llvm/lib/CodeGen
Gordon Henriksen 8fa8929177 With this patch, the LowerGC transformation becomes the
ShadowStackCollector, which additionally has reduced overhead with
no sacrifice in portability.

Considering a function @fun with 8 loop-local roots,
ShadowStackCollector introduces the following overhead
(x86):

; shadowstack prologue
        movl    L_llvm_gc_root_chain$non_lazy_ptr, %eax
        movl    (%eax), %ecx
        movl    $___gc_fun, 20(%esp)
        movl    $0, 24(%esp)
        movl    $0, 28(%esp)
        movl    $0, 32(%esp)
        movl    $0, 36(%esp)
        movl    $0, 40(%esp)
        movl    $0, 44(%esp)
        movl    $0, 48(%esp)
        movl    $0, 52(%esp)
        movl    %ecx, 16(%esp)
        leal    16(%esp), %ecx
        movl    %ecx, (%eax)

; shadowstack loop overhead
        (none)

; shadowstack epilogue
        movl    48(%esp), %edx
        movl    %edx, (%ecx)

; shadowstack metadata
        .align  3
___gc_fun:                              # __gc_fun
        .long   8
        .space  4

In comparison to LowerGC:

; lowergc prologue
        movl    L_llvm_gc_root_chain$non_lazy_ptr, %eax
        movl    (%eax), %ecx
        movl    %ecx, 48(%esp)
        movl    $8, 52(%esp)
        movl    $0, 60(%esp)
        movl    $0, 56(%esp)
        movl    $0, 68(%esp)
        movl    $0, 64(%esp)
        movl    $0, 76(%esp)
        movl    $0, 72(%esp)
        movl    $0, 84(%esp)
        movl    $0, 80(%esp)
        movl    $0, 92(%esp)
        movl    $0, 88(%esp)
        movl    $0, 100(%esp)
        movl    $0, 96(%esp)
        movl    $0, 108(%esp)
        movl    $0, 104(%esp)
        movl    $0, 116(%esp)
        movl    $0, 112(%esp)

; lowergc loop overhead
        leal    44(%esp), %eax
        movl    %eax, 56(%esp)
        leal    40(%esp), %eax
        movl    %eax, 64(%esp)
        leal    36(%esp), %eax
        movl    %eax, 72(%esp)
        leal    32(%esp), %eax
        movl    %eax, 80(%esp)
        leal    28(%esp), %eax
        movl    %eax, 88(%esp)
        leal    24(%esp), %eax
        movl    %eax, 96(%esp)
        leal    20(%esp), %eax
        movl    %eax, 104(%esp)
        leal    16(%esp), %eax
        movl    %eax, 112(%esp)

; lowergc epilogue
        movl    48(%esp), %edx
        movl    %edx, (%ecx)

; lowergc metadata
        (none)


