This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
llvm/lib/Transforms/Instrumentation/
-
lib/
-
Transforms/
-
Instrumentation/
-
CFGMST.h
1/1
PGOInstrumentation.cpp

Differential D148903

[PGO] Avoid potential const_cast UB (NFC)
ClosedPublic

Authored by Dinistro on Apr 21 2023, 1:17 AM.

Download Raw Diff

Details

Reviewers

xur
gysit

Commits

rGa4cc7e784f93: [PGO] Avoid potential const_cast UB (NFC)

Summary

This commit removes potential UB in the PGO instrumentation passes that
was caused by casting away constness and then potentially modifying the
object.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

Dinistro created this revision.Apr 21 2023, 1:17 AM

Herald added a project: Restricted Project. · View Herald TranscriptApr 21 2023, 1:17 AM

Herald added subscribers: wlei, Enna1, wenlei, hiraditya. · View Herald Transcript

Dinistro requested review of this revision.Apr 21 2023, 1:17 AM

Herald added a project: Restricted Project. · View Herald TranscriptApr 21 2023, 1:17 AM

Herald added a subscriber: llvm-commits. · View Herald Transcript

Dinistro added reviewers: xur, gysit.Apr 21 2023, 1:22 AM

Harbormaster completed remote builds in B227108: Diff 515638.Apr 21 2023, 2:00 AM

LGTM!

This revision is now accepted and ready to land.Apr 23 2023, 11:51 PM

Herald added a subscriber: hoy. · View Herald TranscriptApr 23 2023, 11:51 PM

Thanks for working on this.
PGOEdge is shared by PGO instrumentation pass and PGO profile-use pass. We cast away const for PGO instrumentation. But for PGO profile-use, we don't change the BB. I would prefer to keep the const for profile-use passes. So I think a better fix is to make PGOEdge a template class, one with const and one without.

Added a comment to the critical UB causing part. Again, while there might be a way to keep constness, it requires extended changes. Fixing UB should be done first, afterwards, we can think about refactorings that allow us to keep constness where possible.

llvm/lib/Transforms/Instrumentation/PGOInstrumentation.cpp
840	This full function is shared between the instrumentation and the use pass. Keeping const will always result in UB, as the SplitCriticalEdge function will be called with `TI`, which should be of type `const Instruction *`. I fail to see how a templated edge class would help in resolving this issue, could you elaborate @xur ? I believe that splitting the logic between instrument and usage might help to reduce the complexity and push const in some places, but that requires extended changes to the algorithms.

@xur how should we proceed with this. It seems like eliminating UB in favor of less constness seems like a good initial step?

Closed by commit rGa4cc7e784f93: [PGO] Avoid potential const_cast UB (NFC) (authored by Dinistro). · Explain WhyMay 2 2023, 2:22 AM

This revision was automatically updated to reflect the committed changes.

Dinistro added a commit: rGa4cc7e784f93: [PGO] Avoid potential const_cast UB (NFC).

Revision Contents

Path

Size

llvm/

lib/

Transforms/

Instrumentation/

CFGMST.h

4 lines

PGOInstrumentation.cpp

15 lines

Diff 515638

llvm/lib/Transforms/Instrumentation/CFGMST.h

Show First 20 Lines • Show All 94 Lines • ▼ Show 20 Lines	public:
}		}

// Traverse the CFG using a stack. Find all the edges and assign the weight.		// Traverse the CFG using a stack. Find all the edges and assign the weight.
// Edges with large weight will be put into MST first so they are less likely		// Edges with large weight will be put into MST first so they are less likely
// to be instrumented.		// to be instrumented.
void buildEdges() {		void buildEdges() {
LLVM_DEBUG(dbgs() << "Build Edge on " << F.getName() << "\n");		LLVM_DEBUG(dbgs() << "Build Edge on " << F.getName() << "\n");

const BasicBlock *Entry = &(F.getEntryBlock());		BasicBlock *Entry = &(F.getEntryBlock());
uint64_t EntryWeight = (BFI != nullptr ? BFI->getEntryFreq() : 2);		uint64_t EntryWeight = (BFI != nullptr ? BFI->getEntryFreq() : 2);
// If we want to instrument the entry count, lower the weight to 0.		// If we want to instrument the entry count, lower the weight to 0.
if (InstrumentFuncEntry)		if (InstrumentFuncEntry)
EntryWeight = 0;		EntryWeight = 0;
Edge EntryIncoming = nullptr, EntryOutgoing = nullptr,		Edge EntryIncoming = nullptr, EntryOutgoing = nullptr,
ExitOutgoing = nullptr, ExitIncoming = nullptr;		ExitOutgoing = nullptr, ExitIncoming = nullptr;
uint64_t MaxEntryOutWeight = 0, MaxExitOutWeight = 0, MaxExitInWeight = 0;		uint64_t MaxEntryOutWeight = 0, MaxExitOutWeight = 0, MaxExitInWeight = 0;

