1 //===- MemCpyOptimizer.cpp - Optimize use of memcpy and friends -----------===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This pass performs various transformations related to eliminating memcpy
11 // calls, or transforming sets of stores into memset's.
12 //
13 //===----------------------------------------------------------------------===//
14
15 #include "llvm/Transforms/Scalar/MemCpyOptimizer.h"
16 #include "llvm/ADT/DenseSet.h"
17 #include "llvm/ADT/None.h"
18 #include "llvm/ADT/STLExtras.h"
19 #include "llvm/ADT/SmallVector.h"
20 #include "llvm/ADT/Statistic.h"
21 #include "llvm/ADT/iterator_range.h"
22 #include "llvm/Analysis/AliasAnalysis.h"
23 #include "llvm/Analysis/AssumptionCache.h"
24 #include "llvm/Analysis/GlobalsModRef.h"
25 #include "llvm/Analysis/MemoryDependenceAnalysis.h"
26 #include "llvm/Analysis/MemoryLocation.h"
27 #include "llvm/Analysis/TargetLibraryInfo.h"
28 #include "llvm/Transforms/Utils/Local.h"
29 #include "llvm/Analysis/ValueTracking.h"
30 #include "llvm/IR/Argument.h"
31 #include "llvm/IR/BasicBlock.h"
32 #include "llvm/IR/CallSite.h"
33 #include "llvm/IR/Constants.h"
34 #include "llvm/IR/DataLayout.h"
35 #include "llvm/IR/DerivedTypes.h"
36 #include "llvm/IR/Dominators.h"
37 #include "llvm/IR/Function.h"
38 #include "llvm/IR/GetElementPtrTypeIterator.h"
39 #include "llvm/IR/GlobalVariable.h"
40 #include "llvm/IR/IRBuilder.h"
41 #include "llvm/IR/InstrTypes.h"
42 #include "llvm/IR/Instruction.h"
43 #include "llvm/IR/Instructions.h"
44 #include "llvm/IR/IntrinsicInst.h"
45 #include "llvm/IR/Intrinsics.h"
46 #include "llvm/IR/LLVMContext.h"
47 #include "llvm/IR/Module.h"
48 #include "llvm/IR/Operator.h"
49 #include "llvm/IR/PassManager.h"
50 #include "llvm/IR/Type.h"
51 #include "llvm/IR/User.h"
52 #include "llvm/IR/Value.h"
53 #include "llvm/Pass.h"
54 #include "llvm/Support/Casting.h"
55 #include "llvm/Support/Debug.h"
56 #include "llvm/Support/MathExtras.h"
57 #include "llvm/Support/raw_ostream.h"
58 #include "llvm/Transforms/Scalar.h"
59 #include <algorithm>
60 #include <cassert>
61 #include <cstdint>
62 #include <utility>
63
64 using namespace llvm;
65
66 #define DEBUG_TYPE "memcpyopt"
67
68 STATISTIC(NumMemCpyInstr, "Number of memcpy instructions deleted");
69 STATISTIC(NumMemSetInfer, "Number of memsets inferred");
70 STATISTIC(NumMoveToCpy, "Number of memmoves converted to memcpy");
71 STATISTIC(NumCpyToSet, "Number of memcpys converted to memset");
72
GetOffsetFromIndex(const GEPOperator * GEP,unsigned Idx,bool & VariableIdxFound,const DataLayout & DL)73 static int64_t GetOffsetFromIndex(const GEPOperator *GEP, unsigned Idx,
74 bool &VariableIdxFound,
75 const DataLayout &DL) {
76 // Skip over the first indices.
77 gep_type_iterator GTI = gep_type_begin(GEP);
78 for (unsigned i = 1; i != Idx; ++i, ++GTI)
79 /*skip along*/;
80
81 // Compute the offset implied by the rest of the indices.
82 int64_t Offset = 0;
83 for (unsigned i = Idx, e = GEP->getNumOperands(); i != e; ++i, ++GTI) {
84 ConstantInt *OpC = dyn_cast<ConstantInt>(GEP->getOperand(i));
85 if (!OpC)
86 return VariableIdxFound = true;
87 if (OpC->isZero()) continue; // No offset.
88
89 // Handle struct indices, which add their field offset to the pointer.
90 if (StructType *STy = GTI.getStructTypeOrNull()) {
91 Offset += DL.getStructLayout(STy)->getElementOffset(OpC->getZExtValue());
92 continue;
93 }
94
95 // Otherwise, we have a sequential type like an array or vector. Multiply
96 // the index by the ElementSize.
97 uint64_t Size = DL.getTypeAllocSize(GTI.getIndexedType());
98 Offset += Size*OpC->getSExtValue();
99 }
100
101 return Offset;
102 }
103
104 /// Return true if Ptr1 is provably equal to Ptr2 plus a constant offset, and
105 /// return that constant offset. For example, Ptr1 might be &A[42], and Ptr2
106 /// might be &A[40]. In this case offset would be -8.
IsPointerOffset(Value * Ptr1,Value * Ptr2,int64_t & Offset,const DataLayout & DL)107 static bool IsPointerOffset(Value *Ptr1, Value *Ptr2, int64_t &Offset,
108 const DataLayout &DL) {
109 Ptr1 = Ptr1->stripPointerCasts();
110 Ptr2 = Ptr2->stripPointerCasts();
111
112 // Handle the trivial case first.
113 if (Ptr1 == Ptr2) {
114 Offset = 0;
115 return true;
116 }
117
118 GEPOperator *GEP1 = dyn_cast<GEPOperator>(Ptr1);
119 GEPOperator *GEP2 = dyn_cast<GEPOperator>(Ptr2);
120
121 bool VariableIdxFound = false;
122
123 // If one pointer is a GEP and the other isn't, then see if the GEP is a
124 // constant offset from the base, as in "P" and "gep P, 1".
125 if (GEP1 && !GEP2 && GEP1->getOperand(0)->stripPointerCasts() == Ptr2) {
126 Offset = -GetOffsetFromIndex(GEP1, 1, VariableIdxFound, DL);
127 return !VariableIdxFound;
128 }
129
130 if (GEP2 && !GEP1 && GEP2->getOperand(0)->stripPointerCasts() == Ptr1) {
131 Offset = GetOffsetFromIndex(GEP2, 1, VariableIdxFound, DL);
132 return !VariableIdxFound;
133 }
134
135 // Right now we handle the case when Ptr1/Ptr2 are both GEPs with an identical
136 // base. After that base, they may have some number of common (and
137 // potentially variable) indices. After that they handle some constant
138 // offset, which determines their offset from each other. At this point, we
139 // handle no other case.
140 if (!GEP1 || !GEP2 || GEP1->getOperand(0) != GEP2->getOperand(0))
141 return false;
142
143 // Skip any common indices and track the GEP types.
144 unsigned Idx = 1;
145 for (; Idx != GEP1->getNumOperands() && Idx != GEP2->getNumOperands(); ++Idx)
146 if (GEP1->getOperand(Idx) != GEP2->getOperand(Idx))
147 break;
148
149 int64_t Offset1 = GetOffsetFromIndex(GEP1, Idx, VariableIdxFound, DL);
150 int64_t Offset2 = GetOffsetFromIndex(GEP2, Idx, VariableIdxFound, DL);
151 if (VariableIdxFound) return false;
152
153 Offset = Offset2-Offset1;
154 return true;
155 }
156
157 namespace {
158
159 /// Represents a range of memset'd bytes with the ByteVal value.
160 /// This allows us to analyze stores like:
161 /// store 0 -> P+1
162 /// store 0 -> P+0
163 /// store 0 -> P+3
164 /// store 0 -> P+2
165 /// which sometimes happens with stores to arrays of structs etc. When we see
166 /// the first store, we make a range [1, 2). The second store extends the range
167 /// to [0, 2). The third makes a new range [2, 3). The fourth store joins the
168 /// two ranges into [0, 3) which is memset'able.
169 struct MemsetRange {
170 // Start/End - A semi range that describes the span that this range covers.
171 // The range is closed at the start and open at the end: [Start, End).
172 int64_t Start, End;
173
174 /// StartPtr - The getelementptr instruction that points to the start of the
175 /// range.
176 Value *StartPtr;
177
178 /// Alignment - The known alignment of the first store.
179 unsigned Alignment;
180
181 /// TheStores - The actual stores that make up this range.
182 SmallVector<Instruction*, 16> TheStores;
183
184 bool isProfitableToUseMemset(const DataLayout &DL) const;
185 };
186
187 } // end anonymous namespace
188
isProfitableToUseMemset(const DataLayout & DL) const189 bool MemsetRange::isProfitableToUseMemset(const DataLayout &DL) const {
190 // If we found more than 4 stores to merge or 16 bytes, use memset.
191 if (TheStores.size() >= 4 || End-Start >= 16) return true;
192
193 // If there is nothing to merge, don't do anything.
194 if (TheStores.size() < 2) return false;
195
196 // If any of the stores are a memset, then it is always good to extend the
197 // memset.
198 for (Instruction *SI : TheStores)
199 if (!isa<StoreInst>(SI))
200 return true;
201
202 // Assume that the code generator is capable of merging pairs of stores
203 // together if it wants to.
204 if (TheStores.size() == 2) return false;
205
206 // If we have fewer than 8 stores, it can still be worthwhile to do this.
207 // For example, merging 4 i8 stores into an i32 store is useful almost always.
208 // However, merging 2 32-bit stores isn't useful on a 32-bit architecture (the
209 // memset will be split into 2 32-bit stores anyway) and doing so can
210 // pessimize the llvm optimizer.
211 //
212 // Since we don't have perfect knowledge here, make some assumptions: assume
213 // the maximum GPR width is the same size as the largest legal integer
214 // size. If so, check to see whether we will end up actually reducing the
215 // number of stores used.
216 unsigned Bytes = unsigned(End-Start);
217 unsigned MaxIntSize = DL.getLargestLegalIntTypeSizeInBits() / 8;
218 if (MaxIntSize == 0)
219 MaxIntSize = 1;
220 unsigned NumPointerStores = Bytes / MaxIntSize;
221
222 // Assume the remaining bytes if any are done a byte at a time.
223 unsigned NumByteStores = Bytes % MaxIntSize;
224
225 // If we will reduce the # stores (according to this heuristic), do the
226 // transformation. This encourages merging 4 x i8 -> i32 and 2 x i16 -> i32
227 // etc.
228 return TheStores.size() > NumPointerStores+NumByteStores;
229 }
230
231 namespace {
232
233 class MemsetRanges {
234 using range_iterator = SmallVectorImpl<MemsetRange>::iterator;
235
236 /// A sorted list of the memset ranges.
237 SmallVector<MemsetRange, 8> Ranges;
238
239 const DataLayout &DL;
240
241 public:
MemsetRanges(const DataLayout & DL)242 MemsetRanges(const DataLayout &DL) : DL(DL) {}
243
244 using const_iterator = SmallVectorImpl<MemsetRange>::const_iterator;
245
begin() const246 const_iterator begin() const { return Ranges.begin(); }
end() const247 const_iterator end() const { return Ranges.end(); }
empty() const248 bool empty() const { return Ranges.empty(); }
249
addInst(int64_t OffsetFromFirst,Instruction * Inst)250 void addInst(int64_t OffsetFromFirst, Instruction *Inst) {
251 if (StoreInst *SI = dyn_cast<StoreInst>(Inst))
252 addStore(OffsetFromFirst, SI);
253 else
254 addMemSet(OffsetFromFirst, cast<MemSetInst>(Inst));
255 }
256
addStore(int64_t OffsetFromFirst,StoreInst * SI)257 void addStore(int64_t OffsetFromFirst, StoreInst *SI) {
258 int64_t StoreSize = DL.getTypeStoreSize(SI->getOperand(0)->getType());
259
260 addRange(OffsetFromFirst, StoreSize,
261 SI->getPointerOperand(), SI->getAlignment(), SI);
262 }
263
addMemSet(int64_t OffsetFromFirst,MemSetInst * MSI)264 void addMemSet(int64_t OffsetFromFirst, MemSetInst *MSI) {
265 int64_t Size = cast<ConstantInt>(MSI->getLength())->getZExtValue();
266 addRange(OffsetFromFirst, Size, MSI->getDest(), MSI->getDestAlignment(), MSI);
267 }
268
269 void addRange(int64_t Start, int64_t Size, Value *Ptr,
270 unsigned Alignment, Instruction *Inst);
271 };
272
273 } // end anonymous namespace
274
275 /// Add a new store to the MemsetRanges data structure. This adds a
276 /// new range for the specified store at the specified offset, merging into
277 /// existing ranges as appropriate.
addRange(int64_t Start,int64_t Size,Value * Ptr,unsigned Alignment,Instruction * Inst)278 void MemsetRanges::addRange(int64_t Start, int64_t Size, Value *Ptr,
279 unsigned Alignment, Instruction *Inst) {
280 int64_t End = Start+Size;
281
282 range_iterator I = std::lower_bound(Ranges.begin(), Ranges.end(), Start,
283 [](const MemsetRange &LHS, int64_t RHS) { return LHS.End < RHS; });
284
285 // We now know that I == E, in which case we didn't find anything to merge
286 // with, or that Start <= I->End. If End < I->Start or I == E, then we need
287 // to insert a new range. Handle this now.
