Download Raw Diff

Details

Reviewers

morehouse
kcc

Commits

rGba58c3a3a57e: Implementation of nested loops in cxx_loop_proto
rL339832: Implementation of nested loops in cxx_loop_proto
rC339832: Implementation of nested loops in cxx_loop_proto

Summary

Extended cxx_loop_proto to have neste for loops. Modified loop_proto_to_llvm and loop_proto_to_cxx to handle the new protos. All protos have a set of statements designated as "inner loop" statements and a set of statements designated as "outer loop" statements.

Diff Detail

Repository: rC Clang

Event Timeline

emmettneyman created this revision.Aug 13 2018, 3:37 PM

Herald added a subscriber: cfe-commits. · View Herald TranscriptAug 13 2018, 3:37 PM

Harbormaster completed remote builds in B21421: Diff 160471.Aug 13 2018, 3:38 PM

Does having multiple loops one after another change any coverage in the vectorizer?

No, it doesn't actually. I thought it would try to combine the separate loops into one block of vectorized instructions but after looking at the coverage of multiple loops vs single loop, they cover exactly the same parts of the Loop Vectorizer. Should I switch my focus to nested loops instead? I think nested loops will increase coverage.

In D50670#1199556, @emmettneyman wrote:

Should I switch my focus to nested loops instead? I think nested loops will increase coverage.

Yes, I'd recommend doing that.

Another option would be to allow simple control flow within the loop itself.

Changed the multiloop protos to nested loop protos. All the protos have an inner loop and an outer loop.

Harbormaster completed remote builds in B21503: Diff 160740.Aug 14 2018, 6:11 PM

emmettneyman retitled this revision from Implementation of multiple loops in cxx_loop_proto to Implementation of nested loops in cxx_loop_proto.Aug 14 2018, 6:12 PM

emmettneyman edited the summary of this revision. (Show Details)

Does this hit new coverage in the vectorizer?

clang/tools/clang-fuzzer/proto-to-llvm/loop_proto_to_llvm.cpp
46 ↗	(On Diff #160740)	Please choose a better name than var.
127 ↗	(On Diff #160740)	This looks like a bug. `inner_loop` never gets set to false again. Might be a good reason to make it parameter instead.
131 ↗	(On Diff #160740)	Why do you change this to `pc` again?
132 ↗	(On Diff #160740)	I'm curious how this change affects coverage independent of the rest of this change. Also what would happen if we set `%a` and `%b` to noalias as well?
136 ↗	(On Diff #160740)	Looks like a pointless branch.
144 ↗	(On Diff #160740)	Why `nuw`, `nsw` here?
154 ↗	(On Diff #160740)	Can we simplify the order of blocks here? It is confusing to follow all these jumps forward and backward.

In D50670#1200784, @morehouse wrote:

Does this hit new coverage in the vectorizer?

Yes, this does hit new coverage in the loop vectorizer code.

clang/tools/clang-fuzzer/proto-to-llvm/loop_proto_to_llvm.cpp
131 ↗	(On Diff #160740)	Sorry, it got changed back when I copy/pasted the IR.
136 ↗	(On Diff #160740)	I realize it's just a label with a branch instruction but I think I need it for the phi instruction. I will move the `outer_loop_start` label above the `icmp` instruction and change the branch from `outer_loop_start` to `inner_loop_start`.
144 ↗	(On Diff #160740)	Sorry, it got changed back when I copy/pasted the IR.
154 ↗	(On Diff #160740)	Yes, I think it might be cleaner to have the blocks like this: define @foo... { outer_loop_start outer_loop inner_loop_start inner_loop end }

Small changes to generated IR

Small changes to generated IR, my last change hadn't saved

morehouse added inline comments.Aug 15 2018, 11:35 AM

clang/tools/clang-fuzzer/proto-to-llvm/loop_proto_to_llvm.cpp
127 ↗	(On Diff #160866)	Maybe this fixes the bug, but modifying `inner_loop` from different functions is still error-prone. Please either make this a scoped variable (with a wrapper class that sets it to true in the constructor and sets it to false in the destructor), or make it a parameter.
140 ↗	(On Diff #160866)	I don't see any jumps to `end`. I think this will be an infinite loop.
143 ↗	(On Diff #160866)	IIUC this creates loop structure always like this: for (int i = 0; i < s; i++) { for (int j = 0; j < s; j++) { // statements } // statements } Maybe not necessary for this patch, but I'm curious if adding statements before the inner loop would exercise different coverage in the vectorizer.
143 ↗	(On Diff #160866)	Will all loops be double-nested now?

emmettneyman added inline comments.Aug 15 2018, 1:15 PM

clang/tools/clang-fuzzer/proto-to-llvm/loop_proto_to_llvm.cpp
127 ↗	(On Diff #160866)	Would it be better if `inner_loop` was only modified in the `LoopFunction` operator override? For example: std::ostream &operator<<(std::ostream &os, const LoopFunction &x) { inner_loop = false; os << "target triple = \"x86_64-unknown-linux-gnu\"\n" .... << << "outer_loop:\n" << x.outer_statements(); inner_loop = true; os << "%o_ct_new = add i64 %outer_ct, 1\n" .... << "!2 = !{!\"llvm.loop.vectorize.width\", i32 " << kArraySize << "}\n"; return os; And removed `inner_loop = true;` from the above function?
140 ↗	(On Diff #160866)	There are two jumps to `end`, one before entering the `outer_loop` and one at the end of `outer_loop`.
143 ↗	(On Diff #160866)	Yes, that's correct. It's also worth noting that all the statements in the inner loop will only use `j` to index into the arrays, never `i`. It shouldn't be hard to add outer loop statements before the inner loop. A third `StatementSeq` could be added to the `LoopFunction` proto: one for outer loop statements before the inner loop, one for inner loop statements, and one for outer loop statements after the inner loop.
143 ↗	(On Diff #160866)	Yes, all loops will be double-nested. It shouldn't be difficult to make the inner loop optional though. In `cxx_loop_proto`, the first `Statement_Seq`, `inner_statements`, can be made `optional` and then a different IR structures can be generated depending on whether or not `inner_statements` exists.
132 ↗	(On Diff #160740)	`%c` was always supposed to be `noalias`. It got changed accidentally in the last patch. I'm not sure what would change in the coverage if `%a` and `%b` also got set to be `noalias`. @kcc and I had originally planned for `foo (int a, int b, int *__restrict__ c, size_t s)` to be just the first function signature we tried for this fuzz target and to change it up and try different signatures.

morehouse added inline comments.Aug 15 2018, 1:40 PM

clang/tools/clang-fuzzer/proto-to-llvm/loop_proto_to_llvm.cpp
127 ↗	(On Diff #160866)	That would be better.
140 ↗	(On Diff #160866)	Right, sorry not sure what I missed there.
143 ↗	(On Diff #160866)	Can we do that in this patch? I think it makes sense to be able to generate either single loops or nested loops.

Made the inner loop optional and moved all modifications of inner_loop to one function.

Harbormaster completed remote builds in B21541: Diff 160920.Aug 15 2018, 2:37 PM

morehouse added inline comments.Aug 15 2018, 3:15 PM

clang/tools/clang-fuzzer/proto-to-cxx/loop_proto_to_cxx.cpp
124 ↗	(On Diff #160920)	Why do we need to set `inner_loop` from different functions? Again, using the global like this is just too easy to screw up. I'd like to see it default to false and then have a scoped wrapper that sets it to true only for the duration necessary.
clang/tools/clang-fuzzer/proto-to-llvm/loop_proto_to_llvm.cpp
137 ↗	(On Diff #160920)	Same comment as above. I'm getting confused trying to understand what `inner_loop` is set to at any given point.

Changed modifying global var to scoped class

Harbormaster completed remote builds in B21544: Diff 160932.Aug 15 2018, 3:47 PM

morehouse accepted this revision.Aug 15 2018, 3:56 PM

This revision is now accepted and ready to land.Aug 15 2018, 3:56 PM

Updated comments, rebased, and ready to land

Harbormaster completed remote builds in B21546: Diff 160936.Aug 15 2018, 4:04 PM

Closed by commit rC339832: Implementation of nested loops in cxx_loop_proto (authored by emmettneyman). · Explain WhyAug 15 2018, 4:06 PM

This revision was automatically updated to reflect the committed changes.

