This is an archive of the discontinued LLVM Phabricator instance.

Differential D109638

[CSSPGO][llvm-profgen] Truncate stack samples with invalid return address.
ClosedPublic

Authored by hoy on Sep 10 2021, 5:33 PM.

Details

Reviewers
wenlei
wlei
wmi
Commits
rG0057c7185d1c: [CSSPGO][llvm-profgen] Truncate stack samples with invalid return address.
Summary

Invalid frame addresses exist in call stack samples due to bad unwinding. This could happen to frame-pointer-based unwinding and the callee functions that do not have the frame pointer chain set up. It isn't common when the program is built with the frame pointer omission disabled, but can still happen with third-party static libs built with frame pointer omitted.

Diff Detail

Event Timeline

hoy created this revision.Sep 10 2021, 5:33 PM
Herald added subscribers: modimo, wenlei, hiraditya. · View Herald TranscriptSep 10 2021, 5:33 PM
hoy requested review of this revision.Sep 10 2021, 5:33 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptSep 10 2021, 5:33 PM
Herald added subscribers: llvm-commits, cfe-commits. · View Herald Transcript
hoy retitled this revision from [CSSPGO] Enable pseudo probe instrumentation in O0 mode. to [CSSPGO] Truncate stack samples with invalid return address..Sep 10 2021, 5:40 PM
hoy edited the summary of this revision. (Show Details)
hoy updated this revision to Diff 372042.Sep 10 2021, 5:49 PM
hoy edited the summary of this revision. (Show Details)

Updating D109638: [CSSPGO] Truncate stack samples with invalid return address.

hoy added reviewers: wenlei, wlei, wmi.Sep 10 2021, 5:50 PM
Harbormaster completed remote builds in B123534: Diff 372042.Sep 10 2021, 6:19 PM
hoy retitled this revision from [CSSPGO] Truncate stack samples with invalid return address. to [CSSPGO][llvm-profgen] Truncate stack samples with invalid return address..Sep 14 2021, 9:23 AM
wenlei added a comment.Sep 14 2021, 4:36 PM

It isn't common when the program is built with the frame pointer omission disabled, but can still happen with third-party static libs built with frame pointer omitted.

Did you mean disabled -> enabled?

This could happen to frame-pointer-based unwinding and the callee functions that do not have the frame pointer chain set up.

So this leads to frame pointer being used to volatile register and assume it contains frame pointer would lead to bad frame address when unwinding the stack during profiling, is that what you observed?

llvm/tools/llvm-profgen/PerfReader.cpp
524–533

Can we hide all this complexity into getCallAddrFromFrameAddr? i.e. we could use bool getCallAddrFromFrameAddr(uint64_t FrameAddr, uint64_t &CallAddr).

530

Should we be using a warning too? For truncated context due to missing probe for merged callsite, we used warning. I think this is things of similar nature, should we also handle them in similar/consistent fashion- i.e. with warning instead of stats?

And if we expect duplicated warnings, would be good to deduplicated before printing.

hoy added a comment.Sep 14 2021, 6:01 PM
In D109638#3000682, @wenlei wrote:

It isn't common when the program is built with the frame pointer omission disabled, but can still happen with third-party static libs built with frame pointer omitted.

Did you mean disabled -> enabled?

It's actually disabled. This happens when the program is built with -fno-omit-frame-pointer but the third-party lib is built with -fomit-frame-pointer.

This could happen to frame-pointer-based unwinding and the callee functions that do not have the frame pointer chain set up.

So this leads to frame pointer being used to volatile register and assume it contains frame pointer would lead to bad frame address when unwinding the stack during profiling, is that what you observed?

Exactly. I was seeing rbp used as a general register and its value was trashed.

llvm/tools/llvm-profgen/PerfReader.cpp
524–533

Sounds good to move it into getCallAddrFromFrameAddr.

530

Deduplicated warnings added.

hoy updated this revision to Diff 372604.Sep 14 2021, 6:03 PM

Addressing Wenlei's comment.

wenlei accepted this revision.Sep 14 2021, 6:27 PM

lgtm except two nits.

llvm/tools/llvm-profgen/PerfReader.cpp
772

nit: emitAccumulatedWarnings -> warnTruncatedStack

774

Nit: make the message more meaningful. Truncated stack sample due to invalid return address at 0xabcd, likely caused by frame pointer omission.

This revision is now accepted and ready to land.Sep 14 2021, 6:27 PM
Harbormaster completed remote builds in B123938: Diff 372604.Sep 14 2021, 6:41 PM
hoy updated this revision to Diff 372615.Sep 14 2021, 6:44 PM

Updating D109638: [CSSPGO][llvm-profgen] Truncate stack samples with invalid return address.

llvm/tools/llvm-profgen/PerfReader.cpp
772

Makes sense. I was making this cover all warnings for future use. But sounds good to stick with truncated stack for now.

Harbormaster completed remote builds in B123947: Diff 372615.Sep 14 2021, 9:05 PM
This revision was landed with ongoing or failed builds.Sep 14 2021, 9:56 PM
Closed by commit rG0057c7185d1c: [CSSPGO][llvm-profgen] Truncate stack samples with invalid return address. (authored by hoy). · Explain Why
This revision was automatically updated to reflect the committed changes.
hoy added a commit: rG0057c7185d1c: [CSSPGO][llvm-profgen] Truncate stack samples with invalid return address..

Revision Contents

PathSize
llvm/
test/
tools/
llvm-profgen/
Inputs/
12 lines
4 lines
tools/
llvm-profgen/
4 lines
27 lines
6 lines

Diff 372628

llvm/test/tools/llvm-profgen/Inputs/cs-invalid-ret-addr.perfscript

  • This file was added.
PERF_RECORD_MMAP2 2854748/2854748: [0x400000(0x1000) @ 0 00:1d 123291722 526021]: r-xp /home/noinline-cs-noprobe.perfbin
// test for invalid return address
4005b0
400686
7f68c5788793
0x40062f/0x4005b0/P/-/-/0 0x400645/0x4005ff/P/-/-/0 0x400637/0x400645/P/-/-/0 0x4005e9/0x400634/P/-/-/0 0x4005c8/0x4005dc/P/-/-/0 0x40062f/0x4005b0/P/-/-/0 0x400645/0x4005ff/P/-/-/0 0x400637/0x400645/P/-/-/0 0x4005e9/0x400634/P/-/-/0 0x4005d7/0x4005e5/P/-/-/0 0x40062f/0x4005b0/P/-/-/0 0x400645/0x4005ff/P/-/-/0 0x400637/0x400645/P/-/-/0 0x4005e9/0x400634/P/-/-/0 0x4005d7/0x4005e5/P/-/-/0 0x40062f/0x4005b0/P/-/-/0
4005b2
400686
7f68c5788793
0x40062f/0x4005b0/P/-/-/0 0x400645/0x4005ff/P/-/-/0 0x400637/0x400645/P/-/-/0 0x4005e9/0x400634/P/-/-/0 0x4005c8/0x4005dc/P/-/-/0 0x40062f/0x4005b0/P/-/-/0 0x400645/0x4005ff/P/-/-/0 0x400637/0x400645/P/-/-/0 0x4005e9/0x400634/P/-/-/0 0x4005d7/0x4005e5/P/-/-/0 0x40062f/0x4005b0/P/-/-/0 0x400645/0x4005ff/P/-/-/0 0x400637/0x400645/P/-/-/0 0x4005e9/0x400634/P/-/-/0 0x4005d7/0x4005e5/P/-/-/0 0x40062f/0x4005b0/P/-/-/0

