Isn't this what nosync is for? The convergence property isn't really relevant here

I don't think this should be part of the main AA implementation, but rather be sunk into the AA provider that is producing incorrect results (here GlobalModRef, unless BasicAA also produces an incorrect result?)

Test file name

In D115302#3178688, @nikic wrote:

I don't think this should be part of the main AA implementation, but rather be sunk into the AA provider that is producing incorrect results (here GlobalModRef, unless BasicAA also produces an incorrect result?)

BasicAA does not seem to have any impact on the miscompile.

I've moved the code to GlobalModRef and changed it to check for the absence of nosync.

The good news is that it fixes my case. The bad -- it breaks a lot of other GlobalModRef tests. IIUIC, it's due to the functions in the tests not having nosync.

What's supposed to be the source of nosync attribute? Is it expected to be set explicitly by the user, or does LLVM relies on automatically inferring it?

What's supposed to be the source of nosync attribute? Is it expected to be set explicitly by the user, or does LLVM relies on automatically inferring it?

Generally, we expect to infer it in attributor/function-attrs. Adding nosync to the tests is fine.

EDIT:
Second thought, this does not fix my bug: https://lists.llvm.org/pipermail/llvm-dev/2021-December/154185.html

In D115302#3181180, @jdoerfert wrote:

EDIT:
Second thought, this does not fix my bug: https://lists.llvm.org/pipermail/llvm-dev/2021-December/154185.html

I think it may. At least it does seem to preserve the load and produces identical code for both functions in my build. Unpatched LLVM does not.

Args: bin/opt -debug -aa-pipeline=basic-aa,globals-aa -passes=require<globals-aa>,function(gvn<pre;load-pre;split-backedge-load-pre;memdep>) -S
GVN iteration: 0
GVN: load i32 %r is clobbered by   call void @llvm.sync()
GVN iteration: 0
GVN: load i32 %r is clobbered by   call void @sync()

In D115302#3181224, @tra wrote:

In D115302#3181180, @jdoerfert wrote:

EDIT:
Second thought, this does not fix my bug: https://lists.llvm.org/pipermail/llvm-dev/2021-December/154185.html

I think it may. At least it does seem to preserve the load and produces identical code for both functions in my build. Unpatched LLVM does not.

Args: bin/opt -debug -aa-pipeline=basic-aa,globals-aa -passes=require<globals-aa>,function(gvn<pre;load-pre;split-backedge-load-pre;memdep>) -S
GVN iteration: 0
GVN: load i32 %r is clobbered by   call void @llvm.sync()
GVN iteration: 0
GVN: load i32 %r is clobbered by   call void @sync()

But then I'm confused. The code that is patched here is generic for calls, no? I think this is a particular intrinsic issue.

In D115302#3181294, @jdoerfert wrote:

But then I'm confused. The code that is patched here is generic for calls, no? I think this is a particular intrinsic issue.

I don't know why @llvm.sync and @sync are treated differently in your example. I doubt this patch will change that.

On the other hand, both @llvm.sync and @sync are just functions w/o nosync (and no other relevant attributes) and that is sufficient to treat them conservatively with this patch in place.

It's quite possible that in your case this patch only masks the issue.

In D115302#3181315, @tra wrote:

In D115302#3181294, @jdoerfert wrote:

But then I'm confused. The code that is patched here is generic for calls, no? I think this is a particular intrinsic issue.

I don't know why @llvm.sync and @sync are treated differently in your example. I doubt this patch will change that.

On the other hand, both @llvm.sync and @sync are just functions w/o nosync (and no other relevant attributes) and that is sufficient to treat them conservatively with this patch in place.

It's quite possible that in your case this patch only masks the issue.

It seems the function w/o nosycn is already treated as potential clobber of the global while the intrinsic is not. This patch now "unifies" it by looking for nosync at the call site, but maybe we should not pretend intrinsics are special.
Here is your original example with a function instead of an intrinsic, all seems to work just fine: https://godbolt.org/z/7cn8jKz17

In D115302#3181294, @jdoerfert wrote:

In D115302#3181224, @tra wrote:

In D115302#3181180, @jdoerfert wrote:

EDIT:
Second thought, this does not fix my bug: https://lists.llvm.org/pipermail/llvm-dev/2021-December/154185.html

I think it may. At least it does seem to preserve the load and produces identical code for both functions in my build. Unpatched LLVM does not.

Args: bin/opt -debug -aa-pipeline=basic-aa,globals-aa -passes=require<globals-aa>,function(gvn<pre;load-pre;split-backedge-load-pre;memdep>) -S
GVN iteration: 0
GVN: load i32 %r is clobbered by   call void @llvm.sync()
GVN iteration: 0
GVN: load i32 %r is clobbered by   call void @sync()

But then I'm confused. The code that is patched here is generic for calls, no? I think this is a particular intrinsic issue.

In general, GlobalsAA follows the call graph, and therefore conservatively assumes a call to an external function can call back into the current module.

The callgraph code special-cases intrinsics, though. Except for a few specific intrinsics, we assume intrinsics can't call back into the current module. See Intrinsic::isLeaf.

