This is an archive of the discontinued LLVM Phabricator instance.

[IR] remove assert since always_inline can appear on CallBase
ClosedPublic

Authored by nickdesaulniers on Jun 25 2021, 12:38 PM.

Download Raw Diff

Details

Reviewers

pcc
MaskRay
rnk

Commits

rG8aee282f57f4: [IR] remove assert since always_inline can appear on CallBase

Summary

I added an assertion in D91816 (documenting behavior added in D93422)
that callers and callees with mismatched fn attr's related to stack
protectors should not occur unless the callee was attributed
always_inline.

This falls apart when a call, invoke, or callbr (any instruction
inheriting from CallBase) itself has an always_inline attribute. Clang
will emit such attributes on Instructions when attribute((flatten))
is used to recursively force inlining from a caller.

Since these assertions only had the caller and callee Functions, and not
the call site (CallBase derived classes), we would have to search the
caller for such instructions to reconstruct the call site information.
But at that point, inlining has already occurred; the call site has
already been removed from the caller.

Remove the assertions, add a unit test for always_inline call sites, and
update the LangRef.

Another curiosity is that the always_inline Attribute on Instructions is
only expanded by the inline pass, not the always_inline pass.

Thanks to @pcc on this report when building Android's RunTime (ART)
interpreter.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

nickdesaulniers created this revision.Jun 25 2021, 12:38 PM

Herald added subscribers: dexonsmith, jdoerfert, hiraditya. · View Herald TranscriptJun 25 2021, 12:38 PM

nickdesaulniers requested review of this revision.Jun 25 2021, 12:38 PM

Herald added a project: Restricted Project. · View Herald TranscriptJun 25 2021, 12:38 PM

Herald added a subscriber: llvm-commits. · View Herald Transcript

nickdesaulniers edited the summary of this revision. (Show Details)Jun 25 2021, 12:39 PM

Harbormaster completed remote builds in B111060: Diff 354582.Jun 25 2021, 1:10 PM

I've added optimization remark tests locally; inlining is failing due to:

remark: <unknown>:0:0: ssp not inlined into nossp because it should never be inlined (cost=never): stack protected callee but caller requested no stack protector
remark: <unknown>:0:0: ssp not inlined into nossp_alwaysinline because it should never be inlined (cost=never): stack protected callee but caller requested no stack protector
remark: <unknown>:0:0: ssp has uninlinable pattern (dynamic alloca) and cost is not fully computed
remark: <unknown>:0:0: ssp not inlined into nossp_caller because it should never be inlined (cost=never): dynamic alloca
remark: <unknown>:0:0: nossp has uninlinable pattern (dynamic alloca) and cost is not fully computed
remark: <unknown>:0:0: nossp not inlined into ssp2 because it should never be inlined (cost=never): dynamic alloca

the dynamic allocas mean this test, as introduced in D91816, might not be testing the right thing. We were getting the right results, but for the wrong reasons. Let me attempt to fix that first, then revisit this. It's confusing to me at the moment because the dynamic allocas are the whole point of having stack protectors, and we can and do inline such code, so it's not initially clear to my why inlining would fail due to that, at least with the tests as written.

nickdesaulniers mentioned this in D104958: [Test] rewrite inline_nossp.ll.Jun 25 2021, 4:42 PM

Let me rebase this on D104958.

rebase on D104958

nickdesaulniers added a parent revision: D104958: [Test] rewrite inline_nossp.ll.Jun 25 2021, 5:01 PM

Harbormaster completed remote builds in B111096: Diff 354632.Jun 25 2021, 5:02 PM

nickdesaulniers mentioned this in D104810: [Inline] prevent inlining on noprofile mismatch.Jun 25 2021, 5:32 PM

LGTM

This revision is now accepted and ready to land.Jun 28 2021, 12:43 PM

FWIW, this seems sensible :)

MaskRay accepted this revision.Jun 28 2021, 12:55 PM

nickdesaulniers mentioned this in rGa00ad8599045: [Test] rewrite inline_nossp.ll.Jun 28 2021, 1:53 PM

This revision was landed with ongoing or failed builds.Jun 28 2021, 1:59 PM

Closed by commit rG8aee282f57f4: [IR] remove assert since always_inline can appear on CallBase (authored by nickdesaulniers). · Explain Why

This revision was automatically updated to reflect the committed changes.

nickdesaulniers added a commit: rG8aee282f57f4: [IR] remove assert since always_inline can appear on CallBase.

nickdesaulniers mentioned this in rG3999dcae5e76: [Inline] prevent inlining on noprofile mismatch.Jun 29 2021, 10:43 AM

Revision Contents

Path

Size

llvm/

docs/

LangRef.rst

10 lines

lib/

IR/

Attributes.cpp

10 lines

test/

Transforms/

Inline/

inline_nossp.ll

15 lines

Diff 355032

llvm/docs/LangRef.rst

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 1,916 Lines • ▼ Show 20 Lines	- Calls to alloca() with variable sizes or constant sizes greater than
``ssp-buffer-size``.		``ssp-buffer-size``.

