This is an archive of the discontinued LLVM Phabricator instance.

Differential D97971

[IPSCCP] don't propagate constant in section when caller/callee sections mismatch
AbandonedPublic

Authored by nickdesaulniers on Mar 4 2021, 11:57 AM.

Details

Reviewers
fhahn
jyknight
efriedma
jdoerfert
Summary

The Linux kernel uses section attributes on functions and data that's
used only during initialization to reclaim memory backing such code and
data post initialization.

The preprocessor defines init (for code) and initdata (for global
variables) expand to to:
attribute((section(".init"))) and
attribute((section(".init.data"))) respectively. See also
https://www.kernel.org/doc/html/latest/kernel-hacking/hacking.html?highlight=__initdata#init-exit-initdata.

So a commonly recurring pattern in the kernel is:

initdata int z;
static void callee (int x) { int y = x; }
init void caller (void) { callee(z); }

InterProcedural Sparse Conditional Constant Propagation (IPSCCP) can
turn the above into:

initdata int z;
static void callee (int x) { int y = z; }
init void caller (void) { callee(z); }

Note how callee directly references z directly now, rather than the
parameter x. Later, Dead Argument Elimination (deadargelim) may even
change the signature of callee removing dead arguments from its
signature, avoiding call setup in the caller for those arguments.

Now, consider what happens when callee is *not* inlined into caller.
Upon initialization, the kernel will reclaim z and caller, but not
callee. At best, we can consider this a memory leak. At worst, we've now
left behind a potential gadget for use after free.

With recent changes to enable NPM by default in clang-13
(https://reviews.llvm.org/D95380), the inlining heuristics have been
perturbed, which is leading to many cases in the Linux kernel where
callee was previously being inlined (avoiding all of the above
problems), and now is not.

This patch records the Value's used as parameters when caller and callee
are in explicitly different sections. Then, when IPSCCP goes to perform
transforms first checks if the GlobalValue that's the replacement comes
from an explicit section, and if the Value being replaced was from a
caller/callee section mismatch, and if so bails.

Care is taken to avoid not preventing the optimization for the general
case where section attributes are not used, or at least match. This
results in no change in binary size for the Linux kernel (x86_64
defconfig); there is a tradeoff in .text vs relocations of 24B
(insignificant, 3.64E-7%).

Alternative approaches considered:

  • Marking callee __init. We can't generally do this, as otherwise every

helper function wouldn't be callable from non __init code, lest it run
the risk of jumping to unmapped/remapped memory.

  • Inheriting __init on callee. While it appears that LLVM is creating a

specialized version of callee, it's technically IPSCCP and DeadArgElim
working together. I don't think adding section attributes to callers is
a general solution.

  • Use of attribute((always_inline)). This is tricky because it's

very common in the kernel for callee to be a static inline function
defined in a header. It's infeasible to add such function attribute to
every helper function, hurts compile time, and it's a relatively large
hammer to force the callee to be inlined into *every* caller. I'd argue
that IPSCCP in the case described is dangerous, regardless of inlining.

  • Adjusting InlineCost heuristics. We might be able to further discount

the cost for such specific cases described, or try to do somehow when
DeadArgElim has created such a specialized version of callee tightly
bound to caller. With the recent changes to inlining from NPM, I don't
want to perturb the InlineCost heuristic further right now.

Link: https://github.com/ClangBuiltLinux/linux/issues/1302
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>

Diff Detail

Unit TestsFailed

TimeTest
30 msx64 windows > LLVM.ExecutionEngine/JITLink/AArch64::MachO_arm64_ehframe.test
70 msx64 windows > LLVM.ExecutionEngine/JITLink/AArch64::MachO_arm64_relocations.s
80 msx64 windows > LLVM.ExecutionEngine/JITLink/X86::ELF_skip_debug_sections.s
90 msx64 windows > LLVM.ExecutionEngine/JITLink/X86::ELF_weak_definitions.s
80 msx64 windows > LLVM.ExecutionEngine/JITLink/X86::ELF_x86-64_common.s
View Full Test Results (19 Failed)

Event Timeline

nickdesaulniers created this revision.Mar 4 2021, 11:57 AM
Herald added subscribers: pengfei, hiraditya. · View Herald TranscriptMar 4 2021, 11:57 AM
nickdesaulniers requested review of this revision.Mar 4 2021, 11:57 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 4 2021, 11:57 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
nickdesaulniers added a subscriber: aeubanks.Mar 4 2021, 12:00 PM
lebedev.ri edited reviewers, added: efriedma; removed: eli.friedman.Mar 4 2021, 12:00 PM
nickdesaulniers edited the summary of this revision. (Show Details)Mar 4 2021, 12:01 PM
nickdesaulniers planned changes to this revision.Mar 4 2021, 12:03 PM

Sigh...it looks like this works for defconfigs, but not allmodconfigs (https://github.com/ClangBuiltLinux/linux/issues/1302). Let me see what's going on there and fix this up. In the meantime, RFC.

lebedev.ri added a reviewer: jdoerfert.Mar 4 2021, 12:03 PM
lebedev.ri added a subscriber: lebedev.ri.

Does langref's section actually provide such guarantees?

jdoerfert added a comment.Mar 4 2021, 2:08 PM

If we do this, we should create a helper somewhere that tells you if you can forward a constant, given an (Abstract)CallSite. For example, thread local constants can't be forwarded across callbacks.
So it's not only that we (might) have multiple things we need to filter but also multiple locations, Attributor needs this as well.

MaskRay added a comment.EditedMar 4 2021, 2:26 PM

void callee (int* x) { int y = *z; }

Should it be void callee (int* x) { int y = z; } ?

Later, Dead Argument Elimination (deadargelim) may even change the signature of callee removing dead arguments from its signature

Assuming void callee does not have the static keyword. deadargelim applies on local linkage functions.
LTO may internalize functions if the linker knows callee does not need to be exported. Yes, deadargelim can happen in that case.

https://github.com/ClangBuiltLinux/linux/issues/1301

WARNING: modpost: vmlinux.o(.text+0x68943): Section mismatch in reference from the function __nodes_weight() to the variable .init.data:numa_nodes_parsed

Is the warning about a non-.init.text function accesses .init.data data?
This feels to me that the kernel is asking too much.

If we rename .init.text to .text.hot. and .init.data to .data.hot., this rule would mean that a regular .text function cannot access .data.hot. data.
This does not sound right to me.
If the kernel wants to have an optimization barrier on the arguments, it should use some attributes if it does not want to use alwaysinline.

Harbormaster completed remote builds in B92134: Diff 328263.Mar 5 2021, 3:27 AM
nickdesaulniers updated this revision to Diff 328659.Mar 5 2021, 2:49 PM
nickdesaulniers edited the summary of this revision. (Show Details)
  • solve recursive GEP, greatly simplify implementation, update LangRef, update description verbatim
nickdesaulniers added a comment.Mar 5 2021, 3:03 PM
In D97971#2604415, @lebedev.ri wrote:

Does langref's section actually provide such guarantees?

Added a note, PTAL.

In D97971#2604727, @jdoerfert wrote:

If we do this, we should create a helper somewhere that tells you if you can forward a constant, given an (Abstract)CallSite. For example, thread local constants can't be forwarded across callbacks.
So it's not only that we (might) have multiple things we need to filter but also multiple locations, Attributor needs this as well.

Yep, that sounds feasible, and with my rewrite is fairly straightforward now that it's decoupled from SCCSolver. For the case you describe, does it also pertain to passing arguments or no? While my current implementation is tailed to the existing argument walk on the CallBase, that could simply be done for such a helper function you describe. Do you have a recommendation on a good location to place such a helper so that SCCSolver and Attributor could both refer to it?

In D97971#2604785, @MaskRay wrote:

void callee (int* x) { int y = *z; }

Should it be void callee (int* x) { int y = z; } ?

Thanks, fixed.

Later, Dead Argument Elimination (deadargelim) may even change the signature of callee removing dead arguments from its signature

Assuming void callee does not have the static keyword. deadargelim applies on local linkage functions.
LTO may internalize functions if the linker knows callee does not need to be exported. Yes, deadargelim can happen in that case.

Fixed the description to note that callee is static.

https://github.com/ClangBuiltLinux/linux/issues/1301

WARNING: modpost: vmlinux.o(.text+0x68943): Section mismatch in reference from the function __nodes_weight() to the variable .init.data:numa_nodes_parsed

Is the warning about a non-.init.text function accesses .init.data data?

Yes. That's a potential use after free, since .init.data data will be unmapped (and potentially remapped) after initialization, while the non-.init.text (ie. just `.text) function is not.

This feels to me that the kernel is asking too much.

Perhaps; do you have a recommendation on how best to pass references to global data in different sections otherwise? I'll note the use of this pattern of __init and __init_data is so pervasive throughout the sources, that "don't do that" is a non-starter. But perhaps there's another approach, like storing the constant to a pointer or something, or some other attributes you mention below?

If we rename .init.text to .text.hot. and .init.data to .data.hot., this rule would mean that a regular .text function cannot access .data.hot. data.

If we rename .init.text and .init.data, it will leak memory in the kernel as none of the annotated sections will get cleaned up.

This does not sound right to me.
If the kernel wants to have an optimization barrier on the arguments, it should use some attributes if it does not want to use alwaysinline.

Are there existing attributes we can use on parameters or arguments?

MaskRay added a comment.Mar 5 2021, 3:11 PM
In D97971#2607973, @nickdesaulniers wrote:
In D97971#2604415, @lebedev.ri wrote:

Does langref's section actually provide such guarantees?

Added a note, PTAL.

In D97971#2604727, @jdoerfert wrote:

If we do this, we should create a helper somewhere that tells you if you can forward a constant, given an (Abstract)CallSite. For example, thread local constants can't be forwarded across callbacks.
So it's not only that we (might) have multiple things we need to filter but also multiple locations, Attributor needs this as well.

Yep, that sounds feasible, and with my rewrite is fairly straightforward now that it's decoupled from SCCSolver. For the case you describe, does it also pertain to passing arguments or no? While my current implementation is tailed to the existing argument walk on the CallBase, that could simply be done for such a helper function you describe. Do you have a recommendation on a good location to place such a helper so that SCCSolver and Attributor could both refer to it?

In D97971#2604785, @MaskRay wrote:

void callee (int* x) { int y = *z; }

Should it be void callee (int* x) { int y = z; } ?

Thanks, fixed.

Later, Dead Argument Elimination (deadargelim) may even change the signature of callee removing dead arguments from its signature

Assuming void callee does not have the static keyword. deadargelim applies on local linkage functions.
LTO may internalize functions if the linker knows callee does not need to be exported. Yes, deadargelim can happen in that case.

Fixed the description to note that callee is static.

https://github.com/ClangBuiltLinux/linux/issues/1301

WARNING: modpost: vmlinux.o(.text+0x68943): Section mismatch in reference from the function __nodes_weight() to the variable .init.data:numa_nodes_parsed

Is the warning about a non-.init.text function accesses .init.data data?

Yes. That's a potential use after free, since .init.data data will be unmapped (and potentially remapped) after initialization, while the non-.init.text (ie. just `.text) function is not.

This feels to me that the kernel is asking too much.

Perhaps; do you have a recommendation on how best to pass references to global data in different sections otherwise? I'll note the use of this pattern of __init and __init_data is so pervasive throughout the sources, that "don't do that" is a non-starter. But perhaps there's another approach, like storing the constant to a pointer or something, or some other attributes you mention below?

If we rename .init.text to .text.hot. and .init.data to .data.hot., this rule would mean that a regular .text function cannot access .data.hot. data.

If we rename .init.text and .init.data, it will leak memory in the kernel as none of the annotated sections will get cleaned up.

This does not sound right to me.
If the kernel wants to have an optimization barrier on the arguments, it should use some attributes if it does not want to use alwaysinline.

Are there existing attributes we can use on parameters or arguments?

Hope @jdoerfert can shed some light on the attribute usage here...

jdoerfert added a comment.Mar 5 2021, 5:28 PM
In D97971#2607999, @MaskRay wrote:

This does not sound right to me.
If the kernel wants to have an optimization barrier on the arguments, it should use some attributes if it does not want to use alwaysinline.

Are there existing attributes we can use on parameters or arguments?

Hope @jdoerfert can shed some light on the attribute usage here...

The only existing one to disable this would be optnone, IIRC, not that it is a solution here. More than once people asked for noipa to disable interprocedural optimization across a call edge. While that might help we'd still need to attach it all over the place and the way I understand the problem we are only concerned with constant prop, not things like inlining.

I guess I would have put something like this into TargetTransformInfo only because helpers like areFunctionArgsABICompatible and areInlineCompatible are there as well:

/// TODO
bool isConstantCompatibleWithCallee(Constant &C, CallBase &CB) {
  Function *Callee = CB.getCalledFunction();
  if (auto *GV = dyn_cast<GlobalValue>(C.stripInBoundsConstantOffsets()))
    return Callee && Callee->getSection() == GV->getSection();
  return true;
}

I can add the AbstractCallSite version after.

