This is an archive of the discontinued LLVM Phabricator instance.

Differential D159520

[BOLT][AArch64] Fix instrumentation deadloop
ClosedPublic

Authored by yota9 on Sep 15 2023, 2:08 AM.

Details

Reviewers
maksfb
rafauler
Amir
Commits
rG846eb76761c8: [BOLT][AArch64] Fix instrumentation deadloop
Summary

According to ARMv8-a architecture reference manual B2.10.5 software
must avoid having any explicit memory accesses between exclusive load
and associated store instruction. Otherwise exclusive monitor might
clear the exclusivity without application-related cause which may
result in the deadloop. Disable instrumentation for such functions,
since between exclusive load and store there might be branches and we
would insert instrumentation snippet which contains loads and stores.

The better solution would be to analyze with BFS finding the exact BBs
between load and store and not instrumenting them. Or even better to
recognize such sequences and replace them with more complex one, e.g.
loading value non exclusively, and for the brach where exclusive store
is made make exclusive load and store sequentially, but for now just
disable instrumentation for such functions completely.

Diff Detail

Event Timeline

yota9 created this revision.Sep 15 2023, 2:08 AM
Herald added a project: Restricted Project. · View Herald TranscriptSep 15 2023, 2:08 AM
Herald added subscribers: treapster, ayermolo, kristof.beyls. · View Herald Transcript
yota9 requested review of this revision.Sep 15 2023, 2:08 AM
Herald added a project: Restricted Project. · View Herald TranscriptSep 15 2023, 2:08 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
Harbormaster completed remote builds in B257263: Diff 556835.Sep 15 2023, 2:13 AM
kristof.beyls added a comment.Sep 15 2023, 3:03 AM

Thank you for this patch!

One very minor comment: in the commit message, you refer to section E2.10.5 of the ArmARM. That section covers Load-Exclusive and Store-Exclusive instructions in AArch32 mode.
This patch targets AArch64. The corresponding section (for AArch64) in the ArmARM seems to be "B2.9.5 Load-Exclusive and Store-Exclusive instruction usage restrictions".

bolt/lib/Passes/Instrumentation.cpp
313

I'm afraid I'm not familiar with the instrumentation feature of BOLT.

Given that typically there are only few instructions (and as you write above, no memory-accessing instructions) in between a load-exclusive and a store-exclusive, I would expect that it should be possible to make most instrumentation work well, even in functions with load-exclusives and store-exclusives?

Maybe only instrumentation that tracks direct conditional branches may be affected?
And even then, maybe it wouldn't be too hard to identify the conditional branches that are between a load-exclusive and a store-exclusive and only stop instrumenting those conditional branches, but still instrument the other conditional branches in the function?

Anyway, to me it feels like that's an improvement that could be done in a follow-on patch?

If all of the above text seems sensible, maybe it would be best to add a "FIXME" comment here to indicate that with a bit more work most instrumentations in functions with load-exclusives/store-exclusives could still be made to work?

bolt/lib/Target/AArch64/AArch64MCPlusBuilder.cpp
292

It seems the following opcodes are missing?

LDAXPW, LDAXPX, LDXPW, LDXPX,
STLXPW, STLXPX, STXPW, STXPX.

yota9 marked 2 inline comments as done.Sep 15 2023, 3:49 AM

Thank you for your review, Kristof! My bad, you're right, at my document it is B2.10.5 (Load-Exclusive and Store-Exclusive instruction usage restrictions), I would fix it in commit message.

bolt/lib/Passes/Instrumentation.cpp
313

I would add FIXME as you suggested.
As for the BOLT we're using multiple load/store instruction, e.g. to preserve the register values that we're using in snippets and for the atomic add for the execution counter. So every snippet would have load or store anyway

bolt/lib/Target/AArch64/AArch64MCPlusBuilder.cpp
292

Forgot about pair ones, thanks!

yota9 edited the summary of this revision. (Show Details)Sep 15 2023, 3:49 AM
yota9 updated this revision to Diff 556840.Sep 15 2023, 3:50 AM
yota9 marked 2 inline comments as done.

