This is an archive of the discontinued LLVM Phabricator instance.

Differential D122959

[ARM] Only update the successor edges for immediate predecessors of PrologueMBB.
ClosedPublic

Authored by ZhiyaoMa98 on Apr 1 2022, 7:51 PM.

Details

Reviewers
asl
ostannard
chill
john.brawn
efriedma
Commits
rGbd606afe26f2: [ARM] Only update the successor edges for immediate predecessors of PrologueMBB
Summary

When adjusting the function prologue for segmented stacks, only update the successor edges of the immediate predecessors of the original prologue.

I encountered a segmentation fault in LLVM while compiling the Rust core targeting armv7em with segmented stack enabled. Below is my attempt to fix it. I am not very certain about the correctness of my patch, because I do not fully understand the code.

Looking at the do-while loop

SmallPtrSet<MachineBasicBlock *, 8> BeforePrologueRegion;
SmallVector<MachineBasicBlock *, 2> WalkList;
WalkList.push_back(&PrologueMBB);

do {
  MachineBasicBlock *CurMBB = WalkList.pop_back_val();
  for (MachineBasicBlock *PredBB : CurMBB->predecessors()) {
    if (BeforePrologueRegion.insert(PredBB).second)
      WalkList.push_back(PredBB);
  }
} while (!WalkList.empty());

it seems BeforePrologueRegion contains non-immediate predecessors of PrologueMBB .

However, in the following while loop, ReplaceUsesOfBlockWith assumes that MBB is an immediate predecessor of PrologueMBB.

for (MachineBasicBlock *MBB : BeforePrologueRegion) {
  // Make sure the LiveIns are still sorted and unique.
  MBB->sortUniqueLiveIns();
  // Replace the edges to PrologueMBB by edges to the sequences
  // we are about to add.
  MBB->ReplaceUsesOfBlockWith(&PrologueMBB, AddedBlocks[0]);
}

The assumption comes from the function call chain

MBB->ReplaceUsesOfBlockWith(&PrologueMBB, AddedBlocks[0]);
--> replaceSuccessor(Old, New);
----> Old->removePredecessor(this);
------> assert(I != Predecessors.end()); Predecessors.erase(I);

I ran into this problem when I was compiling Rust core in release mode targeting armv7em with segmented stack enabled. The Predecessors.erase(I); line led to a segmentation fault.

I fixed the problem by adding the if-continue statement. It still passed all of the tests.

Diff Detail

Unit TestsFailed

TimeTest
60,110 msx64 debian > AddressSanitizer-x86_64-linux-dynamic.TestCases::scariness_score_test.cpp
60,100 msx64 debian > AddressSanitizer-x86_64-linux.TestCases::scariness_score_test.cpp
60,080 msx64 debian > ThreadSanitizer-x86_64.ThreadSanitizer-x86_64::restore_stack.cpp
60,080 msx64 debian > libFuzzer.libFuzzer::large.test

Event Timeline

ZhiyaoMa98 created this revision.Apr 1 2022, 7:51 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 1 2022, 7:51 PM
Herald added subscribers: JDevlieghere, hiraditya, kristof.beyls. · View Herald Transcript
ZhiyaoMa98 requested review of this revision.Apr 1 2022, 7:51 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 1 2022, 7:51 PM
Harbormaster completed remote builds in B157551: Diff 419918.Apr 1 2022, 8:33 PM
john.brawn added a comment.Apr 6 2022, 7:28 AM

I don't know much about this specific bit of code, but a comment in ReplaceUsesOfBlockWith mentions that it's expected that 'Old' is a successor of 'this' so the fix looks reasonable. However, could you also add a test for this?

llvm/lib/Target/ARM/ARMFrameLowering.cpp
2573–2578

I think this would be a bit clearer if rewritten as

if (MBB->isSuccessor(&PrologueMBB))
  MBB->ReplaceUsesOfBlockWith(&PrologueMBB, AddedBlocks[0]);

i.e. the test and action are both MBB->thing(&PrologueMBB).

ZhiyaoMa98 added a comment.Apr 26 2022, 1:35 PM

I would like to add a test, but I do not know how. My understanding is that I will need to create an example that PrologueMBB has non-immediate predecessors. Is there any example I can follow? Thanks!

john.brawn added a comment.Apr 28 2022, 8:29 AM
In D122959#3475470, @ZhiyaoMa98 wrote:

I would like to add a test, but I do not know how. My understanding is that I will need to create an example that PrologueMBB has non-immediate predecessors. Is there any example I can follow? Thanks!

It may be easiest to start with the original file they you saw the segfault. Adding "--emit llvm-ir" to the rustc command-line will cause a .ll file to be produced, then doing "bugpoint -run-llc file.ll" should hopefully reduce that down to a simple test case.

ZhiyaoMa98 added a comment.EditedApr 29 2022, 9:33 AM

I successfully reproduced the segfault by llc -relocation-model=ropi-rwpi large_llvm_ir.ll
I need to pass the -relocation-model=ropi-rwpi flag to bugpoint, any hint on this?

Edit: it seems to be --tool-args, trying this now.

ZhiyaoMa98 updated this revision to Diff 426145.Apr 29 2022, 12:40 PM

Added tests. Before fix it segfaults on the new tests. After fix it just runs through.

ZhiyaoMa98 updated this revision to Diff 426148.Apr 29 2022, 12:51 PM
ZhiyaoMa98 marked an inline comment as done.

Addressed inline comment to make the code more readable.

ZhiyaoMa98 added a comment.Apr 29 2022, 12:54 PM

I don't have commit access. Please credit me as follows if everything looks good. Thanks.
Name: Zhiyao Ma
Email: zhiyao.ma.98@gmail.com

Harbormaster completed remote builds in B162051: Diff 426148.Apr 29 2022, 2:28 PM
john.brawn accepted this revision.May 3 2022, 4:36 AM

Looks good, I'll commit this for you.

This revision is now accepted and ready to land.May 3 2022, 4:36 AM
This revision was landed with ongoing or failed builds.May 3 2022, 4:42 AM
Closed by commit rGbd606afe26f2: [ARM] Only update the successor edges for immediate predecessors of PrologueMBB (authored by ZhiyaoMa98, committed by john.brawn). · Explain Why
This revision was automatically updated to reflect the committed changes.
john.brawn added a commit: rGbd606afe26f2: [ARM] Only update the successor edges for immediate predecessors of PrologueMBB.

Revision Contents

PathSize
llvm/
lib/
Target/
ARM/
5 lines
test/
CodeGen/
ARM/
20 lines
Thumb/
20 lines
Thumb2/
20 lines

Diff 426148

llvm/lib/Target/ARM/ARMFrameLowering.cpp

Show First 20 LinesShow All 2,564 Lines▼ Show 20 Linesvoid ARMFrameLowering::adjustForSegmentedStacks(
for (MachineBasicBlock *B : AddedBlocks) { for (MachineBasicBlock *B : AddedBlocks) {
BeforePrologueRegion.erase(B); BeforePrologueRegion.erase(B);
MF.insert(PrologueMBB.getIterator(), B); MF.insert(PrologueMBB.getIterator(), B);
} }
for (MachineBasicBlock *MBB : BeforePrologueRegion) { for (MachineBasicBlock *MBB : BeforePrologueRegion) {
// Make sure the LiveIns are still sorted and unique. // Make sure the LiveIns are still sorted and unique.
MBB->sortUniqueLiveIns(); MBB->sortUniqueLiveIns();
// Replace the edges to PrologueMBB by edges to the sequences // Replace the edges to PrologueMBB by edges to the sequences
// we are about to add. // we are about to add, but only update for immediate predecessors.
if (MBB->isSuccessor(&PrologueMBB))
MBB->ReplaceUsesOfBlockWith(&PrologueMBB, AddedBlocks[0]); MBB->ReplaceUsesOfBlockWith(&PrologueMBB, AddedBlocks[0]);
} }
john.brawnUnsubmitted
Done
ReplyInline Actions

I think this would be a bit clearer if rewritten as

if (MBB->isSuccessor(&PrologueMBB))
  MBB->ReplaceUsesOfBlockWith(&PrologueMBB, AddedBlocks[0]);

i.e. the test and action are both MBB->thing(&PrologueMBB).

