This is an archive of the discontinued LLVM Phabricator instance.

Differential D72469

SCC: Allow ReplaceNode to safely support insertion
ClosedPublic

Authored by wristow on Jan 9 2020, 11:22 AM.

Details

Reviewers
davide
dexonsmith
probinson
Commits
rGf7e9f4f4c502: SCC: Allow ReplaceNode to safely support insertion
Summary

If scc_iterator::ReplaceNode is inserting a new entry in the map,
rather than replacing an existing entry, the possibility of growing
the map could cause a failure. This change safely implements the
insertion.

Explanation/justification for this change:

This is a simple change of splitting the assignment in the following code:

  void ReplaceNode(NodeRef Old, NodeRef New) {
    assert(nodeVisitNumbers.count(Old) && "Old not in scc_iterator?");
    nodeVisitNumbers[New] = nodeVisitNumbers[Old];  // Split this assignment.
    nodeVisitNumbers.erase(Old);
}

into two steps:

auto tempVal = nodeVisitNumbers[Old];
nodeVisitNumbers[New] = tempVal;

so that the evaluation of the original RHS is guaranteed to be completed before we evaluate the LHS (since the assignment operator isn't a sequence-point). The problem is that if New is not in the map, then the evaluation of the original LHS may grow the map, which if the original RHS has been partially evaluated, may invalidate values computed during that partial evaluation. By splitting this into two statements, the original RHS is guaranteed to be safely evaluated before the possibility of growing the map while evaluating the original LHS "has a chance to invalidate" that computation.

We encountered this in a very large test-case, that resisted attempts at reducing it. So I'm proposing this without a test-case for it.

As an aside, in running tests, it seems that New is very rarely in the map. That is, this is almost always an insertion of New (followed by a removal of Old), rather than a replacement of a pre-existing New entry. Specifically, adding an assert verifying that New is not already in the map virtually never fails (it only triggered one time in the Unit and LIT tests, and it never triggered at all in my large test-case that exposed the bug being addressed here). So it seems that it is nearly always inserting (rather than replacing), and so often runs the risk of growing the map. That said, even when the map does grow, if the host compiler happens to generate code that wraps-up the evaluation of original RHS before the growth, or if the growth doesn't invalidate the old data of the pre-growth-map, the compilation will succeed. (FTR, we encountered this where the hosting environment used to build Clang was Microsoft Visual Studio 2017.)

Diff Detail

Event Timeline

wristow created this revision.Jan 9 2020, 11:22 AM
Herald added a project: Restricted Project. · View Herald TranscriptJan 9 2020, 11:22 AM
probinson accepted this revision.Jan 14 2020, 7:24 AM
probinson added a subscriber: probinson.

Seems to me we've needed to do this sort of tweak before, so LGTM.
Because it depends on the memory-management behavior of the map, it would be tricky to test with IR input. Would it be feasible to do something in llvm/unittests/ADT/SCCIteratorTest.cpp that could trigger this reliably? Can be done as a follow-up, as I know the branch is coming soon.

This revision is now accepted and ready to land.Jan 14 2020, 7:24 AM
Closed by commit rGf7e9f4f4c502: SCC: Allow ReplaceNode to safely support insertion (authored by wristow). · Explain WhyJan 14 2020, 10:33 AM
This revision was automatically updated to reflect the committed changes.
wristow added a comment.Jan 14 2020, 10:43 AM
In D72469#1819623, @probinson wrote:

Seems to me we've needed to do this sort of tweak before, so LGTM.
Because it depends on the memory-management behavior of the map, it would be tricky to test with IR input. Would it be feasible to do something in llvm/unittests/ADT/SCCIteratorTest.cpp that could trigger this reliably? Can be done as a follow-up, as I know the branch is coming soon.

Thanks for that @probinson. I'll look into the unittest approach.

wristow mentioned this in D72529: [SCCIterator] Fix use-after-free.Jan 14 2020, 11:12 PM
wristow mentioned this in D72550: [SCCIterator] Fix another potential use-after-free.Jan 14 2020, 11:51 PM

Revision Contents

PathSize
llvm/
include/
llvm/
ADT/
5 lines

Diff 238035

llvm/include/llvm/ADT/SCCIterator.h

Show First 20 LinesShow All 128 Lines▼ Show 20 Linespublic:
/// If the SCC has more than one node, this is trivially true. If not, it may /// If the SCC has more than one node, this is trivially true. If not, it may
/// still contain a loop if the node has an edge back to itself. /// still contain a loop if the node has an edge back to itself.
bool hasLoop() const; bool hasLoop() const;
/// This informs the \c scc_iterator that the specified \c Old node /// This informs the \c scc_iterator that the specified \c Old node
/// has been deleted, and \c New is to be used in its place. /// has been deleted, and \c New is to be used in its place.
void ReplaceNode(NodeRef Old, NodeRef New) { void ReplaceNode(NodeRef Old, NodeRef New) {
assert(nodeVisitNumbers.count(Old) && "Old not in scc_iterator?"); assert(nodeVisitNumbers.count(Old) && "Old not in scc_iterator?");
nodeVisitNumbers[New] = nodeVisitNumbers[Old]; // Do the assignment in two steps, in case 'New' is not yet in the map, and
// inserting it causes the map to grow.
auto tempVal = nodeVisitNumbers[Old];
nodeVisitNumbers[New] = tempVal;
nodeVisitNumbers.erase(Old); nodeVisitNumbers.erase(Old);
} }
}; };
template <class GraphT, class GT> template <class GraphT, class GT>
void scc_iterator<GraphT, GT>::DFSVisitOne(NodeRef N) { void scc_iterator<GraphT, GT>::DFSVisitOne(NodeRef N) {
++visitNum; ++visitNum;
nodeVisitNumbers[N] = visitNum; nodeVisitNumbers[N] = visitNum;
▲ Show 20 LinesShow All 91 LinesShow Last 20 Lines