Diff 160937

tools/clang-fuzzer/cxx_loop_proto.proto

//===-- cxx_loop_proto.proto - Protobuf description of C++ with for loops -===//		//===-- cxx_loop_proto.proto - Protobuf description of C++ with for loops -===//
//		//
// The LLVM Compiler Infrastructure		// The LLVM Compiler Infrastructure
//		//
// This file is distributed under the University of Illinois Open Source		// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.		// License. See LICENSE.TXT for details.
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//
///		///
/// \file		/// \file
/// This file describes a subset of C++ as a protobuf. It is used to		/// This file describes a subset of C++ as a protobuf. It is used to
/// more easily find interesting inputs for fuzzing Clang. This subset		/// more easily find interesting inputs for fuzzing LLVM's vectorizer.
/// differs from the one defined in cxx_proto.proto by eliminating while		/// This subset differs from the one defined in cxx_proto.proto by eliminating
/// loops and conditionals. The goal is that the C++ code generated will be		/// while loops and conditionals. The goal is that the C++ code generated will
/// more likely to stress the LLVM loop vectorizer.		/// be more likely to stress the LLVM loop vectorizer. The code generated will
		/// contain either a single loop or two nested loops.
///		///
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//

syntax = "proto2";		syntax = "proto2";

message Const {		message Const {
required int32 val = 1;		required int32 val = 1;
}		}
▲ Show 20 Lines • Show All 45 Lines • ▼ Show 20 Lines	message Statement {
required AssignmentStatement assignment = 1;		required AssignmentStatement assignment = 1;
}		}

message StatementSeq {		message StatementSeq {
repeated Statement statements = 1;		repeated Statement statements = 1;
}		}

message LoopFunction {		message LoopFunction {
required StatementSeq statements = 1;		optional StatementSeq inner_statements = 1;
		required StatementSeq outer_statements = 2;
}		}

package clang_fuzzer;		package clang_fuzzer;

tools/clang-fuzzer/proto-to-cxx/loop_proto_to_cxx.cpp

	//==-- loop_proto_to_cxx.cpp - Protobuf-C++ conversion ---------------------==//			//==-- loop_proto_to_cxx.cpp - Protobuf-C++ conversion ---------------------==//
	//			//
	// The LLVM Compiler Infrastructure			// The LLVM Compiler Infrastructure
	//			//
	// This file is distributed under the University of Illinois Open Source			// This file is distributed under the University of Illinois Open Source
	// License. See LICENSE.TXT for details.			// License. See LICENSE.TXT for details.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	//			//
	// Implements functions for converting between protobufs and C++. Differs from			// Implements functions for converting between protobufs and C++. Differs from
	// proto_to_cxx.cpp by wrapping all the generated C++ code in a single for			// proto_to_cxx.cpp by wrapping all the generated C++ code in either a single
	// loop. Also coutputs a different function signature that includes a			// for loop or two nested loops. Also outputs a different function signature
	// size_t parameter for the loop to use. The C++ code generated is meant to			// that includes a size_t parameter for the loop to use. The C++ code generated
	// stress the LLVM loop vectorizer.			// is meant to stress the LLVM loop vectorizer.
	//			//
	// Still a work in progress.			// Still a work in progress.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	#include "cxx_loop_proto.pb.h"			#include "cxx_loop_proto.pb.h"
	#include "proto_to_cxx.h"			#include "proto_to_cxx.h"

	// The following is needed to convert protos in human-readable form			// The following is needed to convert protos in human-readable form
	#include <google/protobuf/text_format.h>			#include <google/protobuf/text_format.h>

	#include <ostream>			#include <ostream>
	#include <sstream>			#include <sstream>

	namespace clang_fuzzer {			namespace clang_fuzzer {

				static bool inner_loop = false;
				class InnerLoop {
				public:
				InnerLoop() {
				inner_loop = true;
				}
				~InnerLoop() {
				inner_loop = false;
				}
				};

