This is an archive of the discontinued LLVM Phabricator instance.

[Coroutine][Sema] Only tighten the suspend call temp lifetime for final awaiter
ClosedPublic

Authored by lxfind on Oct 8 2020, 1:10 PM.

Download Raw Diff

Details

Reviewers

lewissbaker
wenlei
bruno
junparser
rjmccall

Commits

rGdce8f2bb25ea: [Coroutine][Sema] Only tighten the suspend call temp lifetime for final awaiter

Summary

In https://reviews.llvm.org/D87470 I added the change to tighten the lifetime of the expression awaiter.await_suspend().address.
Howver it was incorrect. ExprWithCleanups will call the dtor and end the lifetime for all the temps created in the current full expr.
When this is called on a normal await call, we don't want to do that.
We only want to do this for the call on the final_awaiter, to avoid writing into the frame after the frame is destroyed.
This change fixes it, by checking IsImplicit.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

lxfind created this revision.Oct 8 2020, 1:10 PM

Herald added a project: Restricted Project. · View Herald TranscriptOct 8 2020, 1:10 PM

Herald added subscribers: cfe-commits, modimo, dexonsmith, modocache. · View Herald Transcript

lxfind requested review of this revision.Oct 8 2020, 1:10 PM

Harbormaster completed remote builds in B74477: Diff 297038.Oct 8 2020, 1:56 PM

why we should not do this with normal await call?

In D89066#2324115, @junparser wrote:

why we should not do this with normal await call?

To be honest, I don't know yet. My understanding of how expression cleanup and temp lifetime management is insufficient at the moment.
But first of all, without adding any cleanup expression here, I saw ASAN failures due to heap-use-after-free, because sometimes the frame have already been destroyed after the await_suspend call, and yet we are still writing into the frame due to unnecessarily cross-suspend lifetime. However, if I apply the cleanup to all await_suepend calls, it also causes ASAN failures as it's cleaning up data that's still alive.
So this patch is more of a temporary walkaround to stop bleeding without causing any trouble.
I plan to get back to this latter after I am done with the spilling/alloca issues.

In D89066#2324151, @lxfind wrote:

In D89066#2324115, @junparser wrote:

why we should not do this with normal await call?

To be honest, I don't know yet. My understanding of how expression cleanup and temp lifetime management is insufficient at the moment.
But first of all, without adding any cleanup expression here, I saw ASAN failures due to heap-use-after-free, because sometimes the frame have already been destroyed after the await_suspend call, and yet we are still writing into the frame due to unnecessarily cross-suspend lifetime. However, if I apply the cleanup to all await_suepend calls, it also causes ASAN failures as it's cleaning up data that's still alive.
So this patch is more of a temporary walkaround to stop bleeding without causing any trouble.
I plan to get back to this latter after I am done with the spilling/alloca issues.

I'm not familiar with ASAN instrumentation. Do you have any testcases to explain this?

In D89066#2324291, @junparser wrote:

In D89066#2324151, @lxfind wrote:

In D89066#2324115, @junparser wrote:

why we should not do this with normal await call?

To be honest, I don't know yet. My understanding of how expression cleanup and temp lifetime management is insufficient at the moment.
But first of all, without adding any cleanup expression here, I saw ASAN failures due to heap-use-after-free, because sometimes the frame have already been destroyed after the await_suspend call, and yet we are still writing into the frame due to unnecessarily cross-suspend lifetime. However, if I apply the cleanup to all await_suepend calls, it also causes ASAN failures as it's cleaning up data that's still alive.
So this patch is more of a temporary walkaround to stop bleeding without causing any trouble.
I plan to get back to this latter after I am done with the spilling/alloca issues.

I'm not familiar with ASAN instrumentation. Do you have any testcases to explain this?

Unfortunately I don't. But this is not related to ASAN. Basically, this is causing destructing of objects that should still be alive. I suspect that it's because ExprWithCleanups always clean up temps that belongs to the full expression, not just the sub-expression in it.

LGTM. I think we can get this in first to address the fall out from https://reviews.llvm.org/D87470, while investigating ASAN failure.

clang/lib/Sema/SemaCoroutine.cpp
401–411	Can you add comment explaining why we don't cleanup for all await, probably a TODO?

This revision is now accepted and ready to land.Oct 12 2020, 11:28 AM

Add more comments and TODO

This revision was landed with ongoing or failed builds.Oct 12 2020, 12:00 PM

Closed by commit rGdce8f2bb25ea: [Coroutine][Sema] Only tighten the suspend call temp lifetime for final awaiter (authored by lxfind). · Explain Why

This revision was automatically updated to reflect the committed changes.

lxfind added a commit: rGdce8f2bb25ea: [Coroutine][Sema] Only tighten the suspend call temp lifetime for final awaiter.

