This is an archive of the discontinued LLVM Phabricator instance.

Differential D144563

[SimplifyCFG] Improve the precision of `PtrValueMayBeModified`
ClosedPublic

Authored by DianQK on Feb 22 2023, 7:04 AM.

Details

Reviewers
nikic
xbolva00
jdoerfert
Commits
rGf890f010f6a7: [SimplifyCFG] Improve the precision of `PtrValueMayBeModified`
Summary

The result value of getelementptr inbounds (TY, null, not zero) is a poison value. We can think of it as undefined behavior.

Please let me know if there is anything I don't understand correctly.

Diff Detail

Event Timeline

DianQK created this revision.Feb 22 2023, 7:04 AM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 22 2023, 7:04 AM
Herald added a subscriber: hiraditya. · View Herald Transcript
DianQK requested review of this revision.Feb 22 2023, 7:04 AM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 22 2023, 7:04 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
DianQK edited the summary of this revision. (Show Details)Feb 22 2023, 7:07 AM
DianQK added reviewers: nikic, xbolva00, jdoerfert.
Herald added a subscriber: StephenFan. · View Herald TranscriptFeb 22 2023, 7:07 AM
DianQK edited the summary of this revision. (Show Details)Feb 22 2023, 7:10 AM
nikic added inline comments.Feb 22 2023, 7:16 AM
llvm/lib/Transforms/Utils/SimplifyCFG.cpp
7128

This is only the case if !NullPointerIsDefined(GEP->getFunction(), GEP->getPointerAddressSpace()).

nikic added inline comments.Feb 22 2023, 7:27 AM
llvm/lib/Transforms/Utils/SimplifyCFG.cpp
7128

Though we should probably just move that check to the start of the function, because we end up repeating it everywhere anyway.

Harbormaster completed remote builds in B215248: Diff 499496.Feb 22 2023, 8:02 AM
jdoerfert added inline comments.Feb 22 2023, 8:34 AM
llvm/test/Transforms/SimplifyCFG/UnreachableEliminate.ll
517

I'm worried because I didn't see a test with inbounds gep and @fn_noundef_arg call.
!GEP->hasAllZeroIndices() does not imply non zero. It means we don't know it's all zero.
Can we make sure we don't accidentally read poison into the situation where it could as well be null.

DianQK updated this revision to Diff 499832.Feb 23 2023, 6:27 AM

Add NullPointerIsDefined check and fn_noundef_arg case

nikic added inline comments.Feb 23 2023, 6:30 AM
llvm/lib/Transforms/Utils/SimplifyCFG.cpp
7142

The first block probably isn't supposed to be there?

DianQK added inline comments.Feb 23 2023, 6:53 AM
llvm/lib/Transforms/Utils/SimplifyCFG.cpp
7128

I think it would be fine to call NullPointerIsDefined directly on each gep, load and store, because we still have to query address space.

Would it be cleaner to just use NullPointerIsDefined?

7142

Sorry I didn't get.
First, we only focus two cases:
a. getelementptr (TY, null, not zero) -> maybe be modified
a. getelementptr inbounds (TY, null, not zero) -> poison?

The first

if (!GEP->isInBounds()) {
   PtrValueMayBeModified = true;
}

is the "a" case.

7142

These two cases are:
a. getelementptr (TY, null, not zero) -> maybe be modified
b. getelementptr inbounds (TY, null, not zero) -> poison?

llvm/test/Transforms/SimplifyCFG/UnreachableEliminate.ll
517

I have added the fn_noundef_arg case.
For all ptr cases, PtrValueMayBeModified is used to check if it always be null.

Harbormaster completed remote builds in B215504: Diff 499832.Feb 23 2023, 7:32 AM
DianQK added inline comments.Feb 24 2023, 4:41 AM
llvm/lib/Transforms/Utils/SimplifyCFG.cpp
7142

Ping? Is there something I misunderstood?

StephenFan added inline comments.Feb 24 2023, 8:39 PM
llvm/lib/Transforms/Utils/SimplifyCFG.cpp
7143–7145

This condition equivalent to

if (!GEP->isInBounds() ||
      NullPointerIsDefined(GEP->getFunction(),
                            GEP->getPointerAddressSpace())) {

which repeats the above if statement.

DianQK updated this revision to Diff 500356.Feb 24 2023, 9:37 PM

Simplify the branch logic

DianQK added inline comments.Feb 24 2023, 9:41 PM
llvm/lib/Transforms/Utils/SimplifyCFG.cpp
7143–7145

Thank you so much, you saved me.
I was getting wrapped up in this pile of if branches.

nikic added a comment.Feb 25 2023, 12:35 AM

Missing a test with inbounds + null_pointer_is_valid, I think?

DianQK updated this revision to Diff 500389.Feb 25 2023, 1:24 AM

Add some tests with inbounds + null_pointer_is_valid.

nikic accepted this revision.Feb 25 2023, 2:09 AM

LGTM

This revision is now accepted and ready to land.Feb 25 2023, 2:09 AM
xbolva00 accepted this revision.Feb 25 2023, 2:14 AM

Precommit tests?

Otherwise looks good.

llvm/lib/Transforms/Utils/SimplifyCFG.cpp
7126

may be?

7128

poison? (only if null is undefined)

why question mark? Maybe:

poison iff null is undefined?

DianQK added a comment.Feb 25 2023, 2:15 AM

Thank you very much for your review!

Further, we should remove the bool GetElementPtrInst::hasAllZeroIndices() method altogether. Then we don't need to consider the gep zero case anymore.
What do you think?

Although this may require additional work, possibly:

  • add assertions created by GEP instructions or automatically convert them to other instructions
  • automatically convert GEP directives after optimizations like constant propagation
DianQK updated this revision to Diff 500399.Feb 25 2023, 2:27 AM

Fixed typo

DianQK marked 2 inline comments as done.Feb 25 2023, 2:31 AM
In D144563#4152211, @xbolva00 wrote:

Precommit tests?

Otherwise looks good.

Thanks, it should look better now.
I'm going to run ninja check-all with clang.

This revision was landed with ongoing or failed builds.Feb 25 2023, 3:44 AM
Closed by commit rGf890f010f6a7: [SimplifyCFG] Improve the precision of `PtrValueMayBeModified` (authored by DianQK). · Explain Why
This revision was automatically updated to reflect the committed changes.
DianQK added a commit: rGf890f010f6a7: [SimplifyCFG] Improve the precision of `PtrValueMayBeModified`.
Harbormaster completed remote builds in B215914: Diff 500399.Feb 25 2023, 5:05 AM
DianQK added a reverting change: rGc6e54c7fec6e: Revert "[SimplifyCFG] Improve the precision of `PtrValueMayBeModified`".Mar 19 2023, 3:42 PM

Revision Contents

PathSize
llvm/
lib/
Transforms/
Utils/
11 lines
test/
Transforms/
SimplifyCFG/
68 lines
21 lines

Diff 500408

llvm/lib/Transforms/Utils/SimplifyCFG.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 7,115 Lines▼ Show 20 Lines if (C->isNullValue() || isa<UndefValue>(C)) {
if (any_of(InstrRange, [](Instruction &I) { if (any_of(InstrRange, [](Instruction &I) {
return !isGuaranteedToTransferExecutionToSuccessor(&I); return !isGuaranteedToTransferExecutionToSuccessor(&I);
})) }))
return false; return false;
// Look through GEPs. A load from a GEP derived from NULL is still undefined // Look through GEPs. A load from a GEP derived from NULL is still undefined
if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(Use)) if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(Use))
if (GEP->getPointerOperand() == I) { if (GEP->getPointerOperand() == I) {
if (!GEP->isInBounds() || !GEP->hasAllZeroIndices()) // The current base address is null, there are four cases to consider:
// getelementptr (TY, null, 0) -> null
// getelementptr (TY, null, not zero) -> may be modified
xbolva00Unsubmitted
Done
ReplyInline Actions

may be?

xbolva00: may be?
// getelementptr inbounds (TY, null, 0) -> null
// getelementptr inbounds (TY, null, not zero) -> poison iff null is
nikicUnsubmitted
Not Done
ReplyInline Actions

This is only the case if !NullPointerIsDefined(GEP->getFunction(), GEP->getPointerAddressSpace()).

nikic: This is only the case if `!NullPointerIsDefined(GEP->getFunction(), GEP->getPointerAddressSpace…
nikicUnsubmitted
Not Done
ReplyInline Actions

Though we should probably just move that check to the start of the function, because we end up repeating it everywhere anyway.

nikic: Though we should probably just move that check to the start of the function, because we end up…
DianQKAuthorUnsubmitted
Done
ReplyInline Actions

I think it would be fine to call NullPointerIsDefined directly on each gep, load and store, because we still have to query address space.

Would it be cleaner to just use NullPointerIsDefined?

DianQK: I think it would be fine to call `NullPointerIsDefined` directly on each `gep`, `load` and…
xbolva00Unsubmitted
Done
ReplyInline Actions

poison? (only if null is undefined)

why question mark? Maybe:

poison iff null is undefined?

xbolva00: poison? (only if null is undefined) why question mark? Maybe: poison iff null is undefined?
// undefined?
if (!GEP->hasAllZeroIndices() &&
(!GEP->isInBounds() ||
NullPointerIsDefined(GEP->getFunction(),
GEP->getPointerAddressSpace())))
PtrValueMayBeModified = true; PtrValueMayBeModified = true;
return passingValueIsAlwaysUndefined(V, GEP, PtrValueMayBeModified); return passingValueIsAlwaysUndefined(V, GEP, PtrValueMayBeModified);
} }
// Look through return. // Look through return.
if (ReturnInst *Ret = dyn_cast<ReturnInst>(Use)) { if (ReturnInst *Ret = dyn_cast<ReturnInst>(Use)) {
bool HasNoUndefAttr = bool HasNoUndefAttr =
Ret->getFunction()->hasRetAttribute(Attribute::NoUndef); Ret->getFunction()->hasRetAttribute(Attribute::NoUndef);
// Return undefined to a noundef return value is undefined. // Return undefined to a noundef return value is undefined.
nikicUnsubmitted
Not Done
ReplyInline Actions

The first block probably isn't supposed to be there?

nikic: The first block probably isn't supposed to be there?
DianQKAuthorUnsubmitted
Done
ReplyInline Actions

Sorry I didn't get.
First, we only focus two cases:
a. getelementptr (TY, null, not zero) -> maybe be modified
a. getelementptr inbounds (TY, null, not zero) -> poison?

The first

if (!GEP->isInBounds()) {
   PtrValueMayBeModified = true;
}

is the "a" case.

DianQK: Sorry I didn't get. First, we only focus two cases: a. getelementptr (TY, null, not zero)…
DianQKAuthorUnsubmitted
Done
ReplyInline Actions

These two cases are:
a. getelementptr (TY, null, not zero) -> maybe be modified
b. getelementptr inbounds (TY, null, not zero) -> poison?

DianQK: These two cases are: a. getelementptr (TY, null, not zero) -> maybe be modified b.
DianQKAuthorUnsubmitted
Done
ReplyInline Actions

Ping? Is there something I misunderstood?

DianQK: Ping? Is there something I misunderstood?
if (isa<UndefValue>(C) && HasNoUndefAttr) if (isa<UndefValue>(C) && HasNoUndefAttr)
return true; return true;
// Return null to a nonnull+noundef return value is undefined. // Return null to a nonnull+noundef return value is undefined.
StephenFanUnsubmitted
Not Done
ReplyInline Actions

This condition equivalent to

if (!GEP->isInBounds() ||
      NullPointerIsDefined(GEP->getFunction(),
                            GEP->getPointerAddressSpace())) {

which repeats the above if statement.

StephenFan: This condition equivalent to ``` if (!GEP->isInBounds() ||…
DianQKAuthorUnsubmitted
Done
ReplyInline Actions

Thank you so much, you saved me.
I was getting wrapped up in this pile of if branches.

