This is an archive of the discontinued LLVM Phabricator instance.

Differential D131034

[Backend][X86] Improved tail call optimization for functions marked as musttail
Needs ReviewPublic

Authored by huangjd on Aug 2 2022, 5:12 PM.

Details

Reviewers
davidxl
Carrot
nikic
spatel
reames
aeubanks
efriedma
craig.topper
Summary

Now check if a function call marked as musttail also qualifies as a sibcall,
which means on-stack arguments are already in place before handling the
tail call function.

This also suppress a bug when a musttail call has struct arguments
passed on the stack, the output code results in return address
overwriting. See https://github.com/llvm/llvm-project/issues/56891

Diff Detail

Unit TestsFailed

TimeTest
60,100 msx64 debian > AddressSanitizer-x86_64-linux-dynamic.TestCases::scariness_score_test.cpp
61,380 msx64 debian > AddressSanitizer-x86_64-linux.TestCases::scariness_score_test.cpp

Event Timeline

huangjd created this revision.Aug 2 2022, 5:12 PM
Herald added a project: Restricted Project. · View Herald TranscriptAug 2 2022, 5:12 PM
Herald added subscribers: pengfei, hiraditya. · View Herald Transcript
huangjd requested review of this revision.Aug 2 2022, 5:12 PM
Herald added a project: Restricted Project. · View Herald TranscriptAug 2 2022, 5:12 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
huangjd added reviewers: Carrot, nikic, spatel, reames, aeubanks.Aug 2 2022, 5:16 PM
Harbormaster completed remote builds in B178905: Diff 449490.Aug 2 2022, 6:20 PM
davidxl added inline comments.Aug 3 2022, 9:23 AM
llvm/test/CodeGen/X86/musttail-struct.ll
42

is this the correct comment, or it is intended for a negative test (missing)?

huangjd added inline comments.Aug 3 2022, 11:26 AM
llvm/test/CodeGen/X86/musttail-struct.ll
42

This is just describing the purpose of the test. in x64 the first 6 are passed by register and the rest 2 are passed by stack

davidxl added inline comments.Aug 3 2022, 1:54 PM
llvm/test/CodeGen/X86/musttail-struct.ll
42

Ok. Can you expand the comment a little more.

Can you also add a negative test?

huangjd updated this revision to Diff 449841.Aug 3 2022, 5:33 PM

Updated comments

huangjd added inline comments.Aug 3 2022, 5:41 PM
llvm/test/CodeGen/X86/musttail-struct.ll
42

I am not sure what should a negative test be in this case, since the front end rejects the code if "musttail" is applied on function call that can't be tail called. Also if tail call is not applied, the output assembly can be quite unpredictable (if someone else change anything else in codegen) since instructions can be shuffled. I have yet seen a negative test with tail call optimization

Harbormaster completed remote builds in B179172: Diff 449841.Aug 3 2022, 7:20 PM
davidxl added inline comments.Aug 4 2022, 10:38 AM
llvm/lib/Target/X86/X86ISelLowering.cpp
4268

Can this be handled by line 4274?

4311–4312

what is this change for?

llvm/test/CodeGen/X86/musttail-struct.ll
42

An IR test can be written manually. This is to test line 4262: IsEligibleForTailCallOptimization() logic for mustTail case.

huangjd updated this revision to Diff 450107.Aug 4 2022, 12:55 PM

Restructured logic to determine isSibcall

huangjd updated this revision to Diff 450109.Aug 4 2022, 12:57 PM

Added comments

llvm/lib/Target/X86/X86ISelLowering.cpp
4311–4312

Sibcall should not adjust stack because all arguments are already in place. This is previously causing the bug I posted on github

xbolva00 added reviewers: efriedma, craig.topper.Aug 4 2022, 1:03 PM
Herald added a subscriber: StephenFan. · View Herald TranscriptAug 4 2022, 1:03 PM
efriedma added a comment.EditedAug 4 2022, 2:09 PM

Example of copying arguments in memory for musttail follows (which is still broken with this patch). Was leaving this broken intentional?

struct A {
    int a[5];
};
extern int G(A a, A b);
int F(A a, A b) {
    [[clang::musttail]] return G(b, a);
}
Harbormaster completed remote builds in B179373: Diff 450109.Aug 4 2022, 3:38 PM
huangjd added a comment.EditedAug 9 2022, 12:38 PM

@efriedma This is a limitation of the current patch that it could only handle the case with arguments in matching order. After some investigation I found that the current function call lowering pass cannot handle in-place stack argument shuffling at all, as it doesn't take read/write dependency into account. It would require an extensive refactoring to completely fix it.

