This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
llvm/lib/Target/X86/
-
lib/
-
Target/
-
X86/
4
X86ISelDAGToDAG.cpp

Differential D73601

[X86] Fix isOffsetSuitableForCodeModel
AbandonedPublic

Authored by MaskRay on Jan 28 2020, 6:26 PM.

Download Raw Diff

Details

Reviewers: None

Summary

If hasSymbolicDisplacement is false, there may still be a symbolic
displacement due to the order operands are matched.

X86DAGToDAGISel::matchAdd
  ...
  // Try again after commuting the operands.
  if (!matchAddressRecursively(Handle.getValue().getOperand(1), AM, Depth+1) && /// sets displacement
      !matchAddressRecursively(Handle.getValue().getOperand(0), AM, Depth+1))   /// sets symbol
    return false;

This can create a leaq symbol+disp(%rip), %rax instruction relocated by
R_X86_64_PC32. If symbol+disp-rip>=2**31 there will be a relocation overflow.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

MaskRay created this revision.Jan 28 2020, 6:26 PM

Herald added a project: Restricted Project. · View Herald TranscriptJan 28 2020, 6:26 PM

Herald added subscribers: llvm-commits, hiraditya. · View Herald Transcript

Unit tests: pass. 62278 tests passed, 0 failed and 827 were skipped.

clang-tidy: pass.

clang-format: fail. Please format your changes with clang-format by running git-clang-format HEAD^ or applying this patch.

Build artifacts: diff.json, clang-tidy.txt, clang-format.patch, CMakeCache.txt, console-log.txt, test-results.xml

Pre-merge checks is in beta. Report issue. Please join beta or enable it for your project.

Instead of a new parameter is it possible to work something into the AddressingMode struct so that it gets restored when we restore from a backup AM?

Do you have a test case?

llvm/lib/Target/X86/X86ISelDAGToDAG.cpp
213	This name doesn't match what's used in the definition of the function.
1594	Do we need to resync HasSymbolicDisp from the restored AM if one of the matchAddressRecursively calls failed the match but had modified the flag?
2098	Why is it called Force here?

Harbormaster failed remote builds in B45199: Diff 241041!Jan 28 2020, 6:49 PM

craig.topper added inline comments.Jan 28 2020, 9:50 PM

llvm/lib/Target/X86/X86ISelDAGToDAG.cpp
1415	Without the test case, I can't be sure. But is the bug really just here where we don't check anything if the Offset is 0. But we still need to do the check if AM.Disp is already non-zero?

In D73601#1846047, @craig.topper wrote:

Instead of a new parameter is it possible to work something into the AddressingMode struct so that it gets restored when we restore from a backup AM?

Do you have a test case?

The bug was somewhat urgent and was breaking our release. @craig.topper So sorry, I went ahead and committed D73606.

I made more description there.

MaskRay abandoned this revision.Jan 28 2020, 11:39 PM

Revision Contents

Path

Size

llvm/

lib/

Target/

X86/

X86ISelDAGToDAG.cpp

51 lines

Diff 241041

llvm/lib/Target/X86/X86ISelDAGToDAG.cpp

Show First 20 Lines • Show All 203 Lines • ▼ Show 20 Lines	public:
void PostprocessISelDAG() override;		void PostprocessISelDAG() override;

// Include the pieces autogenerated from the target description.		// Include the pieces autogenerated from the target description.
#include "X86GenDAGISel.inc"		#include "X86GenDAGISel.inc"

private:		private:
void Select(SDNode *N) override;		void Select(SDNode *N) override;