DianQK: Thank you so much, you saved me. I was getting wrapped up in this pile of if branches.
if (C->isNullValue() && HasNoUndefAttr && if (C->isNullValue() && HasNoUndefAttr &&
Ret->getFunction()->hasRetAttribute(Attribute::NonNull)) { Ret->getFunction()->hasRetAttribute(Attribute::NonNull)) {
return !PtrValueMayBeModified; return !PtrValueMayBeModified;
} }
} }
// Look through bitcasts. // Look through bitcasts.
if (BitCastInst *BC = dyn_cast<BitCastInst>(Use)) if (BitCastInst *BC = dyn_cast<BitCastInst>(Use))
▲ Show 20 LinesShow All 211 LinesShow Last 20 Lines

llvm/test/Transforms/SimplifyCFG/UnreachableEliminate.ll

Show First 20 LinesShow All 438 Lines▼ Show 20 Lineselse:
%gep = getelementptr i8, ptr %phi, i64 12 %gep = getelementptr i8, ptr %phi, i64 12
call ptr @fn_nonnull_noundef_arg(ptr %gep) call ptr @fn_nonnull_noundef_arg(ptr %gep)
ret void ret void
} }
define void @test9_gep_inbounds_nonzero(i1 %X, ptr %Y) { define void @test9_gep_inbounds_nonzero(i1 %X, ptr %Y) {
; CHECK-LABEL: @test9_gep_inbounds_nonzero( ; CHECK-LABEL: @test9_gep_inbounds_nonzero(
; CHECK-NEXT: entry: ; CHECK-NEXT: entry:
; CHECK-NEXT: [[TMP0:%.*]] = xor i1 [[X:%.*]], true
; CHECK-NEXT: call void @llvm.assume(i1 [[TMP0]])
; CHECK-NEXT: [[GEP:%.*]] = getelementptr inbounds i8, ptr [[Y:%.*]], i64 12
; CHECK-NEXT: [[TMP1:%.*]] = call ptr @fn_nonnull_noundef_arg(ptr [[GEP]])
; CHECK-NEXT: ret void
;
entry:
br i1 %X, label %if, label %else
if:
br label %else
else:
%phi = phi ptr [ %Y, %entry ], [ null, %if ]
%gep = getelementptr inbounds i8, ptr %phi, i64 12
call ptr @fn_nonnull_noundef_arg(ptr %gep)
ret void
}
define void @test9_gep_inbounds_nonzero_null_defined(i1 %X, ptr %Y) #0 {
; CHECK-LABEL: @test9_gep_inbounds_nonzero_null_defined(
; CHECK-NEXT: entry:
; CHECK-NEXT: [[SPEC_SELECT:%.*]] = select i1 [[X:%.*]], ptr null, ptr [[Y:%.*]] ; CHECK-NEXT: [[SPEC_SELECT:%.*]] = select i1 [[X:%.*]], ptr null, ptr [[Y:%.*]]
; CHECK-NEXT: [[GEP:%.*]] = getelementptr inbounds i8, ptr [[SPEC_SELECT]], i64 12 ; CHECK-NEXT: [[GEP:%.*]] = getelementptr inbounds i8, ptr [[SPEC_SELECT]], i64 12
; CHECK-NEXT: [[TMP0:%.*]] = call ptr @fn_nonnull_noundef_arg(ptr [[GEP]]) ; CHECK-NEXT: [[TMP0:%.*]] = call ptr @fn_nonnull_noundef_arg(ptr [[GEP]])
; CHECK-NEXT: ret void ; CHECK-NEXT: ret void
; ;
entry: entry:
br i1 %X, label %if, label %else br i1 %X, label %if, label %else
if: if:
br label %else br label %else
else: else:
%phi = phi ptr [ %Y, %entry ], [ null, %if ] %phi = phi ptr [ %Y, %entry ], [ null, %if ]
%gep = getelementptr inbounds i8, ptr %phi, i64 12 %gep = getelementptr inbounds i8, ptr %phi, i64 12
call ptr @fn_nonnull_noundef_arg(ptr %gep) call ptr @fn_nonnull_noundef_arg(ptr %gep)
ret void ret void
} }
define void @test9_gep_inbounds_unknown_null(i1 %X, ptr %Y, i64 %I) {
; CHECK-LABEL: @test9_gep_inbounds_unknown_null(
; CHECK-NEXT: entry:
; CHECK-NEXT: [[TMP0:%.*]] = xor i1 [[X:%.*]], true
; CHECK-NEXT: call void @llvm.assume(i1 [[TMP0]])
; CHECK-NEXT: [[GEP:%.*]] = getelementptr inbounds i8, ptr [[Y:%.*]], i64 [[I:%.*]]
; CHECK-NEXT: [[TMP1:%.*]] = call ptr @fn_nonnull_noundef_arg(ptr [[GEP]])
; CHECK-NEXT: ret void
;
entry:
br i1 %X, label %if, label %else
if:
br label %else
else:
%phi = phi ptr [ %Y, %entry ], [ null, %if ]
%gep = getelementptr inbounds i8, ptr %phi, i64 %I
call ptr @fn_nonnull_noundef_arg(ptr %gep)
ret void
}
define void @test9_gep_inbouds_unknown_null(i1 %X, ptr %Y, i64 %I) { define void @test9_gep_inbounds_unknown_null_defined(i1 %X, ptr %Y, i64 %I) #0 {
; CHECK-LABEL: @test9_gep_inbouds_unknown_null( ; CHECK-LABEL: @test9_gep_inbounds_unknown_null_defined(
; CHECK-NEXT: entry: ; CHECK-NEXT: entry:
; CHECK-NEXT: [[SPEC_SELECT:%.*]] = select i1 [[X:%.*]], ptr null, ptr [[Y:%.*]] ; CHECK-NEXT: [[SPEC_SELECT:%.*]] = select i1 [[X:%.*]], ptr null, ptr [[Y:%.*]]
; CHECK-NEXT: [[GEP:%.*]] = getelementptr inbounds i8, ptr [[SPEC_SELECT]], i64 [[I:%.*]] ; CHECK-NEXT: [[GEP:%.*]] = getelementptr inbounds i8, ptr [[SPEC_SELECT]], i64 [[I:%.*]]
; CHECK-NEXT: [[TMP0:%.*]] = call ptr @fn_nonnull_noundef_arg(ptr [[GEP]]) ; CHECK-NEXT: [[TMP0:%.*]] = call ptr @fn_nonnull_noundef_arg(ptr [[GEP]])
; CHECK-NEXT: ret void ; CHECK-NEXT: ret void
; ;
entry: entry:
jdoerfertUnsubmitted
Not Done
ReplyInline Actions