In D115302#3181399, @jdoerfert wrote:

It seems the function w/o nosycn is already treated as potential clobber of the global while the intrinsic is not. This patch now "unifies" it by looking for nosync at the call site, but maybe we should not pretend intrinsics are special.
Here is your original example with a function instead of an intrinsic, all seems to work just fine: https://godbolt.org/z/7cn8jKz17

That is a very good point. Let me see if I can figure out what makes intrinsics (even non-existing ones) special.

In D115302#3181440, @efriedma wrote:

In D115302#3181294, @jdoerfert wrote:

In D115302#3181224, @tra wrote:

In D115302#3181180, @jdoerfert wrote:

EDIT:
Second thought, this does not fix my bug: https://lists.llvm.org/pipermail/llvm-dev/2021-December/154185.html

I think it may. At least it does seem to preserve the load and produces identical code for both functions in my build. Unpatched LLVM does not.

Args: bin/opt -debug -aa-pipeline=basic-aa,globals-aa -passes=require<globals-aa>,function(gvn<pre;load-pre;split-backedge-load-pre;memdep>) -S
GVN iteration: 0
GVN: load i32 %r is clobbered by   call void @llvm.sync()
GVN iteration: 0
GVN: load i32 %r is clobbered by   call void @sync()

But then I'm confused. The code that is patched here is generic for calls, no? I think this is a particular intrinsic issue.

In general, GlobalsAA follows the call graph, and therefore conservatively assumes a call to an external function can call back into the current module.

The callgraph code special-cases intrinsics, though. Except for a few specific intrinsics, we assume intrinsics can't call back into the current module. See Intrinsic::isLeaf.

1. Then the intrinsics should be marked with the attribute that says they won't call back into the module: nocallback (which has no lang ref entry... https://reviews.llvm.org/D90275#2454912, anyway).
2. Not calling back into the module is not sufficient. Nosync is necessary, as noted here. I'm still somewhat unsure why it is checked for a call but OK, that might be the interface. I fear we forget to check it in other places too.

In D115302#3181470, @jdoerfert wrote:

In D115302#3181440, @efriedma wrote:

In general, GlobalsAA follows the call graph, and therefore conservatively assumes a call to an external function can call back into the current module.

The callgraph code special-cases intrinsics, though. Except for a few specific intrinsics, we assume intrinsics can't call back into the current module. See Intrinsic::isLeaf.

Sounds like isLeaf is not not completely correct, either. Earlier comment mentioned that "refcounting on objc objects can run arbitrary code".

While poking at the Intrinsics.td I've noticed that NoSync is supposed to be set on intrinsics by default. The fact that int_objc_autoreleasePoolPush was affected by this patch suggests that we somehow failed to propagate it.

1. Then the intrinsics should be marked with the attribute that says they won't call back into the module: nocallback (which has no lang ref entry... https://reviews.llvm.org/D90275#2454912, anyway).

Nor does it have a matching intrinsic property.

2. Not calling back into the module is not sufficient. Nosync is necessary, as noted here. I'm still somewhat unsure why it is checked for a call but OK, that might be the interface. I fear we forget to check it in other places too.

I am way out of my depth here, so it's quite possible that I'm doing it wrong. If there's a better way/place to do it, I'm open to suggestions.

I think we should locate the place intrinsics are handled special right now. And there we require the function to be nocallback and nosync to argue the function will not have an effect on the module.
That seems to be the right solution to all these weird effects. Obviously we need to add nocallback to the default intrinsic attributes and to other intrinsics that don't use the default intrinsic definition.
@efriedma wdyt? Can you point out where the intrinsic handling is located?

Please let's not bring nocallback into this. It's an as-yet completely unused attribute, and we haven't even converted most target intrinsics to use default attributes yet. Changing Intrinsic::isLeaf() to use an attribute instead of a hard-coded list seems completely orthogonal to this issue.

In D115302#3183741, @nikic wrote:

Please let's not bring nocallback into this. It's an as-yet completely unused attribute, and we haven't even converted most target intrinsics to use default attributes yet. Changing Intrinsic::isLeaf() to use an attribute instead of a hard-coded list seems completely orthogonal to this issue.

It is not orthogonal. The problem doesn't happen for functions because we think intrinsics have a magic property, or in fact multiple, that cannot cause an effect in certain situations. This is plain wrong. From there things will always go sideways.

The properties we associate (somewhere) with intrinsics are captured by nosync and nocallback. Neither is inherent to intrinsics but we pretend they are and that causes the bug. Only by making these explicit we can fix the bug without just hiding it, and treat functions that have the same properties the same way.

All that said, we obviously need a lang ref patch for nocallback.

Finally, not having converted target intrinsics is even more reason to do this. Pretending intrinsics are special in any way you just need to when you write an analysis/optimization is always going to cause bugs. If we do not specify properties explicitly we are fighting a loosing battle. If we make them explicit however, people might take a look at their target directives and port them, as we ported the nvptx ones recently ;).

In D115302#3183783, @jdoerfert wrote:

The properties we associate (somewhere) with intrinsics are captured by nosync and nocallback. Neither is inherent to intrinsics but we pretend they are and that causes the bug. Only by making these explicit we can fix the bug without just hiding it, and treat functions that have the same properties the same way.