288 if (I == Ranges.end() || End < I->Start) {
289 MemsetRange &R = *Ranges.insert(I, MemsetRange());
290 R.Start = Start;
291 R.End = End;
292 R.StartPtr = Ptr;
293 R.Alignment = Alignment;
294 R.TheStores.push_back(Inst);
295 return;
296 }
297
298 // This store overlaps with I, add it.
299 I->TheStores.push_back(Inst);
300
301 // At this point, we may have an interval that completely contains our store.
302 // If so, just add it to the interval and return.
303 if (I->Start <= Start && I->End >= End)
304 return;
305
306 // Now we know that Start <= I->End and End >= I->Start so the range overlaps
307 // but is not entirely contained within the range.
308
309 // See if the range extends the start of the range. In this case, it couldn't
310 // possibly cause it to join the prior range, because otherwise we would have
311 // stopped on *it*.
312 if (Start < I->Start) {
313 I->Start = Start;
314 I->StartPtr = Ptr;
315 I->Alignment = Alignment;
316 }
317
318 // Now we know that Start <= I->End and Start >= I->Start (so the startpoint
319 // is in or right at the end of I), and that End >= I->Start. Extend I out to
320 // End.
321 if (End > I->End) {
322 I->End = End;
323 range_iterator NextI = I;
324 while (++NextI != Ranges.end() && End >= NextI->Start) {
325 // Merge the range in.
326 I->TheStores.append(NextI->TheStores.begin(), NextI->TheStores.end());
327 if (NextI->End > I->End)
328 I->End = NextI->End;
329 Ranges.erase(NextI);
330 NextI = I;
331 }
332 }
333 }
334
335 //===----------------------------------------------------------------------===//
336 // MemCpyOptLegacyPass Pass
337 //===----------------------------------------------------------------------===//
338
339 namespace {
340
341 class MemCpyOptLegacyPass : public FunctionPass {
342 MemCpyOptPass Impl;
343
344 public:
345 static char ID; // Pass identification, replacement for typeid
346
MemCpyOptLegacyPass()347 MemCpyOptLegacyPass() : FunctionPass(ID) {
348 initializeMemCpyOptLegacyPassPass(*PassRegistry::getPassRegistry());
349 }
350
351 bool runOnFunction(Function &F) override;
352
353 private:
354 // This transformation requires dominator postdominator info
getAnalysisUsage(AnalysisUsage & AU) const355 void getAnalysisUsage(AnalysisUsage &AU) const override {
356 AU.setPreservesCFG();
357 AU.addRequired<AssumptionCacheTracker>();
358 AU.addRequired<DominatorTreeWrapperPass>();
359 AU.addRequired<MemoryDependenceWrapperPass>();
360 AU.addRequired<AAResultsWrapperPass>();
361 AU.addRequired<TargetLibraryInfoWrapperPass>();
362 AU.addPreserved<GlobalsAAWrapperPass>();
363 AU.addPreserved<MemoryDependenceWrapperPass>();
364 }
365 };
366
367 } // end anonymous namespace
368
369 char MemCpyOptLegacyPass::ID = 0;
370
371 /// The public interface to this file...
createMemCpyOptPass()372 FunctionPass *llvm::createMemCpyOptPass() { return new MemCpyOptLegacyPass(); }
373
374 INITIALIZE_PASS_BEGIN(MemCpyOptLegacyPass, "memcpyopt", "MemCpy Optimization",
375 false, false)
INITIALIZE_PASS_DEPENDENCY(AssumptionCacheTracker)376 INITIALIZE_PASS_DEPENDENCY(AssumptionCacheTracker)
377 INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)
378 INITIALIZE_PASS_DEPENDENCY(MemoryDependenceWrapperPass)
379 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass)
380 INITIALIZE_PASS_DEPENDENCY(AAResultsWrapperPass)
381 INITIALIZE_PASS_DEPENDENCY(GlobalsAAWrapperPass)
382 INITIALIZE_PASS_END(MemCpyOptLegacyPass, "memcpyopt", "MemCpy Optimization",
383 false, false)
384
385 /// When scanning forward over instructions, we look for some other patterns to
386 /// fold away. In particular, this looks for stores to neighboring locations of
387 /// memory. If it sees enough consecutive ones, it attempts to merge them
388 /// together into a memcpy/memset.
389 Instruction *MemCpyOptPass::tryMergingIntoMemset(Instruction *StartInst,
390 Value *StartPtr,
391 Value *ByteVal) {
392 const DataLayout &DL = StartInst->getModule()->getDataLayout();
393
394 // Okay, so we now have a single store that can be splatable. Scan to find
395 // all subsequent stores of the same value to offset from the same pointer.
396 // Join these together into ranges, so we can decide whether contiguous blocks
397 // are stored.
398 MemsetRanges Ranges(DL);
399
400 BasicBlock::iterator BI(StartInst);
401 for (++BI; !BI->isTerminator(); ++BI) {
402 if (!isa<StoreInst>(BI) && !isa<MemSetInst>(BI)) {
403 // If the instruction is readnone, ignore it, otherwise bail out. We
404 // don't even allow readonly here because we don't want something like:
405 // A[1] = 2; strlen(A); A[2] = 2; -> memcpy(A, ...); strlen(A).
406 if (BI->mayWriteToMemory() || BI->mayReadFromMemory())
407 break;
408 continue;
409 }
410
411 if (StoreInst *NextStore = dyn_cast<StoreInst>(BI)) {
412 // If this is a store, see if we can merge it in.
413 if (!NextStore->isSimple()) break;
414
415 // Check to see if this stored value is of the same byte-splattable value.
416 Value *StoredByte = isBytewiseValue(NextStore->getOperand(0));
417 if (isa<UndefValue>(ByteVal) && StoredByte)
418 ByteVal = StoredByte;
419 if (ByteVal != StoredByte)
420 break;
421
422 // Check to see if this store is to a constant offset from the start ptr.
423 int64_t Offset;
424 if (!IsPointerOffset(StartPtr, NextStore->getPointerOperand(), Offset,
425 DL))
426 break;
427
428 Ranges.addStore(Offset, NextStore);
429 } else {
430 MemSetInst *MSI = cast<MemSetInst>(BI);
431
432 if (MSI->isVolatile() || ByteVal != MSI->getValue() ||
433 !isa<ConstantInt>(MSI->getLength()))
434 break;
435
436 // Check to see if this store is to a constant offset from the start ptr.
437 int64_t Offset;
438 if (!IsPointerOffset(StartPtr, MSI->getDest(), Offset, DL))
439 break;
440
441 Ranges.addMemSet(Offset, MSI);
442 }
443 }
444
445 // If we have no ranges, then we just had a single store with nothing that
446 // could be merged in. This is a very common case of course.
447 if (Ranges.empty())
448 return nullptr;
449
450 // If we had at least one store that could be merged in, add the starting
451 // store as well. We try to avoid this unless there is at least something
452 // interesting as a small compile-time optimization.
