This is an archive of the discontinued LLVM Phabricator instance.

Differential D110064

[SelectionDAG] Assume that a GlobalAlias may alias other global values
ClosedPublic

Authored by bjope on Sep 20 2021, 3:59 AM.

Details

Reviewers
courbet
niravd
efriedma
jdoerfert
asbirlea
Commits
rG1896fb2cfffc: [SelectionDAG] Assume that a GlobalAlias may alias other global values
Summary

This fixes a bug detected in DAGCombiner when using global alias
variables. Here is an example:

@foo = global i16 0, align 1
@aliasFoo = alias i16, i16 * @foo
define i16 @bar() {
  ...
  store i16 7, i16 * @foo, align 1
  store i16 8, i16 * @aliasFoo, align 1
  ...
}

BaseIndexOffset::computeAliasing would incorrectly derive NoAlias
for the two accesses in the example above, resulting in DAGCombiner
miscompiles.

This patch fixes the problem by a defensive approach letting
BaseIndexOffset::computeAliasing return false, i.e. that the aliasing
couldn't be determined, when comparing two global values and at least
one is a GlobalAlias. In the future we might improve this with a
deeper analysis to look at the aliasee for the GlobalAlias etc. But
that is a bit more complicated considering that we could have
'local_unnamed_addr' and situations with several 'alias' variables.

Fixes PR51878.

Diff Detail

Event Timeline

bjope created this revision.Sep 20 2021, 3:59 AM
Herald added subscribers: jeroen.dobbelaere, ecnelises, steven.zhang, hiraditya. · View Herald TranscriptSep 20 2021, 3:59 AM
bjope requested review of this revision.Sep 20 2021, 3:59 AM
Herald added a project: Restricted Project. · View Herald TranscriptSep 20 2021, 3:59 AM
Harbormaster completed remote builds in B124641: Diff 373549.Sep 20 2021, 4:40 AM
niravd added inline comments.Sep 20 2021, 5:59 AM
llvm/lib/CodeGen/SelectionDAG/SelectionDAGAddressAnalysis.cpp
155

It looks like we can walk the GlobalAlias to the referenced object. If so, we should fully walk to a non-alias global instead.

168

We should handle this case earlier so we can correct determine that identical global aliases do in fact alias.

bjope added inline comments.Sep 20 2021, 6:19 AM
llvm/lib/CodeGen/SelectionDAG/SelectionDAGAddressAnalysis.cpp
155

As I wrote in the desciption "In the future we might improve this with a deeper analysis to look at the aliasee for the GlobalAlias etc. But that is a bit more complicated considering that we could have 'local_unnamed_addr' and situations with several 'alias' variables.".

I'd actually prefer doing a bugfix that I'm confortable with. And I didn't quite understand the part about "Aliases that are not unnamed_addr are guaranteed to have the same address as the aliasee expression. unnamed_addr ones are only guaranteed to point to the same content." from https://llvm.org/docs/LangRef.html#aliases .

But if my approach was too naive and defensive, then I wonder why we have references to GlobalAlias:es in the IR in the first place. Couldn't we just reference the aliasee instead (leaving the GlobalAlias declaration as an unused declaration)?

168

Well, this if-statement derives IsAlias=false. So I'm just as confused about this check as your suggestion here. I needed to pull this check out from the orignal if-statment just to make it possible to add the check for global aliases before this. Otherwise it would derive that there is no alias between global aliases.

On the other hand, if this check of indices is considered as a bug in itself, to be removed, then my new check for global aliases isn't really needed either.

Removing this if-statement makes about 10 lit-tests to fail. Probably just due to getting slightly different codegen. Haven't really been able to prove that something is wrong with those tests.
Although, when adding a unittest that calls BaseIndexOffset::computeAliasing with the Op0 and Op1 being identical, but with NumBytes0 or NumBytes1 being unset (avoiding to enter the if at line 99) then computeAliasing would answer that there is no aliasing. That really seems wrong (but maybe that never happens in reality).

bjope added reviewers: jdoerfert, asbirlea.Sep 22 2021, 3:03 AM
bjope added inline comments.
llvm/lib/CodeGen/SelectionDAG/SelectionDAGAddressAnalysis.cpp
156

Maybe it is safer to look for GlobalIndirectSymbol here instead of GlobalAlias (as that would include any other indirect reference)?

