Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix tbaa annotation on union selector bytes inside of structs #54604

Merged
merged 3 commits into from
Jun 5, 2024

Conversation

gbaraldi
Copy link
Member

@gbaraldi gbaraldi commented May 28, 2024

We currently cause a alias analysis contradiction by saying that the unionselbytes are on the stack, even if they are on a struct. LLVM is then able to figure out that we giving it a impossible alias situation (the object doesn't alias itself) and triggers UB.

https://godbolt.org/z/ssEKMzsPf

We may want to do a benchmarks run on this to see if anything too critical hasn't regressed.

Fixes #54599

…d alias analysis contradictions that resulted in UB

Co-authored-by: Cody Tapscott <[email protected]>
@gbaraldi gbaraldi requested a review from vtjnash May 28, 2024 19:46
@gbaraldi gbaraldi added the backport 1.11 Change should be backported to release-1.11 label May 28, 2024
@@ -2780,7 +2780,8 @@ static MDNode *best_field_tbaa(jl_codectx_t &ctx, const jl_cgval_t &strct, jl_da
}
}
if (strct.V && jl_field_isconst(jt, idx) && isLoadFromConstGV(strct.V))
return ctx.tbaa().tbaa_const;
return ctx.tbaa().tbaa_const; //TODO: it seems odd to have a field with a tbaa that doesn't alias it's containing struct's tbaa
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"it's" -> "its" ?

@@ -938,3 +938,12 @@ BigStructAnyInt() = BigStructAnyInt((Union{Base.inferencebarrier(Float64), Int}=
@test egal_any54109(Torture1_54109(), Torture1_54109())
@test egal_any54109(Torture2_54109(), Torture2_54109())
@test !egal_any54109(Torture1_54109(), Torture1_54109((DefaultOr54109(2.0, false) for i = 1:897)...))

function foo54599()
pkgid = Base.identify_package("Test")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to minimise this a bit or is that tricky? It's a lot of code under the hood here and with changes to that code it's possible a regression would not be found?

@topolarity
Copy link
Member

Uh oh, I found this example that fails LLVM assertions even with this PR:

bar54599() = Base.inferencebarrier(true) ? (Base.PkgId(Test),1) : nothing
function foo54599()
    pkginfo = @noinline bar54599()
    pkgid = pkginfo !== nothing ? pkginfo[1] : nothing
    pkgid.uuid !== nothing ? pkgid.uuid : false
end

@test foo54599() !== nothing
julia: /home/topolarity/repos/julia/src/llvm-alloc-opt.cpp:408: void {anonymous}::Optimizer::insertLifetime(llvm::Value*, llvm::Constant*, llvm::Instruction*): Assertion `cur.p_cur != cur.p_end' failed.

@KristofferC KristofferC mentioned this pull request May 29, 2024
60 tasks
@gbaraldi
Copy link
Member Author

gbaraldi commented Jun 5, 2024

@topolarity that is a separate crash 😄, that is fixed in #54690.

@oscardssmith
Copy link
Member

in that case, should we merge this?

@gbaraldi
Copy link
Member Author

gbaraldi commented Jun 5, 2024

I wasn't able to minimize that test to I gues so

@oscardssmith oscardssmith merged commit 30542e0 into master Jun 5, 2024
7 checks passed
@oscardssmith oscardssmith deleted the gb/tbaa-union-ub branch June 5, 2024 19:00
@topolarity
Copy link
Member

The crash I pointed out was in search of a more minimal test case.

Here's one that works:

bar54599() = Base.inferencebarrier(true) ? (Base.PkgId(Main),1) : nothing
function foo54599()
    pkginfo = @noinline bar54599()
    pkgid = pkginfo !== nothing ? pkginfo[1] : nothing
    @noinline println(devnull, pkgid)
    pkgid.uuid !== nothing ? pkgid.uuid : false
end
foo54599() # segfaults

topolarity pushed a commit that referenced this pull request Jun 6, 2024
…54690)

AllocOpt probably needs to handle that in other places more smartly but
this seems to at least stop it crashing. Fixes issue found in
#54604 (comment) by
@topolarity.
KristofferC pushed a commit that referenced this pull request Jun 7, 2024
We currently cause a alias analysis contradiction by saying that the
unionselbytes are on the stack, even if they are on a struct. LLVM is
then able to figure out that we giving it a impossible alias situation
(the object doesn't alias itself) and triggers UB.

https://godbolt.org/z/ssEKMzsPf

We may want to do a benchmarks run on this to see if anything too
critical hasn't regressed.

Fixes #54599

---------

Co-authored-by: Cody Tapscott <[email protected]>
(cherry picked from commit 30542e0)
KristofferC pushed a commit that referenced this pull request Jun 7, 2024
…54690)

AllocOpt probably needs to handle that in other places more smartly but
this seems to at least stop it crashing. Fixes issue found in
#54604 (comment) by
@topolarity.

(cherry picked from commit 5cb1107)
KristofferC pushed a commit that referenced this pull request Jun 7, 2024
We currently cause a alias analysis contradiction by saying that the
unionselbytes are on the stack, even if they are on a struct. LLVM is
then able to figure out that we giving it a impossible alias situation
(the object doesn't alias itself) and triggers UB.

https://godbolt.org/z/ssEKMzsPf

We may want to do a benchmarks run on this to see if anything too
critical hasn't regressed.

Fixes #54599

---------

Co-authored-by: Cody Tapscott <[email protected]>
(cherry picked from commit 30542e0)
KristofferC pushed a commit that referenced this pull request Jun 7, 2024
…54690)

AllocOpt probably needs to handle that in other places more smartly but
this seems to at least stop it crashing. Fixes issue found in
#54604 (comment) by
@topolarity.

