This is an archive of the discontinued LLVM Phabricator instance.

Differential D97568

[ARM] support symbolic expressions as branch target in b.w
ClosedPublic

Authored by jcai19 on Feb 26 2021, 11:25 AM.

Details

Reviewers
DavidSpickett
psmith
ostannard
eli.friedman
nickdesaulniers
MaskRay
Commits
rGc35105055ee4: [ARM] support symbolic expressions as branch target in b.w
Summary

Currently ARM backend validates the range of branch targets before the
layout of fragments is finalized. This causes build failure if symbolic
expressions are used, with the exception of a single symbolic value.
For example, "b.w ." works but "b.w . + 2" currently fails to
assemble. This fixes the issue by delaying this check (in
ARMAsmParser::validateInstruction) of b.w instructions until the symbol
expressions are resolved (in ARMAsmBackend::adjustFixupValue).

Link:
https://github.com/ClangBuiltLinux/linux/issues/1286

Diff Detail

Event Timeline

jcai19 created this revision.Feb 26 2021, 11:25 AM
Herald added subscribers: danielkiss, hiraditya, kristof.beyls. · View Herald TranscriptFeb 26 2021, 11:25 AM
jcai19 requested review of this revision.Feb 26 2021, 11:25 AM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 26 2021, 11:25 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
jcai19 added a comment.Feb 26 2021, 11:26 AM

This is created based on the discussion at https://reviews.llvm.org/D97501#inline-914358.

jcai19 added reviewers: DavidSpickett, psmith, ostannard, eli.friedman, nickdesaulniers.Feb 26 2021, 11:33 AM
jcai19 mentioned this in D97501: [ARM] support symbolic expressions as branch target.
jcai19 added subscribers: MaskRay, manojgupta, llozano.
nickdesaulniers added inline comments.Feb 26 2021, 11:56 AM
llvm/lib/Target/ARM/AsmParser/ARMAsmParser.cpp
7955

if you don't use the return value from dyn_cast, you should use isa.
https://llvm.org/docs/ProgrammersManual.html#the-isa-cast-and-dyn-cast-templates

or rewrite this as two nested ifs:

if (auto foo = dyn_cast<...):
  if (!foo.isSignedOffset<...):
    return Error(...);
Harbormaster completed remote builds in B91084: Diff 326754.Feb 26 2021, 2:57 PM
MaskRay added a comment.Feb 26 2021, 3:46 PM

I made a very similar patch for RISC-V: D92293.

Patching isSignedOffset is fine since it fixes more instructions. It is also fine to restrict the lift on t2B currently as you don't have tests for others.

llvm/test/MC/ARM/thumb2-b.w-target.s
2

Use consistent comment marker in a test.

6

No need to say GNU objdump behavior. The specific llvm-objdump tests for the symbolization will do it.

12

start+0xfffff is undeeded detail. There should be specific llvm-objdump tests for the symbolization.

llvm/test/MC/ARM/thumb2-branch-ranges.s
101

[[@LINE]] is deprecated FileCheck syntax.

[[#@LINE+1]]:[[#]]: error: ...

jcai19 updated this revision to Diff 326848.Feb 26 2021, 4:58 PM
jcai19 marked 4 inline comments as done.

Skip range check of MCBinaryExpr in b.w instead of any non-constant expressions.

jcai19 marked an inline comment as done.Feb 26 2021, 4:59 PM
Harbormaster completed remote builds in B91150: Diff 326848.Feb 26 2021, 9:37 PM
jcai19 updated this revision to Diff 327297.Mar 1 2021, 2:46 PM

Remove unncessary CHECK-NOT.

MaskRay accepted this revision.Mar 1 2021, 2:59 PM
MaskRay added inline comments.
llvm/lib/Target/ARM/AsmParser/ARMAsmParser.cpp
7954

Add a period after a complete sentence.

