This is an archive of the discontinued LLVM Phabricator instance.

Differential D70511

[BPF] Fix a bug in peephole optimization
ClosedPublic

Authored by yonghong-song on Nov 20 2019, 2:17 PM.

Details

Reviewers
ast
Summary

One of current peephole optimiations is to remove SLL/SRL if
the sub register has been zero extended. This phase has two bugs
and one limitations.

First, for the physical subregister used in pseudo insn COPY
like below, it permits incorrect optimization.

%0:gpr32 = COPY $w0 
... 
%4:gpr = MOV_32_64 %0:gpr32
%5:gpr = SLL_ri %4:gpr(tied-def 0), 32
%6:gpr = SRA_ri %5:gpr(tied-def 0), 32

The $w0 could be from the return value of a previous function call
and its upper 32-bit value might contain some non-zero values.
The same applies to function arguments.

Second, the current code may permits removing SLL/SRA like below:

%0:gpr32 = COPY $w0 
%1:gpr32 = COPY %0:gpr32
... 
%4:gpr = MOV_32_64 %1:gpr32
%5:gpr = SLL_ri %4:gpr(tied-def 0), 32
%6:gpr = SRA_ri %5:gpr(tied-def 0), 32

The reason is that it did not follow def-use chain to skip all
intermediate 32bit-to-32bit COPY instructions.

The current implementation is also very conservative for PHI
instructions. If any PHI insn component is another PHI or COPY insn,
it will just permit SLL/SRA.

This patch fixed the issue as follows:

  • During def/use chain traversal, if any physical register is read, SLL/SRA will be preserved as these physical registers are mostly from function return values or current function arguments.
  • Recursively visit all COPY and PHI instructions.

Diff Detail

Event Timeline

yonghong-song created this revision.Nov 20 2019, 2:17 PM
Herald added a project: Restricted Project. · View Herald TranscriptNov 20 2019, 2:17 PM
Herald added subscribers: llvm-commits, hiraditya. · View Herald Transcript
ast accepted this revision.Nov 20 2019, 2:28 PM
This revision is now accepted and ready to land.Nov 20 2019, 2:28 PM
tstellar added a subscriber: tstellar.Nov 20 2019, 2:45 PM

Should we backport this to the release/9.x branch?

yonghong-song added a comment.Nov 20 2019, 3:09 PM

@tstellar
About the impact of this bug:

  • to trigger the bug, the additional additional -mattr=+alu32 is needed.
  • with this bug, the program is most likely to be rejected by kernel verifier (based on what we know), so people likely just not using -mattr=+alu32 to make kernel verifier happy

That said, it would be still good to backport the change to 9.0.x if possible.

I just tried to cherry-pick to llvm monorepo release/9.x branch. There is a minor cherry-pick conflict as the
same file has been modified in 10.0.0. Let me know if you want me to do the work to prepare the patch.

yonghong-song closed this revision.Nov 20 2019, 3:25 PM

The patch is merged. Sorry I forgot to add the link to the patch.

