This is an archive of the discontinued LLVM Phabricator instance.

[ImplicitNullChecks] Check for rewrite of register used in 'test' instruction
ClosedPublic

Authored by jskumari on Jun 27 2018, 3:27 AM.

Download Raw Diff

Details

Reviewers

sanjoy
skatkov

Commits

rGe8e01143ec64: [ImplicitNullChecks] Check for rewrite of register used in 'test' instruction
rL336241: [ImplicitNullChecks] Check for rewrite of register used in 'test' instruction

Summary

The following code pattern:

mov %rax, %rcx
test %rax, %rax
%rax = ....
je  throw_npe
mov(%rcx), %r9
mov(%rax), %r10

gets transformed into the following incorrect code after implicit null check pass:

 mov %rax, %rcx
%rax = ....
faulting_load_op("movl (%rax), %r10", throw_npe)
mov(%rcx), %r9

For implicit null check pass, if the register that is checked for null value (ie, the register used in the 'test' instruction) is written into before the condition jump, we should avoid doing the optimization.

Diff Detail

Event Timeline

jskumari created this revision.Jun 27 2018, 3:27 AM

Herald added a subscriber: llvm-commits. · View Herald TranscriptJun 27 2018, 3:27 AM

skatkov added inline comments.Jun 27 2018, 10:00 PM

lib/CodeGen/ImplicitNullChecks.cpp
503	This form of comment is useful for understanding the reasoning of the bug but after it is landed it will be difficult to read this comment.. why it is converted in this way?! I would suggest to re-phrase it. Something like, to prevent the invalid transformation ... we must ensure that ...
512	There is also the same assignment later: const unsigned PointerReg.
514	I would suggest to move this check after "if (NotNullSucc->pred_size() != 1)" because the later seems simpler.
514	I would add an assert that MBP.ConditionDef is in MBB.

Test, actually can be simplified bit if you do not mind.

test/CodeGen/X86/implicit-null-chk-reg-rewrite.mir
49	Why do you need this?
51	I guess you do not need this CMP for reproducing the failure? just return result of the and will be enough? Do I miss anything?

Incorporated review comments.

skatkov accepted this revision.Jul 1 2018, 7:30 PM

This revision is now accepted and ready to land.Jul 1 2018, 7:30 PM

Closed by commit rL336241: [ImplicitNullChecks] Check for rewrite of register used in 'test' instruction (authored by mkazantsev). · Explain WhyJul 4 2018, 1:06 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

lib/

CodeGen/

ImplicitNullChecks.cpp

24 lines

test/

CodeGen/

X86/

implicit-null-chk-reg-rewrite.mir

65 lines

Diff 153032

lib/CodeGen/ImplicitNullChecks.cpp

Show First 20 Lines • Show All 485 Lines • ▼ Show 20 Lines	bool ImplicitNullChecks::analyzeBlockForNullChecks(
if (MBP.Predicate == MachineBranchPredicate::PRED_NE) {		if (MBP.Predicate == MachineBranchPredicate::PRED_NE) {
NotNullSucc = MBP.TrueDest;		NotNullSucc = MBP.TrueDest;
NullSucc = MBP.FalseDest;		NullSucc = MBP.FalseDest;
} else {		} else {
NotNullSucc = MBP.FalseDest;		NotNullSucc = MBP.FalseDest;
NullSucc = MBP.TrueDest;		NullSucc = MBP.TrueDest;
}		}

