This is an archive of the discontinued LLVM Phabricator instance.

Differential D124124

[LangRef] Limit read/writeonly attrs to memory visible to caller
ClosedPublic

Authored by fhahn on Apr 20 2022, 2:07 PM.

Details

Reviewers
nikic
nlopes
reames
efriedma
Commits
rGb00fd352777d: [LangRef] Limit readnone,read/writeonly to memory visible outside the fn
Summary

This patch unifies the wording used for both readonly and writeonly
attributes. Both descriptions more specifically refer to memory visible
to caller functions, like in the first paragraph of the readonly
definition.

The motivation for the clarification is D123473.

Diff Detail

Event Timeline

fhahn created this revision.Apr 20 2022, 2:07 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 20 2022, 2:07 PM
Herald added a subscriber: jdoerfert. · View Herald Transcript
fhahn requested review of this revision.Apr 20 2022, 2:07 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 20 2022, 2:07 PM
fhahn mentioned this in D123473: [LICM] Only create load in pre-header when promoting load..Apr 20 2022, 2:08 PM
fhahn updated this revision to Diff 424022.Apr 20 2022, 2:09 PM

Use caller functions for the last paragraphs of both writeonly and readonly.

nlopes added a comment.Apr 20 2022, 2:59 PM

Not sure it's sufficient to restrict to the callers. Essentially we want to assert that these functions don't have state, so any read/writes they do is to locally allocated memory. No other function in the program can access that memory.

Harbormaster completed remote builds in B160524: Diff 424022.Apr 20 2022, 3:14 PM
efriedma added a comment.Apr 20 2022, 3:24 PM

"readonly" really has to encompass memory visible to the whole unit of optimization (the current translation unit, plus any other translation units involved in LTO) to justify the way we reason about it. For example, suppose we have a function that's logically doesn't have any state, but it contains a mutable cache of results. Then suppose we inline one call to it: now the "readonly" function touches state that matters to the caller.

"caller functions" is also a bit imprecise if callbacks are involved.

It might be possible to extend LLVM IR to define some memory as "internal" to some particular set of functions, and opaque to outside functions, but that currently doesn't exist.

efriedma added a comment.Apr 20 2022, 10:47 PM

Oh, just took a look at D123473. I see what you're trying to do... yes, we should allow writing to memory that's allocated/deallocated within a function.

I think the only way to make the requirement here clear is to spell out the distinction between memory allocations that continue to be accessible after the function returns, vs. temporary memory allocations in the implementation. Maybe something like the following:

"We define 'local memory' to be memory that is allocated after entry to a function, deallocated before control flow returns to the caller. If a readonly function writes to memory that is not local memory, or has other side effects, the behavior is undefined."

(I'm not sure if we need to explicitly restrict accesses to local memory from other threads? I guess other threads don't have any way to construct a pointer to local memory, so that's probably okay.)

fhahn updated this revision to Diff 424419.Apr 22 2022, 2:34 AM
In D124124#3463817, @efriedma wrote:

Oh, just took a look at D123473. I see what you're trying to do... yes, we should allow writing to memory that's allocated/deallocated within a function.

I think the only way to make the requirement here clear is to spell out the distinction between memory allocations that continue to be accessible after the function returns, vs. temporary memory allocations in the implementation. Maybe something like the following:

"We define 'local memory' to be memory that is allocated after entry to a function, deallocated before control flow returns to the caller. If a readonly function writes to memory that is not local memory, or has other side effects, the behavior is undefined."

(I'm not sure if we need to explicitly restrict accesses to local memory from other threads? I guess other threads don't have any way to construct a pointer to local memory, so that's probably okay.)

Thanks @nlopes & @efriedma! I agree that caller functions is not sufficient in general. I updated the wording to use visible outside the function . This would also disallow accessing memory that has been allocated outside the function and gets deallocated in the function.

Eli's wording for local memory looks good to me too, but if we use it for multiple attributes it would be good to define it once and refer back to it, to avoid duplication. I couldn't find a good place to move such a definition, hence I only updated the wording to visible outside the function for now. Happy to move things around if needed.

In practice I think local memory will likely not include dynamically allocated memory, even if it is deallocated before exiting the function, as most allocators will modify state visible outside the function.