Revision Contents

Diff 230332

llvm/lib/Target/BPF/BPFMIPeephole.cpp

Show First 20 LinesShow All 45 Lines▼ Show 20 Linesstruct BPFMIPeephole : public MachineFunctionPass {
BPFMIPeephole() : MachineFunctionPass(ID) { BPFMIPeephole() : MachineFunctionPass(ID) {
initializeBPFMIPeepholePass(*PassRegistry::getPassRegistry()); initializeBPFMIPeepholePass(*PassRegistry::getPassRegistry());
} }
private: private:
// Initialize class variables. // Initialize class variables.
void initialize(MachineFunction &MFParm); void initialize(MachineFunction &MFParm);
bool isCopyFrom32Def(MachineInstr *CopyMI);
bool isInsnFrom32Def(MachineInstr *DefInsn);
bool isPhiFrom32Def(MachineInstr *MovMI);
bool isMovFrom32Def(MachineInstr *MovMI); bool isMovFrom32Def(MachineInstr *MovMI);
bool eliminateZExtSeq(void); bool eliminateZExtSeq(void);
public: public:
// Main entry point for this pass. // Main entry point for this pass.
bool runOnMachineFunction(MachineFunction &MF) override { bool runOnMachineFunction(MachineFunction &MF) override {
if (skipFunction(MF.getFunction())) if (skipFunction(MF.getFunction()))
return false; return false;
initialize(MF); initialize(MF);
return eliminateZExtSeq(); return eliminateZExtSeq();
} }
}; };
// Initialize class variables. // Initialize class variables.
void BPFMIPeephole::initialize(MachineFunction &MFParm) { void BPFMIPeephole::initialize(MachineFunction &MFParm) {
MF = &MFParm; MF = &MFParm;
MRI = &MF->getRegInfo(); MRI = &MF->getRegInfo();
TII = MF->getSubtarget<BPFSubtarget>().getInstrInfo(); TII = MF->getSubtarget<BPFSubtarget>().getInstrInfo();
LLVM_DEBUG(dbgs() << "*** BPF MachineSSA ZEXT Elim peephole pass ***\n\n"); LLVM_DEBUG(dbgs() << "*** BPF MachineSSA ZEXT Elim peephole pass ***\n\n");
} }
bool BPFMIPeephole::isMovFrom32Def(MachineInstr *MovMI) bool BPFMIPeephole::isCopyFrom32Def(MachineInstr *CopyMI)
{ {
MachineInstr *DefInsn = MRI->getVRegDef(MovMI->getOperand(1).getReg()); MachineOperand &opnd = CopyMI->getOperand(1);
LLVM_DEBUG(dbgs() << " Def of Mov Src:"); if (!opnd.isReg())
LLVM_DEBUG(DefInsn->dump()); return false;
if (!DefInsn) // Return false if getting value from a 32bit physical register.
// Most likely, this physical register is aliased to
// function call return value or current function parameters.
Register Reg = opnd.getReg();
if (!Register::isVirtualRegister(Reg))
return false; return false;
if (DefInsn->isPHI()) { if (MRI->getRegClass(Reg) == &BPF::GPRRegClass)
for (unsigned i = 1, e = DefInsn->getNumOperands(); i < e; i += 2) { return false;
MachineOperand &opnd = DefInsn->getOperand(i);
MachineInstr *DefInsn = MRI->getVRegDef(Reg);
if (!isInsnFrom32Def(DefInsn))
return false;
return true;
}
bool BPFMIPeephole::isPhiFrom32Def(MachineInstr *PhiMI)
{
for (unsigned i = 1, e = PhiMI->getNumOperands(); i < e; i += 2) {
MachineOperand &opnd = PhiMI->getOperand(i);
if (!opnd.isReg()) if (!opnd.isReg())
return false; return false;
MachineInstr *PhiDef = MRI->getVRegDef(opnd.getReg()); MachineInstr *PhiDef = MRI->getVRegDef(opnd.getReg());
// quick check on PHI incoming definitions. if (!PhiDef)
if (!PhiDef || PhiDef->isPHI() || PhiDef->getOpcode() == BPF::COPY) return false;
if (PhiDef->isPHI() && !isPhiFrom32Def(PhiDef))
return false;
if (PhiDef->getOpcode() == BPF::COPY && !isCopyFrom32Def(PhiDef))
return false; return false;
}
} }
if (DefInsn->getOpcode() == BPF::COPY) { return true;
MachineOperand &opnd = DefInsn->getOperand(1); }
if (!opnd.isReg()) // The \p DefInsn instruction defines a virtual register.
bool BPFMIPeephole::isInsnFrom32Def(MachineInstr *DefInsn)
{
if (!DefInsn)
return false; return false;
Register Reg = opnd.getReg(); if (DefInsn->isPHI()) {
if ((Register::isVirtualRegister(Reg) && if (!isPhiFrom32Def(DefInsn))
MRI->getRegClass(Reg) == &BPF::GPRRegClass)) return false;
} else if (DefInsn->getOpcode() == BPF::COPY) {
if (!isCopyFrom32Def(DefInsn))
return false; return false;
} }
return true;
}
bool BPFMIPeephole::isMovFrom32Def(MachineInstr *MovMI)
{
MachineInstr *DefInsn = MRI->getVRegDef(MovMI->getOperand(1).getReg());
LLVM_DEBUG(dbgs() << " Def of Mov Src:");
LLVM_DEBUG(DefInsn->dump());
if (!isInsnFrom32Def(DefInsn))
return false;
LLVM_DEBUG(dbgs() << " One ZExt elim sequence identified.\n"); LLVM_DEBUG(dbgs() << " One ZExt elim sequence identified.\n");
return true; return true;
} }
bool BPFMIPeephole::eliminateZExtSeq(void) { bool BPFMIPeephole::eliminateZExtSeq(void) {
MachineInstr* ToErase = nullptr; MachineInstr* ToErase = nullptr;
bool Eliminated = false; bool Eliminated = false;
▲ Show 20 LinesShow All 342 LinesShow Last 20 Lines

llvm/test/CodeGen/BPF/32-bit-subreg-cond-select.ll

Show First 20 LinesShow All 49 Lines▼ Show 20 Lines
; Function Attrs: norecurse nounwind readnone ; Function Attrs: norecurse nounwind readnone
define dso_local i32 @select_cc_32(i32 %a, i32 %b, i32 %c, i32 %d) local_unnamed_addr #0 { define dso_local i32 @select_cc_32(i32 %a, i32 %b, i32 %c, i32 %d) local_unnamed_addr #0 {
entry: entry:
%cmp = icmp ugt i32 %a, %b %cmp = icmp ugt i32 %a, %b
%c.d = select i1 %cmp, i32 %c, i32 %d %c.d = select i1 %cmp, i32 %c, i32 %d
ret i32 %c.d ret i32 %c.d
} }
; CHECK-LABEL: select_cc_32
; CHECK: r{{[0-9]+}} <<= 32
; CHECK-NEXT: r{{[0-9]+}} >>= 32
; Function Attrs: norecurse nounwind readnone ; Function Attrs: norecurse nounwind readnone
define dso_local i64 @select_cc_32_64(i32 %a, i32 %b, i64 %c, i64 %d) local_unnamed_addr #0 { define dso_local i64 @select_cc_32_64(i32 %a, i32 %b, i64 %c, i64 %d) local_unnamed_addr #0 {
entry: entry:
%cmp = icmp ugt i32 %a, %b %cmp = icmp ugt i32 %a, %b
%c.d = select i1 %cmp, i64 %c, i64 %d %c.d = select i1 %cmp, i64 %c, i64 %d
ret i64 %c.d ret i64 %c.d
} }
; CHECK-LABEL: select_cc_32_64
; CHECK: r{{[0-9]+}} <<= 32
; CHECK-NEXT: r{{[0-9]+}} >>= 32
; Function Attrs: norecurse nounwind readnone ; Function Attrs: norecurse nounwind readnone
define dso_local i32 @select_cc_64_32(i64 %a, i64 %b, i32 %c, i32 %d) local_unnamed_addr #0 { define dso_local i32 @select_cc_64_32(i64 %a, i64 %b, i32 %c, i32 %d) local_unnamed_addr #0 {
entry: entry:
%cmp = icmp sgt i64 %a, %b %cmp = icmp sgt i64 %a, %b
%c.d = select i1 %cmp, i32 %c, i32 %d %c.d = select i1 %cmp, i32 %c, i32 %d
ret i32 %c.d ret i32 %c.d
} }
; CHECK-LABEL: select_cc_64_32
; CHECK-NOT: r{{[0-9]+}} <<= 32
; Function Attrs: norecurse nounwind readnone ; Function Attrs: norecurse nounwind readnone
define dso_local i32 @selecti_cc_32(i32 %a, i32 %c, i32 %d) local_unnamed_addr #0 { define dso_local i32 @selecti_cc_32(i32 %a, i32 %c, i32 %d) local_unnamed_addr #0 {
entry: entry:
%cmp = icmp ugt i32 %a, 10 %cmp = icmp ugt i32 %a, 10
%c.d = select i1 %cmp, i32 %c, i32 %d %c.d = select i1 %cmp, i32 %c, i32 %d
ret i32 %c.d ret i32 %c.d
} }
; CHECK-LABEL: selecti_cc_32
; CHECK: r{{[0-9]+}} <<= 32
; CHECK-NEXT: r{{[0-9]+}} >>= 32
; Function Attrs: norecurse nounwind readnone ; Function Attrs: norecurse nounwind readnone
define dso_local i64 @selecti_cc_32_64(i32 %a, i64 %c, i64 %d) local_unnamed_addr #0 { define dso_local i64 @selecti_cc_32_64(i32 %a, i64 %c, i64 %d) local_unnamed_addr #0 {
entry: entry:
%cmp = icmp ugt i32 %a, 11 %cmp = icmp ugt i32 %a, 11
%c.d = select i1 %cmp, i64 %c, i64 %d %c.d = select i1 %cmp, i64 %c, i64 %d
ret i64 %c.d ret i64 %c.d
} }
; CHECK-LABEL: selecti_cc_32_64
; CHECK: r{{[0-9]+}} <<= 32
; CHECK-NEXT: r{{[0-9]+}} >>= 32
; Function Attrs: norecurse nounwind readnone ; Function Attrs: norecurse nounwind readnone
define dso_local i32 @selecti_cc_64_32(i64 %a, i32 %c, i32 %d) local_unnamed_addr #0 { define dso_local i32 @selecti_cc_64_32(i64 %a, i32 %c, i32 %d) local_unnamed_addr #0 {
entry: entry:
%cmp = icmp sgt i64 %a, 12 %cmp = icmp sgt i64 %a, 12
%c.d = select i1 %cmp, i32 %c, i32 %d %c.d = select i1 %cmp, i32 %c, i32 %d
ret i32 %c.d ret i32 %c.d
} }
; There shouldn't be any type promotion, all of them are expected to be ; CHECK-LABEL: selecti_cc_64_32
; eliminated by peephole optimization.
; CHECK-NOT: r{{[0-9]+}} <<= 32 ; CHECK-NOT: r{{[0-9]+}} <<= 32

