This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
llvm/
-
lib/CodeGen/SelectionDAG/
-
CodeGen/
-
SelectionDAG/
1/3
SelectionDAGBuilder.cpp
-
test/CodeGen/X86/
-
CodeGen/
-
X86/
2
arg-copy-elide.ll

Differential D102153

[SelectionDAG] Fix argument copy elision with irregular types
ClosedPublic

Authored by LemonBoy on May 10 2021, 1:08 AM.

Download Raw Diff

Details

Reviewers

craig.topper
rnk
MatzeB

Commits

rGfd5cc418186a: [SelectionDAG] Fix argument copy elision with irregular types

Summary

D29668 enabled to avoid a useless copy of the argument value into an alloca if the caller places it in memory (as it often happens on x86) by directly forwarding the pointer to it. This optimization is illegal if the type contains padding bytes: if a truncating store into the alloca is replaced the upper bits are filled with garbage and produce code misbehaving at runtime.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

LemonBoy created this revision.May 10 2021, 1:08 AM

Herald added subscribers: ecnelises, pengfei, hiraditya. · View Herald TranscriptMay 10 2021, 1:08 AM

LemonBoy requested review of this revision.May 10 2021, 1:08 AM

Herald added a project: Restricted Project. · View Herald TranscriptMay 10 2021, 1:08 AM

Herald added a subscriber: llvm-commits. · View Herald Transcript

LemonBoy edited the summary of this revision. (Show Details)May 10 2021, 1:08 AM

Harbormaster completed remote builds in B103443: Diff 343989.May 10 2021, 1:28 AM

Ping?

I don't see why this optimization should be declared illegal. Why isn't it the caller's responsibility to store these narrow integers canonically? C doesn't have narrow integers, but GCC doesn't do this. If a variable is passed in memory, it just uses the memory that was passed into it.

llvm/test/CodeGen/X86/arg-copy-elide.ll
80	We don't want this, do we? Seems like it would be a regression.

In D102153#2764464, @rnk wrote:

I don't see why this optimization should be declared illegal. Why isn't it the caller's responsibility to store these narrow integers canonically? C doesn't have narrow integers, but GCC doesn't do this. If a variable is passed in memory, it just uses the memory that was passed into it.

AFAICS it's the callee's responsibility to chop the extra bits off.
In this (compile at -O0) example you can see that @expect is correctly truncating the i3 value passed in-register, but fails to do so for the third argument that's passed in-memory.

Thinking about this more, I think this is a good change. Currently we use the zext and sext attributes to document if the high bits of an argument are initialized, and if so, to what. If those attributes aren't present, we shouldn't do copy elision. I have a minor concern that needs to be addressed, though.

llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp
9895	Don't we still need this check? I don't see any other code that checks that the allocated type and argument type match. Otherwise we could try to copy elide an i32 stored into an i64 alloca, for example. Please add a test for that, sorry for not already having one.
llvm/test/CodeGen/X86/arg-copy-elide.ll
80	This code turns out to not be representative of what clang generates, so I don't think we need to worry about it. See this bool example here: https://gcc.godbolt.org/z/efPavanfb void escape(bool *); void bool_arg(bool b) { escape(&b); } We fail to copy elide because the argument is i1, but the alloca is i8. I think this will be true generally for non-byte-sized integers, so there is really no harm to this change to copy elision.

LemonBoy added inline comments.May 21 2021, 3:43 AM

llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp
9895	In `tryToElideArgumentCopy` there's a check between the object size pointed by the old and new frame indices, in case of a partially initialized `i64` being forwarded as a `i32` the check will fail. No strong feeling about this, I can put the check back if you prefer.

Add a test w/ partially-initialized alloca.

Harbormaster completed remote builds in B105593: Diff 346980.May 21 2021, 4:29 AM

rnk added inline comments.May 21 2021, 9:20 AM

llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp
9895	I think we should keep the store size vs. alloca size check here. If I were debugging this code later, I would be confused as to how an alloca like this became a copy elision candidate that gets rejected later in tryToElideArgumentCopy.

Reinstate the alloca initialization check.

lgtm, thanks.

This revision is now accepted and ready to land.May 21 2021, 9:54 AM

Harbormaster completed remote builds in B105661: Diff 347065.May 21 2021, 10:22 AM

Closed by commit rGfd5cc418186a: [SelectionDAG] Fix argument copy elision with irregular types (authored by LemonBoy). · Explain WhyMay 22 2021, 12:43 AM

This revision was automatically updated to reflect the committed changes.

LemonBoy added a commit: rGfd5cc418186a: [SelectionDAG] Fix argument copy elision with irregular types.

