mirror of
https://github.com/golang/go
synced 2024-11-02 11:50:30 +00:00
359f44910f
Under certain circumstances, the existing rules for bit operations can
produce code that writes beyond its intended bounds. For example,
consider the following code:
func repro(b []byte, addr, bit int32) {
_ = b[3]
v := uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24 | 1<<(bit&31)
b[0] = byte(v)
b[1] = byte(v >> 8)
b[2] = byte(v >> 16)
b[3] = byte(v >> 24)
}
Roughly speaking:
1. The expression `1 << (bit & 31)` is rewritten into `(SHLL 1 bit)`
2. The expression `uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 |
uint32(b[3])<<24` is rewritten into `(MOVLload &b[0])`
3. The statements `b[0] = byte(v) ... b[3] = byte(v >> 24)` are
rewritten into `(MOVLstore &b[0], v)`
4. `(ORL (SHLL 1, bit) (MOVLload &b[0]))` is rewritten into
`(BTSL (MOVLload &b[0]) bit)`. This is a valid transformation because
the destination is a register: in this case, the bit offset is masked
by the number of bits in the destination register. This is identical
to the masking performed by `SHL`.
5. `(MOVLstore &b[0] (BTSL (MOVLload &b[0]) bit))` is rewritten into
`(BTSLmodify &b[0] bit)`. This is an invalid transformation because
the destination is memory: in this case, the bit offset is not
masked, and the chosen instruction may write outside its intended
32-bit location.
These changes fix the invalid rewrite performed in step (5) by
explicitly maksing the bit offset operand to `BT(S|R|C)(L|Q)modify`. In
the example above, the adjusted rules produce
`(BTSLmodify &b[0] (ANDLconst [31] bit))` in step (5).
These changes also add several new rules to rewrite bit sets, toggles,
and clears that are rooted at `(OR|XOR|AND)(L|Q)modify` operators into
appropriate `BT(S|R|C)(L|Q)modify` operators. These rules catch cases
where `MOV(L|Q)store ((OR|XOR|AND)(L|Q) ...)` is rewritten to
`(OR|XOR|AND)(L|Q)modify` before the `(OR|XOR|AND)(L|Q) ...` can be
rewritten to `BT(S|R|C)(L|Q) ...`.
Overall, compilecmp reports small improvements in code size on
darwin/amd64 when the changes to the compiler itself are exlcuded:
file before after Δ %
runtime.s 536464 536412 -52 -0.010%
bytes.s 32629 32593 -36 -0.110%
strings.s 44565 44529 -36 -0.081%
os/signal.s 7967 7959 -8 -0.100%
cmd/vendor/golang.org/x/sys/unix.s 81686 81678 -8 -0.010%
math/big.s 188235 188253 +18 +0.010%
cmd/link/internal/loader.s 89295 89056 -239 -0.268%
cmd/link/internal/ld.s 633551 633232 -319 -0.050%
cmd/link/internal/arm.s 18934 18928 -6 -0.032%
cmd/link/internal/arm64.s 31814 31801 -13 -0.041%
cmd/link/internal/riscv64.s 7347 7345 -2 -0.027%
cmd/compile/internal/ssa.s 4029173 4033066 +3893 +0.097%
total 21298280 21301472 +3192 +0.015%
Change-Id: I2e560548b515865129e1724e150e30540e9d29ce
GitHub-Last-Rev:
|
||
|---|---|---|
| .. | ||
| addrcalc.go | ||
| alloc.go | ||
| arithmetic.go | ||
| bitfield.go | ||
| bits.go | ||
| bool.go | ||
| clobberdead.go | ||
| clobberdeadreg.go | ||
| compare_and_branch.go | ||
| comparisons.go | ||
| condmove.go | ||
| copy.go | ||
| floats.go | ||
| fuse.go | ||
| issue22703.go | ||
| issue25378.go | ||
| issue31618.go | ||
| issue33580.go | ||
| issue38554.go | ||
| issue42610.go | ||
| logic.go | ||
| mapaccess.go | ||
| maps.go | ||
| math.go | ||
| mathbits.go | ||
| memcombine.go | ||
| memops.go | ||
| noextend.go | ||
| race.go | ||
| README | ||
| retpoline.go | ||
| rotate.go | ||
| select.go | ||
| shift.go | ||
| shortcircuit.go | ||
| slices.go | ||
| smallintiface.go | ||
| spectre.go | ||
| stack.go | ||
| strings.go | ||
| structs.go | ||
| switch.go | ||
| zerosize.go | ||
// Copyright 2018 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
The codegen directory contains code generation tests for the gc
compiler.