I'm worried because I didn't see a test with inbounds gep and @fn_noundef_arg call.
!GEP->hasAllZeroIndices() does not imply non zero. It means we don't know it's all zero.
Can we make sure we don't accidentally read poison into the situation where it could as well be null.

jdoerfert: I'm worried because I didn't see a test with inbounds gep and `@fn_noundef_arg` call. `!GEP…
DianQKAuthorUnsubmitted
Done
ReplyInline Actions

I have added the fn_noundef_arg case.
For all ptr cases, PtrValueMayBeModified is used to check if it always be null.

DianQK: I have added the fn_noundef_arg case. For all ptr cases, `PtrValueMayBeModified` is used to…
br i1 %X, label %if, label %else br i1 %X, label %if, label %else
if: if:
br label %else br label %else
else: else:
%phi = phi ptr [ %Y, %entry ], [ null, %if ] %phi = phi ptr [ %Y, %entry ], [ null, %if ]
%gep = getelementptr inbounds i8, ptr %phi, i64 %I %gep = getelementptr inbounds i8, ptr %phi, i64 %I
call ptr @fn_nonnull_noundef_arg(ptr %gep) call ptr @fn_nonnull_noundef_arg(ptr %gep)
ret void ret void
} }
define void @test9_gep_inbounds_unknown_null_call_noundef(i1 %X, ptr %Y, i64 %I) {
; CHECK-LABEL: @test9_gep_inbounds_unknown_null_call_noundef(
; CHECK-NEXT: entry:
; CHECK-NEXT: [[SPEC_SELECT:%.*]] = select i1 [[X:%.*]], ptr null, ptr [[Y:%.*]]
; CHECK-NEXT: [[GEP:%.*]] = getelementptr inbounds i8, ptr [[SPEC_SELECT]], i64 [[I:%.*]]
; CHECK-NEXT: [[TMP0:%.*]] = call ptr @fn_noundef_arg(ptr [[GEP]])
; CHECK-NEXT: ret void
;
entry:
br i1 %X, label %if, label %else
if:
br label %else
else:
%phi = phi ptr [ %Y, %entry ], [ null, %if ]
%gep = getelementptr inbounds i8, ptr %phi, i64 %I
call ptr @fn_noundef_arg(ptr %gep)
ret void
}
define void @test9_gep_unknown_null(i1 %X, ptr %Y, i64 %I) { define void @test9_gep_unknown_null(i1 %X, ptr %Y, i64 %I) {
; CHECK-LABEL: @test9_gep_unknown_null( ; CHECK-LABEL: @test9_gep_unknown_null(
; CHECK-NEXT: entry: ; CHECK-NEXT: entry:
; CHECK-NEXT: [[SPEC_SELECT:%.*]] = select i1 [[X:%.*]], ptr null, ptr [[Y:%.*]] ; CHECK-NEXT: [[SPEC_SELECT:%.*]] = select i1 [[X:%.*]], ptr null, ptr [[Y:%.*]]
; CHECK-NEXT: [[GEP:%.*]] = getelementptr i8, ptr [[SPEC_SELECT]], i64 [[I:%.*]] ; CHECK-NEXT: [[GEP:%.*]] = getelementptr i8, ptr [[SPEC_SELECT]], i64 [[I:%.*]]
; CHECK-NEXT: [[TMP0:%.*]] = call ptr @fn_nonnull_noundef_arg(ptr [[GEP]]) ; CHECK-NEXT: [[TMP0:%.*]] = call ptr @fn_nonnull_noundef_arg(ptr [[GEP]])
; CHECK-NEXT: ret void ; CHECK-NEXT: ret void
; ;
▲ Show 20 LinesShow All 80 LinesShow Last 20 Lines