Harbormaster completed remote builds in B74832: Diff 297656.Oct 12 2020, 12:28 PM

There seems to be build failures in the buildbot, but I don't understand why it's happening.. (unable to repro locally and the patterns seem correct)
http://lab.llvm.org:8011/#/builders/12/builds/92/steps/7/logs/FAIL__Clang__coro-semmetric-transfer_cpp

lxfind mentioned this in D89269: [Coroutine] Rename coro-semmetric-transfer.cpp and fix test failure.Oct 12 2020, 2:20 PM

Test failures are being fixed in https://reviews.llvm.org/D89269.

lxfind mentioned this in rGd80ecdf27faf: [Coroutine] Rename coro-semmetric-transfer.cpp and possibly fix test failure.Oct 12 2020, 3:29 PM

In D89066#2325358, @lxfind wrote:

In D89066#2324291, @junparser wrote:

In D89066#2324151, @lxfind wrote:

In D89066#2324115, @junparser wrote:

why we should not do this with normal await call?

To be honest, I don't know yet. My understanding of how expression cleanup and temp lifetime management is insufficient at the moment.
But first of all, without adding any cleanup expression here, I saw ASAN failures due to heap-use-after-free, because sometimes the frame have already been destroyed after the await_suspend call, and yet we are still writing into the frame due to unnecessarily cross-suspend lifetime. However, if I apply the cleanup to all await_suepend calls, it also causes ASAN failures as it's cleaning up data that's still alive.
So this patch is more of a temporary walkaround to stop bleeding without causing any trouble.
I plan to get back to this latter after I am done with the spilling/alloca issues.

I'm not familiar with ASAN instrumentation. Do you have any testcases to explain this?

Unfortunately I don't. But this is not related to ASAN. Basically, this is causing destructing of objects that should still be alive. I suspect that it's because ExprWithCleanups always clean up temps that belongs to the full expression, not just the sub-expression in it.

should we also need to add ExprWithCleanups when expand co_await to await_ready & await_suspend and await_resume expression which may fix this issue？

lxfind mentioned this in D90990: [Coroutine][Sema] Cleanup temporaries as early as possible.Nov 6 2020, 4:29 PM

lxfind mentioned this in rG19f077092343: [Coroutine][Sema] Cleanup temporaries as early as possible.Nov 10 2020, 1:27 PM

Revision Contents

Path

Size

clang/

lib/

Sema/

SemaCoroutine.cpp

31 lines

test/

CodeGenCoroutines/

coro-semmetric-transfer.cpp

2 lines

Diff 297657

clang/lib/Sema/SemaCoroutine.cpp

Show First 20 Lines • Show All 369 Lines • ▼ Show 20 Lines	static ExprResult buildMemberCall(Sema &S, Expr *Base, SourceLocation Loc,
return S.BuildCallExpr(nullptr, Result.get(), Loc, Args, Loc, nullptr);		return S.BuildCallExpr(nullptr, Result.get(), Loc, Args, Loc, nullptr);
}		}

// See if return type is coroutine-handle and if so, invoke builtin coro-resume		// See if return type is coroutine-handle and if so, invoke builtin coro-resume
// on its address. This is to enable experimental support for coroutine-handle		// on its address. This is to enable experimental support for coroutine-handle
// returning await_suspend that results in a guaranteed tail call to the target		// returning await_suspend that results in a guaranteed tail call to the target
// coroutine.		// coroutine.
static Expr maybeTailCall(Sema &S, QualType RetType, Expr E,		static Expr maybeTailCall(Sema &S, QualType RetType, Expr E,
SourceLocation Loc) {		SourceLocation Loc, bool IsImplicit) {
if (RetType->isReferenceType())		if (RetType->isReferenceType())
return nullptr;		return nullptr;
Type const *T = RetType.getTypePtr();		Type const *T = RetType.getTypePtr();
if (!T->isClassType() && !T->isStructureType())		if (!T->isClassType() && !T->isStructureType())
return nullptr;		return nullptr;

// FIXME: Add convertability check to coroutine_handle<>. Possibly via		// FIXME: Add convertability check to coroutine_handle<>. Possibly via
// EvaluateBinaryTypeTrait(BTT_IsConvertible, ...) which is at the moment		// EvaluateBinaryTypeTrait(BTT_IsConvertible, ...) which is at the moment
// a private function in SemaExprCXX.cpp		// a private function in SemaExprCXX.cpp

ExprResult AddressExpr = buildMemberCall(S, E, Loc, "address", None);		ExprResult AddressExpr = buildMemberCall(S, E, Loc, "address", None);
if (AddressExpr.isInvalid())		if (AddressExpr.isInvalid())
return nullptr;		return nullptr;

Expr *JustAddress = AddressExpr.get();		Expr *JustAddress = AddressExpr.get();

// Check that the type of AddressExpr is void*		// Check that the type of AddressExpr is void*
if (!JustAddress->getType().getTypePtr()->isVoidPointerType())		if (!JustAddress->getType().getTypePtr()->isVoidPointerType())
S.Diag(cast<CallExpr>(JustAddress)->getCalleeDecl()->getLocation(),		S.Diag(cast<CallExpr>(JustAddress)->getCalleeDecl()->getLocation(),
diag::warn_coroutine_handle_address_invalid_return_type)		diag::warn_coroutine_handle_address_invalid_return_type)
<< JustAddress->getType();		<< JustAddress->getType();

// The coroutine handle used to obtain the address is no longer needed		// After the await_suspend call on the awaiter, the coroutine may have
// at this point, clean it up to avoid unnecessarily long lifetime which		// been destroyed. In that case, we can not store anything to the frame
// could lead to unnecessary spilling.		// from this point on. Hence here we wrap it immediately with a cleanup. This
		// could have applied to all await_suspend calls. However doing so causes
		// alive objects being destructed for reasons that need further
		// investigations. Here we walk-around it temporarily by only doing it after
		// the suspend call on the final awaiter (indicated by IsImplicit) where it's
		// most common to happen.
		// TODO: Properly clean up the temps generated by await_suspend calls.
		if (IsImplicit)
JustAddress = S.MaybeCreateExprWithCleanups(JustAddress);		JustAddress = S.MaybeCreateExprWithCleanups(JustAddress);
		wenleiUnsubmitted Not Done Reply Inline Actions Can you add comment explaining why we don't cleanup for all await, probably a TODO? wenlei: Can you add comment explaining why we don't cleanup for all await, probably a TODO?
return buildBuiltinCall(S, Loc, Builtin::BI__builtin_coro_resume,		return buildBuiltinCall(S, Loc, Builtin::BI__builtin_coro_resume,
JustAddress);		JustAddress);
}		}

/// Build calls to await_ready, await_suspend, and await_resume for a co_await		/// Build calls to await_ready, await_suspend, and await_resume for a co_await
/// expression.		/// expression.
static ReadySuspendResumeResult buildCoawaitCalls(Sema &S, VarDecl *CoroPromise,		static ReadySuspendResumeResult buildCoawaitCalls(Sema &S, VarDecl *CoroPromise,
SourceLocation Loc, Expr *E) {		SourceLocation Loc, Expr *E,
		bool IsImplicit) {
OpaqueValueExpr *Operand = new (S.Context)		OpaqueValueExpr *Operand = new (S.Context)
OpaqueValueExpr(Loc, E->getType(), VK_LValue, E->getObjectKind(), E);		OpaqueValueExpr(Loc, E->getType(), VK_LValue, E->getObjectKind(), E);

// Assume invalid until we see otherwise.		// Assume invalid until we see otherwise.
ReadySuspendResumeResult Calls = {{}, Operand, /IsInvalid=/true};		ReadySuspendResumeResult Calls = {{}, Operand, /IsInvalid=/true};

ExprResult CoroHandleRes = buildCoroutineHandle(S, CoroPromise->getType(), Loc);		ExprResult CoroHandleRes = buildCoroutineHandle(S, CoroPromise->getType(), Loc);
if (CoroHandleRes.isInvalid())		if (CoroHandleRes.isInvalid())
Show All 32 Lines	static ReadySuspendResumeResult buildCoawaitCalls(Sema &S, VarDecl *CoroPromise,
if (!AwaitSuspend->getType()->isDependentType()) {		if (!AwaitSuspend->getType()->isDependentType()) {
// [expr.await]p3 [...]		// [expr.await]p3 [...]
// - await-suspend is the expression e.await_suspend(h), which shall be		// - await-suspend is the expression e.await_suspend(h), which shall be
// a prvalue of type void, bool, or std::coroutine_handle<Z> for some		// a prvalue of type void, bool, or std::coroutine_handle<Z> for some
// type Z.		// type Z.
QualType RetType = AwaitSuspend->getCallReturnType(S.Context);		QualType RetType = AwaitSuspend->getCallReturnType(S.Context);