	// Forward decls.			// Forward decls.
	std::ostream &operator<<(std::ostream &os, const BinaryOp &x);			std::ostream &operator<<(std::ostream &os, const BinaryOp &x);
	std::ostream &operator<<(std::ostream &os, const StatementSeq &x);			std::ostream &operator<<(std::ostream &os, const StatementSeq &x);

	// Proto to C++.			// Proto to C++.
	std::ostream &operator<<(std::ostream &os, const Const &x) {			std::ostream &operator<<(std::ostream &os, const Const &x) {
	return os << "(" << x.val() << ")";			return os << "(" << x.val() << ")";
	}			}
	std::ostream &operator<<(std::ostream &os, const VarRef &x) {			std::ostream &operator<<(std::ostream &os, const VarRef &x) {
				std::string which_loop = inner_loop ? "j" : "i";
	switch (x.arr()) {			switch (x.arr()) {
	case VarRef::ARR_A:			case VarRef::ARR_A:
	return os << "a[i]";			return os << "a[" << which_loop << "]";
	case VarRef::ARR_B:			case VarRef::ARR_B:
	return os << "b[i]";			return os << "b[" << which_loop << "]";
	case VarRef::ARR_C:			case VarRef::ARR_C:
	return os << "c[i]";			return os << "c[" << which_loop << "]";
	}			}
	}			}
	std::ostream &operator<<(std::ostream &os, const Rvalue &x) {			std::ostream &operator<<(std::ostream &os, const Rvalue &x) {
	if (x.has_cons())			if (x.has_cons())
	return os << x.cons();			return os << x.cons();
	if (x.has_binop())			if (x.has_binop())
	return os << x.binop();			return os << x.binop();
	if (x.has_varref())			if (x.has_varref())
	▲ Show 20 Lines • Show All 48 Lines • ▼ Show 20 Lines
	std::ostream &operator<<(std::ostream &os, const Statement &x) {			std::ostream &operator<<(std::ostream &os, const Statement &x) {
	return os << x.assignment();			return os << x.assignment();
	}			}
	std::ostream &operator<<(std::ostream &os, const StatementSeq &x) {			std::ostream &operator<<(std::ostream &os, const StatementSeq &x) {
	for (auto &st : x.statements())			for (auto &st : x.statements())
	os << st;			os << st;
	return os;			return os;
	}			}
	std::ostream &operator<<(std::ostream &os, const LoopFunction &x) {			void NestedLoopToString(std::ostream &os, const LoopFunction &x) {
	return os << "void foo(int a, int b, int *__restrict__ c, size_t s) {\n"			os << "void foo(int a, int b, int *__restrict__ c, size_t s) {\n"
				<< "for (int i=0; i<s; i++){\n"
				<< "for (int j=0; j<s; j++){\n";
				{
				InnerLoop IL;
				os << x.inner_statements() << "}\n";
				}
				os << x.outer_statements() << "}\n}\n";
				}
				void SingleLoopToString(std::ostream &os, const LoopFunction &x) {
				os << "void foo(int a, int b, int *__restrict__ c, size_t s) {\n"
	<< "for (int i=0; i<s; i++){\n"			<< "for (int i=0; i<s; i++){\n"
	<< x.statements() << "}\n}\n";			<< x.outer_statements() << "}\n}\n";
				}
				std::ostream &operator<<(std::ostream &os, const LoopFunction &x) {
				if (x.has_inner_statements())
				NestedLoopToString(os, x);
				else
				SingleLoopToString(os, x);
				return os;
	}			}

	// ---------------------------------			// ---------------------------------

	std::string LoopFunctionToString(const LoopFunction &input) {			std::string LoopFunctionToString(const LoopFunction &input) {
	std::ostringstream os;			std::ostringstream os;
	os << input;			os << input;
	return os.str();			return os.str();
	Show All 9 Lines

tools/clang-fuzzer/proto-to-llvm/loop_proto_to_llvm.cpp

Show All 24 Lines

namespace clang_fuzzer {		namespace clang_fuzzer {

// Forward decls		// Forward decls
std::string BinopToString(std::ostream &os, const BinaryOp &x);		std::string BinopToString(std::ostream &os, const BinaryOp &x);
std::string StateSeqToString(std::ostream &os, const StatementSeq &x);		std::string StateSeqToString(std::ostream &os, const StatementSeq &x);

