This is an archive of the discontinued LLVM Phabricator instance.

Differential D148903

[PGO] Avoid potential const_cast UB (NFC)
ClosedPublic

Authored by Dinistro on Apr 21 2023, 1:17 AM.

Details

Reviewers
xur
gysit
Commits
rGa4cc7e784f93: [PGO] Avoid potential const_cast UB (NFC)
Summary

This commit removes potential UB in the PGO instrumentation passes that
was caused by casting away constness and then potentially modifying the
object.

Diff Detail

Event Timeline

Dinistro created this revision.Apr 21 2023, 1:17 AM
Herald added a project: Restricted Project. · View Herald TranscriptApr 21 2023, 1:17 AM
Herald added subscribers: wlei, Enna1, wenlei, hiraditya. · View Herald Transcript
Dinistro requested review of this revision.Apr 21 2023, 1:17 AM
Herald added a project: Restricted Project. · View Herald TranscriptApr 21 2023, 1:17 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
Dinistro added reviewers: xur, gysit.Apr 21 2023, 1:22 AM
Harbormaster completed remote builds in B227108: Diff 515638.Apr 21 2023, 2:00 AM
gysit accepted this revision.Apr 23 2023, 11:51 PM

LGTM!

This revision is now accepted and ready to land.Apr 23 2023, 11:51 PM
Herald added a subscriber: hoy. · View Herald TranscriptApr 23 2023, 11:51 PM
xur added a comment.Apr 24 2023, 9:30 AM

Thanks for working on this.
PGOEdge is shared by PGO instrumentation pass and PGO profile-use pass. We cast away const for PGO instrumentation. But for PGO profile-use, we don't change the BB. I would prefer to keep the const for profile-use passes. So I think a better fix is to make PGOEdge a template class, one with const and one without.

Dinistro added a comment.Apr 24 2023, 11:54 PM

Added a comment to the critical UB causing part. Again, while there might be a way to keep constness, it requires extended changes. Fixing UB should be done first, afterwards, we can think about refactorings that allow us to keep constness where possible.

llvm/lib/Transforms/Instrumentation/PGOInstrumentation.cpp
817

This full function is shared between the instrumentation and the use pass. Keeping const will always result in UB, as the SplitCriticalEdge function will be called with TI, which should be of type const Instruction *.
I fail to see how a templated edge class would help in resolving this issue, could you elaborate @xur ?

I believe that splitting the logic between instrument and usage might help to reduce the complexity and push const in some places, but that requires extended changes to the algorithms.

gysit added a comment.Apr 27 2023, 12:29 AM

@xur how should we proceed with this. It seems like eliminating UB in favor of less constness seems like a good initial step?

Closed by commit rGa4cc7e784f93: [PGO] Avoid potential const_cast UB (NFC) (authored by Dinistro). · Explain WhyMay 2 2023, 2:22 AM
This revision was automatically updated to reflect the committed changes.
Dinistro added a commit: rGa4cc7e784f93: [PGO] Avoid potential const_cast UB (NFC).

Revision Contents

PathSize
llvm/
include/
llvm/
Transforms/
Instrumentation/
4 lines
lib/
Transforms/
Instrumentation/
15 lines