// Experimental support for coroutine_handle returning await_suspend.		// Experimental support for coroutine_handle returning await_suspend.
if (Expr *TailCallSuspend = maybeTailCall(S, RetType, AwaitSuspend, Loc))		if (Expr *TailCallSuspend =
		maybeTailCall(S, RetType, AwaitSuspend, Loc, IsImplicit))
Calls.Results[ACT::ACT_Suspend] = TailCallSuspend;		Calls.Results[ACT::ACT_Suspend] = TailCallSuspend;
else {		else {
// non-class prvalues always have cv-unqualified types		// non-class prvalues always have cv-unqualified types
if (RetType->isReferenceType() \|\|		if (RetType->isReferenceType() \|\|
(!RetType->isBooleanType() && !RetType->isVoidType())) {		(!RetType->isBooleanType() && !RetType->isVoidType())) {
S.Diag(AwaitSuspend->getCalleeDecl()->getLocation(),		S.Diag(AwaitSuspend->getCalleeDecl()->getLocation(),
diag::err_await_suspend_invalid_return_type)		diag::err_await_suspend_invalid_return_type)
<< RetType;		<< RetType;
▲ Show 20 Lines • Show All 395 Lines • ▼ Show 20 Lines	if (E->getValueKind() == VK_RValue)
E = CreateMaterializeTemporaryExpr(E->getType(), E, true);		E = CreateMaterializeTemporaryExpr(E->getType(), E, true);

// The location of the `co_await` token cannot be used when constructing		// The location of the `co_await` token cannot be used when constructing
// the member call expressions since it's before the location of `Expr`, which		// the member call expressions since it's before the location of `Expr`, which
// is used as the start of the member call expression.		// is used as the start of the member call expression.
SourceLocation CallLoc = E->getExprLoc();		SourceLocation CallLoc = E->getExprLoc();

// Build the await_ready, await_suspend, await_resume calls.		// Build the await_ready, await_suspend, await_resume calls.
ReadySuspendResumeResult RSS =		ReadySuspendResumeResult RSS = buildCoawaitCalls(
buildCoawaitCalls(*this, Coroutine->CoroutinePromise, CallLoc, E);		*this, Coroutine->CoroutinePromise, CallLoc, E, IsImplicit);
if (RSS.IsInvalid)		if (RSS.IsInvalid)
return ExprError();		return ExprError();

Expr *Res =		Expr *Res =
new (Context) CoawaitExpr(Loc, E, RSS.Results[0], RSS.Results[1],		new (Context) CoawaitExpr(Loc, E, RSS.Results[0], RSS.Results[1],
RSS.Results[2], RSS.OpaqueValue, IsImplicit);		RSS.Results[2], RSS.OpaqueValue, IsImplicit);

return Res;		return Res;
Show All 37 Lines	ExprResult Sema::BuildCoyieldExpr(SourceLocation Loc, Expr *E) {
}		}

// If the expression is a temporary, materialize it as an lvalue so that we		// If the expression is a temporary, materialize it as an lvalue so that we
// can use it multiple times.		// can use it multiple times.
if (E->getValueKind() == VK_RValue)		if (E->getValueKind() == VK_RValue)
E = CreateMaterializeTemporaryExpr(E->getType(), E, true);		E = CreateMaterializeTemporaryExpr(E->getType(), E, true);

// Build the await_ready, await_suspend, await_resume calls.		// Build the await_ready, await_suspend, await_resume calls.
ReadySuspendResumeResult RSS =		ReadySuspendResumeResult RSS = buildCoawaitCalls(
buildCoawaitCalls(*this, Coroutine->CoroutinePromise, Loc, E);		this, Coroutine->CoroutinePromise, Loc, E, /IsImplicit*/ false);
if (RSS.IsInvalid)		if (RSS.IsInvalid)
return ExprError();		return ExprError();

Expr *Res =		Expr *Res =
new (Context) CoyieldExpr(Loc, E, RSS.Results[0], RSS.Results[1],		new (Context) CoyieldExpr(Loc, E, RSS.Results[0], RSS.Results[1],
RSS.Results[2], RSS.OpaqueValue);		RSS.Results[2], RSS.OpaqueValue);

return Res;		return Res;
▲ Show 20 Lines • Show All 748 Lines • Show Last 20 Lines

clang/test/CodeGenCoroutines/coro-semmetric-transfer.cpp

	// RUN: %clang -std=c++14 -fcoroutines-ts -emit-llvm -S -O1 %s -o -			// RUN: %clang -std=c++14 -fcoroutines-ts -emit-llvm -S -O1 %s -o - \| FileCheck %s

	#include "Inputs/coroutine.h"			#include "Inputs/coroutine.h"

	namespace coro = std::experimental::coroutines_v1;			namespace coro = std::experimental::coroutines_v1;

	struct detached_task {			struct detached_task {
	struct promise_type {			struct promise_type {
	detached_task get_return_object() noexcept {			detached_task get_return_object() noexcept {
	▲ Show 20 Lines • Show All 44 Lines • Show Last 20 Lines