This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
llvm/lib/Transforms/
-
lib/
-
Transforms/
-
Scalar/
-
SimplifyCFGPass.cpp
-
Utils/
-
SimplifyCFG.cpp

Differential D89917

Revert "SimplifyCFG: Clean up optforfuzzing implementation"
AbandonedPublic

Authored by zequanwu on Oct 21 2020, 5:14 PM.

Download Raw Diff

Details

Reviewers

arsenm
lebedev.ri
morehouse

Summary

In commit cdd006eec9409923f9a56b9026ce2cb72e7b71dc, the options SimplifyCondBranch and FoldTwoEntryPHINode were added and set to false when attribute OptForFuzzing is present. We also need to do the same for SimplifyCFGPass which is NPM version of CFGSimplifyPass. It will be duplicated. We can just check for the attribute at simplifyCondBranch and FoldTwoEntryPHINode
See discussion: https://reviews.llvm.org/D89590
This reverts commit cdd006eec9409923f9a56b9026ce2cb72e7b71dc.

Diff Detail

Repository: rG LLVM Github Monorepo

Unit TestsFailed

	Time	Test
	360 ms	linux > HWAddressSanitizer-x86_64.TestCases::sizes.cpp
	110 ms	windows > LLVM.tools/llvm-symbolizer/pdb::missing_pdb.test

Event Timeline

zequanwu created this revision.Oct 21 2020, 5:14 PM

Herald added a project: Restricted Project. · View Herald TranscriptOct 21 2020, 5:14 PM

Herald added subscribers: llvm-commits, hiraditya. · View Herald Transcript

zequanwu requested review of this revision.Oct 21 2020, 5:14 PM

Herald added a subscriber: wdng. · View Herald TranscriptOct 21 2020, 5:14 PM

zequanwu mentioned this in D89590: [NPM][SimplifyCFGPass] For OptForFuzzing attribute, disable SimplifyCondBranch and FoldTwoEntryPHINode in NPM.Oct 21 2020, 5:14 PM

lgtm, but I'll let arsenm approve

I disagree with this change. SimplifyCFG should continue to pass in options for transform options as is done for the others. I don't think avoiding duplication between the new PM and code that will be deleted is worth it

This revision now requires changes to proceed.Oct 21 2020, 5:35 PM

https://reviews.llvm.org/D44232 makes it sound like we always want to disable certain optimizations when optforfuzzing is specified, so the checks should be done in the transform, not the pass setup. We can have the options you introduced to disable those optimizations no matter what (as I suggested in https://reviews.llvm.org/D89590), but I think we should at least always check for optforfuzzing in SimplifyCFG.cpp. Does that make sense?

Harbormaster completed remote builds in B75953: Diff 299828.Oct 21 2020, 5:48 PM

Thank you for the patch!

In D89917#2346037, @arsenm wrote:

I disagree with this change. SimplifyCFG should continue to pass in options for transform options as is done for the others. I don't think avoiding duplication between the new PM and code that will be deleted is worth it

I disagree here. Why is that beneficial, if we want to force-disable those transforms regardless of their previous configured status?

In D89917#2346421, @lebedev.ri wrote:

Thank you for the patch!

In D89917#2346037, @arsenm wrote:

I disagree with this change. SimplifyCFG should continue to pass in options for transform options as is done for the others. I don't think avoiding duplication between the new PM and code that will be deleted is worth it

I disagree here. Why is that beneficial, if we want to force-disable those transforms regardless of their previous configured status?

Because SimplifyCFG is a standalone utility, not just a pass. It's a pass's responsibility to ensure attributes are respected, not individual transformations. If I'm writing another control flow pass (e.g. a structurizer) and calling these utilities, the transformation options should not be limited based on this extremely poorly specified attribute.

In D89917#2347088, @arsenm wrote:

In D89917#2346421, @lebedev.ri wrote:

Thank you for the patch!

In D89917#2346037, @arsenm wrote:

I disagree with this change. SimplifyCFG should continue to pass in options for transform options as is done for the others. I don't think avoiding duplication between the new PM and code that will be deleted is worth it

I disagree here. Why is that beneficial, if we want to force-disable those transforms regardless of their previous configured status?

Because SimplifyCFG is a standalone utility, not just a pass. It's a pass's responsibility to ensure attributes are respected, not individual transformations. If I'm writing another control flow pass (e.g. a structurizer) and calling these utilities, the transformation options should not be limited based on this extremely poorly specified attribute.

Let's back-track here.
Are you saying that those folds should not disable themselves in presence of OptForFuzzing attribute,
or that they should be guarded by their options?
Because i agree with later, but disagree with former.

