Author: Björn Pettersson Date: 2024-05-08T20:16:03-07:00 New Revision: f5f572f54b32f6ff3ae450fa421ed6d478f09ec8
URL: https://github.com/llvm/llvm-project/commit/f5f572f54b32f6ff3ae450fa421ed6d478f09ec8 DIFF: https://github.com/llvm/llvm-project/commit/f5f572f54b32f6ff3ae450fa421ed6d478f09ec8.diff LOG: [SelectionDAG] Mark frame index as "aliased" at argument copy elison (#89712) This is a fix for miscompiles reported in https://github.com/llvm/llvm-project/issues/89060 After argument copy elison the IR value for the eliminated alloca is aliasing with the fixed stack object. This patch is making sure that we mark the fixed stack object as being aliased with IR values to avoid that for example schedulers are reordering accesses to the fixed stack object. This could otherwise happen when there is a mix of MemOperands refering the shared fixed stack slow via both the IR value for the elided alloca, and via a fixed stack pseudo source value (as would be the case when lowering the arguments). (cherry picked from commit d8b253be56b3e9073b3e59123cf2da0bcde20c63) Added: llvm/test/CodeGen/Hexagon/arg-copy-elison.ll Modified: llvm/include/llvm/CodeGen/MachineFrameInfo.h llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp Removed: ################################################################################ diff --git a/llvm/include/llvm/CodeGen/MachineFrameInfo.h b/llvm/include/llvm/CodeGen/MachineFrameInfo.h index 7d11d63d4066f..c35faac09c4d9 100644 --- a/llvm/include/llvm/CodeGen/MachineFrameInfo.h +++ b/llvm/include/llvm/CodeGen/MachineFrameInfo.h @@ -697,6 +697,13 @@ class MachineFrameInfo { return Objects[ObjectIdx+NumFixedObjects].isAliased; } + /// Set "maybe pointed to by an LLVM IR value" for an object. + void setIsAliasedObjectIndex(int ObjectIdx, bool IsAliased) { + assert(unsigned(ObjectIdx+NumFixedObjects) < Objects.size() && + "Invalid Object Idx!"); + Objects[ObjectIdx+NumFixedObjects].isAliased = IsAliased; + } + /// Returns true if the specified index corresponds to an immutable object. bool isImmutableObjectIndex(int ObjectIdx) const { // Tail calling functions can clobber their function arguments. diff --git a/llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp b/llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp index 5ce1013f30fd1..7406a8ac1611d 100644 --- a/llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp +++ b/llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp @@ -10888,7 +10888,7 @@ static void tryToElideArgumentCopy( } // Perform the elision. Delete the old stack object and replace its only use - // in the variable info map. Mark the stack object as mutable. + // in the variable info map. Mark the stack object as mutable and aliased. LLVM_DEBUG({ dbgs() << "Eliding argument copy from " << Arg << " to " << *AI << '\n' << " Replacing frame index " << OldIndex << " with " << FixedIndex @@ -10896,6 +10896,7 @@ static void tryToElideArgumentCopy( }); MFI.RemoveStackObject(OldIndex); MFI.setIsImmutableObjectIndex(FixedIndex, false); + MFI.setIsAliasedObjectIndex(FixedIndex, true); AllocaIndex = FixedIndex; ArgCopyElisionFrameIndexMap.insert({OldIndex, FixedIndex}); for (SDValue ArgVal : ArgVals) diff --git a/llvm/test/CodeGen/Hexagon/arg-copy-elison.ll b/llvm/test/CodeGen/Hexagon/arg-copy-elison.ll new file mode 100644 index 0000000000000..f0c30c301f446 --- /dev/null +++ b/llvm/test/CodeGen/Hexagon/arg-copy-elison.ll @@ -0,0 +1,39 @@ +; NOTE: Assertions have been autogenerated by utils/update_llc_test_checks.py UTC_ARGS: --version 4 +; RUN: llc -mtriple hexagon-- -o - %s | FileCheck %s + +; Reproducer for https://github.com/llvm/llvm-project/issues/89060 +; +; Problem was a bug in argument copy elison. Given that the %alloca is +; eliminated, the same frame index will be used for accessing %alloca and %a +; on the fixed stack. Care must be taken when setting up +; MachinePointerInfo/MemOperands for those accesses to either make sure that +; we always refer to the fixed stack slot the same way (not using the +; ir.alloca name), or make sure that we still detect that they alias each +; other if using diff erent kinds of MemOperands to identify the same fixed +; stack entry. +; +define i32 @f(i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32 %q1, i32 %a, i32 %q2) { +; CHECK-LABEL: f: +; CHECK: .cfi_startproc +; CHECK-NEXT: // %bb.0: +; CHECK-NEXT: { +; CHECK-NEXT: r0 = memw(r29+#36) +; CHECK-NEXT: r1 = memw(r29+#28) +; CHECK-NEXT: } +; CHECK-NEXT: { +; CHECK-NEXT: r0 = sub(r1,r0) +; CHECK-NEXT: r2 = memw(r29+#32) +; CHECK-NEXT: memw(r29+#32) = ##666 +; CHECK-NEXT: } +; CHECK-NEXT: { +; CHECK-NEXT: r0 = xor(r0,r2) +; CHECK-NEXT: jumpr r31 +; CHECK-NEXT: } + %alloca = alloca i32 + store i32 %a, ptr %alloca ; Should be elided. + store i32 666, ptr %alloca + %x = sub i32 %q1, %q2 + %y = xor i32 %x, %a ; Results in a load of %a from fixed stack. + ; Using same frame index as elided %alloca. + ret i32 %y +} _______________________________________________ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits
