This is an archive of the discontinued LLVM Phabricator instance.

Differential D136433

[GlobalISel][AArch64] Fix miscompile caused by wrong G_ZEXT selection in GISel
ClosedPublic

Authored by bcl5980 on Oct 21 2022, 2:07 AM.

Details

Reviewers
dmgreen
efriedma
paulwalker-arm
arsenm
aemerson
paquette
Commits
rG9403a8bc37ba: [GlobalISel][AArch64] Fix miscompile caused by wrong G_ZEXT selection in GISel
Summary

The miscompile case's G_ZEXT has a G_FREEZE source. Similar to D127154, this patch removed isDef32, relying on the AArch64MIPeephole optimizer to remove redundant SUBREG_TO_REG nodes also in GISel.

Fix #58431

Diff Detail

Unit TestsFailed

TimeTest
60 msx64 debian > LLVM.CodeGen/AArch64::aarch64-avoid-illegal-extract-subvector.ll
200 msx64 debian > LLVM.CodeGen/AArch64::aarch64-fix-cortex-a53-835769.ll
150 msx64 debian > LLVM.CodeGen/AArch64::aarch64-matrix-umull-smull.ll
90 msx64 debian > LLVM.CodeGen/AArch64::aarch64-mops-consecutive.ll
140 msx64 debian > LLVM.CodeGen/AArch64::aarch64-mops-mte.ll
View Full Test Results (145 Failed)

Event Timeline

bcl5980 created this revision.Oct 21 2022, 2:07 AM
Herald added a project: Restricted Project. · View Herald TranscriptOct 21 2022, 2:07 AM
Herald added subscribers: hiraditya, kristof.beyls. · View Herald Transcript
bcl5980 requested review of this revision.Oct 21 2022, 2:07 AM
Herald added a project: Restricted Project. · View Herald TranscriptOct 21 2022, 2:07 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
bcl5980 updated this revision to Diff 469515.Oct 21 2022, 2:13 AM

Update test for the case.

Harbormaster completed remote builds in B193458: Diff 469515.Oct 21 2022, 3:37 AM
bcl5980 planned changes to this revision.Oct 21 2022, 3:48 AM

Need to fix tests failure.

efriedma added reviewers: arsenm, aemerson, paquette.Oct 21 2022, 10:21 AM

I think the bug is that GlobalISel is emitting SUBREG_TO_REG, not that it's getting eliminated later. See https://reviews.llvm.org/D127154 .

Herald added a subscriber: wdng. · View Herald TranscriptOct 21 2022, 10:21 AM
bcl5980 updated this revision to Diff 469849.Oct 21 2022, 8:17 PM
bcl5980 retitled this revision from [AArch64] Fix miscompile caused by subreg_to_reg to [GlobalISel][AArch64] Fix miscompile caused by wrong G_ZEXT selection in GISel.
bcl5980 edited the summary of this revision. (Show Details)

Update by @efriedma 's comment.

Herald added a subscriber: rovka. · View Herald TranscriptOct 21 2022, 8:17 PM
Harbormaster completed remote builds in B193707: Diff 469849.Oct 21 2022, 8:56 PM
efriedma added a comment.Oct 24 2022, 10:53 AM

Maybe GlobalISel should stop using isDef32, like we did for SelectionDAG? I mean, this fix isn't really wrong, but I think we have the same general issue as SelectionDAG; it's hard to tell how a generic operation is going to be lowered before it's actually lowered.

dmgreen added a comment.Oct 24 2022, 11:14 AM

Yeah I agree. I don't have anything setup to test Global ISel, and we don't have the same breadth of lit tests, but I hope that it is similar to Selection DAG where the later peephole optimizations are enough to remove the extra instructions.

bcl5980 updated this revision to Diff 470361.Oct 24 2022, 8:26 PM
bcl5980 edited the summary of this revision. (Show Details)
bcl5980 added a comment.Oct 24 2022, 8:31 PM

@efriedma @dmgreen, do we need to add G_FREEZE into AArch64InstructionSelector::isDef32 for AArch64InstructionSelector::selectArithExtendedRegister to match SelectionDAG?

bcl5980 edited the summary of this revision. (Show Details)Oct 24 2022, 9:24 PM
Harbormaster completed remote builds in B194086: Diff 470361.Oct 24 2022, 9:37 PM
bcl5980 updated this revision to Diff 470372.Oct 24 2022, 10:28 PM

Update tests.

