This is an archive of the discontinued LLVM Phabricator instance.

Differential D144625

[X86] Fix the base pointer save/restore bug
ClosedPublic

Authored by LuoYuanke on Feb 23 2023, 1:13 AM.

Details

Reviewers
ArchDRobison
craig.topper
pengfei
RKSimon
hliao
Commits
rGba8a520512b7: [X86] Fix the base pointer save/restore bug
Summary

Previous the stack slot for spilling base pointer register is allocated
after the stack realignment. When the stack is naturally aligned the
stack slot is share with other data that allocated from stack and cause
data corrupt. Another issue is the stack slot for save/restore the
callee saved register is not fixed for each function. It depends on the
register usage of them in each function.

This patch is to recalculate the offset the stack slot for base pointer
register during the prolog/epilog insert pass, and allocate the stack
slot when spilling callee saved registers.

Diff Detail

Event Timeline

LuoYuanke created this revision.Feb 23 2023, 1:13 AM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 23 2023, 1:13 AM
Herald added subscribers: pengfei, hiraditya. · View Herald Transcript
LuoYuanke requested review of this revision.Feb 23 2023, 1:13 AM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 23 2023, 1:13 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
LuoYuanke added reviewers: ArchDRobison, craig.topper, pengfei, RKSimon.Feb 23 2023, 1:14 AM
LuoYuanke mentioned this in D144541: [X86] Save/restore base pointer register when it is clobbered.
LuoYuanke added inline comments.
llvm/test/CodeGen/X86/sjlj-baseptr.ll
27

The offset happen to be the same.

LuoYuanke mentioned this in D6388: Restore X86 base pointer after call to llvm.eh.sjlj.setjmp.Feb 23 2023, 1:25 AM
LuoYuanke added a reviewer: hliao.
Harbormaster completed remote builds in B215451: Diff 499763.Feb 23 2023, 2:06 AM
LuoYuanke updated this revision to Diff 499815.Feb 23 2023, 4:40 AM

update test case.

Harbormaster completed remote builds in B215491: Diff 499815.Feb 23 2023, 5:30 AM
ArchDRobison added a comment.Feb 24 2023, 6:15 AM

It's been a decade since I've worked with LLVM. The change looks okay to me.

LuoYuanke added a comment.Feb 24 2023, 5:06 PM
In D144625#4150401, @ArchDRobison wrote:

It's been a decade since I've worked with LLVM. The change looks okay to me.

Thanks for review. Would you accept the patch, so that I can land it?

pengfei added inline comments.Feb 25 2023, 2:40 AM
llvm/lib/Target/X86/X86FrameLowering.cpp
2737

Should add const here rather than remove from line 2703?

2740

Why need this->?

2844–2845

ditto.

2848

ditto.

llvm/lib/Target/X86/X86MachineFunctionInfo.cpp
38–41 ↗(On Diff #499815)

This can be moved to X86MachineFunctionInfo.h

llvm/test/CodeGen/X86/sjlj-baseptr.ll
25

No quite understand why do we need push twice. Is it because the alignment of alloca is 16? How about align to 32?

I found previously only sjlj code calls setRestoreBasePointer, but the change here seems more general, should we add a general test for it?

LuoYuanke added inline comments.Feb 25 2023, 3:18 AM
llvm/lib/Target/X86/X86FrameLowering.cpp
2737

Yes, it looks better.

2740

There is "const TargetRegisterInfo *TRI" passed from argument. "this->TRI" is X86TRI.

llvm/test/CodeGen/X86/sjlj-baseptr.ll
25

It is not for alignment. It is used to allocate the spill stack slot for base pointer register.
There are 2 more test case in https://reviews.llvm.org/D144541, this patch focuses on the bug fix.

LuoYuanke updated this revision to Diff 500407.Feb 25 2023, 3:19 AM

Address Phoebe's comments.

pengfei accepted this revision.Feb 25 2023, 4:26 AM

LGTM.

llvm/lib/Target/X86/X86MachineFunctionInfo.cpp
37 ↗(On Diff #500407)

Recover the change here.