Address comments

yota9 updated this revision to Diff 556842.Sep 15 2023, 3:57 AM

nit

Harbormaster completed remote builds in B257268: Diff 556842.Sep 15 2023, 4:09 AM
yota9 updated this revision to Diff 556847.Sep 15 2023, 4:22 AM

fix typo

yota9 edited the summary of this revision. (Show Details)Sep 15 2023, 4:22 AM
Harbormaster completed remote builds in B257271: Diff 556847.Sep 15 2023, 4:27 AM
kristof.beyls added a comment.Sep 15 2023, 5:16 AM

Thank you, I don't have further comments.
I'm not up to speed enough on BOLT to be able to approve this patch, that will need to be done by one of the other reviewers.

yota9 added a comment.Sep 18 2023, 10:33 AM

Gentle ping @rafauler @maksfb

Amir added inline comments.Sep 18 2023, 10:50 AM
bolt/include/bolt/Core/MCPlusBuilder.h
629

"Exclusive" is ARM-specific term, so it would help to either clarify it a bit here, or come up with a generic term – maybe "isLoadLockStoreConditionalInst"?

bolt/lib/Passes/Instrumentation.cpp
315

Can you please factor out the check into a helper function e.g. hasExclusiveMemop?

yota9 added inline comments.Sep 18 2023, 10:58 AM
bolt/include/bolt/Core/MCPlusBuilder.h
629

I agree. But we have a bunch of arch-specific interfaces, e.g. is adrp, islea, isRISCVCall. Usually I'm not insisting on such questions, but to my taste "isLoadLockStoreConditionalInst" is a little bit too complicated :)) I like the current variant to be honest, but maybe isAArch64Exclusive is good-enough compromise and in the future add isArch prefix for arch-specific things?

yota9 updated this revision to Diff 557069.Sep 19 2023, 12:21 PM

Move exlusive check to separate function.

Gentle ping @Amir @rafauler @maksfb

Harbormaster completed remote builds in B257425: Diff 557069.Sep 19 2023, 12:35 PM
Amir added inline comments.Sep 20 2023, 10:57 AM
bolt/include/bolt/Core/MCPlusBuilder.h
629

Yes, isAArch64Exclusive is a good compromise.

bolt/lib/Passes/Instrumentation.cpp
310–311
yota9 updated this revision to Diff 557141.Sep 20 2023, 12:25 PM

address comments

yota9 updated this revision to Diff 557142.Sep 20 2023, 12:27 PM

clang-format

Harbormaster completed remote builds in B257473: Diff 557142.Sep 20 2023, 12:35 PM
yota9 added a comment.Sep 21 2023, 10:42 AM

If no further comments, @Amir please approve. Thanks

Amir accepted this revision.Sep 21 2023, 11:04 AM

Thanks!

This revision is now accepted and ready to land.Sep 21 2023, 11:04 AM
Closed by commit rG846eb76761c8: [BOLT][AArch64] Fix instrumentation deadloop (authored by yota9). · Explain WhySep 21 2023, 1:58 PM
This revision was automatically updated to reflect the committed changes.
yota9 added a commit: rG846eb76761c8: [BOLT][AArch64] Fix instrumentation deadloop.

Revision Contents

PathSize
bolt/
include/
bolt/
Core/
5 lines
lib/
Passes/
22 lines
Target/
AArch64/
28 lines
test/
AArch64/
39 lines

Diff 557204

bolt/include/bolt/Core/MCPlusBuilder.h

Show First 20 LinesShow All 620 Lines▼ Show 20 Linespublic:
virtual bool mayLoad(const MCInst &Inst) const { virtual bool mayLoad(const MCInst &Inst) const {
return Info->get(Inst.getOpcode()).mayLoad(); return Info->get(Inst.getOpcode()).mayLoad();
} }
virtual bool mayStore(const MCInst &Inst) const { virtual bool mayStore(const MCInst &Inst) const {
return Info->get(Inst.getOpcode()).mayStore(); return Info->get(Inst.getOpcode()).mayStore();
} }
virtual bool isAArch64Exclusive(const MCInst &Inst) const {
AmirUnsubmitted
Not Done
ReplyInline Actions
return Info->get(Inst.getOpcode()).mayStore();
}
- virtual bool isExclusive(const MCInst &Inst) const {
+ virtual bool isExclusiveMemop(const MCInst &Inst) const {
llvm_unreachable("not implemented");

"Exclusive" is ARM-specific term, so it would help to either clarify it a bit here, or come up with a generic term – maybe "isLoadLockStoreConditionalInst"?

