They were previously unconstrained, which allowed them to be reordered
before the shadow memory write.
Details
- Reviewers
eugenis pcc - Commits
- rG0deedaa23f71: [hwasan] Prevent reordering of tag checks.
Diff Detail
- Repository
- rG LLVM Github Monorepo
Event Timeline
I ran 50 iterations of pdfium_test with baseline vs. this change and could see no statistically significant change (p-value is 88%): https://colab.research.google.com/drive/1BBOT0BYGnvS9bvbryMNyAsVBbVM30gx5#scrollTo=cfis4f2vI305
Is mayStore=1 necessary? It does not make any sense, these instruction do not write to memory.
That also works. I don't think it's necessary to re-run the benchmarks as it's not expected that things are worse like this.
It would be nice to have a test for this, maybe something like test/CodeGen/AArch64/irg-nomem.mir (but the opposite - you'd want store merging to not happen).
Another weird thing: even without this patch I see
{ 561, 2, 0, 0, 0, 0|(1ULL<<MCID::Pseudo)|(1ULL<<MCID::MayLoad)|(1ULL<<MCID::MayStore), 0x0ULL, ImplicitList4, ImplicitList5, OperandInfo65 }, // Inst #561 = HWASAN_CHECK_MEMACCESS { 562, 2, 0, 0, 0, 0|(1ULL<<MCID::Pseudo)|(1ULL<<MCID::MayLoad)|(1ULL<<MCID::MayStore), 0x0ULL, ImplicitList6, ImplicitList5, OperandInfo65 }, // Inst #562 = HWASAN_CHECK_MEMACCESS_SHORTGRANULES
in lib/Target/AArch64/AArch64GenInstrInfo.inc, i.e. these instructions are already mayLoad | mayStore.
I find this program useful to test aliasing behavior:
void zzz(long *x) { x[0] = 42; x[1] = 42; }
With -fno-slp-vectorize it generates store - check - store sequence where two stores can be merged into store-pair (see AArch64LoadStoreOptimizer) if hwasan check is not mayLoadOrStore.
I tried to revert this part and it still solves the issues. I would still prefer to leave it as is to have it more explicit.
LGTM
Please check that the test works in release-without-assertions build. It tends to loose names of temporaries like "%x.hwasan".
llvm/test/Instrumentation/HWAddressSanitizer/memaccess-clobber.ll | ||
---|---|---|
4 | this is the only user of print-memdeps which is a legacy PM-specific pass. -analyze is also a legacy PM-specific feature. |
llvm/test/Instrumentation/HWAddressSanitizer/memaccess-clobber.ll | ||
---|---|---|
4 | I don't know of any more direct way to test this. Is there in the new PM that you know about that can give information about memory dependencies / what can't be reordered? |
this is the only user of print-memdeps which is a legacy PM-specific pass. -analyze is also a legacy PM-specific feature.
is there a better way of testing this? memdep is deprecated anyway