This is an archive of the discontinued LLVM Phabricator instance.

Differential D82615

[HWASan] [GlobalISel] Add +tagged-globals backend feature for GlobalISel
ClosedPublic

Authored by hctim on Jun 25 2020, 5:19 PM.

Details

Reviewers
eugenis
pcc
ostannard
aemerson
arsenm
Commits
rG9a05fa10bd05: [HWASan] [GlobalISel] Add +tagged-globals backend feature for GlobalISel
Summary

GlobalISel is the default ISel for aarch64 at -O0. Prior to D78465, GlobalISel
didn't have support for dealing with address-of-global lowerings, so it fell
back to SelectionDAGISel.

HWASan Globals require special handling, as they contain the pointer tag in the
top 16-bits, and are thus outside the code model. We need to generate a movk
in the instruction sequence with a G3 relocation to ensure the bits are
relocated properly. This is implemented in SelectionDAGISel, this patch does
the same for GlobalISel.

GlobalISel and SelectionDAGISel differ in their lowering sequence, so there are
differences in the final instruction sequence, explained in
tagged-globals.ll. Both of these implementations are correct, but GlobalISel
is slightly larger code size / slightly slower (by a couple of arithmetic
instructions). I don't see this as a problem for now as GlobalISel is only on
by default at -O0.

Diff Detail

Event Timeline

hctim created this revision.Jun 25 2020, 5:19 PM
Herald added a project: Restricted Project. · View Herald TranscriptJun 25 2020, 5:19 PM
Herald added subscribers: llvm-commits, hiraditya, kristof.beyls, rovka. · View Herald Transcript
hctim updated this revision to Diff 273564.Jun 25 2020, 5:20 PM

First patchset was the wrong diff. Should be the right one now.

Herald added a project: Restricted Project. · View Herald TranscriptJun 25 2020, 5:20 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
hctim mentioned this in D82249: [HWASan] Disable GlobalISel/FastISel for HWASan Globals..Jun 25 2020, 5:40 PM
arsenm added inline comments.Jun 25 2020, 5:41 PM
llvm/lib/Target/AArch64/GISel/AArch64LegalizerInfo.cpp
693

Isn't this a copy of the original operand, so the further modifications don't do anything? Needs a reference?

694

Assuming this was modifying the original instruction, it needs to notify the change observer. Also you may need to guard against already legalized globals?

Harbormaster failed remote builds in B61851: Diff 273563!Jun 25 2020, 6:02 PM
Harbormaster failed remote builds in B61852: Diff 273564!
hctim added inline comments.Jun 26 2020, 11:23 AM
llvm/lib/Target/AArch64/GISel/AArch64LegalizerInfo.cpp
693

I'm admittedly not very familiar with the backend, the goal here is to emit a *new* movk instruction w/ an immediate that's relocated with R_AARCH64_MOVW_PREL_G3.

I assume that we want to copy the operand so that we can generate the right relocation here?

694

w.r.t the change observer, we're looking to add an instruction, not modify the existing. I don't fully understand when the CO needs to be notified, as the other two created instructions in this function (adrp + addlow) don't notify the CO. Can you please help me understand when/whether this is necessary?

hctim updated this revision to Diff 273791.Jun 26 2020, 11:24 AM
  • Reformat exported-tagged-globalc.
hctim added a reviewer: aemerson.Jun 26 2020, 11:25 AM
arsenm added inline comments.Jun 26 2020, 12:28 PM
llvm/lib/Target/AArch64/GISel/AArch64LegalizerInfo.cpp
693

You're copying the operand, and then you don't do anything with it after modifying it; you don't add Tag to the new instruction. In any case, having a freestanding MachineOperand value is a bad idea.

You're also creating a new generic virtual register for the selected instruction, so it needs a register class. You should create one with the final register class (I'm guessing AArch64::GPR64RegClass), and then set the type with MRI.setType (the above code does the same thing in the opposite order, by creating the vreg with a type and setting the class later)

Harbormaster failed remote builds in B61965: Diff 273791!Jun 26 2020, 1:08 PM
hctim updated this revision to Diff 273831.Jun 26 2020, 2:05 PM
hctim marked 4 inline comments as done.
  • Remove vestigal operand and set regclass properly.
llvm/lib/Target/AArch64/GISel/AArch64LegalizerInfo.cpp
693

Ah, yes - it's vestigal and can be removed, thanks!