Harbormaster completed remote builds in B160813: Diff 424419.Apr 22 2022, 2:36 AM
nlopes accepted this revision.Apr 22 2022, 4:34 AM

LGTM, I think it reads well.

This revision is now accepted and ready to land.Apr 22 2022, 4:34 AM
This revision was landed with ongoing or failed builds.Apr 25 2022, 3:33 AM
Closed by commit rGb00fd352777d: [LangRef] Limit readnone,read/writeonly to memory visible outside the fn (authored by fhahn). · Explain Why
This revision was automatically updated to reflect the committed changes.
fhahn added a commit: rGb00fd352777d: [LangRef] Limit readnone,read/writeonly to memory visible outside the fn.
efriedma added a comment.Apr 25 2022, 9:30 AM

"outside the function" doesn't really make it clear that you're talking about a dynamic invocation of the function, as opposed to instructions inside the function's body. But maybe it's close enough.

fhahn added a comment.Apr 27 2022, 1:58 PM
In D124124#3472154, @efriedma wrote:

"outside the function" doesn't really make it clear that you're talking about a dynamic invocation of the function, as opposed to instructions inside the function's body. But maybe it's close enough.

Hmm, maybe it could be even clearer. Do you have any suggestions? I guess we could try to spell out a definition of function-local memory somewhere and refer back to it, but I am not sure where the best place would be;

efriedma added a comment.Apr 27 2022, 2:37 PM

It might make sense to have a separate LangRef section for "memory-related function attributes", to describe all the assumptions we're making in one place.

Revision Contents

PathSize
llvm/
docs/
37 lines

Diff 424855

llvm/docs/LangRef.rst

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,864 Lines▼ Show 20 Lines``"probe-stack"``
function has the ``"probe-stack"`` attribute of the caller. If a function has the ``"probe-stack"`` attribute of the caller. If a
function that has a ``"probe-stack"`` attribute is inlined into a function that has a ``"probe-stack"`` attribute is inlined into a
function that has no ``"probe-stack"`` attribute at all, the resulting function that has no ``"probe-stack"`` attribute at all, the resulting
function has the ``"probe-stack"`` attribute of the callee. function has the ``"probe-stack"`` attribute of the callee.
``readnone`` ``readnone``
On a function, this attribute indicates that the function computes its On a function, this attribute indicates that the function computes its
result (or decides to unwind an exception) based strictly on its arguments, result (or decides to unwind an exception) based strictly on its arguments,
without dereferencing any pointer arguments or otherwise accessing without dereferencing any pointer arguments or otherwise accessing
any mutable state (e.g. memory, control registers, etc) visible to any mutable state (e.g. memory, control registers, etc) visible outside the
caller functions. It does not write through any pointer arguments ``readnone`` function. It does not write through any pointer arguments
(including ``byval`` arguments) and never changes any state visible (including ``byval`` arguments) and never changes any state visible to
to callers. This means while it cannot unwind exceptions by calling callers. This means while it cannot unwind exceptions by calling the ``C++``
the ``C++`` exception throwing methods (since they write to memory), there may exception throwing methods (since they write to memory), there may be
be non-``C++`` mechanisms that throw exceptions without writing to LLVM non-``C++`` mechanisms that throw exceptions without writing to LLVM visible
visible memory. memory.
On an argument, this attribute indicates that the function does not On an argument, this attribute indicates that the function does not
dereference that pointer argument, even though it may read or write the dereference that pointer argument, even though it may read or write the
memory that the pointer points to if accessed through other pointers. memory that the pointer points to if accessed through other pointers.
If a readnone function reads or writes memory visible to the program, or If a readnone function reads or writes memory visible outside the function,
has other side-effects, the behavior is undefined. If a function reads from or has other side-effects, the behavior is undefined. If a
or writes to a readnone pointer argument, the behavior is undefined. function reads from or writes to a readnone pointer argument, the behavior
is undefined.
``readonly`` ``readonly``
On a function, this attribute indicates that the function does not write On a function, this attribute indicates that the function does not write
through any pointer arguments (including ``byval`` arguments) or otherwise through any pointer arguments (including ``byval`` arguments) or otherwise
modify any state (e.g. memory, control registers, etc) visible to modify any state (e.g. memory, control registers, etc) visible outside the
caller functions. It may dereference pointer arguments and read ``readonly`` function. It may dereference pointer arguments and read
state that may be set in the caller. A readonly function always state that may be set in the caller. A readonly function always
returns the same value (or unwinds an exception identically) when returns the same value (or unwinds an exception identically) when
called with the same set of arguments and global state. This means while it called with the same set of arguments and global state. This means while it
cannot unwind exceptions by calling the ``C++`` exception throwing methods cannot unwind exceptions by calling the ``C++`` exception throwing methods
(since they write to memory), there may be non-``C++`` mechanisms that throw (since they write to memory), there may be non-``C++`` mechanisms that throw
exceptions without writing to LLVM visible memory. exceptions without writing to LLVM visible memory.
On an argument, this attribute indicates that the function does not write On an argument, this attribute indicates that the function does not write
through this pointer argument, even though it may write to the memory that through this pointer argument, even though it may write to the memory that
the pointer points to. the pointer points to.
If a readonly function writes memory visible to the program, or If a readonly function writes memory visible outside the function, or has
has other side-effects, the behavior is undefined. If a function writes to other side-effects, the behavior is undefined. If a function writes to a
a readonly pointer argument, the behavior is undefined. readonly pointer argument, the behavior is undefined.
``"stack-probe-size"`` ``"stack-probe-size"``
This attribute controls the behavior of stack probes: either This attribute controls the behavior of stack probes: either
the ``"probe-stack"`` attribute, or ABI-required stack probes, if any. the ``"probe-stack"`` attribute, or ABI-required stack probes, if any.
It defines the size of the guard region. It ensures that if the function It defines the size of the guard region. It ensures that if the function
may use more stack space than the size of the guard region, stack probing may use more stack space than the size of the guard region, stack probing
sequence will be emitted. It takes one required integer value, which sequence will be emitted. It takes one required integer value, which
is 4096 by default. is 4096 by default.
If a function that has a ``"stack-probe-size"`` attribute is inlined into If a function that has a ``"stack-probe-size"`` attribute is inlined into
a function with another ``"stack-probe-size"`` attribute, the resulting a function with another ``"stack-probe-size"`` attribute, the resulting
function has the ``"stack-probe-size"`` attribute that has the lower function has the ``"stack-probe-size"`` attribute that has the lower
numeric value. If a function that has a ``"stack-probe-size"`` attribute is numeric value. If a function that has a ``"stack-probe-size"`` attribute is
inlined into a function that has no ``"stack-probe-size"`` attribute inlined into a function that has no ``"stack-probe-size"`` attribute
at all, the resulting function has the ``"stack-probe-size"`` attribute at all, the resulting function has the ``"stack-probe-size"`` attribute
of the callee. of the callee.
``"no-stack-arg-probe"`` ``"no-stack-arg-probe"``
This attribute disables ABI-required stack probes, if any. This attribute disables ABI-required stack probes, if any.
``writeonly`` ``writeonly``
On a function, this attribute indicates that the function may write to but On a function, this attribute indicates that the function may write to but
does not read from memory. does not read from memory visible outside the ``writeonly`` function.
On an argument, this attribute indicates that the function may write to but On an argument, this attribute indicates that the function may write to but
does not read through this pointer argument (even though it may read from does not read through this pointer argument (even though it may read from
the memory that the pointer points to). the memory that the pointer points to).
If a writeonly function reads memory visible to the program, or If a writeonly function reads memory visible outside the function or has
has other side-effects, the behavior is undefined. If a function reads other side-effects, the behavior is undefined. If a function reads
from a writeonly pointer argument, the behavior is undefined. from a writeonly pointer argument, the behavior is undefined.
``argmemonly`` ``argmemonly``
This attribute indicates that the only memory accesses inside function are This attribute indicates that the only memory accesses inside function are
loads and stores from objects pointed to by its pointer-typed arguments, loads and stores from objects pointed to by its pointer-typed arguments,
with arbitrary offsets. Or in other words, all memory operations in the with arbitrary offsets. Or in other words, all memory operations in the
function can refer to memory only using pointers based on its function function can refer to memory only using pointers based on its function
arguments. arguments.
▲ Show 20 LinesShow All 23,014 LinesShow Last 20 Lines