This is an archive of the discontinued LLVM Phabricator instance.

Differential D149191

[CodeGen][MachineLastInstrsCleanup] fix INLINEASM_BR hazard
ClosedPublic

Authored by nickdesaulniers on Apr 25 2023, 2:09 PM.

Details

Reviewers
jonpa
efriedma
void
jyknight
Commits
rG012ea747ed02: [CodeGen][MachineLastInstrsCleanup] fix INLINEASM_BR hazard
Summary

If the removable definition resides in an INLINEASM_BR target, the
reuseable candidate might not dominate the INLINEASM_BR.

bb0:
   INLINEASM_BR &"" %bb.1
   renamable $x8 = MOVi64imm 29273397577910035
   B %bb.2
   ...
 bb1:
   renamable $x8 = MOVi64imm 29273397577910035
   renamable $x8 = ADDXri killed renamable $x8, 2048, 0
 bb2:

Removing the second mov is a hazard when the inline asm branches to bb1.

Skip such replacements when the to be removed instruction is in the
target of such an INLINEASM_BR instruction.

We could get more aggressive about this in the future, but for now
simply abort.

This is causing a boot failure on linux-4.19.y branches of the LTS Linux
kernel for ARCH=arm64 with CONFIG_RANDOMIZE_BASE=y (KASLR) and
CONFIG_UNMAP_KERNEL_AT_EL0=y (KPTI).

Link: https://reviews.llvm.org/D123394
Link: https://github.com/ClangBuiltLinux/linux/issues/1837

Thanks to @nathanchance for the report, and @ardb for debugging.

Diff Detail

Event Timeline

nickdesaulniers created this revision.Apr 25 2023, 2:09 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 25 2023, 2:09 PM
Herald added subscribers: pengfei, hiraditya, kristof.beyls. · View Herald Transcript
nickdesaulniers requested review of this revision.Apr 25 2023, 2:09 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 25 2023, 2:09 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
Harbormaster completed remote builds in B228093: Diff 516902.Apr 25 2023, 2:11 PM
nickdesaulniers updated this revision to Diff 517289.Apr 26 2023, 1:20 PM
nickdesaulniers retitled this revision from [CodeGen][MachineLastInstrsCleanup] don't hoist loads above INLINEASM to [CodeGen][MachineLastInstrsCleanup] fix INLINEASM_BR hazard.
nickdesaulniers edited the summary of this revision. (Show Details)
nickdesaulniers added subscribers: ardb, nathanchance.
  • new change
Harbormaster completed remote builds in B228372: Diff 517289.Apr 26 2023, 1:20 PM
nickdesaulniers added reviewers: jonpa, efriedma, void, jyknight.Apr 26 2023, 1:21 PM
nickdesaulniers added a parent revision: D149190: [CodeGen] precommit machine-latecleanup test.
nickdesaulniers added subscribers: danielkiss, asb, RKSimon.
nickdesaulniers added a comment.Apr 26 2023, 1:24 PM

(This will need to be backported to release/16.x since release/16.x contains 5ecd363)

efriedma accepted this revision.Apr 26 2023, 3:10 PM

If I'm following correctly, the issue is specifically with definitions after the INLINEASM_BR (which only execute in the fallthrough case)? In that case, you could theoretically still do some sort of analysis... but it gets a lot more complicated, so this fix seems sufficient. LGTM

This revision is now accepted and ready to land.Apr 26 2023, 3:10 PM
nickdesaulniers added a comment.EditedApr 26 2023, 3:12 PM
In D149191#4300468, @efriedma wrote:

If I'm following correctly, the issue is specifically with definitions after the INLINEASM_BR (which only execute in the fallthrough case)? In that case, you could theoretically still do some sort of analysis... but it gets a lot more complicated, so this fix seems sufficient. LGTM

Yeah, this should be something quick that is low risk for a backport. I started hacking up the more precise fix, but it turns out you need to find the corresponding INLINEASM_BR in the pred MBB (could be multiple) and check which dominates. That doesn't seem as low risk as this for backporting.

Thanks for the review!

This revision was landed with ongoing or failed builds.Apr 27 2023, 1:46 PM
Closed by commit rG012ea747ed02: [CodeGen][MachineLastInstrsCleanup] fix INLINEASM_BR hazard (authored by nickdesaulniers). · Explain Why
This revision was automatically updated to reflect the committed changes.
nickdesaulniers added a commit: rG012ea747ed02: [CodeGen][MachineLastInstrsCleanup] fix INLINEASM_BR hazard.

Revision Contents

PathSize
llvm/
lib/
CodeGen/
3 lines
test/
CodeGen/
AArch64/
3 lines

Diff 517702

llvm/lib/CodeGen/MachineLateInstrsCleanup.cpp

Show First 20 LinesShow All 169 Lines▼ Show 20 Linesstatic bool isCandidate(const MachineInstr *MI, Register &DefedReg,
return DefedReg.isValid(); return DefedReg.isValid();
} }
bool MachineLateInstrsCleanup::processBlock(MachineBasicBlock *MBB) { bool MachineLateInstrsCleanup::processBlock(MachineBasicBlock *MBB) {
bool Changed = false; bool Changed = false;
Reg2DefMap &MBBDefs = RegDefs[MBB->getNumber()]; Reg2DefMap &MBBDefs = RegDefs[MBB->getNumber()];
// Find reusable definitions in the predecessor(s). // Find reusable definitions in the predecessor(s).
if (!MBB->pred_empty() && !MBB->isEHPad()) { if (!MBB->pred_empty() && !MBB->isEHPad() &&
!MBB->isInlineAsmBrIndirectTarget()) {
MachineBasicBlock *FirstPred = *MBB->pred_begin(); MachineBasicBlock *FirstPred = *MBB->pred_begin();
for (auto [Reg, DefMI] : RegDefs[FirstPred->getNumber()]) for (auto [Reg, DefMI] : RegDefs[FirstPred->getNumber()])
if (llvm::all_of( if (llvm::all_of(
drop_begin(MBB->predecessors()), drop_begin(MBB->predecessors()),
[&, &Reg = Reg, &DefMI = DefMI](const MachineBasicBlock *Pred) { [&, &Reg = Reg, &DefMI = DefMI](const MachineBasicBlock *Pred) {
auto PredDefI = RegDefs[Pred->getNumber()].find(Reg); auto PredDefI = RegDefs[Pred->getNumber()].find(Reg);
return PredDefI != RegDefs[Pred->getNumber()].end() && return PredDefI != RegDefs[Pred->getNumber()].end() &&
DefMI->isIdenticalTo(*PredDefI->second); DefMI->isIdenticalTo(*PredDefI->second);
▲ Show 20 LinesShow All 53 LinesShow Last 20 Lines

llvm/test/CodeGen/AArch64/machine-latecleanup-inlineasm.mir

Show First 20 LinesShow All 154 Lines▼ Show 20 Linesbody: |
; CHECK-NEXT: renamable $x23 = COPY $x1 ; CHECK-NEXT: renamable $x23 = COPY $x1
; CHECK-NEXT: renamable $x24 = COPY $x0 ; CHECK-NEXT: renamable $x24 = COPY $x0
; CHECK-NEXT: INLINEASM_BR &"b $0", 1 /* sideeffect attdialect */, 13 /* imm */, %bb.1 ; CHECK-NEXT: INLINEASM_BR &"b $0", 1 /* sideeffect attdialect */, 13 /* imm */, %bb.1
; CHECK-NEXT: renamable $x8 = MOVi64imm 29273397577910035 ; CHECK-NEXT: renamable $x8 = MOVi64imm 29273397577910035
; CHECK-NEXT: B %bb.2 ; CHECK-NEXT: B %bb.2
; CHECK-NEXT: {{ $}} ; CHECK-NEXT: {{ $}}
; CHECK-NEXT: bb.1.bb8 (machine-block-address-taken, inlineasm-br-indirect-target): ; CHECK-NEXT: bb.1.bb8 (machine-block-address-taken, inlineasm-br-indirect-target):
; CHECK-NEXT: successors: %bb.2(0x80000000) ; CHECK-NEXT: successors: %bb.2(0x80000000)
; CHECK-NEXT: liveins: $w20, $x19, $x21, $x22, $x23, $x24, $x8 ; CHECK-NEXT: liveins: $w20, $x19, $x21, $x22, $x23, $x24
; CHECK-NEXT: {{ $}} ; CHECK-NEXT: {{ $}}
; CHECK-NEXT: renamable $x8 = MOVi64imm 29273397577910035
; CHECK-NEXT: renamable $x8 = ADDXri killed renamable $x8, 2048, 0 ; CHECK-NEXT: renamable $x8 = ADDXri killed renamable $x8, 2048, 0
; CHECK-NEXT: {{ $}} ; CHECK-NEXT: {{ $}}
; CHECK-NEXT: bb.2.bb9: ; CHECK-NEXT: bb.2.bb9:
; CHECK-NEXT: successors: %bb.3(0x80000000) ; CHECK-NEXT: successors: %bb.3(0x80000000)
; CHECK-NEXT: liveins: $w20, $x8, $x19, $x21, $x22, $x23, $x24 ; CHECK-NEXT: liveins: $w20, $x8, $x19, $x21, $x22, $x23, $x24
; CHECK-NEXT: {{ $}} ; CHECK-NEXT: {{ $}}
; CHECK-NEXT: renamable $x25 = COPY $xzr ; CHECK-NEXT: renamable $x25 = COPY $xzr
; CHECK-NEXT: renamable $w27 = MOVi32imm 1, implicit-def $x27 ; CHECK-NEXT: renamable $w27 = MOVi32imm 1, implicit-def $x27
▲ Show 20 LinesShow All 88 LinesShow Last 20 Lines