This is an archive of the discontinued LLVM Phabricator instance.

[Scalarizer] Fix potential for stale data in Scattered across invocations
ClosedPublic

Authored by wala on Jun 15 2015, 1:48 PM.

Download Raw Diff

Details

Reviewers

Commits

rG878c144f8a32: [Scalarizer] Fix potential for stale data in Scattered across invocations
rL243040: [Scalarizer] Fix potential for stale data in Scattered across invocations

Summary

Scalarizer has two data structures that hold information about changes
to the function, Gathered and Scattered. These are cleared in finish()
at the end of runOnFunction() if finish() detects any changes to the
function.

However, finish() was checking for changes by only checking if
Gathered was non-empty. The function visitStore() only modifies
Scattered without touching Gathered. As a result, Scattered could have
ended up having stale data if Scalarizer only scalarized store
instructions. Since the data in Scattered is used during the execution
of the pass, this introduced dangling pointer errors.

The fix is to check whether both Scattered and Gathered are empty
before deciding what to do in finish(). This also fixes a problem
where the Function can be modified although the pass returns false.

Diff Detail

Event Timeline

wala updated this revision to Diff 27715.Jun 15 2015, 1:48 PM

wala retitled this revision from to [Scalarizer] Fix potential for stale data in Scattered across invocations.

wala updated this object.

wala edited the test plan for this revision. (Show Details)

wala added a subscriber: Unknown Object (MLST).

srhines added a subscriber: srhines.Jun 19 2015, 12:25 AM

Nice catch!

test/Transforms/Scalarizer/store-bug.ll
5–8	I'd prefer it if you wrote some CHECK lines for four loads and stores.

Add CHECK lines.

Added check lines for the stores (no loads in here).

lgtm

This revision is now accepted and ready to land.Jul 23 2015, 1:41 PM

wala closed this revision.Jul 23 2015, 1:54 PM

Revision Contents

Path

Size

lib/

Transforms/

Scalar/

Scalarizer.cpp

5 lines

test/

Transforms/

Scalarizer/

store-bug.ll

25 lines

Diff 30522

lib/Transforms/Scalar/Scalarizer.cpp

Show First 20 Lines • Show All 241 Lines • ▼ Show 20 Lines	bool Scalarizer::doInitialization(Module &M) {
ParallelLoopAccessMDKind =		ParallelLoopAccessMDKind =
M.getContext().getMDKindID("llvm.mem.parallel_loop_access");		M.getContext().getMDKindID("llvm.mem.parallel_loop_access");
ScalarizeLoadStore =		ScalarizeLoadStore =
M.getContext().getOption<bool, Scalarizer, &Scalarizer::ScalarizeLoadStore>();		M.getContext().getOption<bool, Scalarizer, &Scalarizer::ScalarizeLoadStore>();
return false;		return false;
}		}

bool Scalarizer::runOnFunction(Function &F) {		bool Scalarizer::runOnFunction(Function &F) {
		assert(Gathered.empty() && Scattered.empty());
for (Function::iterator BBI = F.begin(), BBE = F.end(); BBI != BBE; ++BBI) {		for (Function::iterator BBI = F.begin(), BBE = F.end(); BBI != BBE; ++BBI) {
BasicBlock *BB = BBI;		BasicBlock *BB = BBI;
for (BasicBlock::iterator II = BB->begin(), IE = BB->end(); II != IE;) {		for (BasicBlock::iterator II = BB->begin(), IE = BB->end(); II != IE;) {
Instruction *I = II;		Instruction *I = II;
bool Done = visit(I);		bool Done = visit(I);
++II;		++II;
if (Done && I->getType()->isVoidTy())		if (Done && I->getType()->isVoidTy())
I->eraseFromParent();		I->eraseFromParent();
▲ Show 20 Lines • Show All 373 Lines • ▼ Show 20 Lines	bool Scalarizer::visitStoreInst(StoreInst &SI) {
}		}
transferMetadata(&SI, Stores);		transferMetadata(&SI, Stores);
return true;		return true;
}		}

// Delete the instructions that we scalarized. If a full vector result		// Delete the instructions that we scalarized. If a full vector result
// is still needed, recreate it using InsertElements.		// is still needed, recreate it using InsertElements.
bool Scalarizer::finish() {		bool Scalarizer::finish() {
if (Gathered.empty())		// The presence of data in Gathered or Scattered indicates changes
		// made to the Function.
		if (Gathered.empty() && Scattered.empty())
return false;		return false;
for (GatherList::iterator GMI = Gathered.begin(), GME = Gathered.end();		for (GatherList::iterator GMI = Gathered.begin(), GME = Gathered.end();
GMI != GME; ++GMI) {		GMI != GME; ++GMI) {
Instruction *Op = GMI->first;		Instruction *Op = GMI->first;
ValueVector &CV = *GMI->second;		ValueVector &CV = *GMI->second;
if (!Op->use_empty()) {		if (!Op->use_empty()) {
// The value is still needed, so recreate it using a series of		// The value is still needed, so recreate it using a series of
// InsertElements.		// InsertElements.
Show All 23 Lines

test/Transforms/Scalarizer/store-bug.ll

This file was added.

				; RUN: opt -scalarizer -scalarize-load-store -S < %s \| FileCheck %s
				target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"

				; This input caused the scalarizer not to clear cached results
				; properly.
				;
				; Any regressions should trigger an assert in the scalarizer.

				rnkUnsubmitted Done Reply Inline Actions I'd prefer it if you wrote some CHECK lines for four loads and stores. rnk: I'd prefer it if you wrote some CHECK lines for four loads and stores.
				define void @func(<4 x float> %val, <4 x float> *%ptr) {
				store <4 x float> %val, <4 x float> *%ptr
				ret void
				; CHECK: store float %val.i0, float* %ptr.i0, align 16
				; CHECK: store float %val.i1, float* %ptr.i1, align 4
				; CHECK: store float %val.i2, float* %ptr.i2, align 8
				; CHECK: store float %val.i3, float* %ptr.i3, align 4
				}

				define void @func.copy(<4 x float> %val, <4 x float> *%ptr) {
				store <4 x float> %val, <4 x float> *%ptr
				ret void
				; CHECK: store float %val.i0, float* %ptr.i0, align 16
				; CHECK: store float %val.i1, float* %ptr.i1, align 4
				; CHECK: store float %val.i2, float* %ptr.i2, align 8
				; CHECK: store float %val.i3, float* %ptr.i3, align 4
				}