This may be the place which causes different behavior of intrinsics vs functions.
https://github.com/llvm/llvm-project/blob/main/llvm/lib/Analysis/CallGraph.cpp#L96

That said, we seem to have multiple moving parts here, that may be worth separating:

• lack of nosync should force GlobalModRef to treat functions conservatively.
  
  Problem: not all intrinsics have been converted to use default attributes, so it will be a performance regression for them.

• Some intrinsics *may* call back and that's currently covered only by an incomplete isLeaf.
  
  Problem: nocallback is not here yet and we have the same issue with the default attributes as above.

• Both issues above will not have a quick fix, but we do need to deal with the miscompiles we have now.
  
  Q: What can we do short-term to mitigate the issue?

Perhaps as a stop-gap workaround, we can explicitly enumerate NVPTX intrinsics that must be treated as a synchronization barrier.
AFAICT, the only other platform that may potentially be affected by this is AMDGPU, so the special case list should be manageable.

The bug being fixed here isn't exclusive to intrinsics. The following shows the same issue using a spinloop:

_Atomic int a = 0;
static int z = 0;
__attribute((noinline))
void g(int x) {
   while (a != x);
}
int f(int x) {
   z = x;
   g(x);
   return z;
}

Given that, I don't think this whole tangent about the control flow graph and hardcoding which intrinsics are nocallback is relevant to this bug.

Requiring nosync when you want to derive "no side-effect" seems agreed upon. Let's start there.

Problem: not all intrinsics have been converted to use default attributes, so it will be a performance regression for them.

This could be a problem, yes. Not sure how much of one it is in practice.

Perhaps as a stop-gap workaround, we can explicitly enumerate NVPTX intrinsics that must be treated as a synchronization barrier.

I wouldn't really be happy with this, but I wouldn't block that patch.

In D115302#3183952, @efriedma wrote:

The bug being fixed here isn't exclusive to intrinsics. The following shows the same issue using a spinloop:
Given that, I don't think this whole tangent about the control flow graph and hardcoding which intrinsics are nocallback is relevant to this bug.

My suggestion was about listing the intrinsics that act as a barrier. I.e. teach GlobalModRef that @llvm.nvvm.barrier0 is a ModRef for all values. While it's not a proper fix, it does force LLVM to be more conservative about memory accesses on both sides of it and prevents miscompilation. While not pretty, the work-around is narrow in scope and does not block general work on having these issues fixed properly.

Intrinsics being treated differently from functions because of assumed nocallback is an independent issue.

We have DefaultIntrinsic for a really long while now. Targets won't change if they don't have too. Let's prioritize correctness and require nosync, tell people on the list to update their def files already.

In D115302#3183986, @efriedma wrote:

Problem: not all intrinsics have been converted to use default attributes, so it will be a performance regression for them.

This could be a problem, yes. Not sure how much of one it is in practice.

In D115302#3183996, @jdoerfert wrote:

We have DefaultIntrinsic for a really long while now. Targets won't change if they don't have too. Let's prioritize correctness and require nosync, tell people on the list to update their def files already.

It might be easier to send the patch and let interested parties review the changes. I'll do it shortly.

Added @asbirlea as a reviewer for the GlobalsModRef tests.

In D115302#3184025, @tra wrote:

It might be easier to send the patch and let interested parties review the changes. I'll do it shortly.

On a second thought, I just don't know enough to convert all targets to use DefaultIntrinsic correctly.

Let's prioritize correctness and require nosync, tell people on the list to update their def files already.

SGTM.

This came up on our GPU working group call today.

We have now run into this problem 3 distinct times:
https://lists.llvm.org/pipermail/llvm-dev/2021-November/154060.html
https://discourse.llvm.org/t/bug-gvn-memdep-bug-in-the-presence-of-intrinsics/59402
https://github.com/intel/llvm/issues/1258

We should really fix this conceptually. I suggest to patch doesNotAccessMemory and friends in Function.h and InstrTypes.h to include a new argument

bool doesNotAccessMemory(bool IgnoreSynchronization = false) { return (IgnoreSynchronization || hasNoSync()) && hasFnAttribute(Attribute::ReadNone); }

This will make sure most argumentation based on readnone/only/writeonly are synchronization aware.

It appears that there's no consensus on how nosync and readonly/readnone are supposed to interact.

So for the time being I propose that we treat them as independent for GlobalsModRef.
It may be overly conservative, but it fixes a real correctness issues caused by GlobalsModRef ignoring lack of nosync.
It does not solve all the problems mentioned above, but it's a step forward, IMO.

Would that be acceptable?

One question is -- for calls w/o nosync should we always return ModRefInfo::ModRef (i.e. we have no idea what other threads may do)?
Or should we allow returning ModRefInfo::Mod if Call->onlyReadsMemory() is true?

I think https://reviews.llvm.org/D123531 might have fixed (parts of) this. I included the test case llvm/test/Analysis/GlobalsModRef/functions_without_nosync.ll there and it sems to work fine.