reordering of trapping operations and volatile

Richard Biener richard.guenther@gmail.com
Tue Jan 11 09:13:40 GMT 2022


On Tue, Jan 11, 2022 at 9:17 AM Martin Uecker <ma.uecker@gmail.com> wrote:
>
> Am Dienstag, den 11.01.2022, 08:11 +0100 schrieb Richard Biener:
> > On Mon, Jan 10, 2022 at 6:36 PM Martin Uecker <ma.uecker@gmail.com> wrote:
> > > Am Montag, den 10.01.2022, 10:04 +0100 schrieb Richard Biener:
>
> Hi Richard,
>
> > > > > For volatile, it seems this would need some tweaks.
> > > >
> > > > Yes, likewise when re-ordering (observable) traps like
> > > >
> > > >   r = a / b;
> > > >   q = c / d;
> > >
> > > I think this could also be useful. But at the moment I am
> > > concerned about the effect previous defined behavior
> > > being affected. For this, reordering traps is OK.  Also
> > > sinking traps across observable behavior is OK. Just
> > > hoisting it up across observable behavior would
> > > be a problem.
> >
> > But in general that would apply to all UB.  Consider
> >
> > int foo (int a, int b)
> > {
> >    if (a < b)
> >      return a + b;
> >    bar ();
> >    return a + b;
> > }
> >
> > we are happily hoisting a + b to the start of the function
> > but of course a + b can invoke UB.  We consider that to
> > not matter because we eventually invoke this UB anyway.
> > Unless of course bar() does not return.
>
> Yes.
>
> > I realize that UB in a + b isn't (usually) observable but
> > UB resulting in traps are.
>
> Code motion for UB which then does not cause
> a change in observable behavior would still be ok.
>
> So my understanding is that you can not hoist a potentially
> trapping operation across a function call, but if it is
> UB which is implemented in way that just produces some
> random result but does not trap then this is ok.
>
> It would also be wrong if it affects the arguments for
> the function call. Here MSVC seems to do this:
>
> https://godbolt.org/z/8a8fTW8qP
>
> This seems incorect because if the call does not
> return there is no UB. I did not observe this with
> GCC or another compiler.
>
> > So I'm still wondering why you think that 'volatile' makes
> > a critical difference we ought to honor?  I don't remember
> > 'volatile' being special in the definition of the abstract
> > machine with regarding to observability (as opposed to
> > sequence points).
>
> It is because it is used for I/O.   Sequence points only
> matter for the semantics of the abstract machine, so
> according to "as-if" rule optimizers can do whatever
> they want as long as the observable behavior is the same
> "as-if" it followed the rules of the abstract machine.
>
> This observable behavior that needs to be preserved is
> defined as I/O and volatile accesses. The relevant
> part o the standard is this:
>
> "5.1.2.3 Program execution" paragraph 6
>
> The least requirements on a conforming implementation are:
>
> — Accesses to volatile objects are evaluated strictly
> according to the rules of the abstract machine.
> — At program termination, all data written into files
> shall be identical to the result that execution
> of the program according to the abstract semantics would
> have produced.
> — The input and output dynamics of interactive devices
> shall take place as specified in 7.21.3.
>
> The intent of these requirements is that unbuffered or
> line-buffered output appear as soon as possible, to
> ensure that prompting messages actually appear prior
> to a program waiting for input.
>
> This is the observable behavior of the program."

OK, I think that 'volatile is used for I/O' is a common misconception,
but well.  Consider

int a[1024];
void foo (volatile int *p, float *q)
{
   for (int i = 0; i < 1024; ++i)
      {
         *p = 1;
         a[i] = *q;
      }
}

we happily apply invariant motion to the load from *q, making
it cross the store to the volatile object at *p.  Now, q might be
NULL upon entry to the function and thus this transform
would violate the volatile "I/O" constraint (since I/O is observable)
and thus we will crash (which is UB) before doing the first I/O.

That's an example I'd consider important for performance and
also a case that shows that usually the compiler will have a
very hard time proving UB cannot happen (as opposed to the
usual stance where it can assume it doesn't).

The case we run into sth similar is with use of uninitialized
variables where proving some variable is initialized is nearly
impossible (copy initialization from a variable that is not
initialized is not initialization).

We've mainly settled to the stance that only program termination
is observable which means if we do not know that a function
call will always return normally we have to avoid hoisting
observable UB across such function call (and I/O routines
usually fall into this category because they are not annotated
as always returning).  Handling all volatile accesses in the
very same way would be possible but quite some work I don't
see much value in.

Richard.

>
>
> Martin
>
> > > > > I am trying to figure out whether this is feasible.
> > > >
> > > > For PRE yes, you'd just need to include the observable stmts you
> > > > care in the set of stmts that cause PRE to set BB_MAY_NOTRETURN.
> > > > In general this is of course harder.
> > >
> > > What other passes would need to be checked?
> >
> > All that do code motion by design or by accident.  The difficulty is
> > that the resulting "wrong IL" is not wrong per se, just the difference is
> > which is hard to write a checker for (well, in priciple you could copy the
> > IL before passes and compare to the IL after)
> >
> > > And do you think there is any negative impact on
> > > an important optimization (considering this affects
> > > only volatile accesses)?
> >
> > Probably not.  But then semantics of 'volatile' are very weak defined
> > so I'd like
> > to see a reference to a part of the standard that supports declaring this
> > (and only this - the 'volatile' case) a bug.
> >
> > > > > > GCC assumes by default that divide is trappable but stores not are not
> > > > > > observable. This is where -fnon-call-exceptions come into play.
> > > > >
> > > > > Ok, thanks! I will look at this!
> > > > >
> > > > > > In the second case, GCC assumes reducing trappable instructions are
> > > > > > fine.
> > > > >
> > > > > -fnon-call-exceptions would treat trapping instructions
> > > > > as defined (and trapping) instead of UB? This is
> > > > > then probably even stronger than the requirement above.
> > > >
> > > > No, I don't think it turns UB into defined behavior.  Some frontends might
> > > > expect that to some extent.  So even with -fnon-call-exceptions we'd
> > > > happily do the re-ordering unless the exception is catched in the same
> > > > function.
> > >
> > > Thanks,
> > > Martin
> > >
> > > > > > Note I thought -fno-delete-dead-exceptions would fix the sink
> > > > > > but it didn't.
> > > > >
> > > > > Martin
> > > > >
> > > > >
>


More information about the Gcc mailing list