This is an archive of the discontinued LLVM Phabricator instance.

Differential D127962

[WinEHPrepare] Propagate funclet tokens when inlining into EH funclets
AbandonedPublic

Authored by sgraenitz on Jun 16 2022, 6:38 AM.

Details

Reviewers
theraven
rnk
DHowett-MSFT
Summary

WinEH requires funclet tokens for (nounwind) ObjC++ ARC intrinsics, because they are subject to pre-ISel lowering. That's because they appear as regular function calls for subsequent passes (like WinEHPrepare). Without funclet token they would be consider them implausible instrucitons and marked as unreachable. Affected EH funclets would get truncated silently, which causes unpredictable crashes at runtime.

Thus, when we target WinEH and generate calls to pre-ISel intrinsics from EH funclets, we emit funclet tokens explicitly. My previous patch D124762 implements that.

Now, the inliner has to propagate funclet tokens to such intrinsics, if they get inlined into EH funclets. That's what this patch implements.

Diff Detail

Unit TestsFailed

TimeTest
60,040 msx64 debian > libFuzzer.libFuzzer::fuzzer-leak.test
60,060 msx64 debian > libFuzzer.libFuzzer::large.test

Event Timeline

sgraenitz created this revision.Jun 16 2022, 6:38 AM
Herald added a project: Restricted Project. · View Herald TranscriptJun 16 2022, 6:38 AM
Herald added a subscriber: hiraditya. · View Herald Transcript
sgraenitz requested review of this revision.Jun 16 2022, 6:38 AM
Herald added a project: Restricted Project. · View Herald TranscriptJun 16 2022, 6:38 AM
sgraenitz added a parent revision: D124762: [WinEHPrepare] Avoid truncation of EH funclets with GNUstep ObjC runtime.Jun 16 2022, 6:39 AM
Harbormaster completed remote builds in B170250: Diff 437525.Jun 16 2022, 7:30 AM
sgraenitz updated this revision to Diff 437547.Jun 16 2022, 8:00 AM

Limit explicit propagation to actual pre-ISel intrinsics

sgraenitz added a comment.Jun 16 2022, 8:16 AM

This is the best solution I found so far. The funclet bundle operand (aka. token) of the inlinee function will be propagated to the set of intrinsics that is (as of today) subject to pre-ISel lowering. This only applies when targeting WinEH and only for functions inlined into EH funclets.

However, there is no check that makes sure the actual set of intrinsics is in sync with the condition I am using here. See my inline comment for a proposal.

llvm/lib/Transforms/Utils/InlineFunction.cpp
2313–2324

We could simplify the condition here by adding a new helper function in ObjCARCInstKind.h/.cpp:

bool llvm::objcarc::IsPreISelIntrinsic(Function *F) {
  ARCInstKind K = GetFunctionClass(F);
  return !IsUser(K) && K != ARCInstKind::None;
}

It could be used in D124762 CGCall.cpp as well as in PreISelIntrinsicLowering.cpp to assert the set of pre-ISel intrinsics is in sync with what we do here. This would also connect the three pieces of code explicitly, so it's easier for others to see their relation.

Harbormaster completed remote builds in B170270: Diff 437547.Jun 16 2022, 10:08 AM
rnk added a comment.Jun 16 2022, 1:25 PM

Thanks, sorry for the delay.

llvm/lib/Transforms/Utils/InlineFunction.cpp
2313–2324

I think the generic predicate we are looking should be called something like IntrinsicInst::mayLowerToFunctionCall, and it would be true for these ObjC ARC intrinsics, statepoint, and anything else like that. Basically, we should apply funclet operand bundles to intrinsics that lower to function calls.

2317

The personality check should not be necessary. We check CallSiteEHPad above, and that's enough to imply that the current function uses funclet bundle operands. (Wasm, SEH, C++ EH)

sgraenitz added a comment.Jun 20 2022, 5:51 AM

Thanks for your feedback.

In D127962#3590140, @rnk wrote:

I think the generic predicate we are looking should be called something like IntrinsicInst::mayLowerToFunctionCall, and it would be true for these ObjC ARC intrinsics, statepoint, and anything else like that. Basically, we should apply funclet operand bundles to intrinsics that lower to function calls.

