Do not add type tag size to the alloc_typed lowering for GC allocations (#54837)

gbaraldi · vchuravy · commit 48e140b9a91b · 2024-06-23T18:15:47.000-04:00
Enzyme.jl hit an issue where, in a dynamically typed allocation of size `GC_MAX_SZCLASS`, because we mistakenly added they type tag size to the allocation, the runtime disagreed if this was a pool allocation or a big allocation. Causing a crash in the GC (cherry picked from commit ded0b28)
diff --git a/src/julia_internal.h b/src/julia_internal.h
@@ -463,6 +463,8 @@ STATIC_INLINE uint8_t JL_CONST_FUNC jl_gc_szclass_align8(unsigned sz) JL_NOTSAFE
 #define GC_MAX_SZCLASS (2032-sizeof(void*))
 static_assert(ARRAY_CACHE_ALIGN_THRESHOLD > GC_MAX_SZCLASS, "");
 
+
+// Size does NOT include the type tag!!
 STATIC_INLINE jl_value_t *jl_gc_alloc_(jl_ptls_t ptls, size_t sz, void *ty)
 {
     jl_value_t *v;
diff --git a/src/llvm-final-gc-lowering.cpp b/src/llvm-final-gc-lowering.cpp
@@ -214,7 +214,7 @@ Value *FinalLowerGC::lowerGCAllocBytes(CallInst *target, Function &F)
         }
     } else {
         auto size = builder.CreateZExtOrTrunc(target->getArgOperand(1), T_size);
-        size = builder.CreateAdd(size, ConstantInt::get(T_size, sizeof(void*)));
+        // allocTypedFunc does not include the type tag in the allocation size!
         newI = builder.CreateCall(allocTypedFunc, { ptls, size, ConstantPointerNull::get(Type::getInt8PtrTy(F.getContext())) });
         derefAttr = Attribute::getWithDereferenceableBytes(F.getContext(), sizeof(void*));
     }
diff --git a/test/llvmpasses/final-lower-gc.ll b/test/llvmpasses/final-lower-gc.ll
@@ -95,9 +95,8 @@ top:
   %pgcstack = call {}*** @julia.get_pgcstack()
   %ptls = call {}*** @julia.ptls_states()
   %ptls_i8 = bitcast {}*** %ptls to i8*
-; CHECK: %0 = add i64 %size, 8
-; TYPED: %v = call noalias nonnull dereferenceable(8) {} addrspace(10)* @ijl_gc_alloc_typed(i8* %ptls_i8, i64 %0, i8* null)
-; OPAQUE: %v = call noalias nonnull dereferenceable(8) ptr addrspace(10) @ijl_gc_alloc_typed(ptr %ptls_i8, i64 %0, ptr null)
+; TYPED: %v = call noalias nonnull dereferenceable(8) {} addrspace(10)* @ijl_gc_alloc_typed(i8* %ptls_i8, i64 %size, i8* null)
+; OPAQUE: %v = call noalias nonnull dereferenceable(8) ptr addrspace(10) @ijl_gc_alloc_typed(ptr %ptls_i8, i64 %size, ptr null)
   %v = call {} addrspace(10)* @julia.gc_alloc_bytes(i8* %ptls_i8, i64 %size)
   %0 = bitcast {} addrspace(10)* %v to {} addrspace(10)* addrspace(10)*
   %1 = getelementptr {} addrspace(10)*, {} addrspace(10)* addrspace(10)* %0, i64 -1

Original file line number	Diff line number	Diff line change
`@@ -463,6 +463,8 @@ STATIC_INLINE uint8_t JL_CONST_FUNC jl_gc_szclass_align8(unsigned sz) JL_NOTSAFE`
`463`	`463`	`#define GC_MAX_SZCLASS (2032-sizeof(void*))`
`464`	`464`	`static_assert(ARRAY_CACHE_ALIGN_THRESHOLD > GC_MAX_SZCLASS, "");`
`465`	`465`
	`466`	`+`
	`467`	`+// Size does NOT include the type tag!!`
`466`	`468`	`STATIC_INLINE jl_value_t jl_gc_alloc_(jl_ptls_t ptls, size_t sz, void ty)`
`467`	`469`	`{`
`468`	`470`	`jl_value_t *v;`
Original file line number	Diff line number	Diff line change
`@@ -214,7 +214,7 @@ Value FinalLowerGC::lowerGCAllocBytes(CallInst target, Function &F)`
`214`	`214`	`}`
`215`	`215`	`} else {`
`216`	`216`	`auto size = builder.CreateZExtOrTrunc(target->getArgOperand(1), T_size);`
`217`		`- size = builder.CreateAdd(size, ConstantInt::get(T_size, sizeof(void*)));`
	`217`	`+ // allocTypedFunc does not include the type tag in the allocation size!`
`218`	`218`	`newI = builder.CreateCall(allocTypedFunc, { ptls, size, ConstantPointerNull::get(Type::getInt8PtrTy(F.getContext())) });`
`219`	`219`	`derefAttr = Attribute::getWithDereferenceableBytes(F.getContext(), sizeof(void*));`
`220`	`220`	`}`