This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
mlir/lib/IR/
-
lib/
-
IR/
-
BuiltinTypes.cpp

Differential D96530

[mlir] detect integer overflow in debug mode
ClosedPublic

Authored by aartbik on Feb 11 2021, 11:11 AM.

Download Raw Diff

Details

Reviewers

rriddle
mehdi_amini
stellaraccident

Commits

rG5f022ad6ed8d: [mlir] detect integer overflow in debug mode

Summary

Rationale:
This computation failed ASAN for the following input
(integer overflow during 4032000000000000000 * 100):

tensor<100x200x300x400x500x600x700x800xf32>

This change adds a simple overflow detection during
debug mode (which we run more regularly than ASAN).
Arguably this is an unrealistic tensor input, but
in the context of sparse tensors, we may start to
see cases like this.

Bug:
https://bugs.llvm.org/show_bug.cgi?id=49136

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

aartbik created this revision.Feb 11 2021, 11:11 AM

Herald added a reviewer: rriddle. · View Herald TranscriptFeb 11 2021, 11:11 AM

Herald added subscribers: teijeong, rdzhabarov, tatianashp and 13 others. · View Herald Transcript

aartbik requested review of this revision.Feb 11 2021, 11:11 AM

Herald added a project: Restricted Project. · View Herald TranscriptFeb 11 2021, 11:11 AM

Herald added subscribers: stephenneuendorffer, nicolasvasilache. · View Herald Transcript

aartbik added reviewers: mehdi_amini, stellaraccident.Feb 11 2021, 11:11 AM

Would we catch the issue from yesterday if you moved this assertions in ShapedType::getNumElements()?
That would be more centralized and can cover more cases ideally.

In D96530#2557732, @mehdi_amini wrote:

Would we catch the issue from yesterday if you moved this assertions in ShapedType::getNumElements()?
That would be more centralized and can cover more cases ideally.

That wouldn't have caught this particular issue, but looking at the logic in that method, happy to add that there too.

Please also give some thought on how to detect overflow (I present two methods in the bug as alternatives).
Testing > 0 is by far the easiest, but technically not a portable way, since the behavior is undefined (perhaps
a good reason to switch to unsigned :-)?

In D96530#2557752, @aartbik wrote:

In D96530#2557732, @mehdi_amini wrote:

Would we catch the issue from yesterday if you moved this assertions in ShapedType::getNumElements()?
That would be more centralized and can cover more cases ideally.

That wouldn't have caught this particular issue, but looking at the logic in that method, happy to add that there too.

OK, if you can add it there as well that'd be great!

Please also give some thought on how to detect overflow (I present two methods in the bug as alternatives).
Testing > 0 is by far the easiest, but technically not a portable way, since the behavior is undefined

Ah I missed the comment in the bug, answered there: I'm fine with 2) since we're just talking about an assertions for a poor-man UBSAN.

(perhaps good reason to switch to unsigned :-)?

Actually UBSAN catching the bug in the first place is the perfect justification why I never use unsigned :)
(unless I really intended to wrap around intentionally).

similar quick overflow test in number of elements
(note that here we need >= since total size can be zero)

mehdi_amini accepted this revision.Feb 11 2021, 1:35 PM

This revision is now accepted and ready to land.Feb 11 2021, 1:35 PM

Harbormaster completed remote builds in B88861: Diff 323087.Feb 11 2021, 5:14 PM

This revision was landed with ongoing or failed builds.Feb 11 2021, 6:21 PM

Closed by commit rG5f022ad6ed8d: [mlir] detect integer overflow in debug mode (authored by aartbik). · Explain Why

This revision was automatically updated to reflect the committed changes.

aartbik added a commit: rG5f022ad6ed8d: [mlir] detect integer overflow in debug mode.

Harbormaster completed remote builds in B88876: Diff 323114.Feb 11 2021, 7:07 PM

Revision Contents

Path

Size

mlir/

lib/

IR/

BuiltinTypes.cpp

10 lines

Diff 323201

mlir/lib/IR/BuiltinTypes.cpp

Show First 20 Lines • Show All 203 Lines • ▼ Show 20 Lines
unsigned ShapedType::getElementTypeBitWidth() const {		unsigned ShapedType::getElementTypeBitWidth() const {
return getElementType().getIntOrFloatBitWidth();		return getElementType().getIntOrFloatBitWidth();
}		}

int64_t ShapedType::getNumElements() const {		int64_t ShapedType::getNumElements() const {
assert(hasStaticShape() && "cannot get element count of dynamic shaped type");		assert(hasStaticShape() && "cannot get element count of dynamic shaped type");
auto shape = getShape();		auto shape = getShape();
int64_t num = 1;		int64_t num = 1;
for (auto dim : shape)		for (auto dim : shape) {
num *= dim;		num *= dim;
		assert(num >= 0 && "integer overflow in element count computation");
		}
return num;		return num;
}		}

int64_t ShapedType::getRank() const {		int64_t ShapedType::getRank() const {
assert(hasRank() && "cannot query rank of unranked shaped type");		assert(hasRank() && "cannot query rank of unranked shaped type");
return getShape().size();		return getShape().size();
}		}

▲ Show 20 Lines • Show All 574 Lines • ▼ Show 20 Lines	for (auto en : llvm::zip(llvm::reverse(exprs), llvm::reverse(sizes))) {
// Degenerate case, no size =-> no stride		// Degenerate case, no size =-> no stride
if (size == 0)		if (size == 0)
continue;		continue;
AffineExpr dimExpr = std::get<0>(en);		AffineExpr dimExpr = std::get<0>(en);
AffineExpr stride = dynamicPoisonBit		AffineExpr stride = dynamicPoisonBit
? getAffineSymbolExpr(nSymbols++, context)		? getAffineSymbolExpr(nSymbols++, context)
: getAffineConstantExpr(runningSize, context);		: getAffineConstantExpr(runningSize, context);
expr = expr ? expr + dimExpr * stride : dimExpr * stride;		expr = expr ? expr + dimExpr * stride : dimExpr * stride;
if (size > 0)		if (size > 0) {
runningSize *= size;		runningSize *= size;
else		assert(runningSize > 0 && "integer overflow in size computation");
		} else {
dynamicPoisonBit = true;		dynamicPoisonBit = true;
}		}
		}
return simplifyAffineExpr(expr, numDims, nSymbols);		return simplifyAffineExpr(expr, numDims, nSymbols);
}		}

/// Return a version of `t` with a layout that has all dynamic offset and		/// Return a version of `t` with a layout that has all dynamic offset and
/// strides. This is used to erase the static layout.		/// strides. This is used to erase the static layout.
MemRefType mlir::eraseStridedLayout(MemRefType t) {		MemRefType mlir::eraseStridedLayout(MemRefType t) {
auto val = ShapedType::kDynamicStrideOrOffset;		auto val = ShapedType::kDynamicStrideOrOffset;
return MemRefType::Builder(t).setAffineMaps(makeStridedLinearLayoutMap(		return MemRefType::Builder(t).setAffineMaps(makeStridedLinearLayoutMap(
Show All 29 Lines