This is an archive of the discontinued LLVM Phabricator instance.

Differential D51596

Fix bug in MachineInstr::hasPropertyInBundle
ClosedPublic

Authored by mikael on Sep 3 2018, 7:50 AM.

Details

Reviewers
spatel
craig.topper
MatzeB
mcberg2017
bjope
Commits
rGabe3295cbdf7: Fix argument type in MachineInstr::hasPropertyInBundle
rL341536: Fix argument type in MachineInstr::hasPropertyInBundle
Summary

The MCID::Flag enumeration now has more than 32 items, this means that
the hasPropertyBundle argument 'Mask' can overflow.

This patch changes the argument to be 64 bits instead.

Diff Detail

Event Timeline

mikael created this revision.Sep 3 2018, 7:50 AM
Herald added a subscriber: llvm-commits. · View Herald TranscriptSep 3 2018, 7:50 AM
svenvh added a subscriber: svenvh.Sep 3 2018, 7:52 AM
spatel added reviewers: craig.topper, MatzeB, mcberg2017.EditedSep 3 2018, 8:36 AM

I don't have much experience with this code, so adding more potential reviewers.
It should be possible to show the failure with a test if we're overflowing?

mikael added a comment.Sep 3 2018, 11:20 PM

I'm not sure it can be reproduced in an in-tree target. But it is easy to give you an example when this happens:

You would need a target that uses bundle instructions and uses one of the flags 'Convergent', 'Trap' or 'Add'. If you call e.g MachineInstr.h:isConvergent on bundles the issue occurs.

Following the code path for isConvergent leads us to the following code snippet:

// MCFlag == 32 because Convergent == 32
return hasPropertyInBundle(1ULL << MCFlag, Type);

The resulting value of the shift does not fit in the 'Mask' argument.

bjope added a subscriber: bjope.Sep 4 2018, 2:58 AM

It seems reasonable to match the type of llvm::MCInstrDesc::getFlags() which is uint64_t nowadays. The hasPropertyInBundle method is private to MachineInstr, and afaict only used from MachineInstr::hasProperty. This is kind of a no-brainer to me, and I think we do not need a regression test here.

Although, one idea is to add an assert that MCFlag<64 in MachineInstr::hasProperty.
Another idea could be to add an assert that "Mask != 0" in MachineInstr::hasPropertyInBundle.
And maybe we should have a static (compile time) assert somewhere that the highest value in MCID::Flag is less than 64.

So I think this patch looks good as-is. But feel free to for example add the assert on MCFlag<64 in MachineInstr::hasProperty. I assume that could have helped in detecting this fault?

A small NIT on the first line in the commit message is that it usually is written in "imperative mood" (see https://chris.beams.io/posts/git-commit/#imperative). I don't say that it is mentioned in the dev policy (https://llvm.org/docs/DeveloperPolicy.html#commit-messages) but I think it is common practice.

bjope accepted this revision.Sep 4 2018, 2:58 AM
This revision is now accepted and ready to land.Sep 4 2018, 2:58 AM
mikael updated this revision to Diff 163794.Sep 4 2018, 6:08 AM
mikael retitled this revision from Fixed bug in MachineInstr::hasPropertyInBundle to Fix bug in MachineInstr::hasPropertyInBundle.

Updated the patch to include suggestions from @bjope

bjope added inline comments.Sep 4 2018, 6:16 AM
include/llvm/CodeGen/MachineInstr.h
587

Asserts should include an error message (see https://llvm.org/docs/CodingStandards.html#assert-liberally).

I think that something like this

`assert(MCFlag < 64 && "MCFlag out of range for bit mask in getFlags/hasPropertyInBundle.");`

also would explain why we require the value to be below 64.

mikael updated this revision to Diff 163814.Sep 4 2018, 7:33 AM
mikael edited the summary of this revision. (Show Details)

Added the suggested assertion comment.

mikael added a comment.Sep 5 2018, 11:15 PM

@bjope, are you happy with the last diff?

bjope accepted this revision.Sep 5 2018, 11:24 PM
In D51596#1225577, @mikael wrote:

@bjope, are you happy with the last diff?

Yes, LGTM.

Do you have commit access, or do you need help with landing this?

mikael added a comment.Sep 6 2018, 12:29 AM

I don't have commit access yet, I would like to have it at some point, but for now I'd be happy if someone could push it for me.

svenvh added a comment.Sep 6 2018, 1:18 AM

Sure, I'll push it.