I've also classed the vreg, thanks.

aemerson added a comment.Jun 26 2020, 2:52 PM

I'm not familiar with these types globals. Do you think there's any issue with the current design that would make it difficult to generate optimal code in future?

Harbormaster failed remote builds in B61988: Diff 273831!Jun 26 2020, 3:10 PM
hctim added a comment.Jun 26 2020, 3:48 PM
In D82615#2117979, @aemerson wrote:

I'm not familiar with these types globals. Do you think there's any issue with the current design that would make it difficult to generate optimal code in future?

No. This codegen should only apply with HWASan (and maybe MTE) in the future -- and the only thing that could need improvement is a slight change to the codegen that would allow the lo12 add to be folded into a subsequent ldr/str. This patch doesn't do that because of the comment over in tryFoldAddLowIntoImm(..): // TODO: Need to check GV's offset % size if doing offset folding into globals.

hctim added a comment.Jun 30 2020, 11:02 AM

Hi @arsenm - does this patch LGTY? Still unsure about whether we need to notify the CO here, if you could help advise that would be much appreciated. Thanks.

arsenm accepted this revision.Jun 30 2020, 11:28 AM

LGTM. You only need the change observer if you were modifying the original instruction in place

This revision is now accepted and ready to land.Jun 30 2020, 11:28 AM
Herald added a subscriber: wdng. · View Herald TranscriptJun 30 2020, 11:28 AM
aemerson accepted this revision.Jul 10 2020, 4:58 PM

jq3ysyuS

aemerson added a comment.Jul 10 2020, 5:01 PM
In D82615#2145444, @aemerson wrote:

jq3ysyuS

My 9 month old did this. LGTM anyway.

hctim updated this revision to Diff 282344.Jul 31 2020, 4:04 PM
hctim marked an inline comment as done.

Fix an OOB operand problem. ISel is smart enough to figure out the MO_G3
relocation should use a 48-bit shift, but assert()'s internally if the third
operand isn't specified.

Harbormaster completed remote builds in B66627: Diff 282344.Jul 31 2020, 4:51 PM
Closed by commit rG9a05fa10bd05: [HWASan] [GlobalISel] Add +tagged-globals backend feature for GlobalISel (authored by hctim). · Explain WhyAug 3 2020, 2:29 PM
This revision was automatically updated to reflect the committed changes.
hctim added a commit: rG9a05fa10bd05: [HWASan] [GlobalISel] Add +tagged-globals backend feature for GlobalISel.

Revision Contents

PathSize
compiler-rt/
test/
hwasan/
TestCases/
16 lines
llvm/
lib/
Target/
AArch64/
GISel/
23 lines
test/
CodeGen/
AArch64/
98 lines

Diff 282726

compiler-rt/test/hwasan/TestCases/exported-tagged-global.c

  • This file was added.
// RUN: %clang_hwasan %s -o %t
// RUN: %run %t
// RUN: %clang_hwasan -O1 %s -o %t
// RUN: %run %t
// RUN: %clang_hwasan -O1 -mllvm --aarch64-enable-global-isel-at-O=1 %s -o %t
// RUN: %run %t
static int global;
__attribute__((optnone)) int *address_of_global() { return &global; }
int main(int argc, char **argv) {
int *global_address = address_of_global();
*global_address = 13;
return 0;
}

