<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-kerning: none" class="">Quick suggestion, then I’ll bow out/leave the discussion to those with greater expertise:</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; min-height: 14px;" class=""><span style="font-kerning: none" class=""></span><br class=""></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-kerning: none" class="">Perhaps link the noalias status of NRVO parameters to this option as well (e.g. `Foo f;` in James’s `CreateFoo()` example), since that is basically the same issue in reverse: whereas in Richard’s example the issue is the address of the object escaping and becoming an alias which is problematic <i class="">after</i> its construction, in James’s example the issue is the address of the object being visible, under an alias, <i class="">during</i> its construction.</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; min-height: 14px;" class=""><span style="font-kerning: none" class=""></span><br class=""></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-kerning: none" class="">And perhaps worthwhile to make this option the default, so you can observe if anyone notices/files bugs and thereby better determine if it should be made standard.</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; min-height: 14px;" class=""><span style="font-kerning: none" class=""></span><br class=""></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-kerning: none" class="">Good luck, interested to see how this is resolved,</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; min-height: 14px;" class=""><span style="font-kerning: none" class=""></span><br class=""></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-kerning: none" class="">Dave</span></div><div><br class=""><blockquote type="cite" class=""><div class="">On Aug 6, 2020, at 4:36 PM, Florian Hahn via cfe-dev <<a href="mailto:cfe-dev@lists.llvm.org" class="">cfe-dev@lists.llvm.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Thanks for kicking off this discussion and for all the interesting responses.<div class=""><br class=""></div><div class="">Marking indirect parameters as noalias enables more aggressive memory optimization with respect to the indirect arguments on certain targets. On ARM64 this leads to 1%-2% in code size reductions in some cases.</div><div class=""><br class=""></div><div class="">While we work towards adjusting the C++ standard, I would like to provide a way for users to opt-in to the new behavior (e.g. for code-bases that exclusively use C or guarantee that no addresses can escape before the argument is passed): <a href="https://reviews.llvm.org/D85473" class="">https://reviews.llvm.org/D85473</a></div><div class=""><br class=""></div><div class="">What do you think?</div><div class=""><br class=""></div><div class="">Cheers,</div><div class="">Florian<br class=""><div class=""><div class=""><br class=""><blockquote type="cite" class=""><div class="">On Aug 4, 2020, at 04:28, Hal Finkel via cfe-dev <<a href="mailto:cfe-dev@lists.llvm.org" class="">cfe-dev@lists.llvm.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div class=""><p class=""><br class="">
</p>
<div class="moz-cite-prefix">On 8/3/20 8:45 PM, John McCall wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:833CCC19-6042-4889-B081-28EBD258FBB2@apple.com" class="">
<div style="font-family:sans-serif" class="">
<div style="white-space:normal" class=""><p dir="auto" class="">On 31 Jul 2020, at 19:50, Hal Finkel wrote:</p>
</div>
<div style="white-space:normal" class="">
<blockquote style="border-left:2px solid #777; color:#777;
margin:0 0 5px; padding-left:5px" class=""><p dir="auto" class="">On 7/31/20 5:59 PM, James Y Knight wrote:</p>
<blockquote style="border-left:2px solid #777; color:#999;
margin:0 0 5px; padding-left:5px; border-left-color:#999" class=""><p dir="auto" class="">This discussion reminds me of an example I
ran into a couple weeks ago, where the execution of the
program is dependent precisely upon whether the ABI
calls for the object to be passed indirectly, or in a
register<br class="">
<br class="">
In the case where NVRO is triggered, the class member
foo_ is fully-constructed on the first line of CreateFoo
(despite appearing as if that's only constructing a
local variable). In the case where the struct is small
enough to fit in a register, NVRO does not apply, and in
that case, foo_ isn't constructed until after CreateFoo
returns.<br class="">
<br class="">
Therefore, I believe it's implementation-defined whether
the following program has undefined behavior.<br class="">
<br class="">
<a href="https://godbolt.org/z/YT9zsz" style="color:#999" moz-do-not-send="true" class="">https://godbolt.org/z/YT9zsz</a>