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@45670 91177308-0d34-0410-b5e6-96231b3b80d8
2008-01-07 01:30:53 +00:00
..
SelectionDAG Enabling the target-independent garbage collection infrastructure by hooking it 2008-01-07 01:30:38 +00:00
AsmPrinter.cpp Enabling the target-independent garbage collection infrastructure by hooking it 2008-01-07 01:30:38 +00:00
BranchFolding.cpp rename isLoad -> isSimpleLoad due to evan's desire to have such a predicate. 2008-01-06 23:38:27 +00:00
Collector.cpp Rename SSARegMap -> MachineRegisterInfo in keeping with the idea 2007-12-31 04:13:23 +00:00
CollectorMetadata.cpp Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
Collectors.cpp Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
DwarfWriter.cpp MachineOperand::getImmedValue -> MachineOperand::getImm 2007-12-30 20:50:28 +00:00
ELFWriter.cpp Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
ELFWriter.h Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
IfConversion.cpp Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
IntrinsicLowering.cpp Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
LiveInterval.cpp Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
LiveIntervalAnalysis.cpp rename isLoad -> isSimpleLoad due to evan's desire to have such a predicate. 2008-01-06 23:38:27 +00:00
LiveVariables.cpp Rename SSARegMap -> MachineRegisterInfo in keeping with the idea 2007-12-31 04:13:23 +00:00
LLVMTargetMachine.cpp allow sinking to be enabled for the jit 2008-01-05 06:14:16 +00:00
LowerSubregs.cpp Move copyRegToReg from MRegisterInfo to TargetInstrInfo. This is part of the 2007-12-31 06:32:00 +00:00
MachineBasicBlock.cpp Implement automatically updated def/use lists for all MachineInstr register 2008-01-01 01:12:31 +00:00
MachineDominators.cpp Fix build issue on certain compilers. 2008-01-05 20:15:42 +00:00
MachineFunction.cpp properly encapsulate the parent field of MBB and MI with get/set accessors. 2007-12-31 04:56:33 +00:00
MachineInstr.cpp Make MachineRegisterInfo::getVRegDef more efficient by aiming the keep the def of the vreg at the start of the list, so the list doesn't need to be traversed. 2008-01-01 21:08:22 +00:00
MachineLICM.cpp Add that this preserves some analyses. 2008-01-04 08:48:49 +00:00
MachineLoopInfo.cpp make this build with newer gcc's 2008-01-05 23:29:51 +00:00
MachineModuleInfo.cpp Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
MachinePassRegistry.cpp Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
MachineRegisterInfo.cpp switch the register iterator to act more like hte LLVM value iterator: dereferencing 2008-01-01 20:36:19 +00:00
MachineSink.cpp The current impl is really trivial, add some comments about how it can be made better. 2008-01-05 06:47:58 +00:00
MachOWriter.cpp Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
MachOWriter.h Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
Makefile remove attribution from lib Makefiles. 2007-12-29 20:09:26 +00:00
Passes.cpp Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
PHIElimination.cpp Don't recalculate the loop info and loop dominators analyses if they're 2008-01-04 20:54:55 +00:00
PhysRegTracker.h Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
PostRASchedulerList.cpp Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
PrologEpilogInserter.cpp Remove an unused variable. 2008-01-06 07:43:13 +00:00
README.txt Enabling the target-independent garbage collection infrastructure by hooking it 2008-01-07 01:30:38 +00:00
RegAllocBigBlock.cpp Move some more instruction creation methods from RegisterInfo into InstrInfo. 2008-01-01 21:11:32 +00:00
RegAllocLinearScan.cpp Don't recalculate the loop info and loop dominators analyses if they're 2008-01-04 20:54:55 +00:00
RegAllocLocal.cpp Move some more instruction creation methods from RegisterInfo into InstrInfo. 2008-01-01 21:11:32 +00:00
RegAllocSimple.cpp Move some more instruction creation methods from RegisterInfo into InstrInfo. 2008-01-01 21:11:32 +00:00
RegisterCoalescer.cpp Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
RegisterScavenging.cpp Move some more instruction creation methods from RegisterInfo into InstrInfo. 2008-01-01 21:11:32 +00:00
ShadowStackCollector.cpp With this patch, the LowerGC transformation becomes the 2008-01-07 01:30:53 +00:00
SimpleRegisterCoalescing.cpp Don't recalculate the loop info and loop dominators analyses if they're 2008-01-04 20:54:55 +00:00
SimpleRegisterCoalescing.h Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
StrongPHIElimination.cpp Rename SSARegMap -> MachineRegisterInfo in keeping with the idea 2007-12-31 04:13:23 +00:00
TargetInstrInfoImpl.cpp Fix a problem where lib/Target/TargetInstrInfo.h would include and use 2008-01-01 01:03:04 +00:00
TwoAddressInstructionPass.cpp Don't recalculate the loop info and loop dominators analyses if they're 2008-01-04 20:54:55 +00:00
UnreachableBlockElim.cpp Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00
VirtRegMap.cpp Move some more instruction creation methods from RegisterInfo into InstrInfo. 2008-01-01 21:11:32 +00:00
VirtRegMap.h Remove attribution from file headers, per discussion on llvmdev. 2007-12-29 20:36:04 +00:00

//===---------------------------------------------------------------------===//

Common register allocation / spilling problem:

        mul lr, r4, lr
        str lr, [sp, #+52]
        ldr lr, [r1, #+32]
        sxth r3, r3
        ldr r4, [sp, #+52]
        mla r4, r3, lr, r4

can be:

        mul lr, r4, lr
        mov r4, lr
        str lr, [sp, #+52]
        ldr lr, [r1, #+32]
        sxth r3, r3
        mla r4, r3, lr, r4

and then "merge" mul and mov:

        mul r4, r4, lr
        str lr, [sp, #+52]
        ldr lr, [r1, #+32]
        sxth r3, r3
        mla r4, r3, lr, r4

It also increase the likelyhood the store may become dead.

//===---------------------------------------------------------------------===//

I think we should have a "hasSideEffects" flag (which is automatically set for
stuff that "isLoad" "isCall" etc), and the remat pass should eventually be able
to remat any instruction that has no side effects, if it can handle it and if
profitable.

For now, I'd suggest having the remat stuff work like this:

1. I need to spill/reload this thing.
2. Check to see if it has side effects.
3. Check to see if it is simple enough: e.g. it only has one register
destination and no register input.
4. If so, clone the instruction, do the xform, etc.