168

I think that it maybe would be safer (and more correct) to check if we access two different GlobalValue here, and then derive NoAlias. Wouldn't it be weird to access one global using the address of another GlobalValue (the actual layout in memory between globals isn't given, or is it)?

(Although my intention with this patch has been to avoid the miscompiles for GlobalAlias:es, and I had planned to leave this mess with deriving NoAlias based on having identival Index in the BaseOffsetIndex for the future.)

bjope added inline comments.Sep 22 2021, 7:53 AM
llvm/lib/CodeGen/SelectionDAG/SelectionDAGAddressAnalysis.cpp
168

I made a follow up for this in D110256.

niravd added a comment.Sep 22 2021, 8:21 AM

Can you add a codegen test for PR51878? The example listed in your message should do.

Once I think with the follow up, this should be good to go.

llvm/lib/CodeGen/SelectionDAG/SelectionDAGAddressAnalysis.cpp
155

I don't remember why this clause was neces

bjope updated this revision to Diff 374263.Sep 22 2021, 9:34 AM

Adding a codegen reproducer.

Herald added a subscriber: pengfei. · View Herald TranscriptSep 22 2021, 9:34 AM
Harbormaster completed remote builds in B125150: Diff 374263.Sep 22 2021, 10:22 AM
bjope added a comment.Sep 28 2021, 3:50 AM
In D110064#3015456, @niravd wrote:

Can you add a codegen test for PR51878? The example listed in your message should do.

Once I think with the follow up, this should be good to go.

D110256 has not been accepted yet, but is it OK to land this now (to be able to close PR51878)?

niravd added a comment.Sep 28 2021, 7:29 AM

D110256 has not been accepted yet, but is it OK to land this now (to be able to close PR51878)?

I was just waiting for you to fix the unit tests.

bjope updated this revision to Diff 375581.Sep 28 2021, 7:50 AM

Ran clang-format on unittest updates.

Harbormaster completed remote builds in B126107: Diff 375581.Sep 28 2021, 8:12 AM
This revision was not accepted when it landed; it landed in state Needs Review.Oct 5 2021, 3:17 AM
This revision was landed with ongoing or failed builds.
Closed by commit rG1896fb2cfffc: [SelectionDAG] Assume that a GlobalAlias may alias other global values (authored by bjope). · Explain Why
This revision was automatically updated to reflect the committed changes.
bjope added a commit: rG1896fb2cfffc: [SelectionDAG] Assume that a GlobalAlias may alias other global values.

Revision Contents

PathSize
llvm/
lib/
CodeGen/
SelectionDAG/
33 lines
test/
CodeGen/
X86/
33 lines
unittests/
CodeGen/
34 lines

