2010-05-29 00:19:17 +08:00
|
|
|
//===- Loads.cpp - Local load analysis ------------------------------------===//
|
|
|
|
//
|
|
|
|
// The LLVM Compiler Infrastructure
|
|
|
|
//
|
|
|
|
// This file is distributed under the University of Illinois Open Source
|
|
|
|
// License. See LICENSE.TXT for details.
|
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
//
|
|
|
|
// This file defines simple local analyses for load instructions.
|
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
#include "llvm/Analysis/Loads.h"
|
|
|
|
#include "llvm/Analysis/AliasAnalysis.h"
|
2013-01-01 01:42:11 +08:00
|
|
|
#include "llvm/Analysis/ValueTracking.h"
|
2013-01-02 19:36:10 +08:00
|
|
|
#include "llvm/IR/DataLayout.h"
|
|
|
|
#include "llvm/IR/GlobalAlias.h"
|
|
|
|
#include "llvm/IR/GlobalVariable.h"
|
|
|
|
#include "llvm/IR/IntrinsicInst.h"
|
|
|
|
#include "llvm/IR/LLVMContext.h"
|
2015-03-04 06:01:13 +08:00
|
|
|
#include "llvm/IR/Module.h"
|
2013-01-02 19:36:10 +08:00
|
|
|
#include "llvm/IR/Operator.h"
|
2016-02-24 20:49:04 +08:00
|
|
|
#include "llvm/IR/Statepoint.h"
|
|
|
|
|
2010-05-29 00:19:17 +08:00
|
|
|
using namespace llvm;
|
|
|
|
|
2016-02-24 20:49:04 +08:00
|
|
|
static bool isDereferenceableFromAttribute(const Value *BV, APInt Offset,
|
|
|
|
Type *Ty, const DataLayout &DL,
|
|
|
|
const Instruction *CtxI,
|
|
|
|
const DominatorTree *DT,
|
|
|
|
const TargetLibraryInfo *TLI) {
|
|
|
|
assert(Offset.isNonNegative() && "offset can't be negative");
|
|
|
|
assert(Ty->isSized() && "must be sized");
|
|
|
|
|
|
|
|
APInt DerefBytes(Offset.getBitWidth(), 0);
|
|
|
|
bool CheckForNonNull = false;
|
|
|
|
if (const Argument *A = dyn_cast<Argument>(BV)) {
|
|
|
|
DerefBytes = A->getDereferenceableBytes();
|
|
|
|
if (!DerefBytes.getBoolValue()) {
|
|
|
|
DerefBytes = A->getDereferenceableOrNullBytes();
|
|
|
|
CheckForNonNull = true;
|
|
|
|
}
|
|
|
|
} else if (auto CS = ImmutableCallSite(BV)) {
|
|
|
|
DerefBytes = CS.getDereferenceableBytes(0);
|
|
|
|
if (!DerefBytes.getBoolValue()) {
|
|
|
|
DerefBytes = CS.getDereferenceableOrNullBytes(0);
|
|
|
|
CheckForNonNull = true;
|
|
|
|
}
|
|
|
|
} else if (const LoadInst *LI = dyn_cast<LoadInst>(BV)) {
|
|
|
|
if (MDNode *MD = LI->getMetadata(LLVMContext::MD_dereferenceable)) {
|
|
|
|
ConstantInt *CI = mdconst::extract<ConstantInt>(MD->getOperand(0));
|
|
|
|
DerefBytes = CI->getLimitedValue();
|
|
|
|
}
|
|
|
|
if (!DerefBytes.getBoolValue()) {
|
|
|
|
if (MDNode *MD =
|
|
|
|
LI->getMetadata(LLVMContext::MD_dereferenceable_or_null)) {
|
|
|
|
ConstantInt *CI = mdconst::extract<ConstantInt>(MD->getOperand(0));
|
|
|
|
DerefBytes = CI->getLimitedValue();
|
|
|
|
}
|
|
|
|
CheckForNonNull = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (DerefBytes.getBoolValue())
|
|
|
|
if (DerefBytes.uge(Offset + DL.getTypeStoreSize(Ty)))
|
|
|
|
if (!CheckForNonNull || isKnownNonNullAt(BV, CtxI, DT, TLI))
|
|
|
|
return true;
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool isDereferenceableFromAttribute(const Value *V, const DataLayout &DL,
|
|
|
|
const Instruction *CtxI,
|
|
|
|
const DominatorTree *DT,
|
|
|
|
const TargetLibraryInfo *TLI) {
|
|
|
|
Type *VTy = V->getType();
|
|
|
|
Type *Ty = VTy->getPointerElementType();
|
|
|
|
if (!Ty->isSized())
|
|
|
|
return false;
|
|
|
|
|
|
|
|
APInt Offset(DL.getTypeStoreSizeInBits(VTy), 0);
|
|
|
|
return isDereferenceableFromAttribute(V, Offset, Ty, DL, CtxI, DT, TLI);
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool isAligned(const Value *Base, APInt Offset, unsigned Align,
|
|
|
|
const DataLayout &DL) {
|
|
|
|
APInt BaseAlign(Offset.getBitWidth(), Base->getPointerAlignment(DL));
|
|
|
|
|
|
|
|
if (!BaseAlign) {
|
|
|
|
Type *Ty = Base->getType()->getPointerElementType();
|
|
|
|
if (!Ty->isSized())
|
|
|
|
return false;
|
|
|
|
BaseAlign = DL.getABITypeAlignment(Ty);
|
|
|
|
}
|
|
|
|
|
|
|
|
APInt Alignment(Offset.getBitWidth(), Align);
|
|
|
|
|
|
|
|
assert(Alignment.isPowerOf2() && "must be a power of 2!");
|
|
|
|
return BaseAlign.uge(Alignment) && !(Offset & (Alignment-1));
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool isAligned(const Value *Base, unsigned Align, const DataLayout &DL) {
|
|
|
|
Type *Ty = Base->getType();
|
|
|
|
assert(Ty->isSized() && "must be sized");
|
|
|
|
APInt Offset(DL.getTypeStoreSizeInBits(Ty), 0);
|
|
|
|
return isAligned(Base, Offset, Align, DL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Test if V is always a pointer to allocated and suitably aligned memory for
|
|
|
|
/// a simple load or store.
