This is an archive of the discontinued LLVM Phabricator instance.

Differential D104342

[IR] convert warn-stack-size from module flag to fn attr
ClosedPublic

Authored by nickdesaulniers on Jun 15 2021, 5:18 PM.

Details

Reviewers
qcolombet
dblaikie
MaskRay
Commits
rG8ace12130526: [IR] convert warn-stack-size from module flag to fn attr
Summary

Otherwise, this causes issues when building with LTO for object files
that use different values.

Link: https://github.com/ClangBuiltLinux/linux/issues/1395

Diff Detail

Event Timeline

nickdesaulniers created this revision.Jun 15 2021, 5:18 PM
Herald added subscribers: dexonsmith, jdoerfert, pengfei, hiraditya. · View Herald TranscriptJun 15 2021, 5:18 PM
nickdesaulniers requested review of this revision.Jun 15 2021, 5:18 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptJun 15 2021, 5:18 PM
Herald added subscribers: llvm-commits, cfe-commits. · View Herald Transcript
dblaikie added a comment.Jun 15 2021, 5:48 PM

what're the rules about module level attributes like this? For instance: Does this affect/hinder inlining (if the attributes don't match between the caller and callee)? Other situations that might matter?

llvm/lib/CodeGen/PrologEpilogInserter.cpp
282

I guess the 0 value here is the default value if the value can't be parsed as an integer? Is that desirable? I guess maybe we should ignore it (use UINT_MAX here instead, maybe) and fail in the verifier.

But I guess if we fail in the verifier, then it doesn't really matter/shouldn't be tested what the behavior is here when presented with invalid IR.

(but this is a divergence from the module flag handling, which looks like it does silently ignore non-numeric values, by using UINT_MAX)

Harbormaster completed remote builds in B109425: Diff 352301.Jun 16 2021, 12:19 AM
nickdesaulniers added a comment.Jun 17 2021, 11:50 AM
In D104342#2820811, @dblaikie wrote:

what're the rules about module level attributes like this? For instance: Does this affect/hinder inlining (if the attributes don't match between the caller and callee)? Other situations that might matter?

I think you meant s/module level/function level/? That's a good question, one I had to think about a little bit. Here's my thoughts on the behavior this should exhibit, please let me know if you agree.

When using -Wframe-larger-than=<threshold> per TU, the developer wants to be alerted if any stack frame exceeds a threshold. The Linux kernel's use case is that the kernel's stack is limited to (usually) two pages (ulimit -s; typically 8KiB, but different architectures do support non-4KiB page sizes), so functions using more than 1KiB of stack are usually indicative of large objects being stack allocated that should have been heap allocated.

Currently, in C (and C with GNU extensions), there is no way to describe to the compiler function-grain specific values for -Wframe-larger-than=; rather than fine grain per function control, we only have coarse grain TU control.

So in the general case (non-LTO), we can only perform inline substitution at call sites visible from callers' definitions. Because there's no GNU C function attribute to change the current value of -Wframe-larger-than=, it's not possible for that value to differ between caller and callee. But with LTO; shit gets weird.

Suddenly now with LTO, we have cross TU (cross Module) visibility into call sites, so we can inline across TU/Module boundaries. Thus we can have an IR intermediary object with a call site where the caller's value of -Wframe-larger-than= differs from the callees! So the question is what should happen in such a case?

The extremely conservative approach which we have done in the past for certain mismatched function attributes is to simply not perform inline substitution, if we have no other options. This adds overhead to the inliner to check the XOR of attribute lists of the caller and callee for each call site.

But I *think* (and am open to sugguestions) that we should:

  1. permit inline substitution
  2. the caller's value of "warn-stack-size"= IR Fn Attr wins

I think this is ok because: if caller is defined in TU1 with -Wframe-larger-than= distinct from callee defined in TU2 with a different value of -Wframe-larger-than=, then we don't care what callee's value was. callee may even be DCE'd if it's inlined into a lone call site. I'd expect in such cases that callee's value was larger than caller's, in which case callee should be attributed no_inline for LTO if the tighter threshold for caller now warns. If callee's value was smaller than callers and we performed inline substitution, I think that's also perfectly fine, caller should not become "more strict."

Generally in the Linux kernel, we see a common value of -Wframe-larger-than= throughout most of the TUs, with only a few generally having a larger value to relax constraints a little. (Also, those relaxations are questionable, given the intent of -Wframe-larger-than= use in the kernel in the first place).

Let me add such a test to encode that intention; though I don't know yet what's involved/possible to implement. Let's see.

llvm/lib/CodeGen/PrologEpilogInserter.cpp
282

IIUC, the first parameter to getAsInteger is the Radix, not the default value on failure to parse. But it does return true on error, so I should check that here.

I also should add a verifier check for this new function attribute. While the "string key equals string value" attributes are quite flexible, it would be good to have some rigidity in requiring the string value to be parseable as an unsigned int.

nickdesaulniers added inline comments.Jun 17 2021, 12:41 PM
llvm/lib/CodeGen/PrologEpilogInserter.cpp
282

Oh, I should use base 10 as the radix, otherwise it will try to parse hex and binary literals.

dblaikie added a comment.Jun 17 2021, 1:56 PM
In D104342#2825357, @nickdesaulniers wrote:
In D104342#2820811, @dblaikie wrote:

what're the rules about module level attributes like this? For instance: Does this affect/hinder inlining (if the attributes don't match between the caller and callee)? Other situations that might matter?

I think you meant s/module level/function level/? That's a good question, one I had to think about a little bit. Here's my thoughts on the behavior this should exhibit, please let me know if you agree.

When using -Wframe-larger-than=<threshold> per TU, the developer wants to be alerted if any stack frame exceeds a threshold. The Linux kernel's use case is that the kernel's stack is limited to (usually) two pages (ulimit -s; typically 8KiB, but different architectures do support non-4KiB page sizes), so functions using more than 1KiB of stack are usually indicative of large objects being stack allocated that should have been heap allocated.

Currently, in C (and C with GNU extensions), there is no way to describe to the compiler function-grain specific values for -Wframe-larger-than=; rather than fine grain per function control, we only have coarse grain TU control.