Diff 377141

llvm/lib/CodeGen/SelectionDAG/SelectionDAGAddressAnalysis.cpp

//==- llvm/CodeGen/SelectionDAGAddressAnalysis.cpp - DAG Address Analysis --==// //==- llvm/CodeGen/SelectionDAGAddressAnalysis.cpp - DAG Address Analysis --==//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "llvm/CodeGen/SelectionDAGAddressAnalysis.h" #include "llvm/CodeGen/SelectionDAGAddressAnalysis.h"
#include "llvm/Analysis/MemoryLocation.h" #include "llvm/Analysis/MemoryLocation.h"
#include "llvm/CodeGen/ISDOpcodes.h" #include "llvm/CodeGen/ISDOpcodes.h"
#include "llvm/CodeGen/MachineFrameInfo.h" #include "llvm/CodeGen/MachineFrameInfo.h"
#include "llvm/CodeGen/MachineFunction.h" #include "llvm/CodeGen/MachineFunction.h"
#include "llvm/CodeGen/SelectionDAG.h" #include "llvm/CodeGen/SelectionDAG.h"
#include "llvm/CodeGen/SelectionDAGNodes.h" #include "llvm/CodeGen/SelectionDAGNodes.h"
#include "llvm/CodeGen/TargetLowering.h" #include "llvm/CodeGen/TargetLowering.h"
#include "llvm/IR/GlobalAlias.h"
#include "llvm/Support/Casting.h" #include "llvm/Support/Casting.h"
#include "llvm/Support/Debug.h" #include "llvm/Support/Debug.h"
#include <cstdint> #include <cstdint>
using namespace llvm; using namespace llvm;
bool BaseIndexOffset::equalBaseIndex(const BaseIndexOffset &Other, bool BaseIndexOffset::equalBaseIndex(const BaseIndexOffset &Other,
const SelectionDAG &DAG, const SelectionDAG &DAG,
▲ Show 20 LinesShow All 113 Lines▼ Show 20 Linesbool BaseIndexOffset::computeAliasing(const SDNode *Op0,
bool IsFI0 = isa<FrameIndexSDNode>(BasePtr0.getBase()); bool IsFI0 = isa<FrameIndexSDNode>(BasePtr0.getBase());
bool IsFI1 = isa<FrameIndexSDNode>(BasePtr1.getBase()); bool IsFI1 = isa<FrameIndexSDNode>(BasePtr1.getBase());
bool IsGV0 = isa<GlobalAddressSDNode>(BasePtr0.getBase()); bool IsGV0 = isa<GlobalAddressSDNode>(BasePtr0.getBase());
bool IsGV1 = isa<GlobalAddressSDNode>(BasePtr1.getBase()); bool IsGV1 = isa<GlobalAddressSDNode>(BasePtr1.getBase());
bool IsCV0 = isa<ConstantPoolSDNode>(BasePtr0.getBase()); bool IsCV0 = isa<ConstantPoolSDNode>(BasePtr0.getBase());
bool IsCV1 = isa<ConstantPoolSDNode>(BasePtr1.getBase()); bool IsCV1 = isa<ConstantPoolSDNode>(BasePtr1.getBase());
// If of mismatched base types or checkable indices we can check if ((IsFI0 || IsGV0 || IsCV0) && (IsFI1 || IsGV1 || IsCV1)) {
// they do not alias. // We can derive NoAlias In case of mismatched base types.
if ((BasePtr0.getIndex() == BasePtr1.getIndex() || (IsFI0 != IsFI1) || if (IsFI0 != IsFI1 || IsGV0 != IsGV1 || IsCV0 != IsCV1) {
(IsGV0 != IsGV1) || (IsCV0 != IsCV1)) &&
(IsFI0 || IsGV0 || IsCV0) && (IsFI1 || IsGV1 || IsCV1)) {
IsAlias = false; IsAlias = false;
return true; return true;
} }
// We cannot safely determine whether the pointers alias if we compare two
// global values and at least one is a GlobalAlias.
if (IsGV0 && IsGV1 &&
niravdUnsubmitted
Not Done
ReplyInline Actions

It looks like we can walk the GlobalAlias to the referenced object. If so, we should fully walk to a non-alias global instead.

niravd: It looks like we can walk the GlobalAlias to the referenced object. If so, we should fully walk…
bjopeAuthorUnsubmitted
Not Done
ReplyInline Actions

As I wrote in the desciption "In the future we might improve this with a deeper analysis to look at the aliasee for the GlobalAlias etc. But that is a bit more complicated considering that we could have 'local_unnamed_addr' and situations with several 'alias' variables.".

I'd actually prefer doing a bugfix that I'm confortable with. And I didn't quite understand the part about "Aliases that are not unnamed_addr are guaranteed to have the same address as the aliasee expression. unnamed_addr ones are only guaranteed to point to the same content." from https://llvm.org/docs/LangRef.html#aliases .

But if my approach was too naive and defensive, then I wonder why we have references to GlobalAlias:es in the IR in the first place. Couldn't we just reference the aliasee instead (leaving the GlobalAlias declaration as an unused declaration)?

bjope: As I wrote in the desciption "In the future we might improve this with a deeper analysis to…
niravdUnsubmitted
Not Done
ReplyInline Actions

I don't remember why this clause was neces

niravd: I don't remember why this clause was neces
(isa<GlobalAlias>(
bjopeAuthorUnsubmitted
Not Done
ReplyInline Actions

Maybe it is safer to look for GlobalIndirectSymbol here instead of GlobalAlias (as that would include any other indirect reference)?

bjope: Maybe it is safer to look for GlobalIndirectSymbol here instead of GlobalAlias (as that would…
cast<GlobalAddressSDNode>(BasePtr0.getBase())->getGlobal()) ||
isa<GlobalAlias>(
cast<GlobalAddressSDNode>(BasePtr1.getBase())->getGlobal())))
return false;
// If checkable indices we can check they do not alias.
// FIXME: Please describe this a bit better. Looks weird to say that there
// is no alias if the indices are the same. Is this code assuming that
// someone has checked that the base isn't the same as a precondition? And
// what about offsets? And what about NumBytes0 and NumBytest1 (can we
// really derive NoAlias here if we do not even know how many bytes that are
// dereferenced)?
if (BasePtr0.getIndex() == BasePtr1.getIndex()) {
niravdUnsubmitted
Not Done
ReplyInline Actions

We should handle this case earlier so we can correct determine that identical global aliases do in fact alias.

niravd: We should handle this case earlier so we can correct determine that identical global aliases do…
bjopeAuthorUnsubmitted
Not Done
ReplyInline Actions

Well, this if-statement derives IsAlias=false. So I'm just as confused about this check as your suggestion here. I needed to pull this check out from the orignal if-statment just to make it possible to add the check for global aliases before this. Otherwise it would derive that there is no alias between global aliases.

On the other hand, if this check of indices is considered as a bug in itself, to be removed, then my new check for global aliases isn't really needed either.

Removing this if-statement makes about 10 lit-tests to fail. Probably just due to getting slightly different codegen. Haven't really been able to prove that something is wrong with those tests.
Although, when adding a unittest that calls BaseIndexOffset::computeAliasing with the Op0 and Op1 being identical, but with NumBytes0 or NumBytes1 being unset (avoiding to enter the if at line 99) then computeAliasing would answer that there is no aliasing. That really seems wrong (but maybe that never happens in reality).

bjope: Well, this if-statement derives `IsAlias=false`. So I'm just as confused about this check as…
bjopeAuthorUnsubmitted
Not Done
ReplyInline Actions

I think that it maybe would be safer (and more correct) to check if we access two different GlobalValue here, and then derive NoAlias. Wouldn't it be weird to access one global using the address of another GlobalValue (the actual layout in memory between globals isn't given, or is it)?

(Although my intention with this patch has been to avoid the miscompiles for GlobalAlias:es, and I had planned to leave this mess with deriving NoAlias based on having identival Index in the BaseOffsetIndex for the future.)

bjope: I think that it maybe would be safer (and more correct) to check if we access two different…
bjopeAuthorUnsubmitted
Done
ReplyInline Actions

I made a follow up for this in D110256.

bjope: I made a follow up for this in D110256.
IsAlias = false;
return true;
}
}
return false; // Cannot determine whether the pointers alias. return false; // Cannot determine whether the pointers alias.
} }
bool BaseIndexOffset::contains(const SelectionDAG &DAG, int64_t BitSize, bool BaseIndexOffset::contains(const SelectionDAG &DAG, int64_t BitSize,
const BaseIndexOffset &Other, const BaseIndexOffset &Other,
int64_t OtherBitSize, int64_t &BitOffset) const { int64_t OtherBitSize, int64_t &BitOffset) const {
int64_t Offset; int64_t Offset;
if (!equalBaseIndex(Other, DAG, Offset)) if (!equalBaseIndex(Other, DAG, Offset))
▲ Show 20 LinesShow All 148 LinesShow Last 20 Lines