Variables that are identified as requiring a protector will be arranged		Variables that are identified as requiring a protector will be arranged
on the stack such that they are adjacent to the stack protector guard.		on the stack such that they are adjacent to the stack protector guard.

A function with the ``ssp`` attribute but without the ``alwaysinline``		A function with the ``ssp`` attribute but without the ``alwaysinline``
attribute cannot be inlined into a function without a		attribute cannot be inlined into a function without a
``ssp/sspreq/sspstrong`` attribute. If inlined, the caller will get the		``ssp/sspreq/sspstrong`` attribute. If inlined, the caller will get the
``ssp`` attribute.		``ssp`` attribute. ``call``, ``invoke``, and ``callbr`` instructions with
		the ``alwaysinline`` attribute force inlining.
``sspstrong``		``sspstrong``
This attribute indicates that the function should emit a stack smashing		This attribute indicates that the function should emit a stack smashing
protector. This attribute causes a strong heuristic to be used when		protector. This attribute causes a strong heuristic to be used when
determining if a function needs stack protectors. The strong heuristic		determining if a function needs stack protectors. The strong heuristic
will enable protectors for functions with:		will enable protectors for functions with:

- Arrays of any size and type		- Arrays of any size and type
- Aggregates containing an array of any size and type.		- Aggregates containing an array of any size and type.
Show All 11 Lines	``sspstrong``
#. Variables that have had their address taken are 3rd closest to the		#. Variables that have had their address taken are 3rd closest to the
protector.		protector.

This overrides the ``ssp`` function attribute.		This overrides the ``ssp`` function attribute.

A function with the ``sspstrong`` attribute but without the		A function with the ``sspstrong`` attribute but without the
``alwaysinline`` attribute cannot be inlined into a function without a		``alwaysinline`` attribute cannot be inlined into a function without a
``ssp/sspstrong/sspreq`` attribute. If inlined, the caller will get the		``ssp/sspstrong/sspreq`` attribute. If inlined, the caller will get the
``sspstrong`` attribute unless the ``sspreq`` attribute exists.		``sspstrong`` attribute unless the ``sspreq`` attribute exists. ``call``,
		``invoke``, and ``callbr`` instructions with the ``alwaysinline`` attribute
		force inlining.
``sspreq``		``sspreq``
This attribute indicates that the function should always emit a stack		This attribute indicates that the function should always emit a stack
smashing protector. This overrides the ``ssp`` and ``sspstrong`` function		smashing protector. This overrides the ``ssp`` and ``sspstrong`` function
attributes.		attributes.

Variables that are identified as requiring a protector will be arranged		Variables that are identified as requiring a protector will be arranged
on the stack such that they are adjacent to the stack protector guard.		on the stack such that they are adjacent to the stack protector guard.
The specific layout rules are:		The specific layout rules are:

#. Large arrays and structures containing large arrays		#. Large arrays and structures containing large arrays
(``>= ssp-buffer-size``) are closest to the stack protector.		(``>= ssp-buffer-size``) are closest to the stack protector.
#. Small arrays and structures containing small arrays		#. Small arrays and structures containing small arrays
(``< ssp-buffer-size``) are 2nd closest to the protector.		(``< ssp-buffer-size``) are 2nd closest to the protector.
#. Variables that have had their address taken are 3rd closest to the		#. Variables that have had their address taken are 3rd closest to the
protector.		protector.

A function with the ``sspreq`` attribute but without the ``alwaysinline``		A function with the ``sspreq`` attribute but without the ``alwaysinline``
attribute cannot be inlined into a function without a		attribute cannot be inlined into a function without a
``ssp/sspstrong/sspreq`` attribute. If inlined, the caller will get the		``ssp/sspstrong/sspreq`` attribute. If inlined, the caller will get the
``sspreq`` attribute.		``sspreq`` attribute. ``call``, ``invoke``, and ``callbr`` instructions
		with the ``alwaysinline`` attribute force inlining.

``strictfp``		``strictfp``
This attribute indicates that the function was called from a scope that		This attribute indicates that the function was called from a scope that
requires strict floating-point semantics. LLVM will not attempt any		requires strict floating-point semantics. LLVM will not attempt any
optimizations that require assumptions about the floating-point rounding		optimizations that require assumptions about the floating-point rounding
mode or that might alter the state of floating-point status flags that		mode or that might alter the state of floating-point status flags that
might otherwise be set or cleared by calling this function. LLVM will		might otherwise be set or cleared by calling this function. LLVM will
not introduce any new floating-point instructions that may trap.		not introduce any new floating-point instructions that may trap.
▲ Show 20 Lines • Show All 20,586 Lines • Show Last 20 Lines

llvm/lib/IR/Attributes.cpp

Show First 20 Lines • Show All 2,153 Lines • ▼ Show 20 Lines	static void setOR(Function &Caller, const Function &Callee) {
if (!AttrClass::isSet(Caller, AttrClass::getKind()) &&		if (!AttrClass::isSet(Caller, AttrClass::getKind()) &&
AttrClass::isSet(Callee, AttrClass::getKind()))		AttrClass::isSet(Callee, AttrClass::getKind()))
AttrClass::set(Caller, AttrClass::getKind(), true);		AttrClass::set(Caller, AttrClass::getKind(), true);
}		}

/// If the inlined function had a higher stack protection level than the		/// If the inlined function had a higher stack protection level than the
/// calling function, then bump up the caller's stack protection level.		/// calling function, then bump up the caller's stack protection level.
static void adjustCallerSSPLevel(Function &Caller, const Function &Callee) {		static void adjustCallerSSPLevel(Function &Caller, const Function &Callee) {
#ifndef NDEBUG
if (!Callee.hasFnAttribute(Attribute::AlwaysInline)) {
assert(!(!Callee.hasStackProtectorFnAttr() &&
Caller.hasStackProtectorFnAttr()) &&
"stack protected caller but callee requested no stack protector");
assert(!(!Caller.hasStackProtectorFnAttr() &&
Callee.hasStackProtectorFnAttr()) &&
"stack protected callee but caller requested no stack protector");
}
#endif
// If upgrading the SSP attribute, clear out the old SSP Attributes first.		// If upgrading the SSP attribute, clear out the old SSP Attributes first.
// Having multiple SSP attributes doesn't actually hurt, but it adds useless		// Having multiple SSP attributes doesn't actually hurt, but it adds useless
// clutter to the IR.		// clutter to the IR.
AttrBuilder OldSSPAttr;		AttrBuilder OldSSPAttr;
OldSSPAttr.addAttribute(Attribute::StackProtect)		OldSSPAttr.addAttribute(Attribute::StackProtect)
.addAttribute(Attribute::StackProtectStrong)		.addAttribute(Attribute::StackProtectStrong)
.addAttribute(Attribute::StackProtectReq);		.addAttribute(Attribute::StackProtectReq);

▲ Show 20 Lines • Show All 152 Lines • Show Last 20 Lines

llvm/test/Transforms/Inline/inline_nossp.ll

	Show All 29 Lines
	; CHECK-LABEL: @ssp_caller(			; CHECK-LABEL: @ssp_caller(
	; CHECK-NEXT: [[TMP1:%.*]] = call i32 @nossp()			; CHECK-NEXT: [[TMP1:%.*]] = call i32 @nossp()
	; CHECK-NEXT: ret i32 43			; CHECK-NEXT: ret i32 43
	;			;
	call i32 @nossp()			call i32 @nossp()
	%2 = call i32 @nossp_alwaysinline()			%2 = call i32 @nossp_alwaysinline()
	ret i32 %2			ret i32 %2
	}			}

				; The alwaysinline attribute can also appear on the CallBase (ie. the call
				; site), ie. when __attribute__((flatten)) is used on the caller. Treat this
				; the same as if the caller had the fn attr alwaysinline and permit inline
				; substitution, despite the mismatch between caller and callee on ssp attrs.
				;
				; Curiously, the always_inline attribute on a CallInst is only expanded by the
				; inline pass, but not always_inline pass!
				define i32 @nossp_alwaysinline_caller() {
				; CHECK-INLINE-LABEL: @nossp_alwaysinline_caller(
				; CHECK-INLINE-NEXT: ret i32 42
				;
				%1 = call i32 @ssp() alwaysinline
				ret i32 %1
				}