This revision is now accepted and ready to land.Mar 1 2021, 2:59 PM
jcai19 updated this revision to Diff 327301.Mar 1 2021, 3:06 PM

Add period after a comment.

jcai19 marked an inline comment as done.Mar 1 2021, 3:07 PM
This revision was landed with ongoing or failed builds.Mar 1 2021, 5:42 PM
Closed by commit rGc35105055ee4: [ARM] support symbolic expressions as branch target in b.w (authored by jcai19). · Explain Why
This revision was automatically updated to reflect the committed changes.
jcai19 added a commit: rGc35105055ee4: [ARM] support symbolic expressions as branch target in b.w.
Harbormaster completed remote builds in B91456: Diff 327297.Mar 1 2021, 8:18 PM
Harbormaster completed remote builds in B91459: Diff 327301.Mar 1 2021, 8:43 PM
nickdesaulniers added inline comments.Mar 2 2021, 1:34 PM
llvm/lib/Target/ARM/AsmParser/ARMAsmParser.cpp
7967

It's definitely not great seeing this problem across multiple different instructions; in particular I suspect that t2Bcc is the same operation as t2B (branch), just with a condition code (cc) and smaller immediate.

I still think the callers should defer checks for MCBinaryExpr (as this patch does), but then seeing things like isThumbBranchTarget/isARMBranchTarget makes me nervous that we can't validate MCBinaryExpr operands until after adjusting fixups (very late) for many other instructions.

If MCSymbolRefExpr is just the . operator in assembler, and MCBinaryExpr is for expressions, I wonder if isUnsignedOffset, isSignedOffset, isLEOffset, and isThumbMemPC should all return true for MCBinaryExpr?

isARMBranchTarget/isThumbBranchTarget default to true (for example for MCSymbolRefExpr and MCBinaryExpr, but the list above do not. And that's curious to me. We can't know if these immediates satisfy some range constraints until after fixup; right now these methods are a mix of what they permit when expressions involving . are used.

nickdesaulniers added inline comments.Mar 2 2021, 1:52 PM
llvm/lib/Target/ARM/AsmParser/ARMAsmParser.cpp
7967

And part of that is that these isSignedOffset and friends all return bool, when for MCSymbolRefExpr and MCBinaryExpr operands the answer has a third possible state which is "maybe, but I won't know until adjusting fixups" which is one of the last things the assembler does, without rerunning instruction validation. isUnsignedOffset, isSignedOffset, isLEOffset, and isThumbMemPC all respond "no" conservatively; isARMBranchTarget/isThumbBranchTarget respond "sure" perhaps too eagerly. I suspect given a MCSymbolRefExpr or MCBinaryExpr, isARMBranchTarget/isThumbBranchTarget both respond true, when after fixups the answer perhaps should have been "no."

jcai19 added inline comments.Mar 2 2021, 5:57 PM
llvm/lib/Target/ARM/AsmParser/ARMAsmParser.cpp
7967

Agreed, I will take a look at the code and see if we could refactor it for a more permanent solution. Also . gets converted into a symbol like any regular label, so MCSymbolRefExpr covers any expressions with a single label or ..

jcai19 mentioned this in D98916: [ARM] support symbolic expression as immediate in memory instructions.Mar 22 2021, 12:09 PM

Revision Contents

PathSize
llvm/
lib/
Target/
ARM/
AsmParser/
5 lines
test/
MC/
ARM/
12 lines
6 lines

