-
Notifications
You must be signed in to change notification settings - Fork 12.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The ABI of float types on can be changed by -Ctarget-feature #116344
Comments
Cc @rust-lang/opsem |
FTR, I think the -x87,+softfp and -x87,+sse codegens are wrong for at least the C abi, because Sys-V (and msabi) do prescribe that float/double are returned in st(0) and provide no other alternative - so I think rustc should reject this code in particular. I actually wanted a similar prohibition retroactively on the simd types, but the x86_64-psabi list did not accept that request. |
This is correct.
I believe I have vocalized that this is my desired solution as well. |
Demonstrating the 3 different ways that rustc returns floats on x86: https://rust.godbolt.org/z/r83MbYh5n. Although it seems f64 specifically is spared on sse and softfp (not between |
Force enabling them (or blanket erroring) on i686-wide would affect kernel mode code that typically disables the FPU and vector extensions to avoid having to save that state every context switch. Refusing to codegen floats is a reasonable alternative, though. For sse in particular, llvm really loves to copy data arround using xmm registers, so this will either cause a |
Kernel-friendly targets need to be handled specially as always. |
I was about to say this didn't need O-x86_64, but... |
I just realized that with
Force enabling them wouldn't affect that code if it doesn't use any floats. :) |
It does though, especially sse as mentioned. |
It does?
Bless you? To me it looks like you put the output of |
If you tell llvm that it can use sse instructions, it will completely decide to fold scalar bytewise copies into sse copies and cause a general protection exception in kernel code that isn't configured to allow those instructions. This is why it's considered undefined behaviour to merely enter code with an unavailable feature available. |
Example of llvm using |
Ah, bummer. That sounds like we want |
Disabling target features is incredibly useful when writing all kinds of code. Kernel and driver code especially, but I write a lot of "Low-level user mode code" that also somestimes requires finagling with And sometimes you live before the kernel. A bootloader gratuitously opting arbitrary kernels into cr4.OSXFSAVE is even worse, because the instructions won't trap, just silently clobber user mode state. |
You are describing a good motivation for a You are not describing why we should offer the ability to disable target features, when perfectly valid alternatives exist; alternatives that do not also eat your kitttens. "It is useful" applies to many things that we very deliberately do not let people do because they just cause too many issues. |
It is still possible to obtain what is desired for those by switching to an enable-only process, or virtually so (I realize that softfloat is technically a feature one must often disable to get correct codegen). |
Note: #115919 would make this apply by toggling |
#115919 could be adjusted to only kick in when the baseline features of the target include SSE. If we do that, does enabling SSE ever affect the ABI of f32/f64? If the answer is "no" then I think the i586 targets are good, right? For softfloat targets, we'd have to ensure their f32/f64 ABI is unaffected by enabling x87 or SSE, or we have to reject enabling those features. The former should actually be possible, right? I would assume f32 is passed much like i32 and f64 like i64 on those targets, so we can tell LLVM to pass floats as i32/i64 and then we don't have to worry about target features at all? |
RISC-V has a similar ABI split. -F/-D/-Q is your Your float-function-features would be |
I just found #63466... so We obviously need to also reject enabling such features then. |
…=compiler-errors warn when using an unstable feature with -Ctarget-feature Setting or unsetting the wrong target features can cause ABI incompatibility (rust-lang#116344, rust-lang#116558). We need to carefully audit features for their ABI impact before stabilization. I just learned that we currently accept arbitrary unstable features on stable and if they are in the list of Rust target features, even unstable, then we don't even warn about that!1 That doesn't seem great, so I propose we introduce a warning here. This has an obvious loophole via `-Ctarget-cpu`. I'm not sure how to best deal with that, but it seems better to fix what we can and think about the other cases later, maybe once we have a better idea for how to resolve the general mess that are ABI-affecting target features.
… r=compiler-errors warn when using an unstable feature with -Ctarget-feature Setting or unsetting the wrong target features can cause ABI incompatibility (rust-lang#116344, rust-lang#116558). We need to carefully audit features for their ABI impact before stabilization. I just learned that we currently accept arbitrary unstable features on stable and if they are in the list of Rust target features, even unstable, then we don't even warn about that!1 That doesn't seem great, so I propose we introduce a warning here. This has an obvious loophole via `-Ctarget-cpu`. I'm not sure how to best deal with that, but it seems better to fix what we can and think about the other cases later, maybe once we have a better idea for how to resolve the general mess that are ABI-affecting target features.
Rollup merge of rust-lang#117616 - RalfJung:unstable-target-features, r=compiler-errors warn when using an unstable feature with -Ctarget-feature Setting or unsetting the wrong target features can cause ABI incompatibility (rust-lang#116344, rust-lang#116558). We need to carefully audit features for their ABI impact before stabilization. I just learned that we currently accept arbitrary unstable features on stable and if they are in the list of Rust target features, even unstable, then we don't even warn about that!1 That doesn't seem great, so I propose we introduce a warning here. This has an obvious loophole via `-Ctarget-cpu`. I'm not sure how to best deal with that, but it seems better to fix what we can and think about the other cases later, maybe once we have a better idea for how to resolve the general mess that are ABI-affecting target features.
If I understand this assembly correctly, then disabling the |
Some more experimentation... if I understand this correctly, then I don't think I understand the |
Oh d'oh, it's Yeah when both |
if you use |
hehe, it seems it passes floats in FPU regs, but moves them out to do soft-float maths. So it seems to be correct :) https://godbolt.org/z/4zh9fbE81
|
That's awesome. :-) Much better than x86 where the
Yeah, that's kind of expected (IMO a bad design decision by LLVM, but oh well). #129884 will make it an error to toggle |
Actually That seems a closer equivalent to |
Ah okay, damn. So we need to also block the |
WG-prioritization assigning priority (Zulip discussion). @rustbot label -I-prioritize +P-high |
A function that returns an
f32
/f64
is not ABI-compatible with other functions that have the same signature on i686 when certain target features differ. It looks like one can disable thex87
feature or enable thesoft-float
and then it will use different ways of passing floating-point arguments.This is unsound as code calling methods from the standard library would now use the wrong registers to return results.
The text was updated successfully, but these errors were encountered: