This is an archive of the discontinued LLVM Phabricator instance.

Differential D99791

[CGCall] Annotate pointer argument with alignment
AbandonedPublic

Authored by lebedev.ri on Apr 2 2021, 2:05 AM.

Details

Reviewers
efriedma
rjmccall
rsmith
erichkeane
aaron.ballman
nikic
Summary

Same idea as D99790.

As it is being noted in D99249, lack of alignment information on this has been preventing LICM from happening.
For some time now, lack of alignment attribute does *not* imply natural alignment, but an alignment of 1.

This causes quite a bit of clang tests to tail:

Testing Time: 167.48s
  Unsupported      :    69
  Passed           : 27038
  Expectedly Failed:    29
  Failed           :   370
FAILED: tools/clang/test/CMakeFiles/check-clang

so before i pointlessly go mad updating each one of them,
is this generally correct, or are we not allowed to do this?
Are there some further preconditions missing?

Diff Detail

Unit TestsFailed

TimeTest
90 msx64 debian > Clang.CodeGen::catch-alignment-assumption-attribute-align_value-on-lvalue.cpp
80 msx64 debian > Clang.CodeGen::catch-alignment-assumption-attribute-align_value-on-paramvar.cpp
90 msx64 debian > Clang.CodeGen::catch-alignment-assumption-attribute-alloc_align-on-function-variable.cpp
60 msx64 debian > Clang.CodeGen::catch-alignment-assumption-attribute-alloc_align-on-function.cpp
70 msx64 debian > Clang.CodeGen::catch-alignment-assumption-attribute-assume_aligned-on-function-two-params.cpp
View Full Test Results (39 Failed)

Event Timeline

lebedev.ri requested review of this revision.Apr 2 2021, 2:05 AM
lebedev.ri created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptApr 2 2021, 2:05 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
lebedev.ri added a parent revision: D99790: [CGCall] Annotate `this` argument with alignment.Apr 2 2021, 2:05 AM
lebedev.ri edited the summary of this revision. (Show Details)
Harbormaster completed remote builds in B96877: Diff 334923.Apr 2 2021, 3:18 AM
riccibruno added a subscriber: riccibruno.Apr 2 2021, 4:56 AM
efriedma added a comment.Apr 2 2021, 3:02 PM

This feels scary: the C standard technically allows this, but we haven't done it in the past, and it could break otherwise functioning code. (We've only assumed alignment about pointers that are dereferenced/dereferenceable.)

For D99790, we're already marking the pointer dereferenceable, so also marking the alignment seems like a small extra step. (Really, it's a regression fix; we used to treat dereferenceable as implying alignment. I guess I missed a spot when I was fixing that.) But here, we're not assuming it's dereferenceable at the moment. So there's more potential to break code, and also the potential benefit is small.

lebedev.ri added a comment.Apr 3 2021, 12:18 AM

@efriedma thank you for taking a look!
I agree that D99790 is basically guaranteed safe, and this "probably" isn't.

In D99791#2667047, @efriedma wrote:

This feels scary: the C standard technically allows this, but we haven't done it in the past, and it could break otherwise functioning code. (We've only assumed alignment about pointers that are dereferenced/dereferenceable.)

I can add necessary UBSan plumbing beforehand, iff we can actually do this.

For D99790, we're already marking the pointer dereferenceable, so also marking the alignment seems like a small extra step. (Really, it's a regression fix; we used to treat dereferenceable as implying alignment. I guess I missed a spot when I was fixing that.)

Yep. Feel like stamping that one? :)

But here, we're not assuming it's dereferenceable at the moment. So there's more potential to break code, and also the potential benefit is small.

rjmccall added a comment.Apr 5 2021, 11:52 PM

The last major conversation we had about this was this RFC I sent out about five years ago:

https://lists.llvm.org/pipermail/llvm-dev/2016-January/094012.html

In that RFC, I specifically argued that we should not do this, and that it should only be considered undefined behavior to actually access memory through a misaligned pointer (for a particular definition of "access memory"). At Apple, we have made that a promise to our internal users, so even if we decide to do this, we will need to not do it on Darwin. However, as I remember it, the LLVM community did not reach a consensus to adopt my recommendation, so in principle we still have the flexibility to start doing this. I continue to believe that doing so would be a mistake. At any rate, you should start by reading that thread.

lebedev.ri planned changes to this revision.Apr 6 2021, 2:26 PM

@rjmccall thank you for taking a look!

