This is an archive of the discontinued LLVM Phabricator instance.

Differential D87435

[PGO] Skip if an IndirectBrInst critical edge cannot be split
ClosedPublic

Authored by MaskRay on Sep 10 2020, 12:01 AM.

Details

Reviewers
davidxl
xur
hjyamauchi
lebedev.ri
Commits
rGa0ffe2b21a51: [PGO] Skip if an IndirectBrInst critical edge cannot be split
Summary

PGOInstrumentation runs SplitIndirectBrCriticalEdges but some IndirectBrInst
critical edge cannot be split. getInstrBB will crash when calling SplitCriticalEdge, e.g.

int foo(char *p) {
  void *targets[2];
  targets[0] = &&indirect;
  targets[1] = &&end;
for (;; p++)
  if (*p == 7) {
indirect:
    goto *targets[p[1]]; // the self loop is critical in -O
  }
end:
  return 0;
}

Skip such critical edges to prevent a crash.

Diff Detail

Event Timeline

MaskRay created this revision.Sep 10 2020, 12:01 AM
Herald added a project: Restricted Project. · View Herald TranscriptSep 10 2020, 12:01 AM
Herald added subscribers: llvm-commits, wenlei, hiraditya. · View Herald Transcript
MaskRay requested review of this revision.Sep 10 2020, 12:01 AM
lebedev.ri added a subscriber: lebedev.ri.Sep 10 2020, 12:03 AM

I believe every other caller ensures that as a precondition.
Why is the existing approach incorrect, and PGOInstrumentation shouldn't be fixed itself?

MaskRay added a comment.Sep 10 2020, 12:12 AM
In D87435#2265038, @lebedev.ri wrote:

I believe every other caller ensures that as a precondition.
Why is the existing approach incorrect, and PGOInstrumentation shouldn't be fixed itself?

How do other callers handle such a critical edge? SplitCriticalEdge is a generic API where some cases are already skipped (return nullptr), see isEHPad and other return nullptr in the function.

lebedev.ri added a comment.Sep 10 2020, 12:23 AM
In D87435#2265077, @MaskRay wrote:
In D87435#2265038, @lebedev.ri wrote:

I believe every other caller ensures that as a precondition.
Why is the existing approach incorrect, and PGOInstrumentation shouldn't be fixed itself?

How do other callers handle such a critical edge?

By doing this check before calling the function?

SplitCriticalEdge is a generic API where some cases are already skipped (return nullptr), see isEHPad and other return nullptr in the function.

Harbormaster completed remote builds in B71186: Diff 290885.Sep 10 2020, 12:38 AM
lebedev.ri added a comment.Sep 10 2020, 1:03 AM
In D87435#2265101, @lebedev.ri wrote:
In D87435#2265077, @MaskRay wrote:
In D87435#2265038, @lebedev.ri wrote:

I believe every other caller ensures that as a precondition.
Why is the existing approach incorrect, and PGOInstrumentation shouldn't be fixed itself?

How do other callers handle such a critical edge?

By doing this check before calling the function?

SplitCriticalEdge is a generic API where some cases are already skipped (return nullptr), see isEHPad and other return nullptr in the function.

TBN i personally don't care whether all the callers do all these checks, or SplitCriticalEdge() itself does them (latter is likely slower),
but i would think we should be consistent.

MaskRay updated this revision to Diff 291003.Sep 10 2020, 9:43 AM

Move the check from BreakCriticalEdges.cpp to PGOInstrumentation.cpp

lebedev.ri accepted this revision.Sep 10 2020, 9:50 AM

SGTM, thanks

llvm/lib/Transforms/Instrumentation/PGOInstrumentation.cpp
810

s/previous/following/

This revision is now accepted and ready to land.Sep 10 2020, 9:50 AM
davidxl accepted this revision.Sep 10 2020, 10:01 AM

lgtm

MaskRay marked an inline comment as done.Sep 10 2020, 10:12 AM
MaskRay added inline comments.
llvm/lib/Transforms/Instrumentation/PGOInstrumentation.cpp
810

I think "previous" is correct. It is SplitIndirectBrCriticalEdges. The function calls SplitIndirectBrCriticalEdges in the very beginning.

Harbormaster completed remote builds in B71249: Diff 291003.Sep 10 2020, 10:18 AM
Closed by commit rGa0ffe2b21a51: [PGO] Skip if an IndirectBrInst critical edge cannot be split (authored by MaskRay). · Explain WhySep 10 2020, 11:04 AM
This revision was automatically updated to reflect the committed changes.
MaskRay marked an inline comment as done.
MaskRay added a commit: rGa0ffe2b21a51: [PGO] Skip if an IndirectBrInst critical edge cannot be split.
MaskRay mentioned this in D94470: [LSR] Don't break a critical edge if parent ends with "callbr".Jan 12 2021, 9:36 AM

Revision Contents

PathSize
llvm/
lib/
Transforms/
Instrumentation/
5 lines
test/
Transforms/
PGOProfile/
24 lines

