This is an archive of the discontinued LLVM Phabricator instance.

Differential D105728

[clang][Codegen] Directly lower `(*((volatile int *)(0))) = 0;` into a `call void @llvm.trap()`
AbandonedPublic

Authored by lebedev.ri on Jul 9 2021, 1:10 PM.

Details

Reviewers
rjmccall
erichkeane
rsmith
thakis
jdoerfert
Summary

We have a problem.

There is a common C/C++ idiom, (*((volatile int *)(0))) = 0;,
which some users write expecting that it will trap.
Currently clang naively lowers it into a volatile store.

But in LLVM, a volatile store is non-trapping:
https://reviews.llvm.org/D53184 ([LangRef] Clarify semantics of volatile operations.),
and that does not seem to be going to change.

So LLVM optimization passes are allowed to erase such stores (because storing to null is undefined),
even though they currently don't do that, because it will break the C world.
The latter has to change. D105338 tried to, but it caused the sky to fall :)

Here, we teach clang to emit the pattern that the user should have written in the first place,
so that the workarounds can be dropped from LLVM side of things.

This fires when we have a volatile store to a null pointer literal,
and said null pointer is not a valid pointer.

Diff Detail

Unit TestsFailed

TimeTest
7,610 msx64 debian > SanitizerCommon-asan-x86_64-Linux.Linux::signal_line.cpp
1,190 msx64 debian > SanitizerCommon-lsan-x86_64-Linux.Linux::signal_line.cpp
2,510 msx64 debian > SanitizerCommon-msan-x86_64-Linux.Linux::signal_line.cpp
1,860 msx64 debian > SanitizerCommon-tsan-x86_64-Linux.Linux::signal_line.cpp
930 msx64 debian > SanitizerCommon-ubsan-x86_64-Linux.Linux::signal_line.cpp

Event Timeline

lebedev.ri created this revision.Jul 9 2021, 1:10 PM
Herald added a subscriber: jfb. · View Herald TranscriptJul 9 2021, 1:10 PM
lebedev.ri requested review of this revision.Jul 9 2021, 1:10 PM
Herald added a project: Restricted Project. · View Herald TranscriptJul 9 2021, 1:10 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
erichkeane added a comment.Jul 9 2021, 2:46 PM

This seems logical to me. The comment needs some love, so I made my best suggestion.

clang/lib/CodeGen/CGExpr.cpp
1855
1856
lebedev.ri updated this revision to Diff 357648.Jul 9 2021, 2:54 PM
lebedev.ri marked 2 inline comments as done.
lebedev.ri edited the summary of this revision. (Show Details)
In D105728#2868281, @erichkeane wrote:

This seems logical to me. The comment needs some love, so I made my best suggestion.

Thank you for taking a look!
Adjusted comments.

erichkeane accepted this revision.Jul 9 2021, 2:55 PM

Give this a bit for other reviewers (it is afterall friday afternoon in the US:)), but this seems like an improvement to me.

This revision is now accepted and ready to land.Jul 9 2021, 2:55 PM
Harbormaster completed remote builds in B113301: Diff 357648.Jul 9 2021, 5:39 PM
lebedev.ri mentioned this in D105338: [InstCombine] Revert "Temporarily do not drop volatile stores before unreachable".Jul 10 2021, 2:14 AM
post.kadirselcuk added a child revision: D34362: [LNT] Support for different DataSet usage in Polybench for "lnt runtest nt".Jul 10 2021, 5:55 PM
post.kadirselcuk added a parent revision: D105762: [X86] Teach X86FloatingPoint's handleCall to only erase the FP stack if there is a regmask operand that clobbers the FP stack..Jul 10 2021, 8:06 PM
craig.topper removed a parent revision: D105762: [X86] Teach X86FloatingPoint's handleCall to only erase the FP stack if there is a regmask operand that clobbers the FP stack..Jul 10 2021, 9:47 PM
lebedev.ri added a comment.Jul 14 2021, 4:30 AM

@rsmith ping

efriedma removed a child revision: D34362: [LNT] Support for different DataSet usage in Polybench for "lnt runtest nt".Jul 17 2021, 3:02 PM
lebedev.ri added a subscriber: efriedma.Jul 26 2021, 10:58 AM

@rsmith @efriedma ping

efriedma added a comment.Jul 26 2021, 11:25 AM

gcc apparently lowers this sort of construct to a volatile load/store followed by a trap. Not sure where the trap is coming from.

I'm not sure this solves any problem that really needs to be solved. LLVM isn't going to optimize out a volatile load/store to null. Well, unless you have a volatile load followed by __builtin_unreachable() or equivalent, but that applies to any volatile load. I'd rather not make assumptions about what the user is trying to do, or change the behavior of the user's code if they use -fno-delete-null-pointer-checks, or change the behavior of user code depending on how they write nullptr.