This revision is now accepted and ready to land.Feb 25 2023, 4:26 AM
This revision was landed with ongoing or failed builds.Feb 25 2023, 5:13 AM
Closed by commit rGba8a520512b7: [X86] Fix the base pointer save/restore bug (authored by LuoYuanke). · Explain Why
This revision was automatically updated to reflect the committed changes.
LuoYuanke added a commit: rGba8a520512b7: [X86] Fix the base pointer save/restore bug.
Harbormaster completed remote builds in B215919: Diff 500407.Feb 25 2023, 5:22 AM

Revision Contents

PathSize
llvm/
lib/
Target/
X86/
33 lines
3 lines
test/
CodeGen/
X86/
8 lines

Diff 500419

llvm/lib/Target/X86/X86FrameLowering.cpp

Show First 20 LinesShow All 1,622 Lines▼ Show 20 Lines if (IsWin64Prologue && IsFunclet && !IsClrFunclet) {
MBB.addLiveIn(Establisher); MBB.addLiveIn(Establisher);
} }
if (HasFP) { if (HasFP) {
assert(MF.getRegInfo().isReserved(MachineFramePtr) && "FP reserved"); assert(MF.getRegInfo().isReserved(MachineFramePtr) && "FP reserved");
// Calculate required stack adjustment. // Calculate required stack adjustment.
uint64_t FrameSize = StackSize - SlotSize; uint64_t FrameSize = StackSize - SlotSize;
// If required, include space for extra hidden slot for stashing base pointer.
if (X86FI->getRestoreBasePointer())
FrameSize += SlotSize;
NumBytes = FrameSize - NumBytes = FrameSize -
(X86FI->getCalleeSavedFrameSize() + TailCallArgReserveSize); (X86FI->getCalleeSavedFrameSize() + TailCallArgReserveSize);
// Callee-saved registers are pushed on stack before the stack is realigned. // Callee-saved registers are pushed on stack before the stack is realigned.
if (TRI->hasStackRealignment(MF) && !IsWin64Prologue) if (TRI->hasStackRealignment(MF) && !IsWin64Prologue)
NumBytes = alignTo(NumBytes, MaxAlign); NumBytes = alignTo(NumBytes, MaxAlign);
// Save EBP/RBP into the appropriate stack slot. // Save EBP/RBP into the appropriate stack slot.
▲ Show 20 LinesShow All 998 Lines▼ Show 20 Lines for (CalleeSavedInfo &I : llvm::reverse(CSI)) {
SpillSlotOffset -= SlotSize; SpillSlotOffset -= SlotSize;
CalleeSavedFrameSize += SlotSize; CalleeSavedFrameSize += SlotSize;
int SlotIndex = MFI.CreateFixedSpillStackObject(SlotSize, SpillSlotOffset); int SlotIndex = MFI.CreateFixedSpillStackObject(SlotSize, SpillSlotOffset);
I.setFrameIdx(SlotIndex); I.setFrameIdx(SlotIndex);
} }
// Adjust the offset of spill slot as we know the accurate callee saved frame
// size.
if (X86FI->getRestoreBasePointer()) {
SpillSlotOffset -= SlotSize;
CalleeSavedFrameSize += SlotSize;
MFI.CreateFixedSpillStackObject(SlotSize, SpillSlotOffset);
// TODO: saving the slot index is better?
X86FI->setRestoreBasePointer(CalleeSavedFrameSize);
}
X86FI->setCalleeSavedFrameSize(CalleeSavedFrameSize); X86FI->setCalleeSavedFrameSize(CalleeSavedFrameSize);
MFI.setCVBytesOfCalleeSavedRegisters(CalleeSavedFrameSize); MFI.setCVBytesOfCalleeSavedRegisters(CalleeSavedFrameSize);
// Assign slots for XMMs. // Assign slots for XMMs.
for (CalleeSavedInfo &I : llvm::reverse(CSI)) { for (CalleeSavedInfo &I : llvm::reverse(CSI)) {
Register Reg = I.getReg(); Register Reg = I.getReg();
if (X86::GR64RegClass.contains(Reg) || X86::GR32RegClass.contains(Reg)) if (X86::GR64RegClass.contains(Reg) || X86::GR32RegClass.contains(Reg))
continue; continue;
▲ Show 20 LinesShow All 66 Lines▼ Show 20 Lines for (const CalleeSavedInfo &I : llvm::reverse(CSI)) {
// happens with the @llvm-returnaddress intrinsic and with arguments // happens with the @llvm-returnaddress intrinsic and with arguments
// passed in callee saved registers. // passed in callee saved registers.
// Omitting the kill flags is conservatively correct even if the live-in // Omitting the kill flags is conservatively correct even if the live-in
// is not used after all. // is not used after all.
BuildMI(MBB, MI, DL, TII.get(Opc)).addReg(Reg, getKillRegState(CanKill)) BuildMI(MBB, MI, DL, TII.get(Opc)).addReg(Reg, getKillRegState(CanKill))
.setMIFlag(MachineInstr::FrameSetup); .setMIFlag(MachineInstr::FrameSetup);
} }
const X86MachineFunctionInfo *X86FI = MF.getInfo<X86MachineFunctionInfo>();
pengfeiUnsubmitted
Not Done
ReplyInline Actions

Should add const here rather than remove from line 2703?

pengfei: Should add `const` here rather than remove from line 2703?
LuoYuankeAuthorUnsubmitted
Done
ReplyInline Actions

Yes, it looks better.