I was not aware it would be such a broad issue! So far, I was trying to narrow the condition to my ObjC ARC use-case as close as possible. D128190 aims to apply bundle operands correctly for intrinsics that lower to function calls and covers both cases, emit and inline, at once. If this is ok, I can close the two reviews here.

llvm/lib/Transforms/Utils/InlineFunction.cpp
2317

Alright, I assume then it's not necessary in clang/lib/CodeGen/CGCall.cpp either.

sgraenitz added a comment.Jul 26 2022, 3:18 AM

Close in favor of the D128190, which covers both cases at once: emit (was D124762) and inline (was D127962)

sgraenitz abandoned this revision.Jul 26 2022, 3:19 AM
sgraenitz mentioned this in D124762: [WinEHPrepare] Avoid truncation of EH funclets with GNUstep ObjC runtime.
sgraenitz mentioned this in D128190: [WinEH] Apply funclet operand bundles to nounwind intrinsics that lower to function calls.Jul 26 2022, 6:43 AM

Revision Contents

PathSize
llvm/
lib/
Transforms/
Utils/
21 lines
test/
Feature/
OperandBundles/
55 lines

Diff 437547

llvm/lib/Transforms/Utils/InlineFunction.cpp

Show First 20 LinesShow All 1,827 Lines▼ Show 20 Lines if (CalledPersonality) {
// supersets of others and can be used in place of the other. // supersets of others and can be used in place of the other.
else if (CalledPersonality != CallerPersonality) else if (CalledPersonality != CallerPersonality)
return InlineResult::failure("incompatible personality"); return InlineResult::failure("incompatible personality");
} }
// We need to figure out which funclet the callsite was in so that we may // We need to figure out which funclet the callsite was in so that we may
// properly nest the callee. // properly nest the callee.
Instruction *CallSiteEHPad = nullptr; Instruction *CallSiteEHPad = nullptr;
EHPersonality Personality = EHPersonality::Unknown;
if (CallerPersonality) { if (CallerPersonality) {
EHPersonality Personality = classifyEHPersonality(CallerPersonality); Personality = classifyEHPersonality(CallerPersonality);
if (isScopedEHPersonality(Personality)) { if (isScopedEHPersonality(Personality)) {
Optional<OperandBundleUse> ParentFunclet = Optional<OperandBundleUse> ParentFunclet =
CB.getOperandBundle(LLVMContext::OB_funclet); CB.getOperandBundle(LLVMContext::OB_funclet);
if (ParentFunclet) if (ParentFunclet)
CallSiteEHPad = cast<FuncletPadInst>(ParentFunclet->Inputs.front()); CallSiteEHPad = cast<FuncletPadInst>(ParentFunclet->Inputs.front());
// OK, the inlining site is legal. What about the target function? // OK, the inlining site is legal. What about the target function?
▲ Show 20 LinesShow All 454 Lines▼ Show 20 Lines for (Function::iterator BB = FirstNewBlock->getIterator(),
BB != E; ++BB) { BB != E; ++BB) {
// Add bundle operands to any top-level call sites. // Add bundle operands to any top-level call sites.
SmallVector<OperandBundleDef, 1> OpBundles; SmallVector<OperandBundleDef, 1> OpBundles;
for (Instruction &II : llvm::make_early_inc_range(*BB)) { for (Instruction &II : llvm::make_early_inc_range(*BB)) {
CallBase *I = dyn_cast<CallBase>(&II); CallBase *I = dyn_cast<CallBase>(&II);
if (!I) if (!I)
continue; continue;
// Skip call sites which are nounwind intrinsics. // Skip call sites which are nounwind intrinsics
auto *CalledFn = auto *CalledFn =
dyn_cast<Function>(I->getCalledOperand()->stripPointerCasts()); dyn_cast<Function>(I->getCalledOperand()->stripPointerCasts());
if (CalledFn && CalledFn->isIntrinsic() && I->doesNotThrow()) if (CalledFn && CalledFn->isIntrinsic() && I->doesNotThrow()) {
// When targeting WinEH, we must propagate funclet tokens to pre-ISel
// intrinsics, if they get inlined into EH funclets. Otherwise,
// WinEHPrepare would mark them unreachable and cause truncations.
bool PropagateExplicitly = false;
if (Personality == EHPersonality::MSVC_CXX) {
rnkUnsubmitted
Not Done
ReplyInline Actions

The personality check should not be necessary. We check CallSiteEHPad above, and that's enough to imply that the current function uses funclet bundle operands. (Wasm, SEH, C++ EH)

rnk: The personality check should not be necessary. We check CallSiteEHPad above, and that's enough…
sgraenitzAuthorUnsubmitted
Not Done
ReplyInline Actions

Alright, I assume then it's not necessary in clang/lib/CodeGen/CGCall.cpp either.

sgraenitz: Alright, I assume then it's not necessary in `clang/lib/CodeGen/CGCall.cpp` either.
using namespace llvm::objcarc;
ARCInstKind Kind = GetFunctionClass(CalledFn);
if (!IsUser(Kind) && Kind != ARCInstKind::None)
PropagateExplicitly = true;
}
if (!PropagateExplicitly)
continue; continue;
sgraenitzAuthorUnsubmitted
Done
ReplyInline Actions
if (CalledFn && CalledFn->isIntrinsic() && I->doesNotThrow()) {
// When targeting WinEH, we must propagate funclet tokens to pre-ISel
// intrinsics, if they get inlined into EH funclets. Otherwise,
// WinEHPrepare would mark them unreachable and cause truncations.
- bool PropagateExplicitly = false;
- if (Personality == EHPersonality::MSVC_CXX) {
- using namespace llvm::objcarc;
- ARCInstKind Kind = GetFunctionClass(CalledFn);
- if (!IsUser(Kind) && Kind != ARCInstKind::None)
- PropagateExplicitly = true;
- }
- if (!PropagateExplicitly)
+ if (Personality != EHPersonality::MSVC_CXX ||
+ !objcarc::IsPreISelIntrinsic(CalledFn))
continue;
}
// Skip call sites which already have a "funclet" bundle.

We could simplify the condition here by adding a new helper function in ObjCARCInstKind.h/.cpp:

bool llvm::objcarc::IsPreISelIntrinsic(Function *F) {
  ARCInstKind K = GetFunctionClass(F);
  return !IsUser(K) && K != ARCInstKind::None;
}

It could be used in D124762 CGCall.cpp as well as in PreISelIntrinsicLowering.cpp to assert the set of pre-ISel intrinsics is in sync with what we do here. This would also connect the three pieces of code explicitly, so it's easier for others to see their relation.

sgraenitz: We could simplify the condition here by adding a new helper function in ObjCARCInstKind.h/.cpp…
rnkUnsubmitted
Not Done
ReplyInline Actions

I think the generic predicate we are looking should be called something like IntrinsicInst::mayLowerToFunctionCall, and it would be true for these ObjC ARC intrinsics, statepoint, and anything else like that. Basically, we should apply funclet operand bundles to intrinsics that lower to function calls.

rnk: I think the generic predicate we are looking should be called something like `IntrinsicInst…
}
// Skip call sites which already have a "funclet" bundle. // Skip call sites which already have a "funclet" bundle.
if (I->getOperandBundle(LLVMContext::OB_funclet)) if (I->getOperandBundle(LLVMContext::OB_funclet))
continue; continue;
I->getOperandBundlesAsDefs(OpBundles); I->getOperandBundlesAsDefs(OpBundles);
OpBundles.emplace_back("funclet", CallSiteEHPad); OpBundles.emplace_back("funclet", CallSiteEHPad);
▲ Show 20 LinesShow All 340 LinesShow Last 20 Lines

llvm/test/Feature/OperandBundles/inliner-funclet-wineh.ll

  • This file was added.
; RUN: opt -S -always-inline -mtriple=x86_64-windows-msvc < %s | FileCheck %s
; WinEH doesn't require funclet tokens on nounwind intrinsics per se. ObjC++ ARC
; intrinsics are a special case, because they are subject to pre-ISel lowering.
; They appear as regular function calls for subsequent passes, like WinEHPrepare
; which would consider them implausible instrucitons and mark them unreachable.
; Affected EH funclets would get truncated silently, which causes unpredictable
; crashes at runtime.
;
; Thus, when we target WinEH and generate calls to pre-ISel intrinsics from EH
; funclets, we emit funclet tokens explicitly.
;
; The inliner has to propagate funclet tokens to such intrinsics, if they get
; inlined into EH funclets.
define void @inlined_fn(ptr %ex) #1 {
entry:
call void @llvm.objc.storeStrong(ptr %ex, ptr null)
ret void
}
define void @test_catch_with_inline() personality ptr @__CxxFrameHandler3 {
entry:
%exn.slot = alloca ptr, align 8
%ex = alloca ptr, align 8
invoke void @opaque() to label %invoke.cont unwind label %catch.dispatch
catch.dispatch:
%0 = catchswitch within none [label %catch] unwind to caller
invoke.cont:
unreachable
catch:
%1 = catchpad within %0 [ptr null, i32 64, ptr %exn.slot]
call void @inlined_fn(ptr %ex) [ "funclet"(token %1) ]
catchret from %1 to label %catchret.dest
catchret.dest:
ret void
}
declare void @opaque()
declare void @llvm.objc.storeStrong(ptr, ptr) #0
declare i32 @__CxxFrameHandler3(...)
attributes #0 = { nounwind }
attributes #1 = { alwaysinline }
; CHECK-LABEL: define void @test_catch_with_inline()
; ...
; CHECK: catch:
; CHECK-NEXT: %1 = catchpad within %0 [ptr null, i32 64, ptr %exn.slot]
; CHECK-NEXT: call void @llvm.objc.storeStrong(ptr %ex, ptr null) [ "funclet"(token %1) ]
; CHECK-NEXT: catchret from %1 to label %catchret.dest