<<a href="https://godbolt.org/z/YT9zsz" style="color:#999" moz-do-not-send="true" class="">https://godbolt.org/z/YT9zsz</a>><br class="">
<br class="">
#include <assert.h><br class="">
<br class="">
struct Foo {<br class="">
int x;<br class="">
* // assert fails if you comment out these unused
fields!<br class="">
* int dummy[4];<br class="">
};<br class="">
<br class="">
struct Bar {<br class="">
Bar() : foo_(CreateFoo()) {}<br class="">
<br class="">
Foo CreateFoo() {<br class="">
Foo f;<br class="">
f.x = 55;<br class="">
assert(foo_.x == 55);<br class="">
return f;<br class="">
}<br class="">
Foo foo_;<br class="">
};<br class="">
<br class="">
int main() {<br class="">
Bar b;<br class="">
}</p>
</blockquote><p dir="auto" class="">Looks that way to me too. The example in
11.10.5p2 sort of makes this point as well (by pointing
out that you can directly initialize a global this way).</p>
</blockquote>
</div>
<div style="white-space:normal" class=""><p dir="auto" class="">It does seem hard to argue that this is invalid
under the specification. To me it seems like it clearly <em class="">ought</em>
to be invalid, though. Note that Clang has always emitted
return address arguments as <code style="background-color:#F7F7F7; border-radius:3px;
margin:0; padding:0 0.4em" bgcolor="#F7F7F7" class="">noalias</code>,
so this has immediate significance.</p><p dir="auto" class="">If I were writing the specification, I would
rewrite the restriction in <code style="background-color:#F7F7F7; border-radius:3px;
margin:0; padding:0 0.4em" bgcolor="#F7F7F7" class="">[class.cdtor]p2</code>
to say that pointers derived by naming a
returned/constructed object do not formally point to the
object until the function actually returns, even if the copy
is elided. That would make James’s example undefined
behavior.</p><p dir="auto" class="">John.</p>
</div>
</div>
</blockquote><p class=""><br class="">
</p><p class="">I agree. It seems like we should be able to make a sanitizer
detect this kind of mistake as well (although the general case
will require some msan-like propagation scheme).<br class="">
</p><p class=""> -Hal<br class="">
</p><p class=""><br class="">
</p>
<blockquote type="cite" cite="mid:833CCC19-6042-4889-B081-28EBD258FBB2@apple.com" class="">
<div style="font-family:sans-serif" class="">
<div style="white-space:normal" class="">
</div>
<div style="white-space:normal" class="">
<blockquote style="border-left:2px solid #777; color:#777;
margin:0 0 5px; padding-left:5px" class=""><p dir="auto" class=""> -Hal<br class="">
<br class="">
</p>
<blockquote style="border-left:2px solid #777; color:#999;
margin:0 0 5px; padding-left:5px; border-left-color:#999" class=""><p dir="auto" class="">On Fri, Jul 31, 2020 at 2:27 PM Hal Finkel
via cfe-dev <<a class="moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org">cfe-dev@lists.llvm.org</a> <<a href="mailto:cfe-dev@lists.llvm.org" style="color:#999" moz-do-not-send="true" class="">mailto:cfe-dev@lists.llvm.org</a>>>
wrote:<br class="">
<br class="">
<br class="">
On 7/31/20 1:24 PM, Hal Finkel wrote:</p>
<blockquote style="border-left:2px solid #777; color:#BBB;
margin:0 0 5px; padding-left:5px;
border-left-color:#BBB" class=""><p dir="auto" class=""> On 7/31/20 12:43 PM, John McCall wrote:</p>
<blockquote style="border-left:2px solid #777;
color:#BBB; margin:0 0 5px; padding-left:5px;
border-left-color:#BBB" class=""><p dir="auto" class=""> n 31 Jul 2020, at 7:35, Hal Finkel
wrote:<br class="">
<br class="">
On 7/29/20 9:00 PM, John McCall via cfe-dev wrote:<br class="">
<br class="">
On 29 Jul 2020, at 17:42, Richard Smith wrote:<br class="">
<br class="">
On Wed, 29 Jul 2020 at 12:52, John McCall<br class="">
<a class="moz-txt-link-rfc2396E" href="mailto:rjmccall@apple.com"><rjmccall@apple.com></a> <<a href="mailto:rjmccall@apple.com" style="color:#BBB" moz-do-not-send="true" class="">mailto:rjmccall@apple.com</a>>
wrote:<br class="">
<br class="">
...<br class="">
<br class="">
I think concretely, the escape hatch doesn't stop
things<br class="">
from<br class="">
going wrong,<br class="">
because -- as you note -- even though we *could*
have<br class="">
made a copy,<br class="">
it's<br class="">
observable whether or not we *did* make a copy. For
example:<br class="">
<br class="">
I would say that it’s observable whether the
parameter<br class="">
variable has<br class="">
the same address as the argument. That doesn’t
/have/ to<br class="">
be the same<br class="">
question as whether a copy was performed: we could<br class="">
consider there to be<br class="">
a formal copy (or series of copies) that ultimately<br class="">
creates /an/ object<br class="">
at the same address, but it’s not the /same/ object
and<br class="">
so pointers<br class="">
to the old object no longer validly pointer to it.
But I<br class="">
guess that<br class="">
would probably violate the lifetime rules, because
it<br class="">
would make accesses<br class="">
through old pointers UB when in fact they should at<br class="">
worst access a valid<br class="">
object that’s just unrelated to the parameter
object.<br class="">
<br class="">
I think that it would be great to be able to do
this, but<br class="">
unfortunately, I think that the point that you raise
here is<br class="">
a key issue. Whether or not the copy is performed is
visible<br class="">
in the model, and so we can't simply act as though
there was<br class="">
a copy when optimizing. Someone could easily have
code that<br class="">
looks like:<br class="">
<br class="">
Foo DefaultX;<br class="">
<br class="">
...<br class="">
<br class="">
void something(Foo &A, Foo &B) {<br class="">
<br class="">
if (&A == &B) { ... }<br class="">
<br class="">
}<br class="">
<br class="">
void bar(Foo X) { something(X, DefaultX); }<br class="">
<br class="">
This example isn’t really on point; a call like
|bar(DefaultX)|<br class="">
obviously cannot just pass the address of |DefaultX|
as a<br class="">
by-value argument without first proving a lot of
stuff about how<br class="">
|foo| uses both its parameter and |DefaultX|. I
think |noalias|<br class="">
is actually a subset of what would have to be proven
there.<br class="">
</p>
</blockquote><p dir="auto" class=""> Yes, I apologize. You're right: my
pseudo-code missed the point.<br class="">
So the record is clear, let me rephrase:<br class="">
<br class="">
Foo *DefaultX = nullptr;<br class="">
...<br class="">
Foo::Foo() { if (!DefaultX) DefaultX = this; }<br class="">
...<br class="">
void bar(Foo X) { something(X, *DefaultX); }<br class="">
...<br class="">
bar(Foo{});<br class="">
<br class="">
I think that's closer to what we're talking about.<br class="">
<br class="">
</p>
<blockquote style="border-left:2px solid #777;
color:#BBB; margin:0 0 5px; padding-left:5px;
border-left-color:#BBB" class=""><p dir="auto" class=""> In general, the standard is clear that
you cannot rely on<br class="">
escaping a pointer to/into a trivially-copyable
pr-value<br class="">
argument prior to the call and then rely on that
pointer<br class="">
pointing into the corresponding parameter object.<br class="">
Implementations are /allowed/ to introduce copies.
But it does<br class="">
seem like the current wording would allow you to
rely on that<br class="">
pointer pointing into /some/ valid object, at least
until the<br class="">
end of the caller’s full-expression. That means
that, if we<br class="">
don’t guarantee to do an actual copy of the
argument, we cannot<br class="">
make it UB to access the parameter variable through
pointers to<br class="">
the argument temporary, which is what marking the
parameter as<br class="">
|noalias| would do.<br class="">
<br class="">
So I guess the remaining questions are:<br class="">
<br class="">
* Is this something we can reasonably change in the
standard?<br class="">
</p>
</blockquote><p dir="auto" class=""> This is the part that I'm unclear about.
What change would we make?<br class="">
<br class="">
</p>
</blockquote><p dir="auto" class=""> Also, maybe some extended use of the
no_unique_address attribute<br class="">
would help?<br class="">
<br class="">
-Hal<br class="">
<br class="">
</p>
<blockquote style="border-left:2px solid #777; color:#BBB;
margin:0 0 5px; padding-left:5px;
border-left-color:#BBB" class="">
<blockquote style="border-left:2px solid #777;
color:#BBB; margin:0 0 5px; padding-left:5px;
border-left-color:#BBB" class=""><p dir="auto" class=""> * Are we comfortable setting |noalias|
in C if the only place<br class="">
that would break is with a C++ caller?<br class="">
</p>
</blockquote><p dir="auto" class=""> Out of curiosity, if you take C in
combination with our<br class="">
statement-expression extension implementation<br class="">
(<a href="https://gcc.gnu.org/onlinedocs/gcc/Statement-Exprs.html" style="color:#BBB" moz-do-not-send="true" class="">https://gcc.gnu.org/onlinedocs/gcc/Statement-Exprs.html</a><br class="">
<<a href="https://gcc.gnu.org/onlinedocs/gcc/Statement-Exprs.html" style="color:#BBB" moz-do-not-send="true" class="">https://gcc.gnu.org/onlinedocs/gcc/Statement-Exprs.html</a>>),
and<br class="">
notwithstanding the statement in the GCC manual about
returns by<br class="">
value (i.e., the part just before where it says,
"Therefore the<br class="">
this pointer observed by Foo is not the address of
a."), is there<br class="">
any relationship to this topic?<br class="">
<br class="">
Thanks again,<br class="">
<br class="">
Hal<br class="">
<br class="">
</p>
<blockquote style="border-left:2px solid #777;
color:#BBB; margin:0 0 5px; padding-left:5px;
border-left-color:#BBB" class=""><p dir="auto" class=""> John.<br class="">
<br class="">
As Richard's example shows, the code doesn't need to<br class="">
explicitly compare the addresses to detect the copy
either.<br class="">
Any code that reads/writes to the objects can do it.