Diff 518658

llvm/include/llvm/Transforms/Instrumentation/CFGMST.h

Show First 20 LinesShow All 94 Lines▼ Show 20 Linespublic:
} }
// Traverse the CFG using a stack. Find all the edges and assign the weight. // Traverse the CFG using a stack. Find all the edges and assign the weight.
// Edges with large weight will be put into MST first so they are less likely // Edges with large weight will be put into MST first so they are less likely
// to be instrumented. // to be instrumented.
void buildEdges() { void buildEdges() {
LLVM_DEBUG(dbgs() << "Build Edge on " << F.getName() << "\n"); LLVM_DEBUG(dbgs() << "Build Edge on " << F.getName() << "\n");
const BasicBlock *Entry = &(F.getEntryBlock()); BasicBlock *Entry = &(F.getEntryBlock());
uint64_t EntryWeight = (BFI != nullptr ? BFI->getEntryFreq() : 2); uint64_t EntryWeight = (BFI != nullptr ? BFI->getEntryFreq() : 2);
// If we want to instrument the entry count, lower the weight to 0. // If we want to instrument the entry count, lower the weight to 0.
if (InstrumentFuncEntry) if (InstrumentFuncEntry)
EntryWeight = 0; EntryWeight = 0;
Edge *EntryIncoming = nullptr, *EntryOutgoing = nullptr, Edge *EntryIncoming = nullptr, *EntryOutgoing = nullptr,
*ExitOutgoing = nullptr, *ExitIncoming = nullptr; *ExitOutgoing = nullptr, *ExitIncoming = nullptr;
uint64_t MaxEntryOutWeight = 0, MaxExitOutWeight = 0, MaxExitInWeight = 0; uint64_t MaxEntryOutWeight = 0, MaxExitOutWeight = 0, MaxExitInWeight = 0;
▲ Show 20 LinesShow All 140 Lines▼ Show 20 Lines OS << " Number of Edges: " << AllEdges.size()
<< " (*: Instrument, C: CriticalEdge, -: Removed)\n"; << " (*: Instrument, C: CriticalEdge, -: Removed)\n";
uint32_t Count = 0; uint32_t Count = 0;
for (auto &EI : AllEdges) for (auto &EI : AllEdges)
OS << " Edge " << Count++ << ": " << getBBInfo(EI->SrcBB).Index << "-->" OS << " Edge " << Count++ << ": " << getBBInfo(EI->SrcBB).Index << "-->"
<< getBBInfo(EI->DestBB).Index << EI->infoString() << "\n"; << getBBInfo(EI->DestBB).Index << EI->infoString() << "\n";
} }
// Add an edge to AllEdges with weight W. // Add an edge to AllEdges with weight W.
Edge &addEdge(const BasicBlock *Src, const BasicBlock *Dest, uint64_t W) { Edge &addEdge(BasicBlock *Src, BasicBlock *Dest, uint64_t W) {
uint32_t Index = BBInfos.size(); uint32_t Index = BBInfos.size();
auto Iter = BBInfos.end(); auto Iter = BBInfos.end();
bool Inserted; bool Inserted;
std::tie(Iter, Inserted) = BBInfos.insert(std::make_pair(Src, nullptr)); std::tie(Iter, Inserted) = BBInfos.insert(std::make_pair(Src, nullptr));
if (Inserted) { if (Inserted) {
// Newly inserted, update the real info. // Newly inserted, update the real info.
Iter->second = std::move(std::make_unique<BBInfo>(Index)); Iter->second = std::move(std::make_unique<BBInfo>(Index));
Index++; Index++;
Show All 35 Lines

