This is an archive of the discontinued LLVM Phabricator instance.

Differential D100158

[SantizerCoverage] handle missing DBG MD when inserting libcalls
ClosedPublic

Authored by nickdesaulniers on Apr 8 2021, 6:02 PM.

Details

Reviewers
dblaikie
Commits
rG4914c9836765: [SantizerCoverage] handle missing DBG MD when inserting libcalls
Summary

Instruction::getDebugLoc can return an invalid DebugLoc. For such cases
where metadata was accidentally removed from the libcall insertion
point, simply insert a DILocation with line 0 scoped to the caller. When
we can inline the libcall, such as during LTO, then we won't fail a
Verifier check that all calls to functions with debug metadata
themselves must have debug metadata.

Diff Detail

Event Timeline

nickdesaulniers requested review of this revision.Apr 8 2021, 6:02 PM
nickdesaulniers created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptApr 8 2021, 6:02 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
nickdesaulniers planned changes to this revision.EditedApr 8 2021, 6:04 PM

WIP since I need to think more about the best way to fix this, but here's an example that trips the assertion. Very relevant is the statement in llvm::SplitCriticalEdge:

NewBI->setDebugLoc(TI->getDebugLoc());

where the synthesized block gets its debug info from the predecessor's branch (which can be none by accident).

Also, this is forked from https://reviews.llvm.org/D100137.

nickdesaulniers mentioned this in D100137: [JumpThreading] merge debug info when merging select+br.Apr 8 2021, 6:10 PM
Harbormaster completed remote builds in B97860: Diff 336286.Apr 8 2021, 6:59 PM
dblaikie added a comment.Apr 8 2021, 8:07 PM

My best guess would be that any call synthesized from an instruction without a location should probably just get a zero line scoped directly to the current function. It's not ideal (not only the lack of location, but it also punches holes in scopes which can bloat debug info/make stepping more difficult as you hit discontiguous hunks of lines potentially, etc)

nickdesaulniers added a comment.Apr 9 2021, 9:52 AM
In D100158#2678482, @dblaikie wrote:

My best guess would be that any call synthesized from an instruction without a location should probably just get a zero line scoped directly to the current function.

Sure. Should we do that unconditionally for the inserted CallInst, or predicate it on debug info being requested for the compilation, or something else?

It's not ideal (not only the lack of location, but it also punches holes in scopes which can bloat debug info/make stepping more difficult as you hit discontiguous hunks of lines potentially, etc)

For the purpose of ModuleSanitizerCoveragePass, I think that's ok. Developers accept a large increase in binary size anyways using the most aggressive level of tracing every edge, and stepping in a debugger probably isn't the use case folks are intending when using ModuleSanitizerCoveragePass. I would think the major use case for debug info with coverage is to symbolicate traces.

dblaikie added a comment.Apr 9 2021, 11:56 AM
In D100158#2680116, @nickdesaulniers wrote:
In D100158#2678482, @dblaikie wrote:

My best guess would be that any call synthesized from an instruction without a location should probably just get a zero line scoped directly to the current function.

Sure. Should we do that unconditionally for the inserted CallInst, or predicate it on debug info being requested for the compilation, or something else?

This constraint (that calls have a !dbg location) only exists when the calling llvm::Function has a !dbg attached DISubprogram. So basically retrieve the caller's DISubprogram, if it exists, create a line 0 DILocation with the DISubprogram as the scope.

(we might already have some code for this in the merge debug location code? some fallback for call instructions when merged locations disagree or one is empty, etc)

nickdesaulniers updated this revision to Diff 336560.Apr 9 2021, 2:12 PM
  • handle case where existing DebugLoc was invalid
Herald added a subscriber: hiraditya. · View Herald TranscriptApr 9 2021, 2:12 PM
nickdesaulniers planned changes to this revision.Apr 9 2021, 2:14 PM

So basically retrieve the caller's DISubprogram, if it exists, create a line 0 DILocation with the DISubprogram as the scope.

Cool, yeah, that's what this pass already did; it just did not forsee that EntryLoc = IP->getDebugLoc(); could return an invalid DebugLoc (ie. because !dbg metadata was missing from the insertion point). Let me rephrase the description of this bug, then I think it's ready for review.

nickdesaulniers requested review of this revision.Apr 9 2021, 2:18 PM
nickdesaulniers retitled this revision from [SantizerCoverage] test case demonstrating PR39531 to [SantizerCoverage] handle missing DBG MD when inserting libcalls.
nickdesaulniers edited the summary of this revision. (Show Details)
nickdesaulniers edited the summary of this revision. (Show Details)
Harbormaster completed remote builds in B98067: Diff 336560.Apr 9 2021, 2:45 PM
nickdesaulniers updated this revision to Diff 336580.Apr 9 2021, 4:39 PM
  • fix lint about auto*
Harbormaster completed remote builds in B98083: Diff 336580.Apr 9 2021, 5:22 PM
dblaikie added inline comments.Apr 9 2021, 5:46 PM
llvm/test/Instrumentation/SanitizerCoverage/crit-edge-sancov.ll
23

DBG7 isn't checked against anything - should it be? (I guess it (the EntryLoc = IP->getDebugLoc(); line, I guess) is hopefully already tested by existing tests?)