In D89917#2347182, @lebedev.ri wrote:

In D89917#2347088, @arsenm wrote:

In D89917#2346421, @lebedev.ri wrote:

Thank you for the patch!

In D89917#2346037, @arsenm wrote:

I disagree with this change. SimplifyCFG should continue to pass in options for transform options as is done for the others. I don't think avoiding duplication between the new PM and code that will be deleted is worth it

I disagree here. Why is that beneficial, if we want to force-disable those transforms regardless of their previous configured status?

Because SimplifyCFG is a standalone utility, not just a pass. It's a pass's responsibility to ensure attributes are respected, not individual transformations. If I'm writing another control flow pass (e.g. a structurizer) and calling these utilities, the transformation options should not be limited based on this extremely poorly specified attribute.

Let's back-track here.
Are you saying that those folds should not disable themselves in presence of OptForFuzzing attribute,
or that they should be guarded by their options?
Because i agree with later, but disagree with former.

I'm saying these folds should be guarded by the SimplifyCFGOptions flags. The pass itself should initialize the option field based on the attribute. Other uses of SimplifyCFG the utilities can consider the attribute at their discretion

+morehouse who added optforfuzzing

morehouse, any thoughts on this?

I'm not familiar with users of standalone SimplifyCFG.

My primary concern is to keep these optimizations disabled under -fsanitize=fuzzer since they reduce the coverage signal we get from SanCov. AFAIU, either approach works for this.

aeubanks mentioned this in D91473: [SimplifyCFG] Respect optforfuzzing in NPM pass.Nov 13 2020, 6:37 PM

aeubanks mentioned this in rGaeb0fdff351b: [SimplifyCFG] Respect optforfuzzing in NPM pass.Nov 16 2020, 9:57 AM

zequanwu abandoned this revision.Nov 17 2020, 2:37 PM

Revision Contents

Path

Size

llvm/

lib/

Transforms/

Scalar/

SimplifyCFGPass.cpp

8 lines

Utils/

SimplifyCFG.cpp

18 lines

Diff 299828

llvm/lib/Transforms/Scalar/SimplifyCFGPass.cpp

Show First 20 Lines • Show All 267 Lines • ▼ Show 20 Lines	CFGSimplifyPass(SimplifyCFGOptions Options_ = SimplifyCFGOptions(),
applyCommandLineOverridesToOptions(Options);		applyCommandLineOverridesToOptions(Options);
}		}

bool runOnFunction(Function &F) override {		bool runOnFunction(Function &F) override {
if (skipFunction(F) \|\| (PredicateFtor && !PredicateFtor(F)))		if (skipFunction(F) \|\| (PredicateFtor && !PredicateFtor(F)))
return false;		return false;

Options.AC = &getAnalysis<AssumptionCacheTracker>().getAssumptionCache(F);		Options.AC = &getAnalysis<AssumptionCacheTracker>().getAssumptionCache(F);
if (F.hasFnAttribute(Attribute::OptForFuzzing)) {
Options.setSimplifyCondBranch(false)
.setFoldTwoEntryPHINode(false);
} else {
Options.setSimplifyCondBranch(true)
.setFoldTwoEntryPHINode(true);
}

auto &TTI = getAnalysis<TargetTransformInfoWrapperPass>().getTTI(F);		auto &TTI = getAnalysis<TargetTransformInfoWrapperPass>().getTTI(F);
return simplifyFunctionCFG(F, TTI, Options);		return simplifyFunctionCFG(F, TTI, Options);
}		}
void getAnalysisUsage(AnalysisUsage &AU) const override {		void getAnalysisUsage(AnalysisUsage &AU) const override {
AU.addRequired<AssumptionCacheTracker>();		AU.addRequired<AssumptionCacheTracker>();
AU.addRequired<TargetTransformInfoWrapperPass>();		AU.addRequired<TargetTransformInfoWrapperPass>();
AU.addPreserved<GlobalsAAWrapperPass>();		AU.addPreserved<GlobalsAAWrapperPass>();
}		}
Show All 17 Lines