On a related note, it might be worth considering turning on TrapUnreachable/NoTrapAfterNoreturn by default in the backend; it's probably cheap in terms of codesize, and it might reduce user confusion around unreachable branches.

lebedev.ri abandoned this revision.Oct 18 2022, 5:44 PM
Herald added a project: Restricted Project. · View Herald TranscriptOct 18 2022, 5:44 PM

Revision Contents

PathSize
clang/
lib/
CodeGen/
13 lines
test/
CodeGen/
62 lines

Diff 357648

clang/lib/CodeGen/CGExpr.cpp

Show First 20 LinesShow All 1,846 Lines▼ Show 20 Linesvoid CodeGenFunction::EmitStoreOfScalar(llvm::Value *Value, Address Addr,
} }
Value = EmitToMemory(Value, Ty); Value = EmitToMemory(Value, Ty);
LValue AtomicLValue = LValue AtomicLValue =
LValue::MakeAddr(Addr, Ty, getContext(), BaseInfo, TBAAInfo); LValue::MakeAddr(Addr, Ty, getContext(), BaseInfo, TBAAInfo);
if (Ty->isAtomicType() || if (Ty->isAtomicType() ||
(!isInit && LValueIsSuitableForInlineAtomic(AtomicLValue))) { (!isInit && LValueIsSuitableForInlineAtomic(AtomicLValue))) {
EmitAtomicStore(RValue::get(Value), AtomicLValue, isInit); EmitAtomicStore(RValue::get(Value), AtomicLValue, isInit);
erichkeaneUnsubmitted
Done
ReplyInline Actions
// If this is a simple volatile store to a null pointer (and said null
- // pointre is not defined), then we have a common idiom "please crash now".
+ // pointer is not defined for this address space), then we have a common idiom "please crash now".
// However, that is not the semantics LLVM IR provides, volatile operations
erichkeane:
return; return;
erichkeaneUnsubmitted
Done
ReplyInline Actions
// pointre is not defined), then we have a common idiom "please crash now".
- // However, that is not the semantics LLVM IR provides, volatile operations
+ // However, that is not the semantics LLVM IR provides. Volatile operations
// are not defined as trapping in LLVM IR, so this store will be
erichkeane:
} }
if (Volatile && isa<llvm::ConstantPointerNull>(Addr.getPointer()) &&
!llvm::NullPointerIsDefined(CurFn, Addr.getAddressSpace())) {
// If this is a simple volatile store to a null pointer
// (and said null pointer is not defined for this address space),
// then we have a common idiom "please crash now".
// However, that is not the semantics LLVM IR provides. Volatile operations
// are not defined as trapping in LLVM IR, so this store will be silently
// dropped by the optimization passes, and no trap will happen.
// Since this is a common idiom, for now, directly codegen it as trap.
EmitTrapCall(llvm::Intrinsic::trap);
return;
}
llvm::StoreInst *Store = Builder.CreateStore(Value, Addr, Volatile); llvm::StoreInst *Store = Builder.CreateStore(Value, Addr, Volatile);
if (isNontemporal) { if (isNontemporal) {
llvm::MDNode *Node = llvm::MDNode *Node =
llvm::MDNode::get(Store->getContext(), llvm::MDNode::get(Store->getContext(),
llvm::ConstantAsMetadata::get(Builder.getInt32(1))); llvm::ConstantAsMetadata::get(Builder.getInt32(1)));
Store->setMetadata(CGM.getModule().getMDKindID("nontemporal"), Node); Store->setMetadata(CGM.getModule().getMDKindID("nontemporal"), Node);
} }
▲ Show 20 LinesShow All 3,586 LinesShow Last 20 Lines

clang/test/CodeGen/please-crash-now.c

  • This file was added.
// NOTE: Assertions have been autogenerated by utils/update_cc_test_checks.py
// RUN: %clang_cc1 -x c %s -triple x86_64-linux-gnu -emit-llvm -o - | FileCheck %s --check-prefixes=ALL,WITHOUT_NULL -implicit-check-not="call void @llvm.trap()"
// RUN: %clang_cc1 -x c++ %s -triple x86_64-linux-gnu -emit-llvm -o - | FileCheck %s --check-prefixes=ALL,WITHOUT_NULL -implicit-check-not="call void @llvm.trap()"
// RUN: %clang_cc1 -x c %s -triple x86_64-linux-gnu -emit-llvm -o - -fno-delete-null-pointer-checks | FileCheck %s --check-prefixes=ALL -implicit-check-not="call void @llvm.trap()"
// RUN: %clang_cc1 -x c++ %s -triple x86_64-linux-gnu -emit-llvm -o - -fno-delete-null-pointer-checks | FileCheck %s --check-prefixes=ALL -implicit-check-not="call void @llvm.trap()"
// ALL-LABEL: define {{.*}}store_into_volatile_nullptr_via_dereference
// WITHOUT_NULL: call void @llvm.trap()
void store_into_volatile_nullptr_via_dereference() {
(*((volatile int *)(0))) = 0;
}
// Not the pattern, must be a simple dereference.
// ALL-LABEL: define {{.*}}store_into_volatile_nullptr_via_subscript_operator
// WITHOUT_NULL: call void @llvm.trap()
void store_into_volatile_nullptr_via_subscript_operator() {
((volatile int *)(0))[0] = 0;
}
// For the rest of the tests, we don't emit trap.
// Just dereferencing is not enough.
// ALL-LABEL: define {{.*}}n0
void n0() {
*((int *)(0));
}
// Just dereferencing via subscript expression is not enough either.
// ALL-LABEL: define {{.*}}n1
void n1() {
((int *)(0))[0];
}
// Just dereferencing of a volatile pointer is still not enough.
// ALL-LABEL: define {{.*}}n2
void n2() {
*((volatile int *)(0));
}
// Just dereferencing of a volatile pointer via subscript expression is not enough either.
// ALL-LABEL: define {{.*}}n3
void n3() {
((volatile int *)(0))[0];
}
// Almost the pattern, but the pointer is not volatile.
// ALL-LABEL: define {{.*}}n4
void n4() {
(*((int *)(0))) = 0;
}
// Pointer subscript is not the pattern we are looking for.
// ALL-LABEL: define {{.*}}n5
void n5() {
((int *)(0))[0] = 0;
}
// A pointer with integral value of `0` is valid in this address space.
// ALL-LABEL: define {{.*}}n6
void n6() {
(*((__attribute__((address_space(42))) volatile int *)(0))) = 0;
}