llvm/test/CodeGen/BPF/32-bit-subreg-peephole-phi-1.ll

  • This file was added.
; RUN: llc -O2 -march=bpfel -mcpu=v2 -mattr=+alu32 < %s | FileCheck %s
;
; For the below test case, 'b' in 'ret == b' needs SLL/SLR.
; 'ret' in 'ret == b' does not need SLL/SLR as all 'ret' values
; are assigned through 'w<reg> = <value>' alu32 operations.
;
; extern int helper(int);
; int test(int a, int b, int c, int d) {
; int ret;
; if (a < b)
; ret = (c < d) ? -1 : 0;
; else
; ret = (c < a) ? 1 : 2;
; return helper(ret == b);
; }
define dso_local i32 @test(i32 %a, i32 %b, i32 %c, i32 %d) local_unnamed_addr {
entry:
%cmp = icmp slt i32 %a, %b
%cmp1 = icmp slt i32 %c, %d
%cond = sext i1 %cmp1 to i32
%cmp2 = icmp slt i32 %c, %a
%cond3 = select i1 %cmp2, i32 1, i32 2
%ret.0 = select i1 %cmp, i32 %cond, i32 %cond3
%cmp4 = icmp eq i32 %ret.0, %b
%conv = zext i1 %cmp4 to i32
%call = tail call i32 @helper(i32 %conv)
ret i32 %call
}
; CHECK: r{{[0-9]+}} >>= 32
; CHECK-NOT: r{{[0-9]+}} >>= 32
; CHECK: if r{{[0-9]+}} == r{{[0-9]+}} goto
declare dso_local i32 @helper(i32) local_unnamed_addr

llvm/test/CodeGen/BPF/32-bit-subreg-peephole-phi-2.ll

  • This file was added.
; RUN: llc -O2 -march=bpfel -mcpu=v2 -mattr=+alu32 < %s | FileCheck %s
;
; For the below test case, both 'ret' and 'b' at 'ret == b'
; need SLL/SLR. For 'ret', 'ret = a' may receive the value
; from argument with high 32-bit invalid data.
;
; extern int helper(int);
; int test(int a, int b, int c, int d) {
; int ret;
; if (a < b)
; ret = (c < d) ? a : 0;
; else
; ret = (c < a) ? 1 : 2;
; return helper(ret == b);
; }
define dso_local i32 @test(i32 %a, i32 %b, i32 %c, i32 %d) local_unnamed_addr {
entry:
%cmp = icmp slt i32 %a, %b
%cmp1 = icmp slt i32 %c, %d
%cond = select i1 %cmp1, i32 %a, i32 0
%cmp2 = icmp slt i32 %c, %a
%cond3 = select i1 %cmp2, i32 1, i32 2
%ret.0 = select i1 %cmp, i32 %cond, i32 %cond3
%cmp4 = icmp eq i32 %ret.0, %b
%conv = zext i1 %cmp4 to i32
%call = tail call i32 @helper(i32 %conv)
ret i32 %call
}
; CHECK: r{{[0-9]+}} >>= 32
; CHECK: r{{[0-9]+}} >>= 32
; CHECK: if r{{[0-9]+}} == r{{[0-9]+}} goto
declare dso_local i32 @helper(i32) local_unnamed_addr

llvm/test/CodeGen/BPF/32-bit-subreg-peephole.ll

Show First 20 LinesShow All 41 Lines▼ Show 20 Lines
; } ; }
; Function Attrs: norecurse nounwind readnone ; Function Attrs: norecurse nounwind readnone
define dso_local i64 @select_u(i32 %a, i32 %b, i64 %c, i64 %d) local_unnamed_addr #0 { define dso_local i64 @select_u(i32 %a, i32 %b, i64 %c, i64 %d) local_unnamed_addr #0 {
; CHECK-LABEL: select_u: ; CHECK-LABEL: select_u:
entry: entry:
%cmp = icmp ugt i32 %a, %b %cmp = icmp ugt i32 %a, %b
%c.d = select i1 %cmp, i64 %c, i64 %d %c.d = select i1 %cmp, i64 %c, i64 %d
; CHECK-NOT: r{{[0-9]+}} <<= 32 ; CHECK: r{{[0-9]+}} <<= 32
; CHECK-NOT: r{{[0-9]+}} >>= 32 ; CHECK-NEXT: r{{[0-9]+}} >>= 32
; CHECK: if r{{[0-9]+}} {{<|>}} r{{[0-9]+}} goto ; CHECK: if r{{[0-9]+}} {{<|>}} r{{[0-9]+}} goto
ret i64 %c.d ret i64 %c.d
} }
; Function Attrs: norecurse nounwind readnone ; Function Attrs: norecurse nounwind readnone
define dso_local i64 @select_u_2(i32 %a, i64 %b, i64 %c, i64 %d) local_unnamed_addr #0 { define dso_local i64 @select_u_2(i32 %a, i64 %b, i64 %c, i64 %d) local_unnamed_addr #0 {
; CHECK-LABEL: select_u_2: ; CHECK-LABEL: select_u_2:
entry: entry:
%conv = zext i32 %a to i64 %conv = zext i32 %a to i64
; CHECK-NOT: r{{[0-9]+}} <<= 32 ; CHECK: r{{[0-9]+}} <<= 32
; CHECK-NOT: r{{[0-9]+}} >>= 32 ; CHECK-NEXT: r{{[0-9]+}} >>= 32
%cmp = icmp ugt i64 %conv, %b %cmp = icmp ugt i64 %conv, %b
%c.d = select i1 %cmp, i64 %c, i64 %d %c.d = select i1 %cmp, i64 %c, i64 %d
ret i64 %c.d ret i64 %c.d
} }
; Function Attrs: norecurse nounwind readnone ; Function Attrs: norecurse nounwind readnone
define dso_local i64 @select_s(i32 %a, i32 %b, i64 %c, i64 %d) local_unnamed_addr #0 { define dso_local i64 @select_s(i32 %a, i32 %b, i64 %c, i64 %d) local_unnamed_addr #0 {
; CHECK-LABEL: select_s: ; CHECK-LABEL: select_s:
Show All 24 Lines
declare dso_local i64 @bar(...) local_unnamed_addr #1 declare dso_local i64 @bar(...) local_unnamed_addr #1
; Function Attrs: norecurse nounwind readnone ; Function Attrs: norecurse nounwind readnone
define dso_local i32* @inc_p(i32* readnone %p, i32 %a) local_unnamed_addr #0 { define dso_local i32* @inc_p(i32* readnone %p, i32 %a) local_unnamed_addr #0 {
; CHECK-LABEL: inc_p: ; CHECK-LABEL: inc_p:
entry: entry:
%idx.ext = zext i32 %a to i64 %idx.ext = zext i32 %a to i64
; CHECK-NOT: r{{[0-9]+}} <<= 32 ; CHECK: r{{[0-9]+}} <<= 32
; CHECK-NOT: r{{[0-9]+}} >>= 32 ; CHECK-NEXT: r{{[0-9]+}} >>= 32
%add.ptr = getelementptr inbounds i32, i32* %p, i64 %idx.ext %add.ptr = getelementptr inbounds i32, i32* %p, i64 %idx.ext
ret i32* %add.ptr ret i32* %add.ptr
} }
define dso_local i32 @test() local_unnamed_addr {
; CHECK-LABEL: test:
entry:
%call = tail call i32 bitcast (i32 (...)* @helper to i32 ()*)()
%cmp = icmp sgt i32 %call, 6
; The shifts can't be optimized out because %call comes from function call
; return i32 so the high bits might be invalid.
; CHECK: r{{[0-9]+}} <<= 32
; CHECK-NEXT: r{{[0-9]+}} s>>= 32
%cond = zext i1 %cmp to i32
; CHECK: if r{{[0-9]+}} s{{<|>}} {{[0-9]+}} goto
ret i32 %cond
}
declare dso_local i32 @helper(...) local_unnamed_addr