- Introduction
The test harness compiles Go code inside files in this directory and
matches the generated assembly (the output of `go tool compile -S`)
against a set of regexps to be specified in comments that follow a
special syntax (described below). The test driver is implemented as a
step of the top-level test/run.go suite, called "asmcheck".
The codegen harness is part of the all.bash test suite, but for
performance reasons only the codegen tests for the host machine's
GOARCH are enabled by default, and only on GOOS=linux.
To perform comprehensive tests for all the supported architectures
(even on a non-Linux system), one can run the following command
$ ../bin/go run run.go -all_codegen -v codegen
in the top-level test directory. This is recommended after any change
that affect the compiler's code.
The test harness compiles the tests with the same go toolchain that is
used to run run.go. After writing tests for a newly added codegen
transformation, it can be useful to first run the test harness with a
toolchain from a released Go version (and verify that the new tests
fail), and then re-runnig the tests using the devel toolchain.
- Regexps comments syntax
Instructions to match are specified inside plain comments that start
with an architecture tag, followed by a colon and a quoted Go-style
regexp to be matched. For example, the following test:
func Sqrt(x float64) float64 {
// amd64:"SQRTSD"
// arm64:"FSQRTD"
return math.Sqrt(x)
}
verifies that math.Sqrt calls are intrinsified to a SQRTSD instruction
on amd64, and to a FSQRTD instruction on arm64.
It is possible to put multiple architectures checks into the same
line, as:
// amd64:"SQRTSD" arm64:"FSQRTD"
although this form should be avoided when doing so would make the
regexps line excessively long and difficult to read.
Comments that are on their own line will be matched against the first
subsequent non-comment line. Inline comments are also supported; the
regexp will be matched against the code found on the same line:
func Sqrt(x float64) float64 {
return math.Sqrt(x) // arm:"SQRTD"
}
It's possible to specify a comma-separated list of regexps to be
matched. For example, the following test:
func TZ8(n uint8) int {
// amd64:"BSFQ","ORQ\t\\$256"
return bits.TrailingZeros8(n)
}
verifies that the code generated for a bits.TrailingZeros8 call on
amd64 contains both a "BSFQ" instruction and an "ORQ $256".
Note how the ORQ regex includes a tab char (\t). In the Go assembly
syntax, operands are separated from opcodes by a tabulation.
Regexps can be quoted using either " or `. Special characters must be
escaped accordingly. Both of these are accepted, and equivalent:
// amd64:"ADDQ\t\\$3"
// amd64:`ADDQ\t\$3`
and they'll match this assembly line:
ADDQ $3
Negative matches can be specified using a - before the quoted regexp.
For example:
func MoveSmall() {
x := [...]byte{1, 2, 3, 4, 5, 6, 7}
copy(x[1:], x[:]) // arm64:-".*memmove"
}
verifies that NO memmove call is present in the assembly generated for
the copy() line.
- Architecture specifiers
There are three different ways to specify on which architecture a test
should be run:
* Specify only the architecture (eg: "amd64"). This indicates that the
check should be run on all the supported architecture variants. For
instance, arm checks will be run against all supported GOARM
variations (5,6,7).
* Specify both the architecture and a variant, separated by a slash
(eg: "arm/7"). This means that the check will be run only on that
specific variant.
* Specify the operating system, the architecture and the variant,
separated by slashes (eg: "plan9/386/sse2", "plan9/amd64/"). This is
needed in the rare case that you need to do a codegen test affected
by a specific operating system; by default, tests are compiled only
targeting linux.
- Remarks, and Caveats
-- Write small test functions
As a general guideline, test functions should be small, to avoid
possible interactions between unrelated lines of code that may be
introduced, for example, by the compiler's optimization passes.
Any given line of Go code could get assigned more instructions than it
may appear from reading the source. In particular, matching all MOV
instructions should be avoided; the compiler may add them for
unrelated reasons and this may render the test ineffective.
-- Line matching logic
Regexps are always matched from the start of the instructions line.
This means, for example, that the "MULQ" regexp is equivalent to
"^MULQ" (^ representing the start of the line), and it will NOT match
the following assembly line:
IMULQ $99, AX
To force a match at any point of the line, ".*MULQ" should be used.
For the same reason, a negative regexp like -"memmove" is not enough
to make sure that no memmove call is included in the assembly. A
memmove call looks like this:
CALL runtime.memmove(SB)
To make sure that the "memmove" symbol does not appear anywhere in the
assembly, the negative regexp to be used is -".*memmove".