This is an archive of the discontinued LLVM Phabricator instance.

Differential D50679

[BasicAA] Don't assume tail calls with byval don't alias allocas
ClosedPublic

Authored by rnk on Aug 13 2018, 4:45 PM.

Details

Reviewers
hfinkel
nlewycky
gbiv
george.burgess.iv
Commits
rGa7a21e64cbec: Merging r339636: --------------------------------------------------------------…
rG40e7663b1fca: [BasicAA] Don't assume tail calls with byval don't alias allocas
rL339698: Merging r339636:
rL339636: [BasicAA] Don't assume tail calls with byval don't alias allocas
Summary

Calls marked 'tail' cannot read or write allocas from the current frame
because the current frame might be destroyed by the time they run.
However, a tail call may use an alloca with byval. Calling with byval
copies the contents of the alloca into argument registers or stack
slots, so there is no lifetime issue.

Fixes PR38466, a longstanding bug.

Diff Detail

Repository
rL LLVM

Event Timeline

rnk created this revision.Aug 13 2018, 4:45 PM
Herald added a reviewer: george.burgess.iv. · View Herald TranscriptAug 13 2018, 4:45 PM
Herald added a subscriber: hiraditya. · View Herald Transcript
Harbormaster completed remote builds in B21425: Diff 160487.Aug 13 2018, 4:46 PM
hfinkel added a comment.Aug 13 2018, 5:21 PM

The DSE test is fine, and I think that you should keep it, but can you please add a direct AA test (like, e.g., test/Analysis/BasicAA/cs-cs.ll)?

Should we just always return ModRefInfo::Ref in this case? It can read the data (to copy it), but can't write, correct?

rnk added a comment.Aug 13 2018, 5:39 PM
In D50679#1198237, @hfinkel wrote:

The DSE test is fine, and I think that you should keep it, but can you please add a direct AA test (like, e.g., test/Analysis/BasicAA/cs-cs.ll)?

Should we just always return ModRefInfo::Ref in this case? It can read the data (to copy it), but can't write, correct?

I thought about that, but I think the code below this check is usually more precise in these cases. It tests if the alloca isNonEscapingLocalObject and then looks at each argument to see if it is actually used by the call. For local objects that *are* escaping, we could return ModRefInfo::Ref. Basically, we already get this test case:

define void @dead(i32* byval %x) {
entry:
  %p = alloca i32
  %q = alloca i32
  %v = load i32, i32* %x
  store i32 %v, i32* %p
  store i32 1, i32* %q  ; DEAD
  tail call void @g(i32* byval %p)
  store i32 2, i32* %q
  call void @escape(i32* %q)
  ret void
}
hfinkel accepted this revision.Aug 13 2018, 5:42 PM
In D50679#1198248, @rnk wrote:
In D50679#1198237, @hfinkel wrote:

The DSE test is fine, and I think that you should keep it, but can you please add a direct AA test (like, e.g., test/Analysis/BasicAA/cs-cs.ll)?

Should we just always return ModRefInfo::Ref in this case? It can read the data (to copy it), but can't write, correct?

I thought about that, but I think the code below this check is usually more precise in these cases. It tests if the alloca isNonEscapingLocalObject and then looks at each argument to see if it is actually used by the call. For local objects that *are* escaping, we could return ModRefInfo::Ref. Basically, we already get this test case:

define void @dead(i32* byval %x) {
entry:
  %p = alloca i32
  %q = alloca i32
  %v = load i32, i32* %x
  store i32 %v, i32* %p
  store i32 1, i32* %q  ; DEAD
  tail call void @g(i32* byval %p)
  store i32 2, i32* %q
  call void @escape(i32* %q)
  ret void
}

Ah. Good point.

Please add a direct AA test case. Otherwise, LGTM.

This revision is now accepted and ready to land.Aug 13 2018, 5:42 PM
rnk updated this revision to Diff 160499.Aug 13 2018, 6:12 PM
  • add tests, make it ref only
rnk updated this revision to Diff 160500.Aug 13 2018, 6:16 PM
  • nevermind, be precise
rnk added a comment.Aug 13 2018, 6:18 PM
In D50679#1198255, @hfinkel wrote:

Ah. Good point.

Please add a direct AA test case. Otherwise, LGTM.

The BasicAA test case revealed that CallSite::onlyReadsMemory doesn't check for byval, but it probably could. That's probably a big change that should be committed separately. I added the test with a FIXME that we should treat byval call arg uses as readonly.