Closed by commit rL341536: Fix argument type in MachineInstr::hasPropertyInBundle (authored by svenvh). · Explain WhySep 6 2018, 3:27 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
include/
llvm/
CodeGen/
2 lines
lib/
CodeGen/
2 lines

Diff 163718

include/llvm/CodeGen/MachineInstr.h

Show First 20 LinesShow All 578 Lines▼ Show 20 Linespublic:
}; };
/// Return true if the instruction (or in the case of a bundle, /// Return true if the instruction (or in the case of a bundle,
/// the instructions inside the bundle) has the specified property. /// the instructions inside the bundle) has the specified property.
/// The first argument is the property being queried. /// The first argument is the property being queried.
/// The second argument indicates whether the query should look inside /// The second argument indicates whether the query should look inside
/// instruction bundles. /// instruction bundles.
bool hasProperty(unsigned MCFlag, QueryType Type = AnyInBundle) const { bool hasProperty(unsigned MCFlag, QueryType Type = AnyInBundle) const {
// Inline the fast path for unbundled or bundle-internal instructions. // Inline the fast path for unbundled or bundle-internal instructions.
bjopeUnsubmitted
Not Done
ReplyInline Actions

Asserts should include an error message (see https://llvm.org/docs/CodingStandards.html#assert-liberally).

I think that something like this

`assert(MCFlag < 64 && "MCFlag out of range for bit mask in getFlags/hasPropertyInBundle.");`

also would explain why we require the value to be below 64.

bjope: Asserts should include an error message (see https://llvm.org/docs/CodingStandards.html#assert…
if (Type == IgnoreBundle || !isBundled() || isBundledWithPred()) if (Type == IgnoreBundle || !isBundled() || isBundledWithPred())
return getDesc().getFlags() & (1ULL << MCFlag); return getDesc().getFlags() & (1ULL << MCFlag);
// If this is the first instruction in a bundle, take the slow path. // If this is the first instruction in a bundle, take the slow path.
return hasPropertyInBundle(1ULL << MCFlag, Type); return hasPropertyInBundle(1ULL << MCFlag, Type);
} }
/// Return true if this instruction can have a variable number of operands. /// Return true if this instruction can have a variable number of operands.
▲ Show 20 LinesShow All 949 Lines▼ Show 20 Linesprivate:
void RemoveRegOperandsFromUseLists(MachineRegisterInfo&); void RemoveRegOperandsFromUseLists(MachineRegisterInfo&);
/// Add all of the register operands in this instruction from their /// Add all of the register operands in this instruction from their
/// respective use lists. This requires that the operands not be on their /// respective use lists. This requires that the operands not be on their
/// use lists yet. /// use lists yet.
void AddRegOperandsToUseLists(MachineRegisterInfo&); void AddRegOperandsToUseLists(MachineRegisterInfo&);
/// Slow path for hasProperty when we're dealing with a bundle. /// Slow path for hasProperty when we're dealing with a bundle.
bool hasPropertyInBundle(unsigned Mask, QueryType Type) const; bool hasPropertyInBundle(uint64_t Mask, QueryType Type) const;
/// Implements the logic of getRegClassConstraintEffectForVReg for the /// Implements the logic of getRegClassConstraintEffectForVReg for the
/// this MI and the given operand index \p OpIdx. /// this MI and the given operand index \p OpIdx.
/// If the related operand does not constrained Reg, this returns CurRC. /// If the related operand does not constrained Reg, this returns CurRC.
const TargetRegisterClass *getRegClassConstraintEffectForVRegImpl( const TargetRegisterClass *getRegClassConstraintEffectForVRegImpl(
unsigned OpIdx, unsigned Reg, const TargetRegisterClass *CurRC, unsigned OpIdx, unsigned Reg, const TargetRegisterClass *CurRC,
const TargetInstrInfo *TII, const TargetRegisterInfo *TRI) const; const TargetInstrInfo *TII, const TargetRegisterInfo *TRI) const;
}; };
Show All 36 Lines

lib/CodeGen/MachineInstr.cpp

Show First 20 LinesShow All 511 Lines▼ Show 20 Lines
} }
uint16_t MachineInstr::mergeFlagsWith(const MachineInstr &Other) const { uint16_t MachineInstr::mergeFlagsWith(const MachineInstr &Other) const {
// For now, the just return the union of the flags. If the flags get more // For now, the just return the union of the flags. If the flags get more
// complicated over time, we might need more logic here. // complicated over time, we might need more logic here.
return getFlags() | Other.getFlags(); return getFlags() | Other.getFlags();
} }
bool MachineInstr::hasPropertyInBundle(unsigned Mask, QueryType Type) const { bool MachineInstr::hasPropertyInBundle(uint64_t Mask, QueryType Type) const {
assert(!isBundledWithPred() && "Must be called on bundle header"); assert(!isBundledWithPred() && "Must be called on bundle header");
for (MachineBasicBlock::const_instr_iterator MII = getIterator();; ++MII) { for (MachineBasicBlock::const_instr_iterator MII = getIterator();; ++MII) {
if (MII->getDesc().getFlags() & Mask) { if (MII->getDesc().getFlags() & Mask) {
if (Type == AnyInBundle) if (Type == AnyInBundle)
return true; return true;
} else { } else {
if (Type == AllInBundle && !MII->isBundle()) if (Type == AllInBundle && !MII->isBundle())
return false; return false;
▲ Show 20 LinesShow All 1,522 LinesShow Last 20 Lines