This is an archive of the discontinued LLVM Phabricator instance.

Differential D33179

[Sink] Fix predicate in legality check
ClosedPublic

Authored by loladiro on May 14 2017, 9:28 PM.

Details

Reviewers
majnemer
Commits
rG5329174cb1b3: [Sink] Fix predicate in legality check
rL305102: [Sink] Fix predicate in legality check
Summary

isSafeToSpeculativelyExecute is the wrong predicate to use here.
All that checks for is whether it is safe to hoist a value due to
unaligned/un-dereferencable accesses. However, not only are we doing
sinking rather than hoisting, our concern is that the location
we're loading from may have been modified. Instead forbid sinking
any load across a critical edge.

Diff Detail

Event Timeline

loladiro created this revision.May 14 2017, 9:28 PM
davide added a subscriber: davide.Jun 1 2017, 4:06 PM
loladiro added a comment.Jun 2 2017, 12:10 PM

Bump. Would be great if somebody could review this. I know Sink it's not really actively developed, but I think this is a pretty straightforward fix.

loladiro added a comment.Jun 9 2017, 12:14 PM

I'm gonna go ahead and commit this anyway, since this fixes a miscompile. If there are any comments I'll take them in post-commit review.

Closed by commit rL305102: [Sink] Fix predicate in legality check (authored by kfischer). · Explain WhyJun 9 2017, 12:31 PM
This revision was automatically updated to reflect the committed changes.
loladiro mentioned this in D41960: [Sink] Really really fix predicate in legality check.Jan 11 2018, 1:04 PM
escha mentioned this in rL322311: [Sink] Really really fix predicate in legality check.Jan 11 2018, 1:30 PM

Revision Contents

PathSize
lib/
Transforms/
Scalar/
2 lines
test/
Transforms/
Sink/
18 lines

Diff 98943

lib/Transforms/Scalar/Sink.cpp

Show First 20 LinesShow All 108 Lines▼ Show 20 Linesstatic bool IsAcceptableTarget(Instruction *Inst, BasicBlock *SuccToSinkTo,
// If the block has multiple predecessors, this would introduce computation // If the block has multiple predecessors, this would introduce computation
// on different code paths. We could split the critical edge, but for now we // on different code paths. We could split the critical edge, but for now we
// just punt. // just punt.
// FIXME: Split critical edges if not backedges. // FIXME: Split critical edges if not backedges.
if (SuccToSinkTo->getUniquePredecessor() != Inst->getParent()) { if (SuccToSinkTo->getUniquePredecessor() != Inst->getParent()) {
// We cannot sink a load across a critical edge - there may be stores in // We cannot sink a load across a critical edge - there may be stores in
// other code paths. // other code paths.
if (!isSafeToSpeculativelyExecute(Inst)) if (isa<LoadInst>(Inst))
return false; return false;
// We don't want to sink across a critical edge if we don't dominate the // We don't want to sink across a critical edge if we don't dominate the
// successor. We could be introducing calculations to new code paths. // successor. We could be introducing calculations to new code paths.
if (!DT.dominates(Inst->getParent(), SuccToSinkTo)) if (!DT.dominates(Inst->getParent(), SuccToSinkTo))
return false; return false;
// Don't sink instructions into a loop. // Don't sink instructions into a loop.
▲ Show 20 LinesShow All 181 LinesShow Last 20 Lines

test/Transforms/Sink/badloadsink.ll

  • This file was added.
; RUN: opt < %s -basicaa -sink -S | FileCheck %s
declare void @foo(i64 *)
define i64 @sinkload(i1 %cmp) {
; CHECK-LABEL: @sinkload
top:
%a = alloca i64
; CHECK: call void @foo(i64* %a)
; CHECK-NEXT: %x = load i64, i64* %a
call void @foo(i64* %a)
%x = load i64, i64* %a
br i1 %cmp, label %A, label %B
A:
store i64 0, i64 *%a
br label %B
B:
; CHECK-NOT: load i64, i64 *%a
ret i64 %x
}