Advantages of this are:

1. the .td file describes the behavior of the instructions, not the way the
   algorithm should work.
2. as remat gets smarter in the future, we shouldn't have to be changing the .td
   files.
3. it is easier to explain what the flag means in the .td file, because you
   don't have to pull in the explanation of how the current remat algo works.

Some potential added complexities:

1. Some instructions have to be glued to it's predecessor or successor. All of
   the PC relative instructions and condition code setting instruction. We could
   mark them as hasSideEffects, but that's not quite right. PC relative loads
   from constantpools can be remat'ed, for example. But it requires more than
   just cloning the instruction. Some instructions can be remat'ed but it
   expands to more than one instruction. But allocator will have to make a
   decision.

4. As stated in 3, not as simple as cloning in some cases. The target will have
   to decide how to remat it. For example, an ARM 2-piece constant generation
   instruction is remat'ed as a load from constantpool.

//===---------------------------------------------------------------------===//

bb27 ...
        ...
        %reg1037 = ADDri %reg1039, 1
        %reg1038 = ADDrs %reg1032, %reg1039, %NOREG, 10
    Successors according to CFG: 0x8b03bf0 (#5)

bb76 (0x8b03bf0, LLVM BB @0x8b032d0, ID#5):
    Predecessors according to CFG: 0x8b0c5f0 (#3) 0x8b0a7c0 (#4)
        %reg1039 = PHI %reg1070, mbb<bb76.outer,0x8b0c5f0>, %reg1037, mbb<bb27,0x8b0a7c0>

Note ADDri is not a two-address instruction. However, its result %reg1037 is an
operand of the PHI node in bb76 and its operand %reg1039 is the result of the
PHI node. We should treat it as a two-address code and make sure the ADDri is
scheduled after any node that reads %reg1039.

//===---------------------------------------------------------------------===//

Use local info (i.e. register scavenger) to assign it a free register to allow
reuse:
	ldr r3, [sp, #+4]
	add r3, r3, #3
	ldr r2, [sp, #+8]
	add r2, r2, #2
	ldr r1, [sp, #+4]  <==
	add r1, r1, #1
	ldr r0, [sp, #+4]
	add r0, r0, #2

//===---------------------------------------------------------------------===//

LLVM aggressively lift CSE out of loop. Sometimes this can be negative side-
effects:

R1 = X + 4
R2 = X + 7
R3 = X + 15

loop:
load [i + R1]
...
load [i + R2]
...
load [i + R3]

Suppose there is high register pressure, R1, R2, R3, can be spilled. We need
to implement proper re-materialization to handle this:

R1 = X + 4
R2 = X + 7
R3 = X + 15

loop:
R1 = X + 4  @ re-materialized
load [i + R1]
...
R2 = X + 7 @ re-materialized
load [i + R2]
...
R3 = X + 15 @ re-materialized
load [i + R3]

Furthermore, with re-association, we can enable sharing:

R1 = X + 4
R2 = X + 7
R3 = X + 15

loop:
T = i + X
load [T + 4]
...
load [T + 7]
...
load [T + 15]
//===---------------------------------------------------------------------===//

It's not always a good idea to choose rematerialization over spilling. If all
the load / store instructions would be folded then spilling is cheaper because
it won't require new live intervals / registers. See 2003-05-31-LongShifts for
an example.

//===---------------------------------------------------------------------===//

With a copying garbage collector, derived pointers must not be retained across
collector safe points; the collector could move the objects and invalidate the
derived pointer. This is bad enough in the first place, but safe points can
crop up unpredictably. Consider:

        %array = load { i32, [0 x %obj] }** %array_addr
        %nth_el = getelementptr { i32, [0 x %obj] }* %array, i32 0, i32 %n
        %old = load %obj** %nth_el
        %z = div i64 %x, %y
        store %obj* %new, %obj** %nth_el

If the i64 division is lowered to a libcall, then a safe point will (must)
appear for the call site. If a collection occurs, %array and %nth_el no longer
point into the correct object.

The fix for this is to copy address calculations so that dependent pointers
are never live across safe point boundaries. But the loads cannot be copied
like this if there was an intervening store, so may be hard to get right.

Only a concurrent mutator can trigger a collection at the libcall safe point.
So single-threaded programs do not have this requirement, even with a copying
collector. Still, LLVM optimizations would probably undo a front-end's careful
work.

//===---------------------------------------------------------------------===//

The ocaml frametable structure supports liveness information. It would be good
to support it.

//===---------------------------------------------------------------------===//

The FIXME in ComputeCommonTailLength in BranchFolding.cpp needs to be
revisited. The check is there to work around a misuse of directives in inline
assembly.

//===---------------------------------------------------------------------===//

It would be good to detect collector/target compatibility instead of silently
doing the wrong thing.

//===---------------------------------------------------------------------===//