This is an archive of the discontinued LLVM Phabricator instance.

Differential D106930

[ThinLTO] Disallow importing for functions with indir branch to block address
ClosedPublic

Authored by wenlei on Jul 27 2021, 6:24 PM.

Details

Reviewers
tejohnson
wmi
davidxl
hoy
Commits
rG1a8087adaf1e: [ThinLTO] Disallow importing for functions with indir branch to block address
Summary

We don't allowing inlining for functions with blockaddress with uses other than strictly callbr. This is because if the blockaddress escapes the function via a global variable, inlining may lead to an invalid cross-function reference.

We check against such cases during inlining, however the check can fail for ThinLTO post-link because CFG simplification can incorrectly removes blocks based on wrong block reachability.

When we import a function with blockaddress taken in a global variable but without importing that variable, we won't go through value mapping to reflect the real address-taken-ness of the cloned blocks. For the imported clone, this leads to blocks reachable from indirect branch through global variable being incorrectly treated as unreachable and removed by SimplifyCFG.

Since inlining for such cases shouldn't be allowed in the first place, I'm marking them as ineligible for importing during pre-link to save the problem of missing address-taken-ness of imported clone as well as bad DCE and inlining.

Diff Detail

Event Timeline

wenlei created this revision.Jul 27 2021, 6:24 PM
Herald added subscribers: ormris, modimo, lxfind and 3 others. · View Herald TranscriptJul 27 2021, 6:24 PM
wenlei requested review of this revision.Jul 27 2021, 6:24 PM
Herald added a project: Restricted Project. · View Herald TranscriptJul 27 2021, 6:24 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
wenlei added inline comments.Jul 27 2021, 6:27 PM
llvm/lib/Analysis/ModuleSummaryAnalysis.cpp
275

This logic is from InlineCost.cpp, but I'm not sure in what case do we have an indirect call to a block label?

Harbormaster completed remote builds in B116598: Diff 362256.Jul 27 2021, 9:24 PM
wmi added inline comments.Jul 28 2021, 9:19 AM
llvm/lib/Analysis/ModuleSummaryAnalysis.cpp
275

Here is the only usage of CallBrInst in clang: https://github.com/llvm-mirror/clang/blob/master/lib/CodeGen/CGStmt.cpp#L2282, and it is used for gcc inline asm extension: https://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html#GotoLabels

wenlei added inline comments.Jul 28 2021, 9:31 AM
llvm/lib/Analysis/ModuleSummaryAnalysis.cpp
275

Ok, thanks for the pointer. In that case, I think it's indeed safe to allow CallBrInst to block address for inlining and importing.

tejohnson accepted this revision.Jul 28 2021, 9:39 AM

LGTM with a test fix below.

llvm/test/ThinLTO/X86/globals-import-blockaddr.ll
11

This only checks that there isn't an imported copy of bar defined after the imported copy of foo. Either add the same CHECK-NOT prior to the CHECK for foo, or make it a positive sense check for the declare of bar. Probably the latter is cleaner.

This revision is now accepted and ready to land.Jul 28 2021, 9:39 AM
wenlei updated this revision to Diff 362448.Jul 28 2021, 10:32 AM

Fix test to use positive check.

wenlei added inline comments.Jul 28 2021, 10:33 AM
llvm/test/ThinLTO/X86/globals-import-blockaddr.ll
11

Good catch, changed to positive check.

Harbormaster completed remote builds in B116741: Diff 362448.Jul 28 2021, 12:35 PM
Closed by commit rG1a8087adaf1e: [ThinLTO] Disallow importing for functions with indir branch to block address (authored by wenlei). · Explain WhyJul 28 2021, 6:10 PM
This revision was automatically updated to reflect the committed changes.
wenlei added a commit: rG1a8087adaf1e: [ThinLTO] Disallow importing for functions with indir branch to block address.

Revision Contents

PathSize
llvm/
lib/
Analysis/
21 lines
test/
ThinLTO/
X86/
Inputs/
7 lines
16 lines

Diff 362595

llvm/lib/Analysis/ModuleSummaryAnalysis.cpp

Show First 20 LinesShow All 258 Lines▼ Show 20 Linesstatic void computeFunctionSummary(
// Add personality function, prefix data and prologue data to function's ref // Add personality function, prefix data and prologue data to function's ref
// list. // list.
findRefEdges(Index, &F, RefEdges, Visited); findRefEdges(Index, &F, RefEdges, Visited);
std::vector<const Instruction *> NonVolatileLoads; std::vector<const Instruction *> NonVolatileLoads;
std::vector<const Instruction *> NonVolatileStores; std::vector<const Instruction *> NonVolatileStores;
bool HasInlineAsmMaybeReferencingInternal = false; bool HasInlineAsmMaybeReferencingInternal = false;
for (const BasicBlock &BB : F) bool HasIndirBranchToBlockAddress = false;
for (const BasicBlock &BB : F) {
// We don't allow inlining of function with indirect branch to blockaddress.
// If the blockaddress escapes the function, e.g., via a global variable,
// inlining may lead to an invalid cross-function reference. So we shouldn't
// import such function either.
if (BB.hasAddressTaken()) {
for (User *U : BlockAddress::get(const_cast<BasicBlock *>(&BB))->users())
if (!isa<CallBrInst>(*U)) {
wenleiAuthorUnsubmitted
Done
ReplyInline Actions