▲ Show 20 Lines • Show All 140 Lines • ▼ Show 20 Lines	OS << " Number of Edges: " << AllEdges.size()
<< " (*: Instrument, C: CriticalEdge, -: Removed)\n";		<< " (*: Instrument, C: CriticalEdge, -: Removed)\n";
uint32_t Count = 0;		uint32_t Count = 0;
for (auto &EI : AllEdges)		for (auto &EI : AllEdges)
OS << " Edge " << Count++ << ": " << getBBInfo(EI->SrcBB).Index << "-->"		OS << " Edge " << Count++ << ": " << getBBInfo(EI->SrcBB).Index << "-->"
<< getBBInfo(EI->DestBB).Index << EI->infoString() << "\n";		<< getBBInfo(EI->DestBB).Index << EI->infoString() << "\n";
}		}

// Add an edge to AllEdges with weight W.		// Add an edge to AllEdges with weight W.
Edge &addEdge(const BasicBlock Src, const BasicBlock Dest, uint64_t W) {		Edge &addEdge(BasicBlock Src, BasicBlock Dest, uint64_t W) {
uint32_t Index = BBInfos.size();		uint32_t Index = BBInfos.size();
auto Iter = BBInfos.end();		auto Iter = BBInfos.end();
bool Inserted;		bool Inserted;
std::tie(Iter, Inserted) = BBInfos.insert(std::make_pair(Src, nullptr));		std::tie(Iter, Inserted) = BBInfos.insert(std::make_pair(Src, nullptr));
if (Inserted) {		if (Inserted) {
// Newly inserted, update the real info.		// Newly inserted, update the real info.
Iter->second = std::move(std::make_unique<BBInfo>(Index));		Iter->second = std::move(std::make_unique<BBInfo>(Index));
Index++;		Index++;
Show All 35 Lines

llvm/lib/Transforms/Instrumentation/PGOInstrumentation.cpp

Show First 20 Lines • Show All 484 Lines • ▼ Show 20 Lines

/// An MST based instrumentation for PGO		/// An MST based instrumentation for PGO
///		///
/// Implements a Minimum Spanning Tree (MST) based instrumentation for PGO		/// Implements a Minimum Spanning Tree (MST) based instrumentation for PGO
/// in the function level.		/// in the function level.
struct PGOEdge {		struct PGOEdge {
// This class implements the CFG edges. Note the CFG can be a multi-graph.		// This class implements the CFG edges. Note the CFG can be a multi-graph.
// So there might be multiple edges with same SrcBB and DestBB.		// So there might be multiple edges with same SrcBB and DestBB.
const BasicBlock *SrcBB;		BasicBlock *SrcBB;
const BasicBlock *DestBB;		BasicBlock *DestBB;
uint64_t Weight;		uint64_t Weight;
bool InMST = false;		bool InMST = false;
bool Removed = false;		bool Removed = false;
bool IsCritical = false;		bool IsCritical = false;

PGOEdge(const BasicBlock Src, const BasicBlock Dest, uint64_t W = 1)		PGOEdge(BasicBlock Src, BasicBlock Dest, uint64_t W = 1)
: SrcBB(Src), DestBB(Dest), Weight(W) {}		: SrcBB(Src), DestBB(Dest), Weight(W) {}

// Return the information string of an edge.		// Return the information string of an edge.
std::string infoString() const {		std::string infoString() const {
return (Twine(Removed ? "-" : " ") + (InMST ? " " : "*") +		return (Twine(Removed ? "-" : " ") + (InMST ? " " : "*") +
(IsCritical ? "c" : " ") + " W=" + Twine(Weight)).str();		(IsCritical ? "c" : " ") + " W=" + Twine(Weight)).str();
}		}
};		};
▲ Show 20 Lines • Show All 295 Lines • ▼ Show 20 Lines

// Given a CFG E to be instrumented, find which BB to place the instrumented		// Given a CFG E to be instrumented, find which BB to place the instrumented
// code. The function will split the critical edge if necessary.		// code. The function will split the critical edge if necessary.
template <class Edge, class BBInfo>		template <class Edge, class BBInfo>
BasicBlock FuncPGOInstrumentation<Edge, BBInfo>::getInstrBB(Edge E) {		BasicBlock FuncPGOInstrumentation<Edge, BBInfo>::getInstrBB(Edge E) {
if (E->InMST \|\| E->Removed)		if (E->InMST \|\| E->Removed)
return nullptr;		return nullptr;