In D99791#2670333, @rjmccall wrote:

The last major conversation we had about this was this RFC I sent out about five years ago:

https://lists.llvm.org/pipermail/llvm-dev/2016-January/094012.html

In that RFC, I specifically argued that we should not do this, and that it should only be considered undefined behavior to actually access memory through a misaligned pointer (for a particular definition of "access memory"). At Apple, we have made that a promise to our internal users, so even if we decide to do this, we will need to not do it on Darwin. However, as I remember it, the LLVM community did not reach a consensus to adopt my recommendation, so in principle we still have the flexibility to start doing this. I continue to believe that doing so would be a mistake. At any rate, you should start by reading that thread.

Thank you for the pointer!
I can for sure provide an opt-out, however note that in the end it will cause performance regressions as compared to the current LLVM optimizations.
I will start with an UBSan part then.

lebedev.ri mentioned this in D99790: [CGCall] Annotate `this` argument with alignment.Apr 6 2021, 2:27 PM
rjmccall added a comment.Apr 6 2021, 4:14 PM
In D99791#2672528, @lebedev.ri wrote:

@rjmccall thank you for taking a look!

In D99791#2670333, @rjmccall wrote:

The last major conversation we had about this was this RFC I sent out about five years ago:

https://lists.llvm.org/pipermail/llvm-dev/2016-January/094012.html

In that RFC, I specifically argued that we should not do this, and that it should only be considered undefined behavior to actually access memory through a misaligned pointer (for a particular definition of "access memory"). At Apple, we have made that a promise to our internal users, so even if we decide to do this, we will need to not do it on Darwin. However, as I remember it, the LLVM community did not reach a consensus to adopt my recommendation, so in principle we still have the flexibility to start doing this. I continue to believe that doing so would be a mistake. At any rate, you should start by reading that thread.

Thank you for the pointer!
I can for sure provide an opt-out, however note that in the end it will cause performance regressions as compared to the current LLVM optimizations.

How so? We do not currently assume that pointer arguments are aligned, or even dereferenceable.

I don't mind making stronger assumptions about the C++ this argument, but we really should not do this for arbitrary pointer arguments. If you want to put together a UBSan mode that checks this, that's fine, but I do not think there is a path forward for actually optimizing based on this assumption by default.

lebedev.ri added subscribers: regehr, nlopes.Apr 7 2021, 12:23 AM
lebedev.ri added a parent revision: D100037: [clang][UBSan] Passing underaligned pointer as a function argument is undefined behaviour.Apr 7 2021, 7:48 AM
lebedev.ri updated this revision to Diff 335894.Apr 7 2021, 11:55 AM

Add an option to toggle this optimization.

Herald added subscribers: jansvoboda11, dexonsmith, dang. · View Herald TranscriptApr 7 2021, 11:55 AM
lebedev.ri planned changes to this revision.Apr 7 2021, 11:55 AM
lebedev.ri mentioned this in D100037: [clang][UBSan] Passing underaligned pointer as a function argument is undefined behaviour.
Harbormaster completed remote builds in B97569: Diff 335894.Apr 7 2021, 12:54 PM
lebedev.ri abandoned this revision.Oct 18 2022, 5:45 PM
Herald added a project: Restricted Project. · View Herald TranscriptOct 18 2022, 5:45 PM
Herald added a subscriber: MaskRay. · View Herald Transcript

Revision Contents

PathSize
clang/
docs/
4 lines
4 lines
6 lines
include/
clang/
Basic/
1 line
Driver/
5 lines
lib/
CodeGen/
11 lines
Driver/
ToolChains/
4 lines

Diff 335894

clang/docs/ClangCommandLineReference.rst

Show First 20 LinesShow All 2,216 Lines▼ Show 20 Lines
.. option:: -fstrict-overflow, -fno-strict-overflow .. option:: -fstrict-overflow, -fno-strict-overflow
.. option:: -fstrict-return, -fno-strict-return .. option:: -fstrict-return, -fno-strict-return
.. option:: -fstrict-vtable-pointers, -fno-strict-vtable-pointers .. option:: -fstrict-vtable-pointers, -fno-strict-vtable-pointers
Enable optimizations based on the strict rules for overwriting polymorphic C++ objects Enable optimizations based on the strict rules for overwriting polymorphic C++ objects
.. option:: -fstrict-pointer-alignment, -fno-strict-pointer-alignment
Enable optimizations based on the strict rules for pointer alignment
.. option:: -fstruct-path-tbaa, -fno-struct-path-tbaa .. option:: -fstruct-path-tbaa, -fno-struct-path-tbaa
.. option:: -fsymbol-partition=<arg> .. option:: -fsymbol-partition=<arg>
.. option:: -ftabstop=<arg> .. option:: -ftabstop=<arg>
.. option:: -ftemplate-backtrace-limit=<arg> .. option:: -ftemplate-backtrace-limit=<arg>
▲ Show 20 LinesShow All 1,564 LinesShow Last 20 Lines

clang/docs/ReleaseNotes.rst

Show First 20 LinesShow All 48 Lines▼ Show 20 Lines
- Passing underaligned pointers as function arguments is undefined behaviour. - Passing underaligned pointers as function arguments is undefined behaviour.
Previously, clang was not making any optimizations based on that, Previously, clang was not making any optimizations based on that,
however, there's interest in doing so now. however, there's interest in doing so now.
UBSan's ``-fsanitize=alignment`` was enhanced to catch the cases where UBSan's ``-fsanitize=alignment`` was enhanced to catch the cases where
an underaligned pointer was passed as a function argument, an underaligned pointer was passed as a function argument,
to allow codebases to be cleaned up in preparation for this optimization, to allow codebases to be cleaned up in preparation for this optimization,
to avoid miscompiles. to avoid miscompiles.
- Clang now assumes that all function pointer arguments are properly aligned,
and optimizes on that. A new ``-fstrict-pointer-alignment`` flag was
introduces (default on), which guards these new optimizations.
Improvements to Clang's diagnostics Improvements to Clang's diagnostics
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- ... - ...
Non-comprehensive list of changes in this release Non-comprehensive list of changes in this release
------------------------------------------------- -------------------------------------------------
▲ Show 20 LinesShow All 214 LinesShow Last 20 Lines

clang/docs/UsersManual.rst

Show First 20 LinesShow All 1,663 Lines▼ Show 20 Lines.. option:: -fwhole-program-vtables
:doc:`hidden LTO visibility <LTOVisibility>`. Requires ``-flto``. :doc:`hidden LTO visibility <LTOVisibility>`. Requires ``-flto``.
.. option:: -fforce-emit-vtables .. option:: -fforce-emit-vtables
In order to improve devirtualization, forces emitting of vtables even in In order to improve devirtualization, forces emitting of vtables even in
modules where it isn't necessary. It causes more inline virtual functions modules where it isn't necessary. It causes more inline virtual functions
to be emitted. to be emitted.
.. option:: -fstrict-pointer-alignment
Enable optimizations based on the strict rules for pointer alignment.
This currently only affects function pointer arguments, and only controls
UBSan behaviour, no optimizations are currently performed based on it.
.. option:: -fno-assume-sane-operator-new .. option:: -fno-assume-sane-operator-new
Don't assume that the C++'s new operator is sane. Don't assume that the C++'s new operator is sane.
This option tells the compiler to do not assume that C++'s global This option tells the compiler to do not assume that C++'s global
new operator will always return a pointer that does not alias any new operator will always return a pointer that does not alias any
other pointer when the function returns. other pointer when the function returns.
▲ Show 20 LinesShow All 2,237 LinesShow Last 20 Lines