453 Ranges.addInst(0, StartInst);
454
455 // If we create any memsets, we put it right before the first instruction that
456 // isn't part of the memset block. This ensure that the memset is dominated
457 // by any addressing instruction needed by the start of the block.
458 IRBuilder<> Builder(&*BI);
459
460 // Now that we have full information about ranges, loop over the ranges and
461 // emit memset's for anything big enough to be worthwhile.
462 Instruction *AMemSet = nullptr;
463 for (const MemsetRange &Range : Ranges) {
464 if (Range.TheStores.size() == 1) continue;
465
466 // If it is profitable to lower this range to memset, do so now.
467 if (!Range.isProfitableToUseMemset(DL))
468 continue;
469
470 // Otherwise, we do want to transform this! Create a new memset.
471 // Get the starting pointer of the block.
472 StartPtr = Range.StartPtr;
473
474 // Determine alignment
475 unsigned Alignment = Range.Alignment;
476 if (Alignment == 0) {
477 Type *EltType =
478 cast<PointerType>(StartPtr->getType())->getElementType();
479 Alignment = DL.getABITypeAlignment(EltType);
480 }
481
482 AMemSet =
483 Builder.CreateMemSet(StartPtr, ByteVal, Range.End-Range.Start, Alignment);
484
485 LLVM_DEBUG(dbgs() << "Replace stores:\n"; for (Instruction *SI
486 : Range.TheStores) dbgs()
487 << *SI << '\n';
488 dbgs() << "With: " << *AMemSet << '\n');
489
490 if (!Range.TheStores.empty())
491 AMemSet->setDebugLoc(Range.TheStores[0]->getDebugLoc());
492
493 // Zap all the stores.
494 for (Instruction *SI : Range.TheStores) {
495 MD->removeInstruction(SI);
496 SI->eraseFromParent();
497 }
498 ++NumMemSetInfer;
499 }
500
501 return AMemSet;
502 }
503
findStoreAlignment(const DataLayout & DL,const StoreInst * SI)504 static unsigned findStoreAlignment(const DataLayout &DL, const StoreInst *SI) {
505 unsigned StoreAlign = SI->getAlignment();
506 if (!StoreAlign)
507 StoreAlign = DL.getABITypeAlignment(SI->getOperand(0)->getType());
508 return StoreAlign;
509 }
510
findLoadAlignment(const DataLayout & DL,const LoadInst * LI)511 static unsigned findLoadAlignment(const DataLayout &DL, const LoadInst *LI) {
512 unsigned LoadAlign = LI->getAlignment();
513 if (!LoadAlign)
514 LoadAlign = DL.getABITypeAlignment(LI->getType());
515 return LoadAlign;
516 }
517
findCommonAlignment(const DataLayout & DL,const StoreInst * SI,const LoadInst * LI)518 static unsigned findCommonAlignment(const DataLayout &DL, const StoreInst *SI,
519 const LoadInst *LI) {
520 unsigned StoreAlign = findStoreAlignment(DL, SI);
521 unsigned LoadAlign = findLoadAlignment(DL, LI);
522 return MinAlign(StoreAlign, LoadAlign);
523 }
524
525 // This method try to lift a store instruction before position P.
526 // It will lift the store and its argument + that anything that
527 // may alias with these.
528 // The method returns true if it was successful.
moveUp(AliasAnalysis & AA,StoreInst * SI,Instruction * P,const LoadInst * LI)529 static bool moveUp(AliasAnalysis &AA, StoreInst *SI, Instruction *P,
530 const LoadInst *LI) {
531 // If the store alias this position, early bail out.
532 MemoryLocation StoreLoc = MemoryLocation::get(SI);
533 if (isModOrRefSet(AA.getModRefInfo(P, StoreLoc)))
534 return false;
535
536 // Keep track of the arguments of all instruction we plan to lift
537 // so we can make sure to lift them as well if appropriate.
538 DenseSet<Instruction*> Args;
539 if (auto *Ptr = dyn_cast<Instruction>(SI->getPointerOperand()))
540 if (Ptr->getParent() == SI->getParent())
541 Args.insert(Ptr);
542
543 // Instruction to lift before P.
544 SmallVector<Instruction*, 8> ToLift;
545
546 // Memory locations of lifted instructions.
547 SmallVector<MemoryLocation, 8> MemLocs{StoreLoc};
548
549 // Lifted calls.
550 SmallVector<const CallBase *, 8> Calls;
551
552 const MemoryLocation LoadLoc = MemoryLocation::get(LI);
553
554 for (auto I = --SI->getIterator(), E = P->getIterator(); I != E; --I) {
555 auto *C = &*I;
556
557 bool MayAlias = isModOrRefSet(AA.getModRefInfo(C, None));
558
559 bool NeedLift = false;
560 if (Args.erase(C))
561 NeedLift = true;
562 else if (MayAlias) {
563 NeedLift = llvm::any_of(MemLocs, [C, &AA](const MemoryLocation &ML) {
564 return isModOrRefSet(AA.getModRefInfo(C, ML));
565 });
566
567 if (!NeedLift)
568 NeedLift = llvm::any_of(Calls, [C, &AA](const CallBase *Call) {
569 return isModOrRefSet(AA.getModRefInfo(C, Call));
570 });
571 }
572
573 if (!NeedLift)
574 continue;
575
576 if (MayAlias) {
577 // Since LI is implicitly moved downwards past the lifted instructions,
578 // none of them may modify its source.
579 if (isModSet(AA.getModRefInfo(C, LoadLoc)))
580 return false;
581 else if (const auto *Call = dyn_cast<CallBase>(C)) {
582 // If we can't lift this before P, it's game over.
583 if (isModOrRefSet(AA.getModRefInfo(P, Call)))
584 return false;
585
586 Calls.push_back(Call);
587 } else if (isa<LoadInst>(C) || isa<StoreInst>(C) || isa<VAArgInst>(C)) {
588 // If we can't lift this before P, it's game over.
589 auto ML = MemoryLocation::get(C);
590 if (isModOrRefSet(AA.getModRefInfo(P, ML)))
591 return false;
592
593 MemLocs.push_back(ML);
594 } else
595 // We don't know how to lift this instruction.
596 return false;
597 }
598
599 ToLift.push_back(C);
600 for (unsigned k = 0, e = C->getNumOperands(); k != e; ++k)
601 if (auto *A = dyn_cast<Instruction>(C->getOperand(k)))
602 if (A->getParent() == SI->getParent())
603 Args.insert(A);
604 }
605
606 // We made it, we need to lift
607 for (auto *I : llvm::reverse(ToLift)) {
608 LLVM_DEBUG(dbgs() << "Lifting " << *I << " before " << *P << "\n");
609 I->moveBefore(P);
610 }
611
612 return true;
613 }
614
processStore(StoreInst * SI,BasicBlock::iterator & BBI)615 bool MemCpyOptPass::processStore(StoreInst *SI, BasicBlock::iterator &BBI) {
616 if (!SI->isSimple()) return false;
617
618 // Avoid merging nontemporal stores since the resulting
619 // memcpy/memset would not be able to preserve the nontemporal hint.