So in the general case (non-LTO), we can only perform inline substitution at call sites visible from callers' definitions. Because there's no GNU C function attribute to change the current value of -Wframe-larger-than=, it's not possible for that value to differ between caller and callee. But with LTO; shit gets weird.

Suddenly now with LTO, we have cross TU (cross Module) visibility into call sites, so we can inline across TU/Module boundaries. Thus we can have an IR intermediary object with a call site where the caller's value of -Wframe-larger-than= differs from the callees! So the question is what should happen in such a case?

The extremely conservative approach which we have done in the past for certain mismatched function attributes is to simply not perform inline substitution, if we have no other options. This adds overhead to the inliner to check the XOR of attribute lists of the caller and callee for each call site.

But I *think* (and am open to sugguestions) that we should:

  1. permit inline substitution
  2. the caller's value of "warn-stack-size"= IR Fn Attr wins

I think this is ok because: if caller is defined in TU1 with -Wframe-larger-than= distinct from callee defined in TU2 with a different value of -Wframe-larger-than=, then we don't care what callee's value was. callee may even be DCE'd if it's inlined into a lone call site. I'd expect in such cases that callee's value was larger than caller's, in which case callee should be attributed no_inline for LTO if the tighter threshold for caller now warns. If callee's value was smaller than callers and we performed inline substitution, I think that's also perfectly fine, caller should not become "more strict."

Generally in the Linux kernel, we see a common value of -Wframe-larger-than= throughout most of the TUs, with only a few generally having a larger value to relax constraints a little. (Also, those relaxations are questionable, given the intent of -Wframe-larger-than= use in the kernel in the first place).

Let me add such a test to encode that intention; though I don't know yet what's involved/possible to implement. Let's see.

Sure, that all sounds pretty reasonable to me - mostly I was curious what the existing/default behavior is (if we do nothing other than what's already in this patch, how does the inliner handle different values/mismatched presence of warn-stack-size attributes, for instance) - to check that whatever it does seems reasonable/acceptable.

nickdesaulniers updated this revision to Diff 352841.Jun 17 2021, 2:10 PM
nickdesaulniers marked an inline comment as done.
  • verifier checks, inliner test, use base 10 radix
Harbormaster completed remote builds in B109802: Diff 352841.Jun 18 2021, 6:18 AM
dblaikie accepted this revision.Jun 18 2021, 12:02 PM

Sounds OK to me.

Another thing you might want to check is linkonce_odr functions - I guess you'll get an arbitrary choice between two linkonce_odr functions under LTO where they have different warn-stack-size? Maybe there's a way/place to merge and always pick the lower or upper value if there's one you think would be more right?

llvm/test/Transforms/Inline/warn-stack-size.ll
1 ↗(On Diff #352841)

Nice to see the test - though I probably wouldn't bother adding this test if this behavior already falls out of more general support in the inliner and the way it already handles attributes - the general behavior is likely already tested elsewhere? (though it'd be good to confirm that either in tests and/or the inliner code itself)

my original question was to confirm that the inliner already had accounted for this situation in a way that was desirable & it looks like/sounds like it is.

This revision is now accepted and ready to land.Jun 18 2021, 12:02 PM
nickdesaulniers updated this revision to Diff 353102.Jun 18 2021, 2:44 PM
  • fix lint, add linker test
nickdesaulniers added a comment.Jun 18 2021, 3:01 PM
In D104342#2827847, @dblaikie wrote:

Another thing you might want to check is linkonce_odr functions - I guess you'll get an arbitrary choice between two linkonce_odr functions under LTO where they have different warn-stack-size? Maybe there's a way/place to merge and always pick the lower or upper value if there's one you think would be more right?

I've added an llvm-link test for this. I'm not sure it adds any signal though here; I think the answer to such a question is "don't do that."

llvm/test/Transforms/Inline/warn-stack-size.ll
1 ↗(On Diff #352841)

AttributeFuncs::areInlineCompatible seems to define the disallow-list for mismatched function attributes.

AttributeFuncs::mergeAttributesForInlining() seems to be the merging strategy for certain function attributes.

I agree that this test just confirms that the implicit default merge strategy is used. I guess it would fail if someone unintentionally changed that, but I don't mind removing this test either. WDYT?

nickdesaulniers updated this revision to Diff 353110.Jun 18 2021, 3:07 PM
  • git add the Linker test!
dblaikie added a comment.Jun 18 2021, 4:52 PM
In D104342#2828193, @nickdesaulniers wrote:
In D104342#2827847, @dblaikie wrote:

Another thing you might want to check is linkonce_odr functions - I guess you'll get an arbitrary choice between two linkonce_odr functions under LTO where they have different warn-stack-size? Maybe there's a way/place to merge and always pick the lower or upper value if there's one you think would be more right?

I've added an llvm-link test for this. I'm not sure it adds any signal though here; I think the answer to such a question is "don't do that."

I don't think it's as easy as "don't do that". Unless someone passes exactly the same flags to every compilation (which they won't, that's why this is being implemented as a function attribute) then it'll be really easy for an inline function in a header (say, std::vector<int>::size - something easy for two unrelated translation units to use) in two different translation units each with a different warn-stack-size flag and so to get somewhat arbitrary behavior about how that function is warned on.

For instance: maybe the function doesn't get a warning because a copy with a higher warn-stack-size value is picked, until the translation unit using that higher value is refactored and starts using std::list instead of std::vector... and now some other TU's std::vector is picked, with a lower warn-stack-size value and breaks the build (assuming -Werror)...

llvm/test/Transforms/Inline/warn-stack-size.ll
1 ↗(On Diff #352841)

generally I wouldn't add a test like this, or the LTO one - I'd just confirm that their features are separately tested and the behavior that's desired for how I want to use the feature (eg: I wouldn't test that the add instruction lowers to some machine code in my optimization - I'd confirm the add instruction has the desired semantics for whatever transformation I want to perform)

Harbormaster completed remote builds in B110004: Diff 353110.Jun 19 2021, 11:28 AM
MaskRay accepted this revision.Jun 21 2021, 1:51 PM
MaskRay added a subscriber: MaskRay.

Agree that a function attribute is more appropriate considering the LTO behavior.

llvm/docs/LangRef.rst
2052

In for once, is for redundant?

2054

Abbreviated as a non-negative integer

MaskRay added a comment.Jun 21 2021, 1:53 PM

module attr

module flag metadata (or module flag) is more appropriate.

nickdesaulniers retitled this revision from [IR] convert warn-stack-size from module attr to fn attr to [IR] convert warn-stack-size from module flag to fn attr.Jun 21 2021, 2:26 PM
nickdesaulniers updated this revision to Diff 353499.Jun 21 2021, 2:48 PM
nickdesaulniers marked 2 inline comments as done.
nickdesaulniers edited the summary of this revision. (Show Details)
  • fix langref, delete inline and linker tests
nickdesaulniers marked 2 inline comments as done.Jun 21 2021, 2:49 PM
In D104342#2828388, @dblaikie wrote:
In D104342#2828193, @nickdesaulniers wrote:
In D104342#2827847, @dblaikie wrote:

Another thing you might want to check is linkonce_odr functions - I guess you'll get an arbitrary choice between two linkonce_odr functions under LTO where they have different warn-stack-size? Maybe there's a way/place to merge and always pick the lower or upper value if there's one you think would be more right?

I've added an llvm-link test for this. I'm not sure it adds any signal though here; I think the answer to such a question is "don't do that."

I don't think it's as easy as "don't do that". Unless someone passes exactly the same flags to every compilation (which they won't, that's why this is being implemented as a function attribute) then it'll be really easy for an inline function in a header (say, std::vector<int>::size - something easy for two unrelated translation units to use) in two different translation units each with a different warn-stack-size flag and so to get somewhat arbitrary behavior about how that function is warned on.

Ah, ok that's which language construct can produce linkonce_odr. Fair point.

For instance: maybe the function doesn't get a warning because a copy with a higher warn-stack-size value is picked, until the translation unit using that higher value is refactored and starts using std::list instead of std::vector... and now some other TU's std::vector is picked, with a lower warn-stack-size value and breaks the build (assuming -Werror)...

This seems like a general problem perhaps with linking IR? Perhaps IRLinker::copyFunctionProto or IRLinker::mapAttributeTypes should try to do something here, though I'm not sure yet which policy would be preferred?

nickdesaulniers added a comment.Jun 21 2021, 2:53 PM

As a heads up, this will conflict with D104667.

dblaikie accepted this revision.Jun 21 2021, 2:55 PM
In D104342#2831703, @nickdesaulniers wrote:
In D104342#2828388, @dblaikie wrote:
In D104342#2828193, @nickdesaulniers wrote:
In D104342#2827847, @dblaikie wrote:

Another thing you might want to check is linkonce_odr functions - I guess you'll get an arbitrary choice between two linkonce_odr functions under LTO where they have different warn-stack-size? Maybe there's a way/place to merge and always pick the lower or upper value if there's one you think would be more right?

I've added an llvm-link test for this. I'm not sure it adds any signal though here; I think the answer to such a question is "don't do that."

I don't think it's as easy as "don't do that". Unless someone passes exactly the same flags to every compilation (which they won't, that's why this is being implemented as a function attribute) then it'll be really easy for an inline function in a header (say, std::vector<int>::size - something easy for two unrelated translation units to use) in two different translation units each with a different warn-stack-size flag and so to get somewhat arbitrary behavior about how that function is warned on.

Ah, ok that's which language construct can produce linkonce_odr. Fair point.

For instance: maybe the function doesn't get a warning because a copy with a higher warn-stack-size value is picked, until the translation unit using that higher value is refactored and starts using std::list instead of std::vector... and now some other TU's std::vector is picked, with a lower warn-stack-size value and breaks the build (assuming -Werror)...

This seems like a general problem perhaps with linking IR? Perhaps IRLinker::copyFunctionProto or IRLinker::mapAttributeTypes should try to do something here, though I'm not sure yet which policy would be preferred?

I don't know that there's a good answer (in more extreme cases - like different optimization levels or CPU features, at least at Google our answer has ended up being "compile the whole program with the right CPU features, because there's no great way to support good optimizations while respecting CPU features on a per-function basis"), basically - so this was more a "heads up, this is going to be possibly unavoidably messy/unreliable on the edges".

Probably worth at least writing up the risk/instability in the docs for the warning (in clang) and attribute (in llvm). (don't mind if that's in this patch or a follow-up).

(why I think there's no solution to this: any rule (highest wins, lowest wins, mismatch fails to compile) will create surprising/problematic effects, eg: you have one TU with the function in it and some value for the attribute - a new TU could introduce a copy of the function with a higher or lower value - and whichever choice of policy would then cause problems for one case or the other case. (either enforcing a stronger warning level on code that didn't ask for it, or slackening the warning level for code that thought it was protected by the warning))

nickdesaulniers added a comment.Jun 21 2021, 3:05 PM
In D104342#2831717, @dblaikie wrote:

I don't know that there's a good answer (in more extreme cases - like different optimization levels or CPU features, at least at Google our answer has ended up being "compile the whole program with the right CPU features, because there's no great way to support good optimizations while respecting CPU features on a per-function basis"), basically - so this was more a "heads up, this is going to be possibly unavoidably messy/unreliable on the edges".

Probably worth at least writing up the risk/instability in the docs for the warning (in clang) and attribute (in llvm). (don't mind if that's in this patch or a follow-up).

Sure. Let me land this, since we (Google & ClangBuiltLinux) have some tests and builds failing due to https://reviews.llvm.org/D103928. I will then send a follow up for us to iterate on in regards to documenting this more.

(why I think there's no solution to this: any rule (highest wins, lowest wins, mismatch fails to compile) will create surprising/problematic effects, eg: you have one TU with the function in it and some value for the attribute - a new TU could introduce a copy of the function with a higher or lower value - and whichever choice of policy would then cause problems for one case or the other case. (either enforcing a stronger warning level on code that didn't ask for it, or slackening the warning level for code that thought it was protected by the warning))

I agree. I don't think even having a function attribute in C for -Wframe-larger-than would resolve such policy issues either.

dblaikie added a comment.Jun 21 2021, 3:09 PM
In D104342#2831733, @nickdesaulniers wrote:
In D104342#2831717, @dblaikie wrote:

I don't know that there's a good answer (in more extreme cases - like different optimization levels or CPU features, at least at Google our answer has ended up being "compile the whole program with the right CPU features, because there's no great way to support good optimizations while respecting CPU features on a per-function basis"), basically - so this was more a "heads up, this is going to be possibly unavoidably messy/unreliable on the edges".

