This is an archive of the discontinued LLVM Phabricator instance.

[GlobalISel]: Fix bug where we can report GISelFailure on erased instructions
ClosedPublic

Authored by aditya_nandakumar on Mar 30 2017, 11:06 AM.

Download Raw Diff

Details

Reviewers

qcolombet
kristof.beyls
rovka
t.p.northover
ab

Summary

The original instruction might get legalized and erased and expanded

into intermediate insts. An intermediate instruction might fail
legalization and we would report failure on an erased inst.
Instead now report failure on the first failing instruction

Diff Detail

Event Timeline

aditya_nandakumar created this revision.Mar 30 2017, 11:06 AM

Herald added subscribers: igorb, kristof.beyls, dberris. · View Herald TranscriptMar 30 2017, 11:06 AM

aditya_nandakumar added a reviewer: kristof.beyls.Mar 30 2017, 11:07 AM

Hi Aditya,

If I understand correctly, the problem with the current reporting scheme is the MI we use to print the report may have been deleted, therefore we may access invalid memory.
I would suggest a less invasive change, pretty similar to what we do when we know an iterator is going to be invalidated:
What do you think of printing the MI in a string before calling legalization, then use that string in the error message?

Cheers,
-Quentin

include/llvm/CodeGen/GlobalISel/LegalizerHelper.h
27	Use a forward declaration at this point.
49	I don't particularly like the fact that the Helper needs to do reporting. At least, I would expect TPC to be optional.
lib/CodeGen/GlobalISel/LegalizerHelper.cpp
63	It feels wrong to me to have reporting in here. My concerns are: We conflict reporting and doing the transformation We may report failure on product of legalization. Hence, it may actually be difficult to understand where it comes from.

Thanks Quentin. Seems like printing the MI to a string and printing that instead might address all the concerns raised above.

I considered and dismissed speculatively printing: it's a pretty expensive operation (especially when it needs to print an IR value, and it needs to recompute slot numbers).

Here's another idea I considered: have legalizeInstr return the instruction it failed on, in a std::pair<LegalizeResult, MachineInstr*>.

In practice, the external users of the LegalizeHelper API shouldn't care about LegalizeResult: we either return UnableToLegalize, or we return a success value (Legalized/AlreadyLegal. So we could simply return a MachineInstr*, which is nullptr if we succeeded. It would be weird to read though, so we could go extra fancy and have an Error that either contains a MachineInstr*, or is Error::success().

I considered and dismissed speculatively printing: it's a pretty expensive operation

I was expecting something like that, but I thought we could mitigate this by only pre-printing stuff in debug build. Non-debug would just fail with unable to legalize.

Here's another idea I considered: have legalizeInstr return the instruction it failed on, in a std::pair<LegalizeResult, MachineInstr*>.

How would that work with a deleted instruction?

Here's another idea I considered: have legalizeInstr return the instruction it failed on, in a std::pair<LegalizeResult, MachineInstr*>.

How would that work with a deleted instruction?

Talked with Ahmed offline. He was thinking in terms of the current instruction being legalized.
Also given this is going to be used only for our own debugging purposes, the "it may be difficult to understand where it comes from" argument I made is pointless.

Therefore, Aditya, please go with Ahmed's idea. I would just suggest to print (in a DEBUG statement) the instruction we process or have some optimization remarks just for us (i.e., not emitted if !NDEBUG).

In D31503#714507, @ab wrote:

I considered and dismissed speculatively printing: it's a pretty expensive operation (especially when it needs to print an IR value, and it needs to recompute slot numbers).

Here's another idea I considered: have legalizeInstr return the instruction it failed on, in a std::pair<LegalizeResult, MachineInstr*>.

In practice, the external users of the LegalizeHelper API shouldn't care about LegalizeResult: we either return UnableToLegalize, or we return a success value (Legalized/AlreadyLegal. So we could simply return a MachineInstr*, which is nullptr if we succeeded. It would be weird to read though, so we could go extra fancy and have an Error that either contains a MachineInstr*, or is Error::success().

