This is an archive of the discontinued LLVM Phabricator instance.

Differential D9799

Disable x86 tail call optimizations that jump through GOT
ClosedPublic

Authored by chh on May 15 2015, 1:45 PM.

Details

Reviewers
danalbert
nadav
timmurray
enh
srhines
rnk
void
Commits
rG80956a01425e: Disable x86 tail call optimizations that jump through GOT
rL238487: Disable x86 tail call optimizations that jump through GOT
Summary

For x86 targets, when in PIC mode, do not optimize tail calls.

Diff Detail

Repository
rL LLVM

Event Timeline

chh updated this revision to Diff 25891.May 15 2015, 1:45 PM
chh retitled this revision from to Disable x86 tail call optimization under PIC mode.
chh updated this object.
chh edited the test plan for this revision. (Show Details)
chh set the repository for this revision to rL LLVM.
chh removed rL LLVM as the repository for this revision.May 15 2015, 1:48 PM
chh added a subscriber: Unknown Object (MLST).
chh added reviewers: srhines, timmurray, danalbert.May 15 2015, 1:51 PM
chh added a reviewer: enh.May 15 2015, 5:06 PM
chh added a reviewer: void.May 18 2015, 3:32 PM
chh added a reviewer: rnk.May 20 2015, 4:41 PM
chh added a reviewer: nadav.May 22 2015, 11:11 AM

ping.

rnk added inline comments.May 22 2015, 11:23 AM
lib/Target/X86/X86ISelLowering.cpp
2759 ↗(On Diff #25891)

We can't do this, musttail guarantees that a tail call will occur. I think the old behavior of forcing relocations to be resolved eagerly was preferable. If we cannot honor musttail, we must report an error somehow.

chh updated this revision to Diff 26338.May 22 2015, 12:15 PM

Okay, I removed the change to isMustTailCall in the new diff.

rnk edited edge metadata.May 22 2015, 12:44 PM

You removed the musttail call change, but also removed the supporting code that arranges to jump through ECX, so I don't think this will work either.

I commented on the bug, I'm trying to understand why the GOT reference causes a problem. I don't yet see a codegen bug here.

chh added a comment.May 22 2015, 1:56 PM

The purpose of this change is to remove the jump (through ECX or not) completely since the use of tailcallee@GOT is incorrect under lazy dynamic linking.

davidxl added a subscriber: davidxl.May 22 2015, 2:36 PM
davidxl added inline comments.
lib/Target/X86/X86ISelLowering.cpp
2929 ↗(On Diff #26338)

It is a valid optimization with eager binding, so it seems the behavior should be controlled by an option.

chh added inline comments.May 22 2015, 4:40 PM
lib/Target/X86/X86ISelLowering.cpp
2929 ↗(On Diff #26338)

David, I suppose you prefer the default to have tail call optimization.
Then, we don't need to change llvm.
We can use -fno-optimize-sibling-calls now to turn off tail call optimization.
Or we can add another -fno-optimize-tail-calls.

I would rather llvm for x86 to play safe as gcc, with no tail call optimization by default.
Then we could have another option like -foptimize-tail-calls.

On the other hand, I think I should not remove line 2928 to 2943,
for they might be needed for IsMustTail functions.

chh updated this revision to Diff 26363.May 22 2015, 5:02 PM
chh edited edge metadata.

Keep IsMustTail working as before.

davidxl added a comment.May 23 2015, 10:46 AM

I am still not convinced this is a compiler bug. See my comment in the bug.

joerg added a subscriber: joerg.May 26 2015, 9:56 AM

This code really should be under an option. As mentioned in the original PR, the origin of the problem is the misdesigned XFree86/Xorg driver interface. We should not pessimise everyone who doesn't create brain dead code. The executive summary of the X bug is:
(1) A module is loaded with a reference to foo. foo is not yet defined.
(2) Another module is lodead that defines foo. X requires the first module to call this.

Ignoring must-tailcall would break all languages that require the optimisation.

chh added a comment.May 26 2015, 1:52 PM

I read the new discussions in https://llvm.org/bugs/show_bug.cgi?id=15086.

  • If it is not considered an optimization bug, we need to change semantics of dlopen() with RTLD_LAZY.
  • A fix to have both tail call optimization and RTLD_LAZY seems infeasible, to setup %ebx before and restore %ebx after the call.
  • Both X.org and Android hit this problem. I have spent weeks to trace down this problem in Android and hence my motivation to change llvm and save future debug time.
  • This problem has been worked around with a global -fno-optimize-sibling-calls flag. So it is not urgent to have a fix. But that flag also disables other valid cases such as non-PIC mode.