In addition, shuffling large stack arguments to force a tail call can get quite complicated, for instance, if we have F(x0, x1, x2, ... xn) calling G(x1, x2, ... xn, x0) where every argument is the same type and is passed by stack, in order to do an in-place argument swapping without further stack spill, the optimal code should be something like

for i in 0..k:
  tmpreg = x0.word_i
  x0.word_i = x1.word_i
  ...
  xn.word_i = tmpreg

where x0.word_i, ..., xn.word_i are cache-line sized partitions of the arguments x0, ..., xn.

The current patch is able to handle two common real world scenario of tail calls (a) a function that simply delegates to another function without doing anything else, and (b) recursive tail call where only the induction variable passed by register changes.

Revision Contents

PathSize
llvm/
lib/
Target/
X86/
18 lines
test/
CodeGen/
X86/
57 lines
18 lines

Diff 450109

llvm/lib/Target/X86/X86ISelLowering.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 4,251 Lines▼ Show 20 Lines if (Subtarget.isPICStyleGOT() && !IsGuaranteeTCO && !IsMustTail) {
// that require lazy function symbol resolution. Using musttail or // that require lazy function symbol resolution. Using musttail or
// GuaranteedTailCallOpt will override this. // GuaranteedTailCallOpt will override this.
GlobalAddressSDNode *G = dyn_cast<GlobalAddressSDNode>(Callee); GlobalAddressSDNode *G = dyn_cast<GlobalAddressSDNode>(Callee);
if (!G || (!G->getGlobal()->hasLocalLinkage() && if (!G || (!G->getGlobal()->hasLocalLinkage() &&
G->getGlobal()->hasDefaultVisibility())) G->getGlobal()->hasDefaultVisibility()))
isTailCall = false; isTailCall = false;
} }
if (isTailCall && !IsMustTail) { if (isTailCall) {
// It seems this function actually checks for sib call.
// Check if it's really possible to do a tail call. // Check if it's really possible to do a tail call.
isTailCall = IsEligibleForTailCallOptimization( IsSibcall = IsEligibleForTailCallOptimization(
Callee, CallConv, IsCalleePopSRet, isVarArg, CLI.RetTy, Outs, OutVals, Callee, CallConv, IsCalleePopSRet, isVarArg, CLI.RetTy, Outs, OutVals,
Ins, DAG); Ins, DAG);
// Sibcalls are automatically detected tailcalls which do not require if (!IsMustTail) {
// ABI changes. isTailCall = IsSibcall;
davidxlUnsubmitted
Not Done
ReplyInline Actions

Can this be handled by line 4274?

davidxl: Can this be handled by line 4274?
if (!IsGuaranteeTCO && isTailCall) // Sibcalls are automatically detected tailcalls which do not require ABI
IsSibcall = true; // changes.
IsSibcall = IsSibcall && !IsGuaranteeTCO;
}
if (isTailCall) if (isTailCall)
++NumTailCalls; ++NumTailCalls;
} }
if (IsMustTail && !isTailCall) if (IsMustTail && !isTailCall)
report_fatal_error("failed to perform tail call elimination on a call " report_fatal_error("failed to perform tail call elimination on a call "
"site marked musttail"); "site marked musttail");
Show All 22 LinesX86TargetLowering::LowerCall(TargetLowering::CallLoweringInfo &CLI,
if (IsSibcall) if (IsSibcall)
// This is a sibcall. The memory operands are available in caller's // This is a sibcall. The memory operands are available in caller's
// own caller's stack. // own caller's stack.
NumBytes = 0; NumBytes = 0;
else if (IsGuaranteeTCO && canGuaranteeTCO(CallConv)) else if (IsGuaranteeTCO && canGuaranteeTCO(CallConv))
NumBytes = GetAlignedArgumentStackSize(NumBytes, DAG); NumBytes = GetAlignedArgumentStackSize(NumBytes, DAG);
int FPDiff = 0; int FPDiff = 0;
if (isTailCall && // Sibcall should not adjust stack pointer.
if (isTailCall && !IsSibcall &&
davidxlUnsubmitted
Not Done
ReplyInline Actions

what is this change for?

davidxl: what is this change for?
huangjdAuthorUnsubmitted
Done
ReplyInline Actions