Diff 291032

llvm/lib/Transforms/Instrumentation/PGOInstrumentation.cpp

Show First 20 LinesShow All 801 Lines▼ Show 20 LinesBasicBlock *FuncPGOInstrumentation<Edge, BBInfo>::getInstrBB(Edge *E) {
// Instrument the SrcBB if it has a single successor, // Instrument the SrcBB if it has a single successor,
// otherwise, the DestBB if this is not a critical edge. // otherwise, the DestBB if this is not a critical edge.
Instruction *TI = SrcBB->getTerminator(); Instruction *TI = SrcBB->getTerminator();
if (TI->getNumSuccessors() <= 1) if (TI->getNumSuccessors() <= 1)
return canInstrument(SrcBB); return canInstrument(SrcBB);
if (!E->IsCritical) if (!E->IsCritical)
return canInstrument(DestBB); return canInstrument(DestBB);
// Some IndirectBr critical edges cannot be split by the previous
lebedev.riUnsubmitted
Done
ReplyInline Actions

s/previous/following/

lebedev.ri: s/previous/following/
MaskRayAuthorUnsubmitted
Done
ReplyInline Actions

I think "previous" is correct. It is SplitIndirectBrCriticalEdges. The function calls SplitIndirectBrCriticalEdges in the very beginning.

MaskRay: I think "previous" is correct. It is `SplitIndirectBrCriticalEdges`. The function calls…
// SplitIndirectBrCriticalEdges call. Bail out.
unsigned SuccNum = GetSuccessorNumber(SrcBB, DestBB); unsigned SuccNum = GetSuccessorNumber(SrcBB, DestBB);
BasicBlock *InstrBB = SplitCriticalEdge(TI, SuccNum); BasicBlock *InstrBB =
isa<IndirectBrInst>(TI) ? nullptr : SplitCriticalEdge(TI, SuccNum);
if (!InstrBB) { if (!InstrBB) {
LLVM_DEBUG( LLVM_DEBUG(
dbgs() << "Fail to split critical edge: not instrument this edge.\n"); dbgs() << "Fail to split critical edge: not instrument this edge.\n");
return nullptr; return nullptr;
} }
// For a critical edge, we have to split. Instrument the newly // For a critical edge, we have to split. Instrument the newly
// created BB. // created BB.
IsCS ? NumOfCSPGOSplit++ : NumOfPGOSplit++; IsCS ? NumOfCSPGOSplit++ : NumOfPGOSplit++;
▲ Show 20 LinesShow All 1,123 LinesShow Last 20 Lines

llvm/test/Transforms/PGOProfile/split-indirectbr-critical-edges.ll

Show All 31 Lines; CHECK: if.end: ; preds = %.split1
%incdec.ptr5 = getelementptr inbounds i8, i8* %p.addr.1, i64 1 %incdec.ptr5 = getelementptr inbounds i8, i8* %p.addr.1, i64 1
%1 = load i8, i8* %p.addr.1, align 1 %1 = load i8, i8* %p.addr.1, align 1
%idxprom6 = zext i8 %1 to i64 %idxprom6 = zext i8 %1 to i64
%arrayidx7 = getelementptr inbounds [256 x i8*], [256 x i8*]* %targets, i64 0, i64 %idxprom6 %arrayidx7 = getelementptr inbounds [256 x i8*], [256 x i8*]* %targets, i64 0, i64 %idxprom6
%2 = load i8*, i8** %arrayidx7, align 8 %2 = load i8*, i8** %arrayidx7, align 8
indirectbr i8* %2, [label %for.cond2, label %if.end] indirectbr i8* %2, [label %for.cond2, label %if.end]
; CHECK: indirectbr i8* %2, [label %for.cond2, label %if.end] ; CHECK: indirectbr i8* %2, [label %for.cond2, label %if.end]
} }
;; If an indirectbr critical edge cannot be split, ignore it.
;; The edge will not be profiled.
; CHECK-LABEL: @cannot_split(
; CHECK-NEXT: entry:
; CHECK-NEXT: call void @llvm.instrprof.increment
; CHECK-NOT: call void @llvm.instrprof.increment
define i32 @cannot_split(i8* nocapture readonly %p) {
entry:
%targets = alloca <2 x i8*>, align 16
store <2 x i8*> <i8* blockaddress(@cannot_split, %indirect), i8* blockaddress(@cannot_split, %end)>, <2 x i8*>* %targets, align 16
%arrayidx2 = getelementptr inbounds i8, i8* %p, i64 1
%0 = load i8, i8* %arrayidx2
%idxprom = sext i8 %0 to i64
%arrayidx3 = getelementptr inbounds <2 x i8*>, <2 x i8*>* %targets, i64 0, i64 %idxprom
%1 = load i8*, i8** %arrayidx3, align 8
br label %indirect
indirect: ; preds = %entry, %indirect
indirectbr i8* %1, [label %indirect, label %end]
end: ; preds = %indirect
ret i32 0
}