[swift-dev] inout and aliasing in the optimizer

Dave Abrahams dabrahams at apple.com
Thu Dec 17 20:33:38 CST 2015 


Sent from my moss-covered three-handled family gradunza

> On Dec 17, 2015, at 4:52 PM, Jordan Rose via swift-dev <swift-dev at swift.org> wrote:
> 
> 
>>> On Dec 17, 2015, at 14:48, Joe Groff via swift-dev <swift-dev at swift.org> wrote:
>>> 
>>> 
>>> On Dec 17, 2015, at 2:34 PM, Erik Eckstein via swift-dev <swift-dev at swift.org> wrote:
>>> 
>>> Hi,
>>> 
>>> I'm currently working on improving alias analysis in the optimizer and I run into following problem:
>>> 
>>> If alias analysis assumes that inout may not alias any other object, we may violate memory safety. Note that currently it's not always assumed, e.g. not in computeMemoryBehavior for apply insts.
>>> 
>>> As I understood, if the inout rule is violated, the program is not expected to behave as intended, but is still must be memory safe.
>>> For this reason we had to insert explicit checks for inout violations in the stdlib, e.g. in ArrayBuffer: _precondition(_isNativeTypeChecked == wasNativeTypeChecked, "inout rules were violated: the array was overwritten")
>>> 
>>> Now with improved alias analysis and assuming inout-no-alias, the optimizer (specifically redundant load elimination) may eliminate these precondition checks in the stdlib.
>>> And I can think of other cases, e.g.
>>> 
>>> sil @test(@inout %1 : $*C) {
>>>   %2 = load %1
>>>   apply inout_violating_function // replaces *%1 and releases the original *%1.
>>>   %3 = load %1
>>>   %4 = ref_element_addr %3
>>>   %ptr = load %4
>>> }
>>> 
>>> Redundant load elimination may optimize this to
>>> 
>>> sil @test(@inout %1 : $*C) {
>>>   %2 = load %1
>>>   apply inout_violating_function // replaces *%1 and releases the original *%1.
>>>   %4 = ref_element_addr %2
>>>   %ptr = load %4  // load pointer from freed memory
>>> }
>>> 
>>> What I propose is to add a utility function in Types.h
>>> 
>>> inline bool isNotAliasedIndirectParameter(ParameterConvention conv,
>>>                                           bool assumeInoutIsNotAliasing)
>>> 
>>> and optimizations, which use this function, must decide if it is safe to pass true in assumeInoutIsNotAliasing. This might be the case for high-level optimizations like COW array opts.
>>> For alias analysis I think we have to go the conservative way.
>>> 
>>> John, Joe: any comments?
>> 
>> I agree that we can't make a blanket assumption that inout is noalias. Arnold made a similar conclusion last year, so I think we already treat them as aliasing. IRGen won't apply the LLVM noalias attribute to inout parameters, for instance. It's probably better to target `inout` with specific known-acceptable optimizations (load forwarding, writeback elimination, transforming to input-result pair, etc.) than generally treating it as noalias.
> 
> Do we really preserve memory safety today?

Modulo bugs, yes. Those are the intended semantics. 

> It seems like any optimizations we might do could lead to half an object getting written, which can result in memory unsafety if that object is implemented using UnsafePointer (like *cough* Array).
> 
> Jordan
> 
> _______________________________________________
> swift-dev mailing list
> swift-dev at swift.org
> https://lists.swift.org/mailman/listinfo/swift-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.swift.org/pipermail/swift-dev/attachments/20151217/6568083e/attachment.html>

More information about the swift-dev mailing list