// Counter variable to generate new LLVM IR variable names and wrapper function		// Counter variable to generate new LLVM IR variable names and wrapper function
std::string get_var() {		static std::string get_var() {
static int ctr = 0;		static int ctr = 0;
return "%var" + std::to_string(ctr++);		return "%var" + std::to_string(ctr++);
}		}

		static bool inner_loop = false;
		class InnerLoop {
		public:
		InnerLoop() {
		inner_loop = true;
		}
		~InnerLoop() {
		inner_loop = false;
		}
		};


// Proto to LLVM.		// Proto to LLVM.

std::string ConstToString(const Const &x) {		std::string ConstToString(const Const &x) {
return std::to_string(x.val());		return std::to_string(x.val());
}		}
std::string VarRefToString(std::ostream &os, const VarRef &x) {		std::string VarRefToString(std::ostream &os, const VarRef &x) {
		std::string which_loop = inner_loop ? "inner" : "outer";
std::string arr;		std::string arr;
switch(x.arr()) {		switch(x.arr()) {
case VarRef::ARR_A:		case VarRef::ARR_A:
arr = "%a";		arr = "%a";
break;		break;
case VarRef::ARR_B:		case VarRef::ARR_B:
arr = "%b";		arr = "%b";
break;		break;
case VarRef::ARR_C:		case VarRef::ARR_C:
arr = "%c";		arr = "%c";
break;		break;
}		}
std::string ptr_var = get_var();		std::string ptr_var = get_var();
os << ptr_var << " = getelementptr inbounds i32, i32* " << arr << ", i64 %ct\n";		os << ptr_var << " = getelementptr inbounds i32, i32* " << arr
		<< ", i64 %" << which_loop << "_ct\n";
return ptr_var;		return ptr_var;
}		}
std::string RvalueToString(std::ostream &os, const Rvalue &x) {		std::string RvalueToString(std::ostream &os, const Rvalue &x) {
if(x.has_cons())		if(x.has_cons())
return ConstToString(x.cons());		return ConstToString(x.cons());
if(x.has_binop())		if(x.has_binop())
return BinopToString(os, x.binop());		return BinopToString(os, x.binop());
if(x.has_varref()) {		if(x.has_varref()) {
▲ Show 20 Lines • Show All 51 Lines • ▼ Show 20 Lines	std::ostream &operator<<(std::ostream &os, const Statement &x) {
return os << x.assignment();		return os << x.assignment();
}		}
std::ostream &operator<<(std::ostream &os, const StatementSeq &x) {		std::ostream &operator<<(std::ostream &os, const StatementSeq &x) {
for (auto &st : x.statements()) {		for (auto &st : x.statements()) {
os << st;		os << st;
}		}
return os;		return os;
}		}
std::ostream &operator<<(std::ostream &os, const LoopFunction &x) {		void NestedLoopToString(std::ostream &os, const LoopFunction &x) {
return os << "target triple = \"x86_64-unknown-linux-gnu\"\n"		os << "target triple = \"x86_64-unknown-linux-gnu\"\n"
<< "define void @foo(i32* %a, i32* %b, i32* %c, i64 %s) {\n"		<< "define void @foo(i32* %a, i32* %b, i32* noalias %c, i64 %s) {\n"
<< "%1 = icmp sgt i64 %s, 0\n"		<< "outer_loop_start:\n"
<< "br i1 %1, label %start, label %end\n"		<< "%cmp = icmp sgt i64 %s, 0\n"
		<< "br i1 %cmp, label %inner_loop_start, label %end\n"
		<< "outer_loop:\n"
		<< x.outer_statements()
		<< "%o_ct_new = add i64 %outer_ct, 1\n"
		<< "%jmp_outer = icmp eq i64 %o_ct_new, %s\n"
		<< "br i1 %jmp_outer, label %end, label %inner_loop_start\n"