620 // In theory we could teach how to propagate the !nontemporal metadata to
621 // memset calls. However, that change would force the backend to
622 // conservatively expand !nontemporal memset calls back to sequences of
623 // store instructions (effectively undoing the merging).
624 if (SI->getMetadata(LLVMContext::MD_nontemporal))
625 return false;
626
627 const DataLayout &DL = SI->getModule()->getDataLayout();
628
629 // Load to store forwarding can be interpreted as memcpy.
630 if (LoadInst *LI = dyn_cast<LoadInst>(SI->getOperand(0))) {
631 if (LI->isSimple() && LI->hasOneUse() &&
632 LI->getParent() == SI->getParent()) {
633
634 auto *T = LI->getType();
635 if (T->isAggregateType()) {
636 AliasAnalysis &AA = LookupAliasAnalysis();
637 MemoryLocation LoadLoc = MemoryLocation::get(LI);
638
639 // We use alias analysis to check if an instruction may store to
640 // the memory we load from in between the load and the store. If
641 // such an instruction is found, we try to promote there instead
642 // of at the store position.
643 Instruction *P = SI;
644 for (auto &I : make_range(++LI->getIterator(), SI->getIterator())) {
645 if (isModSet(AA.getModRefInfo(&I, LoadLoc))) {
646 P = &I;
647 break;
648 }
649 }
650
651 // We found an instruction that may write to the loaded memory.
652 // We can try to promote at this position instead of the store
653 // position if nothing alias the store memory after this and the store
654 // destination is not in the range.
655 if (P && P != SI) {
656 if (!moveUp(AA, SI, P, LI))
657 P = nullptr;
658 }
659
660 // If a valid insertion position is found, then we can promote
661 // the load/store pair to a memcpy.
662 if (P) {
663 // If we load from memory that may alias the memory we store to,
664 // memmove must be used to preserve semantic. If not, memcpy can
665 // be used.
666 bool UseMemMove = false;
667 if (!AA.isNoAlias(MemoryLocation::get(SI), LoadLoc))
668 UseMemMove = true;
669
670 uint64_t Size = DL.getTypeStoreSize(T);
671
672 IRBuilder<> Builder(P);
673 Instruction *M;
674 if (UseMemMove)
675 M = Builder.CreateMemMove(
676 SI->getPointerOperand(), findStoreAlignment(DL, SI),
677 LI->getPointerOperand(), findLoadAlignment(DL, LI), Size);
678 else
679 M = Builder.CreateMemCpy(
680 SI->getPointerOperand(), findStoreAlignment(DL, SI),
681 LI->getPointerOperand(), findLoadAlignment(DL, LI), Size);
682
683 LLVM_DEBUG(dbgs() << "Promoting " << *LI << " to " << *SI << " => "
684 << *M << "\n");
685
686 MD->removeInstruction(SI);
687 SI->eraseFromParent();
688 MD->removeInstruction(LI);
689 LI->eraseFromParent();
690 ++NumMemCpyInstr;
691
692 // Make sure we do not invalidate the iterator.
693 BBI = M->getIterator();
694 return true;
695 }
696 }
697
698 // Detect cases where we're performing call slot forwarding, but
699 // happen to be using a load-store pair to implement it, rather than
700 // a memcpy.
701 MemDepResult ldep = MD->getDependency(LI);
702 CallInst *C = nullptr;
703 if (ldep.isClobber() && !isa<MemCpyInst>(ldep.getInst()))
704 C = dyn_cast<CallInst>(ldep.getInst());
705
706 if (C) {
707 // Check that nothing touches the dest of the "copy" between
708 // the call and the store.
709 Value *CpyDest = SI->getPointerOperand()->stripPointerCasts();
710 bool CpyDestIsLocal = isa<AllocaInst>(CpyDest);
711 AliasAnalysis &AA = LookupAliasAnalysis();
712 MemoryLocation StoreLoc = MemoryLocation::get(SI);
713 for (BasicBlock::iterator I = --SI->getIterator(), E = C->getIterator();
714 I != E; --I) {
715 if (isModOrRefSet(AA.getModRefInfo(&*I, StoreLoc))) {
716 C = nullptr;
717 break;
718 }
719 // The store to dest may never happen if an exception can be thrown
720 // between the load and the store.
721 if (I->mayThrow() && !CpyDestIsLocal) {
722 C = nullptr;
723 break;
724 }
725 }
726 }
727
728 if (C) {
729 bool changed = performCallSlotOptzn(
730 LI, SI->getPointerOperand()->stripPointerCasts(),
731 LI->getPointerOperand()->stripPointerCasts(),
732 DL.getTypeStoreSize(SI->getOperand(0)->getType()),
733 findCommonAlignment(DL, SI, LI), C);
734 if (changed) {
735 MD->removeInstruction(SI);
736 SI->eraseFromParent();
737 MD->removeInstruction(LI);
738 LI->eraseFromParent();
739 ++NumMemCpyInstr;
740 return true;
741 }
742 }
743 }
744 }
745
746 // There are two cases that are interesting for this code to handle: memcpy
747 // and memset. Right now we only handle memset.
748
749 // Ensure that the value being stored is something that can be memset'able a
750 // byte at a time like "0" or "-1" or any width, as well as things like
751 // 0xA0A0A0A0 and 0.0.
752 auto *V = SI->getOperand(0);
753 if (Value *ByteVal = isBytewiseValue(V)) {
754 if (Instruction *I = tryMergingIntoMemset(SI, SI->getPointerOperand(),
755 ByteVal)) {
756 BBI = I->getIterator(); // Don't invalidate iterator.
757 return true;
758 }
759
760 // If we have an aggregate, we try to promote it to memset regardless
761 // of opportunity for merging as it can expose optimization opportunities
762 // in subsequent passes.
763 auto *T = V->getType();
764 if (T->isAggregateType()) {
765 uint64_t Size = DL.getTypeStoreSize(T);
766 unsigned Align = SI->getAlignment();
767 if (!Align)
768 Align = DL.getABITypeAlignment(T);
769 IRBuilder<> Builder(SI);
770 auto *M =
771 Builder.CreateMemSet(SI->getPointerOperand(), ByteVal, Size, Align);
772
773 LLVM_DEBUG(dbgs() << "Promoting " << *SI << " to " << *M << "\n");
774
775 MD->removeInstruction(SI);
776 SI->eraseFromParent();
777 NumMemSetInfer++;
778
779 // Make sure we do not invalidate the iterator.
