This is an archive of the discontinued LLVM Phabricator instance.

Differential D108734

[InstCombine] Remove invariant group intrinsincs when comparing against null
ClosedPublic

Authored by aeubanks on Aug 25 2021, 3:13 PM.

Details

Reviewers
lebedev.ri
Prazek
Commits
rG099e4bcd5d06: [InstCombine] Remove invariant group intrinsincs when comparing against null
Summary

We cannot leak any equivalency information by comparing against null
since null never has virtual metadata associated with it (when null is
not a valid dereferenceable pointer).

Instcombine seems to make sure that a null will be on the RHS, so we
don't have to check both operands.

This fixes a missed optimization in llvm-test-suite's MultiSource lambda
benchmark under -fstrict-vtable-pointers.

Diff Detail

Event Timeline

aeubanks created this revision.Aug 25 2021, 3:13 PM
Herald added subscribers: hiraditya, Prazek. · View Herald TranscriptAug 25 2021, 3:13 PM
aeubanks requested review of this revision.Aug 25 2021, 3:13 PM
Herald added a project: Restricted Project. · View Herald TranscriptAug 25 2021, 3:13 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
aeubanks added reviewers: lebedev.ri, Prazek.Aug 25 2021, 3:14 PM
lebedev.ri added inline comments.Aug 25 2021, 3:29 PM
llvm/lib/Transforms/InstCombine/InstCombineCompares.cpp
5705–5724

In-place replacements aren't nice.
How about:

llvm/test/Transforms/InstCombine/invariant.group.ll
2

I'm not sure what this is testing, but pass tests that involve more than a single pass are frowned upon.

aeubanks updated this revision to Diff 368761.Aug 25 2021, 3:40 PM

cleanup code

lebedev.ri added a comment.Aug 25 2021, 3:43 PM

Code-wise this seems fine, but i'm not sure i'm sufficiently familiar with the semantics.

aeubanks added a comment.Aug 25 2021, 5:25 PM

hmm, if two pointers are equal in an icmp, will GVN RAUW one with the other based on that info? maybe I'm completely missing something

aeubanks added a comment.Aug 25 2021, 5:31 PM

nvm I think this patch is wrong

Harbormaster completed remote builds in B121257: Diff 368761.Aug 25 2021, 5:49 PM
Prazek requested changes to this revision.Aug 26 2021, 5:30 AM

Lets talk offline about the specific case to get it right. The model is pretty brittle in those areas, so we have to be sure the transformations are legal

llvm/lib/Transforms/InstCombine/InstCombineCompares.cpp
5705–5717

If I understand this correctly, this essentially strips launders/strips from cmp operands.

I think this is incorrect. From the perspective of devirtualization we can have code like:

%vtable_a = load i8* %a, !invariant.group !{}
;;;
; %a == %b
%addr_a = call i8* @llvm.strip.invariant.group(i8* %a)
%addr_b = call i8* @llvm.strip.invariant.group(i8* %b)
%bool = icmp %addr_a, %addr_b
br %bool, %if, %after
if:
; This will not be able to change %b to %a
%vtable_b = load i8* %b, !invariant.group !{}

As you see, the two loads operate on %a and %b (where %b is a result of launder). As comparisons can leak the idea that %a and %b are essentially the same addresses (thus enabling GVN to RAUW %b with %a), we need to strip it before cmp.

In this case, we would replace the cmp with icmp %a %b, which would essentially tell GVN %a and %b can be used interchanganbly in this branch.

This revision now requires changes to proceed.Aug 26 2021, 5:30 AM
Prazek added a comment.Aug 26 2021, 5:43 AM

Just for the record (discussed offline): if the problem is comparisons of launder/strip(%p) with null, then for this specific case we could I think replace it with comparison of %p and null, as null does does not have any "virtual" information (similarly how we already optimzie launder/strip(null) to null

aeubanks mentioned this in rG14d45e41bf81: [test] Update precommit tests for D108734.Aug 26 2021, 12:06 PM
aeubanks updated this revision to Diff 368976.Aug 26 2021, 1:57 PM

only optimize null comparisons

aeubanks edited the summary of this revision. (Show Details)Aug 26 2021, 1:58 PM
aeubanks edited the summary of this revision. (Show Details)
Harbormaster completed remote builds in B121404: Diff 368976.Aug 26 2021, 2:26 PM
Prazek accepted this revision.Aug 27 2021, 2:14 AM