Harbormaster completed remote builds in B92404: Diff 328659.Mar 6 2021, 10:10 AM
fhahn added inline comments.Mar 6 2021, 10:35 AM
llvm/lib/Transforms/Scalar/SCCP.cpp
1277

Shouldn't we check against the current state we have for CAI (using getValueState/ getStructValueState)? Otherwise we might still propagate the global into the caller, e.g. due to conditions or loads. Seeh ttps://godbolt.org/z/qMaMWE

Also, IIUC the real problem is the actual replacement in the function, right? If that's the case, can we just skip replacing uses in invalid functions (e.g. in tryToReplaceWithConstant)? That way, we would still be able to simplify conditions (see test3 in the godbolt) and also propagate the constant through functions without the right section to their callees if they have the right section.

nickdesaulniers updated this revision to Diff 329092.Mar 8 2021, 11:58 AM
  • check lattice for known constants, add test
nickdesaulniers added inline comments.Mar 8 2021, 12:12 PM
llvm/lib/Transforms/Scalar/SCCP.cpp
1277

Shouldn't we check against the current state we have for CAI (using getValueState/ getStructValueState)? Otherwise we might still propagate the global into the caller, e.g. due to conditions or loads. Seeh ttps://godbolt.org/z/qMaMWE

Ah, yes! Thanks for the test case; checking the lattice for known constants actually covers your examples and my existing ones. Updated.

Also, IIUC the real problem is the actual replacement in the function, right? If that's the case, can we just skip replacing uses in invalid functions (e.g. in tryToReplaceWithConstant)?

If you take a look at earlier revisions of this diff, that was the first approach I tried. The issue was that at tryToReplaceWithConstant when we're making replacement decisions, we no longer retain information about the callsite (CallBase) in order to check for mismatch between caller and callee. I used a simple vector to retain the list of arguments here in handleCallArguments, then scanned that list during replacement in tryToReplaceWithConstant. But I found it's much less memory intensive and less work to simply detect such case when building the lattice as is done here.

We probably could go back to something closer to the original implementation; perhaps I could add some machinery to ValueLatticeElement to track such cases, then look for that during replacement?

That way, we would still be able to simplify conditions (see test3 in the godbolt) and also propagate the constant through functions without the right section to their callees if they have the right section.

I see, @test3 now returns true after ipsccp. With my current change, @cmp from your godbolt link looks the same as the input after ipsccp is run. Hmm...

nickdesaulniers planned changes to this revision.Mar 8 2021, 12:12 PM
nickdesaulniers updated this revision to Diff 329171.Mar 8 2021, 5:20 PM
  • go back to stopping replacement post lattice creation, add @fhahn's test3, fix arbitrary operand being GV+Section
nickdesaulniers added inline comments.Mar 8 2021, 5:29 PM
llvm/lib/Transforms/Scalar/SCCP.cpp
1277

Ok, I still have some cleanup to do tomorrow (make NonReplaceable a private member, add comments for it, clean up function names in tests), but I think this now satisfies the additional cases you identified. (It's remarkable to see how well SCCP replace the return value of @test3, from your godbolt link). But I think this is in a good state. (I also had a bug where the constant with an explicit section could be any member of a GEP, not necessarily the first operand, so I changed the isGVSection helper to DFS all operands).

This permits us to fully propagate the constants in the lattice, then simply avoid problematic replacements.

I might have more changes I'll want to do tomorrow; but if @fhahn is ok with this approach, I'll move what I have to TargetTransformInfo as per @jdoerfert 's recommendation.

nickdesaulniers edited the summary of this revision. (Show Details)Mar 8 2021, 5:30 PM
Harbormaster completed remote builds in B92722: Diff 329092.Mar 8 2021, 6:05 PM
Harbormaster completed remote builds in B92767: Diff 329171.Mar 9 2021, 12:47 AM
fhahn added inline comments.Mar 10 2021, 12:03 PM
llvm/lib/Transforms/Scalar/SCCP.cpp
1277

If you take a look at earlier revisions of this diff, that was the first approach I tried. The issue was that at tryToReplaceWithConstant when we're making replacement decisions, we no longer retain information about the callsite (CallBase) in order to check for mismatch between caller and callee. I used a simple vector to retain the list of arguments here in handleCallArguments, then scanned that list during replacement in tryToReplaceWithConstant. But I found it's much less memory intensive and less work to simply detect such case when building the lattice as is done here.

Hm I think then I missed something. I though the problem was introducing uses of constants in functions that have different sections. Not sure why the call site would matter. If the call sites matter, I think it would be good to make the explanation in the langref a bit clearer.

nickdesaulniers abandoned this revision.Jun 1 2021, 4:02 PM

I don't plan to pursue this further: https://github.com/ClangBuiltLinux/linux/issues/1302#issuecomment-807260475.

