[PATCH] D88823: [CodeGen][TailDuplicator] Don't duplicate blocks with INLINEASM_BR

Nick Desaulniers via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Mon Oct 5 14:40:21 PDT 2020 

nickdesaulniers added a comment.

I confirmed that this patch does fix the kernel panic observed in https://github.com/ClangBuiltLinux/linux/issues/1125#issuecomment-703890483.

I don't understand the bug though.  Looking at the output of:

  llc -mtriple=i686-- -stop-after=early-tailduplication -print-after-all llvm/test/CodeGen/X86/tail-dup-asm-goto.ll -o - 2>&1 | less

Before/After `IR Dump After Early Tail Duplication` before rebuilding clang with this patch applied (so still in a bad state), but nothing looks wrong to me.  So what precisely is the bug?

Before early tail dup:

  bb.0.bb:
    successors: %bb.1(0x40000000), %bb.2(0x40000000); %bb.1(50.00%), %bb.2(50.00%)
  
    %2:gr32 = IMPLICIT_DEF
    %0:gr32 = MOV32rm killed %2:gr32, 1, $noreg, 0, $noreg :: (load 4 from `i8** undef`, align 8)
    %3:gr32_abcd = MOV32r0 implicit-def dead $eflags
    %4:gr8 = COPY %3.sub_8bit:gr32_abcd
    TEST8rr %4:gr8, %4:gr8, implicit-def $eflags
    JCC_1 %bb.2, 5, implicit $eflags
    JMP_1 %bb.1
  
  bb.1.bb100:
  ; predecessors: %bb.0
    successors: %bb.3(0x80000000); %bb.3(100.00%)
  
    %6:gr32 = IMPLICIT_DEF
    MOV32mi killed %6:gr32, 1, $noreg, 0, $noreg, 0 :: (store 4 into `i8** undef`, align 8)
    JMP_1 %bb.3
  
  bb.2.bb106:
  ; predecessors: %bb.0
    successors: %bb.3(0x80000000); %bb.3(100.00%)
  
    ADJCALLSTACKDOWN32 0, 0, 0, implicit-def dead $esp, implicit-def dead $eflags, implicit-def dead $ssp, implicit $esp, implicit $ssp
    CALLpcrel32 @foo, <regmask $bh $bl $bp $bph $bpl $bx $di $dih $dil $ebp $ebx $edi $esi $hbp $hbx $hdi $hsi $si $sih $sil>, implicit $esp, implicit $ssp, implicit-def $esp, implicit-def 
  $ssp
    ADJCALLSTACKUP32 0, 0, implicit-def dead $esp, implicit-def dead $eflags, implicit-def dead $ssp, implicit $esp, implicit $ssp
    %5:gr32 = MOV32r0 implicit-def dead $eflags
  
  bb.3.bb110:
  ; predecessors: %bb.2, %bb.1
    successors: %bb.5(0x80000000), %bb.4(0x00000000); %bb.5(100.00%), %bb.4(0.00%)
  
    %1:gr32 = PHI %5:gr32, %bb.2, %0:gr32, %bb.1
    INLINEASM_BR &"" [sideeffect] [mayload] [attdialect], $0:[imm], 42, $1:[imm], 0, $2:[imm], blockaddress(@test1, %ir-block.bb17.i.i.i), $3:[clobber], implicit-def early-clobber $df, $4:[
  clobber], implicit-def early-clobber $fpsw, $5:[clobber], implicit-def early-clobber $eflags
    JMP_1 %bb.5
  
  bb.4.bb17.i.i.i (address-taken):
  ; predecessors: %bb.3
    successors: %bb.5(0x80000000); %bb.5(100.00%)
  
  
  bb.5.kmem_cache_has_cpu_partial.exit:
  ; predecessors: %bb.3, %bb.4
  
    $eax = COPY %1:gr32
    RET 0, $eax

After early tail dup:

  bb.0.bb:
    successors: %bb.1(0x40000000), %bb.2(0x40000000); %bb.1(50.00%), %bb.2(50.00%)
  
