This is an archive of the discontinued LLVM Phabricator instance.

Differential D110271

[llvm-profgen] Fix an out-of-range error during unwinding
ClosedPublic

Authored by wlei on Sep 22 2021, 10:25 AM.

Details

Reviewers
hoy
wenlei
Commits
rG686cc0006793: [llvm-profgen] Fix an out-of-range error during unwinding
Summary

It happened that the LBR entry target can be the first address of text section which causes an out-of-range crash. So here add a boundary check.

Diff Detail

Event Timeline

wlei created this revision.Sep 22 2021, 10:25 AM
Herald added subscribers: hoy, wenlei, lxfind. · View Herald TranscriptSep 22 2021, 10:25 AM
wlei requested review of this revision.Sep 22 2021, 10:25 AM
Herald added a project: Restricted Project. · View Herald TranscriptSep 22 2021, 10:25 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
wlei edited the summary of this revision. (Show Details)Sep 22 2021, 10:30 AM
wlei added reviewers: hoy, wenlei.
wlei updated this revision to Diff 374288.Sep 22 2021, 10:35 AM

fix typo

wenlei added inline comments.Sep 22 2021, 10:46 AM
llvm/tools/llvm-profgen/PerfReader.cpp
63–75

Why do we run into such cases? Is the profile corrupted? If that's the case, it may make sense to emit a warning about corrupted profile.

As for the check itself, how about fold it into advance/backward, and let them return a boolean for caller to check? Index is implementation details of InstructionPoint and would be good to avoid using it from outside.

wenlei added inline comments.Sep 22 2021, 10:51 AM
llvm/tools/llvm-profgen/PerfReader.cpp
63–75

Actually Index==0 is still valid, the problem is we cannot "backward" from index 0. However we still want to "recordRangeCount" if this index 0 is the end of the linear range. But the fix would skip "recordRangeCount" in end of range has index 0, which looks incorrect. Or am I missing something?

Harbormaster completed remote builds in B125168: Diff 374288.Sep 22 2021, 11:19 AM
wlei updated this revision to Diff 374397.Sep 22 2021, 4:40 PM

Updating D110271: [llvm-profgen] Fix an out-of-range error during unwinding

wlei added inline comments.Sep 22 2021, 4:49 PM
llvm/tools/llvm-profgen/PerfReader.cpp
63–75

Good point, Index 0 is missed then. The while loop here did compare the IP and next IP to see if they're in the same inline context or if we reach the end(target). I think the mixed logic is a little confusing. so I separate the logic letting the while loop only for inline check and after the loop we know it's the end and record the remaining range.

BTW, some refactors is done for the address being used in switchToFrame, we can use any of the address in the range, so just use the End.

Harbormaster completed remote builds in B125246: Diff 374397.Sep 22 2021, 4:58 PM
wenlei added inline comments.Sep 22 2021, 5:08 PM
llvm/tools/llvm-profgen/PerfReader.cpp
81

This is a change beyond refactoring? Before, we use last address of old frame as frame address, but now it's going to be the first address of old frame.

State.switchToFrame(LeafAddr);
->
State.switchToFrame(End);

Or do did you actually meant State.switchToFrame(PrevIP);?

wlei added inline comments.Sep 22 2021, 5:17 PM
llvm/tools/llvm-profgen/PerfReader.cpp
81

It won't affect the result. I think any address in [PrevIP, End] is good for the leaf frame because we will trim the location info of the last frame. Using End is because End is also used out of the loop(just for readability).

hoy accepted this revision.Sep 22 2021, 5:18 PM

lgtm, thanks for the fix.