|
|
|
|
static bool isDereferenceableAndAlignedPointer(
|
|
|
|
const Value *V, unsigned Align, const DataLayout &DL,
|
|
|
|
const Instruction *CtxI, const DominatorTree *DT,
|
|
|
|
const TargetLibraryInfo *TLI, SmallPtrSetImpl<const Value *> &Visited) {
|
|
|
|
// Note that it is not safe to speculate into a malloc'd region because
|
|
|
|
// malloc may return null.
|
|
|
|
|
|
|
|
// These are obviously ok if aligned.
|
|
|
|
if (isa<AllocaInst>(V))
|
|
|
|
return isAligned(V, Align, DL);
|
|
|
|
|
|
|
|
// It's not always safe to follow a bitcast, for example:
|
|
|
|
// bitcast i8* (alloca i8) to i32*
|
|
|
|
// would result in a 4-byte load from a 1-byte alloca. However,
|
|
|
|
// if we're casting from a pointer from a type of larger size
|
|
|
|
// to a type of smaller size (or the same size), and the alignment
|
|
|
|
// is at least as large as for the resulting pointer type, then
|
|
|
|
// we can look through the bitcast.
|
|
|
|
if (const BitCastOperator *BC = dyn_cast<BitCastOperator>(V)) {
|
|
|
|
Type *STy = BC->getSrcTy()->getPointerElementType(),
|
|
|
|
*DTy = BC->getDestTy()->getPointerElementType();
|
|
|
|
if (STy->isSized() && DTy->isSized() &&
|
|
|
|
(DL.getTypeStoreSize(STy) >= DL.getTypeStoreSize(DTy)) &&
|
|
|
|
(DL.getABITypeAlignment(STy) >= DL.getABITypeAlignment(DTy)))
|
|
|
|
return isDereferenceableAndAlignedPointer(BC->getOperand(0), Align, DL,
|
|
|
|
CtxI, DT, TLI, Visited);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Global variables which can't collapse to null are ok.
|
|
|
|
if (const GlobalVariable *GV = dyn_cast<GlobalVariable>(V))
|
|
|
|
if (!GV->hasExternalWeakLinkage())
|
|
|
|
return isAligned(V, Align, DL);
|
|
|
|
|
|
|
|
// byval arguments are okay.
|
|
|
|
if (const Argument *A = dyn_cast<Argument>(V))
|
|
|
|
if (A->hasByValAttr())
|
|
|
|
return isAligned(V, Align, DL);
|
|
|
|
|
|
|
|
if (isDereferenceableFromAttribute(V, DL, CtxI, DT, TLI))
|
|
|
|
return isAligned(V, Align, DL);
|
|
|
|
|
|
|
|
// For GEPs, determine if the indexing lands within the allocated object.
|
|
|
|
if (const GEPOperator *GEP = dyn_cast<GEPOperator>(V)) {
|
|
|
|
Type *Ty = GEP->getResultElementType();
|
|
|
|
const Value *Base = GEP->getPointerOperand();
|
|
|
|
|
|
|
|
// Conservatively require that the base pointer be fully dereferenceable
|
|
|
|
// and aligned.
|
|
|
|
if (!Visited.insert(Base).second)
|
|
|
|
return false;
|
|
|
|
if (!isDereferenceableAndAlignedPointer(Base, Align, DL, CtxI, DT, TLI,
|
|
|
|
Visited))
|
|
|
|
return false;
|
|
|
|
|
|
|
|
APInt Offset(DL.getPointerTypeSizeInBits(GEP->getType()), 0);
|
|
|
|
if (!GEP->accumulateConstantOffset(DL, Offset))
|
|
|
|
return false;
|
|
|
|
|
|
|
|
// Check if the load is within the bounds of the underlying object
|
|
|
|
// and offset is aligned.