bool foldOffsetIntoAddress(uint64_t Offset, X86ISelAddressMode &AM);		bool foldOffsetIntoAddress(uint64_t Offset, X86ISelAddressMode &AM,
		bool ForceSymbolicDisp = false);
		craig.topperUnsubmitted Not Done Reply Inline Actions This name doesn't match what's used in the definition of the function. craig.topper: This name doesn't match what's used in the definition of the function.
bool matchLoadInAddress(LoadSDNode *N, X86ISelAddressMode &AM);		bool matchLoadInAddress(LoadSDNode *N, X86ISelAddressMode &AM);
bool matchWrapper(SDValue N, X86ISelAddressMode &AM);		bool matchWrapper(SDValue N, X86ISelAddressMode &AM, bool &HasSymbolicDisp);
bool matchAddress(SDValue N, X86ISelAddressMode &AM);		bool matchAddress(SDValue N, X86ISelAddressMode &AM);
bool matchVectorAddress(SDValue N, X86ISelAddressMode &AM);		bool matchVectorAddress(SDValue N, X86ISelAddressMode &AM);
bool matchAdd(SDValue &N, X86ISelAddressMode &AM, unsigned Depth);		bool matchAdd(SDValue &N, X86ISelAddressMode &AM, unsigned Depth);
bool matchAddressRecursively(SDValue N, X86ISelAddressMode &AM,		bool matchAddressRecursively(SDValue N, X86ISelAddressMode &AM,
unsigned Depth);		unsigned Depth, bool &HasSymbolicDisp);
bool matchAddressBase(SDValue N, X86ISelAddressMode &AM);		bool matchAddressBase(SDValue N, X86ISelAddressMode &AM);
bool selectAddr(SDNode *Parent, SDValue N, SDValue &Base,		bool selectAddr(SDNode *Parent, SDValue N, SDValue &Base,
SDValue &Scale, SDValue &Index, SDValue &Disp,		SDValue &Scale, SDValue &Index, SDValue &Disp,
SDValue &Segment);		SDValue &Segment);
bool selectVectorAddr(SDNode *Parent, SDValue N, SDValue &Base,		bool selectVectorAddr(SDNode *Parent, SDValue N, SDValue &Base,
SDValue &Scale, SDValue &Index, SDValue &Disp,		SDValue &Scale, SDValue &Index, SDValue &Disp,
SDValue &Segment);		SDValue &Segment);
bool selectMOV64Imm32(SDValue N, SDValue &Imm);		bool selectMOV64Imm32(SDValue N, SDValue &Imm);
▲ Show 20 Lines • Show All 1,175 Lines • ▼ Show 20 Lines	static bool isDispSafeForFrameIndex(int64_t Val) {
// will overflow the displacement field. Assuming that the frame index		// will overflow the displacement field. Assuming that the frame index
// displacement fits into a 31-bit integer (which is only slightly more		// displacement fits into a 31-bit integer (which is only slightly more
// aggressive than the current fundamental assumption that it fits into		// aggressive than the current fundamental assumption that it fits into
// a 32-bit integer), a 31-bit disp should always be safe.		// a 32-bit integer), a 31-bit disp should always be safe.
return isInt<31>(Val);		return isInt<31>(Val);
}		}

bool X86DAGToDAGISel::foldOffsetIntoAddress(uint64_t Offset,		bool X86DAGToDAGISel::foldOffsetIntoAddress(uint64_t Offset,
X86ISelAddressMode &AM) {		X86ISelAddressMode &AM,
		bool HasSymbolicDisp) {
// If there's no offset to fold, we don't need to do any work.		// If there's no offset to fold, we don't need to do any work.
if (Offset == 0)		if (Offset == 0)
		craig.topperUnsubmitted Not Done Reply Inline Actions Without the test case, I can't be sure. But is the bug really just here where we don't check anything if the Offset is 0. But we still need to do the check if AM.Disp is already non-zero? craig.topper: Without the test case, I can't be sure. But is the bug really just here where we don't check…
return false;		return false;

// Cannot combine ExternalSymbol displacements with integer offsets.		// Cannot combine ExternalSymbol displacements with integer offsets.
if (AM.ES \|\| AM.MCSym)		if (AM.ES \|\| AM.MCSym)
return true;		return true;

int64_t Val = AM.Disp + Offset;		int64_t Val = AM.Disp + Offset;
CodeModel::Model M = TM.getCodeModel();		CodeModel::Model M = TM.getCodeModel();
if (Subtarget->is64Bit()) {		if (Subtarget->is64Bit()) {
if (!X86::isOffsetSuitableForCodeModel(Val, M,		if (!X86::isOffsetSuitableForCodeModel(
AM.hasSymbolicDisplacement()))		Val, M, HasSymbolicDisp \|\| AM.hasSymbolicDisplacement()))
return true;		return true;
// In addition to the checks required for a register base, check that		// In addition to the checks required for a register base, check that
// we do not try to use an unsafe Disp with a frame index.		// we do not try to use an unsafe Disp with a frame index.
if (AM.BaseType == X86ISelAddressMode::FrameIndexBase &&		if (AM.BaseType == X86ISelAddressMode::FrameIndexBase &&
!isDispSafeForFrameIndex(Val))		!isDispSafeForFrameIndex(Val))
return true;		return true;
}		}
AM.Disp = Val;		AM.Disp = Val;
return false;		return false;

