This is an archive of the discontinued LLVM Phabricator instance.

Differential D135270

[WinEH] Validate funclet tokens in colorEHFunclets()
AbandonedPublic

Authored by sgraenitz on Oct 5 2022, 8:16 AM.

Details

Reviewers
rnk
efriedma
lebedev.ri
Summary

When coloring EH funclets during WinEHPrepare, we should check that none of the involved funclet bundle operands refers to an invalid/out-of-scope funclet pad. This would lead to silent binary truncations later on.
For the time being users can demote the error into a warning by passing the -no-funclet-bundle-errors flag.

Diff Detail

Unit TestsFailed

TimeTest
1,260 msx64 debian > LLVM.CodeGen/WinEH::wineh-funclet-bundle-validation.ll

Event Timeline

sgraenitz created this revision.Oct 5 2022, 8:16 AM
Herald added a project: Restricted Project. · View Herald TranscriptOct 5 2022, 8:16 AM
Herald added a subscriber: hiraditya. · View Herald Transcript
sgraenitz requested review of this revision.Oct 5 2022, 8:16 AM
Herald added a project: Restricted Project. · View Herald TranscriptOct 5 2022, 8:16 AM
sgraenitz added a comment.Oct 5 2022, 8:23 AM

This came up in D134866. No upstream test case triggers the error. Clang reports the error/warning like this:

warning: linking module 'wineh-funclet-bundle-validation.ll': Invalid funclet token in BasicBlock catchret.dest (outside funclet)  %1 = catchpad within %0 [ptr null, i32 0, ptr null] [-Wlinker-warnings]
Harbormaster completed remote builds in B190495: Diff 465409.Oct 5 2022, 9:03 AM
rnk added a comment.Oct 5 2022, 11:38 AM

I think it would be more reasonable to emit a diagnostic at the point where we mark the successor as implausible. This is an analysis function, which is called during instrumentation passes, and I don't think we should emit errors from an analysis helper.

llvm/lib/Analysis/EHPersonalities.cpp
111 ↗(On Diff #465409)

What I had in mind was to essentially emit an error when the ColorVector has a size of more than one. That represents a situation where we would start cloning basic blocks in WinEHPrepare.

sgraenitz updated this revision to Diff 466093.Oct 7 2022, 9:10 AM

Move out of analysis pass and update for specific failure situation: verify that no funclet tokens exist outside of actual funclets (opt-in with -verify-funclet-tokens)

sgraenitz added a comment.Oct 7 2022, 9:11 AM
In D135270#3837735, @rnk wrote:

This is an analysis function, which is called during instrumentation passes, and I don't think we should emit errors from an analysis helper.

Fair point. I moved it into the first caller in WinEHPrepare.

What I had in mind was to essentially emit an error when the ColorVector has a size of more than one. That represents a situation where we would start cloning basic blocks in WinEHPrepare.

This is done already as a debug check in verifyPreparedFunclets() at the end of prepareExplicitEH().

It's not happening in our repro though! All basic blocks are assigned exactly one color. The catchret.dest block is marked implausible, because it refers to another color's funclet pad. As far as I can tell, this isn't verified anywhere. I adjusted the patch for this specific situation.

Harbormaster completed remote builds in B190956: Diff 466093.Oct 7 2022, 9:52 AM
rnk added a comment.Oct 7 2022, 12:41 PM
In D135270#3843045, @sgraenitz wrote:
In D135270#3837735, @rnk wrote:

This is an analysis function, which is called during instrumentation passes, and I don't think we should emit errors from an analysis helper.

Fair point. I moved it into the first caller in WinEHPrepare.

What I had in mind was to essentially emit an error when the ColorVector has a size of more than one. That represents a situation where we would start cloning basic blocks in WinEHPrepare.

This is done already as a debug check in verifyPreparedFunclets() at the end of prepareExplicitEH().

It's not happening in our repro though! All basic blocks are assigned exactly one color. The catchret.dest block is marked implausible, because it refers to another color's funclet pad. As far as I can tell, this isn't verified anywhere. I adjusted the patch for this specific situation.

