This is an archive of the discontinued LLVM Phabricator instance.

Differential D109029

[SCEV] Clarify requirements for zero-stride to be UB
ClosedPublic

Authored by reames on Aug 31 2021, 3:23 PM.

Details

Reviewers
efriedma
nikic
lifted
fhahn
Commits
rG73b951a7f7dc: [SCEV] Clarify requirements for zero-stride to be UB
Summary

There's a silent bug in our reasoning about zero strides. We assume that having a single static exit implies that if that exit is not taken, then the loop must be infinite. This ignores the potential for abnormal exits via exceptions. Consider the following example:
for (uint_8 i = 0; i < 1; i += 0) {

throw_on_thousandth_call();

}

Our reasoning is such that we'd conclude this loop can't take the backedge as that would lead to a (presumed) infinite loop.

In practice, this is a silent bug because the loopIsFiniteByAssumption returns false strictly more often than the loopHaNoAbnormalExits property. We could reasonable want to change that in the future, so fixing the codeflow now is worthwhile.

Diff Detail

Event Timeline

reames created this revision.Aug 31 2021, 3:23 PM
Herald added subscribers: bollu, hiraditya, mcrosier. · View Herald TranscriptAug 31 2021, 3:23 PM
reames requested review of this revision.Aug 31 2021, 3:23 PM
Herald added a project: Restricted Project. · View Herald TranscriptAug 31 2021, 3:23 PM
reames mentioned this in D104140: [SCEV] Allow negative steps for LT exit count computation for unsigned comparisons.Aug 31 2021, 3:59 PM
reames added a child revision: D104140: [SCEV] Allow negative steps for LT exit count computation for unsigned comparisons.
Harbormaster completed remote builds in B122005: Diff 369806.Aug 31 2021, 4:02 PM
efriedma accepted this revision.Sep 1 2021, 1:48 PM

LGTM.

If a loop is finite by assumption, it doesn't have external side-effects. But then, how do we exit the loop? I guess throwing an exception doesn't involve an external side-effect. But we don't really have any incentive to try to model that, given that every place we call loopIsFiniteByAssumption() also calls loopHasNoAbnormalExits(), so this seems like it will stay a theoretical problem. I guess it serves as documentation, though.

This revision is now accepted and ready to land.Sep 1 2021, 1:48 PM
Closed by commit rG73b951a7f7dc: [SCEV] Clarify requirements for zero-stride to be UB (authored by reames). · Explain WhySep 1 2021, 2:01 PM
This revision was automatically updated to reflect the committed changes.
reames added a commit: rG73b951a7f7dc: [SCEV] Clarify requirements for zero-stride to be UB.
reames mentioned this in D109091: [SCEV] Further clarify comments regarding UB and zero stride.Sep 1 2021, 2:10 PM
reames mentioned this in rG965906997865: [SCEV] Further clarify comments regarding UB and zero stride.Sep 7 2021, 1:55 PM

Revision Contents

PathSize
llvm/
lib/
Analysis/
8 lines

Diff 370052

llvm/lib/Analysis/ScalarEvolution.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 11,627 Lines▼ Show 20 Lines if (!PositiveStride) {
// (max(end, start + stride) - start - 1) /u stride // (max(end, start + stride) - start - 1) /u stride
// //
// The additional preconditions that we need to check to prove correctness // The additional preconditions that we need to check to prove correctness
// of the above formula is as follows - // of the above formula is as follows -
// //
// a) IV is either nuw or nsw depending upon signedness (indicated by the // a) IV is either nuw or nsw depending upon signedness (indicated by the
// NoWrap flag). // NoWrap flag).
// b) loop is single exit with no side effects. // b) loop is single exit with no side effects.
// c) loop has no abnormal exits
// //
// //
// Precondition a) implies that if the stride is negative, this is a single // Precondition a) implies that if the stride is negative, this is a single
// trip loop. The backedge taken count formula reduces to zero in this case. // trip loop. The backedge taken count formula reduces to zero in this case.
// //
// Precondition b) implies that if rhs is invariant in L, then unknown // Precondition b) and c) combine to imply that if rhs is invariant in L,
// stride being zero means the backedge can't be taken without UB. // then a zero stride means the backedge can't be taken without executing
// undefined behavior.
// //
// The positive stride case is the same as isKnownPositive(Stride) returning // The positive stride case is the same as isKnownPositive(Stride) returning
// true (original behavior of the function). // true (original behavior of the function).
// //
// We want to make sure that the stride is truly unknown as there are edge // We want to make sure that the stride is truly unknown as there are edge
// cases where ScalarEvolution propagates no wrap flags to the // cases where ScalarEvolution propagates no wrap flags to the
// post-increment/decrement IV even though the increment/decrement operation // post-increment/decrement IV even though the increment/decrement operation
// itself is wrapping. The computed backedge taken count may be wrong in // itself is wrapping. The computed backedge taken count may be wrong in
// such cases. This is prevented by checking that the stride is not known to // such cases. This is prevented by checking that the stride is not known to
// be either positive or non-positive. For example, no wrap flags are // be either positive or non-positive. For example, no wrap flags are
// propagated to the post-increment IV of this loop with a trip count of 2 - // propagated to the post-increment IV of this loop with a trip count of 2 -
// //
// unsigned char i; // unsigned char i;
// for(i=127; i<128; i+=129) // for(i=127; i<128; i+=129)
// A[i] = i; // A[i] = i;
// //
if (PredicatedIV || !NoWrap || isKnownNonPositive(Stride) || if (PredicatedIV || !NoWrap || isKnownNonPositive(Stride) ||
!loopIsFiniteByAssumption(L)) !loopIsFiniteByAssumption(L) || !loopHasNoAbnormalExits(L))
return getCouldNotCompute(); return getCouldNotCompute();
if (!isKnownNonZero(Stride)) { if (!isKnownNonZero(Stride)) {
// If we have a step of zero, and RHS isn't invariant in L, we don't know // If we have a step of zero, and RHS isn't invariant in L, we don't know
// if it might eventually be greater than start and if so, on which // if it might eventually be greater than start and if so, on which
// iteration. We can't even produce a useful upper bound. // iteration. We can't even produce a useful upper bound.
if (!isLoopInvariant(RHS, L)) if (!isLoopInvariant(RHS, L))
return getCouldNotCompute(); return getCouldNotCompute();
▲ Show 20 LinesShow All 2,431 LinesShow Last 20 Lines