john.brawn: I think this would be a bit clearer if rewritten as ``` if (MBB->isSuccessor(&PrologueMBB))…
// The required stack size that is aligned to ARM constant criterion. // The required stack size that is aligned to ARM constant criterion.
AlignedStackSize = alignToARMConstant(StackSize); AlignedStackSize = alignToARMConstant(StackSize);
// When the frame size is less than 256 we just compare the stack // When the frame size is less than 256 we just compare the stack
// boundary directly to the value of the stack pointer, per gcc. // boundary directly to the value of the stack pointer, per gcc.
bool CompareStackPointer = AlignedStackSize < kSplitStackAvailable; bool CompareStackPointer = AlignedStackSize < kSplitStackAvailable;
// We will use two of the callee save registers as scratch registers so we // We will use two of the callee save registers as scratch registers so we
▲ Show 20 LinesShow All 351 LinesShow Last 20 Lines

llvm/test/CodeGen/ARM/segmented-stacks.ll

Show First 20 LinesShow All 274 Lines▼ Show 20 Lines
; ARM-linux-LABEL: test_sibling_call_empty_frame: ; ARM-linux-LABEL: test_sibling_call_empty_frame:
; ARM-linux: bl __morestack ; ARM-linux: bl __morestack
; ARM-android-LABEL: test_sibling_call_empty_frame: ; ARM-android-LABEL: test_sibling_call_empty_frame:
; ARM-android: bl __morestack ; ARM-android: bl __morestack
} }
declare void @panic() unnamed_addr
; We used to crash while compiling the following function.
; ARM-linux-LABEL: build_should_not_segfault:
; ARM-android-LABEL: build_should_not_segfault:
define void @build_should_not_segfault(i8 %x) unnamed_addr #0 {
start:
%_0 = icmp ult i8 %x, 16
%or.cond = select i1 undef, i1 true, i1 %_0
br i1 %or.cond, label %bb1, label %bb2
bb1:
ret void
bb2:
call void @panic()
unreachable
}
attributes #0 = { "split-stack" } attributes #0 = { "split-stack" }

llvm/test/CodeGen/Thumb/segmented-stacks.ll

Show First 20 LinesShow All 269 Lines▼ Show 20 Lines
; Thumb-android-LABEL: test_nostack: ; Thumb-android-LABEL: test_nostack:
; Thumb-android-NOT: bl __morestack ; Thumb-android-NOT: bl __morestack
; Thumb-linux-LABEL: test_nostack: ; Thumb-linux-LABEL: test_nostack:
; Thumb-linux-NOT: bl __morestack ; Thumb-linux-NOT: bl __morestack
} }
declare void @panic() unnamed_addr
; We used to crash while compiling the following function.
; Thumb-linux-LABEL: build_should_not_segfault:
; Thumb-android-LABEL: build_should_not_segfault:
define void @build_should_not_segfault(i8 %x) unnamed_addr #0 {
start:
%_0 = icmp ult i8 %x, 16
%or.cond = select i1 undef, i1 true, i1 %_0
br i1 %or.cond, label %bb1, label %bb2
bb1:
ret void
bb2:
call void @panic()
unreachable
}
attributes #0 = { "split-stack" } attributes #0 = { "split-stack" }

llvm/test/CodeGen/Thumb2/segmented-stacks.ll

Show First 20 LinesShow All 165 Lines▼ Show 20 Lines
; ARM-NEXT: ldm sp!, {lr} ; ARM-NEXT: ldm sp!, {lr}
; ARM-NEXT: pop {r4, r5} ; ARM-NEXT: pop {r4, r5}
; ARM-NEXT: bx lr ; ARM-NEXT: bx lr
; ARM: .LCPI2_0: ; ARM: .LCPI2_0:
; ARM-NEXT: .long 40192 ; ARM-NEXT: .long 40192
} }
declare void @panic() unnamed_addr
; We used to crash while compiling the following function.
; THUMB-LABEL: build_should_not_segfault:
; ARM-LABEL: build_should_not_segfault:
define void @build_should_not_segfault(i8 %x) unnamed_addr #0 {
start:
%_0 = icmp ult i8 %x, 16
%or.cond = select i1 undef, i1 true, i1 %_0
br i1 %or.cond, label %bb1, label %bb2
bb1:
ret void
bb2:
call void @panic()
unreachable
}
attributes #0 = { "split-stack" } attributes #0 = { "split-stack" }