}		}

bool X86DAGToDAGISel::matchLoadInAddress(LoadSDNode *N, X86ISelAddressMode &AM){		bool X86DAGToDAGISel::matchLoadInAddress(LoadSDNode *N, X86ISelAddressMode &AM){
SDValue Address = N->getOperand(1);		SDValue Address = N->getOperand(1);

// load gs:0 -> GS segment register.		// load gs:0 -> GS segment register.
// load fs:0 -> FS segment register.		// load fs:0 -> FS segment register.
//		//
Show All 17 Lines	if (C->getSExtValue() == 0 && AM.Segment.getNode() == nullptr &&
}		}

return true;		return true;
}		}

/// Try to match X86ISD::Wrapper and X86ISD::WrapperRIP nodes into an addressing		/// Try to match X86ISD::Wrapper and X86ISD::WrapperRIP nodes into an addressing
/// mode. These wrap things that will resolve down into a symbol reference.		/// mode. These wrap things that will resolve down into a symbol reference.
/// If no match is possible, this returns true, otherwise it returns false.		/// If no match is possible, this returns true, otherwise it returns false.
bool X86DAGToDAGISel::matchWrapper(SDValue N, X86ISelAddressMode &AM) {		bool X86DAGToDAGISel::matchWrapper(SDValue N, X86ISelAddressMode &AM,
		bool &HasSymbolicDisp) {
// If the addressing mode already has a symbol as the displacement, we can		// If the addressing mode already has a symbol as the displacement, we can
// never match another symbol.		// never match another symbol.
if (AM.hasSymbolicDisplacement())		if (AM.hasSymbolicDisplacement())
return true;		return true;

bool IsRIPRelTLS = false;		bool IsRIPRelTLS = false;
bool IsRIPRel = N.getOpcode() == X86ISD::WrapperRIP;		bool IsRIPRel = N.getOpcode() == X86ISD::WrapperRIP;
if (IsRIPRel) {		if (IsRIPRel) {
▲ Show 20 Lines • Show All 50 Lines • ▼ Show 20 Lines	if (foldOffsetIntoAddress(Offset, AM)) {
AM = Backup;		AM = Backup;
return true;		return true;
}		}

if (IsRIPRel)		if (IsRIPRel)
AM.setBaseReg(CurDAG->getRegister(X86::RIP, MVT::i64));		AM.setBaseReg(CurDAG->getRegister(X86::RIP, MVT::i64));

// Commit the changes now that we know this fold is safe.		// Commit the changes now that we know this fold is safe.
		HasSymbolicDisp = true;
return false;		return false;
}		}

/// Add the specified node to the specified addressing mode, returning true if		/// Add the specified node to the specified addressing mode, returning true if
/// it cannot be done. This just pattern matches for the addressing mode.		/// it cannot be done. This just pattern matches for the addressing mode.
bool X86DAGToDAGISel::matchAddress(SDValue N, X86ISelAddressMode &AM) {		bool X86DAGToDAGISel::matchAddress(SDValue N, X86ISelAddressMode &AM) {
if (matchAddressRecursively(N, AM, 0))		bool HasSymbolicDisp = false;
		if (matchAddressRecursively(N, AM, 0, HasSymbolicDisp))
return true;		return true;

// Post-processing: Convert lea(,%reg,2) to lea(%reg,%reg), which has		// Post-processing: Convert lea(,%reg,2) to lea(%reg,%reg), which has
// a smaller encoding and avoids a scaled-index.		// a smaller encoding and avoids a scaled-index.
if (AM.Scale == 2 &&		if (AM.Scale == 2 &&
AM.BaseType == X86ISelAddressMode::RegBase &&		AM.BaseType == X86ISelAddressMode::RegBase &&
AM.Base_Reg.getNode() == nullptr) {		AM.Base_Reg.getNode() == nullptr) {
AM.Base_Reg = AM.IndexReg;		AM.Base_Reg = AM.IndexReg;
Show All 22 Lines
}		}

