This is an archive of the discontinued LLVM Phabricator instance.

Differential D117084

[CFLGraph] Change isMallocOrCallocLikeFn to isNoAliasCall now that allocation functions must be marked noalias
Needs ReviewPublic

Authored by Bryce-MW on Jan 11 2022, 8:55 PM.

Details

Reviewers
reames
Summary

Allocation functions must now be marked noalias and any function marked noalias does not introduce aliases. The if condition below like 461 will now always be true because Fn->returnDoesNotAlias() returns the same result as isNoAliasCall(&Call). Since we return early if isNoAliasCall returns true, it will always be false at the point of the condition. I'm happy to restore that condition for safety if wanted.

Diff Detail

Event Timeline

Bryce-MW created this revision.Jan 11 2022, 8:55 PM
Herald added subscribers: jeroen.dobbelaere, hiraditya. · View Herald TranscriptJan 11 2022, 8:55 PM
Bryce-MW requested review of this revision.Jan 11 2022, 8:55 PM
Herald added a project: Restricted Project. · View Herald TranscriptJan 11 2022, 8:55 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
Bryce-MW added a comment.Jan 11 2022, 8:56 PM

Hmm, I expected that Herald would add other reviewers automatically. I'm not sure if I can ask it to do that manually

Harbormaster completed remote builds in B142828: Diff 399191.Jan 11 2022, 9:29 PM
Bryce-MW updated this revision to Diff 399208.Jan 11 2022, 10:22 PM
  • Rebase to fix failing test on Windows
xbolva00 added a subscriber: xbolva00.Jan 11 2022, 10:53 PM

Testcase?

Harbormaster completed remote builds in B142838: Diff 399208.Jan 11 2022, 10:55 PM
nikic added a subscriber: nikic.Jan 12 2022, 1:01 AM

I'm not familiar with CFL, but I don't think this was the intention of the code. I think this part tries to reason about inaccessiblememonly/inaccessibleorargmemonly in a clumsy way.

reames requested changes to this revision.Jan 12 2022, 7:53 AM

I agree with @nikic on the intent of the code. This can probably be replaced with a check for inaccessiblememonly instead.

The change as implemented is incorrect. There is no requirement that an noalias call not have other side effects. Example:
define nolias i8* helper(i64 %size, i8* %unrelated) {

%res = call i8* malloc(i64 %size)
store i8 0, i8* %unrelated
ret %res

}

Thanks for looking at this!

This revision now requires changes to proceed.Jan 12 2022, 7:53 AM
Bryce-MW added a comment.Jan 12 2022, 12:02 PM

Thanks for catching that. I'm glad we have review. For a normal function, it tries interprocedural analysis, if that fails, it looks at the readonly and noalias attributes. I think that allocation functions can go through the same process but just also check Call.onlyAccessesInaccessibleMemory(). This would mean that allocation functions could undergo interprocedural analysis first which would be a functionality change from before.

Bryce-MW updated this revision to Diff 399412.Jan 12 2022, 12:03 PM
  • Use onlyAccessesInaccessibleMemory instead
Harbormaster completed remote builds in B142981: Diff 399412.Jan 12 2022, 12:49 PM
reames added a comment.Jan 17 2022, 8:26 AM

I went and took a slightly deeper look at this code, and unfortunately, I think we have a couple of interacting issues here we will need to fix if we want to remove the isMallocOrCallocLike check.

Issue 1 - The inter-procedural inference code does not appear to restrict results based on call site attributes. It appears to only look at function attributes. This means that a call site which is annotated inaccessiblememonly to a call which isn't would get the conservative answer, not the precise one.

Issue 2 - The inter-procedural inference code (getAliasSummary) does not appear to incorporate function attributes into the result at all. (I may be misreading this code, it's horribly "generic" and really hard to figure out what it is actually doing.)

Issue 3 - The cumulative result of the previous two is that letting noalias only trigger if inter-procedural doesn't is a regression.

I think what I'd suggest is that rather than removing this code, we focus on simple generalizing it.

I believe the property isMallocOrCallLike is actually checking for here is: a noalias function whose only side effect is inaccessiblememonly. We can generalize the check - with added test coverage - and at least remove the overly specific call.

nikic added a comment.Jan 17 2022, 9:22 AM

It may be worth considering dropping the CFL code entirely. It's not used in a default pipeline, and I rather doubt that this is ever going to change.

Revision Contents

PathSize
llvm/
lib/
Analysis/
11 lines

Diff 399412

llvm/lib/Analysis/CFLGraph.h

Show First 20 LinesShow All 423 Lines▼ Show 20 Lines public:
void visitCallBase(CallBase &Call) { void visitCallBase(CallBase &Call) {
// Make sure all arguments and return value are added to the graph first // Make sure all arguments and return value are added to the graph first
for (Value *V : Call.args()) for (Value *V : Call.args())
if (V->getType()->isPointerTy()) if (V->getType()->isPointerTy())
addNode(V); addNode(V);
if (Call.getType()->isPointerTy()) if (Call.getType()->isPointerTy())
addNode(&Call); addNode(&Call);
// Check if Inst is a call to a library function that // Check if Inst is a call to a library function that frees memory. Those
// allocates/deallocates on the heap. Those kinds of functions do not // kinds of functions do not introduce any aliases.
// introduce any aliases. if (isFreeCall(&Call, &TLI))
// TODO: address other common library functions such as realloc(),
// strdup(), etc.
if (isMallocOrCallocLikeFn(&Call, &TLI) || isFreeCall(&Call, &TLI))
return; return;
// TODO: Add support for noalias args/all the other fun function // TODO: Add support for noalias args/all the other fun function
// attributes that we can tack on. // attributes that we can tack on.
SmallVector<Function *, 4> Targets; SmallVector<Function *, 4> Targets;
if (getPossibleTargets(Call, Targets)) if (getPossibleTargets(Call, Targets))
if (tryInterproceduralAnalysis(Call, Targets)) if (tryInterproceduralAnalysis(Call, Targets))
return; return;
// Because the function is opaque, we need to note that anything // Because the function is opaque, we need to note that anything
// could have happened to the arguments (unless the function is marked // could have happened to the arguments (unless the function is marked
// readonly or readnone), and that the result could alias just about // readonly or readnone), and that the result could alias just about
// anything, too (unless the result is marked noalias). // anything, too (unless the result is marked noalias).
if (!Call.onlyReadsMemory()) if (!(Call.onlyReadsMemory() || Call.onlyAccessesInaccessibleMemory()))
for (Value *V : Call.args()) { for (Value *V : Call.args()) {
if (V->getType()->isPointerTy()) { if (V->getType()->isPointerTy()) {
// The argument itself escapes. // The argument itself escapes.
Graph.addAttr(InstantiatedValue{V, 0}, getAttrEscaped()); Graph.addAttr(InstantiatedValue{V, 0}, getAttrEscaped());
// The fate of argument memory is unknown. Note that since // The fate of argument memory is unknown. Note that since
// AliasAttrs is transitive with respect to dereference, we only // AliasAttrs is transitive with respect to dereference, we only
// need to specify it for the first-level memory. // need to specify it for the first-level memory.
Graph.addNode(InstantiatedValue{V, 1}, getAttrUnknown()); Graph.addNode(InstantiatedValue{V, 1}, getAttrUnknown());
▲ Show 20 LinesShow All 208 LinesShow Last 20 Lines