This is an archive of the discontinued LLVM Phabricator instance.

Differential D149711

[PowerPC] Remove asserts from the disassembler.
ClosedPublic

Authored by stefanp on May 2 2023, 6:15 PM.

Details

Reviewers
lei
nemanjai
amyk
Group Reviewers
Restricted Project
Commits
rG11fbd0c6abc9: [PowerPC] Remove asserts from the disassembler.
Summary

My previous patch had added a couple of asserts to the disassembler.
The problem with this is that the disassembler is not just used for the
text section it is also used to disassemble the data section of an
object where the bytes do not necessarily represent instructions. If the
data in the data section happens to look like an illegal instruction
then llvm-objdump will assert on data because it is finding an illegal
instruction that is not actually an instruction at all.

Diff Detail

Event Timeline

stefanp created this revision.May 2 2023, 6:15 PM
Herald added a project: Restricted Project. · View Herald TranscriptMay 2 2023, 6:15 PM
Herald added subscribers: shchenz, kbarton, hiraditya. · View Herald Transcript
stefanp requested review of this revision.May 2 2023, 6:15 PM
Herald added a project: Restricted Project. · View Herald TranscriptMay 2 2023, 6:15 PM
stefanp added a reviewer: Restricted Project.May 2 2023, 6:15 PM
Harbormaster completed remote builds in B229582: Diff 518928.May 2 2023, 7:01 PM
barannikov88 added a subscriber: barannikov88.May 2 2023, 7:53 PM
shchenz added inline comments.May 10 2023, 7:58 PM
llvm/lib/Target/PowerPC/Disassembler/PPCDisassembler.cpp
118

Little confused. From the function name and its parameter seems like this function should only be called for instructions. Is it possible that there is a wrong call to this function? For example, for data, we should not decode fpr RC as there is no RC for data at all?

amyk added a comment.May 18 2023, 7:32 AM

Could we also update the description of the patch to specify what My previous patch means (as in, which patch)?

llvm/test/MC/Disassembler/PowerPC/ppc64-encoding-dfp.txt
27

Might be a silly question, but I have a clarification question.
Is the goal here, we want the disassembler to still continue decoding an instruction (even if it is invalid/illegal), but cannot have it assert? Does anything special need to happen after we have decoded an illegal instruction?

barannikov88 added inline comments.May 18 2023, 7:49 AM
llvm/lib/Target/PowerPC/Disassembler/PPCDisassembler.cpp
118

The removed assertion should have been changed to if (...) return DecodeStatus::Fail; so that random data is not decoded into invalid instructions.
The added test should be a negative one.

nemanjai added a comment.May 18 2023, 7:54 AM

Please note that this assert can trip even when disassembling with --disassemble and not just -disassemble-all. Namely, the offending word can appear in the text section (for example, the AIX traceback table, etc.).
This is very similar to https://reviews.llvm.org/rGc86f8d4276ae

llvm/lib/Target/PowerPC/Disassembler/PPCDisassembler.cpp
118–119

Lets not just remove these. Please change it to something like:

if (RegNo > 30 || (RegNo & 1))
  return MCDisassembler::Fail;
nemanjai added inline comments.May 18 2023, 8:00 AM
llvm/lib/Target/PowerPC/Disassembler/PPCDisassembler.cpp
86

While we're at it, we can turn this one into a disassembly failure rather than an assert.

351

While we're at it, we can turn this one into a disassembly failure rather than an assert.

stefanp updated this revision to Diff 523887.May 19 2023, 12:07 PM

Added the conditions so that we return DecodeStatus::Fail instead of asserting.

llvm/lib/Target/PowerPC/Disassembler/PPCDisassembler.cpp
118

It is not an incorrect call to the function. The disassembler will call this whenever it tries to disassemble anything that looks like it might be an instruction. As other people in the comments mentioned I need to stop the assert and instead just return a failure to disassemble.

llvm/test/MC/Disassembler/PowerPC/ppc64-encoding-dfp.txt
27

No, we don't want to decode an incorrect instruction. The initial issue was that we would decode an instruction that was part of the data section or (as Nemanja pointed out) part of the AIX traceback table and those bytes just happened to look like an instruction but an invalid instruction. When I had the asserts in there the disassembler would assert and we don't want that.

Harbormaster completed remote builds in B233265: Diff 523887.May 19 2023, 2:36 PM
nemanjai added inline comments.May 19 2023, 5:39 PM
llvm/lib/Target/PowerPC/Disassembler/PPCDisassembler.cpp
351

Did you just miss this one or is there a reason you didn't address this comment?

stefanp updated this revision to Diff 524728.May 23 2023, 8:05 AM

Updated one assert that I missed.

stefanp added inline comments.May 23 2023, 8:06 AM
llvm/lib/Target/PowerPC/Disassembler/PPCDisassembler.cpp
351

Sorry, I did miss this one.