|
|
|
|
uint64_t LoadSize = DL.getTypeStoreSize(Ty);
|
|
|
|
Type *BaseType = GEP->getSourceElementType();
|
|
|
|
assert(isPowerOf2_32(Align) && "must be a power of 2!");
|
|
|
|
return (Offset + LoadSize).ule(DL.getTypeAllocSize(BaseType)) &&
|
|
|
|
!(Offset & APInt(Offset.getBitWidth(), Align-1));
|
|
|
|
}
|
|
|
|
|
|
|
|
// For gc.relocate, look through relocations
|
|
|
|
if (const GCRelocateInst *RelocateInst = dyn_cast<GCRelocateInst>(V))
|
|
|
|
return isDereferenceableAndAlignedPointer(
|
|
|
|
RelocateInst->getDerivedPtr(), Align, DL, CtxI, DT, TLI, Visited);
|
|
|
|
|
|
|
|
if (const AddrSpaceCastInst *ASC = dyn_cast<AddrSpaceCastInst>(V))
|
|
|
|
return isDereferenceableAndAlignedPointer(ASC->getOperand(0), Align, DL,
|
|
|
|
CtxI, DT, TLI, Visited);
|
|
|
|
|
|
|
|
// If we don't know, assume the worst.
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool llvm::isDereferenceableAndAlignedPointer(const Value *V, unsigned Align,
|
|
|
|
const DataLayout &DL,
|
|
|
|
const Instruction *CtxI,
|
|
|
|
const DominatorTree *DT,
|
|
|
|
const TargetLibraryInfo *TLI) {
|
|
|
|
// When dereferenceability information is provided by a dereferenceable
|
|
|
|
// attribute, we know exactly how many bytes are dereferenceable. If we can
|
|
|
|
// determine the exact offset to the attributed variable, we can use that
|
|
|
|
// information here.
|
|
|
|
Type *VTy = V->getType();
|
|
|
|
Type *Ty = VTy->getPointerElementType();
|
|
|
|
|
|
|
|
// Require ABI alignment for loads without alignment specification
|
|
|
|
if (Align == 0)
|
|
|
|
Align = DL.getABITypeAlignment(Ty);
|
|
|
|
|
|
|
|
if (Ty->isSized()) {
|
|
|
|
APInt Offset(DL.getTypeStoreSizeInBits(VTy), 0);
|
|
|
|
const Value *BV = V->stripAndAccumulateInBoundsConstantOffsets(DL, Offset);
|
|
|
|
|
|
|
|
if (Offset.isNonNegative())
|
|
|
|
if (isDereferenceableFromAttribute(BV, Offset, Ty, DL, CtxI, DT, TLI) &&
|
|
|
|
isAligned(BV, Offset, Align, DL))
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
SmallPtrSet<const Value *, 32> Visited;
|
|
|
|
return ::isDereferenceableAndAlignedPointer(V, Align, DL, CtxI, DT, TLI,
|
|
|
|
Visited);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool llvm::isDereferenceablePointer(const Value *V, const DataLayout &DL,
|
|
|
|
const Instruction *CtxI,
|
|
|
|
const DominatorTree *DT,
|
|
|
|
const TargetLibraryInfo *TLI) {
|
|
|
|
return isDereferenceableAndAlignedPointer(V, 1, DL, CtxI, DT, TLI);
|
|
|
|
}
|
|
|
|
|
2014-10-19 07:31:55 +08:00
|
|
|
/// \brief Test if A and B will obviously have the same value.
|
|
|
|
///
|
|
|
|
/// This includes recognizing that %t0 and %t1 will have the same
|
2010-05-29 00:19:17 +08:00
|
|
|
/// value in code like this:
|
2014-10-19 07:31:55 +08:00
|
|
|
/// \code
|
2010-05-29 00:19:17 +08:00
|
|
|
/// %t0 = getelementptr \@a, 0, 3
|
|
|
|
/// store i32 0, i32* %t0
|
|
|
|
/// %t1 = getelementptr \@a, 0, 3
|
|
|
|
/// %t2 = load i32* %t1
|
2014-10-19 07:31:55 +08:00
|
|
|
/// \endcode
|
2010-05-29 00:19:17 +08:00
|
|
|
///
|
|
|
|
static bool AreEquivalentAddressValues(const Value *A, const Value *B) {
|
|
|
|
// Test if the values are trivially equivalent.
|
2014-10-19 07:41:25 +08:00
|
|
|
if (A == B)
|
|
|
|
return true;
|
2011-06-04 01:15:37 +08:00
|
|
|
|
2010-05-29 00:19:17 +08:00
|
|
|
// Test if the values come from identical arithmetic instructions.
|
|
|
|
// Use isIdenticalToWhenDefined instead of isIdenticalTo because
|
|
|
|
// this function is only used when one address use dominates the
|
|
|
|
// other, which means that they'll always either have the same
|
|
|
|
// value or one of them will have an undefined value.
|
2014-10-19 07:41:25 +08:00
|
|
|
if (isa<BinaryOperator>(A) || isa<CastInst>(A) || isa<PHINode>(A) ||
|
|
|
|
isa<GetElementPtrInst>(A))
|
2010-05-29 00:19:17 +08:00
|
|
|
if (const Instruction *BI = dyn_cast<Instruction>(B))
|
|
|
|
if (cast<Instruction>(A)->isIdenticalToWhenDefined(BI))
|
|
|
|
return true;
|
2011-06-04 01:15:37 +08:00
|
|
|
|
2010-05-29 00:19:17 +08:00
|
|
|
// Otherwise they may not be equivalent.