Amir: "Exclusive" is ARM-specific term, so it would help to either clarify it a bit here, or come up…
yota9AuthorUnsubmitted
Done
ReplyInline Actions

I agree. But we have a bunch of arch-specific interfaces, e.g. is adrp, islea, isRISCVCall. Usually I'm not insisting on such questions, but to my taste "isLoadLockStoreConditionalInst" is a little bit too complicated :)) I like the current variant to be honest, but maybe isAArch64Exclusive is good-enough compromise and in the future add isArch prefix for arch-specific things?

yota9: I agree. But we have a bunch of arch-specific interfaces, e.g. is adrp, islea, isRISCVCall.
AmirUnsubmitted
Not Done
ReplyInline Actions

Yes, isAArch64Exclusive is a good compromise.

Amir: Yes, `isAArch64Exclusive` is a good compromise.
llvm_unreachable("not implemented");
return false;
}
virtual bool isCleanRegXOR(const MCInst &Inst) const { virtual bool isCleanRegXOR(const MCInst &Inst) const {
llvm_unreachable("not implemented"); llvm_unreachable("not implemented");
return false; return false;
} }
virtual bool isPacked(const MCInst &Inst) const { virtual bool isPacked(const MCInst &Inst) const {
llvm_unreachable("not implemented"); llvm_unreachable("not implemented");
return false; return false;
▲ Show 20 LinesShow All 1,454 LinesShow Last 20 Lines

bolt/lib/Passes/Instrumentation.cpp

//===- bolt/Passes/Instrumentation.cpp ------------------------------------===// //===- bolt/Passes/Instrumentation.cpp ------------------------------------===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// This file implements the Instrumentation class. // This file implements the Instrumentation class.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "bolt/Passes/Instrumentation.h" #include "bolt/Passes/Instrumentation.h"
#include "bolt/Core/ParallelUtilities.h" #include "bolt/Core/ParallelUtilities.h"
#include "bolt/RuntimeLibs/InstrumentationRuntimeLibrary.h" #include "bolt/RuntimeLibs/InstrumentationRuntimeLibrary.h"
#include "bolt/Utils/CommandLineOpts.h"
#include "bolt/Utils/Utils.h" #include "bolt/Utils/Utils.h"
#include "llvm/Support/CommandLine.h" #include "llvm/Support/CommandLine.h"
#include "llvm/Support/RWMutex.h" #include "llvm/Support/RWMutex.h"
#include <stack> #include <stack>
#define DEBUG_TYPE "bolt-instrumentation" #define DEBUG_TYPE "bolt-instrumentation"
using namespace llvm; using namespace llvm;
▲ Show 20 LinesShow All 56 Lines▼ Show 20 Linescl::opt<bool> InstrumentCalls("instrument-calls",
"control flow activity (default: true)"), "control flow activity (default: true)"),
cl::init(true), cl::Optional, cl::init(true), cl::Optional,
cl::cat(BoltInstrCategory)); cl::cat(BoltInstrCategory));
} // namespace opts } // namespace opts
namespace llvm { namespace llvm {
namespace bolt { namespace bolt {
static bool hasAArch64ExclusiveMemop(BinaryFunction &Function) {
// FIXME ARMv8-a architecture reference manual says that software must avoid
// having any explicit memory accesses between exclusive load and associated
// store instruction. So for now skip instrumentation for functions that have
// these instructions, since it might lead to runtime deadlock.
BinaryContext &BC = Function.getBinaryContext();
for (const BinaryBasicBlock &BB : Function)
for (const MCInst &Inst : BB)
if (BC.MIB->isAArch64Exclusive(Inst)) {
if (opts::Verbosity >= 1)
outs() << "BOLT-INSTRUMENTER: Function " << Function
<< " has exclusive instructions, skip instrumentation\n";
return true;
}
return false;
}
uint32_t Instrumentation::getFunctionNameIndex(const BinaryFunction &Function) { uint32_t Instrumentation::getFunctionNameIndex(const BinaryFunction &Function) {
auto Iter = FuncToStringIdx.find(&Function); auto Iter = FuncToStringIdx.find(&Function);
if (Iter != FuncToStringIdx.end()) if (Iter != FuncToStringIdx.end())
return Iter->second; return Iter->second;
size_t Idx = Summary->StringTable.size(); size_t Idx = Summary->StringTable.size();
FuncToStringIdx.emplace(std::make_pair(&Function, Idx)); FuncToStringIdx.emplace(std::make_pair(&Function, Idx));
Summary->StringTable.append(getEscapedName(Function.getOneName())); Summary->StringTable.append(getEscapedName(Function.getOneName()));
Summary->StringTable.append(1, '\0'); Summary->StringTable.append(1, '\0');
▲ Show 20 LinesShow All 187 Lines▼ Show 20 Linesvoid Instrumentation::instrumentFunction(BinaryFunction &Function,
MCPlusBuilder::AllocatorIdTy AllocId) { MCPlusBuilder::AllocatorIdTy AllocId) {
if (Function.hasUnknownControlFlow()) if (Function.hasUnknownControlFlow())
return; return;
BinaryContext &BC = Function.getBinaryContext(); BinaryContext &BC = Function.getBinaryContext();
if (BC.isMachO() && Function.hasName("___GLOBAL_init_65535/1")) if (BC.isMachO() && Function.hasName("___GLOBAL_init_65535/1"))
return; return;
if (BC.isAArch64() && hasAArch64ExclusiveMemop(Function))
return;
AmirUnsubmitted
Not Done
ReplyInline Actions
return;
- if (hasExclusiveMemop(Function))
+ if (BC.isAArch64() && hasAArch64ExclusiveMemop(Function))
return;
SplitWorklistTy SplitWorklist;
Amir:
SplitWorklistTy SplitWorklist; SplitWorklistTy SplitWorklist;
kristof.beylsUnsubmitted
Done
ReplyInline Actions