780 BBI = M->getIterator();
781 return true;
782 }
783 }
784
785 return false;
786 }
787
processMemSet(MemSetInst * MSI,BasicBlock::iterator & BBI)788 bool MemCpyOptPass::processMemSet(MemSetInst *MSI, BasicBlock::iterator &BBI) {
789 // See if there is another memset or store neighboring this memset which
790 // allows us to widen out the memset to do a single larger store.
791 if (isa<ConstantInt>(MSI->getLength()) && !MSI->isVolatile())
792 if (Instruction *I = tryMergingIntoMemset(MSI, MSI->getDest(),
793 MSI->getValue())) {
794 BBI = I->getIterator(); // Don't invalidate iterator.
795 return true;
796 }
797 return false;
798 }
799
800 /// Takes a memcpy and a call that it depends on,
801 /// and checks for the possibility of a call slot optimization by having
802 /// the call write its result directly into the destination of the memcpy.
performCallSlotOptzn(Instruction * cpy,Value * cpyDest,Value * cpySrc,uint64_t cpyLen,unsigned cpyAlign,CallInst * C)803 bool MemCpyOptPass::performCallSlotOptzn(Instruction *cpy, Value *cpyDest,
804 Value *cpySrc, uint64_t cpyLen,
805 unsigned cpyAlign, CallInst *C) {
806 // The general transformation to keep in mind is
807 //
808 // call @func(..., src, ...)
809 // memcpy(dest, src, ...)
810 //
811 // ->
812 //
813 // memcpy(dest, src, ...)
814 // call @func(..., dest, ...)
815 //
816 // Since moving the memcpy is technically awkward, we additionally check that
817 // src only holds uninitialized values at the moment of the call, meaning that
818 // the memcpy can be discarded rather than moved.
819
820 // Lifetime marks shouldn't be operated on.
821 if (Function *F = C->getCalledFunction())
822 if (F->isIntrinsic() && F->getIntrinsicID() == Intrinsic::lifetime_start)
823 return false;
824
825 // Deliberately get the source and destination with bitcasts stripped away,
826 // because we'll need to do type comparisons based on the underlying type.
827 CallSite CS(C);
828
829 // Require that src be an alloca. This simplifies the reasoning considerably.
830 AllocaInst *srcAlloca = dyn_cast<AllocaInst>(cpySrc);
831 if (!srcAlloca)
832 return false;
833
834 ConstantInt *srcArraySize = dyn_cast<ConstantInt>(srcAlloca->getArraySize());
835 if (!srcArraySize)
836 return false;
837
838 const DataLayout &DL = cpy->getModule()->getDataLayout();
839 uint64_t srcSize = DL.getTypeAllocSize(srcAlloca->getAllocatedType()) *
840 srcArraySize->getZExtValue();
841
842 if (cpyLen < srcSize)
843 return false;
844
845 // Check that accessing the first srcSize bytes of dest will not cause a
846 // trap. Otherwise the transform is invalid since it might cause a trap
847 // to occur earlier than it otherwise would.
848 if (AllocaInst *A = dyn_cast<AllocaInst>(cpyDest)) {
849 // The destination is an alloca. Check it is larger than srcSize.
850 ConstantInt *destArraySize = dyn_cast<ConstantInt>(A->getArraySize());
851 if (!destArraySize)
852 return false;
853
854 uint64_t destSize = DL.getTypeAllocSize(A->getAllocatedType()) *
855 destArraySize->getZExtValue();
856
857 if (destSize < srcSize)
858 return false;
859 } else if (Argument *A = dyn_cast<Argument>(cpyDest)) {
860 // The store to dest may never happen if the call can throw.
861 if (C->mayThrow())
862 return false;
863
864 if (A->getDereferenceableBytes() < srcSize) {
865 // If the destination is an sret parameter then only accesses that are
866 // outside of the returned struct type can trap.
867 if (!A->hasStructRetAttr())
868 return false;
869
870 Type *StructTy = cast<PointerType>(A->getType())->getElementType();
871 if (!StructTy->isSized()) {
872 // The call may never return and hence the copy-instruction may never
873 // be executed, and therefore it's not safe to say "the destination
874 // has at least <cpyLen> bytes, as implied by the copy-instruction",
875 return false;
876 }
877
878 uint64_t destSize = DL.getTypeAllocSize(StructTy);
879 if (destSize < srcSize)
880 return false;
881 }
882 } else {
883 return false;
884 }
885
886 // Check that dest points to memory that is at least as aligned as src.
887 unsigned srcAlign = srcAlloca->getAlignment();
888 if (!srcAlign)
889 srcAlign = DL.getABITypeAlignment(srcAlloca->getAllocatedType());
890 bool isDestSufficientlyAligned = srcAlign <= cpyAlign;
891 // If dest is not aligned enough and we can't increase its alignment then
892 // bail out.
893 if (!isDestSufficientlyAligned && !isa<AllocaInst>(cpyDest))
894 return false;
895
896 // Check that src is not accessed except via the call and the memcpy. This
897 // guarantees that it holds only undefined values when passed in (so the final
898 // memcpy can be dropped), that it is not read or written between the call and
899 // the memcpy, and that writing beyond the end of it is undefined.
900 SmallVector<User*, 8> srcUseList(srcAlloca->user_begin(),
901 srcAlloca->user_end());
902 while (!srcUseList.empty()) {
903 User *U = srcUseList.pop_back_val();
904
905 if (isa<BitCastInst>(U) || isa<AddrSpaceCastInst>(U)) {
906 for (User *UU : U->users())
907 srcUseList.push_back(UU);
908 continue;
909 }
910 if (GetElementPtrInst *G = dyn_cast<GetElementPtrInst>(U)) {
911 if (!G->hasAllZeroIndices())
912 return false;
913
914 for (User *UU : U->users())
915 srcUseList.push_back(UU);
916 continue;
917 }
918 if (const IntrinsicInst *IT = dyn_cast<IntrinsicInst>(U))
919 if (IT->isLifetimeStartOrEnd())
920 continue;
921
922 if (U != C && U != cpy)
923 return false;
924 }
925
926 // Check that src isn't captured by the called function since the
927 // transformation can cause aliasing issues in that case.
928 for (unsigned i = 0, e = CS.arg_size(); i != e; ++i)
929 if (CS.getArgument(i) == cpySrc && !CS.doesNotCapture(i))
930 return false;
931
932 // Since we're changing the parameter to the callsite, we need to make sure
933 // that what would be the new parameter dominates the callsite.
934 DominatorTree &DT = LookupDomTree();
935 if (Instruction *cpyDestInst = dyn_cast<Instruction>(cpyDest))
936 if (!DT.dominates(cpyDestInst, C))
937 return false;
938
939 // In addition to knowing that the call does not access src in some
940 // unexpected manner, for example via a global, which we deduce from
941 // the use analysis, we also need to know that it does not sneakily
942 // access dest. We rely on AA to figure this out for us.