Sibcall should not adjust stack because all arguments are already in place. This is previously causing the bug I posted on github

huangjd: Sibcall should not adjust stack because all arguments are already in place. This is previously…
shouldGuaranteeTCO(CallConv, shouldGuaranteeTCO(CallConv,
MF.getTarget().Options.GuaranteedTailCallOpt)) { MF.getTarget().Options.GuaranteedTailCallOpt)) {
// Lower arguments at fp - stackoffset + fpdiff. // Lower arguments at fp - stackoffset + fpdiff.
unsigned NumBytesCallerPushed = X86Info->getBytesToPopOnReturn(); unsigned NumBytesCallerPushed = X86Info->getBytesToPopOnReturn();
FPDiff = NumBytesCallerPushed - NumBytes; FPDiff = NumBytesCallerPushed - NumBytes;
// Set the delta of movement of the returnaddr stackslot. // Set the delta of movement of the returnaddr stackslot.
▲ Show 20 LinesShow All 32,759 LinesShow Last 20 Lines

llvm/test/CodeGen/X86/musttail-struct.ll

  • This file was added.
; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
; RUN: llc < %s -mtriple=x86_64-unknown-unknown | FileCheck %s
; RUN: llc < %s -mtriple=i686-unknown-unknown | FileCheck %s
; Test correct handling of musttail call with struct.
%struct.1xi32 = type { [1 x i32] }
%struct.3xi32 = type { [3 x i32] }
%struct.5xi32 = type { [5 x i32] }
declare dso_local i32 @Func1(ptr byval(%struct.1xi32) %0)
declare dso_local i32 @Func3(ptr byval(%struct.3xi32) %0)
declare dso_local i32 @Func5(ptr byval(%struct.5xi32) %0)
declare dso_local i32 @FuncManyArgs(i32 %0, i32 %1, i32 %2, i32 %3, i32 %4, i32 %5, i8 %6, ptr byval(%struct.5xi32) %7)
define dso_local i32 @test1(ptr byval(%struct.1xi32) %0) {
; CHECK-LABEL: test1:
; CHECK: # %bb.0:
; CHECK-NEXT: jmp Func1 # TAILCALL
%r = musttail call i32 @Func1(ptr byval(%struct.1xi32) %0)
ret i32 %r
}
define dso_local i32 @test3(ptr byval(%struct.3xi32) %0) {
; CHECK-LABEL: test3:
; CHECK: # %bb.0:
; CHECK-NEXT: jmp Func3 # TAILCALL
%r = musttail call i32 @Func3(ptr byval(%struct.3xi32) %0)
ret i32 %r
}
; sizeof(%struct.5xi32) > 16, in x64 this is passed on stack.
define dso_local i32 @test5(ptr byval(%struct.5xi32) %0) {
; CHECK-LABEL: test5:
; CHECK: # %bb.0:
; CHECK-NEXT: jmp Func5 # TAILCALL
%r = musttail call i32 @Func5(ptr byval(%struct.5xi32) %0)
ret i32 %r
}
; Test passing multiple arguments with different sizes on stack. In x64 Linux
; the first 6 are passed by register.
davidxlUnsubmitted
Not Done
ReplyInline Actions

is this the correct comment, or it is intended for a negative test (missing)?

davidxl: is this the correct comment, or it is intended for a negative test (missing)?
huangjdAuthorUnsubmitted
Done
ReplyInline Actions

This is just describing the purpose of the test. in x64 the first 6 are passed by register and the rest 2 are passed by stack

huangjd: This is just describing the purpose of the test. in x64 the first 6 are passed by register and…
davidxlUnsubmitted
Not Done
ReplyInline Actions

Ok. Can you expand the comment a little more.

Can you also add a negative test?

davidxl: Ok. Can you expand the comment a little more. Can you also add a negative test?
huangjdAuthorUnsubmitted
Done
ReplyInline Actions

I am not sure what should a negative test be in this case, since the front end rejects the code if "musttail" is applied on function call that can't be tail called. Also if tail call is not applied, the output assembly can be quite unpredictable (if someone else change anything else in codegen) since instructions can be shuffled. I have yet seen a negative test with tail call optimization

huangjd: I am not sure what should a negative test be in this case, since the front end rejects the code…
davidxlUnsubmitted
Not Done
ReplyInline Actions

An IR test can be written manually. This is to test line 4262: IsEligibleForTailCallOptimization() logic for mustTail case.