This revision is now accepted and ready to land.Sep 22 2021, 5:18 PM
wenlei accepted this revision.Sep 22 2021, 5:21 PM

lgtm, thanks.

llvm/tools/llvm-profgen/PerfReader.cpp
81

Ok, so it changes what's used in the frame trie, but as long as we use a consistent address to represent frame, changes there won't affect output, correct?

wlei added inline comments.Sep 22 2021, 5:43 PM
llvm/tools/llvm-profgen/PerfReader.cpp
81

Sorry, my fault, it should be the last address of the old frame, otherwise if the last address is a call, it will be recorded in the wrong callsite. Thanks for correcting me!

wlei added inline comments.Sep 22 2021, 6:18 PM
llvm/tools/llvm-profgen/PerfReader.cpp
81

OK, I double checked the call address won't use the address from linear unwinder, it use the LBR address. So changing to End should be fine. Anyway I choose use the last address which align to the program execution logic.

wlei updated this revision to Diff 374411.Sep 22 2021, 6:20 PM

Updating D110271: [llvm-profgen] Fix an out-of-range error during unwinding

This revision was landed with ongoing or failed builds.Sep 22 2021, 6:34 PM
Closed by commit rG686cc0006793: [llvm-profgen] Fix an out-of-range error during unwinding (authored by wlei). · Explain Why
This revision was automatically updated to reflect the committed changes.
wlei added a commit: rG686cc0006793: [llvm-profgen] Fix an out-of-range error during unwinding.
Harbormaster completed remote builds in B125259: Diff 374411.Sep 22 2021, 6:38 PM

Revision Contents

PathSize
llvm/
tools/
llvm-profgen/
25 lines

Diff 374414

llvm/tools/llvm-profgen/PerfReader.cpp

Show First 20 LinesShow All 54 Lines▼ Show 20 Lines if (Binary->usePseudoProbes()) {
// from the range. // from the range.
// The outcome of the virtual unwinding with pseudo probes is a // The outcome of the virtual unwinding with pseudo probes is a
// map from a context key to the address range being unwound. // map from a context key to the address range being unwound.
// This means basically linear unwinding is not needed for pseudo // This means basically linear unwinding is not needed for pseudo
// probes. The range will be simply recorded here and will be // probes. The range will be simply recorded here and will be
// converted to a list of pseudo probes to report in ProfileGenerator. // converted to a list of pseudo probes to report in ProfileGenerator.
State.getParentFrame()->recordRangeCount(Target, End, Repeat); State.getParentFrame()->recordRangeCount(Target, End, Repeat);
} else { } else {
// Unwind linear execution part // Unwind linear execution part.
uint64_t LeafAddr = State.CurrentLeafFrame->Address; // Split and record the range by different inline context. For example:
while (IP.Address >= Target) { // [0x01] ... main:1 # Target
// [0x02] ... main:2
// [0x03] ... main:3 @ foo:1
// [0x04] ... main:3 @ foo:2
// [0x05] ... main:3 @ foo:3
// [0x06] ... main:4
// [0x07] ... main:5 # End
// It will be recorded:
// [main:*] : [0x06, 0x07], [0x01, 0x02]
// [main:3 @ foo:*] : [0x03, 0x05]
while (IP.Address > Target) {
wenleiUnsubmitted
Not Done
ReplyInline Actions

Why do we run into such cases? Is the profile corrupted? If that's the case, it may make sense to emit a warning about corrupted profile.

As for the check itself, how about fold it into advance/backward, and let them return a boolean for caller to check? Index is implementation details of InstructionPoint and would be good to avoid using it from outside.

wenlei: Why do we run into such cases? Is the profile corrupted? If that's the case, it may make sense…
wenleiUnsubmitted
Not Done
ReplyInline Actions

Actually Index==0 is still valid, the problem is we cannot "backward" from index 0. However we still want to "recordRangeCount" if this index 0 is the end of the linear range. But the fix would skip "recordRangeCount" in end of range has index 0, which looks incorrect. Or am I missing something?

wenlei: Actually Index==0 is still valid, the problem is we cannot "backward" from index 0. However we…
wleiAuthorUnsubmitted
Done
ReplyInline Actions

Good point, Index 0 is missed then. The while loop here did compare the IP and next IP to see if they're in the same inline context or if we reach the end(target). I think the mixed logic is a little confusing. so I separate the logic letting the while loop only for inline check and after the loop we know it's the end and record the remaining range.