Probably worth at least writing up the risk/instability in the docs for the warning (in clang) and attribute (in llvm). (don't mind if that's in this patch or a follow-up).

Sure. Let me land this, since we (Google & ClangBuiltLinux) have some tests and builds failing due to https://reviews.llvm.org/D103928. I will then send a follow up for us to iterate on in regards to documenting this more.

(why I think there's no solution to this: any rule (highest wins, lowest wins, mismatch fails to compile) will create surprising/problematic effects, eg: you have one TU with the function in it and some value for the attribute - a new TU could introduce a copy of the function with a higher or lower value - and whichever choice of policy would then cause problems for one case or the other case. (either enforcing a stronger warning level on code that didn't ask for it, or slackening the warning level for code that thought it was protected by the warning))

I agree. I don't think even having a function attribute in C for -Wframe-larger-than would resolve such policy issues either.

At least then we could probably say it's an ODR violation (the two function definitions would be not the same if the user wrote the attribute differently for two definitions of the inline function in two different translation units) to have the function declared with different values for the attribute within the same program (so you could still compile two different files (that include a common header with a common function with the attribute specified there) with different values for the command line flag - because the function would get a consistent attribute value for the warning) - and then the linker could actually reject it on mismatch. But with the attribute currently coming from the command line, that's not feasible.

This revision was landed with ongoing or failed builds.Jun 21 2021, 3:16 PM
Closed by commit rG8ace12130526: [IR] convert warn-stack-size from module flag to fn attr (authored by nickdesaulniers). · Explain Why
This revision was automatically updated to reflect the committed changes.
nickdesaulniers added a commit: rG8ace12130526: [IR] convert warn-stack-size from module flag to fn attr.
Harbormaster completed remote builds in B110300: Diff 353499.Jun 21 2021, 4:07 PM
nickdesaulniers mentioned this in D104736: [LangRef] add note to warn-frame-size about ODR.Jun 22 2021, 12:10 PM
nickdesaulniers added a comment.Jun 22 2021, 12:10 PM
In D104342#2831738, @dblaikie wrote:
In D104342#2831717, @dblaikie wrote:

Probably worth at least writing up the risk/instability in the docs for the warning (in clang) and attribute (in llvm). (don't mind if that's in this patch or a follow-up).

I would think https://clang.llvm.org/docs/DiagnosticsReference.html#wframe-larger-than would be an appropriate place to document this for -Wframe-larger-than=, but it seems this whole page is generated via TableGen. It's not clear to me how we could insert such a note.

Langref changes: https://reviews.llvm.org/D104736.

At least then we could probably say it's an ODR violation (the two function definitions would be not the same if the user wrote the attribute differently for two definitions of the inline function in two different translation units) to have the function declared with different values for the attribute within the same program (so you could still compile two different files (that include a common header with a common function with the attribute specified there) with different values for the command line flag - because the function would get a consistent attribute value for the warning) - and then the linker could actually reject it on mismatch. But with the attribute currently coming from the command line, that's not feasible.

dblaikie added a subscriber: aaron.ballman.Jun 22 2021, 12:55 PM
In D104342#2834119, @nickdesaulniers wrote:
In D104342#2831738, @dblaikie wrote:
In D104342#2831717, @dblaikie wrote:

Probably worth at least writing up the risk/instability in the docs for the warning (in clang) and attribute (in llvm). (don't mind if that's in this patch or a follow-up).

I would think https://clang.llvm.org/docs/DiagnosticsReference.html#wframe-larger-than would be an appropriate place to document this for -Wframe-larger-than=, but it seems this whole page is generated via TableGen. It's not clear to me how we could insert such a note.

Yeah, I don't think we have a way to add more verbose/custom documentation for diagnostics. (@aaron.ballman might have some ideas)

Langref changes: https://reviews.llvm.org/D104736.

Thanks!

aaron.ballman added a comment.Jun 23 2021, 8:53 AM
In D104342#2834240, @dblaikie wrote:
In D104342#2834119, @nickdesaulniers wrote:

I would think https://clang.llvm.org/docs/DiagnosticsReference.html#wframe-larger-than would be an appropriate place to document this for -Wframe-larger-than=, but it seems this whole page is generated via TableGen. It's not clear to me how we could insert such a note.

Yeah, I don't think we have a way to add more verbose/custom documentation for diagnostics. (@aaron.ballman might have some ideas)

I'm not aware of any way to do that today -- it would require more machinery for generating the diagnostic documentation, which is made harder by this particular diagnostic being a backend one that's not written out from tablegen.

dblaikie added a comment.Jun 23 2021, 9:03 AM
In D104342#2836222, @aaron.ballman wrote:
In D104342#2834240, @dblaikie wrote:
In D104342#2834119, @nickdesaulniers wrote:

I would think https://clang.llvm.org/docs/DiagnosticsReference.html#wframe-larger-than would be an appropriate place to document this for -Wframe-larger-than=, but it seems this whole page is generated via TableGen. It's not clear to me how we could insert such a note.

Yeah, I don't think we have a way to add more verbose/custom documentation for diagnostics. (@aaron.ballman might have some ideas)

I'm not aware of any way to do that today -- it would require more machinery for generating the diagnostic documentation, which is made harder by this particular diagnostic being a backend one that's not written out from tablegen.

