This is an archive of the discontinued LLVM Phabricator instance.

Fix bug in MachineInstr::hasPropertyInBundle
ClosedPublic

Authored by mikael on Sep 3 2018, 7:50 AM.

Download Raw Diff

Details

Reviewers

spatel
craig.topper
MatzeB
mcberg2017
bjope

Commits

rGabe3295cbdf7: Fix argument type in MachineInstr::hasPropertyInBundle
rL341536: Fix argument type in MachineInstr::hasPropertyInBundle

Summary

The MCID::Flag enumeration now has more than 32 items, this means that
the hasPropertyBundle argument 'Mask' can overflow.

This patch changes the argument to be 64 bits instead.

Diff Detail

Repository: rL LLVM

Event Timeline

mikael created this revision.Sep 3 2018, 7:50 AM

Herald added a subscriber: llvm-commits. · View Herald TranscriptSep 3 2018, 7:50 AM

svenvh added a subscriber: svenvh.Sep 3 2018, 7:52 AM

I don't have much experience with this code, so adding more potential reviewers.
It should be possible to show the failure with a test if we're overflowing?

I'm not sure it can be reproduced in an in-tree target. But it is easy to give you an example when this happens:

You would need a target that uses bundle instructions and uses one of the flags 'Convergent', 'Trap' or 'Add'. If you call e.g MachineInstr.h:isConvergent on bundles the issue occurs.

Following the code path for isConvergent leads us to the following code snippet:

// MCFlag == 32 because Convergent == 32
return hasPropertyInBundle(1ULL << MCFlag, Type);

The resulting value of the shift does not fit in the 'Mask' argument.

It seems reasonable to match the type of llvm::MCInstrDesc::getFlags() which is uint64_t nowadays. The hasPropertyInBundle method is private to MachineInstr, and afaict only used from MachineInstr::hasProperty. This is kind of a no-brainer to me, and I think we do not need a regression test here.

Although, one idea is to add an assert that MCFlag<64 in MachineInstr::hasProperty.
Another idea could be to add an assert that "Mask != 0" in MachineInstr::hasPropertyInBundle.
And maybe we should have a static (compile time) assert somewhere that the highest value in MCID::Flag is less than 64.

So I think this patch looks good as-is. But feel free to for example add the assert on MCFlag<64 in MachineInstr::hasProperty. I assume that could have helped in detecting this fault?

A small NIT on the first line in the commit message is that it usually is written in "imperative mood" (see https://chris.beams.io/posts/git-commit/#imperative). I don't say that it is mentioned in the dev policy (https://llvm.org/docs/DeveloperPolicy.html#commit-messages) but I think it is common practice.

bjope accepted this revision.Sep 4 2018, 2:58 AM

This revision is now accepted and ready to land.Sep 4 2018, 2:58 AM

Updated the patch to include suggestions from @bjope

bjope added inline comments.Sep 4 2018, 6:16 AM

include/llvm/CodeGen/MachineInstr.h
587 ↗	(On Diff #163794)	Asserts should include an error message (see https://llvm.org/docs/CodingStandards.html#assert-liberally). I think that something like this `assert(MCFlag < 64 && "MCFlag out of range for bit mask in getFlags/hasPropertyInBundle.");` also would explain why we require the value to be below 64.

Added the suggested assertion comment.

@bjope, are you happy with the last diff?

In D51596#1225577, @mikael wrote:

@bjope, are you happy with the last diff?

Yes, LGTM.

Do you have commit access, or do you need help with landing this?

I don't have commit access yet, I would like to have it at some point, but for now I'd be happy if someone could push it for me.

Sure, I'll push it.

Closed by commit rL341536: Fix argument type in MachineInstr::hasPropertyInBundle (authored by svenvh). · Explain WhySep 6 2018, 3:27 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

llvm/

trunk/

include/

llvm/

CodeGen/

MachineInstr.h

4 lines

lib/

CodeGen/

MachineInstr.cpp

2 lines

Diff 164180

llvm/trunk/include/llvm/CodeGen/MachineInstr.h

Show First 20 Lines • Show All 578 Lines • ▼ Show 20 Lines	public:
};		};

/// Return true if the instruction (or in the case of a bundle,		/// Return true if the instruction (or in the case of a bundle,
/// the instructions inside the bundle) has the specified property.		/// the instructions inside the bundle) has the specified property.
/// The first argument is the property being queried.		/// The first argument is the property being queried.
/// The second argument indicates whether the query should look inside		/// The second argument indicates whether the query should look inside
/// instruction bundles.		/// instruction bundles.
bool hasProperty(unsigned MCFlag, QueryType Type = AnyInBundle) const {		bool hasProperty(unsigned MCFlag, QueryType Type = AnyInBundle) const {
		assert(MCFlag < 64 &&
		"MCFlag out of range for bit mask in getFlags/hasPropertyInBundle.");
// Inline the fast path for unbundled or bundle-internal instructions.		// Inline the fast path for unbundled or bundle-internal instructions.
if (Type == IgnoreBundle \|\| !isBundled() \|\| isBundledWithPred())		if (Type == IgnoreBundle \|\| !isBundled() \|\| isBundledWithPred())
return getDesc().getFlags() & (1ULL << MCFlag);		return getDesc().getFlags() & (1ULL << MCFlag);

// If this is the first instruction in a bundle, take the slow path.		// If this is the first instruction in a bundle, take the slow path.
return hasPropertyInBundle(1ULL << MCFlag, Type);		return hasPropertyInBundle(1ULL << MCFlag, Type);
}		}

▲ Show 20 Lines • Show All 950 Lines • ▼ Show 20 Lines	private:
void RemoveRegOperandsFromUseLists(MachineRegisterInfo&);		void RemoveRegOperandsFromUseLists(MachineRegisterInfo&);

/// Add all of the register operands in this instruction from their		/// Add all of the register operands in this instruction from their
/// respective use lists. This requires that the operands not be on their		/// respective use lists. This requires that the operands not be on their
/// use lists yet.		/// use lists yet.
void AddRegOperandsToUseLists(MachineRegisterInfo&);		void AddRegOperandsToUseLists(MachineRegisterInfo&);

/// Slow path for hasProperty when we're dealing with a bundle.		/// Slow path for hasProperty when we're dealing with a bundle.
bool hasPropertyInBundle(unsigned Mask, QueryType Type) const;		bool hasPropertyInBundle(uint64_t Mask, QueryType Type) const;

/// Implements the logic of getRegClassConstraintEffectForVReg for the		/// Implements the logic of getRegClassConstraintEffectForVReg for the
/// this MI and the given operand index \p OpIdx.		/// this MI and the given operand index \p OpIdx.
/// If the related operand does not constrained Reg, this returns CurRC.		/// If the related operand does not constrained Reg, this returns CurRC.
const TargetRegisterClass *getRegClassConstraintEffectForVRegImpl(		const TargetRegisterClass *getRegClassConstraintEffectForVRegImpl(
unsigned OpIdx, unsigned Reg, const TargetRegisterClass *CurRC,		unsigned OpIdx, unsigned Reg, const TargetRegisterClass *CurRC,
const TargetInstrInfo TII, const TargetRegisterInfo TRI) const;		const TargetInstrInfo TII, const TargetRegisterInfo TRI) const;
};		};
Show All 36 Lines

llvm/trunk/lib/CodeGen/MachineInstr.cpp

	Show First 20 Lines • Show All 511 Lines • ▼ Show 20 Lines
	}			}

	uint16_t MachineInstr::mergeFlagsWith(const MachineInstr &Other) const {			uint16_t MachineInstr::mergeFlagsWith(const MachineInstr &Other) const {
	// For now, the just return the union of the flags. If the flags get more			// For now, the just return the union of the flags. If the flags get more
	// complicated over time, we might need more logic here.			// complicated over time, we might need more logic here.
	return getFlags() \| Other.getFlags();			return getFlags() \| Other.getFlags();
	}			}

	bool MachineInstr::hasPropertyInBundle(unsigned Mask, QueryType Type) const {			bool MachineInstr::hasPropertyInBundle(uint64_t Mask, QueryType Type) const {
	assert(!isBundledWithPred() && "Must be called on bundle header");			assert(!isBundledWithPred() && "Must be called on bundle header");
	for (MachineBasicBlock::const_instr_iterator MII = getIterator();; ++MII) {			for (MachineBasicBlock::const_instr_iterator MII = getIterator();; ++MII) {
	if (MII->getDesc().getFlags() & Mask) {			if (MII->getDesc().getFlags() & Mask) {
	if (Type == AnyInBundle)			if (Type == AnyInBundle)
	return true;			return true;
	} else {			} else {
	if (Type == AllInBundle && !MII->isBundle())			if (Type == AllInBundle && !MII->isBundle())
	return false;			return false;
	▲ Show 20 Lines • Show All 1,522 Lines • Show Last 20 Lines