In my new diff3, I keep current isMustTail feature and disable isTailCall only under PIC mode.
That should not lose performance compared with gcc.

If we want to keep this optimization selectable under PIC mode,
then we need a new flag and the question is whether the optimization is on or off
under PIC mode by default. Considering the difficulty of debugging this problem
and current competition from gcc, I would rather the default to be off.

Suggestions?

davidxl added a comment.May 27 2015, 10:34 AM

Changing the default may affect users who depend on the current behavior which has been the case for a couple of releases. Another possible solution is to emit a warning for cases like this so that debugging similar issues in the future will become easier.

rnk added a comment.May 27 2015, 11:15 AM

I'm coming around to the position that we should simply disable this
optimization for PIC calls to symbols with default visibility. The current
change disables all tail calls when generating PIC code, which is
undesirable.

We can add a flag later if someone asks, and call it
-f[no-]optimize-pic-sibling-calls.

chh updated this revision to Diff 26645.May 27 2015, 4:04 PM
chh retitled this revision from Disable x86 tail call optimization under PIC mode to Disable x86 tail call optimizations that jump through GOT.
chh added a comment.May 27 2015, 4:10 PM

Please review my new diff 4. This should allow tail call optimizations for protected and hidden symbols.
AFAIK, jump to those symbols do not use GOT.
On the other hand, I found some oddity about "sin" and "sin2" symbols in one test case,
which made me to use the strange condition:

if (!(G && (.... || ...))) isTailCall = false;
Closed by commit rL238487: Disable x86 tail call optimizations that jump through GOT (authored by rnk). · Explain WhyMay 28 2015, 1:48 PM
This revision was automatically updated to reflect the committed changes.
rnk added a comment.May 28 2015, 2:04 PM

Thanks for the patch! I simplified the conditional a bit and tweaked the tests to try to cover some more corner cases that I could think of. During testing I found that this disabled tail calling of internal (think static in C) functions, so I added hasLocalLinkage() to the conditional. I committed the result as r238487.

chh added a comment.May 28 2015, 2:53 PM

Reid, thank you very much for the review, advices, and clean up of this patch.

Revision Contents

PathSize
llvm/
trunk/
lib/
Target/
X86/
22 lines
test/
CodeGen/
X86/
8 lines
18 lines
3 lines
73 lines