llvm/test/Transforms/SimplifyCFG/unreachable-eliminate-on-ret.ll

Show First 20 LinesShow All 49 Lines▼ Show 20 Linesbb2:
%r = phi ptr [ null, %entry ], [ %x, %bb1 ] %r = phi ptr [ null, %entry ], [ %x, %bb1 ]
ret ptr %r ret ptr %r
} }
define nonnull noundef ptr @test_ret_ptr_nonnull_noundef_gep_nonzero(i1 %cond, ptr %x) { define nonnull noundef ptr @test_ret_ptr_nonnull_noundef_gep_nonzero(i1 %cond, ptr %x) {
; CHECK-LABEL: @test_ret_ptr_nonnull_noundef_gep_nonzero( ; CHECK-LABEL: @test_ret_ptr_nonnull_noundef_gep_nonzero(
; CHECK-NEXT: entry: ; CHECK-NEXT: entry:
; CHECK-NEXT: [[SPEC_SELECT:%.*]] = select i1 [[COND:%.*]], ptr [[X:%.*]], ptr null ; CHECK-NEXT: [[SPEC_SELECT:%.*]] = select i1 [[COND:%.*]], ptr [[X:%.*]], ptr null
; CHECK-NEXT: [[GEP:%.*]] = getelementptr inbounds ptr, ptr [[SPEC_SELECT]], i64 12 ; CHECK-NEXT: [[GEP:%.*]] = getelementptr ptr, ptr [[SPEC_SELECT]], i64 12
; CHECK-NEXT: ret ptr [[GEP]]
;
entry:
br i1 %cond, label %bb1, label %bb2
bb1:
br label %bb2
bb2:
%phi = phi ptr [ null, %entry ], [ %x, %bb1 ]
%gep = getelementptr ptr, ptr %phi, i64 12
ret ptr %gep
}
define nonnull noundef ptr @test_ret_ptr_nonnull_noundef_gep_inbounds_nonzero(i1 %cond, ptr %x) {
; CHECK-LABEL: @test_ret_ptr_nonnull_noundef_gep_inbounds_nonzero(
; CHECK-NEXT: entry:
; CHECK-NEXT: call void @llvm.assume(i1 [[COND:%.*]])
; CHECK-NEXT: [[GEP:%.*]] = getelementptr inbounds ptr, ptr [[X:%.*]], i64 12
; CHECK-NEXT: ret ptr [[GEP]] ; CHECK-NEXT: ret ptr [[GEP]]
; ;
entry: entry:
br i1 %cond, label %bb1, label %bb2 br i1 %cond, label %bb1, label %bb2
bb1: bb1:
br label %bb2 br label %bb2
▲ Show 20 LinesShow All 56 LinesShow Last 20 Lines