(cherry picked from commit 5cb1107)
KristofferC added a commit that referenced this pull request Jun 25, 2024
Backported PRs:
- [x] #54361 <!-- [LBT] Upgrade to v5.9.0 -->
- [x] #54474 <!-- Unalias source from dest in copytrito -->
- [x] #54548 <!-- Fixes for bitcast bugs with LLVM 17 / opaque pointers
-->
- [x] #54191 <!-- make `AbstractPipe` public -->
- [x] #53402 <!-- Add `jl_getaffinity` and `jl_setaffinity` -->
- [x] #53356 <!-- Rename at-scriptdir project argument to at-script and
search upwards for Project.toml -->
- [x] #54545 <!-- typeintersect: fix incorrect innervar handling under
circular env -->
- [x] #54586 <!-- Set storage class of julia globals to dllimport on
windows to avoid auto-import weirdness. Forward port of #54572 -->
- [x] #54587 <!-- Accomodate for rectangular matrices in `copytrito!`
-->
- [x] #54617 <!-- CLI: Use `GetModuleHandleExW` to locate libjulia.dll
-->
- [x] #54605 <!-- Allow libquadmath to also fail as it is not available
on all systems -->
- [x] #54634 <!-- Fix trampoline assembly for build on clang 18 on apple
silicon -->
- [x] #54635 <!-- Aggressive constprop in trevc! to stabilize triangular
eigvec -->
- [x] #54645 <!-- ensure we set the right value to gc_first_tid -->
- [x] #54554 <!-- make elsize public -->
- [x] #54648 <!-- Construct LazyString in error paths for tridiag -->
- [x] #54658 <!-- fix missing uuid check on extension when finding the
location of an extension -->
- [x] #54594 <!-- Switch to Pkg mode prompt immediately and load Pkg in
the background -->
- [x] #54669 <!-- Improve error message in inplace transpose -->
- [x] #54671 <!-- Add boundscheck in bindingkey_eq to avoid OOB access
due to data race -->
- [x] #54672 <!-- make: Fix `sed` command for LLVM libraries with no
symbol versioning -->
- [x] #54624 <!-- more precise aliasing checks for SubArray -->
- [x] #54679 <!-- 🤖 [master] Bump the Distributed stdlib from 6a07d98 to
6c7cdb5 -->
- [x] #54604 <!-- Fix tbaa annotation on union selector bytes inside of
structs -->
- [x] #54690 <!-- Fix assertion/crash when optimizing function with dead
basic block -->
- [x] #54704 <!-- LazyString in reinterpretarray error messages -->
- [x] #54718 <!-- fix prepend StackOverflow issue -->
- [x] #54674 <!-- Reimplement dummy pkg prompt as standard prompt -->
- [x] #54737 <!-- LazyString in interpolated error messages involving
types -->
- [x] #54642 <!-- Document GenericMemory and AtomicMemory -->
- [x] #54713 <!-- make: use `readelf` for LLVM symbol version detection
-->
- [x] #54760 <!-- REPL: improve prompt! async function handler -->
- [x] #54606 <!-- fix double-counting and non-deterministic results in
`summarysize` -->
- [x] #54759 <!-- REPL: Fully populate the dummy Pkg prompt -->
- [x] #54702 <!-- lowering: Recognize argument destructuring inside
macro hygiene -->
- [x] #54678 <!-- Don't let setglobal! implicitly create bindings -->
- [x] #54730 <!-- Fix uuidkey of exts in fast path of `require_stdlib`
-->
- [x] #54765 <!-- Handle no-postdominator case in finalizer pass -->
- [x] #54591 <!-- Don't expose guard pages to malloc_stack API consumers
-->
- [x] #54755 <!-- [TOML] remove Dates hack, replace with explicit usage
-->
- [x] #54721 <!-- add try/catch around scheduler to reset sleep state
-->
- [x] #54631 <!-- Avoid concatenating LazyString in setindex! for
triangular matrices -->
- [x] #54322 <!-- effects: add new `@consistent_overlay` macro -->
- [x] #54785
- [x] #54865
- [x] #54815
- [x] #54795
- [x] #54779
- [x] #54837 

Contains multiple commits, manual intervention needed:
- [ ] #52694 <!-- Reinstate similar for AbstractQ for backward
compatibility -->
- [ ] #54649 <!-- Less restrictive copyto! signature for triangular
matrices -->

Non-merged PRs with backport label:
- [ ] #54779 <!-- make recommendation clearer on manifest version
mismatch -->
- [ ] #54739 <!-- finish implementation of upgradable stdlibs -->
- [ ] #54738 <!-- serialization: fix relocatability bug -->
- [ ] #54574 <!-- Make ScopedValues public -->
- [ ] #54457 <!-- Make `String(::Memory)` copy -->
- [ ] #53957 <!-- tweak how filtering is done for what packages should
be precompiled -->
- [ ] #53452 <!-- RFC: allow Tuple{Union{}}, returning Union{} -->
- [ ] #53286 <!-- Raise an error when using `include_dependency` with
non-existent file or directory -->
- [ ] #51479 <!-- prevent code loading from lookin in the versioned
environment when building Julia -->
@KristofferC KristofferC removed the backport 1.11 Change should be backported to release-1.11 label Jun 25, 2024
KristofferC pushed a commit that referenced this pull request Jul 24, 2024
…54690)

AllocOpt probably needs to handle that in other places more smartly but
this seems to at least stop it crashing. Fixes issue found in
#54604 (comment) by
@topolarity.

(cherry picked from commit 5cb1107)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

PkgId objects change by printing and returning from function
5 participants