bool X86DAGToDAGISel::matchAdd(SDValue &N, X86ISelAddressMode &AM,		bool X86DAGToDAGISel::matchAdd(SDValue &N, X86ISelAddressMode &AM,
unsigned Depth) {		unsigned Depth) {
// Add an artificial use to this node so that we can keep track of		// Add an artificial use to this node so that we can keep track of
// it if it gets CSE'd with a different node.		// it if it gets CSE'd with a different node.
HandleSDNode Handle(N);		HandleSDNode Handle(N);

		bool HasSymbolicDisp = AM.hasSymbolicDisplacement();
X86ISelAddressMode Backup = AM;		X86ISelAddressMode Backup = AM;
if (!matchAddressRecursively(N.getOperand(0), AM, Depth+1) &&		if (!matchAddressRecursively(N.getOperand(0), AM, Depth + 1, HasSymbolicDisp) &&
		Lint: Pre-merge checks Inline Actions clang-format: please reformat the code - if (!matchAddressRecursively(N.getOperand(0), AM, Depth + 1, HasSymbolicDisp) && + if (!matchAddressRecursively(N.getOperand(0), AM, Depth + 1, + HasSymbolicDisp) && Lint: Pre-merge checks: clang-format: please reformat the code ``` - if (!matchAddressRecursively(N.getOperand(0), AM…
!matchAddressRecursively(Handle.getValue().getOperand(1), AM, Depth+1))		!matchAddressRecursively(Handle.getValue().getOperand(1), AM, Depth + 1,
		HasSymbolicDisp))
return false;		return false;
AM = Backup;		AM = Backup;

// Try again after commuting the operands.		// Try again after commuting the operands.
if (!matchAddressRecursively(Handle.getValue().getOperand(1), AM, Depth+1) &&		if (!matchAddressRecursively(Handle.getValue().getOperand(1), AM, Depth + 1,
!matchAddressRecursively(Handle.getValue().getOperand(0), AM, Depth+1))		HasSymbolicDisp) &&
		craig.topperUnsubmitted Not Done Reply Inline Actions Do we need to resync HasSymbolicDisp from the restored AM if one of the matchAddressRecursively calls failed the match but had modified the flag? craig.topper: Do we need to resync HasSymbolicDisp from the restored AM if one of the matchAddressRecursively…
		!matchAddressRecursively(Handle.getValue().getOperand(0), AM, Depth + 1,
		HasSymbolicDisp))
return false;		return false;
AM = Backup;		AM = Backup;

// If we couldn't fold both operands into the address at the same time,		// If we couldn't fold both operands into the address at the same time,
// see if we can just put each operand into a register and fold at least		// see if we can just put each operand into a register and fold at least
// the add.		// the add.
if (AM.BaseType == X86ISelAddressMode::RegBase &&		if (AM.BaseType == X86ISelAddressMode::RegBase &&
!AM.Base_Reg.getNode() &&		!AM.Base_Reg.getNode() &&
▲ Show 20 Lines • Show All 306 Lines • ▼ Show 20 Lines	static bool foldMaskedShiftToBEXTR(SelectionDAG &DAG, SDValue N,
DAG.RemoveDeadNode(N.getNode());		DAG.RemoveDeadNode(N.getNode());

AM.Scale = 1 << AMShiftAmt;		AM.Scale = 1 << AMShiftAmt;
AM.IndexReg = NewAnd;		AM.IndexReg = NewAnd;
return false;		return false;
}		}

bool X86DAGToDAGISel::matchAddressRecursively(SDValue N, X86ISelAddressMode &AM,		bool X86DAGToDAGISel::matchAddressRecursively(SDValue N, X86ISelAddressMode &AM,
unsigned Depth) {		unsigned Depth,
		bool &HasSymbolicDisp) {
SDLoc dl(N);		SDLoc dl(N);
LLVM_DEBUG({		LLVM_DEBUG({
dbgs() << "MatchAddress: ";		dbgs() << "MatchAddress: ";
AM.dump(CurDAG);		AM.dump(CurDAG);
});		});
// Limit recursion.		// Limit recursion.
if (Depth > 5)		if (Depth > 5)
return matchAddressBase(N, AM);		return matchAddressBase(N, AM);
Show All 22 Lines	if (!AM.hasSymbolicDisplacement() && AM.Disp == 0)
// Use the symbol and don't prefix it.		// Use the symbol and don't prefix it.
AM.MCSym = ESNode->getMCSymbol();		AM.MCSym = ESNode->getMCSymbol();
return false;		return false;
}		}
break;		break;
}		}
case ISD::Constant: {		case ISD::Constant: {
uint64_t Val = cast<ConstantSDNode>(N)->getSExtValue();		uint64_t Val = cast<ConstantSDNode>(N)->getSExtValue();
if (!foldOffsetIntoAddress(Val, AM))		if (!foldOffsetIntoAddress(Val, AM, HasSymbolicDisp))
return false;		return false;
break;		break;
}		}