Diff 327335

llvm/lib/Target/ARM/AsmParser/ARMAsmParser.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 7,944 Lines▼ Show 20 Linesbool ARMAsmParser::validateInstruction(MCInst &Inst,
// Final range checking for Thumb unconditional branch instructions. // Final range checking for Thumb unconditional branch instructions.
case ARM::tB: case ARM::tB:
if (!(static_cast<ARMOperand &>(*Operands[2])).isSignedOffset<11, 1>()) if (!(static_cast<ARMOperand &>(*Operands[2])).isSignedOffset<11, 1>())
return Error(Operands[2]->getStartLoc(), "branch target out of range"); return Error(Operands[2]->getStartLoc(), "branch target out of range");
break; break;
case ARM::t2B: { case ARM::t2B: {
int op = (Operands[2]->isImm()) ? 2 : 3; int op = (Operands[2]->isImm()) ? 2 : 3;
if (!static_cast<ARMOperand &>(*Operands[op]).isSignedOffset<24, 1>()) ARMOperand &Operand = static_cast<ARMOperand &>(*Operands[op]);
// Delay the checks of symbolic expressions until they are resolved.
MaskRayUnsubmitted
Done
ReplyInline Actions

Add a period after a complete sentence.

MaskRay: Add a period after a complete sentence.
if (!isa<MCBinaryExpr>(Operand.getImm()) &&
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

if you don't use the return value from dyn_cast, you should use isa.
https://llvm.org/docs/ProgrammersManual.html#the-isa-cast-and-dyn-cast-templates

or rewrite this as two nested ifs:

if (auto foo = dyn_cast<...):
  if (!foo.isSignedOffset<...):
    return Error(...);
nickdesaulniers: if you don't use the return value from `dyn_cast`, you should use `isa`. https://llvm.
!Operand.isSignedOffset<24, 1>())
return Error(Operands[op]->getStartLoc(), "branch target out of range"); return Error(Operands[op]->getStartLoc(), "branch target out of range");
break; break;
} }
// Final range checking for Thumb conditional branch instructions. // Final range checking for Thumb conditional branch instructions.
case ARM::tBcc: case ARM::tBcc:
if (!static_cast<ARMOperand &>(*Operands[2]).isSignedOffset<8, 1>()) if (!static_cast<ARMOperand &>(*Operands[2]).isSignedOffset<8, 1>())
return Error(Operands[2]->getStartLoc(), "branch target out of range"); return Error(Operands[2]->getStartLoc(), "branch target out of range");
break; break;
case ARM::t2Bcc: { case ARM::t2Bcc: {
int Op = (Operands[2]->isImm()) ? 2 : 3; int Op = (Operands[2]->isImm()) ? 2 : 3;
if (!static_cast<ARMOperand &>(*Operands[Op]).isSignedOffset<20, 1>()) if (!static_cast<ARMOperand &>(*Operands[Op]).isSignedOffset<20, 1>())
nickdesaulniersUnsubmitted
Not Done
ReplyInline Actions

It's definitely not great seeing this problem across multiple different instructions; in particular I suspect that t2Bcc is the same operation as t2B (branch), just with a condition code (cc) and smaller immediate.

I still think the callers should defer checks for MCBinaryExpr (as this patch does), but then seeing things like isThumbBranchTarget/isARMBranchTarget makes me nervous that we can't validate MCBinaryExpr operands until after adjusting fixups (very late) for many other instructions.

If MCSymbolRefExpr is just the . operator in assembler, and MCBinaryExpr is for expressions, I wonder if isUnsignedOffset, isSignedOffset, isLEOffset, and isThumbMemPC should all return true for MCBinaryExpr?

isARMBranchTarget/isThumbBranchTarget default to true (for example for MCSymbolRefExpr and MCBinaryExpr, but the list above do not. And that's curious to me. We can't know if these immediates satisfy some range constraints until after fixup; right now these methods are a mix of what they permit when expressions involving . are used.

nickdesaulniers: It's definitely not great seeing this problem across multiple different instructions; in…
nickdesaulniersUnsubmitted
Not Done
ReplyInline Actions

