From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id A809CCE4101; Tue, 8 Oct 2024 15:39:33 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org A809CCE4101 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1728391173; bh=H2dMCM3t7vch4kgIzDkR7bFSKRfq3bsmxSc77NkJz4I=; h=Date:To:Cc:References:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=f8AJq1WlA/ycE12EASGScKYJvXifK32ZxZOrUGvG180YD7N67ZscWnRIppsQA86F3 a+0V7O2YxOZlniX7NcyDchYADtTHvflaSlWIg/d4MK1XVkTM5BPBLBW2ixQqbBMjlI JyX0aFSVQ1zArH9glznk0MjSKNhA+xA6XG1hAVbI= Received: from smtp49.i.mail.ru (smtp49.i.mail.ru [95.163.41.91]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id E798ACE412A for ; Tue, 8 Oct 2024 15:39:31 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org E798ACE412A Received: by exim-smtp-57dbb65494-2ncjl with esmtpa (envelope-from ) id 1sy9Uw-000000005ed-3gXR; Tue, 08 Oct 2024 15:39:31 +0300 Content-Type: multipart/alternative; boundary="------------WMc5uv0ITnl1GkiJdCFdLT4b" Message-ID: <2486af85-0af6-4073-952c-ce5ce5a86d5c@tarantool.org> Date: Tue, 8 Oct 2024 15:39:30 +0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Sergey Kaplun , Maxim Kokryashkin Cc: tarantool-patches@dev.tarantool.org References: <20240925103656.14771-1-skaplun@tarantool.org> In-Reply-To: <20240925103656.14771-1-skaplun@tarantool.org> X-Mailru-Src: smtp X-4EC0790: 10 X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD9B01871A0ED523BBF0EA4F0057A5B4EB36890D9CCEC1C8281182A05F538085040301B2BF54DC1A4173DE06ABAFEAF6705B396FE961D18B34C01D22E51C6096C50D028484CC11AB3FE X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE754CF51794FD91028EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637C3BF94FB392044A18638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D83E13DC59AA25273CBE2852D71FEAA89066E581B841B70544CC7F00164DA146DAFE8445B8C89999728AA50765F7900637F6B57BC7E64490618DEB871D839B7333395957E7521B51C2DFABB839C843B9C08941B15DA834481F8AA50765F79006372A3B24BF85B2E607389733CBF5DBD5E9B5C8C57E37DE458BD9DD9810294C998ED8FC6C240DEA76428AA50765F7900637449118282ECF3389D81D268191BDAD3DBD4B6F7A4D31EC0BE2F48590F00D11D6D81D268191BDAD3D78DA827A17800CE77D6E53583C358221EC76A7562686271ED91E3A1F190DE8FD2E808ACE2090B5E14AD6D5ED66289B5259CC434672EE63711DD303D21008E298D5E8D9A59859A8B6B372FE9A2E580EFC725E5C173C3A84C3C8F21CEC4765490D35872C767BF85DA2F004C90652538430E4A6367B16DE6309 X-C1DE0DAB: 0D63561A33F958A5984B1E75A85EA1CA5002B1117B3ED69678F1C62157EA7182BFF4097FFC9E796F823CB91A9FED034534781492E4B8EEAD85CCBA673D36D1A4BDAD6C7F3747799A X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF3FED46C3ACD6F73ED3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CF169F62042B65648E8105BEB504F0D3611820DACA1A9E7B20DA70D6C989F1CF850F85117B495E935BAF66815EE7BDF790068D4231094BFF9C831E25CF36F89D3E68CB23A1D14AC9925F4332CA8FE04980913E6812662D5F2AB9AF64DB4688768036DF5FE9C0001AF333F2C28C22F508233FCF178C6DD14203 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2bioj/pBY5inp/EYwmJIyArkHYQ== X-Mailru-Sender: 520A125C2F17F0B1E52FEF5D219D61402354FBCDA5588A4AD27678DDAA806314465DDE7021B34E180152A3D17938EB451EB5A0BCEC6A560B3DDE9B364B0DF289BE2DA36745F2EEB5CEBA01FB949A1F1EEAB4BC95F72C04283CDA0F3B3F5B9367 X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH luajit] Limit CSE for IR_CARG to fix loop optimizations. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Bronnikov via Tarantool-patches Reply-To: Sergey Bronnikov Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" This is a multi-part message in MIME format. --------------WMc5uv0ITnl1GkiJdCFdLT4b Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi, Sergey! LGTM with a minor question below. On 25.09.2024 13:36, Sergey Kaplun wrote: > From: Mike Pall > > Thanks to Peter Cawley. > > (cherry picked from commit 3bdc6498c4c012a8fbf9cfa2756a5b07f56f1540) > > `IR_CALLXS` for the vararg function contains `IR_CARG(fptr, ctid)` as > the second operand. The `loop_emit_phi()` scans only the first operand > of the IR, so the second is not marked as PHI. In this case, when the IR > appears in both the invariant and variant parts of the loop, CSE may > remove it and thus lead to incorrect emitting results. > > This patch tweaks the CSE rules to avoid CSE across the `IR_LOOP`. > > Sergey Kaplun: > * added the description and the test for the problem > > Part of tarantool/tarantool#10199 > --- > > Branch:https://github.com/tarantool/luajit/tree/skaplun/lj-1244-missing-phi-carg > Related issues: > *https://github.com/tarantool/tarantool/issues/10199 > *https://github.com/LuaJIT/LuaJIT/issues/1244 > > src/lj_opt_fold.c | 11 ++++ > .../lj-1244-missing-phi-carg.test.lua | 53 +++++++++++++++++++ > 2 files changed, 64 insertions(+) > create mode 100644 test/tarantool-tests/lj-1244-missing-phi-carg.test.lua > > diff --git a/src/lj_opt_fold.c b/src/lj_opt_fold.c > index e2171e1b..33e5f9dd 100644 > --- a/src/lj_opt_fold.c > +++ b/src/lj_opt_fold.c > @@ -2406,6 +2406,17 @@ LJFOLD(XSNEW any any) > LJFOLD(BUFHDR any any) > LJFOLDX(lj_ir_emit) > > +/* -- Miscellaneous ------------------------------------------------------- */ > + > +LJFOLD(CARG any any) > +LJFOLDF(cse_carg) > +{ > + TRef tr = lj_opt_cse(J); > + if (tref_ref(tr) < J->chain[IR_LOOP]) /* CSE across loop? */ > + return EMITFOLD; /* Raw emit. Assumes fins is left intact by CSE. */ > + return tr; > +} > + > /* ------------------------------------------------------------------------ */ > > /* Every entry in the generated hash table is a 32 bit pattern: > diff --git a/test/tarantool-tests/lj-1244-missing-phi-carg.test.lua b/test/tarantool-tests/lj-1244-missing-phi-carg.test.lua > new file mode 100644 > index 00000000..865cdd26 > --- /dev/null > +++ b/test/tarantool-tests/lj-1244-missing-phi-carg.test.lua > @@ -0,0 +1,53 @@ > +local ffi = require('ffi') > +local table_new = require('table.new') > + > +-- Test file to demonstrate LuaJIT incorrect behaviour for > +-- recording the FFI call to the vararg function. See also: > +--https://github.com/LuaJIT/LuaJIT/issues/1244. > +local tap = require('tap') > +local test = tap.test('lj-1244-missing-phi-carg'):skipcond({ > + ['Test requires JIT enabled'] = not jit.status(), > +}) > + > +-- Loop unrolls into 2 iterations. Thus means that the loop is > +-- executed on trace on the 5th iteration (instead of the usual > +-- 4th). Run it even number of iterations to test both, so last is > +-- 6th. > +local NTESTS = 6 > + > +test:plan(NTESTS) > + > +ffi.cdef[[ > + double sin(double, ...); > + double cos(double, ...); Why do you use sin/cos with wrong function prototypes if you can take a function with varargs. (printf for example)? > +]] > + > +local EXPECTED = {[0] = ffi.C.sin(0), ffi.C.cos(0)} > + > +-- Array of 2 functions. > +local fns = ffi.new('double (*[2])(double, ...)') > +fns[0] = ffi.C.cos > +fns[1] = ffi.C.sin > + > +-- Avoid reallocating the table on the trace. > +local result = table_new(8, 0) > + > +jit.opt.start('hotloop=1') > + > +local fn = fns[0] > +-- The first result is `cos()`. > +for i = 1, NTESTS do > + result[i] = fn(0) > + fn = fns[i % 2] > + -- The call persists in the invariant part of the loop as well. > + -- Hence, XLOAD (part of the IR_CARG -- function to be called) > + -- should be marked as PHI, but it isn't due to CSE. > + fn(0) > +end > + > +for i = 1, NTESTS do > + test:is(result[i], EXPECTED[i % 2], > + ('correct result on iteration %d'):format(i)) > +end > + > +test:done(true) --------------WMc5uv0ITnl1GkiJdCFdLT4b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Hi, Sergey!

LGTM with a minor question below.

On 25.09.2024 13:36, Sergey Kaplun wrote:
From: Mike Pall <mike>

Thanks to Peter Cawley.

(cherry picked from commit 3bdc6498c4c012a8fbf9cfa2756a5b07f56f1540)

`IR_CALLXS` for the vararg function contains `IR_CARG(fptr, ctid)` as
the second operand. The `loop_emit_phi()` scans only the first operand
of the IR, so the second is not marked as PHI. In this case, when the IR
appears in both the invariant and variant parts of the loop, CSE may
remove it and thus lead to incorrect emitting results.

This patch tweaks the CSE rules to avoid CSE across the `IR_LOOP`.

Sergey Kaplun:
* added the description and the test for the problem

Part of tarantool/tarantool#10199
---

Branch: https://github.com/tarantool/luajit/tree/skaplun/lj-1244-missing-phi-carg
Related issues:
* https://github.com/tarantool/tarantool/issues/10199
* https://github.com/LuaJIT/LuaJIT/issues/1244

 src/lj_opt_fold.c                             | 11 ++++
 .../lj-1244-missing-phi-carg.test.lua         | 53 +++++++++++++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 test/tarantool-tests/lj-1244-missing-phi-carg.test.lua

diff --git a/src/lj_opt_fold.c b/src/lj_opt_fold.c
index e2171e1b..33e5f9dd 100644
--- a/src/lj_opt_fold.c
+++ b/src/lj_opt_fold.c
@@ -2406,6 +2406,17 @@ LJFOLD(XSNEW any any)
 LJFOLD(BUFHDR any any)
 LJFOLDX(lj_ir_emit)
 
+/* -- Miscellaneous ------------------------------------------------------- */
+
+LJFOLD(CARG any any)
+LJFOLDF(cse_carg)
+{
+  TRef tr = lj_opt_cse(J);
+  if (tref_ref(tr) < J->chain[IR_LOOP])  /* CSE across loop? */
+    return EMITFOLD;  /* Raw emit. Assumes fins is left intact by CSE. */
+  return tr;
+}
+
 /* ------------------------------------------------------------------------ */
 
 /* Every entry in the generated hash table is a 32 bit pattern:
diff --git a/test/tarantool-tests/lj-1244-missing-phi-carg.test.lua b/test/tarantool-tests/lj-1244-missing-phi-carg.test.lua
new file mode 100644
index 00000000..865cdd26
--- /dev/null
+++ b/test/tarantool-tests/lj-1244-missing-phi-carg.test.lua
@@ -0,0 +1,53 @@
+local ffi = require('ffi')
+local table_new = require('table.new')
+
+-- Test file to demonstrate LuaJIT incorrect behaviour for
+-- recording the FFI call to the vararg function. See also:
+-- https://github.com/LuaJIT/LuaJIT/issues/1244.
+local tap = require('tap')
+local test = tap.test('lj-1244-missing-phi-carg'):skipcond({
+  ['Test requires JIT enabled'] = not jit.status(),
+})
+
+-- Loop unrolls into 2 iterations. Thus means that the loop is
+-- executed on trace on the 5th iteration (instead of the usual
+-- 4th). Run it even number of iterations to test both, so last is
+-- 6th.
+local NTESTS = 6
+
+test:plan(NTESTS)
+
+ffi.cdef[[
+  double sin(double, ...);
+  double cos(double, ...);

Why do you use sin/cos with wrong function prototypes if you can take

a function with varargs. (printf for example)?

+]]
+
+local EXPECTED = {[0] = ffi.C.sin(0), ffi.C.cos(0)}
+
+-- Array of 2 functions.
+local fns = ffi.new('double (*[2])(double, ...)')
+fns[0] = ffi.C.cos
+fns[1] = ffi.C.sin
+
+-- Avoid reallocating the table on the trace.
+local result = table_new(8, 0)
+
+jit.opt.start('hotloop=1')
+
+local fn = fns[0]
+-- The first result is `cos()`.
+for i = 1, NTESTS do
+  result[i] = fn(0)
+  fn = fns[i % 2]
+  -- The call persists in the invariant part of the loop as well.
+  -- Hence, XLOAD (part of the IR_CARG -- function to be called)
+  -- should be marked as PHI, but it isn't due to CSE.
+  fn(0)
+end
+
+for i = 1, NTESTS do
+  test:is(result[i], EXPECTED[i % 2],
+          ('correct result on iteration %d'):format(i))
+end
+
+test:done(true)
--------------WMc5uv0ITnl1GkiJdCFdLT4b--