Removing implausible terminators happens before that check, and it's supposed to make it so that the check passes and all blocks have a unique color. I guess what I'm suggesting is:

  • let's just delete, or flag off, this call to remove implausible terminators
  • always call verifyPreparedFunclets
  • replace the report_fatal_error calls with error diagnostics
sgraenitz abandoned this revision.Nov 16 2022, 5:08 AM

D138123 proposes to check funclet tokens in the IR Verifier

Revision Contents

PathSize
llvm/
lib/
CodeGen/
31 lines
test/
CodeGen/
WinEH/
33 lines

Diff 466093

llvm/lib/CodeGen/WinEHPrepare.cpp

Show First 20 LinesShow All 49 Lines▼ Show 20 Linesstatic cl::opt<bool> DisableCleanups(
"disable-cleanups", cl::Hidden, "disable-cleanups", cl::Hidden,
cl::desc("Do not remove implausible terminators or other similar cleanups"), cl::desc("Do not remove implausible terminators or other similar cleanups"),
cl::init(false)); cl::init(false));
static cl::opt<bool> DemoteCatchSwitchPHIOnlyOpt( static cl::opt<bool> DemoteCatchSwitchPHIOnlyOpt(
"demote-catchswitch-only", cl::Hidden, "demote-catchswitch-only", cl::Hidden,
cl::desc("Demote catchswitch BBs only (for wasm EH)"), cl::init(false)); cl::desc("Demote catchswitch BBs only (for wasm EH)"), cl::init(false));
static cl::opt<bool> VerifyFuncletTokens(
"verify-funclet-tokens", cl::Hidden,
cl::desc("During WinEH preparations check for funclet tokens outside of "
"actual funclets"),
cl::init(false));
namespace { namespace {
class WinEHPrepare : public FunctionPass { class WinEHPrepare : public FunctionPass {
public: public:
static char ID; // Pass identification, replacement for typeid. static char ID; // Pass identification, replacement for typeid.
WinEHPrepare(bool DemoteCatchSwitchPHIOnly = false) WinEHPrepare(bool DemoteCatchSwitchPHIOnly = false)
: FunctionPass(ID), DemoteCatchSwitchPHIOnly(DemoteCatchSwitchPHIOnly) {} : FunctionPass(ID), DemoteCatchSwitchPHIOnly(DemoteCatchSwitchPHIOnly) {}
Show All 18 Linesprivate:
bool prepareExplicitEH(Function &F); bool prepareExplicitEH(Function &F);
void colorFunclets(Function &F); void colorFunclets(Function &F);
void demotePHIsOnFunclets(Function &F, bool DemoteCatchSwitchPHIOnly); void demotePHIsOnFunclets(Function &F, bool DemoteCatchSwitchPHIOnly);
void cloneCommonBlocks(Function &F); void cloneCommonBlocks(Function &F);
void removeImplausibleInstructions(Function &F); void removeImplausibleInstructions(Function &F);
void cleanupPreparedFunclets(Function &F); void cleanupPreparedFunclets(Function &F);
void verifyPreparedFunclets(Function &F); void verifyPreparedFunclets(Function &F);
void verifyNoFuncletTokens(const std::vector<BasicBlock *> &Blocks);
bool DemoteCatchSwitchPHIOnly; bool DemoteCatchSwitchPHIOnly;
// All fields are reset by runOnFunction. // All fields are reset by runOnFunction.
EHPersonality Personality = EHPersonality::Unknown; EHPersonality Personality = EHPersonality::Unknown;
const DataLayout *DL = nullptr; const DataLayout *DL = nullptr;
DenseMap<BasicBlock *, ColorVector> BlockColors; DenseMap<BasicBlock *, ColorVector> BlockColors;
▲ Show 20 LinesShow All 600 Lines▼ Show 20 Linesvoid WinEHPrepare::colorFunclets(Function &F) {
BlockColors = colorEHFunclets(F); BlockColors = colorEHFunclets(F);
// Invert the map from BB to colors to color to BBs. // Invert the map from BB to colors to color to BBs.
for (BasicBlock &BB : F) { for (BasicBlock &BB : F) {
ColorVector &Colors = BlockColors[&BB]; ColorVector &Colors = BlockColors[&BB];
for (BasicBlock *Color : Colors) for (BasicBlock *Color : Colors)
FuncletBlocks[Color].push_back(&BB); FuncletBlocks[Color].push_back(&BB);
} }
if (VerifyFuncletTokens)
for (auto &Funclet : FuncletBlocks) {
auto *FuncletPad = dyn_cast<FuncletPadInst>(Funclet.first->getFirstNonPHI());
if (!FuncletPad)
verifyNoFuncletTokens(Funclet.second);
}
} }
void WinEHPrepare::demotePHIsOnFunclets(Function &F, void WinEHPrepare::demotePHIsOnFunclets(Function &F,
bool DemoteCatchSwitchPHIOnly) { bool DemoteCatchSwitchPHIOnly) {
// Strip PHI nodes off of EH pads. // Strip PHI nodes off of EH pads.
SmallVector<PHINode *, 16> PHINodes; SmallVector<PHINode *, 16> PHINodes;
for (BasicBlock &BB : make_early_inc_range(F)) { for (BasicBlock &BB : make_early_inc_range(F)) {
if (!BB.isEHPad()) if (!BB.isEHPad())
▲ Show 20 LinesShow All 322 Lines▼ Show 20 Lines for (BasicBlock &BB : F) {
if (NumColors > 1) if (NumColors > 1)
report_fatal_error("Multicolor BB!"); report_fatal_error("Multicolor BB!");
assert((DisableDemotion || !(BB.isEHPad() && isa<PHINode>(BB.begin()))) && assert((DisableDemotion || !(BB.isEHPad() && isa<PHINode>(BB.begin()))) &&
"EH Pad still has a PHI!"); "EH Pad still has a PHI!");
} }
} }
#endif #endif
void WinEHPrepare::verifyNoFuncletTokens(const std::vector<BasicBlock *> &Blocks) {
for (BasicBlock *BB : Blocks) {
for (Instruction &I : *BB) {
if (auto *CB = dyn_cast<CallBase>(&I)) {
if (auto BU = CB->getOperandBundle(LLVMContext::OB_funclet)) {
std::string Buffer;
raw_string_ostream OS(Buffer);
OS << "Invalid funclet token in BasicBlock " << BB->getName();
Value *FuncletBundleOperand = BU->Inputs.front();
OS << " outside funclet:" << *FuncletBundleOperand << "\n";
report_fatal_error(OS.str().c_str());
}
}
}
}
}
bool WinEHPrepare::prepareExplicitEH(Function &F) { bool WinEHPrepare::prepareExplicitEH(Function &F) {
// Remove unreachable blocks. It is not valuable to assign them a color and // Remove unreachable blocks. It is not valuable to assign them a color and
// their existence can trick us into thinking values are alive when they are // their existence can trick us into thinking values are alive when they are
// not. // not.
removeUnreachableBlocks(F); removeUnreachableBlocks(F);
// Determine which blocks are reachable from which funclet entries. // Determine which blocks are reachable from which funclet entries.
colorFunclets(F); colorFunclets(F);
▲ Show 20 LinesShow All 203 LinesShow Last 20 Lines

