This is an archive of the discontinued LLVM Phabricator instance.

Differential D156389

[BOLT] Fix instrumenting conditional tail calls
ClosedPublic

Authored by Amir on Jul 26 2023, 8:25 PM.

Details

Reviewers
rafauler
maksfb
Group Reviewers
Restricted Project
Commits
rG70e76e0982a9: [BOLT] Fix instrumenting conditional tail calls
Summary

We identify instructions to be instrumented based on Offset annotation.

BOLT "expands" conditional tail calls into a conditional jump to a basic block
with unconditional tail call. Move Offset annotation from former CTC to the tail
call.

For expanded CTC we keep Offset attached to the original instruction which is
converted into a regular conditional jump, while leaving the newly created tail
call without an Offset annotation. This leads to attempting the instrumentation
of the conditional jump which points to the basic block with an inherited input
offset thus creating an invalid edge description. At the same time, the newly
created tail call is skipped entirely which means we're not creating a call
description for it.

If we instead reassign Offset annotation from the conditional jump to the tail
call we fix both issues. The conditional jump will be skipped not creating an
invalid edge description, while tail call will be handled properly (unformly
with regular calls).

Diff Detail

Event Timeline

Amir created this revision.Jul 26 2023, 8:25 PM
Herald added a reviewer: rafauler. · View Herald TranscriptJul 26 2023, 8:25 PM
Herald added a reviewer: maksfb. · View Herald Transcript
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: treapster, ayermolo. · View Herald Transcript
Amir requested review of this revision.Jul 26 2023, 8:25 PM
Herald added a project: Restricted Project. · View Herald TranscriptJul 26 2023, 8:25 PM
Herald added subscribers: llvm-commits, yota9. · View Herald Transcript
Harbormaster completed remote builds in B248424: Diff 544581.Jul 26 2023, 8:31 PM
maksfb added a comment.Jul 27 2023, 1:05 PM

Thanks for the quick fix. Can we use instruction annotations instead of IsCondTailCall basic block property for the conditional tail call identification?

Amir added a comment.Jul 27 2023, 3:13 PM
This comment was removed by Amir.
Amir updated this revision to Diff 544953.Jul 27 2023, 3:25 PM

Replace BB->isCondTailCall property with BB->getNumPseudos() == 1 and
BB->getLastNonPseudo is a tail call.

Harbormaster completed remote builds in B248707: Diff 544953.Jul 27 2023, 3:32 PM
Amir updated this revision to Diff 545015.Jul 27 2023, 9:51 PM

Identify cond tail call blocks by their offset (being equal to parent blocks' input offset)

Harbormaster completed remote builds in B248748: Diff 545015.Jul 27 2023, 9:57 PM
maksfb added inline comments.Jul 27 2023, 11:36 PM
bolt/lib/Passes/Instrumentation.cpp
103–104 ↗(On Diff #545015)

Can we merge IsInvoke and IsCondTailCall into a single argument, e.g. NeedsInstrumentation?

231–232 ↗(On Diff #545015)

Same args can me merged here too.

396–397 ↗(On Diff #545015)

While this approach works, a more explicit way to identify CTCs will be to mark TC instructions created from CTCs with a proper annotation and check for this annotation during instrumentation.

Amir updated this revision to Diff 545242.Jul 28 2023, 12:13 PM

Move Offset annotation from former CTC to the tail call.

We identify instructions to be instrumented based on Offset annotation.

For expanded CTC we keep Offset attached to the original instruction which is
converted into a regular conditional jump, while leaving the newly created tail
call without an Offset annotation. This leads to attempting the instrumentation
of the conditional jump which points to the basic block with an inherited input
offset thus creating an invalid edge description. At the same time, the newly
created tail call is skipped entirely which means we're not creating a call
description for it.

If we instead reassign Offset annotation from the conditional jump to the tail
call we fix both issues. The conditional jump will be skipped not creating an
invalid edge description, while tail call will be handled properly (unformly
with regular calls).

Amir retitled this revision from [BOLT] Add support for instrumenting conditional tail calls to [BOLT] Fix instrumenting conditional tail calls.Jul 28 2023, 12:16 PM
Amir edited the summary of this revision. (Show Details)
Harbormaster completed remote builds in B248903: Diff 545242.Jul 28 2023, 12:23 PM
maksfb accepted this revision.Jul 28 2023, 10:58 PM

Nice find!

This revision is now accepted and ready to land.Jul 28 2023, 10:58 PM
Amir mentioned this in D156697: [BOLT] Split missed macro-fusion counting around removeConditionalTailCalls.Jul 31 2023, 7:50 AM
Amir added a child revision: D156697: [BOLT] Split missed macro-fusion counting around removeConditionalTailCalls.Jul 31 2023, 8:22 AM
Closed by commit rG70e76e0982a9: [BOLT] Fix instrumenting conditional tail calls (authored by Amir). · Explain WhyJul 31 2023, 1:53 PM
This revision was automatically updated to reflect the committed changes.
Amir added a commit: rG70e76e0982a9: [BOLT] Fix instrumenting conditional tail calls.
Amir removed a child revision: D156697: [BOLT] Split missed macro-fusion counting around removeConditionalTailCalls.Aug 9 2023, 9:54 PM