llvm/lib/Target/AArch64/GISel/AArch64LegalizerInfo.cpp

Show First 20 LinesShow All 345 Lines▼ Show 20 Lines getActionDefinitionsBuilder(G_FCMP)
.widenScalarToNextPow2(1); .widenScalarToNextPow2(1);
// Extensions // Extensions
auto ExtLegalFunc = [=](const LegalityQuery &Query) { auto ExtLegalFunc = [=](const LegalityQuery &Query) {
unsigned DstSize = Query.Types[0].getSizeInBits(); unsigned DstSize = Query.Types[0].getSizeInBits();
if (DstSize == 128 && !Query.Types[0].isVector()) if (DstSize == 128 && !Query.Types[0].isVector())
return false; // Extending to a scalar s128 needs narrowing. return false; // Extending to a scalar s128 needs narrowing.
// Make sure that we have something that will fit in a register, and // Make sure that we have something that will fit in a register, and
// make sure it's a power of 2. // make sure it's a power of 2.
if (DstSize < 8 || DstSize > 128 || !isPowerOf2_32(DstSize)) if (DstSize < 8 || DstSize > 128 || !isPowerOf2_32(DstSize))
return false; return false;
const LLT &SrcTy = Query.Types[1]; const LLT &SrcTy = Query.Types[1];
// Special case for s1. // Special case for s1.
▲ Show 20 LinesShow All 308 Lines▼ Show 20 Lines if (OpFlags & AArch64II::MO_GOT)
return true; return true;
Register DstReg = MI.getOperand(0).getReg(); Register DstReg = MI.getOperand(0).getReg();
auto ADRP = MIRBuilder.buildInstr(AArch64::ADRP, {LLT::pointer(0, 64)}, {}) auto ADRP = MIRBuilder.buildInstr(AArch64::ADRP, {LLT::pointer(0, 64)}, {})
.addGlobalAddress(GV, 0, OpFlags | AArch64II::MO_PAGE); .addGlobalAddress(GV, 0, OpFlags | AArch64II::MO_PAGE);
// Set the regclass on the dest reg too. // Set the regclass on the dest reg too.
MRI.setRegClass(ADRP.getReg(0), &AArch64::GPR64RegClass); MRI.setRegClass(ADRP.getReg(0), &AArch64::GPR64RegClass);
// MO_TAGGED on the page indicates a tagged address. Set the tag now. We do so
// by creating a MOVK that sets bits 48-63 of the register to (global address
// + 0x100000000 - PC) >> 48. The additional 0x100000000 offset here is to
// prevent an incorrect tag being generated during relocation when the the
// global appears before the code section. Without the offset, a global at
// `0x0f00'0000'0000'1000` (i.e. at `0x1000` with tag `0xf`) that's referenced
// by code at `0x2000` would result in `0x0f00'0000'0000'1000 - 0x2000 =
// 0x0eff'ffff'ffff'f000`, meaning the tag would be incorrectly set to `0xe`
// instead of `0xf`.
// This assumes that we're in the small code model so we can assume a binary
// size of <= 4GB, which makes the untagged PC relative offset positive. The
// binary must also be loaded into address range [0, 2^48). Both of these
// properties need to be ensured at runtime when using tagged addresses.
if (OpFlags & AArch64II::MO_TAGGED) {
ADRP = MIRBuilder.buildInstr(AArch64::MOVKXi, {LLT::pointer(0, 64)}, {ADRP})
arsenmUnsubmitted
Done
ReplyInline Actions

Isn't this a copy of the original operand, so the further modifications don't do anything? Needs a reference?

arsenm: Isn't this a copy of the original operand, so the further modifications don't do anything?
hctimAuthorUnsubmitted
Done
ReplyInline Actions

I'm admittedly not very familiar with the backend, the goal here is to emit a *new* movk instruction w/ an immediate that's relocated with R_AARCH64_MOVW_PREL_G3.

I assume that we want to copy the operand so that we can generate the right relocation here?

hctim: I'm admittedly not very familiar with the backend, the goal here is to emit a *new* `movk`…
arsenmUnsubmitted
Done
ReplyInline Actions

You're copying the operand, and then you don't do anything with it after modifying it; you don't add Tag to the new instruction. In any case, having a freestanding MachineOperand value is a bad idea.

You're also creating a new generic virtual register for the selected instruction, so it needs a register class. You should create one with the final register class (I'm guessing AArch64::GPR64RegClass), and then set the type with MRI.setType (the above code does the same thing in the opposite order, by creating the vreg with a type and setting the class later)

arsenm: You're copying the operand, and then you don't do anything with it after modifying it; you…
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Ah, yes - it's vestigal and can be removed, thanks!

