This is an archive of the discontinued LLVM Phabricator instance.

Differential D108485

[DSE] Check post-dominance for malloc+memset->calloc transform.
ClosedPublic

Authored by asbirlea on Aug 20 2021, 2:06 PM.

Details

Reviewers
yurai007
nikic
alexfh
eugenis
Commits
rGe8723abf43c3: [DSE] Check post-dominance for malloc+memset->calloc transform.
Summary

Aiming to address the regression discussed in
https://reviews.llvm.org/D103009.

Diff Detail

Event Timeline

asbirlea created this revision.Aug 20 2021, 2:06 PM
Herald added a subscriber: hiraditya. · View Herald TranscriptAug 20 2021, 2:06 PM
asbirlea requested review of this revision.Aug 20 2021, 2:06 PM
Herald added a project: Restricted Project. · View Herald TranscriptAug 20 2021, 2:06 PM
asbirlea mentioned this in D103009: [DSE] Transform memset + malloc --> calloc (PR25892).Aug 20 2021, 2:07 PM
xbolva00 added a subscriber: xbolva00.EditedAug 20 2021, 2:22 PM

Also some notes from https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83022

implementing a check to see if the only condition between the malloc and memset is 'ptr != 0'.

+1. This is probably what we really want to make everybody happy.

llvm/test/Transforms/DeadStoreElimination/noop-stores.ll
415

I would rather see better fix, so this motivating case still works (allow 'ptr compared with NULL'). Othewise I see no value from this optimization at all and it should be just removed from DSE.

I am somewhat scared that people talking about this pattern

memset(malloc(size), 0, size)

not suprised that why there are so many nasty bugs/exploits in C codebases.

Harbormaster completed remote builds in B120622: Diff 367889.Aug 20 2021, 2:47 PM
asbirlea added inline comments.Aug 20 2021, 2:50 PM
llvm/test/Transforms/DeadStoreElimination/noop-stores.ll
415

I would rather see better fix, so this motivating case still works (allow 'ptr compared with NULL'). Othewise I see no value from this optimization at all and it should be just removed from DSE.

Sure, revert is a viable option while looking to add the 'ptr compared with NULL' check, as that's not so straightforward.

xbolva00 added inline comments.Aug 20 2021, 3:18 PM
llvm/test/Transforms/DeadStoreElimination/noop-stores.ll
415

But probably we should just take your patch, to avoid regression as SLC's transformation was removed as DSE-based one was implemented.

xbolva00 added reviewers: yurai007, nikic, alexfh, eugenis.Aug 20 2021, 3:19 PM
yurai007 added inline comments.Aug 21 2021, 2:56 AM
llvm/test/Transforms/DeadStoreElimination/noop-stores.ll
415

'ptr compared with NULL' check, as that's not so straightforward.

Yes, it requires some dance with matching like here (old patch doing transformation in SLC): https://reviews.llvm.org/D101176

alexfh accepted this revision.Aug 23 2021, 9:53 AM

Looks good to me!

This revision is now accepted and ready to land.Aug 23 2021, 9:53 AM
alexfh added a comment.Aug 23 2021, 9:54 AM

I think, it's the right first step, and if there's a need to make the transformation support more use cases like checking the result of malloc for null, that can be added as a separate step.

Closed by commit rGe8723abf43c3: [DSE] Check post-dominance for malloc+memset->calloc transform. (authored by asbirlea). · Explain WhyAug 23 2021, 12:40 PM
This revision was automatically updated to reflect the committed changes.
asbirlea added a commit: rGe8723abf43c3: [DSE] Check post-dominance for malloc+memset->calloc transform..

Revision Contents

PathSize
llvm/
lib/
Transforms/
Scalar/
2 lines
test/
Transforms/
DeadStoreElimination/
9 lines

Diff 368180

llvm/lib/Transforms/Scalar/DeadStoreElimination.cpp

Show First 20 LinesShow All 1,840 Lines▼ Show 20 Lines if (StoredConstant && StoredConstant->isNullValue()) {
auto *InnerCallee = Malloc->getCalledFunction(); auto *InnerCallee = Malloc->getCalledFunction();
if (!InnerCallee) if (!InnerCallee)
return false; return false;
LibFunc Func; LibFunc Func;
if (!TLI.getLibFunc(*InnerCallee, Func) || !TLI.has(Func) || if (!TLI.getLibFunc(*InnerCallee, Func) || !TLI.has(Func) ||
Func != LibFunc_malloc) Func != LibFunc_malloc)
return false; return false;
if (Malloc->getOperand(0) == MemSet->getLength()) { if (Malloc->getOperand(0) == MemSet->getLength()) {
if (DT.dominates(Malloc, MemSet) && if (DT.dominates(Malloc, MemSet) && PDT.dominates(MemSet, Malloc) &&
memoryIsNotModifiedBetween(Malloc, MemSet, BatchAA, DL, &DT)) { memoryIsNotModifiedBetween(Malloc, MemSet, BatchAA, DL, &DT)) {
IRBuilder<> IRB(Malloc); IRBuilder<> IRB(Malloc);
const auto &DL = Malloc->getModule()->getDataLayout(); const auto &DL = Malloc->getModule()->getDataLayout();
if (auto *Calloc = if (auto *Calloc =
emitCalloc(ConstantInt::get(IRB.getIntPtrTy(DL), 1), emitCalloc(ConstantInt::get(IRB.getIntPtrTy(DL), 1),
Malloc->getArgOperand(0), IRB, TLI)) { Malloc->getArgOperand(0), IRB, TLI)) {
MemorySSAUpdater Updater(&MSSA); MemorySSAUpdater Updater(&MSSA);
auto *LastDef = cast<MemoryDef>( auto *LastDef = cast<MemoryDef>(
▲ Show 20 LinesShow All 338 LinesShow Last 20 Lines

llvm/test/Transforms/DeadStoreElimination/noop-stores.ll

Show First 20 LinesShow All 399 Lines▼ Show 20 Lines
if.then: ; preds = %entry if.then: ; preds = %entry
tail call void @llvm.memset.p0i8.i64(i8* nonnull align 16 %call, i8 0, i64 %mul, i1 false) tail call void @llvm.memset.p0i8.i64(i8* nonnull align 16 %call, i8 0, i64 %mul, i1 false)
br label %if.end br label %if.end
if.end: ; preds = %if.then, %entry if.end: ; preds = %if.then, %entry
ret i8* %call ret i8* %call
} }
; FIXME: malloc+memset are not currently transformed into calloc unless the
; memset post-dominates the malloc.
define float* @pr25892(i64 %size) { define float* @pr25892(i64 %size) {
; CHECK-LABEL: @pr25892( ; CHECK-LABEL: @pr25892(
; CHECK: entry: ; CHECK: entry:
; CHECK-NEXT: [[CALL:%.*]] = call i8* @calloc(i64 1, i64 [[SIZE:%.*]]) ; CHECK-NEXT: [[CALL:%.*]] = call i8* @malloc(i64 [[SIZE:%.*]])
; CHECK-NEXT: [[CMP:%.*]] = icmp eq i8* [[CALL]], null ; CHECK-NEXT: [[CMP:%.*]] = icmp eq i8* [[CALL]], null
; CHECK-NEXT: br i1 [[CMP]], label [[CLEANUP:%.*]], label [[IF_END:%.*]] ; CHECK-NEXT: br i1 [[CMP]], label [[CLEANUP:%.*]], label [[IF_END:%.*]]
xbolva00Unsubmitted
Not Done
ReplyInline Actions

I would rather see better fix, so this motivating case still works (allow 'ptr compared with NULL'). Othewise I see no value from this optimization at all and it should be just removed from DSE.

I am somewhat scared that people talking about this pattern

memset(malloc(size), 0, size)

not suprised that why there are so many nasty bugs/exploits in C codebases.

xbolva00: I would rather see better fix, so this motivating case still works (allow 'ptr compared with…
asbirleaAuthorUnsubmitted
Done
ReplyInline Actions

I would rather see better fix, so this motivating case still works (allow 'ptr compared with NULL'). Othewise I see no value from this optimization at all and it should be just removed from DSE.

Sure, revert is a viable option while looking to add the 'ptr compared with NULL' check, as that's not so straightforward.

asbirlea: > I would rather see better fix, so this motivating case still works (allow 'ptr compared with…
xbolva00Unsubmitted
Not Done
ReplyInline Actions

But probably we should just take your patch, to avoid regression as SLC's transformation was removed as DSE-based one was implemented.

xbolva00: But probably we should just take your patch, to avoid regression as SLC's transformation was…
yurai007Unsubmitted
Not Done
ReplyInline Actions

'ptr compared with NULL' check, as that's not so straightforward.

Yes, it requires some dance with matching like here (old patch doing transformation in SLC): https://reviews.llvm.org/D101176

yurai007: > 'ptr compared with NULL' check, as that's not so straightforward. Yes, it requires some…
; CHECK: if.end: ; CHECK: if.end:
; CHECK-NEXT: [[BC:%.*]] = bitcast i8* [[CALL]] to float* ; CHECK-NEXT: [[BC:%.*]] = bitcast i8* [[CALL]] to float*
; CHECK-NEXT: call void @llvm.memset.p0i8.i64(i8* %call, i8 0, i64 %size, i1 false)
; CHECK-NEXT: br label [[CLEANUP]] ; CHECK-NEXT: br label [[CLEANUP]]
; CHECK: cleanup: ; CHECK: cleanup:
; CHECK-NEXT: [[RETVAL_0:%.*]] = phi float* [ [[BC]], [[IF_END]] ], [ null, [[ENTRY:%.*]] ] ; CHECK-NEXT: [[RETVAL_0:%.*]] = phi float* [ [[BC]], [[IF_END]] ], [ null, [[ENTRY:%.*]] ]
; CHECK-NEXT: ret float* [[RETVAL_0]] ; CHECK-NEXT: ret float* [[RETVAL_0]]
; ;
entry: entry:
%call = call i8* @malloc(i64 %size) inaccessiblememonly %call = call i8* @malloc(i64 %size) inaccessiblememonly
%cmp = icmp eq i8* %call, null %cmp = icmp eq i8* %call, null
br i1 %cmp, label %cleanup, label %if.end br i1 %cmp, label %cleanup, label %if.end
if.end: if.end:
%bc = bitcast i8* %call to float* %bc = bitcast i8* %call to float*
call void @llvm.memset.p0i8.i64(i8* %call, i8 0, i64 %size, i1 false) call void @llvm.memset.p0i8.i64(i8* %call, i8 0, i64 %size, i1 false)
br label %cleanup br label %cleanup
cleanup: cleanup:
%retval.0 = phi float* [ %bc, %if.end ], [ null, %entry ] %retval.0 = phi float* [ %bc, %if.end ], [ null, %entry ]
ret float* %retval.0 ret float* %retval.0
} }
define float* @pr25892_with_extra_store(i64 %size) { define float* @pr25892_with_extra_store(i64 %size) {
; CHECK-LABEL: @pr25892_with_extra_store( ; CHECK-LABEL: @pr25892_with_extra_store(
; CHECK: entry: ; CHECK: entry:
; CHECK-NEXT: [[CALL:%.*]] = call i8* @calloc(i64 1, i64 [[SIZE:%.*]]) ; CHECK-NEXT: [[CALL:%.*]] = call i8* @malloc(i64 [[SIZE:%.*]])
; CHECK-NEXT: [[CMP:%.*]] = icmp eq i8* [[CALL]], null ; CHECK-NEXT: [[CMP:%.*]] = icmp eq i8* [[CALL]], null
; CHECK-NEXT: br i1 [[CMP]], label [[CLEANUP:%.*]], label [[IF_END:%.*]] ; CHECK-NEXT: br i1 [[CMP]], label [[CLEANUP:%.*]], label [[IF_END:%.*]]
; CHECK: if.end: ; CHECK: if.end:
; CHECK-NEXT: [[BC:%.*]] = bitcast i8* [[CALL]] to float* ; CHECK-NEXT: [[BC:%.*]] = bitcast i8* [[CALL]] to float*
; CHECK-NEXT: call void @llvm.memset.p0i8.i64(i8* %call, i8 0, i64 %size, i1 false)
; CHECK-NEXT: store i8 0, i8* %call, align 1
; CHECK-NEXT: br label [[CLEANUP]] ; CHECK-NEXT: br label [[CLEANUP]]
; CHECK: cleanup: ; CHECK: cleanup:
; CHECK-NEXT: [[RETVAL_0:%.*]] = phi float* [ [[BC]], [[IF_END]] ], [ null, [[ENTRY:%.*]] ] ; CHECK-NEXT: [[RETVAL_0:%.*]] = phi float* [ [[BC]], [[IF_END]] ], [ null, [[ENTRY:%.*]] ]
; CHECK-NEXT: ret float* [[RETVAL_0]] ; CHECK-NEXT: ret float* [[RETVAL_0]]
; ;
entry: entry:
%call = call i8* @malloc(i64 %size) inaccessiblememonly %call = call i8* @malloc(i64 %size) inaccessiblememonly
%cmp = icmp eq i8* %call, null %cmp = icmp eq i8* %call, null
▲ Show 20 LinesShow All 153 LinesShow Last 20 Lines