		// The following code fragment:
		//
		// mov %rax, %rcx
		// test %rax, %rax
		// %rax = ...
		// je throw_npe
		// mov(%rcx), %r9
		// mov(%rax), %r10
		//
		// gets incorrectly converted into:
		skatkovUnsubmitted Not Done Reply Inline Actions This form of comment is useful for understanding the reasoning of the bug but after it is landed it will be difficult to read this comment.. why it is converted in this way?! I would suggest to re-phrase it. Something like, to prevent the invalid transformation ... we must ensure that ... skatkov: This form of comment is useful for understanding the reasoning of the bug but after it is…
		//
		// mov %rax, %rcx
		// %rax = ....
		// faulting_load_op("movl (%rax), %r10", throw_npe)
		// mov(%rcx), %r9
		//
		// Check if there are any instructions between the 'test' and conditional
		// jump that modify %rax.
		unsigned cmpReg = MBP.LHS.getReg();
		skatkovUnsubmitted Not Done Reply Inline Actions There is also the same assignment later: const unsigned PointerReg. skatkov: There is also the same assignment later: const unsigned PointerReg.

		for (auto I = MBB.rbegin(); MBP.ConditionDef != &*I; ++I)
		skatkovUnsubmitted Not Done Reply Inline Actions I would suggest to move this check after "if (NotNullSucc->pred_size() != 1)" because the later seems simpler. skatkov: I would suggest to move this check after "if (NotNullSucc->pred_size() != 1)" because the later…
		skatkovUnsubmitted Not Done Reply Inline Actions I would add an assert that MBP.ConditionDef is in MBB. skatkov: I would add an assert that MBP.ConditionDef is in MBB.
		if (I->modifiesRegister(cmpReg, TRI))
		return false;

// We handle the simplest case for now. We can potentially do better by using		// We handle the simplest case for now. We can potentially do better by using
// the machine dominator tree.		// the machine dominator tree.
if (NotNullSucc->pred_size() != 1)		if (NotNullSucc->pred_size() != 1)
return false;		return false;

// Starting with a code fragment like:		// Starting with a code fragment like:
//		//
// test %rax, %rax		// test %rax, %rax
▲ Show 20 Lines • Show All 198 Lines • Show Last 20 Lines

test/CodeGen/X86/implicit-null-chk-reg-rewrite.mir

This file was added.

				# RUN: llc -mtriple=x86_64 -run-pass=implicit-null-checks %s -o - \| FileCheck %s
				--- \|

				define i32 @reg-rewrite(i32* %x, i32 %val) {
				entry:
				br i1 undef, label %is_null, label %not_null, !make.implicit !0

				is_null:
				ret i32 42

				not_null:
				br i1 undef, label %ret_100, label %ret_200

				ret_100:
				ret i32 100

				ret_200:
				ret i32 200
				}

				!0 = !{}

				...
				---
				# Check that the TEST instruction is replaced with
				# FAULTING_OP only if there are no instructions
				# between the TEST and conditional jump
				# that clobber the register used in TEST.
				name: reg-rewrite

				alignment: 4
				tracksRegLiveness: true
				liveins:
				- { reg: '$rdi' }
				- { reg: '$rsi' }
				body: \|
				bb.0.entry:
				liveins: $rdi, $rsi

				TEST64rr $rdi, $rdi, implicit-def $eflags
				; CHECK-LABEL: bb.0.entry
				; CHECK-NOT: FAULTING_OP
				renamable $rdi = MOV64ri 5000
				JE_1 %bb.2, implicit $eflags

				bb.1.not_null:
				liveins: $rdi, $rsi

				$rax = MOV64ri 2200000
				skatkovUnsubmitted Not Done Reply Inline Actions Why do you need this? skatkov: Why do you need this?
				$rax = AND64rm killed $rax, killed $rdi, 1, $noreg, 0, $noreg, implicit-def dead $eflags
				CMP64rr killed $rax, killed $rsi, implicit-def $eflags
				skatkovUnsubmitted Not Done Reply Inline Actions I guess you do not need this CMP for reproducing the failure? just return result of the and will be enough? Do I miss anything? skatkov: I guess you do not need this CMP for reproducing the failure? just return result of the and…
				JE_1 %bb.4, implicit $eflags

				bb.2.ret_200:
				$eax = MOV32ri 200
				RETQ $eax

				bb.3.is_null:
				$eax = MOV32ri 42
				RETQ $eax

				bb.4.ret_100:
				$eax = MOV32ri 100
				RETQ $eax
				...