<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Nov 4, 2020 at 10:54 AM Sameer Abu Asal <<a href="mailto:sameer.abuasal@gmail.com">sameer.abuasal@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><br><br></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Nov 3, 2020 at 7:03 PM David Blaikie <<a href="mailto:dblaikie@gmail.com" target="_blank">dblaikie@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Pretty sure the inlined version works because the frontend devirtualizes (since the concrete type is known without any analysis) </div></blockquote><div>I assume you are referring to "devirt_bad_fixed", yes exactly this is getting de-virted by clang. In fact I tried to remedy this in my code base by making the "test" function a template over the input object to force clang to see the types and de-virt safely.<br></div></div></div></blockquote><div><br></div><div>Right - I'd expect a template could probably tickle the frontend devirt - but the frontend might still have to be able to see the concrete type of the object, so not just an object reference (because there could be a further derived class - /maybe/ if the type is "final" that'd suffice)<br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div><br>The devirt_good however is being de-virtualized by Inst combine, that is what I see from print-after-all.<br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">- once that's not possible, the single call (or probably any non-looping chain of calls) can be devirtualized until a non-inline virtual call is hit - at that point the compiler can't see that the vtable pointer hasn't changed (this is a limitation of LLVM, not a limitation of C++ in general - C++ in general guarantees that the vtable pointer won't change over a virtual call - but it doesn't guarantee that it won't change at all (you can placement delete, placement new some other object, then reverse that before the function returns and that's valid)).<br></div></blockquote><div>So IIUC, you are saying that because the bad case is in a loop, the first call to the "method()" might result in changing the vtable pointer, so every call after the first will have to go get the function pointer again?<br>That kind of explains what I am seeing here (<a href="https://godbolt.org/z/bvsbE7" target="_blank">https://godbolt.org/z/bvsbE7</a>), and what Hiroshi mentioned, the first peeled loop is devirtualized but not the rest.<br></div></div></div></blockquote><div><br>Yep<br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"> <br></div></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">For example: <a href="https://godbolt.org/z/8zrhx8" target="_blank">https://godbolt.org/z/8zrhx8</a> - two calls to 'test' if 'sub::method' is not defined in this translation unit: First is devirtualized because the ctor is inline and the vtable pointer is seen from that, but then the compiler assumes the vtable pointer might've been modified by that call, so the second call is not devirtualized. If you make the ctor non-inline, you'll see both are indirect/not devirtualized.<br></div></blockquote><div>Yep, I am not even trying to devirt something not fully inline-able :)<br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br>The loop presents the general case of this problem - can't provide an inductive proof that every call will result in the same vtable pointer, so have to err on the side of caution.</div></blockquote><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"> </div></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br>I think tehre's an old bug kicking around somewhere that boils down to "make we could use the llvm.assume intrinsic after every virtual call, to assert that the vtable pointer is the same before and after the call" but not sure what state that bug is in/how practical that strategy would be.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Nov 3, 2020 at 6:12 PM Sameer Abu Asal via llvm-dev <<a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><br></div><div>Hi, <br><br>I came across this case that shows a bad case for de-virtualizeation<br>
<br>
<a href="https://godbolt.org/z/e7r6a8" target="_blank">https://godbolt.org/z/e7r6a8</a><br>
<br>
If you have a call to a virtual function inside of a Loop, llvm is unable to de-virt the call simply with Instr Combine. However, for the case where we put the virtual call inside a loop. <br><br>You can recreate the output for inst-combine with:<br>
<br>
<pre><code>clang++ -mllvm -print-after-all -mllvm -filter-print-funcs=_Z10devirt_badm -S -O3 -emit-llvm ./test_devirt.cpp -mllvm -debug-only=instcombine -o ./test_devi</code><br><code>rt.ll |& tee /tmp/log.bad</code><br><br><code>clang++ -mllvm -print-after-all -mllvm -filter-print-funcs=_Z11devirt_goodv -S -O3 -emit-llvm ./test_devirt.cpp -mllvm -debug-only=instcombine -o ./test</code><br><code>_devirt.ll |& tee /tmp/log.good</code><br></pre>
It seems to me a problem with Inst combine not being able to hoist the call to get the virtual func pointer outside of the loop, is that right? Can we possibly do better than this?<br></div><div><br></div><div>Thank you,</div><br clear="all"><div><div dir="ltr"><div dir="ltr">--Sameer<br><br></div></div></div></div>
_______________________________________________<br>
LLVM Developers mailing list<br>
<a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a><br>
<a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev" rel="noreferrer" target="_blank">https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev</a><br>
</blockquote></div>
</blockquote></div></div>
</blockquote></div></div>