Fair enough - thanks for the context!

nickdesaulniers mentioned this in rG24d48d45cc30: [LangRef] add note to warn-frame-size about ODR.Jun 23 2021, 4:31 PM

Revision Contents

PathSize
clang/
lib/
CodeGen/
4 lines
2 lines
test/
Frontend/
4 lines
llvm/
docs/
5 lines
include/
llvm/
IR/
4 lines
lib/
CodeGen/
11 lines
IR/
11 lines
36 lines
test/
CodeGen/
ARM/
7 lines
X86/
7 lines
Linker/
Verifier/
10 lines

Diff 353501

clang/lib/CodeGen/CodeGenFunction.cpp

Show First 20 LinesShow All 1,047 Lines▼ Show 20 Lines#undef SANITIZER
if (CGM.getCodeGenOpts().PackedStack) { if (CGM.getCodeGenOpts().PackedStack) {
if (getContext().getTargetInfo().getTriple().getArch() != if (getContext().getTargetInfo().getTriple().getArch() !=
llvm::Triple::systemz) llvm::Triple::systemz)
CGM.getDiags().Report(diag::err_opt_not_valid_on_target) CGM.getDiags().Report(diag::err_opt_not_valid_on_target)
<< "-mpacked-stack"; << "-mpacked-stack";
Fn->addFnAttr("packed-stack"); Fn->addFnAttr("packed-stack");
} }
if (CGM.getCodeGenOpts().WarnStackSize != UINT_MAX)
Fn->addFnAttr("warn-stack-size",
std::to_string(CGM.getCodeGenOpts().WarnStackSize));
if (RetTy->isVoidType()) { if (RetTy->isVoidType()) {
// Void type; nothing to return. // Void type; nothing to return.
ReturnValue = Address::invalid(); ReturnValue = Address::invalid();
// Count the implicit return. // Count the implicit return.
if (!endsWithReturn(D)) if (!endsWithReturn(D))
++NumReturnExprs; ++NumReturnExprs;
} else if (CurFnInfo->getReturnInfo().getKind() == ABIArgInfo::Indirect) { } else if (CurFnInfo->getReturnInfo().getKind() == ABIArgInfo::Indirect) {
▲ Show 20 LinesShow All 1,629 LinesShow Last 20 Lines

clang/lib/CodeGen/CodeGenModule.cpp

Show First 20 LinesShow All 781 Lines▼ Show 20 Linesvoid CodeGenModule::Release() {
if (!getCodeGenOpts().StackProtectorGuardReg.empty()) if (!getCodeGenOpts().StackProtectorGuardReg.empty())
getModule().setStackProtectorGuardReg( getModule().setStackProtectorGuardReg(
getCodeGenOpts().StackProtectorGuardReg); getCodeGenOpts().StackProtectorGuardReg);
if (getCodeGenOpts().StackProtectorGuardOffset != INT_MAX) if (getCodeGenOpts().StackProtectorGuardOffset != INT_MAX)
getModule().setStackProtectorGuardOffset( getModule().setStackProtectorGuardOffset(
getCodeGenOpts().StackProtectorGuardOffset); getCodeGenOpts().StackProtectorGuardOffset);
if (getCodeGenOpts().StackAlignment) if (getCodeGenOpts().StackAlignment)
getModule().setOverrideStackAlignment(getCodeGenOpts().StackAlignment); getModule().setOverrideStackAlignment(getCodeGenOpts().StackAlignment);
if (getCodeGenOpts().WarnStackSize != UINT_MAX)
getModule().setWarnStackSize(getCodeGenOpts().WarnStackSize);
getTargetCodeGenInfo().emitTargetMetadata(*this, MangledDeclNames); getTargetCodeGenInfo().emitTargetMetadata(*this, MangledDeclNames);
EmitBackendOptionsMetadata(getCodeGenOpts()); EmitBackendOptionsMetadata(getCodeGenOpts());
// Set visibility from DLL storage class // Set visibility from DLL storage class
// We do this at the end of LLVM IR generation; after any operation // We do this at the end of LLVM IR generation; after any operation
// that might affect the DLL storage class or the visibility, and // that might affect the DLL storage class or the visibility, and
▲ Show 20 LinesShow All 5,632 LinesShow Last 20 Lines

clang/test/Frontend/fwarn-stack-size.c

  • This file was added.
// RUN: %clang_cc1 -fwarn-stack-size=42 -emit-llvm -o - %s | FileCheck %s
void foo(void) {}
// CHECK: define {{.*}} @foo() [[ATTR:#[0-9]+]] {
// CHECK: attributes [[ATTR]] = {{.*}} "warn-stack-size"="42"

llvm/docs/LangRef.rst

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 2,042 Lines▼ Show 20 Lines``mustprogress``
attribute is intended to model the requirements of the first section of attribute is intended to model the requirements of the first section of
[intro.progress] of the C++ Standard. As a consequence, a loop in a [intro.progress] of the C++ Standard. As a consequence, a loop in a
function with the `mustprogress` attribute can be assumed to terminate if function with the `mustprogress` attribute can be assumed to terminate if
it does not interact with the environment in an observable way, and it does not interact with the environment in an observable way, and
terminating loops without side-effects can be removed. If a `mustprogress` terminating loops without side-effects can be removed. If a `mustprogress`
function does not satisfy this contract, the behavior is undefined. This function does not satisfy this contract, the behavior is undefined. This
attribute does not apply transitively to callees, but does apply to call attribute does not apply transitively to callees, but does apply to call
sites within the function. Note that `willreturn` implies `mustprogress`. sites within the function. Note that `willreturn` implies `mustprogress`.
``"warn-stack-size"="<threshold>"``
This attribute sets a threshold to emit diagnostics once the frame size is
MaskRayUnsubmitted
Done
ReplyInline Actions

In for once, is for redundant?

MaskRay: In `for once`, is `for` redundant?
known should the frame size exceed the specified value. It takes one
required integer value, which should be a non-negative integer, and less
MaskRayUnsubmitted
Done
ReplyInline Actions

Abbreviated as a non-negative integer

MaskRay: Abbreviated as a non-negative integer
than `UINT_MAX`.
``vscale_range(<min>[, <max>])`` ``vscale_range(<min>[, <max>])``
This attribute indicates the minimum and maximum vscale value for the given This attribute indicates the minimum and maximum vscale value for the given
function. A value of 0 means unbounded. If the optional max value is omitted function. A value of 0 means unbounded. If the optional max value is omitted
then max is set to the value of min. If the attribute is not present, no then max is set to the value of min. If the attribute is not present, no
assumptions are made about the range of vscale. assumptions are made about the range of vscale.
Call Site Attributes Call Site Attributes
---------------------- ----------------------
▲ Show 20 LinesShow All 20,461 LinesShow Last 20 Lines

llvm/include/llvm/IR/Module.h

Show First 20 LinesShow All 907 Lines▼ Show 20 Lines/// @}
/// Get/set what offset from the stack protector to use. /// Get/set what offset from the stack protector to use.
int getStackProtectorGuardOffset() const; int getStackProtectorGuardOffset() const;
void setStackProtectorGuardOffset(int Offset); void setStackProtectorGuardOffset(int Offset);
/// Get/set the stack alignment overridden from the default. /// Get/set the stack alignment overridden from the default.
unsigned getOverrideStackAlignment() const; unsigned getOverrideStackAlignment() const;
void setOverrideStackAlignment(unsigned Align); void setOverrideStackAlignment(unsigned Align);
/// Get/set the stack frame size threshold to warn on.
unsigned getWarnStackSize() const;
void setWarnStackSize(unsigned Threshold);
/// @name Utility functions for querying and setting the build SDK version /// @name Utility functions for querying and setting the build SDK version
/// @{ /// @{
/// Attach a build SDK version metadata to this module. /// Attach a build SDK version metadata to this module.
void setSDKVersion(const VersionTuple &V); void setSDKVersion(const VersionTuple &V);
/// Get the build SDK version metadata. /// Get the build SDK version metadata.
/// ///
Show All 38 Lines

llvm/lib/CodeGen/PrologEpilogInserter.cpp

Show First 20 LinesShow All 268 Lines▼ Show 20 Linesbool PEI::runOnMachineFunction(MachineFunction &MF) {
// inserted. // inserted.
if (TRI->requiresRegisterScavenging(MF) && FrameIndexVirtualScavenging) if (TRI->requiresRegisterScavenging(MF) && FrameIndexVirtualScavenging)
scavengeFrameVirtualRegs(MF, *RS); scavengeFrameVirtualRegs(MF, *RS);
// Warn on stack size when we exceeds the given limit. // Warn on stack size when we exceeds the given limit.
MachineFrameInfo &MFI = MF.getFrameInfo(); MachineFrameInfo &MFI = MF.getFrameInfo();
uint64_t StackSize = MFI.getStackSize(); uint64_t StackSize = MFI.getStackSize();
unsigned Threshold = MF.getFunction().getParent()->getWarnStackSize(); unsigned Threshold = UINT_MAX;
if (MF.getFunction().hasFnAttribute("warn-stack-size")) {
bool Failed = MF.getFunction()
.getFnAttribute("warn-stack-size")
.getValueAsString()
.getAsInteger(10, Threshold);
dblaikieUnsubmitted
Done
ReplyInline Actions

I guess the 0 value here is the default value if the value can't be parsed as an integer? Is that desirable? I guess maybe we should ignore it (use UINT_MAX here instead, maybe) and fail in the verifier.

But I guess if we fail in the verifier, then it doesn't really matter/shouldn't be tested what the behavior is here when presented with invalid IR.

(but this is a divergence from the module flag handling, which looks like it does silently ignore non-numeric values, by using UINT_MAX)

dblaikie: I guess the 0 value here is the default value if the value can't be parsed as an integer? Is…
nickdesaulniersAuthorUnsubmitted
Done
ReplyInline Actions

IIUC, the first parameter to getAsInteger is the Radix, not the default value on failure to parse. But it does return true on error, so I should check that here.

I also should add a verifier check for this new function attribute. While the "string key equals string value" attributes are quite flexible, it would be good to have some rigidity in requiring the string value to be parseable as an unsigned int.

nickdesaulniers: IIUC, the first parameter to `getAsInteger` is the `Radix`, not the default value on failure to…
nickdesaulniersAuthorUnsubmitted
Done
ReplyInline Actions

Oh, I should use base 10 as the radix, otherwise it will try to parse hex and binary literals.

nickdesaulniers: Oh, I should use base 10 as the radix, otherwise it will try to parse hex and binary literals.
// Verifier should have caught this.
assert(!Failed && "Invalid warn-stack-size fn attr value");
(void)Failed;
}
if (StackSize > Threshold) { if (StackSize > Threshold) {
DiagnosticInfoStackSize DiagStackSize(F, StackSize); DiagnosticInfoStackSize DiagStackSize(F, StackSize);
F.getContext().diagnose(DiagStackSize); F.getContext().diagnose(DiagStackSize);
} }
ORE->emit([&]() { ORE->emit([&]() {
return MachineOptimizationRemarkAnalysis(DEBUG_TYPE, "StackSize", return MachineOptimizationRemarkAnalysis(DEBUG_TYPE, "StackSize",
MF.getFunction().getSubprogram(), MF.getFunction().getSubprogram(),
&MF.front()) &MF.front())
▲ Show 20 LinesShow All 1,051 LinesShow Last 20 Lines

llvm/lib/IR/Module.cpp

Show First 20 LinesShow All 726 Lines▼ Show 20 Lines if (auto *CI = mdconst::dyn_extract_or_null<ConstantInt>(MD))
return CI->getZExtValue(); return CI->getZExtValue();
return 0; return 0;
} }
void Module::setOverrideStackAlignment(unsigned Align) { void Module::setOverrideStackAlignment(unsigned Align) {
addModuleFlag(ModFlagBehavior::Error, "override-stack-alignment", Align); addModuleFlag(ModFlagBehavior::Error, "override-stack-alignment", Align);
} }
unsigned Module::getWarnStackSize() const {
Metadata *MD = getModuleFlag("warn-stack-size");
if (auto *CI = mdconst::dyn_extract_or_null<ConstantInt>(MD))
return CI->getZExtValue();
return UINT_MAX;
}
void Module::setWarnStackSize(unsigned Threshold) {
addModuleFlag(ModFlagBehavior::Error, "warn-stack-size", Threshold);
}
void Module::setSDKVersion(const VersionTuple &V) { void Module::setSDKVersion(const VersionTuple &V) {
SmallVector<unsigned, 3> Entries; SmallVector<unsigned, 3> Entries;
Entries.push_back(V.getMajor()); Entries.push_back(V.getMajor());
if (auto Minor = V.getMinor()) { if (auto Minor = V.getMinor()) {
Entries.push_back(*Minor); Entries.push_back(*Minor);
if (auto Subminor = V.getSubminor()) if (auto Subminor = V.getSubminor())
Entries.push_back(*Subminor); Entries.push_back(*Subminor);
// Ignore the 'build' component as it can't be represented in the object // Ignore the 'build' component as it can't be represented in the object
▲ Show 20 LinesShow All 65 LinesShow Last 20 Lines

