search

syntacore / snippy

Other
43 stars 4 forks source link

Function Call Clobbers `ra` Register, Causing Incorrect Number of Loop Iterations #51

Closed m4drat closed 3 months ago

m4drat commented 3 months ago

Hi! I've been playing with snippy, and found a situation where the register ra is used in a loop condition, but the initial value is clobbered by a successive function call. This leads to a situation where the specified number-of-loop-iterations is not taken into account which leads to loops with huge number of iterations.

Here is an example of incorrectly generated code:

0000000000213240 <.LBB0_559>:
  213240:       00000f93                li      t6,0
  213244:       00300093                li      ra,3
  213248:       416c81b3                sub     gp,s9,s6
  21324c:       7b46e193                ori     gp,a3,1972
  213250:       3a0020ef                jal     ra,2155f0 <fun25>
  213254:       0040006f                j       213258 <.LBB0_348>

0000000000213258 <.LBB0_348>:
  213258:       001f8f93                addi    t6,t6,1
  21325c:       afad0897                auipc   a7,0xafad0
  213260:       fe1fcce3                blt     t6,ra,213258 <.LBB0_348>
  213264:       0040006f                j       213268 <.LBB0_558>

The value of the ra register is set to 3 li ra, 3, but later it is clobbered by a function call jal ra, 2155f0 <fun25>. This makes the loop 0x213258 - 0x213260 iterate 0x213254 times instead of 3.

The issue is reproducible on the latest version from github: 35b9673a4c2ca61f301ff45a4fd85d16baf38c81

Snippy is invoked like that: ./bin/llvm-snippy -function-number=32 -function-layers=4 layout.yaml, the seed is: 1717939084212642052

Here is my layout.yaml:

options:
  march: "riscv64-linux-gnu"
  model-plugin: "None"
  num-instrs: 2000
  o: "snippet.elf"
  init-regs-in-elf: true
  honor-target-abi: true
  stack-size: 32768
  last-instr: "RET"

sections:
  - name:      text
    VMA:       0x210000
    SIZE:      0x100000
    LMA:       0x210000
    ACCESS:    rx
  - name:      data
    VMA:       0x100000
    SIZE:      0x100000
    LMA:       0x100000
    ACCESS:    rw

histogram:
    - [AUIPC, 1.0]
    - [ADD, 1.0]
    - [ADDI, 1.0]
    - [SUB, 1.0]
    - [SRA, 1.0]
    - [SRAI, 1.0]
    - [SRL, 1.0]
    - [SRLI, 1.0]
    - [SLL, 1.0]
    - [SLLI, 1.0]
    - [AND, 1.0]
    - [ANDI, 1.0]
    - [OR, 1.0]
    - [ORI, 1.0]
    - [XOR, 1.0]
    - [XORI, 1.0]
    - [LW, 1.0]
    - [SW, 1.0]
    - [LB, 1.0]
    - [BEQ, 1.0]
    - [BGE, 1.0]
    - [BGEU, 1.0]
    - [BNE, 1.0]
    - [BLT, 1.0]
    - [BLTU, 1.0]
    - [JAL, 1.0]
    - [JALR, 1.0]

branches:
  permutation: on
  number-of-loop-iterations:
    min: 1
    max: 3

access-ranges:
   - start: 0x100000
     size: 0x10000
     stride: 16
     first-offset: 0
     last-offset: 2
kseniadobrovolskaya commented 3 months ago

Hello! Bug confirmed. Will look into it. Thank you for detailed description of the problem.

yt-sc commented 3 months ago

Hi! Fixed with #57. Please verify.

m4drat commented 3 months ago

Hi! The issue is resolved, thanks!