llvm/lib/Transforms/Instrumentation/PGOInstrumentation.cpp

Show First 20 LinesShow All 478 Lines▼ Show 20 Linesstruct SelectInstVisitor : public InstVisitor<SelectInstVisitor> {
unsigned getNumOfSelectInsts() const { return NSIs; } unsigned getNumOfSelectInsts() const { return NSIs; }
}; };
/// This class implements the CFG edges for the Minimum Spanning Tree (MST) /// This class implements the CFG edges for the Minimum Spanning Tree (MST)
/// based instrumentation. /// based instrumentation.
/// Note that the CFG can be a multi-graph. So there might be multiple edges /// Note that the CFG can be a multi-graph. So there might be multiple edges
/// with the same SrcBB and DestBB. /// with the same SrcBB and DestBB.
struct PGOEdge { struct PGOEdge {
const BasicBlock *SrcBB; BasicBlock *SrcBB;
const BasicBlock *DestBB; BasicBlock *DestBB;
uint64_t Weight; uint64_t Weight;
bool InMST = false; bool InMST = false;
bool Removed = false; bool Removed = false;
bool IsCritical = false; bool IsCritical = false;
PGOEdge(const BasicBlock *Src, const BasicBlock *Dest, uint64_t W = 1) PGOEdge(BasicBlock *Src, BasicBlock *Dest, uint64_t W = 1)
: SrcBB(Src), DestBB(Dest), Weight(W) {} : SrcBB(Src), DestBB(Dest), Weight(W) {}
/// Return the information string of an edge. /// Return the information string of an edge.
std::string infoString() const { std::string infoString() const {
return (Twine(Removed ? "-" : " ") + (InMST ? " " : "*") + return (Twine(Removed ? "-" : " ") + (InMST ? " " : "*") +
(IsCritical ? "c" : " ") + " W=" + Twine(Weight)) (IsCritical ? "c" : " ") + " W=" + Twine(Weight))
.str(); .str();
} }
▲ Show 20 LinesShow All 278 Lines▼ Show 20 Lines
// Given a CFG E to be instrumented, find which BB to place the instrumented // Given a CFG E to be instrumented, find which BB to place the instrumented
// code. The function will split the critical edge if necessary. // code. The function will split the critical edge if necessary.
template <class Edge, class BBInfo> template <class Edge, class BBInfo>
BasicBlock *FuncPGOInstrumentation<Edge, BBInfo>::getInstrBB(Edge *E) { BasicBlock *FuncPGOInstrumentation<Edge, BBInfo>::getInstrBB(Edge *E) {
if (E->InMST || E->Removed) if (E->InMST || E->Removed)
return nullptr; return nullptr;
BasicBlock *SrcBB = const_cast<BasicBlock *>(E->SrcBB); BasicBlock *SrcBB = E->SrcBB;
BasicBlock *DestBB = const_cast<BasicBlock *>(E->DestBB); BasicBlock *DestBB = E->DestBB;
// For a fake edge, instrument the real BB. // For a fake edge, instrument the real BB.
if (SrcBB == nullptr) if (SrcBB == nullptr)
return DestBB; return DestBB;
if (DestBB == nullptr) if (DestBB == nullptr)
return SrcBB; return SrcBB;
auto canInstrument = [](BasicBlock *BB) -> BasicBlock * { auto canInstrument = [](BasicBlock *BB) -> BasicBlock * {
// There are basic blocks (such as catchswitch) cannot be instrumented. // There are basic blocks (such as catchswitch) cannot be instrumented.
Show All 10 Lines if (TI->getNumSuccessors() <= 1)
return canInstrument(SrcBB); return canInstrument(SrcBB);
if (!E->IsCritical) if (!E->IsCritical)
return canInstrument(DestBB); return canInstrument(DestBB);
// Some IndirectBr critical edges cannot be split by the previous // Some IndirectBr critical edges cannot be split by the previous
// SplitIndirectBrCriticalEdges call. Bail out. // SplitIndirectBrCriticalEdges call. Bail out.
unsigned SuccNum = GetSuccessorNumber(SrcBB, DestBB); unsigned SuccNum = GetSuccessorNumber(SrcBB, DestBB);
BasicBlock *InstrBB = BasicBlock *InstrBB =
isa<IndirectBrInst>(TI) ? nullptr : SplitCriticalEdge(TI, SuccNum); isa<IndirectBrInst>(TI) ? nullptr : SplitCriticalEdge(TI, SuccNum);
DinistroAuthorUnsubmitted
Done
ReplyInline Actions

This full function is shared between the instrumentation and the use pass. Keeping const will always result in UB, as the SplitCriticalEdge function will be called with TI, which should be of type const Instruction *.
I fail to see how a templated edge class would help in resolving this issue, could you elaborate @xur ?

I believe that splitting the logic between instrument and usage might help to reduce the complexity and push const in some places, but that requires extended changes to the algorithms.

Dinistro: This full function is shared between the instrumentation and the use pass. Keeping const will…
if (!InstrBB) { if (!InstrBB) {
LLVM_DEBUG( LLVM_DEBUG(
dbgs() << "Fail to split critical edge: not instrument this edge.\n"); dbgs() << "Fail to split critical edge: not instrument this edge.\n");
return nullptr; return nullptr;
} }
// For a critical edge, we have to split. Instrument the newly // For a critical edge, we have to split. Instrument the newly
// created BB. // created BB.
IsCS ? NumOfCSPGOSplit++ : NumOfPGOSplit++; IsCS ? NumOfCSPGOSplit++ : NumOfPGOSplit++;
▲ Show 20 LinesShow All 157 Lines▼ Show 20 Lines for (uint32_t Kind = IPVK_First; Kind <= IPVK_Last; ++Kind) {
} }
} // IPVK_First <= Kind <= IPVK_Last } // IPVK_First <= Kind <= IPVK_Last
} }
namespace { namespace {
// This class represents a CFG edge in profile use compilation. // This class represents a CFG edge in profile use compilation.
struct PGOUseEdge : public PGOEdge { struct PGOUseEdge : public PGOEdge {
using PGOEdge::PGOEdge;
bool CountValid = false; bool CountValid = false;
uint64_t CountValue = 0; uint64_t CountValue = 0;
PGOUseEdge(const BasicBlock *Src, const BasicBlock *Dest, uint64_t W = 1)
: PGOEdge(Src, Dest, W) {}
// Set edge count value // Set edge count value
void setEdgeCount(uint64_t Value) { void setEdgeCount(uint64_t Value) {
CountValue = Value; CountValue = Value;
CountValid = true; CountValid = true;
} }
// Return the information string for this object. // Return the information string for this object.
std::string infoString() const { std::string infoString() const {
▲ Show 20 LinesShow All 1,589 LinesShow Last 20 Lines