Harbormaster completed remote builds in B233880: Diff 524728.May 23 2023, 9:06 AM
nemanjai accepted this revision.May 23 2023, 2:07 PM

LGTM. Thanks for fixing these.

This revision is now accepted and ready to land.May 23 2023, 2:07 PM
stefanp updated this revision to Diff 525246.May 24 2023, 10:22 AM

Rebased to top of main.

This revision was landed with ongoing or failed builds.May 24 2023, 10:22 AM
Closed by commit rG11fbd0c6abc9: [PowerPC] Remove asserts from the disassembler. (authored by stefanp). · Explain Why
This revision was automatically updated to reflect the committed changes.
stefanp added a commit: rG11fbd0c6abc9: [PowerPC] Remove asserts from the disassembler..
Harbormaster completed remote builds in B234254: Diff 525246.May 24 2023, 11:47 AM

Revision Contents

PathSize
llvm/
lib/
Target/
PowerPC/
Disassembler/
2 lines
test/
MC/
Disassembler/
PowerPC/
9 lines

Diff 518928

llvm/lib/Target/PowerPC/Disassembler/PPCDisassembler.cpp

Show First 20 LinesShow All 77 Lines▼ Show 20 Lines
} }
// FIXME: These can be generated by TableGen from the existing register // FIXME: These can be generated by TableGen from the existing register
// encoding values! // encoding values!
template <std::size_t N> template <std::size_t N>
static DecodeStatus decodeRegisterClass(MCInst &Inst, uint64_t RegNo, static DecodeStatus decodeRegisterClass(MCInst &Inst, uint64_t RegNo,
const MCPhysReg (&Regs)[N]) { const MCPhysReg (&Regs)[N]) {
assert(RegNo < N && "Invalid register number"); assert(RegNo < N && "Invalid register number");
nemanjaiUnsubmitted
Not Done
ReplyInline Actions

While we're at it, we can turn this one into a disassembly failure rather than an assert.

nemanjai: While we're at it, we can turn this one into a disassembly failure rather than an assert.
Inst.addOperand(MCOperand::createReg(Regs[RegNo])); Inst.addOperand(MCOperand::createReg(Regs[RegNo]));
return MCDisassembler::Success; return MCDisassembler::Success;
} }
static DecodeStatus DecodeCRRCRegisterClass(MCInst &Inst, uint64_t RegNo, static DecodeStatus DecodeCRRCRegisterClass(MCInst &Inst, uint64_t RegNo,
uint64_t Address, uint64_t Address,
const MCDisassembler *Decoder) { const MCDisassembler *Decoder) {
return decodeRegisterClass(Inst, RegNo, CRRegs); return decodeRegisterClass(Inst, RegNo, CRRegs);
Show All 15 Linesstatic DecodeStatus DecodeF8RCRegisterClass(MCInst &Inst, uint64_t RegNo,
uint64_t Address, uint64_t Address,
const MCDisassembler *Decoder) { const MCDisassembler *Decoder) {
return decodeRegisterClass(Inst, RegNo, FRegs); return decodeRegisterClass(Inst, RegNo, FRegs);
} }
static DecodeStatus DecodeFpRCRegisterClass(MCInst &Inst, uint64_t RegNo, static DecodeStatus DecodeFpRCRegisterClass(MCInst &Inst, uint64_t RegNo,
uint64_t Address, uint64_t Address,
const MCDisassembler *Decoder) { const MCDisassembler *Decoder) {
assert(RegNo <= 30 && "Expecting a register number no more than 30.");
barannikov88Unsubmitted
Not Done
ReplyInline Actions

The removed assertion should have been changed to if (...) return DecodeStatus::Fail; so that random data is not decoded into invalid instructions.
The added test should be a negative one.

barannikov88: The removed assertion should have been changed to `if (...) return DecodeStatus::Fail;` so that…
assert((RegNo & 1) == 0 && "Expecting an even register number.");
nemanjaiUnsubmitted
Not Done
ReplyInline Actions

Lets not just remove these. Please change it to something like:

if (RegNo > 30 || (RegNo & 1))
  return MCDisassembler::Fail;
nemanjai: Lets not just remove these. Please change it to something like: ``` if (RegNo > 30 || (RegNo…
return decodeRegisterClass(Inst, RegNo >> 1, FpRegs); return decodeRegisterClass(Inst, RegNo >> 1, FpRegs);
shchenzUnsubmitted
Not Done
ReplyInline Actions

Little confused. From the function name and its parameter seems like this function should only be called for instructions. Is it possible that there is a wrong call to this function? For example, for data, we should not decode fpr RC as there is no RC for data at all?

shchenz: Little confused. From the function name and its parameter seems like this function should only…
stefanpAuthorUnsubmitted
Not Done
ReplyInline Actions

It is not an incorrect call to the function. The disassembler will call this whenever it tries to disassemble anything that looks like it might be an instruction. As other people in the comments mentioned I need to stop the assert and instead just return a failure to disassemble.

stefanp: It is not an incorrect call to the function. The disassembler will call this whenever it tries…
} }
static DecodeStatus DecodeVFRCRegisterClass(MCInst &Inst, uint64_t RegNo, static DecodeStatus DecodeVFRCRegisterClass(MCInst &Inst, uint64_t RegNo,
uint64_t Address, uint64_t Address,
const MCDisassembler *Decoder) { const MCDisassembler *Decoder) {
return decodeRegisterClass(Inst, RegNo, VFRegs); return decodeRegisterClass(Inst, RegNo, VFRegs);
} }
▲ Show 20 LinesShow All 214 Lines▼ Show 20 Lines
} }
static DecodeStatus decodeCRBitMOperand(MCInst &Inst, uint64_t Imm, static DecodeStatus decodeCRBitMOperand(MCInst &Inst, uint64_t Imm,
int64_t Address, int64_t Address,
const MCDisassembler *Decoder) { const MCDisassembler *Decoder) {
// The cr bit encoding is 0x80 >> cr_reg_num. // The cr bit encoding is 0x80 >> cr_reg_num.
unsigned Zeros = llvm::countr_zero(Imm); unsigned Zeros = llvm::countr_zero(Imm);
assert(Zeros < 8 && "Invalid CR bit value"); assert(Zeros < 8 && "Invalid CR bit value");
nemanjaiUnsubmitted
Not Done
ReplyInline Actions

While we're at it, we can turn this one into a disassembly failure rather than an assert.

nemanjai: While we're at it, we can turn this one into a disassembly failure rather than an assert.
nemanjaiUnsubmitted
Not Done
ReplyInline Actions

Did you just miss this one or is there a reason you didn't address this comment?

nemanjai: Did you just miss this one or is there a reason you didn't address this comment?
stefanpAuthorUnsubmitted
Not Done
ReplyInline Actions

Sorry, I did miss this one.

stefanp: Sorry, I did miss this one.
Inst.addOperand(MCOperand::createReg(CRRegs[7 - Zeros])); Inst.addOperand(MCOperand::createReg(CRRegs[7 - Zeros]));
return MCDisassembler::Success; return MCDisassembler::Success;
} }
#include "PPCGenDisassemblerTables.inc" #include "PPCGenDisassemblerTables.inc"
DecodeStatus PPCDisassembler::getInstruction(MCInst &MI, uint64_t &Size, DecodeStatus PPCDisassembler::getInstruction(MCInst &MI, uint64_t &Size,
▲ Show 20 LinesShow All 45 LinesShow Last 20 Lines

llvm/test/MC/Disassembler/PowerPC/ppc64-encoding-dfp.txt

Show All 17 Lines
# CHECK: dsub. 2, 3, 4 # CHECK: dsub. 2, 3, 4
0xec 0x43 0x24 0x05 0xec 0x43 0x24 0x05
# CHECK: dsubq 2, 6, 4 # CHECK: dsubq 2, 6, 4
0xfc 0x46 0x24 0x04 0xfc 0x46 0x24 0x04
# CHECK: dsubq. 2, 6, 4 # CHECK: dsubq. 2, 6, 4
0xfc 0x46 0x24 0x05 0xfc 0x46 0x24 0x05
# This is actually the encoding for an invalid instruction.
amykUnsubmitted
Not Done
ReplyInline Actions

Might be a silly question, but I have a clarification question.
Is the goal here, we want the disassembler to still continue decoding an instruction (even if it is invalid/illegal), but cannot have it assert? Does anything special need to happen after we have decoded an illegal instruction?

amyk: Might be a silly question, but I have a clarification question. Is the goal here, we want the…
stefanpAuthorUnsubmitted
Done
ReplyInline Actions

No, we don't want to decode an incorrect instruction. The initial issue was that we would decode an instruction that was part of the data section or (as Nemanja pointed out) part of the AIX traceback table and those bytes just happened to look like an instruction but an invalid instruction. When I had the asserts in there the disassembler would assert and we don't want that.

stefanp: No, we don't want to decode an incorrect instruction. The initial issue was that we would…
# However, we check it here because the disassembler shouldn't check if an
# instruction is valid when decoding it because llvm-objdump uses the decoder
# for data sections as well as text sections and we do not want to assert in
# cases where we are decoding a data section that happens to match an invalid
# instruction.
# CHECK: dsubq 0, 6, 30
0xfc 0x06 0xfc 0x04