Details

Reviewers

craig.topper
arsenm
kparzysz
MatzeB
RKSimon
nickdesaulniers

Commits

rGcfd2c5ce580f: Untangle the mess which is MachineBasicBlock::hasAddressTaken().

Summary

There are two different senses in which a block can be "address-taken". There can be a BlockAddress involved, which means we need to map the IR-level value to some specific block of machine code. Or there can be constructs inside a function which involve using the address of a basic block to implement certain kinds of control flow.

Mixing these together causes a problem: if target-specific passes are marking random blocks "address-taken", if we have a BlockAddress, we can't actually tell which MachineBasicBlock corresponds to the BlockAddress.

So split this into two separate bits: one for BlockAddress, and one for the machine-specific bits. And try to clarify when, exactly, it's appropriate to use the new setMBBLabelUsed().

Discovered while trying to sort out related stuff on D102817.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

efriedma created this revision.Apr 29 2022, 1:45 PM

Herald added a project: Restricted Project. · View Herald TranscriptApr 29 2022, 1:45 PM

Herald added subscribers: StephenFan, pengfei, hiraditya. · View Herald Transcript

efriedma requested review of this revision.Apr 29 2022, 1:45 PM

Herald added a project: Restricted Project. · View Herald TranscriptApr 29 2022, 1:45 PM

Herald added a subscriber: wdng. · View Herald Transcript

efriedma mentioned this in D102817: [Windows SEH]: HARDWARE EXCEPTION HANDLING (MSVC -EHa) - Part 2.Apr 29 2022, 1:54 PM

Harbormaster completed remote builds in B162057: Diff 426158.Apr 29 2022, 3:39 PM

craig.topper added inline comments.Apr 29 2022, 10:53 PM

llvm/include/llvm/CodeGen/MachineBasicBlock.h
272	Did clang-format format this differently than `setMBBLabelUsed()`? It's not over 80 columns on one line is it?

Fix formatting

Harbormaster completed remote builds in B162128: Diff 426258.Apr 30 2022, 6:25 PM

The IR spec states that the value of blockaddress can only be used in an indirect branch/call, or in a comparison against null. The latter seems to fall under the "address materialized somewhere" that you mention in the referenced review. Is the motivation behind BlockAddressTarget to identify blocks that are targets of indirect branches? Otherwise, it's not clear to me why blockaddress(bb) == null is any different from storing the address of bb in an exception table, for example.

The problem that I spotted that led me to actually submitting this patch is the use of hasAddressTaken() in AsmPrinter::emitBasicBlockStart. It's ambiguous: in general, there could be mulitple "address-taken" MachineBasicBlocks that map to a given BasicBlock. (Maybe there's some other way to disambiguate, but this seems like the simplest.)

There are other reasons it might make sense to have this separation, anyway: we have robust support for "orphaned" blockaddresses (which don't actually map to any MachineBasicBlock), but for target-specific uses of setHasAddressTaken(), we probably end up with a use-after-free. So some places in the code generator might want to check for a "target-specific" address-taken, but not uses of blockaddress.

I'm not questioning the splitting, I'm just wondering if the terminology could be more self-explanatory. In AsmPrinter there is a check that an address-taken block must actually be present, but that's a hard requirement really only when there is a branch to it. So I was thinking that maybe "isIndirectBranchTarget" could be a better name, but I wasn't sure if it captured the intent.

The way things currently work, the significant thing is whether the block is actually referred to by a blockaddress constant. isel doesn't actually check whether the block is the target of an indirectbr. So the naming reflects the current behavior; we treat the block as "address-taken" based on whether there's a blockaddress.

Given the LangRef rules, blocks that have an blockaddress pointing at them are generally also the target of an indirectbr, but we don't actually enforce that anywhere.

The LangRef rule is written the way it is to avoid promising anything about the way blockaddress constants are lowered. For example, if a block is unreachable, we can replace the associated blockaddress constant with a constant "1". Or on some targets like wasm, we convert indirectbrs to switches because we can't jump to arbitrary addresses. (We could implement an optimization to explicitly eliminate blockaddresses that refer to blocks that don't have an indirectbr predecessor... but it's not really important, so nobody has.)