24

Probably good to check this is actually line 0, since that's what the code does intentionally - it'd be weird/problematic if we invented/used some other location.

nickdesaulniers updated this revision to Diff 336591.Apr 9 2021, 6:58 PM
  • add DBG7 check, specific lines
nickdesaulniers marked 2 inline comments as done.Apr 9 2021, 6:58 PM
nickdesaulniers added inline comments.
llvm/test/Instrumentation/SanitizerCoverage/crit-edge-sancov.ll
23

I can add it.

I guess it (the EntryLoc = IP->getDebugLoc(); line, I guess) is hopefully already tested by existing tests?

Yes, llvm/test/Instrumentation/SanitizerCoverage/coverage2-dbg.ll does.

24

I think it will be scopeLine of parent plus 0.

Harbormaster completed remote builds in B98091: Diff 336591.Apr 9 2021, 7:27 PM
nickdesaulniers marked 2 inline comments as done.Apr 12 2021, 1:01 PM
dblaikie added inline comments.Apr 12 2021, 1:55 PM
llvm/test/Instrumentation/SanitizerCoverage/crit-edge-sancov.ll
24

hmm, wait, that doesn't sound right - sorry, didn't realize that's what the code is doing. The code should be setting the line to 0, not the scopeLine. (line 0 is for lines that aren't related to any particular/identifiable line of source code)

nickdesaulniers updated this revision to Diff 336976.Apr 12 2021, 3:20 PM
  • fix line 0 DILocation
nickdesaulniers marked an inline comment as done.Apr 12 2021, 3:20 PM
dblaikie accepted this revision.Apr 12 2021, 3:38 PM

Looks good - thanks!

This revision is now accepted and ready to land.Apr 12 2021, 3:38 PM
nickdesaulniers added a comment.Apr 12 2021, 3:45 PM

Thanks as always for the review; appreciated!

Harbormaster completed remote builds in B98371: Diff 336976.Apr 12 2021, 3:59 PM
This revision was landed with ongoing or failed builds.Apr 12 2021, 4:06 PM
Closed by commit rG4914c9836765: [SantizerCoverage] handle missing DBG MD when inserting libcalls (authored by nickdesaulniers). · Explain Why
This revision was automatically updated to reflect the committed changes.
nickdesaulniers added a commit: rG4914c9836765: [SantizerCoverage] handle missing DBG MD when inserting libcalls.

Revision Contents

PathSize
llvm/
lib/
Transforms/
Instrumentation/
5 lines
test/
Instrumentation/
SanitizerCoverage/
50 lines

Diff 336560

llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp

Show First 20 LinesShow All 890 Lines▼ Show 20 Lines
void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
size_t Idx, size_t Idx,
bool IsLeafFunc) { bool IsLeafFunc) {
BasicBlock::iterator IP = BB.getFirstInsertionPt(); BasicBlock::iterator IP = BB.getFirstInsertionPt();
bool IsEntryBB = &BB == &F.getEntryBlock(); bool IsEntryBB = &BB == &F.getEntryBlock();
DebugLoc EntryLoc; DebugLoc EntryLoc;
if (IsEntryBB) { if (IsEntryBB) {
if (auto SP = F.getSubprogram())
EntryLoc = DILocation::get(SP->getContext(), SP->getScopeLine(), 0, SP);
// Keep static allocas and llvm.localescape calls in the entry block. Even // Keep static allocas and llvm.localescape calls in the entry block. Even
// if we aren't splitting the block, it's nice for allocas to be before // if we aren't splitting the block, it's nice for allocas to be before
// calls. // calls.
IP = PrepareToSplitEntryBlock(BB, IP); IP = PrepareToSplitEntryBlock(BB, IP);
} else { } else {
EntryLoc = IP->getDebugLoc(); EntryLoc = IP->getDebugLoc();
} }
if (!EntryLoc)
if (auto SP = F.getSubprogram())
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: 'auto SP' can be declared as 'auto *SP' [llvm-qualified-auto]
not useful

Lint: Pre-merge checks: clang-tidy: warning: 'auto SP' can be declared as 'auto *SP' [llvm-qualified-auto] [[https…
EntryLoc = DILocation::get(SP->getContext(), SP->getScopeLine(), 0, SP);
IRBuilder<> IRB(&*IP); IRBuilder<> IRB(&*IP);
IRB.SetCurrentDebugLocation(EntryLoc); IRB.SetCurrentDebugLocation(EntryLoc);
if (Options.TracePC) { if (Options.TracePC) {
IRB.CreateCall(SanCovTracePC) IRB.CreateCall(SanCovTracePC)
->setCannotMerge(); // gets the PC using GET_CALLER_PC. ->setCannotMerge(); // gets the PC using GET_CALLER_PC.
} }
if (Options.TracePCGuard) { if (Options.TracePCGuard) {
▲ Show 20 LinesShow All 93 LinesShow Last 20 Lines