I'm afraid I'm not familiar with the instrumentation feature of BOLT.

Given that typically there are only few instructions (and as you write above, no memory-accessing instructions) in between a load-exclusive and a store-exclusive, I would expect that it should be possible to make most instrumentation work well, even in functions with load-exclusives and store-exclusives?

Maybe only instrumentation that tracks direct conditional branches may be affected?
And even then, maybe it wouldn't be too hard to identify the conditional branches that are between a load-exclusive and a store-exclusive and only stop instrumenting those conditional branches, but still instrument the other conditional branches in the function?

Anyway, to me it feels like that's an improvement that could be done in a follow-on patch?

If all of the above text seems sensible, maybe it would be best to add a "FIXME" comment here to indicate that with a bit more work most instrumentations in functions with load-exclusives/store-exclusives could still be made to work?

kristof.beyls: I'm afraid I'm not familiar with the instrumentation feature of BOLT. Given that typically…
yota9AuthorUnsubmitted
Done
ReplyInline Actions

I would add FIXME as you suggested.
As for the BOLT we're using multiple load/store instruction, e.g. to preserve the register values that we're using in snippets and for the atomic add for the execution counter. So every snippet would have load or store anyway

yota9: I would add FIXME as you suggested. As for the BOLT we're using multiple load/store…
SplitInstrsTy SplitInstrs; SplitInstrsTy SplitInstrs;
AmirUnsubmitted
Not Done
ReplyInline Actions

Can you please factor out the check into a helper function e.g. hasExclusiveMemop?

Amir: Can you please factor out the check into a helper function e.g. `hasExclusiveMemop`?
FunctionDescription *FuncDesc = nullptr; FunctionDescription *FuncDesc = nullptr;
{ {
std::unique_lock<llvm::sys::RWMutex> L(FDMutex); std::unique_lock<llvm::sys::RWMutex> L(FDMutex);
Summary->FunctionDescriptions.emplace_back(); Summary->FunctionDescriptions.emplace_back();
FuncDesc = &Summary->FunctionDescriptions.back(); FuncDesc = &Summary->FunctionDescriptions.back();
} }
FuncDesc->Function = &Function; FuncDesc->Function = &Function;
▲ Show 20 LinesShow All 401 LinesShow Last 20 Lines

