Fix a small number of invalid unsafe code

[yuyichao]

Started as trying to fix #23520 but as the title said, this end up fixing only a small number of them -- basically all use of pointer were wrong. Also marked a few even more invalid places where managed pointer is passed to unsafe_wrap (the fix for those will be much more involved).

The only unrelated change is https://github.com/JuliaLang/julia/compare/yyc/gc/safe_unsafe_write?expand=1#diff-b103e3ad474d354f14374e435955adcbL516 which is what I happened to notice when fixing the function.

Should in principle have no effect on performance but inlining may still be sensitive in some cases so

@nanosoldier runbenchmarks(ALL, vs=":master")

[quinnj]

Could we get a little documentation/explanation on gc_preserve for those of us who haven't been following this development very closely? This seems like a pretty significant change, i.e. any time I use pointer in my code is probably wrong, correct? Are there cases where I use pointer that I don't need gc_preserve?

[nanosoldier]

Your benchmark job has completed - possible performance regressions were detected. A full report can be found here. cc @ararslan

[mschauer]

The infrastructure was introduced in #23610, related devdoc entry: https://docs.julialang.org/en/latest/devdocs/llvm/#Keeping-values-alive-in-the-absence-of-uses-1

[yuyichao]

Could we get a little documentation/explanation on gc_preserve for those of us who haven't been following this development very closely?

The macro has doc.

This seems like a pretty significant change, i.e. any time I use pointer in my code is probably wrong, correct? Are there cases where I use pointer that I don't need gc_preserve?

There has been no change in the semantic, those code has always been wrong. It's just that the compiler wasn't smart enough to use them in a lot of the cases. The main issue is that local variables do not create GC roots, only their use does. This is consistent with the property that extra local variable assignments has absolutely no semantic significance, including the arguments for inlined functions.

There are cases where @gc_preserve is not necessary, basic when there are other defined way an object is rooted. Other defined way includes,

1. Globals.

   Note that simply stroing the object to a global is not good enough. Ref JuliaPy/PyCall.jl@0e3bf0e

2. ccall

   If the pointer value is only used in ccall and the same object is being preserved by another ccall argument then you don't have to preserve that object explicitly, i.e. ccall(...., pointer(array) + 1, array) is fine, though could be a little confusing/misleading for the reader.

3. If the caller is supposed to do so for you

   When you define unsafe_convert and pointer methods, it's obviously fine to call these without preserving the arguments since the caller must do that for you, if the result needs to be used. If you are using the pointer yourself in those methods (not just pointer arithmetic, but loading/storing on the pointer) though, those use must be preserved since the caller only need to preserve the argument if the result will be used.

[rfourquet]

Here (also in other places), the "preserved" object is again used on the line after, isn't it enough to preserve it? (I guess not as you updated the code) Is it that the compiler can reorder instructions?

[yuyichao]

No it's not.

[Keno]

To clarify, after inlining any uses after may be dead code and eliminated.

[yuyichao]

This is the detail I don't want to go into since I don't want people to rely on it but another way this can be invalid is that the compiler can see you are using only some fields and then discards all other fields.

[rfourquet]

I had plans to change this to avoid using unsafe_wrap for performance reasons (cf. #9174), but maybe I need to understand what is invalid here? Preserving A wouldn't be enough?

[yuyichao]

You can't pass a managed pointer to unsafe_wrap.

[rfourquet]

Ok thanks for the precision (this limitation is not documented in the docstring). I will work on fixing those cases.

[yuyichao]

There are of course cases where the code will practically be fine, for now. But I don't want to go into detail to document the limitation of the compiler/optimizer especially since people don't have to rely on these anymore with the introduction of @gc_preserve. We have a few guaranteed rooting as mentioned above (ccall roots (of cconvert return value), @gc_preserve and globals) their rooting behavior is documented in their own docstrings (not for global I guess so we can add that). In general, if it is not explicitly documented that something will guarantee the lifetime of an object then there's no such guarantee.

[vtjnash]

should we just use Ref(b, nr + 1) instead?

[yuyichao]

There's a few different places that uses pointer(ary, i) that can be changed, yes.

[vtjnash]

If vinfo.typ == jl_void_type then vinfo.constant == jl_nothing and we shouldn't get here. What's violating that?

[yuyichao]

julia/src/codegen.cpp

Line 3926 in 056b374

jl_cgval_t tok(token, NULL, false, (jl_value_t*)jl_void_type, NULL);

It's not just a nothing but also an LLVM token though so I'm avoiding touching that.

[vtjnash]

Ah, ok. Right, this was an intentionally malformed value.

[StefanKarpinski]

There's a bunch of cases here where you use @gc_preserve_begin and @gc_preserve_end pairs instead of the @gc_preserve macro even though the latter seems applicable. Was there some reason for that? Too early in bootstrap? Macro lowering having some undesirable effect?

[yuyichao]

They are exactly the same. The @_gc_preserve_begin and @_gc_preserve_end are used just for bootstrap, which is why it's defined right after the inline/noinline macros that serves the same purpose..................

[StefanKarpinski]

I figured it was bootstrap-related.