This logic is from InlineCost.cpp, but I'm not sure in what case do we have an indirect call to a block label?

wenlei: This logic is from InlineCost.cpp, but I'm not sure in what case do we have an indirect call to…
wmiUnsubmitted
Not Done
ReplyInline Actions

Here is the only usage of CallBrInst in clang: https://github.com/llvm-mirror/clang/blob/master/lib/CodeGen/CGStmt.cpp#L2282, and it is used for gcc inline asm extension: https://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html#GotoLabels

wmi: Here is the only usage of CallBrInst in clang: https://github.com/llvm…
wenleiAuthorUnsubmitted
Done
ReplyInline Actions

Ok, thanks for the pointer. In that case, I think it's indeed safe to allow CallBrInst to block address for inlining and importing.

wenlei: Ok, thanks for the pointer. In that case, I think it's indeed safe to allow CallBrInst to block…
HasIndirBranchToBlockAddress = true;
break;
}
}
for (const Instruction &I : BB) { for (const Instruction &I : BB) {
if (isa<DbgInfoIntrinsic>(I)) if (isa<DbgInfoIntrinsic>(I))
continue; continue;
++NumInsts; ++NumInsts;
// Regular LTO module doesn't participate in ThinLTO import, // Regular LTO module doesn't participate in ThinLTO import,
// so no reference from it can be read/writeonly, since this // so no reference from it can be read/writeonly, since this
// would require importing variable as local copy // would require importing variable as local copy
if (IsThinLTO) { if (IsThinLTO) {
▲ Show 20 LinesShow All 105 Lines▼ Show 20 Lines for (const Instruction &I : BB) {
auto CandidateProfileData = auto CandidateProfileData =
ICallAnalysis.getPromotionCandidatesForInstruction( ICallAnalysis.getPromotionCandidatesForInstruction(
&I, NumVals, TotalCount, NumCandidates); &I, NumVals, TotalCount, NumCandidates);
for (auto &Candidate : CandidateProfileData) for (auto &Candidate : CandidateProfileData)
CallGraphEdges[Index.getOrInsertValueInfo(Candidate.Value)] CallGraphEdges[Index.getOrInsertValueInfo(Candidate.Value)]
.updateHotness(getHotness(Candidate.Count, PSI)); .updateHotness(getHotness(Candidate.Count, PSI));
} }
} }
}
Index.addBlockCount(F.size()); Index.addBlockCount(F.size());
std::vector<ValueInfo> Refs; std::vector<ValueInfo> Refs;
if (IsThinLTO) { if (IsThinLTO) {
auto AddRefEdges = [&](const std::vector<const Instruction *> &Instrs, auto AddRefEdges = [&](const std::vector<const Instruction *> &Instrs,
SetVector<ValueInfo> &Edges, SetVector<ValueInfo> &Edges,
SmallPtrSet<const User *, 8> &Cache) { SmallPtrSet<const User *, 8> &Cache) {
for (const auto *I : Instrs) { for (const auto *I : Instrs) {
▲ Show 20 LinesShow All 50 Lines▼ Show 20 Linesstatic void computeFunctionSummary(
// sample PGO, to enable the same inlines as the profiled optimized binary. // sample PGO, to enable the same inlines as the profiled optimized binary.
for (auto &I : F.getImportGUIDs()) for (auto &I : F.getImportGUIDs())
CallGraphEdges[Index.getOrInsertValueInfo(I)].updateHotness( CallGraphEdges[Index.getOrInsertValueInfo(I)].updateHotness(
ForceSummaryEdgesCold == FunctionSummary::FSHT_All ForceSummaryEdgesCold == FunctionSummary::FSHT_All
? CalleeInfo::HotnessType::Cold ? CalleeInfo::HotnessType::Cold
: CalleeInfo::HotnessType::Critical); : CalleeInfo::HotnessType::Critical);
bool NonRenamableLocal = isNonRenamableLocal(F); bool NonRenamableLocal = isNonRenamableLocal(F);
bool NotEligibleForImport = bool NotEligibleForImport = NonRenamableLocal ||
NonRenamableLocal || HasInlineAsmMaybeReferencingInternal; HasInlineAsmMaybeReferencingInternal ||
HasIndirBranchToBlockAddress;
GlobalValueSummary::GVFlags Flags( GlobalValueSummary::GVFlags Flags(
F.getLinkage(), F.getVisibility(), NotEligibleForImport, F.getLinkage(), F.getVisibility(), NotEligibleForImport,
/* Live = */ false, F.isDSOLocal(), /* Live = */ false, F.isDSOLocal(),
F.hasLinkOnceODRLinkage() && F.hasGlobalUnnamedAddr()); F.hasLinkOnceODRLinkage() && F.hasGlobalUnnamedAddr());
FunctionSummary::FFlags FunFlags{ FunctionSummary::FFlags FunFlags{
F.hasFnAttribute(Attribute::ReadNone), F.hasFnAttribute(Attribute::ReadNone),
F.hasFnAttribute(Attribute::ReadOnly), F.hasFnAttribute(Attribute::ReadOnly),
F.hasFnAttribute(Attribute::NoRecurse), F.returnDoesNotAlias(), F.hasFnAttribute(Attribute::NoRecurse), F.returnDoesNotAlias(),
▲ Show 20 LinesShow All 466 LinesShow Last 20 Lines

