From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15799 invoked by alias); 13 Apr 2015 06:49:42 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 15782 invoked by uid 89); 13 Apr 2015 06:49:41 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.1 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY,T_RP_MATCHES_RCVD autolearn=no version=3.3.2 X-HELO: nikam.ms.mff.cuni.cz Received: from nikam.ms.mff.cuni.cz (HELO nikam.ms.mff.cuni.cz) (195.113.20.16) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Mon, 13 Apr 2015 06:49:39 +0000 Received: by nikam.ms.mff.cuni.cz (Postfix, from userid 16202) id D68F354107D; Mon, 13 Apr 2015 08:49:35 +0200 (CEST) Date: Mon, 13 Apr 2015 06:49:00 -0000 From: Jan Hubicka To: gcc-patches@gcc.gnu.org Subject: Prevent insane indirect call speculation Message-ID: <20150413064935.GA93081@kam.mff.cuni.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-SW-Source: 2015-04/txt/msg00547.txt.bz2 Hi, this is simple change I made when i was debugging the Firefox wrong code. I suspected we made a bogus devirtualization to function with wrong parameter count. Obviously we have nothing to prevent this from happening, so it is better to check it. Honza * ipa-profie.c (ipa_profile): Check number of parameters and possible polymorphic call targets before devirtualizing. Index: ipa-profile.c =================================================================== --- ipa-profile.c (revision 222037) +++ ipa-profile.c (working copy) @@ -524,6 +524,7 @@ ipa_profile (void) gcov_type overall_time = 0, cutoff = 0, cumulated = 0, overall_size = 0; struct cgraph_node *n,*n2; int nindirect = 0, ncommon = 0, nunknown = 0, nuseless = 0, nconverted = 0; + int nmismatch = 0, nimpossible = 0; bool node_map_initialized = false; if (dump_file) @@ -651,6 +652,31 @@ ipa_profile (void) "Not speculating: target is overwritable " "and can be discarded.\n"); } + else if (ipa_node_params_sum && ipa_edge_args_vector + && !IPA_NODE_REF (n2)->descriptors.is_empty () + && ipa_get_param_count (IPA_NODE_REF (n2)) + != ipa_get_cs_argument_count (IPA_EDGE_REF (e)) + && (ipa_get_param_count (IPA_NODE_REF (n2)) + >= ipa_get_cs_argument_count (IPA_EDGE_REF (e)) + || !stdarg_p (TREE_TYPE (n2->decl)))) + { + nmismatch++; + if (dump_file) + fprintf (dump_file, + "Not speculating: " + "parameter count mistmatch\n"); + } + else if (e->indirect_info->polymorphic + && !opt_for_fn (n->decl, flag_devirtualize) + && !possible_polymorphic_call_target_p (e, n2)) + { + nimpossible++; + if (dump_file) + fprintf (dump_file, + "Not speculating: " + "function is not in the polymorphic " + "call target list\n"); + } else { /* Target may be overwritable, but profile says that @@ -693,11 +719,15 @@ ipa_profile (void) "%i indirect calls trained.\n" "%i (%3.2f%%) have common target.\n" "%i (%3.2f%%) targets was not found.\n" + "%i (%3.2f%%) targets had parameter count mismatch.\n" + "%i (%3.2f%%) targets was not in polymorphic call target list.\n" "%i (%3.2f%%) speculations seems useless.\n" "%i (%3.2f%%) speculations produced.\n", nindirect, ncommon, ncommon * 100.0 / nindirect, nunknown, nunknown * 100.0 / nindirect, + nmismatch, nmismatch * 100.0 / nindirect, + nimpossible, nimpossible * 100.0 / nindirect, nuseless, nuseless * 100.0 / nindirect, nconverted, nconverted * 100.0 / nindirect);