<div dir="ltr"><div>> But someone should measure before we move it.</div><div><br></div>I ran numbers on a large, varied codebase with an up-to-date clang-based FORTIFY implementation. With the current forced lowering in CGP, we lowered 64,662 calls to @llvm.objectsize to non-failure values and lowered 111,224 to failure values. Making the instcombine iteration after EP_VectorizerStart require that all objectsize intrinsics are lowered, we found successful values for 64,552 llvm.objectsize intrinsics, and returned failure values for 120,616.<div><br></div><div>Taken literally, we fail to lower 63.2% of calls with "successful" values today, and this change makes us fail to lower 65.1%. However, given that the earlier lowering makes us lower a little over 9,000 additional intrinsics, I'd imagine that most of these 'new' failures got DCE'd away before hitting CGP in the past.</div><div><br></div><div>In any case, I'd like to note that these numbers don't include calls to __builtin_object_size that clang is able to lower itself, so from a clang user's perspective, any degradation mentioned here is likely an overstatement.</div><div><br></div><div>Given the above, I've no issues with forcing @llvm.objectsize lowering to earlier in the pipeline. I have <a href="https://reviews.llvm.org/D49103" target="_blank">a patch</a> to do this as part of InstCombine. Happy to make a LowerBestEffortPostOptimizationIntrinsicsPass (or whatever) specifically for this, if that would be preferable. Also happy to dig into where some of those additional objectsizes appear from if people really want.</div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Jun 29, 2018 at 3:59 PM Friedman, Eli <<a href="mailto:efriedma@codeaurora.org" target="_blank">efriedma@codeaurora.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div class="m_5868690275434698816m_6890720469940262117m_-384851610103442058m_-3769628858635451463m_7513926913660911657m_-2799280070184081083m_-4506348783183226296m_1397596578237713959moz-cite-prefix">On 6/29/2018 3:25 PM, George Burgess IV
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>> <span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">we
lower llvm.objectsize later than we should</span></div>
<div><br>
</div>
<div>Is there a well-accepted best (or even just better) place
to lower objectsize? I ask because I sorta fear that these
kinds of problems will become more pronounced as
llvm.is.constant, which is also lowered in CGP, gains
popularity.</div>
</div>
</blockquote>
<br>
After the "simplification" part of the optimization pipeline (after
we've finished inlining and the associated function simplification
passes have run), we're unlikely to find new information that would
help simplify an llvm.objectsize or llvm.is.constant call. So
roughly around EP_VectorizerStart is probably appropriate. But
someone should measure before we move it.<br>
<br>
-Eli<br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>(To be clear, I think it totally makes sense to lower
is.constant and objectsize in the same place. I'm just saying
that if the ideal piece of code to do that isn't CGP, ...)</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Fri, Jun 29, 2018 at 12:21 PM Friedman, Eli
via llvm-dev <<a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 6/28/2018
9:44 PM, Bharathi Seshadri via llvm-dev wrote:<br>
> Hi,<br>
><br>
> I have come across a couple of cases where the code
generated after<br>
> CodeGenPrepare pass has "br i1 false .." with both true
and false<br>
> conditions preserved and this propagates further and
remains the same<br>
> in the final assembly code/executable.<br>
><br>
> In CodeGenPrepare::runOnFunction, ConstantFoldTerminator
(which<br>
> handles the br i1 false condition) is called only once
and if after<br>
> the transformation of code by ConstantFoldTerminator()
and<br>
> DeleteDeadBlock() we end up with code like "br i1 false",
there is no<br>
> further opportunity to clean them up. So calling this
code under<br>
> (!DisableBranchOpts) in a loop until no more
transformations are made<br>
> fixes this issue. Is this reasonable ?<br>
<br>
I would expect the precise case you're running into is rare:
the second <br>
iteration of the loop does nothing useful unless the IR
specifically has <br>
an i1 phi node in a block whose predecessors were erased. And
the <br>
default optimization pipeline runs SimplifyCFG at the very
end, which is <br>
close to CodeGenPrepare, so the CFG simplification will
usually be a <br>
no-op anyway.<br>
<br>
We really shouldn't be doing this sort of folding in
CodeGenPrepare in <br>
the first place. It looks like it was added to work around
the fact <br>
that we we lower llvm.objectsize later than we should.<br>
<br>
-Eli<br>
<br>
-- <br>
Employee of Qualcomm Innovation Center, Inc.<br>
Qualcomm Innovation Center, Inc. is a member of Code Aurora
Forum, a Linux Foundation Collaborative Project<br>
<br>
_______________________________________________<br>
LLVM Developers mailing list<br>
<a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev</a><br>
</blockquote>
</div>
</blockquote>
<p><br>
</p>
<pre class="m_5868690275434698816m_6890720469940262117m_-384851610103442058m_-3769628858635451463m_7513926913660911657m_-2799280070184081083m_-4506348783183226296m_1397596578237713959moz-signature" cols="72">--
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project</pre>
</div>
</blockquote></div>