llvm/test/CodeGen/X86/pr51878_computeAliasing.ll

  • This file was added.
; NOTE: Assertions have been autogenerated by utils/update_llc_test_checks.py
; RUN: llc -O1 -mtriple i686-unknown-linux-gnu -o - %s | FileCheck %s
@foo = global i16 0, align 1
@aliasFoo = alias i16, i16 * @foo
@bar = global i16 0, align 1
; This used to miscompile due to not realizing that the store to @aliasFoo
; clobbered @foo (see PR51878).
;
; With some improvements to codegen it should be possible to detect that @foo
; and @aliasFoo are aliases, and that @aliasFoo isn't aliasing with @bar. So
; ideally we would end up with three movw instructions here. Running opt
; before llc on this test case would take care of that, but llc is not smart
; enough to deduce that itself yet.
define i16 @main() {
; CHECK-LABEL: main:
; CHECK: # %bb.0: # %entry
; CHECK-NEXT: movw $1, foo
; CHECK-NEXT: movw $2, bar
; CHECK-NEXT: movw $4, aliasFoo
; CHECK-NEXT: movzwl foo, %eax
; CHECK-NEXT: addw bar, %ax
; CHECK-NEXT: retl
entry:
store i16 1, i16 * @foo
store i16 2, i16 * @bar
store i16 4, i16 * @aliasFoo
%foo = load i16, i16 * @foo
%bar = load i16, i16 * @bar
%res = add i16 %foo, %bar
ret i16 %res
}

llvm/unittests/CodeGen/SelectionDAGAddressAnalysisTest.cpp

Show All 24 Lines
protected: protected:
static void SetUpTestCase() { static void SetUpTestCase() {
InitializeAllTargets(); InitializeAllTargets();
InitializeAllTargetMCs(); InitializeAllTargetMCs();
} }
void SetUp() override { void SetUp() override {
StringRef Assembly = "@g = global i32 0\n" StringRef Assembly = "@g = global i32 0\n"
"@g_alias = alias i32, i32* @g\n"
"define i32 @f() {\n" "define i32 @f() {\n"
" %1 = load i32, i32* @g\n" " %1 = load i32, i32* @g\n"
" ret i32 %1\n" " ret i32 %1\n"
"}"; "}";
Triple TargetTriple("aarch64--"); Triple TargetTriple("aarch64--");
std::string Error; std::string Error;
const Target *T = TargetRegistry::lookupTarget("", TargetTriple, Error); const Target *T = TargetRegistry::lookupTarget("", TargetTriple, Error);
Show All 17 Lines void SetUp() override {
M->setDataLayout(TM->createDataLayout()); M->setDataLayout(TM->createDataLayout());
F = M->getFunction("f"); F = M->getFunction("f");
if (!F) if (!F)
report_fatal_error("F?"); report_fatal_error("F?");
G = M->getGlobalVariable("g"); G = M->getGlobalVariable("g");
if (!G) if (!G)
report_fatal_error("G?"); report_fatal_error("G?");
AliasedG = M->getNamedAlias("g_alias");
if (!AliasedG)
report_fatal_error("AliasedG?");
MachineModuleInfo MMI(TM.get()); MachineModuleInfo MMI(TM.get());
MF = std::make_unique<MachineFunction>(*F, *TM, *TM->getSubtargetImpl(*F), MF = std::make_unique<MachineFunction>(*F, *TM, *TM->getSubtargetImpl(*F),
0, MMI); 0, MMI);
DAG = std::make_unique<SelectionDAG>(*TM, CodeGenOpt::None); DAG = std::make_unique<SelectionDAG>(*TM, CodeGenOpt::None);
if (!DAG) if (!DAG)
Show All 10 Lines EVT getTypeToTransformTo(EVT VT) {
return DAG->getTargetLoweringInfo().getTypeToTransformTo(Context, VT); return DAG->getTargetLoweringInfo().getTypeToTransformTo(Context, VT);
} }
LLVMContext Context; LLVMContext Context;
std::unique_ptr<LLVMTargetMachine> TM; std::unique_ptr<LLVMTargetMachine> TM;
std::unique_ptr<Module> M; std::unique_ptr<Module> M;
Function *F; Function *F;
GlobalVariable *G; GlobalVariable *G;
GlobalAlias *AliasedG;
std::unique_ptr<MachineFunction> MF; std::unique_ptr<MachineFunction> MF;
std::unique_ptr<SelectionDAG> DAG; std::unique_ptr<SelectionDAG> DAG;
}; };
TEST_F(SelectionDAGAddressAnalysisTest, sameFrameObject) { TEST_F(SelectionDAGAddressAnalysisTest, sameFrameObject) {
SDLoc Loc; SDLoc Loc;
auto Int8VT = EVT::getIntegerVT(Context, 8); auto Int8VT = EVT::getIntegerVT(Context, 8);
auto VecVT = EVT::getVectorVT(Context, Int8VT, 4); auto VecVT = EVT::getVectorVT(Context, Int8VT, 4);
▲ Show 20 LinesShow All 104 Lines▼ Show 20 LinesTEST_F(SelectionDAGAddressAnalysisTest, globalWithFrameObject) {
bool IsAlias; bool IsAlias;
bool IsValid = BaseIndexOffset::computeAliasing( bool IsValid = BaseIndexOffset::computeAliasing(
Store.getNode(), NumBytes, GStore.getNode(), GNumBytes, *DAG, IsAlias); Store.getNode(), NumBytes, GStore.getNode(), GNumBytes, *DAG, IsAlias);
EXPECT_TRUE(IsValid); EXPECT_TRUE(IsValid);
EXPECT_FALSE(IsAlias); EXPECT_FALSE(IsAlias);
} }
TEST_F(SelectionDAGAddressAnalysisTest, globalWithAliasedGlobal) {
SDLoc Loc;
EVT GTy = DAG->getTargetLoweringInfo().getValueType(DAG->getDataLayout(),
G->getType());
SDValue GValue = DAG->getConstant(0, Loc, GTy);
SDValue GAddr = DAG->getGlobalAddress(G, Loc, GTy);
SDValue GStore = DAG->getStore(DAG->getEntryNode(), Loc, GValue, GAddr,
MachinePointerInfo(G, 0));
Optional<int64_t> GNumBytes = MemoryLocation::getSizeOrUnknown(
cast<StoreSDNode>(GStore)->getMemoryVT().getStoreSize());
SDValue AliasedGValue = DAG->getConstant(1, Loc, GTy);
SDValue AliasedGAddr = DAG->getGlobalAddress(AliasedG, Loc, GTy);
SDValue AliasedGStore =
DAG->getStore(DAG->getEntryNode(), Loc, AliasedGValue, AliasedGAddr,
MachinePointerInfo(AliasedG, 0));
bool IsAlias;
bool IsValid = BaseIndexOffset::computeAliasing(GStore.getNode(), GNumBytes,
AliasedGStore.getNode(),
GNumBytes, *DAG, IsAlias);
// With some deeper analysis we could detect if G and AliasedG is aliasing or
// not. But computeAliasing is currently defensive and assumes that a
// GlobalAlias might alias with any global variable.
EXPECT_FALSE(IsValid);
}
TEST_F(SelectionDAGAddressAnalysisTest, fixedSizeFrameObjectsWithinDiff) { TEST_F(SelectionDAGAddressAnalysisTest, fixedSizeFrameObjectsWithinDiff) {
SDLoc Loc; SDLoc Loc;
auto Int8VT = EVT::getIntegerVT(Context, 8); auto Int8VT = EVT::getIntegerVT(Context, 8);
// <vscale x 4 x i8> // <vscale x 4 x i8>
auto VecVT = EVT::getVectorVT(Context, Int8VT, 4, true); auto VecVT = EVT::getVectorVT(Context, Int8VT, 4, true);
// <vscale x 2 x i8> // <vscale x 2 x i8>
auto SubVecVT = EVT::getVectorVT(Context, Int8VT, 2, true); auto SubVecVT = EVT::getVectorVT(Context, Int8VT, 2, true);
// <2 x i8> // <2 x i8>
▲ Show 20 LinesShow All 102 LinesShow Last 20 Lines