BasicBlock SrcBB = const_cast<BasicBlock >(E->SrcBB);		BasicBlock *SrcBB = E->SrcBB;
BasicBlock DestBB = const_cast<BasicBlock >(E->DestBB);		BasicBlock *DestBB = E->DestBB;
// For a fake edge, instrument the real BB.		// For a fake edge, instrument the real BB.
if (SrcBB == nullptr)		if (SrcBB == nullptr)
return DestBB;		return DestBB;
if (DestBB == nullptr)		if (DestBB == nullptr)
return SrcBB;		return SrcBB;

auto canInstrument = [](BasicBlock BB) -> BasicBlock {		auto canInstrument = [](BasicBlock BB) -> BasicBlock {
// There are basic blocks (such as catchswitch) cannot be instrumented.		// There are basic blocks (such as catchswitch) cannot be instrumented.
Show All 10 Lines	if (TI->getNumSuccessors() <= 1)
return canInstrument(SrcBB);		return canInstrument(SrcBB);
if (!E->IsCritical)		if (!E->IsCritical)
return canInstrument(DestBB);		return canInstrument(DestBB);

// Some IndirectBr critical edges cannot be split by the previous		// Some IndirectBr critical edges cannot be split by the previous
// SplitIndirectBrCriticalEdges call. Bail out.		// SplitIndirectBrCriticalEdges call. Bail out.
unsigned SuccNum = GetSuccessorNumber(SrcBB, DestBB);		unsigned SuccNum = GetSuccessorNumber(SrcBB, DestBB);
BasicBlock *InstrBB =		BasicBlock *InstrBB =
isa<IndirectBrInst>(TI) ? nullptr : SplitCriticalEdge(TI, SuccNum);		isa<IndirectBrInst>(TI) ? nullptr : SplitCriticalEdge(TI, SuccNum);
		DinistroAuthorUnsubmitted Done Reply Inline Actions This full function is shared between the instrumentation and the use pass. Keeping const will always result in UB, as the SplitCriticalEdge function will be called with `TI`, which should be of type `const Instruction `. I fail to see how a templated edge class would help in resolving this issue, could you elaborate @xur ? I believe that splitting the logic between instrument and usage might help to reduce the complexity and push const in some places, but that requires extended changes to the algorithms. Dinistro:* This full function is shared between the instrumentation and the use pass. Keeping const will…
if (!InstrBB) {		if (!InstrBB) {
LLVM_DEBUG(		LLVM_DEBUG(
dbgs() << "Fail to split critical edge: not instrument this edge.\n");		dbgs() << "Fail to split critical edge: not instrument this edge.\n");
return nullptr;		return nullptr;
}		}
// For a critical edge, we have to split. Instrument the newly		// For a critical edge, we have to split. Instrument the newly
// created BB.		// created BB.
IsCS ? NumOfCSPGOSplit++ : NumOfPGOSplit++;		IsCS ? NumOfCSPGOSplit++ : NumOfPGOSplit++;
▲ Show 20 Lines • Show All 157 Lines • ▼ Show 20 Lines	for (uint32_t Kind = IPVK_First; Kind <= IPVK_Last; ++Kind) {
}		}
} // IPVK_First <= Kind <= IPVK_Last		} // IPVK_First <= Kind <= IPVK_Last
}		}

namespace {		namespace {

// This class represents a CFG edge in profile use compilation.		// This class represents a CFG edge in profile use compilation.
struct PGOUseEdge : public PGOEdge {		struct PGOUseEdge : public PGOEdge {
		using PGOEdge::PGOEdge;

bool CountValid = false;		bool CountValid = false;
uint64_t CountValue = 0;		uint64_t CountValue = 0;

PGOUseEdge(const BasicBlock Src, const BasicBlock Dest, uint64_t W = 1)
: PGOEdge(Src, Dest, W) {}

// Set edge count value		// Set edge count value
void setEdgeCount(uint64_t Value) {		void setEdgeCount(uint64_t Value) {
CountValue = Value;		CountValue = Value;
CountValid = true;		CountValid = true;
}		}

// Return the information string for this object.		// Return the information string for this object.
std::string infoString() const {		std::string infoString() const {
▲ Show 20 Lines • Show All 1,572 Lines • Show Last 20 Lines