943 AliasAnalysis &AA = LookupAliasAnalysis();
944 ModRefInfo MR = AA.getModRefInfo(C, cpyDest, LocationSize::precise(srcSize));
945 // If necessary, perform additional analysis.
946 if (isModOrRefSet(MR))
947 MR = AA.callCapturesBefore(C, cpyDest, LocationSize::precise(srcSize), &DT);
948 if (isModOrRefSet(MR))
949 return false;
950
951 // We can't create address space casts here because we don't know if they're
952 // safe for the target.
953 if (cpySrc->getType()->getPointerAddressSpace() !=
954 cpyDest->getType()->getPointerAddressSpace())
955 return false;
956 for (unsigned i = 0; i < CS.arg_size(); ++i)
957 if (CS.getArgument(i)->stripPointerCasts() == cpySrc &&
958 cpySrc->getType()->getPointerAddressSpace() !=
959 CS.getArgument(i)->getType()->getPointerAddressSpace())
960 return false;
961
962 // All the checks have passed, so do the transformation.
963 bool changedArgument = false;
964 for (unsigned i = 0; i < CS.arg_size(); ++i)
965 if (CS.getArgument(i)->stripPointerCasts() == cpySrc) {
966 Value *Dest = cpySrc->getType() == cpyDest->getType() ? cpyDest
967 : CastInst::CreatePointerCast(cpyDest, cpySrc->getType(),
968 cpyDest->getName(), C);
969 changedArgument = true;
970 if (CS.getArgument(i)->getType() == Dest->getType())
971 CS.setArgument(i, Dest);
972 else
973 CS.setArgument(i, CastInst::CreatePointerCast(Dest,
974 CS.getArgument(i)->getType(), Dest->getName(), C));
975 }
976
977 if (!changedArgument)
978 return false;
979
980 // If the destination wasn't sufficiently aligned then increase its alignment.
981 if (!isDestSufficientlyAligned) {
982 assert(isa<AllocaInst>(cpyDest) && "Can only increase alloca alignment!");
983 cast<AllocaInst>(cpyDest)->setAlignment(srcAlign);
984 }
985
986 // Drop any cached information about the call, because we may have changed
987 // its dependence information by changing its parameter.
988 MD->removeInstruction(C);
989
990 // Update AA metadata
991 // FIXME: MD_tbaa_struct and MD_mem_parallel_loop_access should also be
992 // handled here, but combineMetadata doesn't support them yet
993 unsigned KnownIDs[] = {LLVMContext::MD_tbaa, LLVMContext::MD_alias_scope,
994 LLVMContext::MD_noalias,
995 LLVMContext::MD_invariant_group,
996 LLVMContext::MD_access_group};
997 combineMetadata(C, cpy, KnownIDs, true);
998
999 // Remove the memcpy.
1000 MD->removeInstruction(cpy);
1001 ++NumMemCpyInstr;
1002
1003 return true;
1004 }
1005
1006 /// We've found that the (upward scanning) memory dependence of memcpy 'M' is
1007 /// the memcpy 'MDep'. Try to simplify M to copy from MDep's input if we can.
processMemCpyMemCpyDependence(MemCpyInst * M,MemCpyInst * MDep)1008 bool MemCpyOptPass::processMemCpyMemCpyDependence(MemCpyInst *M,
1009 MemCpyInst *MDep) {
1010 // We can only transforms memcpy's where the dest of one is the source of the
1011 // other.
1012 if (M->getSource() != MDep->getDest() || MDep->isVolatile())
1013 return false;
1014
1015 // If dep instruction is reading from our current input, then it is a noop
1016 // transfer and substituting the input won't change this instruction. Just
1017 // ignore the input and let someone else zap MDep. This handles cases like:
1018 // memcpy(a <- a)
1019 // memcpy(b <- a)
1020 if (M->getSource() == MDep->getSource())
1021 return false;
1022
1023 // Second, the length of the memcpy's must be the same, or the preceding one
1024 // must be larger than the following one.
1025 ConstantInt *MDepLen = dyn_cast<ConstantInt>(MDep->getLength());
1026 ConstantInt *MLen = dyn_cast<ConstantInt>(M->getLength());
1027 if (!MDepLen || !MLen || MDepLen->getZExtValue() < MLen->getZExtValue())
1028 return false;
1029
1030 AliasAnalysis &AA = LookupAliasAnalysis();
1031
1032 // Verify that the copied-from memory doesn't change in between the two
1033 // transfers. For example, in:
1034 // memcpy(a <- b)
1035 // *b = 42;
1036 // memcpy(c <- a)
1037 // It would be invalid to transform the second memcpy into memcpy(c <- b).
1038 //
1039 // TODO: If the code between M and MDep is transparent to the destination "c",
1040 // then we could still perform the xform by moving M up to the first memcpy.
1041 //
1042 // NOTE: This is conservative, it will stop on any read from the source loc,
1043 // not just the defining memcpy.
1044 MemDepResult SourceDep =
1045 MD->getPointerDependencyFrom(MemoryLocation::getForSource(MDep), false,
1046 M->getIterator(), M->getParent());
1047 if (!SourceDep.isClobber() || SourceDep.getInst() != MDep)
1048 return false;
1049
1050 // If the dest of the second might alias the source of the first, then the
1051 // source and dest might overlap. We still want to eliminate the intermediate
1052 // value, but we have to generate a memmove instead of memcpy.
1053 bool UseMemMove = false;
1054 if (!AA.isNoAlias(MemoryLocation::getForDest(M),
1055 MemoryLocation::getForSource(MDep)))
1056 UseMemMove = true;
1057
1058 // If all checks passed, then we can transform M.
1059 LLVM_DEBUG(dbgs() << "MemCpyOptPass: Forwarding memcpy->memcpy src:\n"
1060 << *MDep << '\n' << *M << '\n');
1061
1062 // TODO: Is this worth it if we're creating a less aligned memcpy? For
1063 // example we could be moving from movaps -> movq on x86.
1064 IRBuilder<> Builder(M);
1065 if (UseMemMove)
1066 Builder.CreateMemMove(M->getRawDest(), M->getDestAlignment(),
1067 MDep->getRawSource(), MDep->getSourceAlignment(),
1068 M->getLength(), M->isVolatile());
1069 else
1070 Builder.CreateMemCpy(M->getRawDest(), M->getDestAlignment(),
1071 MDep->getRawSource(), MDep->getSourceAlignment(),
1072 M->getLength(), M->isVolatile());
1073
1074 // Remove the instruction we're replacing.