And part of that is that these isSignedOffset and friends all return bool, when for MCSymbolRefExpr and MCBinaryExpr operands the answer has a third possible state which is "maybe, but I won't know until adjusting fixups" which is one of the last things the assembler does, without rerunning instruction validation. isUnsignedOffset, isSignedOffset, isLEOffset, and isThumbMemPC all respond "no" conservatively; isARMBranchTarget/isThumbBranchTarget respond "sure" perhaps too eagerly. I suspect given a MCSymbolRefExpr or MCBinaryExpr, isARMBranchTarget/isThumbBranchTarget both respond true, when after fixups the answer perhaps should have been "no."

nickdesaulniers: And part of that is that these `isSignedOffset` and friends all return `bool`, when for…
jcai19AuthorUnsubmitted
Done
ReplyInline Actions

Agreed, I will take a look at the code and see if we could refactor it for a more permanent solution. Also . gets converted into a symbol like any regular label, so MCSymbolRefExpr covers any expressions with a single label or ..

jcai19: Agreed, I will take a look at the code and see if we could refactor it for a more permanent…
return Error(Operands[Op]->getStartLoc(), "branch target out of range"); return Error(Operands[Op]->getStartLoc(), "branch target out of range");
break; break;
} }
case ARM::tCBZ: case ARM::tCBZ:
case ARM::tCBNZ: { case ARM::tCBNZ: {
if (!static_cast<ARMOperand &>(*Operands[2]).isUnsignedOffset<6, 1>()) if (!static_cast<ARMOperand &>(*Operands[2]).isUnsignedOffset<6, 1>())
return Error(Operands[2]->getStartLoc(), "branch target out of range"); return Error(Operands[2]->getStartLoc(), "branch target out of range");
break; break;
▲ Show 20 LinesShow All 4,356 LinesShow Last 20 Lines

llvm/test/MC/ARM/thumb2-b.w-target.s

  • This file was added.
// RUN: llvm-mc -triple=thumbv7 -filetype=obj %s | llvm-objdump --triple=thumbv7 -d - | FileCheck %s
MaskRayUnsubmitted
Done
ReplyInline Actions

Use consistent comment marker in a test.

MaskRay: Use consistent comment marker in a test.
.syntax unified
// CHECK-LABEL: start
// CHECK-NEXT: b.w #16777208
MaskRayUnsubmitted
Done
ReplyInline Actions

No need to say GNU objdump behavior. The specific llvm-objdump tests for the symbolization will do it.

MaskRay: No need to say GNU objdump behavior. The specific llvm-objdump tests for the symbolization will…
// CHECK-NEXT: b.w #2
start:
b.w start - 1f + 0x1000000
1:
b.w . + (2f - 1b + 2)
2:
MaskRayUnsubmitted
Done
ReplyInline Actions

start+0xfffff is undeeded detail. There should be specific llvm-objdump tests for the symbolization.

MaskRay: `start+0xfffff` is undeeded detail. There should be specific llvm-objdump tests for the…

llvm/test/MC/ARM/thumb2-branch-ranges.s

Show First 20 LinesShow All 88 Lines▼ Show 20 Lines
start6: start6:
.space 0x100000 .space 0x100000
// branch to thumb function resolved at assembly time // branch to thumb function resolved at assembly time
// CHECK-NOT: error // CHECK-NOT: error
// CHECK: [[@LINE+2]]:{{[0-9]}}: error: Relocation out of range // CHECK: [[@LINE+2]]:{{[0-9]}}: error: Relocation out of range
// CHECK-LABEL: beq.w start6 // CHECK-LABEL: beq.w start6
beq.w start6 beq.w start6
start7:
// branch to thumb function resolved at assembly time
// CHECK: [[#@LINE+1]]:{{[0-9]}}: error: Relocation out of range
b.w start8 - start7 + 0x1000000
MaskRayUnsubmitted
Done
ReplyInline Actions

[[@LINE]] is deprecated FileCheck syntax.

[[#@LINE+1]]:[[#]]: error: ...

MaskRay: `[[@LINE]]` is deprecated FileCheck syntax. `[[#@LINE+1]]:[[#]]: error: ...`
start8: