This is an archive of the discontinued LLVM Phabricator instance.

Differential D43242

[Coroutines] PR34897: Fix incorrect elisions
ClosedPublic

Authored by modocache on Feb 13 2018, 8:47 AM.

Details

Reviewers
rsmith
GorNishanov
eric_niebler
Commits
rGc6511134397d: [Coroutines] PR34897: Fix incorrect elisions
rL332077: [Coroutines] PR34897: Fix incorrect elisions
Summary

https://bugs.llvm.org/show_bug.cgi?id=34897 demonstrates an incorrect
coroutine frame allocation elision in the coro-elide pass. The elision
is performed on the basis that the SSA variables from all llvm.coro.begin
are directly referenced in subsequent llvm.coro.destroy instructions.

However, this ignores the fact that the function may exit through paths
that do not run these destroy instructions. In the sample program from
PR34897, for example, the llvm.coro.destroy instruction is only
executed in exception handling code. When the coroutine function exits
normally, llvm.coro.destroy is not called. Eliding the allocation in
this case causes a subsequent reference to the coroutine handle from
outside of the function to access freed memory.

To fix the issue, when finding an llvm.coro.destroy for each llvm.coro.begin,
only consider llvm.coro.destroy that are executed along non-exceptional paths.

Test Plan:

  1. Download the sample program from https://bugs.llvm.org/show_bug.cgi?id=34897, compile it with clang++ -fcoroutines-ts -stdlib=libc++ -std=c++1z -O2, and run it. It should print "run1\ncheck1\nrun2\ncheck2" and then exit successfully.
  2. Compile https://godbolt.org/g/mCKfnr and confirm it is still optimized to a single instruction, 'return 1190'.
  3. check-llvm

Diff Detail

Repository
rL LLVM

Event Timeline

modocache created this revision.Feb 13 2018, 8:47 AM
Herald added a subscriber: EricWF. · View Herald TranscriptFeb 13 2018, 8:47 AM
lewissbaker added a subscriber: lewissbaker.Feb 13 2018, 10:10 PM
modocache added a comment.Feb 22 2018, 7:15 AM

Friendly ping! Let me know if this seems totally wrong to you, @GorNishanov :)

andrewrk added a subscriber: andrewrk.Feb 26 2018, 8:08 AM
modocache updated this revision to Diff 137544.Mar 7 2018, 9:03 PM

Just tidying up one line with clang-format. I guess everyone's busy preparing for the Jacksonville standards meeting. Please give this a review when you all have a second -- in addition to the reported bug, https://bugs.llvm.org/show_bug.cgi?id=34897, I've also confirmed that this diff fixes ASAN errors that surfaced in a project at work. Thanks! :)

Harbormaster completed remote builds in B15819: Diff 137544.Mar 7 2018, 9:04 PM
GorNishanov requested changes to this revision.Mar 30 2018, 11:10 AM

I believe that this check is too aggressive. It prevents http://godbolt.org/g/26viuZ from optimizing as well.
I think a distinction should be made for exceptional paths and happy path.
We need to make sure that we call coro.destroy on all happy paths.

I did not page-in everything I thought about the when_all_test bug, but, I scribbled somewhere this note about it: "Ignore coro.destroy on exceptional paths for the purpose of heap elision".

This revision now requires changes to proceed.Mar 30 2018, 11:10 AM
modocache updated this revision to Diff 145491.May 7 2018, 9:45 AM
modocache edited the summary of this revision. (Show Details)

Sorry it took me a while to get around to this, but I think this new approach fits more along the lines of what you were thinking, @GorNishanov. I also confirmed that it optimizes the program you linked to just as well as before.

Harbormaster completed remote builds in B17782: Diff 145491.May 7 2018, 9:46 AM
GorNishanov accepted this revision.May 10 2018, 6:46 PM

LGTM!

This revision is now accepted and ready to land.May 10 2018, 6:46 PM
Closed by commit rL332077: [Coroutines] PR34897: Fix incorrect elisions (authored by modocache). · Explain WhyMay 10 2018, 8:16 PM
This revision was automatically updated to reflect the committed changes.
modocache added a comment.May 10 2018, 8:26 PM

Hooray! Thanks again for the review, @GorNishanov.

modocache mentioned this in D71663: [Coroutines] CoroElide enhancement .Feb 23 2020, 7:45 AM

Revision Contents

PathSize
llvm/
trunk/
lib/
Transforms/
Coroutines/
50 lines
test/
Transforms/
Coroutines/
33 lines