llvm/test/CodeGen/WinEH/wineh-funclet-bundle-validation.ll

  • This file was added.
; RUN: not llc < %s -mtriple=x86_64-windows-msvc -verify-funclet-tokens -o - 2>&1 | FileCheck %s --check-prefix=CHECK-ERROR
declare void @opaque()
declare i32 @__CxxFrameHandler3(...)
declare void @llvm.objc.storeStrong(ptr, ptr) #0
define void @invalid_funclet_token() personality ptr @__CxxFrameHandler3 {
entry:
invoke void @opaque()
to label %invoke.cont unwind label %catch.dispatch
catch.dispatch: ; preds = %entry
%0 = catchswitch within none [label %catch] unwind to caller
invoke.cont: ; preds = %entry
br label %eh.cont
eh.cont: ; preds = %catchret.dest, %invoke.cont
ret void
catch: ; preds = %catch.dispatch
%1 = catchpad within %0 [ptr null, i32 0, ptr null]
catchret from %1 to label %catchret.dest
; CHECK-ERROR: LLVM ERROR: Invalid funclet token in BasicBlock catchret.dest outside funclet
catchret.dest: ; preds = %catch
call void @llvm.objc.storeStrong(ptr null, ptr null) [ "funclet"(token %1) ]
br label %eh.cont
}
attributes #0 = { nounwind }