llvm/lib/IR/Verifier.cpp

Show First 20 LinesShow All 537 Lines▼ Show 20 Lines#include "llvm/IR/Metadata.def"
void verifySwiftErrorCall(CallBase &Call, const Value *SwiftErrorVal); void verifySwiftErrorCall(CallBase &Call, const Value *SwiftErrorVal);
void verifySwiftErrorValue(const Value *SwiftErrorVal); void verifySwiftErrorValue(const Value *SwiftErrorVal);
void verifyTailCCMustTailAttrs(AttrBuilder Attrs, StringRef Context); void verifyTailCCMustTailAttrs(AttrBuilder Attrs, StringRef Context);
void verifyMustTailCall(CallInst &CI); void verifyMustTailCall(CallInst &CI);
bool verifyAttributeCount(AttributeList Attrs, unsigned Params); bool verifyAttributeCount(AttributeList Attrs, unsigned Params);
void verifyAttributeTypes(AttributeSet Attrs, bool IsFunction, void verifyAttributeTypes(AttributeSet Attrs, bool IsFunction,
const Value *V); const Value *V);
void verifyParameterAttrs(AttributeSet Attrs, Type *Ty, const Value *V); void verifyParameterAttrs(AttributeSet Attrs, Type *Ty, const Value *V);
void checkUnsignedBaseTenFuncAttr(AttributeList Attrs, StringRef Attr,
const Value *V);
void verifyFunctionAttrs(FunctionType *FT, AttributeList Attrs, void verifyFunctionAttrs(FunctionType *FT, AttributeList Attrs,
const Value *V, bool IsIntrinsic); const Value *V, bool IsIntrinsic);
void verifyFunctionMetadata(ArrayRef<std::pair<unsigned, MDNode *>> MDs); void verifyFunctionMetadata(ArrayRef<std::pair<unsigned, MDNode *>> MDs);
void visitConstantExprsRecursively(const Constant *EntryC); void visitConstantExprsRecursively(const Constant *EntryC);
void visitConstantExpr(const ConstantExpr *CE); void visitConstantExpr(const ConstantExpr *CE);
void verifyStatepoint(const CallBase &Call); void verifyStatepoint(const CallBase &Call);
void verifyFrameRecoverIndices(); void verifyFrameRecoverIndices();
▲ Show 20 LinesShow All 1,340 Lines▼ Show 20 Lines Assert(!Attrs.hasAttribute(Attribute::ByRef),
V); V);
Assert(!Attrs.hasAttribute(Attribute::SwiftError), Assert(!Attrs.hasAttribute(Attribute::SwiftError),
"Attribute 'swifterror' only applies to parameters " "Attribute 'swifterror' only applies to parameters "
"with pointer type!", "with pointer type!",
V); V);
} }
} }
void Verifier::checkUnsignedBaseTenFuncAttr(AttributeList Attrs, StringRef Attr,
const Value *V) {
if (Attrs.hasFnAttribute(Attr)) {
StringRef S = Attrs.getAttribute(AttributeList::FunctionIndex, Attr)
.getValueAsString();
unsigned N;
if (S.getAsInteger(10, N))
CheckFailed("\"" + Attr + "\" takes an unsigned integer: " + S, V);
}
}
// Check parameter attributes against a function type. // Check parameter attributes against a function type.
// The value V is printed in error messages. // The value V is printed in error messages.
void Verifier::verifyFunctionAttrs(FunctionType *FT, AttributeList Attrs, void Verifier::verifyFunctionAttrs(FunctionType *FT, AttributeList Attrs,
const Value *V, bool IsIntrinsic) { const Value *V, bool IsIntrinsic) {
if (Attrs.isEmpty()) if (Attrs.isEmpty())
return; return;
if (AttributeListsVisited.insert(Attrs.getRawPointer()).second) { if (AttributeListsVisited.insert(Attrs.getRawPointer()).second) {
▲ Show 20 LinesShow All 183 Lines▼ Show 20 Linesvoid Verifier::verifyFunctionAttrs(FunctionType *FT, AttributeList Attrs,
if (Attrs.hasFnAttribute("frame-pointer")) { if (Attrs.hasFnAttribute("frame-pointer")) {
StringRef FP = Attrs.getAttribute(AttributeList::FunctionIndex, StringRef FP = Attrs.getAttribute(AttributeList::FunctionIndex,
"frame-pointer").getValueAsString(); "frame-pointer").getValueAsString();
if (FP != "all" && FP != "non-leaf" && FP != "none") if (FP != "all" && FP != "non-leaf" && FP != "none")
CheckFailed("invalid value for 'frame-pointer' attribute: " + FP, V); CheckFailed("invalid value for 'frame-pointer' attribute: " + FP, V);
} }
if (Attrs.hasFnAttribute("patchable-function-prefix")) { checkUnsignedBaseTenFuncAttr(Attrs, "patchable-function-prefix", V);
StringRef S = Attrs checkUnsignedBaseTenFuncAttr(Attrs, "patchable-function-entry", V);
.getAttribute(AttributeList::FunctionIndex, checkUnsignedBaseTenFuncAttr(Attrs, "warn-stack-size", V);
"patchable-function-prefix")
.getValueAsString();
unsigned N;
if (S.getAsInteger(10, N))
CheckFailed(
"\"patchable-function-prefix\" takes an unsigned integer: " + S, V);
}
if (Attrs.hasFnAttribute("patchable-function-entry")) {
StringRef S = Attrs
.getAttribute(AttributeList::FunctionIndex,
"patchable-function-entry")
.getValueAsString();
unsigned N;
if (S.getAsInteger(10, N))
CheckFailed(
"\"patchable-function-entry\" takes an unsigned integer: " + S, V);
}
} }
void Verifier::verifyFunctionMetadata( void Verifier::verifyFunctionMetadata(
ArrayRef<std::pair<unsigned, MDNode *>> MDs) { ArrayRef<std::pair<unsigned, MDNode *>> MDs) {
for (const auto &Pair : MDs) { for (const auto &Pair : MDs) {
if (Pair.first == LLVMContext::MD_prof) { if (Pair.first == LLVMContext::MD_prof) {
MDNode *MD = Pair.second; MDNode *MD = Pair.second;
Assert(MD->getNumOperands() >= 2, Assert(MD->getNumOperands() >= 2,
▲ Show 20 LinesShow All 4,099 LinesShow Last 20 Lines

llvm/test/CodeGen/ARM/warn-stack.ll

; RUN: llc -mtriple thumbv7-apple-ios3.0.0 < %s 2>&1 >/dev/null | FileCheck %s ; RUN: llc -mtriple thumbv7-apple-ios3.0.0 < %s 2>&1 >/dev/null | FileCheck %s
; Check the internal option that warns when the stack size exceeds the ; Check the internal option that warns when the stack size exceeds the
; given amount. ; given amount.
; <rdar://13987214> ; <rdar://13987214>
; CHECK-NOT: nowarn ; CHECK-NOT: nowarn
define void @nowarn() nounwind ssp "frame-pointer"="all" { define void @nowarn() nounwind ssp "frame-pointer"="all" "warn-stack-size"="80" {
entry: entry:
%buffer = alloca [12 x i8], align 1 %buffer = alloca [12 x i8], align 1
%arraydecay = getelementptr inbounds [12 x i8], [12 x i8]* %buffer, i64 0, i64 0 %arraydecay = getelementptr inbounds [12 x i8], [12 x i8]* %buffer, i64 0, i64 0
call void @doit(i8* %arraydecay) nounwind call void @doit(i8* %arraydecay) nounwind
ret void ret void
} }
; CHECK: warning: stack size limit exceeded (92) in warn ; CHECK: warning: stack size limit exceeded (92) in warn
define void @warn() nounwind ssp "frame-pointer"="all" { define void @warn() nounwind ssp "frame-pointer"="all" "warn-stack-size"="80" {
entry: entry:
%buffer = alloca [80 x i8], align 1 %buffer = alloca [80 x i8], align 1
%arraydecay = getelementptr inbounds [80 x i8], [80 x i8]* %buffer, i64 0, i64 0 %arraydecay = getelementptr inbounds [80 x i8], [80 x i8]* %buffer, i64 0, i64 0
call void @doit(i8* %arraydecay) nounwind call void @doit(i8* %arraydecay) nounwind
ret void ret void
} }
declare void @doit(i8*) declare void @doit(i8*)
!llvm.module.flags = !{!0}
!0 = !{i32 1, !"warn-stack-size", i32 80}

llvm/test/CodeGen/X86/warn-stack.ll

; RUN: llc -mtriple x86_64-apple-macosx10.8.0 < %s 2>&1 >/dev/null | FileCheck %s ; RUN: llc -mtriple x86_64-apple-macosx10.8.0 < %s 2>&1 >/dev/null | FileCheck %s
; Check the internal option that warns when the stack size exceeds the ; Check the internal option that warns when the stack size exceeds the
; given amount. ; given amount.
; <rdar://13987214> ; <rdar://13987214>
; CHECK-NOT: nowarn ; CHECK-NOT: nowarn
define void @nowarn() nounwind ssp { define void @nowarn() nounwind ssp "warn-stack-size"="80" {
entry: entry:
%buffer = alloca [12 x i8], align 1 %buffer = alloca [12 x i8], align 1
%arraydecay = getelementptr inbounds [12 x i8], [12 x i8]* %buffer, i64 0, i64 0 %arraydecay = getelementptr inbounds [12 x i8], [12 x i8]* %buffer, i64 0, i64 0
call void @doit(i8* %arraydecay) nounwind call void @doit(i8* %arraydecay) nounwind
ret void ret void
} }
; CHECK: warning: stack size limit exceeded (88) in warn ; CHECK: warning: stack size limit exceeded (88) in warn
define void @warn() nounwind ssp { define void @warn() nounwind ssp "warn-stack-size"="80" {
entry: entry:
%buffer = alloca [80 x i8], align 1 %buffer = alloca [80 x i8], align 1
%arraydecay = getelementptr inbounds [80 x i8], [80 x i8]* %buffer, i64 0, i64 0 %arraydecay = getelementptr inbounds [80 x i8], [80 x i8]* %buffer, i64 0, i64 0
call void @doit(i8* %arraydecay) nounwind call void @doit(i8* %arraydecay) nounwind
ret void ret void
} }
declare void @doit(i8*) declare void @doit(i8*)
!llvm.module.flags = !{!0}
!0 = !{i32 1, !"warn-stack-size", i32 80}

llvm/test/Linker/warn-stack-frame.ll

  • This file was deleted.
; RUN: split-file %s %t
; RUN: llvm-link %t/main.ll %t/match.ll
; RUN: not llvm-link %t/main.ll %t/mismatch.ll 2>&1 | \
; RUN: FileCheck --check-prefix=CHECK-MISMATCH %s
; CHECK-MISMATCH: error: linking module flags 'warn-stack-size': IDs have conflicting values
;--- main.ll
!llvm.module.flags = !{!0}
!0 = !{i32 1, !"warn-stack-size", i32 80}
;--- match.ll
!llvm.module.flags = !{!0}
!0 = !{i32 1, !"warn-stack-size", i32 80}
;--- mismatch.ll
!llvm.module.flags = !{!0}
!0 = !{i32 1, !"warn-stack-size", i32 81}

llvm/test/Verifier/invalid-warn-stack-size.ll

  • This file was added.
; RUN: not opt -passes=verify %s -disable-output 2>&1 | FileCheck %s
define void @foo() "warn-stack-size"="42" { ret void }
define void @bar() "warn-stack-size"="-1" { ret void }
define void @baz() "warn-stack-size"="999999999999999999999" { ret void }
define void @qux() "warn-stack-size"="a lot lol" { ret void }
; CHECK-NOT: "warn-stack-size" takes an unsigned integer: 42
; CHECK: "warn-stack-size" takes an unsigned integer: -1
; CHECK: "warn-stack-size" takes an unsigned integer: 999999999999999999999
; CHECK: "warn-stack-size" takes an unsigned integer: a lot lol
llvm/test/CodeGen/X86/warn-stack.ll