Diff 26731

llvm/trunk/lib/Target/X86/X86ISelLowering.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 2,774 Lines▼ Show 20 LinesX86TargetLowering::LowerCall(TargetLowering::CallLoweringInfo &CLI,
bool IsWin64 = Subtarget->isCallingConvWin64(CallConv); bool IsWin64 = Subtarget->isCallingConvWin64(CallConv);
StructReturnType SR = callIsStructReturn(Outs); StructReturnType SR = callIsStructReturn(Outs);
bool IsSibcall = false; bool IsSibcall = false;
X86MachineFunctionInfo *X86Info = MF.getInfo<X86MachineFunctionInfo>(); X86MachineFunctionInfo *X86Info = MF.getInfo<X86MachineFunctionInfo>();
if (MF.getTarget().Options.DisableTailCalls) if (MF.getTarget().Options.DisableTailCalls)
isTailCall = false; isTailCall = false;
if (Subtarget->isPICStyleGOT() &&
!MF.getTarget().Options.GuaranteedTailCallOpt) {
// If we are using a GOT, disable tail calls to external symbols with
// default visibility. Tail calling such a symbol requires using a GOT
// relocation, which forces early binding of the symbol. This breaks code
// that require lazy function symbol resolution. Using musttail or
// GuaranteedTailCallOpt will override this.
GlobalAddressSDNode *G = dyn_cast<GlobalAddressSDNode>(Callee);
if (!G || (!G->getGlobal()->hasLocalLinkage() &&
G->getGlobal()->hasDefaultVisibility())) {
isTailCall = false;
if (G) {
llvm::errs() << "disabling tail call for default visibility symbol\n";
G->getGlobal()->dump();
}
}
}
bool IsMustTail = CLI.CS && CLI.CS->isMustTailCall(); bool IsMustTail = CLI.CS && CLI.CS->isMustTailCall();
if (IsMustTail) { if (IsMustTail) {
// Force this to be a tail call. The verifier rules are enough to ensure // Force this to be a tail call. The verifier rules are enough to ensure
// that we can lower this successfully without moving the return address // that we can lower this successfully without moving the return address
// around. // around.
isTailCall = true; isTailCall = true;
} else if (isTailCall) { } else if (isTailCall) {
// Check if it's really possible to do a tail call. // Check if it's really possible to do a tail call.
▲ Show 20 LinesShow All 168 Lines▼ Show 20 Lines if (!isTailCall) {
// the tail jump. This is done to circumvent the ebx/callee-saved problem // the tail jump. This is done to circumvent the ebx/callee-saved problem
// for tail calls on PIC/GOT architectures. Normally we would just put the // for tail calls on PIC/GOT architectures. Normally we would just put the
// address of GOT into ebx and then call target@PLT. But for tail calls // address of GOT into ebx and then call target@PLT. But for tail calls
// ebx would be restored (since ebx is callee saved) before jumping to the // ebx would be restored (since ebx is callee saved) before jumping to the
// target@PLT. // target@PLT.
// Note: The actual moving to ECX is done further down. // Note: The actual moving to ECX is done further down.
GlobalAddressSDNode *G = dyn_cast<GlobalAddressSDNode>(Callee); GlobalAddressSDNode *G = dyn_cast<GlobalAddressSDNode>(Callee);
if (G && !G->getGlobal()->hasHiddenVisibility() && if (G && !G->getGlobal()->hasLocalLinkage() &&
!G->getGlobal()->hasProtectedVisibility()) G->getGlobal()->hasDefaultVisibility())
Callee = LowerGlobalAddress(Callee, DAG); Callee = LowerGlobalAddress(Callee, DAG);
else if (isa<ExternalSymbolSDNode>(Callee)) else if (isa<ExternalSymbolSDNode>(Callee))
Callee = LowerExternalSymbol(Callee, DAG); Callee = LowerExternalSymbol(Callee, DAG);
} }
} }
if (Is64Bit && isVarArg && !IsWin64 && !IsMustTail) { if (Is64Bit && isVarArg && !IsWin64 && !IsMustTail) {
// From AMD64 ABI document: // From AMD64 ABI document:
▲ Show 20 LinesShow All 22,386 LinesShow Last 20 Lines

llvm/trunk/test/CodeGen/X86/pic.ll

Show First 20 LinesShow All 190 Lines▼ Show 20 Lines
; LINUX: addl $_GLOBAL_OFFSET_TABLE_+(.L{{.*}}-.L7$pb), ; LINUX: addl $_GLOBAL_OFFSET_TABLE_+(.L{{.*}}-.L7$pb),
; LINUX: .LJTI7_0@GOTOFF( ; LINUX: .LJTI7_0@GOTOFF(
; LINUX: jmpl * ; LINUX: jmpl *
; LINUX: .align 4 ; LINUX: .align 4
; LINUX-NEXT: .LJTI7_0: ; LINUX-NEXT: .LJTI7_0:
; LINUX: .long .LBB7_2@GOTOFF ; LINUX: .long .LBB7_2@GOTOFF
; LINUX: .long .LBB7_8@GOTOFF ; LINUX: .long .LBB7_8@GOTOFF
; LINUX: .long .LBB7_14@GOTOFF ; LINUX: .long .LBB7_4@GOTOFF
; LINUX: .long .LBB7_9@GOTOFF ; LINUX: .long .LBB7_6@GOTOFF
; LINUX: .long .LBB7_10@GOTOFF ; LINUX: .long .LBB7_5@GOTOFF
; LINUX: .long .LBB7_8@GOTOFF
; LINUX: .long .LBB7_7@GOTOFF
} }
declare void @foo1(...) declare void @foo1(...)
declare void @foo2(...) declare void @foo2(...)
declare void @foo6(...) declare void @foo6(...)
declare void @foo3(...) declare void @foo3(...)
declare void @foo4(...) declare void @foo4(...)
declare void @foo5(...) declare void @foo5(...)