bolt/lib/Target/AArch64/AArch64MCPlusBuilder.cpp

Show First 20 LinesShow All 266 Lines▼ Show 20 Lines return (Inst.getOpcode() == AArch64::LDRXpost ||
Inst.getOpcode() == AArch64::LDRXroX || Inst.getOpcode() == AArch64::LDRXroX ||
Inst.getOpcode() == AArch64::LDRXui); Inst.getOpcode() == AArch64::LDRXui);
} }
bool mayLoad(const MCInst &Inst) const override { bool mayLoad(const MCInst &Inst) const override {
return isLDRB(Inst) || isLDRH(Inst) || isLDRW(Inst) || isLDRX(Inst); return isLDRB(Inst) || isLDRH(Inst) || isLDRW(Inst) || isLDRX(Inst);
} }
bool isAArch64Exclusive(const MCInst &Inst) const override {
return (Inst.getOpcode() == AArch64::LDXPX ||
Inst.getOpcode() == AArch64::LDXPW ||
Inst.getOpcode() == AArch64::LDXRX ||
Inst.getOpcode() == AArch64::LDXRW ||
Inst.getOpcode() == AArch64::LDXRH ||
Inst.getOpcode() == AArch64::LDXRB ||
Inst.getOpcode() == AArch64::STXPX ||
Inst.getOpcode() == AArch64::STXPW ||
Inst.getOpcode() == AArch64::STXRX ||
Inst.getOpcode() == AArch64::STXRW ||
Inst.getOpcode() == AArch64::STXRH ||
Inst.getOpcode() == AArch64::STXRB ||
Inst.getOpcode() == AArch64::LDAXPX ||
Inst.getOpcode() == AArch64::LDAXPW ||
Inst.getOpcode() == AArch64::LDAXRX ||
Inst.getOpcode() == AArch64::LDAXRW ||
Inst.getOpcode() == AArch64::LDAXRH ||
kristof.beylsUnsubmitted
Done
ReplyInline Actions

It seems the following opcodes are missing?

LDAXPW, LDAXPX, LDXPW, LDXPX,
STLXPW, STLXPX, STXPW, STXPX.

kristof.beyls: It seems the following opcodes are missing? LDAXPW, LDAXPX, LDXPW, LDXPX, STLXPW, STLXPX…
yota9AuthorUnsubmitted
Done
ReplyInline Actions

Forgot about pair ones, thanks!

yota9: Forgot about pair ones, thanks!
Inst.getOpcode() == AArch64::LDAXRB ||
Inst.getOpcode() == AArch64::STLXPX ||
Inst.getOpcode() == AArch64::STLXPW ||
Inst.getOpcode() == AArch64::STLXRX ||
Inst.getOpcode() == AArch64::STLXRW ||
Inst.getOpcode() == AArch64::STLXRH ||
Inst.getOpcode() == AArch64::STLXRB ||
Inst.getOpcode() == AArch64::CLREX);
}
bool isLoadFromStack(const MCInst &Inst) const { bool isLoadFromStack(const MCInst &Inst) const {
if (!mayLoad(Inst)) if (!mayLoad(Inst))
return false; return false;
for (const MCOperand &Operand : useOperands(Inst)) { for (const MCOperand &Operand : useOperands(Inst)) {
if (!Operand.isReg()) if (!Operand.isReg())
continue; continue;
unsigned Reg = Operand.getReg(); unsigned Reg = Operand.getReg();
if (Reg == AArch64::SP || Reg == AArch64::WSP || Reg == AArch64::FP || if (Reg == AArch64::SP || Reg == AArch64::WSP || Reg == AArch64::FP ||
▲ Show 20 LinesShow All 1,336 LinesShow Last 20 Lines

bolt/test/AArch64/exclusive-instrument.s

  • This file was added.
// This test checks that the foo function having exclusive memory access
// instructions won't be instrumented.
// REQUIRES: system-linux,bolt-runtime,target=aarch64{{.*}}
// RUN: llvm-mc -filetype=obj -triple aarch64-unknown-unknown \
// RUN: %s -o %t.o
// RUN: %clang %cflags -fPIC -pie %t.o -o %t.exe -nostdlib -Wl,-q -Wl,-fini=dummy
// RUN: llvm-bolt %t.exe -o %t.bolt -instrument -v=1 | FileCheck %s
// CHECK: Function foo has exclusive instructions, skip instrumentation
.global foo
.type foo, %function
foo:
ldaxr w9, [x10]
cbnz w9, .Lret
stlxr w12, w11, [x9]
cbz w12, foo
clrex
.Lret:
ret
.size foo, .-foo
.global _start
.type _start, %function
_start:
cmp x0, #0
b.eq .Lexit
bl foo
.Lexit:
ret
.size _start, .-_start
.global dummy
.type dummy, %function
dummy:
ret
.size dummy, .-dummy