Revision Contents

PathSize
bolt/
lib/
Core/
6 lines
test/
runtime/
X86/
6 lines

Diff 545795

bolt/lib/Core/BinaryFunction.cpp

Show First 20 LinesShow All 2,299 Lines▼ Show 20 Lines for (auto BBI = begin(); BBI != end(); ++BBI) {
// Add basic block to the list that will be added to the end. // Add basic block to the list that will be added to the end.
NewBlocks.emplace_back(std::move(TailCallBB)); NewBlocks.emplace_back(std::move(TailCallBB));
// Swap edges as the TailCallBB corresponds to the taken branch. // Swap edges as the TailCallBB corresponds to the taken branch.
BB.swapConditionalSuccessors(); BB.swapConditionalSuccessors();
// This branch is no longer a conditional tail call. // This branch is no longer a conditional tail call.
BC.MIB->unsetConditionalTailCall(*CTCInstr); BC.MIB->unsetConditionalTailCall(*CTCInstr);
// Move offset from CTCInstr to TailCallInstr.
if (std::optional<uint32_t> Offset = BC.MIB->getOffset(*CTCInstr)) {
BC.MIB->setOffset(TailCallInstr, *Offset);
BC.MIB->clearOffset(*CTCInstr);
}
} }
insertBasicBlocks(std::prev(end()), std::move(NewBlocks), insertBasicBlocks(std::prev(end()), std::move(NewBlocks),
/* UpdateLayout */ true, /* UpdateLayout */ true,
/* UpdateCFIState */ false); /* UpdateCFIState */ false);
} }
uint64_t BinaryFunction::getFunctionScore() const { uint64_t BinaryFunction::getFunctionScore() const {
▲ Show 20 LinesShow All 2,168 LinesShow Last 20 Lines

bolt/test/runtime/X86/instrumentation-tail-call.s

# This reproduces a bug with instrumentation when trying to instrument # This reproduces a bug with instrumentation when trying to instrument
# a function with only tail calls. Such functions can clobber red zone, # a function with only tail calls. Such functions can clobber red zone,
# see https://github.com/llvm/llvm-project/issues/61114. # see https://github.com/llvm/llvm-project/issues/61114.
# REQUIRES: system-linux,bolt-runtime # REQUIRES: system-linux,bolt-runtime
# RUN: llvm-mc -filetype=obj -triple x86_64-unknown-unknown %s -o %t.o # RUN: llvm-mc -filetype=obj -triple x86_64-unknown-unknown %s -o %t.o
# RUN: %clang %cflags -no-pie %t.o -o %t.exe -Wl,-q # RUN: %clang %cflags -no-pie %t.o -o %t.exe -Wl,-q
# RUN: llvm-bolt %t.exe --instrument --instrumentation-file=%t.fdata \ # RUN: llvm-bolt %t.exe --instrument --instrumentation-file=%t.fdata \
# RUN: -o %t.instrumented # RUN: -o %t.instrumented
# RUN: %t.instrumented arg1 arg2 # RUN: %t.instrumented arg1 arg2
# RUN: llvm-objdump %t.instrumented --disassemble-symbols=main | FileCheck %s # RUN: llvm-objdump %t.instrumented --disassemble-symbols=main | FileCheck %s
# CHECK: leaq 0x80(%rsp), %rsp # CHECK: leaq 0x80(%rsp), %rsp
# RUN: FileCheck %s --input-file %t.fdata --check-prefix=CHECK-FDATA
# CHECK-FDATA: 1 main {{.*}} 1 targetFunc 0 0 1
.text .text
.globl main .globl main
.type main, %function .type main, %function
.p2align 4 .p2align 4
main: main:
pushq %rbp pushq %rbp
movq %rsp, %rbp movq %rsp, %rbp
mov %rax,-0x10(%rsp) mov %rax,-0x10(%rsp)
leaq targetFunc, %rax leaq targetFunc, %rax
pushq %rax # We save the target function address in the stack pushq %rax # We save the target function address in the stack
subq $0x18, %rsp # Set up a dummy stack frame subq $0x18, %rsp # Set up a dummy stack frame
cmpl $0x2, %edi cmpl $0x2, %edi
jb .LBBerror # Add control flow so we don't have a trivial case jb .LBBerror # Add control flow so we don't have a trivial case
.LBB2: .LBB2:
addq $0x20, %rsp addq $0x20, %rsp
movq %rbp, %rsp movq %rbp, %rsp
pop %rbp pop %rbp
mov -0x10(%rsp),%rax mov -0x10(%rsp),%rax
jmp targetFunc test %rsp, %rsp
jne targetFunc
.LBBerror: .LBBerror:
addq $0x20, %rsp addq $0x20, %rsp
movq %rbp, %rsp movq %rbp, %rsp
pop %rbp pop %rbp
movq $1, %rax # Finish with an error if we go this path movq $1, %rax # Finish with an error if we go this path
retq retq
.size main, .-main .size main, .-main
.globl targetFunc .globl targetFunc
.type targetFunc, %function .type targetFunc, %function
.p2align 4 .p2align 4
targetFunc: targetFunc:
xorq %rax, %rax xorq %rax, %rax
retq retq
.size targetFunc, .-targetFunc .size targetFunc, .-targetFunc