This is an archive of the discontinued LLVM Phabricator instance.

Differential D83576

[BasicAA] Fix -basicaa-recphi for geps with negative offsets
ClosedPublic

Authored by dmgreen on Jul 10 2020, 10:33 AM.

Details

Reviewers
efriedma
hfinkel
fhahn
tobiasvk
Commits
rG00ed5355e45b: [BasicAA] Fix -basicaa-recphi for geps with negative offsets
rG311fafd2c90a: [BasicAA] Fix -basicaa-recphi for geps with negative offsets
Summary

As shown in D82998, the basic-aa-recphi option can cause miscompiles for gep's with negative constants. The option checks for recursive phi, that recurse through a contant gep. If it finds one, it performs aliasing calculations using the other phi operands with an unknown size, to specify that an unknown number of elements after the initial value are potentially accessed. This works fine expect where the constant is negative, as the size is still considered to be positive. So this patch checks to make sure that the constant is also positive.

I will not attempt to turn the option back on until after the branch is made next week, to give us lots of time to catch anything else. But this should hopefully fix the issues.

Diff Detail

Event Timeline

dmgreen created this revision.Jul 10 2020, 10:33 AM
Herald added a project: Restricted Project. · View Herald TranscriptJul 10 2020, 10:33 AM
Herald added subscribers: llvm-commits, hiraditya. · View Herald Transcript
dmgreen mentioned this in D82998: [BasicAA] Enable -basic-aa-recphi by default.Jul 10 2020, 10:35 AM
hfinkel added inline comments.Jul 10 2020, 2:00 PM
llvm/lib/Analysis/BasicAliasAnalysis.cpp
1686–1687

I would like to see the "The option checks for recursive phi, that recurse through a contant gep. If it finds one, it performs aliasing calculations using the other phi operands with an unknown size, to specify that an unknown number of elements after the initial value are potentially accessed. This works fine expect where the constant is negative, as the size is still considered to be positive. " part from the patch description -- that information -- in the comment here.

Also, can you make a lambda function do avoid the duplication of the comment and the condition in two places?

efriedma added inline comments.Jul 10 2020, 2:12 PM
llvm/lib/Analysis/BasicAliasAnalysis.cpp
1689

Please avoid getSExtValue() when you can, in favor of APInt methods.

Do we need to check the GEP is inbounds?

dmgreen updated this revision to Diff 277241.Jul 11 2020, 7:30 AM

Thanks. This creates a lambda, adds inbounds and isNegative, and updates some comments.

hfinkel accepted this revision.Jul 11 2020, 12:31 PM

LGTM

This revision is now accepted and ready to land.Jul 11 2020, 12:31 PM
Closed by commit rG311fafd2c90a: [BasicAA] Fix -basicaa-recphi for geps with negative offsets (authored by dmgreen). · Explain WhyJul 16 2020, 9:23 AM
This revision was automatically updated to reflect the committed changes.
xbolva00 added subscribers: nikic, xbolva00.Jul 19 2020, 12:33 PM

https://llvm-compile-time-tracker.com/compare.php?from=c74cfd40452d68966c0f22f85773aeef32118974&to=311fafd2c90aed5b3fed9566503eebe629f1e979&stat=instructions

Seems like a minor compile time regression.
@nikic

nikic added a comment.Jul 19 2020, 12:38 PM

@xbolva00 This is an artifact I've noticed a few times. When this code in BasicAA is changed, there is a measurable compile-time impact even for changes that should be NFC. I suspect that it triggers some inlining heuristic in a visible way, but never looked into it. I don't think there's anything problematic in this commit itself (it changes functionality that is currently disabled.)

hans added a comment.Jul 27 2020, 8:06 AM

Pushed to 11.x as 00ed5355e45b4d7e84366619dbbbb9df9b4aa816

Revision Contents

PathSize
llvm/
lib/
Analysis/
55 lines
test/
Analysis/
BasicAA/
10 lines

Diff 278518

llvm/lib/Analysis/BasicAliasAnalysis.cpp

Show First 20 LinesShow All 1,642 Lines▼ Show 20 Lines if (PN2->getParent() == PN->getParent()) {
AAQI.AliasCache.insert(std::make_pair(Locs, OrigAliasResult)); AAQI.AliasCache.insert(std::make_pair(Locs, OrigAliasResult));
assert(!Pair.second && "Entry must have existed"); assert(!Pair.second && "Entry must have existed");
Pair.first->second = OrigAliasResult; Pair.first->second = OrigAliasResult;
} }
return Alias; return Alias;
} }
SmallVector<Value *, 4> V1Srcs; SmallVector<Value *, 4> V1Srcs;
// For a recursive phi, that recurses through a contant gep, we can perform
// aliasing calculations using the other phi operands with an unknown size to
// specify that an unknown number of elements after the initial value are
// potentially accessed.
bool isRecursive = false; bool isRecursive = false;
auto CheckForRecPhi = [&](Value *PV) {
if (!EnableRecPhiAnalysis)
return false;
if (GEPOperator *PVGEP = dyn_cast<GEPOperator>(PV)) {
// Check whether the incoming value is a GEP that advances the pointer
// result of this PHI node (e.g. in a loop). If this is the case, we
// would recurse and always get a MayAlias. Handle this case specially
// below. We need to ensure that the phi is inbounds and has a constant
// positive operand so that we can check for alias with the initial value
// and an unknown but positive size.
if (PVGEP->getPointerOperand() == PN && PVGEP->isInBounds() &&
PVGEP->getNumIndices() == 1 && isa<ConstantInt>(PVGEP->idx_begin()) &&
!cast<ConstantInt>(PVGEP->idx_begin())->isNegative()) {
isRecursive = true;
return true;
}
}
return false;
};
if (PV) { if (PV) {
// If we have PhiValues then use it to get the underlying phi values. // If we have PhiValues then use it to get the underlying phi values.
const PhiValues::ValueSet &PhiValueSet = PV->getValuesForPhi(PN); const PhiValues::ValueSet &PhiValueSet = PV->getValuesForPhi(PN);
// If we have more phi values than the search depth then return MayAlias // If we have more phi values than the search depth then return MayAlias
// conservatively to avoid compile time explosion. The worst possible case // conservatively to avoid compile time explosion. The worst possible case
// is if both sides are PHI nodes. In which case, this is O(m x n) time // is if both sides are PHI nodes. In which case, this is O(m x n) time
// where 'm' and 'n' are the number of PHI sources. // where 'm' and 'n' are the number of PHI sources.
if (PhiValueSet.size() > MaxLookupSearchDepth) if (PhiValueSet.size() > MaxLookupSearchDepth)
return MayAlias; return MayAlias;
// Add the values to V1Srcs // Add the values to V1Srcs
for (Value *PV1 : PhiValueSet) { for (Value *PV1 : PhiValueSet) {
if (EnableRecPhiAnalysis) { if (CheckForRecPhi(PV1))
hfinkelUnsubmitted
Not Done
ReplyInline Actions

I would like to see the "The option checks for recursive phi, that recurse through a contant gep. If it finds one, it performs aliasing calculations using the other phi operands with an unknown size, to specify that an unknown number of elements after the initial value are potentially accessed. This works fine expect where the constant is negative, as the size is still considered to be positive. " part from the patch description -- that information -- in the comment here.

Also, can you make a lambda function do avoid the duplication of the comment and the condition in two places?

hfinkel: I would like to see the "The option checks for recursive phi, that recurse through a contant…
if (GEPOperator *PV1GEP = dyn_cast<GEPOperator>(PV1)) {
// Check whether the incoming value is a GEP that advances the pointer
// result of this PHI node (e.g. in a loop). If this is the case, we
// would recurse and always get a MayAlias. Handle this case specially
// below.
if (PV1GEP->getPointerOperand() == PN && PV1GEP->getNumIndices() == 1 &&
isa<ConstantInt>(PV1GEP->idx_begin())) {
isRecursive = true;
continue; continue;
}
}
}
V1Srcs.push_back(PV1); V1Srcs.push_back(PV1);
efriedmaUnsubmitted
Not Done
ReplyInline Actions

Please avoid getSExtValue() when you can, in favor of APInt methods.

Do we need to check the GEP is inbounds?