LuoYuanke: Yes, it looks better.
if (X86FI->getRestoreBasePointer()) {
unsigned Opc = STI.is64Bit() ? X86::PUSH64r : X86::PUSH32r;
Register BaseReg = this->TRI->getBaseRegister();
pengfeiUnsubmitted
Not Done
ReplyInline Actions

Why need this->?

pengfei: Why need `this->`?
LuoYuankeAuthorUnsubmitted
Done
ReplyInline Actions

There is "const TargetRegisterInfo *TRI" passed from argument. "this->TRI" is X86TRI.

LuoYuanke: There is "const TargetRegisterInfo *TRI" passed from argument. "this->TRI" is X86TRI.
BuildMI(MBB, MI, DL, TII.get(Opc))
.addReg(BaseReg, getKillRegState(true))
.setMIFlag(MachineInstr::FrameSetup);
}
// Make XMM regs spilled. X86 does not have ability of push/pop XMM. // Make XMM regs spilled. X86 does not have ability of push/pop XMM.
// It can be done by spilling XMMs to stack frame. // It can be done by spilling XMMs to stack frame.
for (const CalleeSavedInfo &I : llvm::reverse(CSI)) { for (const CalleeSavedInfo &I : llvm::reverse(CSI)) {
Register Reg = I.getReg(); Register Reg = I.getReg();
if (X86::GR64RegClass.contains(Reg) || X86::GR32RegClass.contains(Reg)) if (X86::GR64RegClass.contains(Reg) || X86::GR32RegClass.contains(Reg))
continue; continue;
// If this is k-register make sure we lookup via the largest legal type. // If this is k-register make sure we lookup via the largest legal type.
▲ Show 20 LinesShow All 81 Lines▼ Show 20 Lines for (const CalleeSavedInfo &I : CSI) {
if (X86::VK16RegClass.contains(Reg)) if (X86::VK16RegClass.contains(Reg))
VT = STI.hasBWI() ? MVT::v64i1 : MVT::v16i1; VT = STI.hasBWI() ? MVT::v64i1 : MVT::v16i1;
const TargetRegisterClass *RC = TRI->getMinimalPhysRegClass(Reg, VT); const TargetRegisterClass *RC = TRI->getMinimalPhysRegClass(Reg, VT);
TII.loadRegFromStackSlot(MBB, MI, Reg, I.getFrameIdx(), RC, TRI, TII.loadRegFromStackSlot(MBB, MI, Reg, I.getFrameIdx(), RC, TRI,
Register()); Register());
} }
// Clear the stack slot for spill base pointer register.
MachineFunction &MF = *MBB.getParent();
const X86MachineFunctionInfo *X86FI = MF.getInfo<X86MachineFunctionInfo>();
pengfeiUnsubmitted
Not Done
ReplyInline Actions

ditto.

pengfei: ditto.
if (X86FI->getRestoreBasePointer()) {
unsigned Opc = STI.is64Bit() ? X86::POP64r : X86::POP32r;
Register BaseReg = this->TRI->getBaseRegister();
pengfeiUnsubmitted
Not Done
ReplyInline Actions

ditto.

pengfei: ditto.
BuildMI(MBB, MI, DL, TII.get(Opc), BaseReg)
.setMIFlag(MachineInstr::FrameDestroy);
}
// POP GPRs. // POP GPRs.
unsigned Opc = STI.is64Bit() ? X86::POP64r : X86::POP32r; unsigned Opc = STI.is64Bit() ? X86::POP64r : X86::POP32r;
for (const CalleeSavedInfo &I : CSI) { for (const CalleeSavedInfo &I : CSI) {
Register Reg = I.getReg(); Register Reg = I.getReg();
if (!X86::GR64RegClass.contains(Reg) && if (!X86::GR64RegClass.contains(Reg) &&
!X86::GR32RegClass.contains(Reg)) !X86::GR32RegClass.contains(Reg))
continue; continue;
▲ Show 20 LinesShow All 1,047 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86MachineFunctionInfo.h

Show First 20 LinesShow All 143 Lines▼ Show 20 Linespublic:
bool getForceFramePointer() const { return ForceFramePointer;} bool getForceFramePointer() const { return ForceFramePointer;}
void setForceFramePointer(bool forceFP) { ForceFramePointer = forceFP; } void setForceFramePointer(bool forceFP) { ForceFramePointer = forceFP; }
bool getHasPushSequences() const { return HasPushSequences; } bool getHasPushSequences() const { return HasPushSequences; }
void setHasPushSequences(bool HasPush) { HasPushSequences = HasPush; } void setHasPushSequences(bool HasPush) { HasPushSequences = HasPush; }
bool getRestoreBasePointer() const { return RestoreBasePointerOffset!=0; } bool getRestoreBasePointer() const { return RestoreBasePointerOffset!=0; }
void setRestoreBasePointer(const MachineFunction *MF); void setRestoreBasePointer(const MachineFunction *MF);
void setRestoreBasePointer(unsigned CalleeSavedFrameSize) {
RestoreBasePointerOffset = -CalleeSavedFrameSize;
}
int getRestoreBasePointerOffset() const {return RestoreBasePointerOffset; } int getRestoreBasePointerOffset() const {return RestoreBasePointerOffset; }
DenseMap<int, unsigned>& getWinEHXMMSlotInfo() { return WinEHXMMSlotInfo; } DenseMap<int, unsigned>& getWinEHXMMSlotInfo() { return WinEHXMMSlotInfo; }
const DenseMap<int, unsigned>& getWinEHXMMSlotInfo() const { const DenseMap<int, unsigned>& getWinEHXMMSlotInfo() const {
return WinEHXMMSlotInfo; } return WinEHXMMSlotInfo; }
unsigned getCalleeSavedFrameSize() const { return CalleeSavedFrameSize; } unsigned getCalleeSavedFrameSize() const { return CalleeSavedFrameSize; }
void setCalleeSavedFrameSize(unsigned bytes) { CalleeSavedFrameSize = bytes; } void setCalleeSavedFrameSize(unsigned bytes) { CalleeSavedFrameSize = bytes; }
▲ Show 20 LinesShow All 101 LinesShow Last 20 Lines

llvm/test/CodeGen/X86/sjlj-baseptr.ll

Show All 15 Linesentry:
%buf = alloca [5 x ptr], align 16 %buf = alloca [5 x ptr], align 16
%p = alloca ptr, align 8 %p = alloca ptr, align 8
%q = alloca i8, align 64 %q = alloca i8, align 64
%s = alloca i8, i64 %n, align 1 %s = alloca i8, i64 %n, align 1
store ptr %s, ptr %p, align 8 store ptr %s, ptr %p, align 8
%t = call i32 @llvm.eh.sjlj.setjmp(ptr %s) %t = call i32 @llvm.eh.sjlj.setjmp(ptr %s)
call void @whatever(i64 %n, ptr %f, ptr %p, ptr %q, ptr %s, i32 %t) #1 call void @whatever(i64 %n, ptr %f, ptr %p, ptr %q, ptr %s, i32 %t) #1
ret i32 0 ret i32 0
; X86: pushl %esi
; X86-NEXT: pushl %esi
pengfeiUnsubmitted
Not Done
ReplyInline Actions

No quite understand why do we need push twice. Is it because the alignment of alloca is 16? How about align to 32?

I found previously only sjlj code calls setRestoreBasePointer, but the change here seems more general, should we add a general test for it?

pengfei: No quite understand why do we need push twice. Is it because the alignment of alloca is `16`?
LuoYuankeAuthorUnsubmitted
Done
ReplyInline Actions

It is not for alignment. It is used to allocate the spill stack slot for base pointer register.
There are 2 more test case in https://reviews.llvm.org/D144541, this patch focuses on the bug fix.

LuoYuanke: It is not for alignment. It is used to allocate the spill stack slot for base pointer register.
; X86: movl %esp, %esi ; X86: movl %esp, %esi
; X86: movl %esp, -16(%ebp) ; X86: movl %esp, -16(%ebp)
LuoYuankeAuthorUnsubmitted
Done
ReplyInline Actions

The offset happen to be the same.

LuoYuanke: The offset happen to be the same.
; X86: {{.LBB.*:}} ; X86: {{.LBB.*:}}
; X86: movl -16(%ebp), %esi ; X86: movl -16(%ebp), %esi
; X86: {{.LBB.*:}} ; X86: {{.LBB.*:}}
; X86: popl %esi
; X86-NEXT: popl %esi
; X64: pushq %rbx
; X64-NEXT: pushq %rbx
; X64: movq %rsp, %rbx ; X64: movq %rsp, %rbx
; X64: movq %rsp, -48(%rbp) ; X64: movq %rsp, -48(%rbp)
; X64: {{.LBB.*:}} ; X64: {{.LBB.*:}}
; X64: movq -48(%rbp), %rbx ; X64: movq -48(%rbp), %rbx
; X64: {{.LBB.*:}} ; X64: {{.LBB.*:}}
; X64: popq %rbx
; X64-NEXT: popq %rbx
} }