Just to clarify here, (IIUC) returning either an Error (with MachineInstr*) or Error::success() would mean that we'd not be able to differentiate b/w Legalized and AlreadyLegal. Did you mean Expected<LegalizeResult>?

kristof.beyls added inline comments.Mar 31 2017, 12:08 AM

lib/CodeGen/GlobalISel/LegalizerHelper.cpp
59–60	This is probably a moot point now, now that it shows that using the "std::pair<LegalizeResult, MachineInstr>"-approach looks a lot more promising, but I think this code probably still suffers the same problem as before: After legalizeInstrStep, TmpMI can be removed from the MachineBasicBlock, and TmpMI->getParent() will then probably return a nullptr, causing a segmentation fault. I'm afraid I don't have a good insight on whether we'd still want to be able to differentiate between "AlreadyLegal" and "Legalized" in the "std::pair<LegalizeResult, MachineInstr>"-approach.

I'm not entirely keen on the pair solution. It seems to be designing the API around the (temporary) situation where legalization can routinely fail and need to fall back. In the long term most of these will be assertion failures.

Actually, I'm still unclear why the legalization doesn't know it'll fail before getting bogged down in erasing instructions. Normal instructions created while doing a single-step legalization would be added to the worklist to be seen by the top-level Legalizer wouldn't they?

Tim also suggested that we move the implementation of LegalizerHelper::LegalizeInstr (with the worklist) into Legalizer.cpp. This would work fine too (except we would need to make LegalizeHelper::MachineIRBuilder public member so we can start and stop recording insertions).

Sounds good to me.

Update for feedback from Tim/Quentin.
Move the legalizeInstr to Legalizer and report failure on first instruction that fails.
Also this needs MIRBuilder to be accessible outside of LegalizeHelper (to set/unset RecordInsertions).

I'm not a big fan of this approach (because the iterative logic seems like it does belong in the helper), but it's mostly fine (we don't have users other than Legalizer), and it sounds like Tim and Quentin are on board. So, LGTM.

Can you add a test, say in arm64-fallback.ll? I was able to hit the same problem with:

define i16 @f(half* %p) {
  %tmp0 = load half, half* %p
  %tmp1 = fptoui half %tmp0 to i16
  ret i16 %tmp1
}

This revision is now accepted and ready to land.Apr 6 2017, 4:35 PM

Committed in 299802

Revision Contents

Path

Size

include/

llvm/

CodeGen/

GlobalISel/

LegalizerHelper.h

7 lines

lib/

CodeGen/

GlobalISel/

Legalizer.cpp

39 lines

LegalizerHelper.cpp

25 lines

Diff 93874

include/llvm/CodeGen/GlobalISel/LegalizerHelper.h

Show All 18 Lines
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//

#ifndef LLVM_CODEGEN_GLOBALISEL_MACHINELEGALIZEHELPER_H		#ifndef LLVM_CODEGEN_GLOBALISEL_MACHINELEGALIZEHELPER_H
#define LLVM_CODEGEN_GLOBALISEL_MACHINELEGALIZEHELPER_H		#define LLVM_CODEGEN_GLOBALISEL_MACHINELEGALIZEHELPER_H

#include "llvm/CodeGen/GlobalISel/MachineIRBuilder.h"		#include "llvm/CodeGen/GlobalISel/MachineIRBuilder.h"
#include "llvm/CodeGen/MachineFunctionPass.h"		#include "llvm/CodeGen/MachineFunctionPass.h"
#include "llvm/CodeGen/LowLevelType.h"		#include "llvm/CodeGen/LowLevelType.h"

		qcolombetUnsubmitted Not Done Reply Inline Actions Use a forward declaration at this point. qcolombet: Use a forward declaration at this point.
namespace llvm {		namespace llvm {
// Forward declarations.		// Forward declarations.
class LegalizerInfo;		class LegalizerInfo;
class Legalizer;		class Legalizer;
class MachineRegisterInfo;		class MachineRegisterInfo;

class LegalizerHelper {		class LegalizerHelper {
public:		public:
enum LegalizeResult {		enum LegalizeResult {
/// Instruction was already legal and no change was made to the		/// Instruction was already legal and no change was made to the
/// MachineFunction.		/// MachineFunction.
AlreadyLegal,		AlreadyLegal,

/// Instruction has been legalized and the MachineFunction changed.		/// Instruction has been legalized and the MachineFunction changed.
Legalized,		Legalized,

/// Some kind of error has occurred and we could not legalize this		/// Some kind of error has occurred and we could not legalize this
/// instruction.		/// instruction.
UnableToLegalize,		UnableToLegalize,
};		};

LegalizerHelper(MachineFunction &MF);		LegalizerHelper(MachineFunction &MF);
		qcolombetUnsubmitted Not Done Reply Inline Actions I don't particularly like the fact that the Helper needs to do reporting. At least, I would expect TPC to be optional. qcolombet: I don't particularly like the fact that the Helper needs to do reporting. At least, I would…

/// Replace \p MI by a sequence of legal instructions that can implement the		/// Replace \p MI by a sequence of legal instructions that can implement the
/// same operation. Note that this means \p MI may be deleted, so any iterator		/// same operation. Note that this means \p MI may be deleted, so any iterator
/// steps should be performed before calling this function. \p Helper should		/// steps should be performed before calling this function. \p Helper should
/// be initialized to the MachineFunction containing \p MI.		/// be initialized to the MachineFunction containing \p MI.
///		///
/// Considered as an opaque blob, the legal code will use and define the same		/// Considered as an opaque blob, the legal code will use and define the same
/// registers as \p MI.		/// registers as \p MI.
LegalizeResult legalizeInstrStep(MachineInstr &MI);		LegalizeResult legalizeInstrStep(MachineInstr &MI);

LegalizeResult legalizeInstr(MachineInstr &MI);

/// Legalize an instruction by emiting a runtime library call instead.		/// Legalize an instruction by emiting a runtime library call instead.
LegalizeResult libcall(MachineInstr &MI);		LegalizeResult libcall(MachineInstr &MI);

/// Legalize an instruction by reducing the width of the underlying scalar		/// Legalize an instruction by reducing the width of the underlying scalar
/// type.		/// type.
LegalizeResult narrowScalar(MachineInstr &MI, unsigned TypeIdx, LLT NarrowTy);		LegalizeResult narrowScalar(MachineInstr &MI, unsigned TypeIdx, LLT NarrowTy);

/// Legalize an instruction by performing the operation on a wider scalar type		/// Legalize an instruction by performing the operation on a wider scalar type
Show All 10 Lines	public:
LegalizeResult fewerElementsVector(MachineInstr &MI, unsigned TypeIdx,		LegalizeResult fewerElementsVector(MachineInstr &MI, unsigned TypeIdx,
LLT NarrowTy);		LLT NarrowTy);

/// Legalize a vector instruction by increasing the number of vector elements		/// Legalize a vector instruction by increasing the number of vector elements
/// involved and ignoring the added elements later.		/// involved and ignoring the added elements later.
LegalizeResult moreElementsVector(MachineInstr &MI, unsigned TypeIdx,		LegalizeResult moreElementsVector(MachineInstr &MI, unsigned TypeIdx,
LLT WideTy);		LLT WideTy);

		/// Expose MIRBuilder so clients can set their own RecordInsertInstruction
		/// functions
		MachineIRBuilder MIRBuilder;

private:		private:

/// Helper function to split a wide generic register into bitwise blocks with		/// Helper function to split a wide generic register into bitwise blocks with
/// the given Type (which implies the number of blocks needed). The generic		/// the given Type (which implies the number of blocks needed). The generic
/// registers created are appended to Ops, starting at bit 0 of Reg.		/// registers created are appended to Ops, starting at bit 0 of Reg.
void extractParts(unsigned Reg, LLT Ty, int NumParts,		void extractParts(unsigned Reg, LLT Ty, int NumParts,
SmallVectorImpl<unsigned> &Ops);		SmallVectorImpl<unsigned> &Ops);

MachineIRBuilder MIRBuilder;
MachineRegisterInfo &MRI;		MachineRegisterInfo &MRI;
const LegalizerInfo &LI;		const LegalizerInfo &LI;
};		};

} // End namespace llvm.		} // End namespace llvm.

#endif		#endif

lib/CodeGen/GlobalISel/Legalizer.cpp

Show First 20 Lines • Show All 165 Lines • ▼ Show 20 Lines	for (auto MI = MBB.begin(); MI != MBB.end(); MI = NextMI) {
// Get the next Instruction before we try to legalize, because there's a		// Get the next Instruction before we try to legalize, because there's a
// good chance MI will be deleted.		// good chance MI will be deleted.
NextMI = std::next(MI);		NextMI = std::next(MI);

// Only legalize pre-isel generic instructions: others don't have types		// Only legalize pre-isel generic instructions: others don't have types
// and are assumed to be legal.		// and are assumed to be legal.
if (!isPreISelGenericOpcode(MI->getOpcode()))		if (!isPreISelGenericOpcode(MI->getOpcode()))
continue;		continue;
		SmallVector<MachineInstr *, 4> WorkList;
auto Res = Helper.legalizeInstr(*MI);		Helper.MIRBuilder.recordInsertions(
		[&](MachineInstr *MI) { WorkList.push_back(MI); });
// Error out if we couldn't legalize this instruction. We may want to fall		WorkList.push_back(&*MI);

		LegalizerHelper::LegalizeResult Res;
		unsigned Idx = 0;
		do {
		Res = Helper.legalizeInstrStep(*WorkList[Idx]);
		// Error out if we couldn't legalize this instruction. We may want to
		// fall
// back to DAG ISel instead in the future.		// back to DAG ISel instead in the future.
if (Res == LegalizerHelper::UnableToLegalize) {		if (Res == LegalizerHelper::UnableToLegalize) {
		Helper.MIRBuilder.stopRecordingInsertions();
		if (Res == LegalizerHelper::UnableToLegalize) {
reportGISelFailure(MF, TPC, MORE, "gisel-legalize",		reportGISelFailure(MF, TPC, MORE, "gisel-legalize",
"unable to legalize instruction", *MI);		"unable to legalize instruction",
		*WorkList[Idx]);
return false;		return false;
}		}

Changed \|= Res == LegalizerHelper::Legalized;
}		}
		Changed \|= Res == LegalizerHelper::Legalized;
		++Idx;
		} while (Idx < WorkList.size());

		Helper.MIRBuilder.stopRecordingInsertions();
		}

MachineRegisterInfo &MRI = MF.getRegInfo();		MachineRegisterInfo &MRI = MF.getRegInfo();
const TargetInstrInfo &TII = *MF.getSubtarget().getInstrInfo();		const TargetInstrInfo &TII = *MF.getSubtarget().getInstrInfo();
for (auto &MBB : MF) {		for (auto &MBB : MF) {
for (auto MI = MBB.begin(); MI != MBB.end(); MI = NextMI) {		for (auto MI = MBB.begin(); MI != MBB.end(); MI = NextMI) {
// Get the next Instruction before we try to legalize, because there's a		// Get the next Instruction before we try to legalize, because there's a
// good chance MI will be deleted.		// good chance MI will be deleted.
NextMI = std::next(MI);		NextMI = std::next(MI);

Changed \|= combineExtracts(*MI, MRI, TII);		Changed \|= combineExtracts(*MI, MRI, TII);
Changed \|= combineMerges(*MI, MRI, TII);		Changed \|= combineMerges(*MI, MRI, TII);
}		}
}		}

return Changed;		return Changed;
}		}

lib/CodeGen/GlobalISel/LegalizerHelper.cpp

Show First 20 Lines • Show All 50 Lines • ▼ Show 20 Lines	case LegalizerInfo::FewerElements:
return fewerElementsVector(MI, std::get<1>(Action), std::get<2>(Action));		return fewerElementsVector(MI, std::get<1>(Action), std::get<2>(Action));
case LegalizerInfo::Custom:		case LegalizerInfo::Custom:
return LI.legalizeCustom(MI, MRI, MIRBuilder) ? Legalized		return LI.legalizeCustom(MI, MRI, MIRBuilder) ? Legalized
: UnableToLegalize;		: UnableToLegalize;
default:		default:
return UnableToLegalize;		return UnableToLegalize;
}		}
}		}

LegalizerHelper::LegalizeResult
LegalizerHelper::legalizeInstr(MachineInstr &MI) {
SmallVector<MachineInstr *, 4> WorkList;
MIRBuilder.recordInsertions(
[&](MachineInstr *MI) { WorkList.push_back(MI); });
WorkList.push_back(&MI);

bool Changed = false;
LegalizeResult Res;
unsigned Idx = 0;
do {
Res = legalizeInstrStep(*WorkList[Idx]);
if (Res == UnableToLegalize) {
MIRBuilder.stopRecordingInsertions();
return UnableToLegalize;
}
Changed \|= Res == Legalized;
++Idx;
} while (Idx < WorkList.size());

MIRBuilder.stopRecordingInsertions();

return Changed ? Legalized : AlreadyLegal;
}

void LegalizerHelper::extractParts(unsigned Reg, LLT Ty, int NumParts,		void LegalizerHelper::extractParts(unsigned Reg, LLT Ty, int NumParts,
		kristof.beylsUnsubmitted Not Done Reply Inline Actions This is probably a moot point now, now that it shows that using the "std::pair<LegalizeResult, MachineInstr>"-approach looks a lot more promising, but I think this code probably still suffers the same problem as before: After legalizeInstrStep, TmpMI can be removed from the MachineBasicBlock, and TmpMI->getParent() will then probably return a nullptr, causing a segmentation fault. I'm afraid I don't have a good insight on whether we'd still want to be able to differentiate between "AlreadyLegal" and "Legalized" in the "std::pair<LegalizeResult, MachineInstr>"-approach. kristof.beyls: This is probably a moot point now, now that it shows that using the "std::pair<LegalizeResult…
SmallVectorImpl<unsigned> &VRegs) {		SmallVectorImpl<unsigned> &VRegs) {
for (int i = 0; i < NumParts; ++i)		for (int i = 0; i < NumParts; ++i)
VRegs.push_back(MRI.createGenericVirtualRegister(Ty));		VRegs.push_back(MRI.createGenericVirtualRegister(Ty));
		qcolombetUnsubmitted Not Done Reply Inline Actions It feels wrong to me to have reporting in here. My concerns are: We conflict reporting and doing the transformation We may report failure on product of legalization. Hence, it may actually be difficult to understand where it comes from. qcolombet: It feels wrong to me to have reporting in here. My concerns are: - We conflict reporting and…
MIRBuilder.buildUnmerge(VRegs, Reg);		MIRBuilder.buildUnmerge(VRegs, Reg);
}		}

static RTLIB::Libcall getRTLibDesc(unsigned Opcode, unsigned Size) {		static RTLIB::Libcall getRTLibDesc(unsigned Opcode, unsigned Size) {
switch (Opcode) {		switch (Opcode) {
case TargetOpcode::G_FREM:		case TargetOpcode::G_FREM:
return Size == 64 ? RTLIB::REM_F64 : RTLIB::REM_F32;		return Size == 64 ? RTLIB::REM_F64 : RTLIB::REM_F32;
case TargetOpcode::G_FPOW:		case TargetOpcode::G_FPOW:
▲ Show 20 Lines • Show All 542 Lines • Show Last 20 Lines