A<br class="">
perhaps-more-realistic example might be:<br class="">
<br class="">
int Cnt = A.RefCnt; ++A.RefCnt; ++B.RefCnt; if
(Cnt + 1 !=<br class="">
A.RefCnt) { /* same object case */ }<br class="">
<br class="">
The best suggestion that I have so far is that we
could add<br class="">
an attribute like 'can_copy' indicating that the
optimizer<br class="">
can make a formal copy of the argument in the callee
and use<br class="">
that instead of the original pointer if that seems
useful. I<br class="">
can certainly imagine a transformation such as LICM
making<br class="">
use of such a thing (although the cost modeling
would<br class="">
probably need to be fairly conservative).<br class="">
<br class="">
-Hal<br class="">
<br class="">
...<br class="">
<br class="">
John.<br class="">
<br class="">
<br class="">
_______________________________________________<br class="">
cfe-dev mailing list<br class="">
<a class="moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org">cfe-dev@lists.llvm.org</a> <<a href="mailto:cfe-dev@lists.llvm.org" style="color:#BBB" moz-do-not-send="true" class="">mailto:cfe-dev@lists.llvm.org</a>><br class="">
<a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" style="color:#BBB" moz-do-not-send="true" class="">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a><br class="">
<<a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" style="color:#BBB" moz-do-not-send="true" class="">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a>><br class="">
<br class="">
-- <br class="">
Hal Finkel<br class="">
Lead, Compiler Technology and Programming Languages<br class="">
Leadership Computing Facility<br class="">
Argonne National Laboratory<br class="">
</p>
</blockquote><p dir="auto" class=""> -- <br class="">
Hal Finkel<br class="">
Lead, Compiler Technology and Programming Languages<br class="">
Leadership Computing Facility<br class="">
Argonne National Laboratory</p>
</blockquote><p dir="auto" class=""> -- <br class="">
Hal Finkel<br class="">
Lead, Compiler Technology and Programming Languages<br class="">
Leadership Computing Facility<br class="">
Argonne National Laboratory<br class="">
<br class="">
_______________________________________________<br class="">
cfe-dev mailing list<br class="">
<a class="moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org">cfe-dev@lists.llvm.org</a> <<a href="mailto:cfe-dev@lists.llvm.org" style="color:#999" moz-do-not-send="true" class="">mailto:cfe-dev@lists.llvm.org</a>><br class="">
<a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" style="color:#999" moz-do-not-send="true" class="">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a><br class="">
<<a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" style="color:#999" moz-do-not-send="true" class="">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a>><br class="">
</p>
</blockquote><p dir="auto" class="">-- <br class="">
Hal Finkel<br class="">
Lead, Compiler Technology and Programming Languages<br class="">
Leadership Computing Facility<br class="">
Argonne National Laboratory</p>
</blockquote>
</div>
<div style="white-space:normal" class="">
</div>
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Hal Finkel
Lead, Compiler Technology and Programming Languages
Leadership Computing Facility
Argonne National Laboratory</pre>
</div>
_______________________________________________<br class="">cfe-dev mailing list<br class=""><a href="mailto:cfe-dev@lists.llvm.org" class="">cfe-dev@lists.llvm.org</a><br class=""><a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" class="">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a><br class=""></div></blockquote></div><br class=""></div></div></div>_______________________________________________<br class="">cfe-dev mailing list<br class=""><a href="mailto:cfe-dev@lists.llvm.org" class="">cfe-dev@lists.llvm.org</a><br class="">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev<br class=""></div></blockquote></div><br class=""></body></html>