I've also classed the vreg, thanks.

hctim: Ah, yes - it's vestigal and can be removed, thanks! I've also classed the vreg, thanks.
.addGlobalAddress(GV, 0x100000000,
arsenmUnsubmitted
Done
ReplyInline Actions

Assuming this was modifying the original instruction, it needs to notify the change observer. Also you may need to guard against already legalized globals?

arsenm: Assuming this was modifying the original instruction, it needs to notify the change observer.
hctimAuthorUnsubmitted
Done
ReplyInline Actions

w.r.t the change observer, we're looking to add an instruction, not modify the existing. I don't fully understand when the CO needs to be notified, as the other two created instructions in this function (adrp + addlow) don't notify the CO. Can you please help me understand when/whether this is necessary?

hctim: w.r.t the change observer, we're looking to add an instruction, not modify the existing. I…
AArch64II::MO_PREL | AArch64II::MO_G3)
.addImm(48);
MRI.setRegClass(ADRP.getReg(0), &AArch64::GPR64RegClass);
}
MIRBuilder.buildInstr(AArch64::G_ADD_LOW, {DstReg}, {ADRP}) MIRBuilder.buildInstr(AArch64::G_ADD_LOW, {DstReg}, {ADRP})
.addGlobalAddress(GV, 0, .addGlobalAddress(GV, 0,
OpFlags | AArch64II::MO_PAGEOFF | AArch64II::MO_NC); OpFlags | AArch64II::MO_PAGEOFF | AArch64II::MO_NC);
MI.eraseFromParent(); MI.eraseFromParent();
return true; return true;
} }
bool AArch64LegalizerInfo::legalizeIntrinsic( bool AArch64LegalizerInfo::legalizeIntrinsic(
▲ Show 20 LinesShow All 123 LinesShow Last 20 Lines