efriedma: Please avoid getSExtValue() when you can, in favor of APInt methods. Do we need to check the…
} }
} else { } else {
// If we don't have PhiInfo then just look at the operands of the phi itself // If we don't have PhiInfo then just look at the operands of the phi itself
// FIXME: Remove this once we can guarantee that we have PhiInfo always // FIXME: Remove this once we can guarantee that we have PhiInfo always
SmallPtrSet<Value *, 4> UniqueSrc; SmallPtrSet<Value *, 4> UniqueSrc;
for (Value *PV1 : PN->incoming_values()) { for (Value *PV1 : PN->incoming_values()) {
if (isa<PHINode>(PV1)) if (isa<PHINode>(PV1))
// If any of the source itself is a PHI, return MayAlias conservatively // If any of the source itself is a PHI, return MayAlias conservatively
// to avoid compile time explosion. The worst possible case is if both // to avoid compile time explosion. The worst possible case is if both
// sides are PHI nodes. In which case, this is O(m x n) time where 'm' // sides are PHI nodes. In which case, this is O(m x n) time where 'm'
// and 'n' are the number of PHI sources. // and 'n' are the number of PHI sources.
return MayAlias; return MayAlias;
if (EnableRecPhiAnalysis) if (CheckForRecPhi(PV1))
if (GEPOperator *PV1GEP = dyn_cast<GEPOperator>(PV1)) {
// Check whether the incoming value is a GEP that advances the pointer
// result of this PHI node (e.g. in a loop). If this is the case, we
// would recurse and always get a MayAlias. Handle this case specially
// below.
if (PV1GEP->getPointerOperand() == PN && PV1GEP->getNumIndices() == 1 &&
isa<ConstantInt>(PV1GEP->idx_begin())) {
isRecursive = true;
continue; continue;
}
}
if (UniqueSrc.insert(PV1).second) if (UniqueSrc.insert(PV1).second)
V1Srcs.push_back(PV1); V1Srcs.push_back(PV1);
} }
} }
// If V1Srcs is empty then that means that the phi has no underlying non-phi // If V1Srcs is empty then that means that the phi has no underlying non-phi
// value. This should only be possible in blocks unreachable from the entry // value. This should only be possible in blocks unreachable from the entry
▲ Show 20 LinesShow All 409 LinesShow Last 20 Lines