Revision Contents

PathSize
llvm/
docs/
2 lines
lib/
Transforms/
Scalar/
34 lines
test/
Transforms/
SCCP/
142 lines

Diff 329171

llvm/docs/LangRef.rst

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 615 Lines▼ Show 20 Lines
case they don't have an initializer. case they don't have an initializer.
Global variables can optionally specify a :ref:`linkage type <linkage>`. Global variables can optionally specify a :ref:`linkage type <linkage>`.
Either global variable definitions or declarations may have an explicit section Either global variable definitions or declarations may have an explicit section
to be placed in and may have an optional explicit alignment specified. If there to be placed in and may have an optional explicit alignment specified. If there
is a mismatch between the explicit or inferred section information for the is a mismatch between the explicit or inferred section information for the
variable declaration and its definition the resulting behavior is undefined. variable declaration and its definition the resulting behavior is undefined.
Global variables with explicit sections will not be constant propagated between
functions with differing explicit sections.
A variable may be defined as a global ``constant``, which indicates that A variable may be defined as a global ``constant``, which indicates that
the contents of the variable will **never** be modified (enabling better the contents of the variable will **never** be modified (enabling better
optimization, allowing the global data to be placed in the read-only optimization, allowing the global data to be placed in the read-only
section of an executable, etc). Note that variables that need runtime section of an executable, etc). Note that variables that need runtime
initialization cannot be marked ``constant`` as there is a store to the initialization cannot be marked ``constant`` as there is a store to the
variable. variable.
▲ Show 20 LinesShow All 20,799 LinesShow Last 20 Lines

llvm/lib/Transforms/Scalar/SCCP.cpp

Show First 20 LinesShow All 170 Lines▼ Show 20 Linesclass SCCPSolver : public InstVisitor<SCCPSolver> {
DenseSet<Edge> KnownFeasibleEdges; DenseSet<Edge> KnownFeasibleEdges;
DenseMap<Function *, AnalysisResultsForFn> AnalysisResults; DenseMap<Function *, AnalysisResultsForFn> AnalysisResults;
DenseMap<Value *, SmallPtrSet<User *, 2>> AdditionalUsers; DenseMap<Value *, SmallPtrSet<User *, 2>> AdditionalUsers;
LLVMContext &Ctx; LLVMContext &Ctx;
public: public:
SmallPtrSet<Constant *, 4> NonReplaceable;
void addAnalysis(Function &F, AnalysisResultsForFn A) { void addAnalysis(Function &F, AnalysisResultsForFn A) {
AnalysisResults.insert({&F, std::move(A)}); AnalysisResults.insert({&F, std::move(A)});
} }
const PredicateBase *getPredicateInfoFor(Instruction *I) { const PredicateBase *getPredicateInfoFor(Instruction *I) {
auto A = AnalysisResults.find(I->getParent()->getParent()); auto A = AnalysisResults.find(I->getParent()->getParent());
if (A == AnalysisResults.end()) if (A == AnalysisResults.end())
return nullptr; return nullptr;
▲ Show 20 LinesShow All 162 Lines▼ Show 20 Lines Constant *getConstant(const ValueLatticeElement &LV) const {
if (LV.isConstantRange()) { if (LV.isConstantRange()) {
auto &CR = LV.getConstantRange(); auto &CR = LV.getConstantRange();
if (CR.getSingleElement()) if (CR.getSingleElement())
return ConstantInt::get(Ctx, *CR.getSingleElement()); return ConstantInt::get(Ctx, *CR.getSingleElement());
} }
return nullptr; return nullptr;
} }
bool isGVSection(Constant *C) const {
if (auto *GV = dyn_cast<GlobalValue>(C))
if (GV->hasSection())
return NonReplaceable.count(C);
if (auto *CE = dyn_cast<ConstantExpr>(C))
for (Use &Op : CE->operands())
if (auto *COp = dyn_cast<Constant>(Op))
if (isGVSection(COp))
return true;
return false;
}
private: private:
ConstantInt *getConstantInt(const ValueLatticeElement &IV) const { ConstantInt *getConstantInt(const ValueLatticeElement &IV) const {
return dyn_cast_or_null<ConstantInt>(getConstant(IV)); return dyn_cast_or_null<ConstantInt>(getConstant(IV));
} }
// pushToWorkList - Helper for markConstant/markOverdefined // pushToWorkList - Helper for markConstant/markOverdefined
void pushToWorkList(ValueLatticeElement &IV, Value *V) { void pushToWorkList(ValueLatticeElement &IV, Value *V) {
if (IV.isOverdefined()) if (IV.isOverdefined())
▲ Show 20 LinesShow All 866 Lines▼ Show 20 Linesvoid SCCPSolver::handleCallOverdefined(CallBase &CB) {
} }
// Fall back to metadata. // Fall back to metadata.
mergeInValue(&CB, getValueFromMetadata(&CB)); mergeInValue(&CB, getValueFromMetadata(&CB));
} }
void SCCPSolver::handleCallArguments(CallBase &CB) { void SCCPSolver::handleCallArguments(CallBase &CB) {
Function *F = CB.getCalledFunction(); Function *F = CB.getCalledFunction();
bool SectionMismatch = false;
if (!isa<IntrinsicInst>(CB) && F)
if (F->getSection() != CB.getParent()->getParent()->getSection())
SectionMismatch = true;
// If this is a local function that doesn't have its address taken, mark its // If this is a local function that doesn't have its address taken, mark its
// entry block executable and merge in the actual arguments to the call into // entry block executable and merge in the actual arguments to the call into
// the formal arguments of the function. // the formal arguments of the function.
if (!TrackingIncomingArguments.empty() && if (!TrackingIncomingArguments.empty() &&
TrackingIncomingArguments.count(F)) { TrackingIncomingArguments.count(F)) {
MarkBlockExecutable(&F->front()); MarkBlockExecutable(&F->front());
// Propagate information from this call site into the callee. // Propagate information from this call site into the callee.
auto CAI = CB.arg_begin(); auto CAI = CB.arg_begin();
for (Function::arg_iterator AI = F->arg_begin(), E = F->arg_end(); AI != E; for (Function::arg_iterator AI = F->arg_begin(), E = F->arg_end(); AI != E;
++AI, ++CAI) { ++AI, ++CAI) {
// If this argument is byval, and if the function is not readonly, there // If this argument is byval, and if the function is not readonly, there
// will be an implicit copy formed of the input aggregate. // will be an implicit copy formed of the input aggregate.
if (AI->hasByValAttr() && !F->onlyReadsMemory()) { if (AI->hasByValAttr() && !F->onlyReadsMemory()) {
markOverdefined(&*AI); markOverdefined(&*AI);
continue; continue;
} }
if (auto *STy = dyn_cast<StructType>(AI->getType())) { if (auto *STy = dyn_cast<StructType>(AI->getType())) {
for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i) { for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i) {
fhahnUnsubmitted
Not Done
ReplyInline Actions

Shouldn't we check against the current state we have for CAI (using getValueState/ getStructValueState)? Otherwise we might still propagate the global into the caller, e.g. due to conditions or loads. Seeh ttps://godbolt.org/z/qMaMWE

Also, IIUC the real problem is the actual replacement in the function, right? If that's the case, can we just skip replacing uses in invalid functions (e.g. in tryToReplaceWithConstant)? That way, we would still be able to simplify conditions (see test3 in the godbolt) and also propagate the constant through functions without the right section to their callees if they have the right section.

fhahn: Shouldn't we check against the current state we have for `CAI` (using `getValueState`/…
nickdesaulniersAuthorUnsubmitted
Not Done
ReplyInline Actions

Shouldn't we check against the current state we have for CAI (using getValueState/ getStructValueState)? Otherwise we might still propagate the global into the caller, e.g. due to conditions or loads. Seeh ttps://godbolt.org/z/qMaMWE

Ah, yes! Thanks for the test case; checking the lattice for known constants actually covers your examples and my existing ones. Updated.

Also, IIUC the real problem is the actual replacement in the function, right? If that's the case, can we just skip replacing uses in invalid functions (e.g. in tryToReplaceWithConstant)?

If you take a look at earlier revisions of this diff, that was the first approach I tried. The issue was that at tryToReplaceWithConstant when we're making replacement decisions, we no longer retain information about the callsite (CallBase) in order to check for mismatch between caller and callee. I used a simple vector to retain the list of arguments here in handleCallArguments, then scanned that list during replacement in tryToReplaceWithConstant. But I found it's much less memory intensive and less work to simply detect such case when building the lattice as is done here.

We probably could go back to something closer to the original implementation; perhaps I could add some machinery to ValueLatticeElement to track such cases, then look for that during replacement?

That way, we would still be able to simplify conditions (see test3 in the godbolt) and also propagate the constant through functions without the right section to their callees if they have the right section.

I see, @test3 now returns true after ipsccp. With my current change, @cmp from your godbolt link looks the same as the input after ipsccp is run. Hmm...

nickdesaulniers: > Shouldn't we check against the current state we have for CAI (using getValueState/…
nickdesaulniersAuthorUnsubmitted
Not Done
ReplyInline Actions

Ok, I still have some cleanup to do tomorrow (make NonReplaceable a private member, add comments for it, clean up function names in tests), but I think this now satisfies the additional cases you identified. (It's remarkable to see how well SCCP replace the return value of @test3, from your godbolt link). But I think this is in a good state. (I also had a bug where the constant with an explicit section could be any member of a GEP, not necessarily the first operand, so I changed the isGVSection helper to DFS all operands).

This permits us to fully propagate the constants in the lattice, then simply avoid problematic replacements.

I might have more changes I'll want to do tomorrow; but if @fhahn is ok with this approach, I'll move what I have to TargetTransformInfo as per @jdoerfert 's recommendation.

nickdesaulniers: Ok, I still have some cleanup to do tomorrow (make `NonReplaceable` a private member, add…
fhahnUnsubmitted
Not Done
ReplyInline Actions

If you take a look at earlier revisions of this diff, that was the first approach I tried. The issue was that at tryToReplaceWithConstant when we're making replacement decisions, we no longer retain information about the callsite (CallBase) in order to check for mismatch between caller and callee. I used a simple vector to retain the list of arguments here in handleCallArguments, then scanned that list during replacement in tryToReplaceWithConstant. But I found it's much less memory intensive and less work to simply detect such case when building the lattice as is done here.

Hm I think then I missed something. I though the problem was introducing uses of constants in functions that have different sections. Not sure why the call site would matter. If the call sites matter, I think it would be good to make the explanation in the langref a bit clearer.

fhahn: > If you take a look at earlier revisions of this diff, that was the first approach I tried.
ValueLatticeElement CallArg = getStructValueState(*CAI, i); ValueLatticeElement &CallArg = getStructValueState(*CAI, i);
if (SectionMismatch && CallArg.isConstant())
NonReplaceable.insert(CallArg.getConstant());
mergeInValue(getStructValueState(&*AI, i), &*AI, CallArg, mergeInValue(getStructValueState(&*AI, i), &*AI, CallArg,
getMaxWidenStepsOpts()); getMaxWidenStepsOpts());
} }
} else } else {
mergeInValue(&*AI, getValueState(*CAI), getMaxWidenStepsOpts()); ValueLatticeElement &CallArg = getValueState(*CAI);
if (SectionMismatch && CallArg.isConstant())
NonReplaceable.insert(CallArg.getConstant());
mergeInValue(&*AI, CallArg, getMaxWidenStepsOpts());
}
} }
} }
} }
void SCCPSolver::handleCallResult(CallBase &CB) { void SCCPSolver::handleCallResult(CallBase &CB) {
Function *F = CB.getCalledFunction(); Function *F = CB.getCalledFunction();
if (auto *II = dyn_cast<IntrinsicInst>(&CB)) { if (auto *II = dyn_cast<IntrinsicInst>(&CB)) {
▲ Show 20 LinesShow All 380 Lines▼ Show 20 Lines if (CB && ((CB->isMustTailCall() && !CB->isSafeToRemove()) ||
if (F) if (F)
Solver.addToMustPreserveReturnsInFunctions(F); Solver.addToMustPreserveReturnsInFunctions(F);
LLVM_DEBUG(dbgs() << " Can\'t treat the result of call " << *CB LLVM_DEBUG(dbgs() << " Can\'t treat the result of call " << *CB
<< " as a constant\n"); << " as a constant\n");
return false; return false;
} }
if (Solver.isGVSection(Const))
return false;
LLVM_DEBUG(dbgs() << " Constant: " << *Const << " = " << *V << '\n'); LLVM_DEBUG(dbgs() << " Constant: " << *Const << " = " << *V << '\n');
// Replaces all of the uses of a variable with uses of the constant. // Replaces all of the uses of a variable with uses of the constant.
V->replaceAllUsesWith(Const); V->replaceAllUsesWith(Const);
return true; return true;
} }
static bool simplifyInstsInBlock(SCCPSolver &Solver, BasicBlock &BB, static bool simplifyInstsInBlock(SCCPSolver &Solver, BasicBlock &BB,
▲ Show 20 LinesShow All 517 LinesShow Last 20 Lines

