JIT compiler and calls to existing functions

In the context of a JIT compiler, what’s the recommended way to generate a call to an existing function, that is, not one that you are generating on-the-fly with LLVM, but one that’s already linked into your program? For example the cosine function (from the standard math library); the Kaleidoscope tutorial recommends looking it up by name with dlsym(“cos”), but it seems to me that it should be possible to use a more efficient and portable solution that takes advantage of the fact that you already have an actual pointer to cos, even if you haven’t linked with debugging symbols.

From: llvm-dev [mailto:llvm-dev-bounces@lists.llvm.org]
On Behalf Of Russell Wallace via llvm-dev
Subject: [llvm-dev] JIT compiler and calls to existing functions

In the context of a JIT compiler, what's the recommended way to generate a call to an
existing function, that is, not one that you are generating on-the-fly with LLVM, but
one that's already linked into your program? For example the cosine function (from the
standard math library); the Kaleidoscope tutorial recommends looking it up by name with
dlsym("cos"), but it seems to me that it should be possible to use a more efficient and
portable solution that takes advantage of the fact that you already have an actual pointer
to cos, even if you haven't linked with debugging symbols.

Perhaps not the most elegant, but we simply use the IRBuilder.CreateIntToPtr() method to construct the Callee argument for IRBuilder.CreateCall(). The first argument for CreateIntToPtr() comes from ConstantInt::get(I64, uintptr_t(ptr)), while the second is a function type pointer defined by using PointerType::get() on the result of FunctionType::get() with the appropriate function signature.

- Chuck

That seems to work, thanks! The specific code I ended up with to call int64_t print(int64_t) looks like:

auto f = builder.CreateIntToPtr(
ConstantInt::get(builder.getInt64Ty(), uintptr_t(print)),
PointerType::getUnqual(FunctionType::get(
builder.getInt64Ty(), {builder.getInt64Ty()}, false)));
return builder.CreateCall(f, args);

The option we use is to have a custom memory manager, override the getPointerToNamedFunction function, and provide the pointer to the external function at link time. The inttoptr scheme works fairly well, but it does make for some pretty ugly and sometimes hard to analyze IR. I recommend leaving everything symbolic until link time if you can.

Philip

Right, but when you say link time, the JIT compiler I’m writing works the way openJDK or v8 do, it reads a script, JIT compiles it into memory and runs the code in memory without ever writing anything to disk (an option for ahead of time compilation may come later, but that will be a while down the road), so we might be doing different things?

I think our use cases are actually quite similar. Part of generating the in memory executable code is resolving all the symbolic symbols and relocations. The details of this are mostly hidden from you by the MCJIT interface, but it’s this step I was referring to as “link time”.

The way to think of MCJIT: generate object file, incrementally link, run dynamic loader, but do it all in memory without round tripping through disk or explicit files.

Philip

Ah! Okay then, so you are saying something substantive that I think I disagree with, but that could be because there are relevant issues I don’t understand.

My reasoning is, I’ve already got a pointer to the function I want the generated code to call, so I just supply that pointer, it looks ugly on a microscopic scale because there are a couple of lines of casts to shepherd it through the type system, but on an even slightly larger scale it’s as simple and elegant as it gets: I supply a 64-bit machine word that gets compiled into the object code, there are no extra layers of machinery to go wrong, no nonlocal effects to understand, no having to wonder about whether anything depends on symbol information that might vary between debug and release builds or between the vendor compiler and clang or between Windows and Linux; if it works once, it will work the same way every time. As a bonus, it will compile slightly faster.

Keeping things symbolic - you’re saying the advantage is the intermediate code is easier to debug because a dump will say ‘call print’ instead of ‘call function at 123456’? I can see that being a real advantage but as of right now it doesn’t jump out at me as necessarily outweighing the advantages of the direct pointer method.

Other advantages of keeping things symbolic:
1) You can use function attributes to provide optimization or semantic information.
2) Linking modules works as expected when one of them contains the definition.
3) You can get better code generation (i.e. pc relative addressing for local symbols, etc..)

If the inttoptr scheme makes you happy, go for it. I'm not telling you its wrong, merely that there's another approach you should consider which has it's own advantages.

Philip

p.s. Your point about compiling faster is off base. Not because you're wrong, but because if you're trying to optimize for compile speed at that granularity, you really don't want to be using LLVM (or just about any framework.) LLVM does not make a good first tier JIT. It's makes a great high tier JIT, but if you really really care about compile time, it is not the appropriate answer.

True, I care more about how fast the code runs than how long it takes to compile it. So if the symbolic approach enables better code generation, that is a very significant advantage from my perspective.

Is there any example code or documentation you can point to for details about how to implement the symbolic approach? Is it similar to any of the versions of Kaleidoscope or any other extant tutorial?

There is no documentation I know of. Rough sketch:

  1. Create a subclass of SectionMemoryManager
  2. Create an instance of this class and add it the EngineBuilder via setMCJITMemoryManager
    (Make sure everything runs without changes)
  3. Override the getSymbolAddress method, have your implementation call the base classes impl
    (Make sure everything runs without changes)
  4. Add handling to map name->address for any custom functions you want.

From: Philip Reames [mailto:listmail@philipreames.com]
Subject: Re: [llvm-dev] JIT compiler and calls to existing functions

There is no documentation I know of. Rough sketch:
1) Create a subclass of SectionMemoryManager
2) Create an instance of this class and add it the EngineBuilder via setMCJITMemoryManager
(Make sure everything runs without changes)
3) Override the getSymbolAddress method, have your implementation call the base classes impl
(Make sure everything runs without changes)
4) Add handling to map name->address for any custom functions you want.

Here's what we use for the functions that have statically-known addresses:

First, make LLVM's symbol library available:

    #include <llvm/Support/DynamicLibrary.h> // for linking in C code

Make sure the symbols from the executable are available:

    sys::DynamicLibrary::LoadLibraryPermanently(nullptr);

For each function whose name and code pointer are known, create its llvm::Function definition, and enter the name and code pointer into the symbol table if not already there:

    fType = FunctionType::get(retType, margs, false);
    pFunc = Function::Create(fType, Function::ExternalLinkage, Twine(name), pMod);
    setFuncAttr(pFunc, margs); // customize as needed
    if (sys::DynamicLibrary::SearchForAddressOfSymbol(name) == NULL) {
        sys::DynamicLibrary::AddSymbol(name, (void*)ptr);
    }

In our class derived from SectionMemoryManager, we have the following:

    uint64_t getSymbolAddress(const std::string& Name) override {
        const char* NameStr = Name.c_str();
        void* ptr;
        if (NameStr[0] == '_' &&
            (ptr = sys::DynamicLibrary::SearchForAddressOfSymbol(NameStr + 1)) != NULL) {
            return uint64_t(ptr);
        }
        /* If Name did not require demangling, or we failed to find the demangled name,
           try again without demangling. */
        return uint64_t(sys::DynamicLibrary::SearchForAddressOfSymbol(NameStr));
    }

- Chuck

For the record, one way of compiling faster is caching compiled code
accross process invocations, and in this case you definitely need to use
symbolic function addresses.
(that's what we do in Numba, so this isn't an academic concern)

Regards

Antoine.

For what it’s worth we did a similar thing, but overrode RTDyldMemoryManager directly This allowed us to control where the RAM was allocated too (e.g. guarantee it was in the low 4GB so we could use small memory model and avoid the mov rax, xxxxxxx; call rax code generated for x86)*, and also override findSymbol() to have the same behaviour as described in 4).

–matt

  • later issues in not always being able to allocate low ram caused us to drop this feature. I wish we could fix the "call rax"es :slight_smile:

Can’t the code generator do this opportunistically? That is, generate the more compact instruction sequence if the address happens to be within four gigabytes, otherwise generate the longer form?

That would be ideal, but the code generator needs to know the relative distance from the call site to the called function: which is only known at link-time.

We use an explicit relocation step to deal with this. We generate code into a temporary memory location, then relocate it into a reserved area of memory which is always within a small relative offset of other interesting code. This allows us to get pc relative calls.

Philip

Hi All,

For reasons already covered by Philip and others I prefer symbolic resolution, rather than baking pointers into the IR. If you go that route and you’re using ORC you just need to add a line to your symbol resolver:

auto Resolver = createLambdaResolver(

[&](const std::string &Name) {
if (auto Sym = findMangledSymbol(Name))
return RuntimeDyld::SymbolInfo(Sym.getAddress(), Sym.getFlags());
if (Name == “sin”)
return RuntimeDyld::SymbolInfo(
static_cast<uint64_t>(reinterpret_cast<uintptr_t>(&sin),
JITSymbolFlags::Exported);
return RuntimeDyld::SymbolInfo(nullptr);
},
[](const std::string &S) { return nullptr; });

If you have a large number of in-process symbols you’d like to supply you can substitute a StringMap lookup.

See llvm/examples/Kaleidoscope/include/KaleidoscopeJIT.h.

Cheers,
Lang.

That makes sense, thanks! It also occurs to me that symbol resolution will be needed in any case, to be able to load and call dynamic libraries.