Revision Contents

Path

Size

llvm/

lib/

CodeGen/

SelectionDAG/

SelectionDAGBuilder.cpp

6 lines

test/

CodeGen/

X86/

arg-copy-elide.ll

46 lines

Diff 347179

llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 9,880 Lines • ▼ Show 20 Lines	if (!Info)
continue;		continue;
const AllocaInst *AI = cast<AllocaInst>(Dst);		const AllocaInst *AI = cast<AllocaInst>(Dst);

// Skip allocas that have been initialized or clobbered.		// Skip allocas that have been initialized or clobbered.
if (*Info != StaticAllocaInfo::Unknown)		if (*Info != StaticAllocaInfo::Unknown)
continue;		continue;

// Check if the stored value is an argument, and that this store fully		// Check if the stored value is an argument, and that this store fully
// initializes the alloca. Don't elide copies from the same argument twice.		// initializes the alloca.
		// If the argument type has padding bits we can't directly forward a pointer
		// as the upper bits may contain garbage.
		// Don't elide copies from the same argument twice.
const Value *Val = SI->getValueOperand()->stripPointerCasts();		const Value *Val = SI->getValueOperand()->stripPointerCasts();
const auto *Arg = dyn_cast<Argument>(Val);		const auto *Arg = dyn_cast<Argument>(Val);
if (!Arg \|\| Arg->hasPassPointeeByValueCopyAttr() \|\|		if (!Arg \|\| Arg->hasPassPointeeByValueCopyAttr() \|\|
Arg->getType()->isEmptyTy() \|\|		Arg->getType()->isEmptyTy() \|\|
DL.getTypeStoreSize(Arg->getType()) !=		DL.getTypeStoreSize(Arg->getType()) !=
DL.getTypeAllocSize(AI->getAllocatedType()) \|\|		DL.getTypeAllocSize(AI->getAllocatedType()) \|\|
rnkUnsubmitted Not Done Reply Inline Actions Don't we still need this check? I don't see any other code that checks that the allocated type and argument type match. Otherwise we could try to copy elide an i32 stored into an i64 alloca, for example. Please add a test for that, sorry for not already having one. rnk: Don't we still need this check? I don't see any other code that checks that the allocated type…
LemonBoyAuthorUnsubmitted Done Reply Inline Actions In `tryToElideArgumentCopy` there's a check between the object size pointed by the old and new frame indices, in case of a partially initialized `i64` being forwarded as a `i32` the check will fail. No strong feeling about this, I can put the check back if you prefer. LemonBoy: In `tryToElideArgumentCopy` there's a check between the object size pointed by the old and new…
rnkUnsubmitted Not Done Reply Inline Actions I think we should keep the store size vs. alloca size check here. If I were debugging this code later, I would be confused as to how an alloca like this became a copy elision candidate that gets rejected later in tryToElideArgumentCopy. rnk: I think we should keep the store size vs. alloca size check here. If I were debugging this code…
		!DL.typeSizeEqualsStoreSize(Arg->getType()) \|\|
ArgCopyElisionCandidates.count(Arg)) {		ArgCopyElisionCandidates.count(Arg)) {
*Info = StaticAllocaInfo::Clobbered;		*Info = StaticAllocaInfo::Clobbered;
continue;		continue;
}		}

LLVM_DEBUG(dbgs() << "Found argument copy elision candidate: " << *AI		LLVM_DEBUG(dbgs() << "Found argument copy elision candidate: " << *AI
<< '\n');		<< '\n');

▲ Show 20 Lines • Show All 1,196 Lines • Show Last 20 Lines

llvm/test/CodeGen/X86/arg-copy-elide.ll

Show First 20 Lines • Show All 67 Lines • ▼ Show 20 Lines	entry:
call void @addrof_i64(i64* %x.addr)		call void @addrof_i64(i64* %x.addr)
ret i64 %x		ret i64 %x
}		}