Diff 146273

llvm/trunk/lib/Transforms/Coroutines/CoroElide.cpp

//===- CoroElide.cpp - Coroutine Frame Allocation Elision Pass ------------===// //===- CoroElide.cpp - Coroutine Frame Allocation Elision Pass ------------===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// This pass replaces dynamic allocation of coroutine frame with alloca and // This pass replaces dynamic allocation of coroutine frame with alloca and
// replaces calls to llvm.coro.resume and llvm.coro.destroy with direct calls // replaces calls to llvm.coro.resume and llvm.coro.destroy with direct calls
// to coroutine sub-functions. // to coroutine sub-functions.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "CoroInternal.h" #include "CoroInternal.h"
#include "llvm/Analysis/AliasAnalysis.h" #include "llvm/Analysis/AliasAnalysis.h"
#include "llvm/Analysis/InstructionSimplify.h" #include "llvm/Analysis/InstructionSimplify.h"
#include "llvm/IR/Dominators.h"
#include "llvm/IR/InstIterator.h" #include "llvm/IR/InstIterator.h"
#include "llvm/Pass.h" #include "llvm/Pass.h"
#include "llvm/Support/ErrorHandling.h" #include "llvm/Support/ErrorHandling.h"
using namespace llvm; using namespace llvm;
#define DEBUG_TYPE "coro-elide" #define DEBUG_TYPE "coro-elide"
namespace { namespace {
// Created on demand if CoroElide pass has work to do. // Created on demand if CoroElide pass has work to do.
struct Lowerer : coro::LowererBase { struct Lowerer : coro::LowererBase {
SmallVector<CoroIdInst *, 4> CoroIds; SmallVector<CoroIdInst *, 4> CoroIds;
SmallVector<CoroBeginInst *, 1> CoroBegins; SmallVector<CoroBeginInst *, 1> CoroBegins;
SmallVector<CoroAllocInst *, 1> CoroAllocs; SmallVector<CoroAllocInst *, 1> CoroAllocs;
SmallVector<CoroSubFnInst *, 4> ResumeAddr; SmallVector<CoroSubFnInst *, 4> ResumeAddr;
SmallVector<CoroSubFnInst *, 4> DestroyAddr; SmallVector<CoroSubFnInst *, 4> DestroyAddr;
SmallVector<CoroFreeInst *, 1> CoroFrees; SmallVector<CoroFreeInst *, 1> CoroFrees;
Lowerer(Module &M) : LowererBase(M) {} Lowerer(Module &M) : LowererBase(M) {}
void elideHeapAllocations(Function *F, Type *FrameTy, AAResults &AA); void elideHeapAllocations(Function *F, Type *FrameTy, AAResults &AA);
bool shouldElide() const; bool shouldElide(Function *F, DominatorTree &DT) const;
bool processCoroId(CoroIdInst *, AAResults &AA); bool processCoroId(CoroIdInst *, AAResults &AA, DominatorTree &DT);
}; };
} // end anonymous namespace } // end anonymous namespace
// Go through the list of coro.subfn.addr intrinsics and replace them with the // Go through the list of coro.subfn.addr intrinsics and replace them with the
// provided constant. // provided constant.
static void replaceWithConstant(Constant *Value, static void replaceWithConstant(Constant *Value,
SmallVectorImpl<CoroSubFnInst *> &Users) { SmallVectorImpl<CoroSubFnInst *> &Users) {
if (Users.empty()) if (Users.empty())
▲ Show 20 LinesShow All 88 Lines▼ Show 20 Lines for (auto *CB : CoroBegins) {
CB->eraseFromParent(); CB->eraseFromParent();
} }
// Since now coroutine frame lives on the stack we need to make sure that // Since now coroutine frame lives on the stack we need to make sure that
// any tail call referencing it, must be made non-tail call. // any tail call referencing it, must be made non-tail call.
removeTailCallAttribute(Frame, AA); removeTailCallAttribute(Frame, AA);
} }
bool Lowerer::shouldElide() const { bool Lowerer::shouldElide(Function *F, DominatorTree &DT) const {
// If no CoroAllocs, we cannot suppress allocation, so elision is not // If no CoroAllocs, we cannot suppress allocation, so elision is not
// possible. // possible.
if (CoroAllocs.empty()) if (CoroAllocs.empty())
return false; return false;
// Check that for every coro.begin there is a coro.destroy directly // Check that for every coro.begin there is a coro.destroy directly
// referencing the SSA value of that coro.begin. If the value escaped, then // referencing the SSA value of that coro.begin along a non-exceptional path.
// coro.destroy would have been referencing a memory location storing that // If the value escaped, then coro.destroy would have been referencing a
// value and not the virtual register. // memory location storing that value and not the virtual register.
SmallPtrSet<CoroBeginInst *, 8> ReferencedCoroBegins; // First gather all of the non-exceptional terminators for the function.
SmallPtrSet<Instruction *, 8> Terminators;
for (BasicBlock &B : *F) {