llvm/test/Analysis/BasicAA/recphi.ll

Show First 20 LinesShow All 86 Lines▼ Show 20 Lines
; CHECK-LABEL: Function: reverse: 6 pointers, 0 call sites ; CHECK-LABEL: Function: reverse: 6 pointers, 0 call sites
; CHECK: MustAlias: [10 x i32]* %tab, i8* %0 ; CHECK: MustAlias: [10 x i32]* %tab, i8* %0
; CHECK: MustAlias: [10 x i32]* %tab, i32* %arrayidx ; CHECK: MustAlias: [10 x i32]* %tab, i32* %arrayidx
; CHECK: MustAlias: i32* %arrayidx, i8* %0 ; CHECK: MustAlias: i32* %arrayidx, i8* %0
; CHECK: PartialAlias: [10 x i32]* %tab, i32* %arrayidx1 ; CHECK: PartialAlias: [10 x i32]* %tab, i32* %arrayidx1
; CHECK: NoAlias: i32* %arrayidx1, i8* %0 ; CHECK: NoAlias: i32* %arrayidx1, i8* %0
; CHECK: NoAlias: i32* %arrayidx, i32* %arrayidx1 ; CHECK: NoAlias: i32* %arrayidx, i32* %arrayidx1
; CHECK: MayAlias: [10 x i32]* %tab, i32* %p.addr.05.i ; CHECK: MayAlias: [10 x i32]* %tab, i32* %p.addr.05.i
; CHECK: NoAlias: i32* %p.addr.05.i, i8* %0 ; CHECK: MayAlias: i32* %p.addr.05.i, i8* %0
; CHECK: NoAlias: i32* %arrayidx, i32* %p.addr.05.i ; CHECK: MayAlias: i32* %arrayidx, i32* %p.addr.05.i
; CHECK: MayAlias: i32* %arrayidx1, i32* %p.addr.05.i ; CHECK: MayAlias: i32* %arrayidx1, i32* %p.addr.05.i
; CHECK: MayAlias: [10 x i32]* %tab, i32* %incdec.ptr.i ; CHECK: MayAlias: [10 x i32]* %tab, i32* %incdec.ptr.i
; CHECK: MayAlias: i32* %incdec.ptr.i, i8* %0 ; CHECK: MayAlias: i32* %incdec.ptr.i, i8* %0
; CHECK: MayAlias: i32* %arrayidx, i32* %incdec.ptr.i ; CHECK: MayAlias: i32* %arrayidx, i32* %incdec.ptr.i
; CHECK: MayAlias: i32* %arrayidx1, i32* %incdec.ptr.i ; CHECK: MayAlias: i32* %arrayidx1, i32* %incdec.ptr.i
; CHECK: NoAlias: i32* %incdec.ptr.i, i32* %p.addr.05.i ; CHECK: NoAlias: i32* %incdec.ptr.i, i32* %p.addr.05.i
define i32 @reverse() nounwind { define i32 @reverse() nounwind {
entry: entry:
Show All 31 Lines
if.end: ; preds = %f.exit if.end: ; preds = %f.exit
ret i32 0 ret i32 0
} }
; CHECK-LABEL: Function: negative: 6 pointers, 1 call sites ; CHECK-LABEL: Function: negative: 6 pointers, 1 call sites
; CHECK: NoAlias: [3 x i16]* %int_arr.10, i16** %argv.6.par ; CHECK: NoAlias: [3 x i16]* %int_arr.10, i16** %argv.6.par
; CHECK: NoAlias: i16* %_tmp1, i16** %argv.6.par ; CHECK: NoAlias: i16* %_tmp1, i16** %argv.6.par
; CHECK: PartialAlias: [3 x i16]* %int_arr.10, i16* %_tmp1 ; CHECK: PartialAlias: [3 x i16]* %int_arr.10, i16* %_tmp1
; CHECK: NoAlias: i16* %ls1.9.0, i16** %argv.6.par ; CHECK: MayAlias: i16* %ls1.9.0, i16** %argv.6.par
; CHECK: MayAlias: [3 x i16]* %int_arr.10, i16* %ls1.9.0 ; CHECK: MayAlias: [3 x i16]* %int_arr.10, i16* %ls1.9.0
; CHECK: MayAlias: i16* %_tmp1, i16* %ls1.9.0 ; CHECK: MayAlias: i16* %_tmp1, i16* %ls1.9.0
; CHECK: NoAlias: i16* %_tmp7, i16** %argv.6.par ; CHECK: MayAlias: i16* %_tmp7, i16** %argv.6.par
; CHECK: MayAlias: [3 x i16]* %int_arr.10, i16* %_tmp7 ; CHECK: MayAlias: [3 x i16]* %int_arr.10, i16* %_tmp7
; CHECK: MayAlias: i16* %_tmp1, i16* %_tmp7 ; CHECK: MayAlias: i16* %_tmp1, i16* %_tmp7
; CHECK: NoAlias: i16* %_tmp7, i16* %ls1.9.0 ; CHECK: NoAlias: i16* %_tmp7, i16* %ls1.9.0
; CHECK: NoAlias: i16* %_tmp11, i16** %argv.6.par ; CHECK: NoAlias: i16* %_tmp11, i16** %argv.6.par
; CHECK: PartialAlias: [3 x i16]* %int_arr.10, i16* %_tmp11 ; CHECK: PartialAlias: [3 x i16]* %int_arr.10, i16* %_tmp11
; CHECK: NoAlias: i16* %_tmp1, i16* %_tmp11 ; CHECK: NoAlias: i16* %_tmp1, i16* %_tmp11
; CHECK: NoAlias: i16* %_tmp11, i16* %ls1.9.0 ; CHECK: MayAlias: i16* %_tmp11, i16* %ls1.9.0
; CHECK: MayAlias: i16* %_tmp11, i16* %_tmp7 ; CHECK: MayAlias: i16* %_tmp11, i16* %_tmp7
; CHECK: Both ModRef: Ptr: i16** %argv.6.par <-> %_tmp16 = call i16 @call(i32 %_tmp13) ; CHECK: Both ModRef: Ptr: i16** %argv.6.par <-> %_tmp16 = call i16 @call(i32 %_tmp13)
; CHECK: NoModRef: Ptr: [3 x i16]* %int_arr.10 <-> %_tmp16 = call i16 @call(i32 %_tmp13) ; CHECK: NoModRef: Ptr: [3 x i16]* %int_arr.10 <-> %_tmp16 = call i16 @call(i32 %_tmp13)
; CHECK: NoModRef: Ptr: i16* %_tmp1 <-> %_tmp16 = call i16 @call(i32 %_tmp13) ; CHECK: NoModRef: Ptr: i16* %_tmp1 <-> %_tmp16 = call i16 @call(i32 %_tmp13)
; CHECK: Both ModRef: Ptr: i16* %ls1.9.0 <-> %_tmp16 = call i16 @call(i32 %_tmp13) ; CHECK: Both ModRef: Ptr: i16* %ls1.9.0 <-> %_tmp16 = call i16 @call(i32 %_tmp13)
; CHECK: Both ModRef: Ptr: i16* %_tmp7 <-> %_tmp16 = call i16 @call(i32 %_tmp13) ; CHECK: Both ModRef: Ptr: i16* %_tmp7 <-> %_tmp16 = call i16 @call(i32 %_tmp13)
; CHECK: NoModRef: Ptr: i16* %_tmp11 <-> %_tmp16 = call i16 @call(i32 %_tmp13) ; CHECK: NoModRef: Ptr: i16* %_tmp11 <-> %_tmp16 = call i16 @call(i32 %_tmp13)
define i16 @negative(i16 %argc.5.par, i16** nocapture readnone %argv.6.par) { define i16 @negative(i16 %argc.5.par, i16** nocapture readnone %argv.6.par) {
Show All 29 Lines