llvm/test/CodeGen/AArch64/tagged-globals.ll

; RUN: llc < %s | FileCheck %s ; RUN: llc --relocation-model=static < %s \
; RUN: | FileCheck %s --check-prefixes=CHECK-STATIC,CHECK-SELECTIONDAGISEL
; RUN: llc --relocation-model=pic < %s \
; RUN: | FileCheck %s --check-prefix=CHECK-PIC
; Ensure that GlobalISel lowers correctly. GlobalISel is the default ISel for
; -O0 on aarch64. GlobalISel lowers the instruction sequence in the static
; relocation model different to SelectionDAGISel. GlobalISel does the lowering
; of AddLow *after* legalization, and thus doesn't differentiate between
; address-taken-only vs. address-taken-for-loadstore. Hence, we generate a movk
; instruction for load/store instructions as well with GlobalISel. GlobalISel
; also doesn't have the scaffolding to correctly check the bounds of the global
; offset, and cannot fold the lo12 bits into the load/store. Neither of these
; things are a problem as GlobalISel is only used by default at -O0, so we don't
; mind the code size and performance increase.
; RUN: llc --aarch64-enable-global-isel-at-O=0 -O0 < %s \
; RUN: | FileCheck %s --check-prefixes=CHECK-STATIC,CHECK-GLOBALISEL
; RUN: llc --aarch64-enable-global-isel-at-O=0 -O0 --relocation-model=pic < %s \
; RUN: | FileCheck %s --check-prefix=CHECK-PIC
target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128" target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128"
target triple = "aarch64-unknown-linux-android" target triple = "aarch64-unknown-linux-android"
@global = external hidden global i32 @global = external global i32
declare void @func() declare void @func()
define i32* @global_addr() #0 { define i32* @global_addr() #0 {
; CHECK: global_addr: ; Static relocation model has common codegen between SelectionDAGISel and
; CHECK: adrp x0, :pg_hi21_nc:global ; GlobalISel when the address-taken of a global isn't folded into a load or
; CHECK: movk x0, #:prel_g3:global+4294967296 ; store instruction.
; CHECK: add x0, x0, :lo12:global ; CHECK-STATIC: global_addr:
; CHECK-STATIC: adrp [[REG:x[0-9]+]], :pg_hi21_nc:global
; CHECK-STATIC: movk [[REG]], #:prel_g3:global+4294967296
; CHECK-STATIC: add x0, [[REG]], :lo12:global
; CHECK-STATIC: ret
; CHECK-PIC: global_addr:
; CHECK-PIC: adrp [[REG:x[0-9]+]], :got:global
; CHECK-PIC: ldr x0, {{\[}}[[REG]], :got_lo12:global]
; CHECK-PIC: ret
ret i32* @global ret i32* @global
} }
define i32 @global_load() #0 { define i32 @global_load() #0 {
; CHECK: global_load: ; CHECK-SELECTIONDAGISEL: global_load:
; CHECK: adrp x8, :pg_hi21_nc:global ; CHECK-SELECTIONDAGISEL: adrp [[REG:x[0-9]+]], :pg_hi21_nc:global
; CHECK: ldr w0, [x8, :lo12:global] ; CHECK-SELECTIONDAGISEL: ldr w0, {{\[}}[[REG]], :lo12:global{{\]}}
; CHECK-SELECTIONDAGISEL: ret
; CHECK-GLOBALISEL: global_load:
; CHECK-GLOBALISEL: adrp [[REG:x[0-9]+]], :pg_hi21_nc:global
; CHECK-GLOBALISEL: movk [[REG]], #:prel_g3:global+4294967296
; CHECK-GLOBALISEL: add [[REG]], [[REG]], :lo12:global
; CHECK-GLOBALISEL: ldr w0, {{\[}}[[REG]]{{\]}}
; CHECK-GLOBALISEL: ret
; CHECK-PIC: global_load:
; CHECK-PIC: adrp [[REG:x[0-9]+]], :got:global
; CHECK-PIC: ldr [[REG]], {{\[}}[[REG]], :got_lo12:global]
; CHECK-PIC: ldr w0, {{\[}}[[REG]]{{\]}}
; CHECK-PIC: ret
%load = load i32, i32* @global %load = load i32, i32* @global
ret i32 %load ret i32 %load
} }
define void @global_store() #0 {
; CHECK-SELECTIONDAGISEL: global_store:
; CHECK-SELECTIONDAGISEL: adrp [[REG:x[0-9]+]], :pg_hi21_nc:global
; CHECK-SELECTIONDAGISEL: str wzr, {{\[}}[[REG]], :lo12:global{{\]}}
; CHECK-SELECTIONDAGISEL: ret
; CHECK-GLOBALISEL: global_store:
; CHECK-GLOBALISEL: adrp [[REG:x[0-9]+]], :pg_hi21_nc:global
; CHECK-GLOBALISEL: movk [[REG]], #:prel_g3:global+4294967296
; CHECK-GLOBALISEL: add [[REG]], [[REG]], :lo12:global
; CHECK-GLOBALISEL: str wzr, {{\[}}[[REG]]{{\]}}
; CHECK-GLOBALISEL: ret
; CHECK-PIC: global_store:
; CHECK-PIC: adrp [[REG:x[0-9]+]], :got:global
; CHECK-PIC: ldr [[REG]], {{\[}}[[REG]], :got_lo12:global]
; CHECK-PIC: str wzr, {{\[}}[[REG]]{{\]}}
; CHECK-PIC: ret
store i32 0, i32* @global
ret void
}
define void ()* @func_addr() #0 { define void ()* @func_addr() #0 {
; CHECK: func_addr: ; CHECK-STATIC: func_addr:
; CHECK: adrp x0, func ; CHECK-STATIC: adrp [[REG:x[0-9]+]], func
; CHECK: add x0, x0, :lo12:func ; CHECK-STATIC: add x0, [[REG]], :lo12:func
; CHECK-STATIC: ret
; CHECK-PIC: func_addr:
; CHECK-PIC: adrp [[REG:x[0-9]+]], :got:func
; CHECK-PIC: ldr x0, {{\[}}[[REG]], :got_lo12:func]
; CHECK-PIC: ret
ret void ()* @func ret void ()* @func
} }
attributes #0 = { "target-features"="+tagged-globals" } attributes #0 = { "target-features"="+tagged-globals" }