llvm/test/Transforms/SCCP/ipsccp-function-sections.ll

  • This file was added.
; RUN: opt -passes=ipsccp -S -o - %s | FileCheck %s
; load test
@foo = dso_local global i64 zeroinitializer, section ".init.data", align 8
@bar = dso_local global i64 zeroinitializer, align 8
define internal void @quux(i64* %x, i64* %y) {
; The load of %y should be replaced with a load of @bar, because @bar is not in
; any explicit section.
;
; The load of %x should *not* be replaced with a load of @foo, because @foo is
; in an explicit section, and the explicit sections of the caller and callee do
; not match.
; CHECK-LABEL: @quux(
; CHECK-NEXT: %z = load i64, i64* %x, align 4
; CHECK-NEXT: %w = load i64, i64* @bar, align 4
%z = load i64, i64* %x
%w = load i64, i64* %y
ret void
}
define dso_local void @baz() section ".init.text" {
call void @quux(i64* @foo, i64* @bar)
ret void
}
; store test
@g1 = dso_local global i64 zeroinitializer, section ".init.data", align 8
@g2 = dso_local global i64 zeroinitializer, align 8
define internal void @g3(i64* %x, i64* %y) {
; The store of %y should be replaced with a store of @g2, because @g2 is not in
; any explicit section.
;
; The store of %x should *not* be replaced with a store of @g1, because @g1 is
; in an explicit section, and the explicit sections of the caller and callee do
; not match.
; CHECK-LABEL: @g3(
; CHECK-NEXT: store i64 42, i64* %x, align 4
; CHECK-NEXT: store i64 42, i64* @g2, align 4
store i64 42, i64* %x
store i64 42, i64* %y
ret void
}
define dso_local void @g4() section ".init.text" {
call void @g3(i64* @g1, i64* @g2)
ret void
}
; GEP test
%struct.e = type { i64 }
@numa_nodes_parsed = dso_local global %struct.e zeroinitializer, section ".init.data", align 8
@numa_nodes_parsed2 = dso_local global %struct.e zeroinitializer, align 8
define internal i64 @__nodes_weight(%struct.e* %g, %struct.e* %h) section ".init.text" {
; The GEP of %g should not be replaced with a GEP of @numa_nodes_parsed.
; CHECK-LABEL: @__nodes_weight(
; CHECK-NEXT: %bits = getelementptr inbounds %struct.e, %struct.e* %g, i32 0, i32 0
; CHECK-NEXT: %x = load i64, i64* %bits, align 8
; CHECK-NEXT: %x2 = load i64, i64* getelementptr inbounds (%struct.e, %struct.e* @numa_nodes_parsed2, i32 0, i32 0), align 8
%bits = getelementptr inbounds %struct.e, %struct.e* %g, i32 0, i32 0
%x = load i64, i64* %bits, align 8
%bits2 = getelementptr inbounds %struct.e, %struct.e* %h, i32 0, i32 0
%x2 = load i64, i64* %bits2, align 8
ret i64 %x
}
define dso_local void @amd_numa_init() {
; CHECK-LABEL: @amd_numa_init(
; CHECK-NEXT: %call6 = call i64 @__nodes_weight(%struct.e* @numa_nodes_parsed, %struct.e* @numa_nodes_parsed2)
%call6 = call i64 @__nodes_weight(%struct.e* @numa_nodes_parsed, %struct.e* @numa_nodes_parsed2)
ret void
}
; nested GEP
declare dso_local void @some_func(i8*)
define internal void @test_bit(i64* %addr) {
; CHECK-LABEL: @test_bit(
; CHECK-NEXT: %add.ptr = getelementptr i64, i64* %addr, i64 1
; CHECK-NEXT: %foo = bitcast i64* %add.ptr to i8*
; CHECK-NEXT: call void @some_func(i8* %foo)
%add.ptr = getelementptr i64, i64* %addr, i64 1
%foo = bitcast i64* %add.ptr to i8*
call void @some_func(i8* %foo)
ret void
}
define dso_local void @caller2() section ".init.text" {
call void @test_bit(i64* getelementptr inbounds (%struct.e, %struct.e* @numa_nodes_parsed, i32 0, i32 0))
ret void
}
; Multiple callers
define internal void @test5_callee(i64* %x, i64* %y) {
; CHECK-LABEL: @test5_callee(
; CHECK-NEXT: %z = load i64, i64* %x, align 4
; CHECK-NEXT: %w = load i64, i64* @bar, align 4
%z = load i64, i64* %x
%w = load i64, i64* %y
ret void
}
define dso_local void @test5_caller1(i64* %z) section ".init.text" {
%c = icmp eq i64* %z, @foo
br i1 %c, label %bb.1, label %bb.2
bb.1:
call void @test5_callee(i64* @foo, i64* @bar)
ret void
bb.2:
ret void
}
define dso_local void @test5_caller2() section ".init.text" {
call void @test5_callee(i64* @foo, i64* @bar)
ret void
}
; Test return value propagation. While we should not sink @foo in
; @test6_callee, we should be able to propagate the constant true back out into
; @test6_caller.
define internal i1 @test6_callee(i64* %x, i64* %y) {
; We don't really care about the callee, so long as it does not contain a
; reference to @foo.
; CHECK-LABEL: @test6_callee(
; CHECK-NEXT: ret i1 undef
%c = icmp eq i64* %x, %y
ret i1 %c
}
define dso_local i1 @test6_caller() section ".init.text" {
; Check that we're able to replace the return with a constant true value.
; CHECK-LABEL: @test6_caller(
; CHECK-NEXT: %c = call i1 @test6_callee(i64* @foo, i64* @foo)
; CHECK-NEXT: ret i1 true
%c = call i1 @test6_callee(i64* @foo, i64* @foo)
ret i1 %c
}