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2014-10-19 07:46:17 +08:00
|
|
|
/// \brief Check if executing a load of this pointer value cannot trap.
|
|
|
|
///
|
2016-02-11 21:42:59 +08:00
|
|
|
/// If DT is specified this method performs context-sensitive analysis.
|
|
|
|
///
|
2014-10-19 07:46:17 +08:00
|
|
|
/// If it is not obviously safe to load from the specified pointer, we do
|
|
|
|
/// a quick local scan of the basic block containing \c ScanFrom, to determine
|
|
|
|
/// if the address is already accessed.
|
|
|
|
///
|
|
|
|
/// This uses the pointee type to determine how many bytes need to be safe to
|
|
|
|
/// load from the pointer.
|
2016-01-15 23:27:46 +08:00
|
|
|
bool llvm::isSafeToLoadUnconditionally(Value *V, unsigned Align,
|
2016-02-11 21:42:59 +08:00
|
|
|
Instruction *ScanFrom,
|
|
|
|
const DominatorTree *DT,
|
|
|
|
const TargetLibraryInfo *TLI) {
|
2015-03-10 10:37:25 +08:00
|
|
|
const DataLayout &DL = ScanFrom->getModule()->getDataLayout();
|
2015-06-25 20:18:43 +08:00
|
|
|
|
|
|
|
// Zero alignment means that the load has the ABI alignment for the target
|
|
|
|
if (Align == 0)
|
|
|
|
Align = DL.getABITypeAlignment(V->getType()->getPointerElementType());
|
|
|
|
assert(isPowerOf2_32(Align));
|
|
|
|
|
2016-02-11 21:42:59 +08:00
|
|
|
// If DT is not specified we can't make context-sensitive query
|
|
|
|
const Instruction* CtxI = DT ? ScanFrom : nullptr;
|
|
|
|
if (isDereferenceableAndAlignedPointer(V, Align, DL, CtxI, DT, TLI))
|
2016-01-17 20:35:29 +08:00
|
|
|
return true;
|
|
|
|
|
2013-01-01 01:42:11 +08:00
|
|
|
int64_t ByteOffset = 0;
|
2010-05-29 00:19:17 +08:00
|
|
|
Value *Base = V;
|
2014-10-19 07:47:22 +08:00
|
|
|
Base = GetPointerBaseWithConstantOffset(V, ByteOffset, DL);
|
2013-01-01 01:42:11 +08:00
|
|
|
|
|
|
|
if (ByteOffset < 0) // out of bounds
|
|
|
|
return false;
|
2010-05-29 00:19:17 +08:00
|
|
|
|
2014-04-15 12:59:12 +08:00
|
|
|
Type *BaseType = nullptr;
|
2010-05-29 00:19:17 +08:00
|
|
|
unsigned BaseAlign = 0;
|
|
|
|
if (const AllocaInst *AI = dyn_cast<AllocaInst>(Base)) {
|
|
|
|
// An alloca is safe to load from as load as it is suitably aligned.
|
|
|
|
BaseType = AI->getAllocatedType();
|
|
|
|
BaseAlign = AI->getAlignment();
|
2013-01-01 01:42:11 +08:00
|
|
|
} else if (const GlobalVariable *GV = dyn_cast<GlobalVariable>(Base)) {
|
2014-10-19 08:42:16 +08:00
|
|
|
// Global variables are not necessarily safe to load from if they are
|
Don't IPO over functions that can be de-refined
Summary:
Fixes PR26774.
If you're aware of the issue, feel free to skip the "Motivation"
section and jump directly to "This patch".
Motivation:
I define "refinement" as discarding behaviors from a program that the
optimizer has license to discard. So transforming:
```
void f(unsigned x) {
unsigned t = 5 / x;
(void)t;
}
```
to
```
void f(unsigned x) { }
```
is refinement, since the behavior went from "if x == 0 then undefined
else nothing" to "nothing" (the optimizer has license to discard
undefined behavior).
Refinement is a fundamental aspect of many mid-level optimizations done
by LLVM. For instance, transforming `x == (x + 1)` to `false` also
involves refinement since the expression's value went from "if x is
`undef` then { `true` or `false` } else { `false` }" to "`false`" (by
definition, the optimizer has license to fold `undef` to any non-`undef`
value).
Unfortunately, refinement implies that the optimizer cannot assume
that the implementation of a function it can see has all of the
behavior an unoptimized or a differently optimized version of the same
function can have. This is a problem for functions with comdat
linkage, where a function can be replaced by an unoptimized or a
differently optimized version of the same source level function.
For instance, FunctionAttrs cannot assume a comdat function is
actually `readnone` even if it does not have any loads or stores in
it; since there may have been loads and stores in the "original
function" that were refined out in the currently visible variant, and
at the link step the linker may in fact choose an implementation with
a load or a store. As an example, consider a function that does two
atomic loads from the same memory location, and writes to memory only
if the two values are not equal. The optimizer is allowed to refine
this function by first CSE'ing the two loads, and the folding the
comparision to always report that the two values are equal. Such a
refined variant will look like it is `readonly`. However, the
unoptimized version of the function can still write to memory (since
the two loads //can// result in different values), and selecting the
unoptimized version at link time will retroactively invalidate
transforms we may have done under the assumption that the function
does not write to memory.
Note: this is not just a problem with atomics or with linking
differently optimized object files. See PR26774 for more realistic
examples that involved neither.
This patch:
This change introduces a new set of linkage types, predicated as
`GlobalValue::mayBeDerefined` that returns true if the linkage type
allows a function to be replaced by a differently optimized variant at
link time. It then changes a set of IPO passes to bail out if they see
such a function.
Reviewers: chandlerc, hfinkel, dexonsmith, joker.eph, rnk
Subscribers: mcrosier, llvm-commits
Differential Revision: http://reviews.llvm.org/D18634
llvm-svn: 265762
2016-04-08 08:48:30 +08:00
|
|
|
// interposed arbitrarily. Their size may change or they may be weak and
|
|
|
|
// require a test to determine if they were in fact provided.
|
|
|
|
if (!GV->isInterposable()) {
|
2010-05-29 00:19:17 +08:00
|
|
|
BaseType = GV->getType()->getElementType();
|
|
|
|
BaseAlign = GV->getAlignment();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-10-20 08:24:14 +08:00
|
|
|
PointerType *AddrTy = cast<PointerType>(V->getType());
|
2015-03-10 10:37:25 +08:00
|
|
|
uint64_t LoadSize = DL.getTypeStoreSize(AddrTy->getElementType());
|
2014-10-20 08:24:14 +08:00
|
|
|
|
2014-10-19 08:42:16 +08:00
|
|
|
// If we found a base allocated type from either an alloca or global variable,
|
|
|
|
// try to see if we are definitively within the allocated region. We need to
|
|
|
|
// know the size of the base type and the loaded type to do anything in this
|
2015-03-10 10:37:25 +08:00
|
|
|
// case.
|
|
|
|
if (BaseType && BaseType->isSized()) {
|
2014-10-19 08:42:16 +08:00
|
|
|
if (BaseAlign == 0)
|
2015-03-10 10:37:25 +08:00
|
|
|
BaseAlign = DL.getPrefTypeAlignment(BaseType);
|
2010-05-29 00:19:17 +08:00
|
|
|
|
|
|
|
if (Align <= BaseAlign) {
|
|
|
|
// Check if the load is within the bounds of the underlying object.
|
2015-03-10 10:37:25 +08:00
|
|
|
if (ByteOffset + LoadSize <= DL.getTypeAllocSize(BaseType) &&
|
2015-06-25 20:18:43 +08:00
|
|
|
((ByteOffset % Align) == 0))
|
2010-05-29 00:19:17 +08:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Otherwise, be a little bit aggressive by scanning the local block where we
|
|
|
|
// want to check to see if the pointer is already being loaded or stored
|
|
|
|
// from/to. If so, the previous load or store would have already trapped,
|
|
|
|
// so there is no harm doing an extra load (also, CSE will later eliminate
|
|
|
|
// the load entirely).
|
Analysis: Remove implicit ilist iterator conversions
Remove implicit ilist iterator conversions from LLVMAnalysis.
I came across something really scary in `llvm::isKnownNotFullPoison()`
which relied on `Instruction::getNextNode()` being completely broken
(not surprising, but scary nevertheless). This function is documented
(and coded to) return `nullptr` when it gets to the sentinel, but with
an `ilist_half_node` as a sentinel, the sentinel check looks into some
other memory and we don't recognize we've hit the end.
Rooting out these scary cases is the reason I'm removing the implicit
conversions before doing anything else with `ilist`; I'm not at all
surprised that clients rely on badness.
I found another scary case -- this time, not relying on badness, just
bad (but I guess getting lucky so far) -- in
`ObjectSizeOffsetEvaluator::compute_()`. Here, we save out the
insertion point, do some things, and then restore it. Previously, we
let the iterator auto-convert to `Instruction*`, and then set it back
using the `Instruction*` version:
Instruction *PrevInsertPoint = Builder.GetInsertPoint();
/* Logic that may change insert point */
if (PrevInsertPoint)
Builder.SetInsertPoint(PrevInsertPoint);
The check for `PrevInsertPoint` doesn't protect correctly against bad
accesses. If the insertion point has been set to the end of a basic
block (i.e., `SetInsertPoint(SomeBB)`), then `GetInsertPoint()` returns
an iterator pointing at the list sentinel. The version of
`SetInsertPoint()` that's getting called will then call
`PrevInsertPoint->getParent()`, which explodes horribly. The only
reason this hasn't blown up is that it's fairly unlikely the builder is
adding to the end of the block; usually, we're adding instructions
somewhere before the terminator.
llvm-svn: 249925
2015-10-10 08:53:03 +08:00
|
|
|
BasicBlock::iterator BBI = ScanFrom->getIterator(),
|
|
|
|
E = ScanFrom->getParent()->begin();
|
2010-05-29 00:19:17 +08:00
|
|
|
|
2014-10-20 08:24:14 +08:00
|
|
|
// We can at least always strip pointer casts even though we can't use the
|
|
|
|
// base here.
|
|
|
|
V = V->stripPointerCasts();
|
|
|
|
|
2010-05-29 00:19:17 +08:00
|
|
|
while (BBI != E) {
|
|
|
|
--BBI;
|
|
|
|
|
|
|
|
// If we see a free or a call which may write to memory (i.e. which might do
|
|
|
|
// a free) the pointer could be marked invalid.
|
|
|
|
if (isa<CallInst>(BBI) && BBI->mayWriteToMemory() &&
|
|
|
|
!isa<DbgInfoIntrinsic>(BBI))
|
|
|
|
return false;
|
|
|
|
|
2014-10-20 08:24:14 +08:00
|
|
|
Value *AccessedPtr;
|
2015-06-25 20:18:43 +08:00
|
|
|
unsigned AccessedAlign;
|
|
|
|
if (LoadInst *LI = dyn_cast<LoadInst>(BBI)) {
|
2014-10-20 08:24:14 +08:00
|
|
|
AccessedPtr = LI->getPointerOperand();
|
2015-06-25 20:18:43 +08:00
|
|
|
AccessedAlign = LI->getAlignment();
|
|
|
|
} else if (StoreInst *SI = dyn_cast<StoreInst>(BBI)) {
|
2014-10-20 08:24:14 +08:00
|
|
|
AccessedPtr = SI->getPointerOperand();
|
2015-06-25 20:18:43 +08:00
|
|
|
AccessedAlign = SI->getAlignment();
|
|
|
|
} else
|
|
|
|
continue;
|
|
|
|
|
|
|
|
Type *AccessedTy = AccessedPtr->getType()->getPointerElementType();
|
|
|
|
if (AccessedAlign == 0)
|
|
|
|
AccessedAlign = DL.getABITypeAlignment(AccessedTy);
|
|
|
|
if (AccessedAlign < Align)
|
2014-10-20 08:24:14 +08:00
|
|
|
continue;
|
|
|
|
|
2015-03-10 10:37:25 +08:00
|
|
|
// Handle trivial cases.
|
2014-10-20 08:24:14 +08:00
|
|
|
if (AccessedPtr == V)
|
|
|
|
return true;
|
|
|
|
|
|
|
|
if (AreEquivalentAddressValues(AccessedPtr->stripPointerCasts(), V) &&
|
2015-06-25 20:18:43 +08:00
|
|
|
LoadSize <= DL.getTypeStoreSize(AccessedTy))
|
2014-10-20 08:24:14 +08:00
|
|
|
return true;
|
2010-05-29 00:19:17 +08:00
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2015-09-19 03:14:35 +08:00
|
|
|
/// DefMaxInstsToScan - the default number of maximum instructions
|
|
|
|
/// to scan in the block, used by FindAvailableLoadedValue().
|
|
|
|
/// FindAvailableLoadedValue() was introduced in r60148, to improve jump
|
|
|
|
/// threading in part by eliminating partially redundant loads.
|
|
|
|
/// At that point, the value of MaxInstsToScan was already set to '6'
|
|
|
|
/// without documented explanation.
|
|
|
|
cl::opt<unsigned>
|
|
|
|
llvm::DefMaxInstsToScan("available-load-scan-limit", cl::init(6), cl::Hidden,
|
|
|
|
cl::desc("Use this to specify the default maximum number of instructions "
|
|
|
|
"to scan backward from a given instruction, when searching for "
|
|
|
|
"available loaded value"));
|
|
|
|
|
2014-10-19 07:31:55 +08:00
|
|
|
/// \brief Scan the ScanBB block backwards to see if we have the value at the
|
2010-05-29 00:19:17 +08:00
|
|
|
/// memory address *Ptr locally available within a small number of instructions.
|
|
|
|
///
|
2014-10-19 07:31:55 +08:00
|
|
|
/// The scan starts from \c ScanFrom. \c MaxInstsToScan specifies the maximum
|
|
|
|
/// instructions to scan in the block. If it is set to \c 0, it will scan the whole
|
|
|
|
/// block.
|
|
|
|
///
|
|
|
|
/// If the value is available, this function returns it. If not, it returns the
|
|
|
|
/// iterator for the last validated instruction that the value would be live
|
|
|
|
/// through. If we scanned the entire block and didn't find something that
|
|
|
|
/// invalidates \c *Ptr or provides it, \c ScanFrom is left at the last
|
|
|
|
/// instruction processed and this returns null.
|
2010-05-29 00:19:17 +08:00
|
|
|
///
|
2014-10-19 07:31:55 +08:00
|
|
|
/// You can also optionally specify an alias analysis implementation, which
|
|
|
|
/// makes this more precise.
|
2012-03-14 02:07:41 +08:00
|
|
|
///
|
2014-10-19 07:31:55 +08:00
|
|
|
/// If \c AATags is non-null and a load or store is found, the AA tags from the
|
|
|
|
/// load or store are recorded there. If there are no AA tags or if no access is
|
|
|
|
/// found, it is left unmodified.
|
2016-01-22 09:51:51 +08:00
|
|
|
Value *llvm::FindAvailableLoadedValue(LoadInst *Load, BasicBlock *ScanBB,
|
2010-05-29 00:19:17 +08:00
|
|
|
BasicBlock::iterator &ScanFrom,
|
|
|
|
unsigned MaxInstsToScan,
|
2014-10-19 07:19:03 +08:00
|
|
|
AliasAnalysis *AA, AAMDNodes *AATags) {
|
|
|
|
if (MaxInstsToScan == 0)
|
|
|
|
MaxInstsToScan = ~0U;
|
2010-05-29 00:19:17 +08:00
|
|
|
|
2016-01-22 09:51:51 +08:00
|
|
|
Value *Ptr = Load->getPointerOperand();
|
|
|
|
Type *AccessTy = Load->getType();
|
2014-10-20 08:24:14 +08:00
|
|
|
|
2015-03-05 02:43:29 +08:00
|
|
|
const DataLayout &DL = ScanBB->getModule()->getDataLayout();
|
2014-11-25 16:20:27 +08:00
|
|
|
|
|
|
|
// Try to get the store size for the type.
|
2015-03-05 02:43:29 +08:00
|
|
|
uint64_t AccessSize = DL.getTypeStoreSize(AccessTy);
|
2014-10-20 08:24:14 +08:00
|
|
|
|
|
|
|
Value *StrippedPtr = Ptr->stripPointerCasts();
|
2014-10-19 07:19:03 +08:00
|
|
|
|
2010-05-29 00:19:17 +08:00
|
|
|
while (ScanFrom != ScanBB->begin()) {
|
|
|
|
// We must ignore debug info directives when counting (otherwise they
|
|
|
|
// would affect codegen).
|
Analysis: Remove implicit ilist iterator conversions
Remove implicit ilist iterator conversions from LLVMAnalysis.
I came across something really scary in `llvm::isKnownNotFullPoison()`
which relied on `Instruction::getNextNode()` being completely broken
(not surprising, but scary nevertheless). This function is documented
(and coded to) return `nullptr` when it gets to the sentinel, but with
an `ilist_half_node` as a sentinel, the sentinel check looks into some
other memory and we don't recognize we've hit the end.
Rooting out these scary cases is the reason I'm removing the implicit
conversions before doing anything else with `ilist`; I'm not at all
surprised that clients rely on badness.
I found another scary case -- this time, not relying on badness, just
bad (but I guess getting lucky so far) -- in
`ObjectSizeOffsetEvaluator::compute_()`. Here, we save out the
insertion point, do some things, and then restore it. Previously, we
let the iterator auto-convert to `Instruction*`, and then set it back
using the `Instruction*` version:
Instruction *PrevInsertPoint = Builder.GetInsertPoint();
/* Logic that may change insert point */
if (PrevInsertPoint)
Builder.SetInsertPoint(PrevInsertPoint);
The check for `PrevInsertPoint` doesn't protect correctly against bad
accesses. If the insertion point has been set to the end of a basic
block (i.e., `SetInsertPoint(SomeBB)`), then `GetInsertPoint()` returns
an iterator pointing at the list sentinel. The version of
`SetInsertPoint()` that's getting called will then call
`PrevInsertPoint->getParent()`, which explodes horribly. The only
reason this hasn't blown up is that it's fairly unlikely the builder is
adding to the end of the block; usually, we're adding instructions
somewhere before the terminator.
llvm-svn: 249925
2015-10-10 08:53:03 +08:00
|
|
|
Instruction *Inst = &*--ScanFrom;
|
2010-05-29 00:19:17 +08:00
|
|
|
if (isa<DbgInfoIntrinsic>(Inst))
|
|
|
|
continue;
|
|
|
|
|
|
|
|
// Restore ScanFrom to expected value in case next test succeeds
|
|
|
|
ScanFrom++;
|
2014-10-19 07:19:03 +08:00
|
|
|
|
2010-05-29 00:19:17 +08:00
|
|
|
// Don't scan huge blocks.
|
2014-10-19 07:19:03 +08:00
|
|
|
if (MaxInstsToScan-- == 0)
|
|
|
|
return nullptr;
|
|
|
|
|
2010-05-29 00:19:17 +08:00
|
|
|
--ScanFrom;
|
|
|
|
// If this is a load of Ptr, the loaded value is available.
|
2011-08-16 05:56:39 +08:00
|
|
|
// (This is true even if the load is volatile or atomic, although
|
|
|
|
// those cases are unlikely.)
|
2010-05-29 00:19:17 +08:00
|
|
|
if (LoadInst *LI = dyn_cast<LoadInst>(Inst))
|
2014-10-20 08:24:14 +08:00
|
|
|
if (AreEquivalentAddressValues(
|
|
|
|
LI->getPointerOperand()->stripPointerCasts(), StrippedPtr) &&
|
2015-03-10 10:37:25 +08:00
|
|
|
CastInst::isBitOrNoopPointerCastable(LI->getType(), AccessTy, DL)) {
|
2014-10-19 07:19:03 +08:00
|
|
|
if (AATags)
|
|
|
|
LI->getAAMetadata(*AATags);
|
2010-05-29 00:19:17 +08:00
|
|
|
return LI;
|
2012-03-14 02:07:41 +08:00
|
|
|
}
|
2014-10-19 07:19:03 +08:00
|
|
|
|
2010-05-29 00:19:17 +08:00
|
|
|
if (StoreInst *SI = dyn_cast<StoreInst>(Inst)) {
|
2014-10-20 08:24:14 +08:00
|
|
|
Value *StorePtr = SI->getPointerOperand()->stripPointerCasts();
|
2010-05-29 00:19:17 +08:00
|
|
|
// If this is a store through Ptr, the value is available!
|
2011-08-16 05:56:39 +08:00
|
|
|
// (This is true even if the store is volatile or atomic, although
|
|
|
|
// those cases are unlikely.)
|
2014-10-20 08:24:14 +08:00
|
|
|
if (AreEquivalentAddressValues(StorePtr, StrippedPtr) &&
|
2014-11-25 16:20:27 +08:00
|
|
|
CastInst::isBitOrNoopPointerCastable(SI->getValueOperand()->getType(),
|
2015-03-10 10:37:25 +08:00
|
|
|
AccessTy, DL)) {
|
2014-10-19 07:19:03 +08:00
|
|
|
if (AATags)
|
|
|
|
SI->getAAMetadata(*AATags);
|
2010-05-29 00:19:17 +08:00
|
|
|
return SI->getOperand(0);
|
2012-03-14 02:07:41 +08:00
|
|
|
}
|
2014-10-19 07:19:03 +08:00
|
|
|
|
2014-10-20 18:03:01 +08:00
|
|
|
// If both StrippedPtr and StorePtr reach all the way to an alloca or
|
|
|
|
// global and they are different, ignore the store. This is a trivial form
|
|
|
|
// of alias analysis that is important for reg2mem'd code.
|
2014-10-20 08:24:14 +08:00
|
|
|
if ((isa<AllocaInst>(StrippedPtr) || isa<GlobalVariable>(StrippedPtr)) &&
|
2014-10-20 18:03:01 +08:00
|
|
|
(isa<AllocaInst>(StorePtr) || isa<GlobalVariable>(StorePtr)) &&
|
|
|
|
StrippedPtr != StorePtr)
|
2010-05-29 00:19:17 +08:00
|
|
|
continue;
|
2014-10-19 07:19:03 +08:00
|
|
|
|
2010-05-29 00:19:17 +08:00
|
|
|
// If we have alias analysis and it says the store won't modify the loaded
|
|
|
|
// value, ignore the store.
|
2015-07-23 07:15:57 +08:00
|
|
|
if (AA && (AA->getModRefInfo(SI, StrippedPtr, AccessSize) & MRI_Mod) == 0)
|
2010-05-29 00:19:17 +08:00
|
|
|
continue;
|
2014-10-19 07:19:03 +08:00
|
|
|
|
2010-05-29 00:19:17 +08:00
|
|
|
// Otherwise the store that may or may not alias the pointer, bail out.
|
|
|
|
++ScanFrom;
|
2014-04-15 12:59:12 +08:00
|
|
|
return nullptr;
|
2010-05-29 00:19:17 +08:00
|
|
|
}
|
2014-10-19 07:19:03 +08:00
|
|
|
|
2010-05-29 00:19:17 +08:00
|
|
|
// If this is some other instruction that may clobber Ptr, bail out.
|
|
|
|
if (Inst->mayWriteToMemory()) {
|
|
|
|
// If alias analysis claims that it really won't modify the load,
|
|
|
|
// ignore it.
|
|
|
|
if (AA &&
|
2015-07-23 07:15:57 +08:00
|
|
|
(AA->getModRefInfo(Inst, StrippedPtr, AccessSize) & MRI_Mod) == 0)
|
2010-05-29 00:19:17 +08:00
|
|
|
continue;
|
2014-10-19 07:19:03 +08:00
|
|
|
|
2010-05-29 00:19:17 +08:00
|
|
|
// May modify the pointer, bail out.
|
|
|
|
++ScanFrom;
|
2014-04-15 12:59:12 +08:00
|
|
|
return nullptr;
|
2010-05-29 00:19:17 +08:00
|
|
|
}
|
|
|
|
}
|
2014-10-19 07:19:03 +08:00
|
|
|
|
2010-05-29 00:19:17 +08:00
|
|
|
// Got to the start of the block, we didn't find it, but are done for this
|
|
|
|
// block.
|
2014-04-15 12:59:12 +08:00
|
|
|
return nullptr;
|
2010-05-29 00:19:17 +08:00
|
|
|
}
|