BTW, some refactors is done for the address being used in switchToFrame, we can use any of the address in the range, so just use the End.

wlei: Good point, Index 0 is missed then. The while loop here did compare the IP and next IP to see…
uint64_t PrevIP = IP.Address; uint64_t PrevIP = IP.Address;
IP.backward(); IP.backward();
// Break into segments for implicit call/return due to inlining // Break into segments for implicit call/return due to inlining
bool SameInlinee = Binary->inlineContextEqual(PrevIP, IP.Address); bool SameInlinee = Binary->inlineContextEqual(PrevIP, IP.Address);
if (!SameInlinee || PrevIP == Target) { if (!SameInlinee) {
State.switchToFrame(LeafAddr); State.switchToFrame(PrevIP);
wenleiUnsubmitted
Not Done
ReplyInline Actions

This is a change beyond refactoring? Before, we use last address of old frame as frame address, but now it's going to be the first address of old frame.

State.switchToFrame(LeafAddr);
->
State.switchToFrame(End);

Or do did you actually meant State.switchToFrame(PrevIP);?

wenlei: This is a change beyond refactoring? Before, we use last address of old frame as frame address…
wleiAuthorUnsubmitted
Done
ReplyInline Actions

It won't affect the result. I think any address in [PrevIP, End] is good for the leaf frame because we will trim the location info of the last frame. Using End is because End is also used out of the loop(just for readability).

wlei: It won't affect the result. I think any address in [PrevIP, End] is good for the leaf frame…
wenleiUnsubmitted
Not Done
ReplyInline Actions

Ok, so it changes what's used in the frame trie, but as long as we use a consistent address to represent frame, changes there won't affect output, correct?

wenlei: Ok, so it changes what's used in the frame trie, but as long as we use a consistent address to…
wleiAuthorUnsubmitted
Done
ReplyInline Actions

Sorry, my fault, it should be the last address of the old frame, otherwise if the last address is a call, it will be recorded in the wrong callsite. Thanks for correcting me!

wlei: Sorry, my fault, it should be the last address of the old frame, otherwise if the last address…
wleiAuthorUnsubmitted
Done
ReplyInline Actions

OK, I double checked the call address won't use the address from linear unwinder, it use the LBR address. So changing to End should be fine. Anyway I choose use the last address which align to the program execution logic.

wlei: OK, I double checked the call address won't use the address from linear unwinder, it use the…
State.CurrentLeafFrame->recordRangeCount(PrevIP, End, Repeat); State.CurrentLeafFrame->recordRangeCount(PrevIP, End, Repeat);
End = IP.Address; End = IP.Address;
} }
LeafAddr = IP.Address;
} }
assert(IP.Address == Target && "The last one must be the target address.");
// Record the remaining range, [0x01, 0x02] in the example
State.switchToFrame(IP.Address);
State.CurrentLeafFrame->recordRangeCount(IP.Address, End, Repeat);
} }
} }
void VirtualUnwinder::unwindReturn(UnwindState &State) { void VirtualUnwinder::unwindReturn(UnwindState &State) {
// Add extra frame as we unwind through the return // Add extra frame as we unwind through the return
const LBREntry &LBR = State.getCurrentLBR(); const LBREntry &LBR = State.getCurrentLBR();
uint64_t CallAddr = Binary->getCallAddrFromFrameAddr(LBR.Target); uint64_t CallAddr = Binary->getCallAddrFromFrameAddr(LBR.Target);
State.switchToFrame(CallAddr); State.switchToFrame(CallAddr);
▲ Show 20 LinesShow All 708 LinesShow Last 20 Lines