32, i64 32, i64 0, i32 0, i32 5} ; [ DW_TAG_base_type ] [int] [line 0, size 32, align 32, offset 0, enc DW_ATE_signed]
!10 = metadata !{i32 786478, metadata !5, metadata !6, metadata !"main", metadata !"main", metadata !"", i32 11, metadata !7, i1 false, i1 true, i32 0, i32 0, null, i32 256, i1 false, i32 ()* @main, null, null, metadata !2, i32 12} ; [ DW_TAG_subprogram ] [line 11] [def] [scope 12] [main]
!11 = metadata !{i32 2, metadata !"Dwarf Version", i32 4}
!12 = metadata !{i32 2, metadata !"Debug Info Version", i32 1}
!13 = metadata !{metadata !"clang version 3.6.0 (217844)"}
!14 = metadata !{i32 786688, metadata !4, metadata !"arr", metadata !6, i32 3, metadata !15, i32 0, i32 0} ; [ DW_TAG_auto_variable ] [arr] [line 3]
!15 = metadata !{i32 786433, null, null, metadata !"", i32 0, i64 320, i64 32, i32 0, i32 0, metadata !9, metadata !16, i32 0, null, null, null} ; [ DW_TAG_array_type ] [line 0, size 320, align 32, offset 0] [from int]
!16 = metadata !{metadata !17}
!17 = metadata !{i32 786465, i64 0, i64 10} ; [ DW_TAG_subrange_type ] [0, 9]
!18 = metadata !{i32 3, i32 0, metadata !4, null}
!19 = metadata !{i32 4, i32 0, metadata !4, null}
!20 = metadata !{i32 786688, metadata !4, metadata !"sum", metadata !6, i32 5, metadata !9, i32 0, i32 0} ; [ DW_TAG_auto_variable ] [sum] [line 5]
!21 = metadata !{i32 5, i32 0, metadata !4, null}
!22 = metadata !{i32 6, i32 0, metadata !4, null}
!23 = metadata !{i32 13, i32 0, metadata !10, null}
!24 = metadata !{i32 786688, metadata !10, metadata !"i", metadata !6, i32 14, metadata !9, i32 0, i32 0} ; [ DW_TAG_auto_variable ] [i] [line 14]
!25 = metadata !{i32 14, i32 0, metadata !10, null}
!26 = metadata !{i32 15, i32 0, metadata !10, null}