define i1 @i1_arg(i1 %x) {		define i1 @i1_arg(i1 %x) {
; CHECK-LABEL: i1_arg:		; CHECK-LABEL: i1_arg:
; CHECK: # %bb.0:		; CHECK: # %bb.0:
; CHECK-NEXT: pushl %ebx		; CHECK-NEXT: pushl %ebx
		; CHECK-NEXT: pushl %eax
; CHECK-NEXT: movb {{[0-9]+}}(%esp), %bl		; CHECK-NEXT: movb {{[0-9]+}}(%esp), %bl
		; CHECK-NEXT: movl %ebx, %eax
		; CHECK-NEXT: andb $1, %al
		; CHECK-NEXT: movb %al, {{[0-9]+}}(%esp)
		rnkUnsubmitted Not Done Reply Inline Actions We don't want this, do we? Seems like it would be a regression. rnk: We don't want this, do we? Seems like it would be a regression.
		rnkUnsubmitted Not Done Reply Inline Actions This code turns out to not be representative of what clang generates, so I don't think we need to worry about it. See this bool example here: https://gcc.godbolt.org/z/efPavanfb void escape(bool ); void bool_arg(bool b) { escape(&b); } We fail to copy elide because the argument is i1, but the alloca is i8. I think this will be true generally for non-byte-sized integers, so there is really no harm to this change to copy elision. rnk:* This code turns out to not be representative of what clang generates, so I don't think we need…
; CHECK-NEXT: leal {{[0-9]+}}(%esp), %eax		; CHECK-NEXT: leal {{[0-9]+}}(%esp), %eax
; CHECK-NEXT: pushl %eax		; CHECK-NEXT: pushl %eax
; CHECK-NEXT: calll _addrof_i1		; CHECK-NEXT: calll _addrof_i1
; CHECK-NEXT: addl $4, %esp		; CHECK-NEXT: addl $4, %esp
; CHECK-NEXT: movl %ebx, %eax		; CHECK-NEXT: movl %ebx, %eax
		; CHECK-NEXT: addl $4, %esp
; CHECK-NEXT: popl %ebx		; CHECK-NEXT: popl %ebx
; CHECK-NEXT: retl		; CHECK-NEXT: retl
%x.addr = alloca i1		%x.addr = alloca i1
store i1 %x, i1* %x.addr		store i1 %x, i1* %x.addr
call void @addrof_i1(i1* %x.addr)		call void @addrof_i1(i1* %x.addr)
ret i1 %x		ret i1 %x
}		}

▲ Show 20 Lines • Show All 274 Lines • ▼ Show 20 Lines
; CHECK-NEXT: retl		; CHECK-NEXT: retl
%v.p = alloca i32		%v.p = alloca i32
store i32 %v, i32* %v.p		store i32 %v, i32* %v.p
call void @addrof_i32(i32* %v.p)		call void @addrof_i32(i32* %v.p)
store i32 %v, i32* %sret		store i32 %v, i32* %sret
ret void		ret void
}		}

; FIXME: The argument elision is not legal in presence of irregular types.		define void @avoid_partially_initialized_alloca(i32 %x) {
		; CHECK-LABEL: avoid_partially_initialized_alloca:
		; CHECK: # %bb.0:
		; CHECK-NEXT: pushl %ebp
		; CHECK-NEXT: movl %esp, %ebp
		; CHECK-NEXT: andl $-8, %esp
		; CHECK-NEXT: subl $8, %esp
		; CHECK-NEXT: movl 8(%ebp), %eax
		; CHECK-NEXT: movl %eax, (%esp)
		; CHECK-NEXT: movl %esp, %eax
		; CHECK-NEXT: pushl %eax
		; CHECK-NEXT: calll _addrof_i32
		; CHECK-NEXT: addl $4, %esp
		; CHECK-NEXT: movl %ebp, %esp
		; CHECK-NEXT: popl %ebp
		; CHECK-NEXT: retl
		%a = alloca i64
		%p = bitcast i64* %a to i32*
		store i32 %x, i32* %p
		call void @addrof_i32(i32* %p)
		ret void
		}

		; Ensure no copy elision happens as the two i3 values fed into icmp may have
		; garbage in the upper bits, a truncation is needed.

define i1 @use_i3(i3 %a1, i3 %a2) {		define i1 @use_i3(i3 %a1, i3 %a2) {
; CHECK-LABEL: use_i3:		; CHECK-LABEL: use_i3:
; CHECK: # %bb.0:		; CHECK: # %bb.0:
		; CHECK-NEXT: pushl %eax
; CHECK-NEXT: movb {{[0-9]+}}(%esp), %al		; CHECK-NEXT: movb {{[0-9]+}}(%esp), %al
; CHECK-NEXT: andb $7, %al		; CHECK-NEXT: andb $7, %al
; CHECK-NEXT: cmpb {{[0-9]+}}(%esp), %al		; CHECK-NEXT: movb {{[0-9]+}}(%esp), %cl
		; CHECK-NEXT: andb $7, %cl
		; CHECK-NEXT: movb %cl, {{[0-9]+}}(%esp)
		; CHECK-NEXT: cmpb %cl, %al
; CHECK-NEXT: sete %al		; CHECK-NEXT: sete %al
		; CHECK-NEXT: popl %ecx
; CHECK-NEXT: retl		; CHECK-NEXT: retl
%tmp = alloca i3, align 4		%tmp = alloca i3
store i3 %a2, i3* %tmp, align 4		store i3 %a2, i3* %tmp
%l = load i3, i3* %tmp		%val = load i3, i3* %tmp
%res = icmp eq i3 %a1, %l		%res = icmp eq i3 %a1, %val
ret i1 %res		ret i1 %res
}		}