clang/include/clang/Basic/CodeGenOptions.def

Show First 20 LinesShow All 255 Lines▼ Show 20 Lines
CODEGENOPT(SanitizeCoverageStackDepth, 1, 0) ///< Enable max stack depth tracing CODEGENOPT(SanitizeCoverageStackDepth, 1, 0) ///< Enable max stack depth tracing
CODEGENOPT(SanitizeStats , 1, 0) ///< Collect statistics for sanitizers. CODEGENOPT(SanitizeStats , 1, 0) ///< Collect statistics for sanitizers.
CODEGENOPT(SimplifyLibCalls , 1, 1) ///< Set when -fbuiltin is enabled. CODEGENOPT(SimplifyLibCalls , 1, 1) ///< Set when -fbuiltin is enabled.
CODEGENOPT(SoftFloat , 1, 0) ///< -soft-float. CODEGENOPT(SoftFloat , 1, 0) ///< -soft-float.
CODEGENOPT(SpeculativeLoadHardening, 1, 0) ///< Enable speculative load hardening. CODEGENOPT(SpeculativeLoadHardening, 1, 0) ///< Enable speculative load hardening.
CODEGENOPT(FineGrainedBitfieldAccesses, 1, 0) ///< Enable fine-grained bitfield accesses. CODEGENOPT(FineGrainedBitfieldAccesses, 1, 0) ///< Enable fine-grained bitfield accesses.
CODEGENOPT(StrictEnums , 1, 0) ///< Optimize based on strict enum definition. CODEGENOPT(StrictEnums , 1, 0) ///< Optimize based on strict enum definition.
CODEGENOPT(StrictVTablePointers, 1, 0) ///< Optimize based on the strict vtable pointers CODEGENOPT(StrictVTablePointers, 1, 0) ///< Optimize based on the strict vtable pointers
CODEGENOPT(StrictPointerAlignment, 1, 1) ///< Optimize based on the strict pointer alignment rules
CODEGENOPT(TimePasses , 1, 0) ///< Set when -ftime-report or -ftime-report= is enabled. CODEGENOPT(TimePasses , 1, 0) ///< Set when -ftime-report or -ftime-report= is enabled.
CODEGENOPT(TimePassesPerRun , 1, 0) ///< Set when -ftime-report=per-pass-run is enabled. CODEGENOPT(TimePassesPerRun , 1, 0) ///< Set when -ftime-report=per-pass-run is enabled.
CODEGENOPT(TimeTrace , 1, 0) ///< Set when -ftime-trace is enabled. CODEGENOPT(TimeTrace , 1, 0) ///< Set when -ftime-trace is enabled.
VALUE_CODEGENOPT(TimeTraceGranularity, 32, 500) ///< Minimum time granularity (in microseconds), VALUE_CODEGENOPT(TimeTraceGranularity, 32, 500) ///< Minimum time granularity (in microseconds),
///< traced by time profiler ///< traced by time profiler
CODEGENOPT(UnrollLoops , 1, 0) ///< Control whether loops are unrolled. CODEGENOPT(UnrollLoops , 1, 0) ///< Control whether loops are unrolled.
CODEGENOPT(RerollLoops , 1, 0) ///< Control whether loops are rerolled. CODEGENOPT(RerollLoops , 1, 0) ///< Control whether loops are rerolled.
CODEGENOPT(NoUseJumpTables , 1, 0) ///< Set when -fno-jump-tables is enabled. CODEGENOPT(NoUseJumpTables , 1, 0) ///< Set when -fno-jump-tables is enabled.
▲ Show 20 LinesShow All 159 LinesShow Last 20 Lines

clang/include/clang/Driver/Options.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 2,440 Lines▼ Show 20 Linesdef fstrict_enums : Flag<["-"], "fstrict-enums">, Group<f_Group>, Flags<[CC1Option]>,
HelpText<"Enable optimizations based on the strict definition of an enum's " HelpText<"Enable optimizations based on the strict definition of an enum's "
"value range">, "value range">,
MarshallingInfoFlag<CodeGenOpts<"StrictEnums">>; MarshallingInfoFlag<CodeGenOpts<"StrictEnums">>;
defm strict_vtable_pointers : BoolFOption<"strict-vtable-pointers", defm strict_vtable_pointers : BoolFOption<"strict-vtable-pointers",
CodeGenOpts<"StrictVTablePointers">, DefaultFalse, CodeGenOpts<"StrictVTablePointers">, DefaultFalse,
PosFlag<SetTrue, [CC1Option], "Enable optimizations based on the strict rules for" PosFlag<SetTrue, [CC1Option], "Enable optimizations based on the strict rules for"
" overwriting polymorphic C++ objects">, " overwriting polymorphic C++ objects">,
NegFlag<SetFalse>>; NegFlag<SetFalse>>;
defm strict_pointer_alignment : BoolFOption<"strict-pointer-alignment",
CodeGenOpts<"StrictPointerAlignment">, DefaultFalse,
NegFlag<SetFalse, [CC1Option], "Disable">,
PosFlag<SetTrue, [CC1Option], "Enable">,
BothFlags<[], " optimizations based on the strict rules for pointer alignmen">>;
def fstrict_overflow : Flag<["-"], "fstrict-overflow">, Group<f_Group>; def fstrict_overflow : Flag<["-"], "fstrict-overflow">, Group<f_Group>;
def fsyntax_only : Flag<["-"], "fsyntax-only">, def fsyntax_only : Flag<["-"], "fsyntax-only">,
Flags<[NoXarchOption,CoreOption,CC1Option,FC1Option]>, Group<Action_Group>; Flags<[NoXarchOption,CoreOption,CC1Option,FC1Option]>, Group<Action_Group>;
def ftabstop_EQ : Joined<["-"], "ftabstop=">, Group<f_Group>; def ftabstop_EQ : Joined<["-"], "ftabstop=">, Group<f_Group>;
def ftemplate_depth_EQ : Joined<["-"], "ftemplate-depth=">, Group<f_Group>; def ftemplate_depth_EQ : Joined<["-"], "ftemplate-depth=">, Group<f_Group>;
def ftemplate_depth_ : Joined<["-"], "ftemplate-depth-">, Group<f_Group>; def ftemplate_depth_ : Joined<["-"], "ftemplate-depth-">, Group<f_Group>;
def ftemplate_backtrace_limit_EQ : Joined<["-"], "ftemplate-backtrace-limit=">, def ftemplate_backtrace_limit_EQ : Joined<["-"], "ftemplate-backtrace-limit=">,
Group<f_Group>; Group<f_Group>;
▲ Show 20 LinesShow All 3,668 LinesShow Last 20 Lines