LGTM! Great work with looking for regressions like that.

llvm/lib/Transforms/InstCombine/InstCombineCompares.cpp
5715

I wonder if the fact that usually there are bitcasts around strip/launder could be problematic.
I think this does not handle case like:

%b1 = bitcast i32* %p to i8*
%b2 = strip(%b1)
%b3 = bitcast i8* %b2 to i32*

icmp %b3, null

But it might be not a problem, if this code gets cannonicalized to:

%b1 = bitcast i32* %p to i8*
%b2 = strip(%b1)

icmp %b2, null

Could you double check if this would be optimized by InstCombine allone, or that there is any pass that would cannonicalize it?

This revision is now accepted and ready to land.Aug 27 2021, 2:14 AM
lebedev.ri added a comment.Aug 27 2021, 2:18 AM

Seems fine to me with nits

llvm/lib/Transforms/InstCombine/InstCombineCompares.cpp
5709–5711
5714–5715

Could flatten the if's

5719

Could do early-return, but not sure how better that would be here

Prazek added a comment.Aug 27 2021, 3:00 AM

Could you also update the description and title?

aeubanks retitled this revision from [InstCombine] Replace icmp invariant group operands with the invariant group's operands to [InstCombine] Remove invariant group intrinsincs when comparing against null.Aug 27 2021, 11:08 AM
aeubanks mentioned this in rG9dd74ee3f08e: [test] More test precommits for D108734.Aug 27 2021, 11:17 AM
aeubanks updated this revision to Diff 369152.Aug 27 2021, 11:19 AM

update

aeubanks marked an inline comment as done.Aug 27 2021, 11:20 AM
aeubanks added inline comments.
llvm/lib/Transforms/InstCombine/InstCombineCompares.cpp
5709–5711

it's hard to read with a multi-line if condition IMO

5715

added a test to verify that instcombine takes care of this

Harbormaster completed remote builds in B121528: Diff 369152.Aug 27 2021, 12:21 PM
Prazek accepted this revision.Aug 28 2021, 3:59 AM

LGTM!

Closed by commit rG099e4bcd5d06: [InstCombine] Remove invariant group intrinsincs when comparing against null (authored by aeubanks). · Explain WhyAug 29 2021, 3:54 PM
This revision was automatically updated to reflect the committed changes.
aeubanks added a commit: rG099e4bcd5d06: [InstCombine] Remove invariant group intrinsincs when comparing against null.

Revision Contents

PathSize
llvm/
lib/
Transforms/
InstCombine/
20 lines
test/
Transforms/
InstCombine/
13 lines

Diff 369152

llvm/lib/Transforms/InstCombine/InstCombineCompares.cpp

Show First 20 LinesShow All 5,696 Lines▼ Show 20 Lines else if (match(Op1, UAddOvResultPat) &&
// A > extract(uadd.with.overflow(A, B), 0) // A > extract(uadd.with.overflow(A, B), 0)
UAddOv = cast<ExtractValueInst>(Op1)->getAggregateOperand(); UAddOv = cast<ExtractValueInst>(Op1)->getAggregateOperand();
else else
return nullptr; return nullptr;
return ExtractValueInst::Create(UAddOv, 1); return ExtractValueInst::Create(UAddOv, 1);
} }
static Instruction *foldICmpInvariantGroup(ICmpInst &I) {
if (!I.getOperand(0)->getType()->isPointerTy() ||
NullPointerIsDefined(
I.getParent()->getParent(),
I.getOperand(0)->getType()->getPointerAddressSpace())) {
return nullptr;
}
lebedev.riUnsubmitted
Not Done
ReplyInline Actions
I.getParent()->getParent(),
- I.getOperand(0)->getType()->getPointerAddressSpace())) {
+ I.getOperand(0)->getType()->getPointerAddressSpace()))
return nullptr;
- }
Instruction *Op;
lebedev.ri:
aeubanksAuthorUnsubmitted
Done
ReplyInline Actions

it's hard to read with a multi-line if condition IMO

aeubanks: it's hard to read with a multi-line if condition IMO
Instruction *Op;
if (match(I.getOperand(0), m_Instruction(Op)) &&
match(I.getOperand(1), m_Zero()) &&
Op->isLaunderOrStripInvariantGroup()) {
PrazekUnsubmitted
Not Done
ReplyInline Actions

I wonder if the fact that usually there are bitcasts around strip/launder could be problematic.
I think this does not handle case like:

%b1 = bitcast i32* %p to i8*
%b2 = strip(%b1)
%b3 = bitcast i8* %b2 to i32*

icmp %b3, null

But it might be not a problem, if this code gets cannonicalized to:

%b1 = bitcast i32* %p to i8*
%b2 = strip(%b1)

icmp %b2, null

Could you double check if this would be optimized by InstCombine allone, or that there is any pass that would cannonicalize it?

Prazek: I wonder if the fact that usually there are bitcasts around strip/launder could be problematic.
aeubanksAuthorUnsubmitted
Done
ReplyInline Actions

added a test to verify that instcombine takes care of this

aeubanks: added a test to verify that instcombine takes care of this
lebedev.riUnsubmitted
Done
ReplyInline Actions

Could flatten the if's

lebedev.ri: Could flatten the if's
return ICmpInst::Create(Instruction::ICmp, I.getPredicate(),
Op->getOperand(0), I.getOperand(1));
PrazekUnsubmitted
Not Done
ReplyInline Actions

If I understand this correctly, this essentially strips launders/strips from cmp operands.

I think this is incorrect. From the perspective of devirtualization we can have code like:

%vtable_a = load i8* %a, !invariant.group !{}
;;;
; %a == %b
%addr_a = call i8* @llvm.strip.invariant.group(i8* %a)
%addr_b = call i8* @llvm.strip.invariant.group(i8* %b)
%bool = icmp %addr_a, %addr_b
br %bool, %if, %after
if:
; This will not be able to change %b to %a
%vtable_b = load i8* %b, !invariant.group !{}

As you see, the two loads operate on %a and %b (where %b is a result of launder). As comparisons can leak the idea that %a and %b are essentially the same addresses (thus enabling GVN to RAUW %b with %a), we need to strip it before cmp.

In this case, we would replace the cmp with icmp %a %b, which would essentially tell GVN %a and %b can be used interchanganbly in this branch.

Prazek: If I understand this correctly, this essentially strips launders/strips from cmp operands. I…
}
return nullptr;
lebedev.riUnsubmitted
Not Done
ReplyInline Actions

Could do early-return, but not sure how better that would be here

lebedev.ri: Could do early-return, but not sure how better that would be here
}
Instruction *InstCombinerImpl::visitICmpInst(ICmpInst &I) { Instruction *InstCombinerImpl::visitICmpInst(ICmpInst &I) {
bool Changed = false; bool Changed = false;
const SimplifyQuery Q = SQ.getWithInstruction(&I); const SimplifyQuery Q = SQ.getWithInstruction(&I);
lebedev.riUnsubmitted
Not Done
ReplyInline Actions
return ExtractValueInst::Create(UAddOv, 1);
}
static bool foldICmpInvariantGroup(ICmpInst &I) {
- bool Changed = false;
- while (auto *O = dyn_cast<Instruction>(I.getOperand(0))) {
- if (O->isLaunderOrStripInvariantGroup()) {
- I.setOperand(0, O->getOperand(0));
- Changed = true;
- } else {
- break;
- }
- }
- while (auto *O = dyn_cast<Instruction>(I.getOperand(1))) {
- if (O->isLaunderOrStripInvariantGroup()) {
- I.setOperand(1, O->getOperand(0));
- Changed = true;
- } else {
- break;
- }
- }
- return Changed;
+ SmallVector<Value *, 2> Ops(I.op_begin(), I.op_end());
+ for (Value *&Op : Ops) {
+ auto *I = dyn_cast<Instruction>(Op);
+ if (!I || !I->isLaunderOrStripInvariantGroup())
+ continue;
+ Op = I->getOperand(0);
+ }
+ if (!equal(Ops, I.operands()))
+ return ICmpInst::Create(Instruction::ICmp, I.getPredicate(), Ops[0],
+ Ops[1]);
}
Instruction *InstCombinerImpl::visitICmpInst(ICmpInst &I) {