Harbormaster completed remote builds in B194096: Diff 470372.Oct 24 2022, 11:12 PM
efriedma added a comment.Oct 25 2022, 11:17 AM

I don't think the usage in selectArithExtendedRegister actually needs to work reliably for correctness; the pattern doesn't assume anything about the high bits, and if we don't use the pattern, we just fallback to a normal zext. So it doesn't really matter that much. (See also the SelectionDAG version of this check in AArch64DAGToDAGISel::SelectArithExtendedRegister.) Ideally, I guess it would look through freeze instructions. Or maybe we should just never match "uxtw" during isel, and just add something to AArch64MIPeepholeOpt. In any case, let's fix the miscompile, and leave it for later.

Patch looks fine, but this should be approved by one of the AArch64 GlobalISel maintainers.

paquette accepted this revision.Oct 25 2022, 11:18 AM

This looks fine to me.

This revision is now accepted and ready to land.Oct 25 2022, 11:18 AM
Closed by commit rG9403a8bc37ba: [GlobalISel][AArch64] Fix miscompile caused by wrong G_ZEXT selection in GISel (authored by bcl5980). · Explain WhyOct 25 2022, 6:54 PM
This revision was automatically updated to reflect the committed changes.
bcl5980 added a commit: rG9403a8bc37ba: [GlobalISel][AArch64] Fix miscompile caused by wrong G_ZEXT selection in GISel.

Revision Contents

PathSize
llvm/
lib/
Target/
AArch64/
9 lines
test/
CodeGen/
AArch64/
20 lines

Diff 469515

llvm/lib/Target/AArch64/AArch64RegisterInfo.cpp

Show First 20 LinesShow All 969 Lines▼ Show 20 Linesbool AArch64RegisterInfo::shouldCoalesce(
if (MI->isCopy() && if (MI->isCopy() &&
((DstRC->getID() == AArch64::GPR64RegClassID) || ((DstRC->getID() == AArch64::GPR64RegClassID) ||
(DstRC->getID() == AArch64::GPR64commonRegClassID)) && (DstRC->getID() == AArch64::GPR64commonRegClassID)) &&
MI->getOperand(0).getSubReg() && MI->getOperand(1).getSubReg()) MI->getOperand(0).getSubReg() && MI->getOperand(1).getSubReg())
// Do not coalesce in the case of a 32-bit subregister copy // Do not coalesce in the case of a 32-bit subregister copy
// which implements a 32 to 64 bit zero extension // which implements a 32 to 64 bit zero extension
// which relies on the upper 32 bits being zeroed. // which relies on the upper 32 bits being zeroed.
return false; return false;
// Similar to 32-bit subregister copy, subreg_to_reg also
// need to disable coalesce
if (MI->isSubregToReg() &&
((DstRC->getID() == AArch64::GPR64RegClassID) ||
(DstRC->getID() == AArch64::GPR64commonRegClassID)) &&
MI->getOperand(1).getImm() == 0 &&
MI->getOperand(3).getImm() == AArch64::sub_32)
return false;
return true; return true;
} }

llvm/test/CodeGen/AArch64/pr58431.ll

  • This file was added.
; NOTE: Assertions have been autogenerated by utils/update_llc_test_checks.py
; RUN: llc < %s -mtriple=aarch64-none-linux-gnu -global-isel -global-isel-abort=0 | FileCheck %s
define i32 @f(i64 %0) {
; CHECK-LABEL: f:
; CHECK: // %bb.0:
; CHECK-NEXT: mov w9, w0
; CHECK-NEXT: mov w8, #10
; CHECK-NEXT: // kill: def $x8 killed $w8
; CHECK-NEXT: udiv x10, x9, x8
; CHECK-NEXT: msub x0, x10, x8, x9
; CHECK-NEXT: // kill: def $w0 killed $w0 killed $x0
; CHECK-NEXT: ret
%2 = trunc i64 %0 to i32
%3 = freeze i32 %2
%4 = zext i32 %3 to i64
%5 = urem i64 %4, 10
%6 = trunc i64 %5 to i32
ret i32 %6
}