llvm/lib/Transforms/Utils/SimplifyCFG.cpp

Show First 20 Lines • Show All 2,409 Lines • ▼ Show 20 Lines	static bool FoldTwoEntryPHINode(PHINode *PN, const TargetTransformInfo &TTI,
const DataLayout &DL) {		const DataLayout &DL) {
// Ok, this is a two entry PHI node. Check to see if this is a simple "if		// Ok, this is a two entry PHI node. Check to see if this is a simple "if
// statement", which has a very simple dominance structure. Basically, we		// statement", which has a very simple dominance structure. Basically, we
// are trying to find the condition that is being branched on, which		// are trying to find the condition that is being branched on, which
// subsequently causes this merge to happen. We really want control		// subsequently causes this merge to happen. We really want control
// dependence information for this check, but simplifycfg can't keep it up		// dependence information for this check, but simplifycfg can't keep it up
// to date, and this catches most of the cases we care about anyway.		// to date, and this catches most of the cases we care about anyway.
BasicBlock *BB = PN->getParent();		BasicBlock *BB = PN->getParent();
		const Function *Fn = BB->getParent();
		if (Fn && Fn->hasFnAttribute(Attribute::OptForFuzzing))
		return false;

BasicBlock IfTrue, IfFalse;		BasicBlock IfTrue, IfFalse;
Value *IfCond = GetIfCondition(BB, IfTrue, IfFalse);		Value *IfCond = GetIfCondition(BB, IfTrue, IfFalse);
if (!IfCond \|\|		if (!IfCond \|\|
// Don't bother if the branch will be constant folded trivially.		// Don't bother if the branch will be constant folded trivially.
isa<ConstantInt>(IfCond))		isa<ConstantInt>(IfCond))
return false;		return false;

▲ Show 20 Lines • Show All 3,624 Lines • ▼ Show 20 Lines	if (!PPred \|\| (PredPred && PredPred != PPred))
return nullptr;		return nullptr;
PredPred = PPred;		PredPred = PPred;
}		}
return PredPred;		return PredPred;
}		}

bool SimplifyCFGOpt::simplifyCondBranch(BranchInst *BI, IRBuilder<> &Builder) {		bool SimplifyCFGOpt::simplifyCondBranch(BranchInst *BI, IRBuilder<> &Builder) {
BasicBlock *BB = BI->getParent();		BasicBlock *BB = BI->getParent();
if (!Options.SimplifyCondBranch)		const Function *Fn = BB->getParent();
		if (Fn && Fn->hasFnAttribute(Attribute::OptForFuzzing))
return false;		return false;

// Conditional branch		// Conditional branch
if (isValueEqualityComparison(BI)) {		if (isValueEqualityComparison(BI)) {
// If we only have one predecessor, and if it is a branch on this value,		// If we only have one predecessor, and if it is a branch on this value,
// see if that predecessor totally determines the outcome of this		// see if that predecessor totally determines the outcome of this
// switch.		// switch.
if (BasicBlock *OnlyPred = BB->getSinglePredecessor())		if (BasicBlock *OnlyPred = BB->getSinglePredecessor())
▲ Show 20 Lines • Show All 198 Lines • ▼ Show 20 Lines	bool SimplifyCFGOpt::simplifyOnce(BasicBlock *BB) {
if (MergeBlockIntoPredecessor(BB))		if (MergeBlockIntoPredecessor(BB))
return true;		return true;

if (SinkCommon && Options.SinkCommonInsts)		if (SinkCommon && Options.SinkCommonInsts)
Changed \|= SinkCommonCodeFromPredecessors(BB);		Changed \|= SinkCommonCodeFromPredecessors(BB);

IRBuilder<> Builder(BB);		IRBuilder<> Builder(BB);

if (Options.FoldTwoEntryPHINode) {
// If there is a trivial two-entry PHI node in this basic block, and we can		// If there is a trivial two-entry PHI node in this basic block, and we can
// eliminate it, do so now.		// eliminate it, do so now.
if (auto *PN = dyn_cast<PHINode>(BB->begin()))		if (auto *PN = dyn_cast<PHINode>(BB->begin()))
if (PN->getNumIncomingValues() == 2)		if (PN->getNumIncomingValues() == 2)
Changed \|= FoldTwoEntryPHINode(PN, TTI, DL);		Changed \|= FoldTwoEntryPHINode(PN, TTI, DL);
}

Instruction *Terminator = BB->getTerminator();		Instruction *Terminator = BB->getTerminator();
Builder.SetInsertPoint(Terminator);		Builder.SetInsertPoint(Terminator);
switch (Terminator->getOpcode()) {		switch (Terminator->getOpcode()) {
case Instruction::Br:		case Instruction::Br:
Changed \|= simplifyBranch(cast<BranchInst>(Terminator), Builder);		Changed \|= simplifyBranch(cast<BranchInst>(Terminator), Builder);
break;		break;
case Instruction::Ret:		case Instruction::Ret:
▲ Show 20 Lines • Show All 44 Lines • Show Last 20 Lines