How about AddressTaken_Internal and AddressTaken_External?

the _Internal is used for blockAddress-constant, jump table, etc where it's targeted by IR internal user code domain.
the latter indicates that the address is taken and can be targeted externally by Runtime (EH case), OS or even HW (like the retpoline case).

Or AddressTaken_User and AddressTaken_System that refer to user mode and system mode.

arsenm added inline comments.May 7 2022, 2:52 AM

llvm/lib/CodeGen/AsmPrinter/AsmPrinter.cpp
3552–3557	I don't like this hard requirement on the IR. CodeGen passes should try to avoid depending on the block being present (In particular llvm-reduce is now stripping out IR block references).
llvm/test/tools/llvm-reduce/mir/preserve-block-info.mir
11	Probably should add another case and check for the second flavor

efriedma added inline comments.May 8 2022, 7:06 PM

llvm/lib/CodeGen/AsmPrinter/AsmPrinter.cpp
3552–3557	I'm not sure what alternative you're suggesting here. There's a contract based on the BasicBlock: we emit a symbol here, and uses of the BlockAddress constant refer to it. To emit the correct symbol we need the BasicBlock. If we skip emitting the symbol here, we miscompile.

arsenm added inline comments.May 9 2022, 10:06 AM

llvm/lib/CodeGen/AsmPrinter/AsmPrinter.cpp
3552–3557	This needs to do something to handle the null block. Can it emit an __unnamed symbol or something like for anonymous functions? If this is going to assert on null the verifier at least has to check it

efriedma added inline comments.May 9 2022, 10:33 AM

llvm/lib/CodeGen/AsmPrinter/AsmPrinter.cpp
3552–3557	If we're not concerned about emitting code that actually works, we can skip emitting the symbol. The blockaddress will point to the end of the function. I think I'd prefer to have a verifier check; I'll look into adding that.

Add verifier check

Make the verifier check more strict, to match the asmprinter.

Alternatively, I guess we could drop both of the hasAddressTaken() assertions in AsmPrinter, but ensuring people don't use the wrong APIs seems more important than the resulting consequences for testcase reduction.

In D124697#3498401, @tentzen wrote:
How about AddressTaken_Internal and AddressTaken_External?
the _Internal is used for blockAddress-constant, jump table, etc where it's targeted by IR internal user code domain.
the latter indicates that the address is taken and can be targeted externally by Runtime (EH case), OS or even HW (like the retpoline case).
Or AddressTaken_User and AddressTaken_System that refer to user mode and system mode.

This isn't really the distinction I'm trying making here. The distinction here is between LLVM IR uses of blockaddress (for indirectbr), and MachineFunction uses of MachineBasicBlock labels (for retpoline etc.). Jump tables would fall into the latter category, except that we have explicit code to update jump tables in the places where it would matter.

Harbormaster completed remote builds in B163569: Diff 428194.May 9 2022, 5:01 PM

This isn't really the distinction I'm trying making here. The distinction here is between LLVM IR uses of blockaddress (for indirectbr), and MachineFunction uses of MachineBasicBlock labels (for retpoline etc.). Jump tables would fall into the latter category, except that we have explicit code to update jump tables in the places where it would matter.

OK. How about IRBlockAddressTaken and MachineBlockAddressTaken. I think having "AddressTaken" explicitly spelled out here can avoid future confusions.

Updated names according to suggestion from @tentzen

Harbormaster completed remote builds in B163813: Diff 428535.May 10 2022, 5:51 PM

kparzysz accepted this revision.May 13 2022, 2:44 PM

This revision is now accepted and ready to land.May 13 2022, 2:44 PM

arsenm added inline comments.May 16 2022, 2:44 PM

llvm/include/llvm/CodeGen/MachineBasicBlock.h
152	If you're going to depend on the underlying IR block, you don't really need another field inside MachineBasicBlock. You can just query directly from the IR

efriedma marked an inline comment as done.May 16 2022, 3:30 PM

efriedma added inline comments.

llvm/include/llvm/CodeGen/MachineBasicBlock.h
152	In general, there are multiple MachineBasicBlocks which correspond to a single IR BasicBlock; when we split a block for whatever reason, getBasicBlock() is the same for both halves. We need to know which one is the jump destination.

arsenm added inline comments.May 17 2022, 2:08 PM

llvm/include/llvm/CodeGen/MachineBasicBlock.h
152	Does it actually make sense to preserve the IR block if the block is split? Is the IR block used for anything else? Maybe for block splitting the second half of the block shouldn't have the IR link

efriedma marked an inline comment as done.May 17 2022, 4:39 PM

efriedma added inline comments.

llvm/include/llvm/CodeGen/MachineBasicBlock.h
152	It might be possible to mess with the value stored as getBasicBlock(); as far as I can tell, the result is mostly used for debug prints and as an argument to CreateMachineBasicBlock(). It is used for a few other (possibly dubious) things: to get MD_loop/MD_make_implicit metadata, to get debug locations, to get the LandingPadInst for a landing pad. Nothing we couldn't handle some other way, I think. If we want to go in that direction, though, I might as well just replace `bool IRBlockAddressTaken` with `BasicBlock *IRBlockAddress`", and avoid the dependency on getBasicBlock() altogether.

Patuti added a subscriber: Patuti.May 19 2022, 8:41 AM

efriedma added inline comments.May 24 2022, 12:33 PM

llvm/include/llvm/CodeGen/MachineBasicBlock.h
152	@arsenm Ping

bowang added a subscriber: bowang.Jun 23 2022, 12:50 AM

Herald added a subscriber: jsji. · View Herald TranscriptJun 23 2022, 12:50 AM

@arsenm @efriedma we'll update the SEH patch with this change if it's ready?

I was hoping to hear back from @arsenm about the review comment, but I think this is ready otherwise.

arsenm added inline comments.Jun 23 2022, 6:05 PM

llvm/include/llvm/CodeGen/MachineBasicBlock.h
152	Right, that's what I was suggesting. Just go through the IR block. I suspect the IR block is misleading in the split case anyway

For ir-block-address-taken basic blocks, don't depend on MachineBasicBlock::getBasicBlock(); store the corresponding BasicBlock separately. This ensures it stays isolated from any future cleanups related to getBasicBlock(). (The MIR ir-block-address-taken now takes a basic block argument.)

Harbormaster completed remote builds in B171927: Diff 439861.Jun 24 2022, 2:25 PM

@arsenm Ping

arsenm added inline comments.Jul 20 2022, 2:56 PM

llvm/include/llvm/CodeGen/MachineBasicBlock.h
152	I meant go from the underlying IR block that's already there, not introduce a second reference. Blocks split from the end of of the block would not have an IR block reference

hexhexd added a subscriber: hexhexd.Jul 20 2022, 10:59 PM

efriedma added inline comments.Jul 21 2022, 11:20 AM

llvm/include/llvm/CodeGen/MachineBasicBlock.h
152	Directly hacking at getBasicBlock() would be basically impossible to land in a single patch. There are a bunch of places that use getBasicBlock(); we'd need to ensure that every existing use of getBasicBlock() doesn't depend on the existing splitting behavior. We'd need to land a patch similar to this, then audit/modify various users of getBasicBlock(), then hack at the code that creates MBBs. I agree that the concept of the "corresponding IR block" is a bit fuzzy for a random basic block once you've started to run MachineFunction optimizations. But I'm not sure changing the rule for splitting BBs is helpful; we do a bunch of work to change the rules, and the result is that it's still fuzzy. I mean, knowing the BB tied to the initial MBB is useful specifically if you want some IR element tied to the beginning of the block, like a blockaddress or landingpad. But not so useful if you want to query the terminator the IR block used, like some other places do.

efriedma mentioned this in D130290: [MachineVerifier] add checks for INLINEASM_BR.Jul 21 2022, 11:25 AM

nickdesaulniers added a subscriber: nickdesaulniers.Jul 21 2022, 11:50 AM

@arsenm ping

LGTM. I agree it's more work to drop the second block but would leave less clutter

This revision was landed with ongoing or failed builds.Aug 16 2022, 4:17 PM

Closed by commit rGcfd2c5ce580f: Untangle the mess which is MachineBasicBlock::hasAddressTaken(). (authored by efriedma). · Explain Why

This revision was automatically updated to reflect the committed changes.

efriedma added a commit: rGcfd2c5ce580f: Untangle the mess which is MachineBasicBlock::hasAddressTaken()..

efriedma mentioned this in D130316: [SelectionDAG] make INLINEASM_BR use MachineBasicBlocks instead of BlockAddresses.Aug 16 2022, 4:22 PM

Please use GitHub pull requests for new patches. Phabricator shutdown timeline

Distinguish between different forms of "address-taken" MachineBasicBlocksClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 453153

llvm/include/llvm/CodeGen/MachineBasicBlock.h

llvm/lib/CodeGen/AsmPrinter/AsmPrinter.cpp

llvm/lib/CodeGen/GlobalISel/IRTranslator.cpp

llvm/lib/CodeGen/MIRParser/MILexer.h

llvm/lib/CodeGen/MIRParser/MILexer.cpp

llvm/lib/CodeGen/MIRParser/MIParser.cpp

llvm/lib/CodeGen/MachineBasicBlock.cpp

llvm/lib/CodeGen/MachineVerifier.cpp

llvm/lib/CodeGen/SelectionDAG/FunctionLoweringInfo.cpp

llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp

llvm/lib/Target/Hexagon/HexagonHardwareLoops.cpp

llvm/lib/Target/VE/VEISelLowering.cpp

llvm/lib/Target/X86/X86FrameLowering.cpp

llvm/lib/Target/X86/X86ISelLowering.cpp

llvm/lib/Target/X86/X86IndirectThunks.cpp

llvm/lib/Target/X86/X86SpeculativeLoadHardening.cpp

llvm/test/CodeGen/AArch64/GlobalISel/arm64-irtranslator.ll

llvm/test/CodeGen/AArch64/GlobalISel/legalize-blockaddress.mir

llvm/test/CodeGen/AArch64/GlobalISel/select-blockaddress.mir

llvm/test/CodeGen/AArch64/branch-target-enforcement.mir

llvm/test/CodeGen/AArch64/speculation-hardening-sls.mir

llvm/test/CodeGen/ARM/ifcvt-diamond-unanalyzable-common.mir

llvm/test/CodeGen/ARM/ifcvt-size.mir

llvm/test/CodeGen/Hexagon/bank-conflict.mir

llvm/test/CodeGen/Hexagon/hwloop-redef-imm.mir

llvm/test/CodeGen/Hexagon/loop_correctness.ll

llvm/test/CodeGen/Hexagon/pipeliner/swp-phi-start.mir

llvm/test/CodeGen/Hexagon/swp-carried-dep1.mir

llvm/test/CodeGen/Hexagon/swp-carried-dep2.mir

llvm/test/CodeGen/MIR/Generic/basic-blocks.mir

llvm/test/CodeGen/MIR/X86/block-address-operands.mir

llvm/test/CodeGen/MIR/X86/expected-block-reference-in-blockaddress.mir

llvm/test/CodeGen/MIR/X86/expected-function-reference-after-blockaddress.mir

llvm/test/CodeGen/MIR/X86/expected-global-value-after-blockaddress.mir

llvm/test/CodeGen/MIR/X86/undefined-ir-block-in-blockaddress.mir

llvm/test/CodeGen/MIR/X86/undefined-ir-block-slot-in-blockaddress.mir

llvm/test/CodeGen/X86/callbr-asm-kill.mir

llvm/test/CodeGen/X86/callbr-asm-outputs-pred-succ.ll

llvm/test/CodeGen/X86/tail-dup-asm-goto.ll

llvm/test/CodeGen/X86/win64-eh-empty-block-2.mir

llvm/test/DebugInfo/MIR/X86/ldv_unreachable_blocks.mir

llvm/test/DebugInfo/MIR/X86/ldv_unreachable_blocks2.mir

llvm/test/tools/llvm-reduce/mir/preserve-block-info.mir

llvm/tools/llvm-reduce/ReducerWorkItem.cpp

Distinguish between different forms of "address-taken" MachineBasicBlocks
ClosedPublic
Actions

Revision Contents
Changeset List