llvm/trunk/test/CodeGen/X86/tail-call-got.ll

; RUN: llc < %s -relocation-model=pic -mattr=+sse2 | FileCheck %s ; RUN: llc < %s -relocation-model=pic -mattr=+sse2 | FileCheck %s
; We used to do tail calls through the GOT for these symbols, but it was
; disabled due to PR15086.
target datalayout = "e-p:32:32:32-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:32:64-f32:32:32-f64:32:64-v64:64:64-v128:128:128-a0:0:64-f80:32:32-n8:16:32" target datalayout = "e-p:32:32:32-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:32:64-f32:32:32-f64:32:64-v64:64:64-v128:128:128-a0:0:64-f80:32:32-n8:16:32"
target triple = "i386-unknown-freebsd9.0" target triple = "i386-unknown-freebsd9.0"
define double @test1(double %x) nounwind readnone { define double @test1(double %x) nounwind readnone {
; CHECK-LABEL: test1: ; CHECK-LABEL: test1:
; CHECK: movl foo@GOT ; CHECK: calll foo@PLT
; CHECK-NEXT: jmpl
%1 = tail call double @foo(double %x) nounwind readnone %1 = tail call double @foo(double %x) nounwind readnone
ret double %1 ret double %1
} }
declare double @foo(double) readnone declare double @foo(double) readnone
define double @test2(double %x) nounwind readnone { define double @test2(double %x) nounwind readnone {
; CHECK-LABEL: test2: ; CHECK-LABEL: test2:
; CHECK: movl sin@GOT ; CHECK: calll sin@PLT
; CHECK-NEXT: jmpl
%1 = tail call double @sin(double %x) nounwind readnone %1 = tail call double @sin(double %x) nounwind readnone
ret double %1 ret double %1
} }
declare double @sin(double) readnone declare double @sin(double) readnone
define double @test3(double %x) nounwind readnone {
; CHECK-LABEL: test3:
; CHECK: calll sin2@PLT
%1 = tail call double @sin2(double %x) nounwind readnone
ret double %1
}
declare double @sin2(double) readnone

llvm/trunk/test/CodeGen/X86/tailcallpic1.ll

; RUN: llc < %s -tailcallopt -mtriple=i686-pc-linux-gnu -relocation-model=pic | FileCheck %s ; RUN: llc < %s -tailcallopt -mtriple=i686-pc-linux-gnu -relocation-model=pic | FileCheck %s
; This test uses guaranteed TCO so these will be tail calls, despite the early
; binding issues.
define protected fastcc i32 @tailcallee(i32 %a1, i32 %a2, i32 %a3, i32 %a4) { define protected fastcc i32 @tailcallee(i32 %a1, i32 %a2, i32 %a3, i32 %a4) {
entry: entry:
ret i32 %a3 ret i32 %a3
} }
define fastcc i32 @tailcaller(i32 %in1, i32 %in2) { define fastcc i32 @tailcaller(i32 %in1, i32 %in2) {
entry: entry:
%tmp11 = tail call fastcc i32 @tailcallee( i32 %in1, i32 %in2, i32 %in1, i32 %in2 ) ; <i32> [#uses=1] %tmp11 = tail call fastcc i32 @tailcallee( i32 %in1, i32 %in2, i32 %in1, i32 %in2 ) ; <i32> [#uses=1]
ret i32 %tmp11 ret i32 %tmp11
; CHECK: jmp tailcallee ; CHECK: jmp tailcallee
} }

llvm/trunk/test/CodeGen/X86/tailcallpic3.ll

; RUN: llc < %s -mtriple=i686-pc-linux-gnu -relocation-model=pic | FileCheck %s
; While many of these could be tail called, we don't do it because it forces
; early binding.
declare void @external()
define hidden void @tailcallee_hidden() {
entry:
ret void
}
define void @tailcall_hidden() {
entry:
tail call void @tailcallee_hidden()
ret void
}
; CHECK: tailcall_hidden:
; CHECK: jmp tailcallee_hidden
define internal void @tailcallee_internal() {
entry:
ret void
}
define void @tailcall_internal() {
entry:
tail call void @tailcallee_internal()
ret void
}
; CHECK: tailcall_internal:
; CHECK: jmp tailcallee_internal
define default void @tailcallee_default() {
entry:
ret void
}
define void @tailcall_default() {
entry:
tail call void @tailcallee_default()
ret void
}
; CHECK: tailcall_default:
; CHECK: calll tailcallee_default@PLT
define void @tailcallee_default_implicit() {
entry:
ret void
}
define void @tailcall_default_implicit() {
entry:
tail call void @tailcallee_default_implicit()
ret void
}
; CHECK: tailcall_default_implicit:
; CHECK: calll tailcallee_default_implicit@PLT
define void @tailcall_external() {
tail call void @external()
ret void
}
; CHECK: tailcall_external:
; CHECK: calll external@PLT
define void @musttail_external() {
musttail call void @external()
ret void
}
; CHECK: musttail_external:
; CHECK: movl external@GOT
; CHECK: jmpl