In-place replacements aren't nice.
How about:

lebedev.ri: In-place replacements aren't nice. How about:
Value *Op0 = I.getOperand(0), *Op1 = I.getOperand(1); Value *Op0 = I.getOperand(0), *Op1 = I.getOperand(1);
unsigned Op0Cplxity = getComplexity(Op0); unsigned Op0Cplxity = getComplexity(Op0);
unsigned Op1Cplxity = getComplexity(Op1); unsigned Op1Cplxity = getComplexity(Op1);
/// Orders the operands of the compare so that they are listed from most /// Orders the operands of the compare so that they are listed from most
/// complex to least complex. This puts constants before unary operators, /// complex to least complex. This puts constants before unary operators,
/// before binary operators. /// before binary operators.
if (Op0Cplxity < Op1Cplxity || if (Op0Cplxity < Op1Cplxity ||
▲ Show 20 LinesShow All 221 Lines▼ Show 20 LinesInstruction *InstCombinerImpl::visitICmpInst(ICmpInst &I) {
if (Instruction *Res = foldICmpWithHighBitMask(I, Builder)) if (Instruction *Res = foldICmpWithHighBitMask(I, Builder))
return Res; return Res;
if (I.getType()->isVectorTy()) if (I.getType()->isVectorTy())
if (Instruction *Res = foldVectorCmp(I, Builder)) if (Instruction *Res = foldVectorCmp(I, Builder))
return Res; return Res;
if (Instruction *Res = foldICmpInvariantGroup(I))
return Res;
return Changed ? &I : nullptr; return Changed ? &I : nullptr;
} }
/// Fold fcmp ([us]itofp x, cst) if possible. /// Fold fcmp ([us]itofp x, cst) if possible.
Instruction *InstCombinerImpl::foldFCmpIntToFPConst(FCmpInst &I, Instruction *InstCombinerImpl::foldFCmpIntToFPConst(FCmpInst &I,
Instruction *LHSI, Instruction *LHSI,
Constant *RHSC) { Constant *RHSC) {
if (!isa<ConstantFP>(RHSC)) return nullptr; if (!isa<ConstantFP>(RHSC)) return nullptr;
▲ Show 20 LinesShow All 520 LinesShow Last 20 Lines

llvm/test/Transforms/InstCombine/invariant.group.ll

; NOTE: Assertions have been autogenerated by utils/update_test_checks.py ; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
; RUN: opt -instcombine -early-cse -earlycse-debug-hash -S < %s | FileCheck %s ; RUN: opt -instcombine -early-cse -earlycse-debug-hash -S < %s | FileCheck %s
lebedev.riUnsubmitted
Not Done
ReplyInline Actions

I'm not sure what this is testing, but pass tests that involve more than a single pass are frowned upon.

lebedev.ri: I'm not sure what this is testing, but pass tests that involve more than a single pass are…
define i8* @simplifyNullLaunder() { define i8* @simplifyNullLaunder() {
; CHECK-LABEL: @simplifyNullLaunder( ; CHECK-LABEL: @simplifyNullLaunder(
; CHECK-NEXT: ret i8* null ; CHECK-NEXT: ret i8* null
; ;
%b2 = call i8* @llvm.launder.invariant.group.p0i8(i8* null) %b2 = call i8* @llvm.launder.invariant.group.p0i8(i8* null)
ret i8* %b2 ret i8* %b2
} }
▲ Show 20 LinesShow All 145 Lines▼ Show 20 Lines;
%c1 = bitcast i8 addrspace(42)* %a2 to i16 addrspace(42)* %c1 = bitcast i8 addrspace(42)* %a2 to i16 addrspace(42)*
%a3 = call i16 addrspace(42)* @llvm.strip.invariant.group.p42i16(i16 addrspace(42)* %c1) %a3 = call i16 addrspace(42)* @llvm.strip.invariant.group.p42i16(i16 addrspace(42)* %c1)
ret i16 addrspace(42)* %a3 ret i16 addrspace(42)* %a3
} }
define i1 @icmp_null_launder(i8* %a) { define i1 @icmp_null_launder(i8* %a) {
; CHECK-LABEL: @icmp_null_launder( ; CHECK-LABEL: @icmp_null_launder(
; CHECK-NEXT: [[A2:%.*]] = call i8* @llvm.launder.invariant.group.p0i8(i8* [[A:%.*]]) ; CHECK-NEXT: [[R:%.*]] = icmp eq i8* [[A:%.*]], null
; CHECK-NEXT: [[R:%.*]] = icmp eq i8* [[A2]], null
; CHECK-NEXT: ret i1 [[R]] ; CHECK-NEXT: ret i1 [[R]]
; ;
%a2 = call i8* @llvm.launder.invariant.group.p0i8(i8* %a) %a2 = call i8* @llvm.launder.invariant.group.p0i8(i8* %a)
%r = icmp eq i8* %a2, null %r = icmp eq i8* %a2, null
ret i1 %r ret i1 %r
} }
define i1 @icmp_null_strip(i8* %a) { define i1 @icmp_null_strip(i8* %a) {
; CHECK-LABEL: @icmp_null_strip( ; CHECK-LABEL: @icmp_null_strip(
; CHECK-NEXT: [[A2:%.*]] = call i8* @llvm.strip.invariant.group.p0i8(i8* [[A:%.*]]) ; CHECK-NEXT: [[R:%.*]] = icmp eq i8* [[A:%.*]], null
; CHECK-NEXT: [[R:%.*]] = icmp eq i8* [[A2]], null
; CHECK-NEXT: ret i1 [[R]] ; CHECK-NEXT: ret i1 [[R]]
; ;
%a2 = call i8* @llvm.strip.invariant.group.p0i8(i8* %a) %a2 = call i8* @llvm.strip.invariant.group.p0i8(i8* %a)
%r = icmp eq i8* %a2, null %r = icmp eq i8* %a2, null
ret i1 %r ret i1 %r
} }
define i1 @icmp_null_launder_valid_null(i8* %a) #0 { define i1 @icmp_null_launder_valid_null(i8* %a) #0 {
Show All 16 Lines;
%a2 = call i8* @llvm.strip.invariant.group.p0i8(i8* %a) %a2 = call i8* @llvm.strip.invariant.group.p0i8(i8* %a)
%r = icmp eq i8* %a2, null %r = icmp eq i8* %a2, null
ret i1 %r ret i1 %r
} }
; Check that null always becomes the RHS ; Check that null always becomes the RHS
define i1 @icmp_null_launder_lhs(i8* %a) { define i1 @icmp_null_launder_lhs(i8* %a) {
; CHECK-LABEL: @icmp_null_launder_lhs( ; CHECK-LABEL: @icmp_null_launder_lhs(
; CHECK-NEXT: [[A2:%.*]] = call i8* @llvm.launder.invariant.group.p0i8(i8* [[A:%.*]]) ; CHECK-NEXT: [[R:%.*]] = icmp eq i8* [[A:%.*]], null
; CHECK-NEXT: [[R:%.*]] = icmp eq i8* [[A2]], null
; CHECK-NEXT: ret i1 [[R]] ; CHECK-NEXT: ret i1 [[R]]
; ;
%a2 = call i8* @llvm.launder.invariant.group.p0i8(i8* %a) %a2 = call i8* @llvm.launder.invariant.group.p0i8(i8* %a)
%r = icmp eq i8* null, %a2 %r = icmp eq i8* null, %a2
ret i1 %r ret i1 %r
} }
define i1 @icmp_null_launder_bitcasts(i32* %a) { define i1 @icmp_null_launder_bitcasts(i32* %a) {
; CHECK-LABEL: @icmp_null_launder_bitcasts( ; CHECK-LABEL: @icmp_null_launder_bitcasts(
; CHECK-NEXT: [[A2:%.*]] = bitcast i32* [[A:%.*]] to i8* ; CHECK-NEXT: [[R:%.*]] = icmp eq i32* [[A:%.*]], null
; CHECK-NEXT: [[A3:%.*]] = call i8* @llvm.launder.invariant.group.p0i8(i8* [[A2]])
; CHECK-NEXT: [[R:%.*]] = icmp eq i8* [[A3]], null
; CHECK-NEXT: ret i1 [[R]] ; CHECK-NEXT: ret i1 [[R]]
; ;
%a2 = bitcast i32* %a to i8* %a2 = bitcast i32* %a to i8*
%a3 = call i8* @llvm.launder.invariant.group.p0i8(i8* %a2) %a3 = call i8* @llvm.launder.invariant.group.p0i8(i8* %a2)
%a4 = bitcast i8* %a3 to i32* %a4 = bitcast i8* %a3 to i32*
%r = icmp eq i32* %a4, null %r = icmp eq i32* %a4, null
ret i1 %r ret i1 %r
} }
Show All 9 Lines