		<< "inner_loop_start:\n"
		<< "%outer_ct = phi i64 [%o_ct_new, %outer_loop], [0, %outer_loop_start]\n"
		<< "br label %inner_loop\n"
		<< "inner_loop:\n"
		<< "%inner_ct = phi i64 [0, %inner_loop_start], [%i_ct_new, %inner_loop]\n";
		{
		InnerLoop IL;
		os << x.inner_statements();
		}
		os << "%i_ct_new = add i64 %inner_ct, 1\n"
		<< "%jmp_inner = icmp eq i64 %i_ct_new, %s\n"
		<< "br i1 %jmp_inner, label %outer_loop, label %inner_loop, !llvm.loop !0\n"
		<< "end:\n"
		<< "ret void\n"
		<< "}\n"
		<< "!0 = distinct !{!0, !1, !2}\n"
		<< "!1 = !{!\"llvm.loop.vectorize.enable\", i1 true}\n"
		<< "!2 = !{!\"llvm.loop.vectorize.width\", i32 " << kArraySize << "}\n";
		}
		void SingleLoopToString(std::ostream &os, const LoopFunction &x) {
		os << "target triple = \"x86_64-unknown-linux-gnu\"\n"
		<< "define void @foo(i32* %a, i32* %b, i32* noalias %c, i64 %s) {\n"
		<< "%cmp = icmp sgt i64 %s, 0\n"
		<< "br i1 %cmp, label %start, label %end\n"
<< "start:\n"		<< "start:\n"
<< "br label %loop\n"		<< "br label %loop\n"
<< "end:\n"		<< "end:\n"
<< "ret void\n"		<< "ret void\n"
<< "loop:\n"		<< "loop:\n"
<< " %ct = phi i64 [ %ctnew, %loop ], [ 0, %start ]\n"		<< "%outer_ct = phi i64 [ %ctnew, %loop ], [ 0, %start ]\n"
<< x.statements()		<< x.outer_statements()
<< "%ctnew = add i64 %ct, 1\n"		<< "%ctnew = add i64 %outer_ct, 1\n"
<< "%j = icmp eq i64 %ctnew, %s\n"		<< "%j = icmp eq i64 %ctnew, %s\n"
<< "br i1 %j, label %end, label %loop, !llvm.loop !0\n}\n"		<< "br i1 %j, label %end, label %loop, !llvm.loop !0\n}\n"
<< "!0 = distinct !{!0, !1, !2}\n"		<< "!0 = distinct !{!0, !1, !2}\n"
<< "!1 = !{!\"llvm.loop.vectorize.enable\", i1 true}\n"		<< "!1 = !{!\"llvm.loop.vectorize.enable\", i1 true}\n"
<< "!2 = !{!\"llvm.loop.vectorize.width\", i32 " << kArraySize		<< "!2 = !{!\"llvm.loop.vectorize.width\", i32 " << kArraySize << "}\n";
<< "}\n";		}
		std::ostream &operator<<(std::ostream &os, const LoopFunction &x) {
		if (x.has_inner_statements())
		NestedLoopToString(os, x);
		else
		SingleLoopToString(os, x);
		return os;
}		}

// ---------------------------------		// ---------------------------------

std::string LoopFunctionToLLVMString(const LoopFunction &input) {		std::string LoopFunctionToLLVMString(const LoopFunction &input) {
std::ostringstream os;		std::ostringstream os;
os << input;		os << input;
return os.str();		return os.str();
Show All 9 Lines

This is an archive of the discontinued LLVM Phabricator instance.

Implementation of nested loops in cxx_loop_proto
ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 160937

tools/clang-fuzzer/cxx_loop_proto.proto

tools/clang-fuzzer/proto-to-cxx/loop_proto_to_cxx.cpp

tools/clang-fuzzer/proto-to-llvm/loop_proto_to_llvm.cpp

This is an archive of the discontinued LLVM Phabricator instance.

Implementation of nested loops in cxx_loop_protoClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 160937

tools/clang-fuzzer/cxx_loop_proto.proto

tools/clang-fuzzer/proto-to-cxx/loop_proto_to_cxx.cpp

tools/clang-fuzzer/proto-to-llvm/loop_proto_to_llvm.cpp

Implementation of nested loops in cxx_loop_proto
ClosedPublic