llvm/test/ThinLTO/X86/Inputs/globals-import-blockaddr.ll

target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128" target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
@label_addr = internal constant [1 x i8*] [i8* blockaddress(@foo, %lb)], align 8 @label_addr = internal constant [1 x i8*] [i8* blockaddress(@bar, %lb)], align 8
; Function Attrs: noinline norecurse nounwind optnone uwtable ; Function Attrs: noinline norecurse nounwind optnone uwtable
define dso_local [1 x i8*]* @foo() { define dso_local [1 x i8*]* @foo() {
ret [1 x i8*]* @label_addr
}
; Function Attrs: noinline norecurse nounwind optnone uwtable
define dso_local [1 x i8*]* @bar() {
br label %lb br label %lb
lb: lb:
ret [1 x i8*]* @label_addr ret [1 x i8*]* @label_addr
} }

llvm/test/ThinLTO/X86/globals-import-blockaddr.ll

; RUN: opt -module-summary %s -o %t1.bc ; RUN: opt -module-summary %s -o %t1.bc
; RUN: opt -module-summary %p/Inputs/globals-import-blockaddr.ll -o %t2.bc ; RUN: opt -module-summary %p/Inputs/globals-import-blockaddr.ll -o %t2.bc
; RUN: llvm-lto2 run -save-temps %t1.bc -r=%t1.bc,foo,l -r=%t1.bc,main,pl %t2.bc -r=%t2.bc,foo,pl -o %t3 ; RUN: llvm-lto2 run -save-temps %t1.bc -r=%t1.bc,foo,l -r=%t1.bc,bar,l -r=%t1.bc,main,pl %t2.bc -r=%t2.bc,foo,pl -r=%t2.bc,bar,pl -o %t3
; RUN: llvm-dis %t3.1.3.import.bc -o - | FileCheck %s ; RUN: llvm-dis %t3.1.3.import.bc -o - | FileCheck %s
; Verify that we haven't imported GV containing blockaddress ; Verify that we haven't imported GV containing blockaddress
; CHECK: @label_addr.llvm.0 = external hidden constant ; CHECK: @label_addr.llvm.0 = external hidden constant
; Verify that bar is not imported since it has address-taken block that is target of indirect branch
; CHECK: declare [1 x i8*]* @bar()
; Verify that foo is imported
; CHECK: available_externally [1 x i8*]* @foo
tejohnsonUnsubmitted
Not Done
ReplyInline Actions

This only checks that there isn't an imported copy of bar defined after the imported copy of foo. Either add the same CHECK-NOT prior to the CHECK for foo, or make it a positive sense check for the declare of bar. Probably the latter is cleaner.

tejohnson: This only checks that there isn't an imported copy of bar defined after the imported copy of…
wenleiAuthorUnsubmitted
Done
ReplyInline Actions

Good catch, changed to positive check.

wenlei: Good catch, changed to positive check.
target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128" target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
declare dso_local [1 x i8*]* @foo(); declare dso_local [1 x i8*]* @foo();
declare dso_local [1 x i8*]* @bar();
define dso_local i32 @main() { define dso_local i32 @main() {
%p = call [1 x i8*]* @foo() %p1 = call [1 x i8*]* @foo()
%v = ptrtoint [1 x i8*]* %p to i32 %p2 = call [1 x i8*]* @bar()
ret i32 %v %v1 = ptrtoint [1 x i8*]* %p1 to i32
%v2 = ptrtoint [1 x i8*]* %p2 to i32
%v3 = add i32 %v1, %v2
ret i32 %v3
} }