llvm/test/tools/llvm-profgen/cs-invalid-ret-addr.test

  • This file was added.
; REQUIRES: x86_64-linux
; RUN: llvm-profgen --format=text --perfscript=%S/Inputs/cs-invalid-ret-addr.perfscript --binary=%S/Inputs/noinline-cs-noprobe.perfbin --output=%t 2>&1 | FileCheck %s
; CHECK: warning: Truncated stack sample due to invalid return address at 0x400686, likely caused by frame pointer omission

llvm/tools/llvm-profgen/PerfReader.h

Show First 20 LinesShow All 588 Lines▼ Show 20 Linesprotected:
/// ///
void parseMMap2Event(TraceStream &TraceIt); void parseMMap2Event(TraceStream &TraceIt);
// Parse perf events/samples and do aggregation // Parse perf events/samples and do aggregation
void parseAndAggregateTrace(StringRef Filename); void parseAndAggregateTrace(StringRef Filename);
// Parse either an MMAP event or a perf sample // Parse either an MMAP event or a perf sample
void parseEventOrSample(TraceStream &TraceIt); void parseEventOrSample(TraceStream &TraceIt);
// Warn if the relevant mmap event is missing. // Warn if the relevant mmap event is missing.
void warnIfMissingMMap(); void warnIfMissingMMap();
// Emit accumulate warnings.
void warnTruncatedStack();
// Extract call stack from the perf trace lines // Extract call stack from the perf trace lines
bool extractCallstack(TraceStream &TraceIt, bool extractCallstack(TraceStream &TraceIt,
SmallVectorImpl<uint64_t> &CallStack); SmallVectorImpl<uint64_t> &CallStack);
// Extract LBR stack from one perf trace line // Extract LBR stack from one perf trace line
bool extractLBRStack(TraceStream &TraceIt, bool extractLBRStack(TraceStream &TraceIt,
SmallVectorImpl<LBREntry> &LBRStack); SmallVectorImpl<LBREntry> &LBRStack);
uint64_t parseAggregatedCount(TraceStream &TraceIt); uint64_t parseAggregatedCount(TraceStream &TraceIt);
// Parse one sample from multiple perf lines, override this for different // Parse one sample from multiple perf lines, override this for different
Show All 9 Linesprotected:
virtual void writeRawProfile(raw_fd_ostream &OS) = 0; virtual void writeRawProfile(raw_fd_ostream &OS) = 0;
ProfiledBinary *Binary = nullptr; ProfiledBinary *Binary = nullptr;
ContextSampleCounterMap SampleCounters; ContextSampleCounterMap SampleCounters;
// Samples with the repeating time generated by the perf reader // Samples with the repeating time generated by the perf reader
AggregatedCounter AggregatedSamples; AggregatedCounter AggregatedSamples;
PerfScriptType PerfType = PERF_UNKNOWN; PerfScriptType PerfType = PERF_UNKNOWN;
// Keep track of all invalid return addresses
std::set<uint64_t> InvalidReturnAddresses;
}; };
/* /*
Hybrid perf script includes a group of hybrid samples(LBRs + call stack), Hybrid perf script includes a group of hybrid samples(LBRs + call stack),
which is used to generate CS profile. An example of hybrid sample: which is used to generate CS profile. An example of hybrid sample:
4005dc # call stack leaf 4005dc # call stack leaf
400634 400634
400684 # call stack root 400684 # call stack root
▲ Show 20 LinesShow All 49 LinesShow Last 20 Lines

llvm/tools/llvm-profgen/PerfReader.cpp

//===-- PerfReader.cpp - perfscript reader ---------------------*- C++ -*-===// //===-- PerfReader.cpp - perfscript reader ---------------------*- C++ -*-===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "PerfReader.h" #include "PerfReader.h"
#include "ProfileGenerator.h" #include "ProfileGenerator.h"
#include "llvm/Support/FileSystem.h" #include "llvm/Support/FileSystem.h"
#define DEBUG_TYPE "perf-reader"
static cl::opt<bool> ShowMmapEvents("show-mmap-events", cl::ReallyHidden, static cl::opt<bool> ShowMmapEvents("show-mmap-events", cl::ReallyHidden,
cl::init(false), cl::ZeroOrMore, cl::init(false), cl::ZeroOrMore,
cl::desc("Print binary load events.")); cl::desc("Print binary load events."));
cl::opt<bool> SkipSymbolization("skip-symbolization", cl::ReallyHidden, cl::opt<bool> SkipSymbolization("skip-symbolization", cl::ReallyHidden,
cl::init(false), cl::ZeroOrMore, cl::init(false), cl::ZeroOrMore,
cl::desc("Dump the unsumbolized profile to the " cl::desc("Dump the unsymbolized profile to the "
"output file. It will show unwinder " "output file. It will show unwinder "
"output for CS profile generation.")); "output for CS profile generation."));
extern cl::opt<bool> ShowDisassemblyOnly; extern cl::opt<bool> ShowDisassemblyOnly;
extern cl::opt<bool> ShowSourceLocations; extern cl::opt<bool> ShowSourceLocations;
extern cl::opt<std::string> OutputFilename; extern cl::opt<std::string> OutputFilename;
namespace llvm { namespace llvm {
▲ Show 20 LinesShow All 485 Lines▼ Show 20 Lines if (FrameStr.getAsInteger(16, FrameAddr)) {
return false; return false;
} }
TraceIt.advance(); TraceIt.advance();
// Currently intermixed frame from different binaries is not supported. // Currently intermixed frame from different binaries is not supported.
// Ignore bottom frames not from binary of interest. // Ignore bottom frames not from binary of interest.
if (!Binary->addressIsCode(FrameAddr)) if (!Binary->addressIsCode(FrameAddr))
break; break;
// We need to translate return address to call address // We need to translate return address to call address for non-leaf frames.
// for non-leaf frames
if (!CallStack.empty()) { if (!CallStack.empty()) {
FrameAddr = Binary->getCallAddrFromFrameAddr(FrameAddr); auto CallAddr = Binary->getCallAddrFromFrameAddr(FrameAddr);
if (!CallAddr) {
// Stop at an invalid return address caused by bad unwinding. This could
// happen to frame-pointer-based unwinding and the callee functions that
// do not have the frame pointer chain set up.
InvalidReturnAddresses.insert(FrameAddr);
break;
wenleiUnsubmitted
Not Done
ReplyInline Actions

Should we be using a warning too? For truncated context due to missing probe for merged callsite, we used warning. I think this is things of similar nature, should we also handle them in similar/consistent fashion- i.e. with warning instead of stats?

And if we expect duplicated warnings, would be good to deduplicated before printing.

wenlei: Should we be using a warning too? For truncated context due to missing probe for merged…
hoyAuthorUnsubmitted
Done
ReplyInline Actions

Deduplicated warnings added.

hoy: Deduplicated warnings added.
}
FrameAddr = CallAddr;
} }
wenleiUnsubmitted
Not Done
ReplyInline Actions

Can we hide all this complexity into getCallAddrFromFrameAddr? i.e. we could use bool getCallAddrFromFrameAddr(uint64_t FrameAddr, uint64_t &CallAddr).

wenlei: Can we hide all this complexity into `getCallAddrFromFrameAddr`? i.e. we could use `bool…
hoyAuthorUnsubmitted
Done
ReplyInline Actions

Sounds good to move it into getCallAddrFromFrameAddr.

hoy: Sounds good to move it into `getCallAddrFromFrameAddr`.
CallStack.emplace_back(FrameAddr); CallStack.emplace_back(FrameAddr);
} }
// Skip other unrelated line, find the next valid LBR line // Skip other unrelated line, find the next valid LBR line
// Note that even for empty call stack, we should skip the address at the // Note that even for empty call stack, we should skip the address at the
// bottom, otherwise the following pass may generate a truncated callstack // bottom, otherwise the following pass may generate a truncated callstack
while (!TraceIt.isAtEoF() && !TraceIt.getCurrentLine().startswith(" 0x")) { while (!TraceIt.isAtEoF() && !TraceIt.getCurrentLine().startswith(" 0x")) {
▲ Show 20 LinesShow All 222 Lines▼ Show 20 Lines if (PerfType != PERF_UNKNOWN && PerfType != Type)
exitWithError("Inconsistent sample among different perf scripts"); exitWithError("Inconsistent sample among different perf scripts");
PerfType = Type; PerfType = Type;
} }
return PerfType; return PerfType;
} }
void HybridPerfReader::generateRawProfile() { unwindSamples(); } void HybridPerfReader::generateRawProfile() { unwindSamples(); }
void PerfReaderBase::warnTruncatedStack() {
wenleiUnsubmitted
Not Done
ReplyInline Actions

nit: emitAccumulatedWarnings -> warnTruncatedStack

wenlei: nit: emitAccumulatedWarnings -> warnTruncatedStack
hoyAuthorUnsubmitted
Done
ReplyInline Actions

Makes sense. I was making this cover all warnings for future use. But sounds good to stick with truncated stack for now.

hoy: Makes sense. I was making this cover all warnings for future use. But sounds good to stick with…
for (auto Address : InvalidReturnAddresses) {
WithColor::warning()
wenleiUnsubmitted
Not Done
ReplyInline Actions

Nit: make the message more meaningful. Truncated stack sample due to invalid return address at 0xabcd, likely caused by frame pointer omission.

wenlei: Nit: make the message more meaningful. `Truncated stack sample due to invalid return address at…
<< "Truncated stack sample due to invalid return address at "
<< format("0x%" PRIx64, Address)
<< ", likely caused by frame pointer omission\n";
}
}
void PerfReaderBase::parsePerfTraces( void PerfReaderBase::parsePerfTraces(
cl::list<std::string> &PerfTraceFilenames) { cl::list<std::string> &PerfTraceFilenames) {
// Parse perf traces and do aggregation. // Parse perf traces and do aggregation.
for (auto Filename : PerfTraceFilenames) for (auto Filename : PerfTraceFilenames)
parseAndAggregateTrace(Filename); parseAndAggregateTrace(Filename);
warnTruncatedStack();
generateRawProfile(); generateRawProfile();
} }
} // end namespace sampleprof } // end namespace sampleprof
} // end namespace llvm } // end namespace llvm

llvm/tools/llvm-profgen/ProfiledBinary.h

Show First 20 LinesShow All 293 Lines▼ Show 20 Linespublic:
// using lower bound operation // using lower bound operation
uint32_t getIndexForAddr(uint64_t Address) const { uint32_t getIndexForAddr(uint64_t Address) const {
uint64_t Offset = virtualAddrToOffset(Address); uint64_t Offset = virtualAddrToOffset(Address);
auto Low = llvm::lower_bound(CodeAddrs, Offset); auto Low = llvm::lower_bound(CodeAddrs, Offset);
return Low - CodeAddrs.begin(); return Low - CodeAddrs.begin();
} }
uint64_t getCallAddrFromFrameAddr(uint64_t FrameAddr) const { uint64_t getCallAddrFromFrameAddr(uint64_t FrameAddr) const {
return getAddressforIndex(getIndexForAddr(FrameAddr) - 1); auto I = getIndexForAddr(FrameAddr);
FrameAddr = I ? getAddressforIndex(I - 1) : 0;
if (FrameAddr && addressIsCall(FrameAddr))
return FrameAddr;
return 0;
} }
StringRef getFuncFromStartOffset(uint64_t Offset) { StringRef getFuncFromStartOffset(uint64_t Offset) {
return FuncStartAddrMap[Offset]; return FuncStartAddrMap[Offset];
} }
uint32_t getFuncSizeForContext(SampleContext &Context) { uint32_t getFuncSizeForContext(SampleContext &Context) {
return FuncSizeTracker.getFuncSizeForContext(Context); return FuncSizeTracker.getFuncSizeForContext(Context);
▲ Show 20 LinesShow All 59 LinesShow Last 20 Lines