[ROCm] Fix HSACO module cache using pointer-based key causing stale lookups

[magaonka-amd]

Motivation

• The in_memory_modules_ cache in RocmExecutor used the raw HSACO data
  pointer as the cache key. When a CustomKernelThunk's owned HSACO buffer
  was freed and a new buffer was allocated at the same address, the cache
  returned a stale module loaded from different binary content, causing
  hipModuleGetFunction to fail with hipErrorNotFound.
• Replace pointer-based ModuleHandle key with a content hash of the HSACO
  bytes (absl::HashOf). Same content still hits the cache; different
  content at a reused address correctly misses.
• Add hipPeekAtLastError guard before hipModuleGetFunction to surface
  pre-existing sticky errors early with clear diagnostics instead of
  producing confusing failures.

[claude]

Hash collision risk: HsacoModuleHandle maps arbitrary-length HSACO binaries to a single size_t hash stuffed into a void*. If two different HSACO binaries produce the same hash, the cache silently returns the wrong module — replacing one collision domain (pointer reuse) with another that may be harder to diagnose.

In practice, 64-bit absl::HashOf collisions are astronomically unlikely for distinct HSACO binaries within a single process, so this is probably fine — but it would be worth adding a brief comment acknowledging the trade-off (e.g., "collision is negligible for the number of distinct kernels a single process loads").

Also, reinterpret_cast<const void*>(hash | 1) is technically implementation-defined by the C++ standard. It works on x86-64/aarch64, but a cleaner long-term design would be to change ModuleHandle to hold a uint64_t or define a dedicated key type.

[magaonka-amd]

not a conern 2^64 options we have for hash collision we dont have that many kernels !!

[claude]

Agreed — 2^64 makes collisions negligible here, thanks for confirming. The reinterpret_cast<const void*>(hash | 1) concern was a minor style note for future cleanup; fine to leave as-is for this PR.

[claude]

nit: absl/hash sorts after absl/container:inlined_vector alphabetically. This should be placed after line 196 to keep deps sorted and avoid a buildifier lint failure.

Suggested change

	"@com_google_absl//absl/hash",
	"@com_google_absl//absl/container:inlined_vector",
	"@com_google_absl//absl/hash",

[magaonka-amd]

done

[claude]

Resolved ✓ — addressed in this revision.

[claude]

Two concerns with this guard:

1. Comment/code mismatch: The comment says "hipGetLastError() is sticky" but the code calls hipPeekAtLastError(). These are different APIs — hipGetLastError clears the error, hipPeekAtLastError does not. The comment should reference hipPeekAtLastError and explain why Peek was chosen over Get.

2. False-positive risk: If ROCm 7+ truly never clears sticky errors on success, then any prior handled error anywhere in the process will cause this guard to fire and prevent all subsequent kernel launches for the process lifetime. This seems overly aggressive. Consider either:

   • Logging at WARNING and proceeding (if the intent is debugging aid), or
   • Using hipGetLastError() (which clears) so only unhandled errors are caught, or
   • Documenting under what circumstances a stale non-zero value from hipPeekAtLastError should not be treated as fatal.

[magaonka-amd]

better comment added , we should not drain the hipLastError()

[claude]

Thanks for improving the comment — the hipPeekAtLastError vs hipGetLastError mismatch is fixed now.

One concern remains: since hipPeekAtLastError() does not clear the error state, if any prior HIP call in the process ever failed (even if it was correctly handled), this guard will return InternalError on every subsequent kernel launch for the lifetime of the process. This makes the guard a potential source of false-positive failures.

Consider either:

• Downgrading to LOG(WARNING) instead of returning a hard error, or
• Adding a brief comment explaining why false positives are not expected in practice (e.g., XLA never handles HIP errors and continues).

[claude]

Minor: in the LoadModule path (line 774), auto cubin = spec.cuda_cubin_in_memory() copies the span, while here you use const auto&. The inconsistency is harmless (spans are lightweight) but worth keeping uniform for readability.

[magaonka-amd]

done

[claude]

Resolved ✓ — addressed in this revision.

[claude]

Claude Review Summary

Overall: Good fix for a real cache-correctness bug (pointer-reuse causing stale HSACO module lookups). The content-hash approach is a solid improvement. A few items worth addressing:

• hipPeekAtLastError guard — comment/code mismatch (hipGetLastError vs hipPeekAtLastError) and risk of false positives from sticky errors blocking all subsequent kernel launches.
• BUILD deps ordering — absl/hash is inserted out of alphabetical order; will likely fail buildifier lint.
• Hash collision semantics — worth a brief comment acknowledging the (negligible) collision risk and the reinterpret_cast trade-off.
• Stale comment (not in diff) — line 769 still says "We store the pointer to the HSACO binary as ModuleHandle::id()" which no longer reflects the new hash-based approach.
• No tests — a unit test for HsacoModuleHandle (different content → different handles, same content → same handle) would guard against regressions.
• CUDA parity — cuda_executor.cc uses the same pointer-based ModuleHandle{cubin} pattern; worth investigating as a follow-up.

See inline comments for details.

[claude]

nit: #include <unistd.h> is a C system header and should be grouped with the other system headers near the top of the file, not between third-party (rocm/) and project (xla/) includes. Per the Google C++ Style Guide include ordering, the order is: main header, C system headers, C++ standard library, other libraries, project headers.

Suggested change

	#include "rocm/rocm_config.h"
	#include <unistd.h>
	#include "rocm/rocm_config.h"
	#include "xla/stream_executor/activate_context.h"

Move #include <unistd.h> back up with the C system headers (e.g., after line 17 where it was originally).

[claude]

Re-review Summary

Good progress — 2 of 4 original findings are resolved (BUILD dep sorting, const auto& consistency). Thread replies posted on the remaining 2 inline threads:

• hipPeekAtLastError guard: Comment fix looks good. Flagged remaining concern — hipPeekAtLastError doesn't clear error state, so prior handled errors could cause false-positive hard failures on subsequent kernel launches. Consider LOG(WARNING) or a comment explaining why this is safe.
• Hash collision / reinterpret_cast: Acknowledged — collision risk is negligible at 2^64. Minor style note only.

New finding: #include <unistd.h> moved to wrong include group (posted inline).

No test coverage for the new hashing logic — consider adding a regression test.