auto *TI = B.getTerminator();
if (TI->getNumSuccessors() == 0 && !TI->isExceptional() &&
!isa<UnreachableInst>(TI))
Terminators.insert(TI);
}
// Filter out the coro.destroy that lie along exceptional paths.
SmallPtrSet<CoroSubFnInst *, 4> DAs;
for (CoroSubFnInst *DA : DestroyAddr) { for (CoroSubFnInst *DA : DestroyAddr) {
for (Instruction *TI : Terminators) {
if (DT.dominates(DA, TI)) {
DAs.insert(DA);
break;
}
}
}
// Find all the coro.begin referenced by coro.destroy along happy paths.
SmallPtrSet<CoroBeginInst *, 8> ReferencedCoroBegins;
for (CoroSubFnInst *DA : DAs) {
if (auto *CB = dyn_cast<CoroBeginInst>(DA->getFrame())) if (auto *CB = dyn_cast<CoroBeginInst>(DA->getFrame()))
ReferencedCoroBegins.insert(CB); ReferencedCoroBegins.insert(CB);
else else
return false; return false;
} }
// If size of the set is the same as total number of CoroBegins, means we // If size of the set is the same as total number of coro.begin, that means we
// found a coro.free or coro.destroy mentioning a coro.begin and we can // found a coro.free or coro.destroy referencing each coro.begin, so we can
// perform heap elision. // perform heap elision.
return ReferencedCoroBegins.size() == CoroBegins.size(); return ReferencedCoroBegins.size() == CoroBegins.size();
} }
bool Lowerer::processCoroId(CoroIdInst *CoroId, AAResults &AA) { bool Lowerer::processCoroId(CoroIdInst *CoroId, AAResults &AA,
DominatorTree &DT) {
CoroBegins.clear(); CoroBegins.clear();
CoroAllocs.clear(); CoroAllocs.clear();
CoroFrees.clear(); CoroFrees.clear();
ResumeAddr.clear(); ResumeAddr.clear();
DestroyAddr.clear(); DestroyAddr.clear();
// Collect all coro.begin and coro.allocs associated with this coro.id. // Collect all coro.begin and coro.allocs associated with this coro.id.
for (User *U : CoroId->users()) { for (User *U : CoroId->users()) {
Show All 29 Linesbool Lowerer::processCoroId(CoroIdInst *CoroId, AAResults &AA,
ConstantArray *Resumers = CoroId->getInfo().Resumers; ConstantArray *Resumers = CoroId->getInfo().Resumers;
assert(Resumers && "PostSplit coro.id Info argument must refer to an array" assert(Resumers && "PostSplit coro.id Info argument must refer to an array"
"of coroutine subfunctions"); "of coroutine subfunctions");
auto *ResumeAddrConstant = auto *ResumeAddrConstant =
ConstantExpr::getExtractValue(Resumers, CoroSubFnInst::ResumeIndex); ConstantExpr::getExtractValue(Resumers, CoroSubFnInst::ResumeIndex);
replaceWithConstant(ResumeAddrConstant, ResumeAddr); replaceWithConstant(ResumeAddrConstant, ResumeAddr);
bool ShouldElide = shouldElide(); bool ShouldElide = shouldElide(CoroId->getFunction(), DT);
auto *DestroyAddrConstant = ConstantExpr::getExtractValue( auto *DestroyAddrConstant = ConstantExpr::getExtractValue(
Resumers, Resumers,
ShouldElide ? CoroSubFnInst::CleanupIndex : CoroSubFnInst::DestroyIndex); ShouldElide ? CoroSubFnInst::CleanupIndex : CoroSubFnInst::DestroyIndex);
replaceWithConstant(DestroyAddrConstant, DestroyAddr); replaceWithConstant(DestroyAddrConstant, DestroyAddr);
if (ShouldElide) { if (ShouldElide) {
▲ Show 20 LinesShow All 63 Lines▼ Show 20 Lines for (auto &I : instructions(F))
if (CII->getCoroutine() != CII->getFunction()) if (CII->getCoroutine() != CII->getFunction())
L->CoroIds.push_back(CII); L->CoroIds.push_back(CII);
// If we did not find any coro.id, there is nothing to do. // If we did not find any coro.id, there is nothing to do.
if (L->CoroIds.empty()) if (L->CoroIds.empty())
return Changed; return Changed;
AAResults &AA = getAnalysis<AAResultsWrapperPass>().getAAResults(); AAResults &AA = getAnalysis<AAResultsWrapperPass>().getAAResults();
DominatorTree &DT = getAnalysis<DominatorTreeWrapperPass>().getDomTree();
for (auto *CII : L->CoroIds) for (auto *CII : L->CoroIds)
Changed |= L->processCoroId(CII, AA); Changed |= L->processCoroId(CII, AA, DT);
return Changed; return Changed;
} }
void getAnalysisUsage(AnalysisUsage &AU) const override { void getAnalysisUsage(AnalysisUsage &AU) const override {
AU.addRequired<AAResultsWrapperPass>(); AU.addRequired<AAResultsWrapperPass>();
AU.addRequired<DominatorTreeWrapperPass>();
} }
StringRef getPassName() const override { return "Coroutine Elision"; } StringRef getPassName() const override { return "Coroutine Elision"; }
}; };
} }
char CoroElide::ID = 0; char CoroElide::ID = 0;
INITIALIZE_PASS_BEGIN( INITIALIZE_PASS_BEGIN(
CoroElide, "coro-elide", CoroElide, "coro-elide",
Show All 9 Lines

llvm/trunk/test/Transforms/Coroutines/coro-heap-elide.ll

Show First 20 LinesShow All 75 Lines▼ Show 20 Lines; CHECK-NEXT: call fastcc void bitcast (void (%f.frame*)* @f.cleanup to void (i8*)*)(i8* %vFrame)
%2 = call i8* @llvm.coro.subfn.addr(i8* %hdl, i8 1) %2 = call i8* @llvm.coro.subfn.addr(i8* %hdl, i8 1)
%3 = bitcast i8* %2 to void (i8*)* %3 = bitcast i8* %2 to void (i8*)*
call fastcc void %3(i8* %hdl) call fastcc void %3(i8* %hdl)
; CHECK-NEXT: ret void ; CHECK-NEXT: ret void
ret void ret void
} }
; CHECK-LABEL: @callResume_PR34897_no_elision(
define void @callResume_PR34897_no_elision(i1 %cond) {
; CHECK-LABEL: entry:
entry:
; CHECK: call i8* @CustomAlloc(
%hdl = call i8* @f()
; CHECK: tail call void @bar(
tail call void @bar(i8* %hdl)
; CHECK: tail call void @bar(
tail call void @bar(i8* null)
br i1 %cond, label %if.then, label %if.else
; CHECK-LABEL: if.then:
if.then:
; CHECK: call fastcc void bitcast (void (%f.frame*)* @f.resume to void (i8*)*)(i8*
%0 = call i8* @llvm.coro.subfn.addr(i8* %hdl, i8 0)
%1 = bitcast i8* %0 to void (i8*)*
call fastcc void %1(i8* %hdl)
; CHECK-NEXT: call fastcc void bitcast (void (%f.frame*)* @f.destroy to void (i8*)*)(i8*
%2 = call i8* @llvm.coro.subfn.addr(i8* %hdl, i8 1)
%3 = bitcast i8* %2 to void (i8*)*
call fastcc void %3(i8* %hdl)
br label %return
if.else:
br label %return
; CHECK-LABEL: return:
return:
; CHECK: ret void
ret void
}
; a coroutine start function (cannot elide heap alloc, due to second argument to ; a coroutine start function (cannot elide heap alloc, due to second argument to
; coro.begin not pointint to coro.alloc) ; coro.begin not pointint to coro.alloc)
define i8* @f_no_elision() personality i8* null { define i8* @f_no_elision() personality i8* null {
entry: entry:
%id = call token @llvm.coro.id(i32 0, i8* null, %id = call token @llvm.coro.id(i32 0, i8* null,
i8* bitcast (i8*()* @f_no_elision to i8*), i8* bitcast (i8*()* @f_no_elision to i8*),
i8* bitcast ([3 x void (%f.frame*)*]* @f.resumers to i8*)) i8* bitcast ([3 x void (%f.frame*)*]* @f.resumers to i8*))
%alloc = call i8* @CustomAlloc(i32 4) %alloc = call i8* @CustomAlloc(i32 4)
Show All 36 Lines