    %2:gr32 = IMPLICIT_DEF
    %0:gr32 = MOV32rm killed %2:gr32, 1, $noreg, 0, $noreg :: (load 4 from `i8** undef`, align 8)
    %3:gr32_abcd = MOV32r0 implicit-def dead $eflags
    %4:gr8 = COPY %3.sub_8bit:gr32_abcd
    TEST8rr %4:gr8, %4:gr8, implicit-def $eflags
    JCC_1 %bb.2, 5, implicit $eflags
    JMP_1 %bb.1
  
  bb.1.bb100:
  ; predecessors: %bb.0
    successors: %bb.5(0x80000000), %bb.4(0x00000000); %bb.5(100.00%), %bb.4(0.00%)
  
    %6:gr32 = IMPLICIT_DEF
    MOV32mi killed %6:gr32, 1, $noreg, 0, $noreg, 0 :: (store 4 into `i8** undef`, align 8)
    INLINEASM_BR &"" [sideeffect] [mayload] [attdialect], $0:[imm], 42, $1:[imm], 0, $2:[imm], blockaddress(@test1, %ir-block.bb17.i.i.i), $3:[clobber], implicit-def early-clobber $df, $4:[clobber], implicit-def early-clobber $fpsw, $5:[clobber], implicit-def early-clobber $eflags
    JMP_1 %bb.5
  
  bb.2.bb106:
  ; predecessors: %bb.0
    successors: %bb.5(0x80000000), %bb.4(0x00000000); %bb.5(100.00%), %bb.4(0.00%)
  
    ADJCALLSTACKDOWN32 0, 0, 0, implicit-def dead $esp, implicit-def dead $eflags, implicit-def dead $ssp, implicit $esp, implicit $ssp
    CALLpcrel32 @foo, <regmask $bh $bl $bp $bph $bpl $bx $di $dih $dil $ebp $ebx $edi $esi $hbp $hbx $hdi $hsi $si $sih $sil>, implicit $esp, implicit $ssp, implicit-def $esp, implicit-def $ssp
    ADJCALLSTACKUP32 0, 0, implicit-def dead $esp, implicit-def dead $eflags, implicit-def dead $ssp, implicit $esp, implicit $ssp
    %5:gr32 = MOV32r0 implicit-def dead $eflags
    INLINEASM_BR &"" [sideeffect] [mayload] [attdialect], $0:[imm], 42, $1:[imm], 0, $2:[imm], blockaddress(@test1, %ir-block.bb17.i.i.i), $3:[clobber], implicit-def early-clobber $df, $4:[clobber], implicit-def early-clobber $fpsw, $5:[clobber], implicit-def early-clobber $eflags
    JMP_1 %bb.5
  
  bb.4.bb17.i.i.i (address-taken):
  ; predecessors: %bb.1, %bb.2
    successors: %bb.5(0x80000000); %bb.5(100.00%)
  
    %9:gr32 = PHI %0:gr32, %bb.1, %5:gr32, %bb.2
  
  bb.5.kmem_cache_has_cpu_partial.exit:
  ; predecessors: %bb.4, %bb.1, %bb.2
  
    %10:gr32 = PHI %9:gr32, %bb.4, %0:gr32, %bb.1, %5:gr32, %bb.2
    $eax = COPY %10:gr32
    RET 0, $eax

The comment

> We assume that all values used on the indirect path
> dominates all paths into the indirect block, i.e. don't have PHI nodes.

Doesn't make sense to me.  Which PHI node in the above post-early-tail-dup is problematic?

I wonder if there's perhaps a later pass that's messing up, and this change is simply hiding that? Or if duplicating the `INLINEASM_BR` results in multiple side effects? (Even if the code is never run, the kernel uses `.pushsection` to squirrel away data in these, so tail duplication is duplicating the data.  Is that a problem? Not sure yet.)


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D88823/new/

https://reviews.llvm.org/D88823

More information about the llvm-commits mailing list