Closed by commit rL339636: [BasicAA] Don't assume tail calls with byval don't alias allocas (authored by rnk). · Explain WhyAug 13 2018, 6:25 PM
This revision was automatically updated to reflect the committed changes.
rob.lougher mentioned this in D52895: [TailCallElim] Enable marking of calls with byval as tails.Oct 4 2018, 10:54 AM

Revision Contents

PathSize
llvm/
trunk/
lib/
Analysis/
13 lines
test/
Analysis/
BasicAA/
15 lines
Transforms/
DeadStoreElimination/
23 lines

Diff 160502

llvm/trunk/lib/Analysis/BasicAliasAnalysis.cpp

Show First 20 LinesShow All 795 Lines▼ Show 20 Lines
/// analysis on local objects. /// analysis on local objects.
ModRefInfo BasicAAResult::getModRefInfo(ImmutableCallSite CS, ModRefInfo BasicAAResult::getModRefInfo(ImmutableCallSite CS,
const MemoryLocation &Loc) { const MemoryLocation &Loc) {
assert(notDifferentParent(CS.getInstruction(), Loc.Ptr) && assert(notDifferentParent(CS.getInstruction(), Loc.Ptr) &&
"AliasAnalysis query involving multiple functions!"); "AliasAnalysis query involving multiple functions!");
const Value *Object = GetUnderlyingObject(Loc.Ptr, DL); const Value *Object = GetUnderlyingObject(Loc.Ptr, DL);
// If this is a tail call and Loc.Ptr points to a stack location, we know that // Calls marked 'tail' cannot read or write allocas from the current frame
// the tail call cannot access or modify the local stack. // because the current frame might be destroyed by the time they run. However,
// We cannot exclude byval arguments here; these belong to the caller of // a tail call may use an alloca with byval. Calling with byval copies the
// the current function not to the current function, and a tail callee // contents of the alloca into argument registers or stack slots, so there is
// may reference them. // no lifetime issue.
if (isa<AllocaInst>(Object)) if (isa<AllocaInst>(Object))
if (const CallInst *CI = dyn_cast<CallInst>(CS.getInstruction())) if (const CallInst *CI = dyn_cast<CallInst>(CS.getInstruction()))
if (CI->isTailCall()) if (CI->isTailCall() &&
!CI->getAttributes().hasAttrSomewhere(Attribute::ByVal))
return ModRefInfo::NoModRef; return ModRefInfo::NoModRef;
// If the pointer is to a locally allocated object that does not escape, // If the pointer is to a locally allocated object that does not escape,
// then the call can not mod/ref the pointer unless the call takes the pointer // then the call can not mod/ref the pointer unless the call takes the pointer
// as an argument, and itself doesn't capture it. // as an argument, and itself doesn't capture it.
if (!isa<Constant>(Object) && CS.getInstruction() != Object && if (!isa<Constant>(Object) && CS.getInstruction() != Object &&
isNonEscapingLocalObject(Object)) { isNonEscapingLocalObject(Object)) {
▲ Show 20 LinesShow All 1,154 LinesShow Last 20 Lines

llvm/trunk/test/Analysis/BasicAA/tail-byval.ll

; RUN: opt -basicaa -aa-eval -print-all-alias-modref-info -disable-output < %s 2>&1 | FileCheck %s
declare void @takebyval(i32* byval %p)
define i32 @tailbyval() {
entry:
%p = alloca i32
store i32 42, i32* %p
tail call void @takebyval(i32* byval %p)
%rv = load i32, i32* %p
ret i32 %rv
}
; FIXME: This should be Just Ref.
; CHECK-LABEL: Function: tailbyval: 1 pointers, 1 call sites
; CHECK-NEXT: Both ModRef: Ptr: i32* %p <-> tail call void @takebyval(i32* byval %p)

llvm/trunk/test/Transforms/DeadStoreElimination/tail-byval.ll

; RUN: opt -dse -S < %s | FileCheck %s
; Don't eliminate stores to allocas before tail calls to functions that use
; byval. It's correct to mark calls like these as 'tail'. To implement this tail
; call, the backend should copy the bytes from the alloca into the argument area
; before clearing the stack.
target datalayout = "e-m:e-p:32:32-f64:32:64-f80:32-n8:16:32-S128"
target triple = "i386-unknown-linux-gnu"
declare void @g(i32* byval %p)
define void @f(i32* byval %x) {
entry:
%p = alloca i32
%v = load i32, i32* %x
store i32 %v, i32* %p
tail call void @g(i32* byval %p)
ret void
}
; CHECK-LABEL: define void @f(i32* byval %x)
; CHECK: store i32 %v, i32* %p
; CHECK: tail call void @g(i32* byval %p)