clang/lib/CodeGen/CGCall.cpp

Show First 20 LinesShow All 2,440 Lines▼ Show 20 Lines if (const auto *RefTy = ParamType->getAs<ReferenceType>()) {
Attrs.addAttribute(llvm::Attribute::NonNull); Attrs.addAttribute(llvm::Attribute::NonNull);
if (PTy->isObjectType()) { if (PTy->isObjectType()) {
llvm::Align Alignment = llvm::Align Alignment =
getNaturalPointeeTypeAlignment(ParamType).getAsAlign(); getNaturalPointeeTypeAlignment(ParamType).getAsAlign();
Attrs.addAlignmentAttr(Alignment); Attrs.addAlignmentAttr(Alignment);
} }
} }
if (getCodeGenOpts().StrictPointerAlignment) {
if (const auto *PtrTy = ParamType->getAs<PointerType>()) {
QualType PTy = PtrTy->getPointeeType();
if (PTy->isObjectType()) {
llvm::Align Alignment =
getNaturalPointeeTypeAlignment(ParamType).getAsAlign();
Attrs.addAlignmentAttr(Alignment);
}
}
}
switch (FI.getExtParameterInfo(ArgNo).getABI()) { switch (FI.getExtParameterInfo(ArgNo).getABI()) {
case ParameterABI::Ordinary: case ParameterABI::Ordinary:
break; break;
case ParameterABI::SwiftIndirectResult: { case ParameterABI::SwiftIndirectResult: {
// Add 'sret' if we haven't already used it for something, but // Add 'sret' if we haven't already used it for something, but
// only if the result is void. // only if the result is void.
if (!hasUsedSRet && RetTy->isVoidType()) { if (!hasUsedSRet && RetTy->isVoidType()) {
▲ Show 20 LinesShow All 3,012 LinesShow Last 20 Lines

clang/lib/Driver/ToolChains/Clang.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 4,866 Lines▼ Show 20 Lines#endif
if (Args.hasFlag(options::OPT_fstrict_vtable_pointers, if (Args.hasFlag(options::OPT_fstrict_vtable_pointers,
options::OPT_fno_strict_vtable_pointers, options::OPT_fno_strict_vtable_pointers,
false)) false))
CmdArgs.push_back("-fstrict-vtable-pointers"); CmdArgs.push_back("-fstrict-vtable-pointers");
if (Args.hasFlag(options::OPT_fforce_emit_vtables, if (Args.hasFlag(options::OPT_fforce_emit_vtables,
options::OPT_fno_force_emit_vtables, options::OPT_fno_force_emit_vtables,
false)) false))
CmdArgs.push_back("-fforce-emit-vtables"); CmdArgs.push_back("-fforce-emit-vtables");
if (Args.hasFlag(options::OPT_fstrict_pointer_alignment,
options::OPT_fno_strict_pointer_alignment,
!RawTriple.isOSDarwin()))
CmdArgs.push_back("-fstrict-pointer-alignment");
if (!Args.hasFlag(options::OPT_foptimize_sibling_calls, if (!Args.hasFlag(options::OPT_foptimize_sibling_calls,
options::OPT_fno_optimize_sibling_calls)) options::OPT_fno_optimize_sibling_calls))
CmdArgs.push_back("-mdisable-tail-calls"); CmdArgs.push_back("-mdisable-tail-calls");
if (Args.hasFlag(options::OPT_fno_escaping_block_tail_calls, if (Args.hasFlag(options::OPT_fno_escaping_block_tail_calls,
options::OPT_fescaping_block_tail_calls, false)) options::OPT_fescaping_block_tail_calls, false))
CmdArgs.push_back("-fno-escaping-block-tail-calls"); CmdArgs.push_back("-fno-escaping-block-tail-calls");
Args.AddLastArg(CmdArgs, options::OPT_ffine_grained_bitfield_accesses, Args.AddLastArg(CmdArgs, options::OPT_ffine_grained_bitfield_accesses,
▲ Show 20 LinesShow All 2,749 LinesShow Last 20 Lines