llvm/test/Instrumentation/SanitizerCoverage/crit-edge-sancov.ll

  • This file was added.
; RUN: opt -passes='module(sancov-module)' -sanitizer-coverage-trace-pc \
; RUN: -sanitizer-coverage-level=3 %s -S -o - | FileCheck %s
; The edge between %entry and %for.inc.i is a critical edge.
; ModuleSanitizerCoveragePass must split this critical edge in order to track
; coverage of this edge. ModuleSanitizerCoveragePass will also insert calls to
; @__sanitizer_cov_trace_pc using the debug location from the predecessor's
; branch. but, if the branch itself is missing debug info (say, by accident
; due to a bug in an earlier transform), we would fail a verifier check that
; verifies calls to functions with debug info themselves have debug info.
; The definition of @__sanitizer_cov_trace_pc may be visible during LTO.
; Of the below checks, we really only care that the calls to
; @__sanitizer_cov_trace_pc retain !dbg metadata.
define void @update_shadow() !dbg !3 {
; CHECK-LABEL: @update_shadow(
; CHECK-NEXT: entry:
; CHECK-NEXT: call void @__sanitizer_cov_trace_pc() #[[ATTR0:[0-9]+]], !dbg [[DBG6:![0-9]+]]
; CHECK: entry.for.inc.i_crit_edge:
; CHECK-NEXT: call void @__sanitizer_cov_trace_pc() #[[ATTR0]], !dbg [[DBG6]]
; CHECK: if.end22.i:
; CHECK-NEXT: call void @__sanitizer_cov_trace_pc() #[[ATTR0]], !dbg [[DBG7:![0-9]+]]
dblaikieUnsubmitted
Done
ReplyInline Actions

DBG7 isn't checked against anything - should it be? (I guess it (the EntryLoc = IP->getDebugLoc(); line, I guess) is hopefully already tested by existing tests?)

dblaikie: DBG7 isn't checked against anything - should it be? (I guess it (the `EntryLoc = IP…
nickdesaulniersAuthorUnsubmitted
Done
ReplyInline Actions

I can add it.

I guess it (the EntryLoc = IP->getDebugLoc(); line, I guess) is hopefully already tested by existing tests?

Yes, llvm/test/Instrumentation/SanitizerCoverage/coverage2-dbg.ll does.

nickdesaulniers: I can add it. > I guess it (the EntryLoc = IP->getDebugLoc(); line, I guess) is hopefully…
; CHECK: [[DBG6]] = !DILocation(line: {{.*}}, scope: !3)
dblaikieUnsubmitted
Done
ReplyInline Actions

Probably good to check this is actually line 0, since that's what the code does intentionally - it'd be weird/problematic if we invented/used some other location.

dblaikie: Probably good to check this is actually line 0, since that's what the code does intentionally…
nickdesaulniersAuthorUnsubmitted
Done
ReplyInline Actions

I think it will be scopeLine of parent plus 0.

nickdesaulniers: I think it will be `scopeLine` of parent plus `0`.
dblaikieUnsubmitted
Done
ReplyInline Actions

hmm, wait, that doesn't sound right - sorry, didn't realize that's what the code is doing. The code should be setting the line to 0, not the scopeLine. (line 0 is for lines that aren't related to any particular/identifiable line of source code)

dblaikie: hmm, wait, that doesn't sound right - sorry, didn't realize that's what the code is doing. The…
entry:
br i1 undef, label %for.inc.i, label %if.end22.i
if.end22.i: ; preds = %entry
br label %for.inc.i, !dbg !8
for.inc.i: ; preds = %if.end22.i, %entry
ret void, !dbg !6
}
define void @__sanitizer_cov_trace_pc() !dbg !7{
ret void
}
!llvm.dbg.cu = !{!0}
!llvm.module.flags = !{!2}
!0 = distinct !DICompileUnit(language: DW_LANG_C89, file: !1, producer: "", isOptimized: true, runtimeVersion: 0, emissionKind: LineTablesOnly, splitDebugInlining: false, nameTableKind: None)
!1 = !DIFile(filename: "kernel/cfi.c", directory: "")
!2 = !{i32 2, !"Debug Info Version", i32 3}
!3 = distinct !DISubprogram(name: "update_shadow", scope: !1, file: !1, line: 190, type: !4, scopeLine: 192, flags: DIFlagPrototyped | DIFlagAllCallsDescribed, spFlags: DISPFlagLocalToUnit | DISPFlagDefinition | DISPFlagOptimized, unit: !0)
!4 = !DISubroutineType(types: !5)
!5 = !{}
!6 = !DILocation(line: 223, column: 1, scope: !3)
!7 = distinct !DISubprogram(name: "__sanitizer_cov_trace_pc", scope: !1, file: !1, line: 200, type: !4, scopeLine: 200, flags: DIFlagPrototyped | DIFlagAllCallsDescribed, spFlags: DISPFlagLocalToUnit | DISPFlagDefinition | DISPFlagOptimized, unit: !0)
!8 = !DILocation(line: 129, column: 2, scope: !3)