case X86ISD::Wrapper:		case X86ISD::Wrapper:
case X86ISD::WrapperRIP:		case X86ISD::WrapperRIP:
if (!matchWrapper(N, AM))		if (!matchWrapper(N, AM, HasSymbolicDisp))
return false;		return false;
break;		break;

case ISD::LOAD:		case ISD::LOAD:
if (!matchLoadInAddress(cast<LoadSDNode>(N), AM))		if (!matchLoadInAddress(cast<LoadSDNode>(N), AM))
return false;		return false;
break;		break;

▲ Show 20 Lines • Show All 115 Lines • ▼ Show 20 Lines	case ISD::SUB: {
// it costs an additional mov if the index register has other uses.		// it costs an additional mov if the index register has other uses.

// Add an artificial use to this node so that we can keep track of		// Add an artificial use to this node so that we can keep track of
// it if it gets CSE'd with a different node.		// it if it gets CSE'd with a different node.
HandleSDNode Handle(N);		HandleSDNode Handle(N);

// Test if the LHS of the sub can be folded.		// Test if the LHS of the sub can be folded.
X86ISelAddressMode Backup = AM;		X86ISelAddressMode Backup = AM;
if (matchAddressRecursively(N.getOperand(0), AM, Depth+1)) {		bool ForceSymbolicDisp = false;
		craig.topperUnsubmitted Not Done Reply Inline Actions Why is it called Force here? craig.topper: Why is it called Force here?
		if (matchAddressRecursively(N.getOperand(0), AM, Depth + 1,
		ForceSymbolicDisp)) {
N = Handle.getValue();		N = Handle.getValue();
AM = Backup;		AM = Backup;
break;		break;
}		}
N = Handle.getValue();		N = Handle.getValue();
// Test if the index field is free for use.		// Test if the index field is free for use.
if (AM.IndexReg.getNode() \|\| AM.isRIPRelative()) {		if (AM.IndexReg.getNode() \|\| AM.isRIPRelative()) {
AM = Backup;		AM = Backup;
▲ Show 20 Lines • Show All 168 Lines • ▼ Show 20 Lines	bool X86DAGToDAGISel::matchVectorAddress(SDValue N, X86ISelAddressMode &AM) {
// TODO: Support other operations.		// TODO: Support other operations.
switch (N.getOpcode()) {		switch (N.getOpcode()) {
case ISD::Constant: {		case ISD::Constant: {
uint64_t Val = cast<ConstantSDNode>(N)->getSExtValue();		uint64_t Val = cast<ConstantSDNode>(N)->getSExtValue();
if (!foldOffsetIntoAddress(Val, AM))		if (!foldOffsetIntoAddress(Val, AM))
return false;		return false;
break;		break;
}		}
case X86ISD::Wrapper:		case X86ISD::Wrapper: {
if (!matchWrapper(N, AM))		bool HasSymbolicDisp = false;
		if (!matchWrapper(N, AM, HasSymbolicDisp))
return false;		return false;
break;		break;
}		}
		}

return matchAddressBase(N, AM);		return matchAddressBase(N, AM);
}		}

bool X86DAGToDAGISel::selectVectorAddr(SDNode *Parent, SDValue N, SDValue &Base,		bool X86DAGToDAGISel::selectVectorAddr(SDNode *Parent, SDValue N, SDValue &Base,
SDValue &Scale, SDValue &Index,		SDValue &Scale, SDValue &Index,
SDValue &Disp, SDValue &Segment) {		SDValue &Disp, SDValue &Segment) {
X86ISelAddressMode AM;		X86ISelAddressMode AM;
▲ Show 20 Lines • Show All 3,018 Lines • Show Last 20 Lines