davidxl: An IR test can be written manually. This is to test line 4262…
define dso_local i32 @testManyArgs(i32 %0, i32 %1, i32 %2, i32 %3, i32 %4, i32 %5, i8 %6, ptr byval(%struct.5xi32) %7) {
; CHECK-LABEL: testManyArgs:
; CHECK: # %bb.0:
; CHECK-NEXT: jmp FuncManyArgs # TAILCALL
%r = musttail call i32 @FuncManyArgs(i32 %0, i32 %1, i32 %2, i32 %3, i32 %4, i32 %5, i8 %6, ptr byval(%struct.5xi32) %7)
ret i32 %r
}
define dso_local i32 @testRecursion(i32 %0, i32 %1, i32 %2, i32 %3, i32 %4, i32 %5, i8 %6, ptr byval(%struct.5xi32) %7) {
; CHECK-LABEL: testRecursion:
; CHECK: # %bb.0:
; CHECK-NEXT: jmp testRecursion # TAILCALL
%r = musttail call i32 @testRecursion(i32 %0, i32 %1, i32 %2, i32 %3, i32 %4, i32 %5, i8 %6, ptr byval(%struct.5xi32) %7)
ret i32 %r
}

llvm/test/CodeGen/X86/musttail-tailcc.ll

Show First 20 LinesShow All 48 Lines▼ Show 20 Lines
define dso_local tailcc void @void_test(i32, i32, i32, i32) { define dso_local tailcc void @void_test(i32, i32, i32, i32) {
; X64-LABEL: void_test: ; X64-LABEL: void_test:
; X64: # %bb.0: # %entry ; X64: # %bb.0: # %entry
; X64-NEXT: jmp void_test # TAILCALL ; X64-NEXT: jmp void_test # TAILCALL
; ;
; X32-LABEL: void_test: ; X32-LABEL: void_test:
; X32: # %bb.0: # %entry ; X32: # %bb.0: # %entry
; X32-NEXT: pushl %esi
; X32-NEXT: .cfi_def_cfa_offset 8
; X32-NEXT: .cfi_offset %esi, -8
; X32-NEXT: movl {{[0-9]+}}(%esp), %eax
; X32-NEXT: movl {{[0-9]+}}(%esp), %esi
; X32-NEXT: movl %esi, {{[0-9]+}}(%esp)
; X32-NEXT: movl %eax, {{[0-9]+}}(%esp)
; X32-NEXT: popl %esi
; X32-NEXT: .cfi_def_cfa_offset 4
; X32-NEXT: jmp void_test # TAILCALL ; X32-NEXT: jmp void_test # TAILCALL
entry: entry:
musttail call tailcc void @void_test( i32 %0, i32 %1, i32 %2, i32 %3) musttail call tailcc void @void_test( i32 %0, i32 %1, i32 %2, i32 %3)
ret void ret void
} }
define dso_local tailcc i1 @i1test(i32, i32, i32, i32) { define dso_local tailcc i1 @i1test(i32, i32, i32, i32) {
; X64-LABEL: i1test: ; X64-LABEL: i1test:
; X64: # %bb.0: # %entry ; X64: # %bb.0: # %entry
; X64-NEXT: jmp i1test # TAILCALL ; X64-NEXT: jmp i1test # TAILCALL
; ;
; X32-LABEL: i1test: ; X32-LABEL: i1test:
; X32: # %bb.0: # %entry ; X32: # %bb.0: # %entry
; X32-NEXT: pushl %esi
; X32-NEXT: .cfi_def_cfa_offset 8
; X32-NEXT: .cfi_offset %esi, -8
; X32-NEXT: movl {{[0-9]+}}(%esp), %eax
; X32-NEXT: movl {{[0-9]+}}(%esp), %esi
; X32-NEXT: movl %esi, {{[0-9]+}}(%esp)
; X32-NEXT: movl %eax, {{[0-9]+}}(%esp)
; X32-NEXT: popl %esi
; X32-NEXT: .cfi_def_cfa_offset 4
; X32-NEXT: jmp i1test # TAILCALL ; X32-NEXT: jmp i1test # TAILCALL
entry: entry:
%4 = musttail call tailcc i1 @i1test( i32 %0, i32 %1, i32 %2, i32 %3) %4 = musttail call tailcc i1 @i1test( i32 %0, i32 %1, i32 %2, i32 %3)
ret i1 %4 ret i1 %4
} }