1075 MD->removeInstruction(M);
1076 M->eraseFromParent();
1077 ++NumMemCpyInstr;
1078 return true;
1079 }
1080
1081 /// We've found that the (upward scanning) memory dependence of \p MemCpy is
1082 /// \p MemSet. Try to simplify \p MemSet to only set the trailing bytes that
1083 /// weren't copied over by \p MemCpy.
1084 ///
1085 /// In other words, transform:
1086 /// \code
1087 /// memset(dst, c, dst_size);
1088 /// memcpy(dst, src, src_size);
1089 /// \endcode
1090 /// into:
1091 /// \code
1092 /// memcpy(dst, src, src_size);
1093 /// memset(dst + src_size, c, dst_size <= src_size ? 0 : dst_size - src_size);
1094 /// \endcode
processMemSetMemCpyDependence(MemCpyInst * MemCpy,MemSetInst * MemSet)1095 bool MemCpyOptPass::processMemSetMemCpyDependence(MemCpyInst *MemCpy,
1096 MemSetInst *MemSet) {
1097 // We can only transform memset/memcpy with the same destination.
1098 if (MemSet->getDest() != MemCpy->getDest())
1099 return false;
1100
1101 // Check that there are no other dependencies on the memset destination.
1102 MemDepResult DstDepInfo =
1103 MD->getPointerDependencyFrom(MemoryLocation::getForDest(MemSet), false,
1104 MemCpy->getIterator(), MemCpy->getParent());
1105 if (DstDepInfo.getInst() != MemSet)
1106 return false;
1107
1108 // Use the same i8* dest as the memcpy, killing the memset dest if different.
1109 Value *Dest = MemCpy->getRawDest();
1110 Value *DestSize = MemSet->getLength();
1111 Value *SrcSize = MemCpy->getLength();
1112
1113 // By default, create an unaligned memset.
1114 unsigned Align = 1;
1115 // If Dest is aligned, and SrcSize is constant, use the minimum alignment
1116 // of the sum.
1117 const unsigned DestAlign =
1118 std::max(MemSet->getDestAlignment(), MemCpy->getDestAlignment());
1119 if (DestAlign > 1)
1120 if (ConstantInt *SrcSizeC = dyn_cast<ConstantInt>(SrcSize))
1121 Align = MinAlign(SrcSizeC->getZExtValue(), DestAlign);
1122
1123 IRBuilder<> Builder(MemCpy);
1124
1125 // If the sizes have different types, zext the smaller one.
1126 if (DestSize->getType() != SrcSize->getType()) {
1127 if (DestSize->getType()->getIntegerBitWidth() >
1128 SrcSize->getType()->getIntegerBitWidth())
1129 SrcSize = Builder.CreateZExt(SrcSize, DestSize->getType());
1130 else
1131 DestSize = Builder.CreateZExt(DestSize, SrcSize->getType());
1132 }
1133
1134 Value *Ule = Builder.CreateICmpULE(DestSize, SrcSize);
1135 Value *SizeDiff = Builder.CreateSub(DestSize, SrcSize);
1136 Value *MemsetLen = Builder.CreateSelect(
1137 Ule, ConstantInt::getNullValue(DestSize->getType()), SizeDiff);
1138 Builder.CreateMemSet(Builder.CreateGEP(Dest, SrcSize), MemSet->getOperand(1),
1139 MemsetLen, Align);
1140
1141 MD->removeInstruction(MemSet);
1142 MemSet->eraseFromParent();
1143 return true;
1144 }
1145
1146 /// Determine whether the instruction has undefined content for the given Size,
1147 /// either because it was freshly alloca'd or started its lifetime.
hasUndefContents(Instruction * I,ConstantInt * Size)1148 static bool hasUndefContents(Instruction *I, ConstantInt *Size) {
1149 if (isa<AllocaInst>(I))
1150 return true;
1151
1152 if (IntrinsicInst *II = dyn_cast<IntrinsicInst>(I))
1153 if (II->getIntrinsicID() == Intrinsic::lifetime_start)
1154 if (ConstantInt *LTSize = dyn_cast<ConstantInt>(II->getArgOperand(0)))
1155 if (LTSize->getZExtValue() >= Size->getZExtValue())
1156 return true;
1157
1158 return false;
1159 }
1160
1161 /// Transform memcpy to memset when its source was just memset.
1162 /// In other words, turn:
1163 /// \code
1164 /// memset(dst1, c, dst1_size);
1165 /// memcpy(dst2, dst1, dst2_size);
1166 /// \endcode
1167 /// into:
1168 /// \code
1169 /// memset(dst1, c, dst1_size);
1170 /// memset(dst2, c, dst2_size);
1171 /// \endcode
1172 /// When dst2_size <= dst1_size.
1173 ///
1174 /// The \p MemCpy must have a Constant length.
performMemCpyToMemSetOptzn(MemCpyInst * MemCpy,MemSetInst * MemSet)1175 bool MemCpyOptPass::performMemCpyToMemSetOptzn(MemCpyInst *MemCpy,
1176 MemSetInst *MemSet) {
1177 AliasAnalysis &AA = LookupAliasAnalysis();
1178
1179 // Make sure that memcpy(..., memset(...), ...), that is we are memsetting and
1180 // memcpying from the same address. Otherwise it is hard to reason about.
1181 if (!AA.isMustAlias(MemSet->getRawDest(), MemCpy->getRawSource()))
1182 return false;
1183
1184 // A known memset size is required.
1185 ConstantInt *MemSetSize = dyn_cast<ConstantInt>(MemSet->getLength());
1186 if (!MemSetSize)
1187 return false;
1188
1189 // Make sure the memcpy doesn't read any more than what the memset wrote.
1190 // Don't worry about sizes larger than i64.
1191 ConstantInt *CopySize = cast<ConstantInt>(MemCpy->getLength());
1192 if (CopySize->getZExtValue() > MemSetSize->getZExtValue()) {
1193 // If the memcpy is larger than the memset, but the memory was undef prior
1194 // to the memset, we can just ignore the tail. Technically we're only
1195 // interested in the bytes from MemSetSize..CopySize here, but as we can't
1196 // easily represent this location, we use the full 0..CopySize range.
1197 MemoryLocation MemCpyLoc = MemoryLocation::getForSource(MemCpy);
1198 MemDepResult DepInfo = MD->getPointerDependencyFrom(
1199 MemCpyLoc, true, MemSet->getIterator(), MemSet->getParent());
1200 if (DepInfo.isDef() && hasUndefContents(DepInfo.getInst(), CopySize))
1201 CopySize = MemSetSize;
1202 else
1203 return false;
1204 }
1205
1206 IRBuilder<> Builder(MemCpy);
1207 Builder.CreateMemSet(MemCpy->getRawDest(), MemSet->getOperand(1),
1208 CopySize, MemCpy->getDestAlignment());
1209 return true;
1210 }
1211
1212 /// Perform simplification of memcpy's. If we have memcpy A
1213 /// which copies X to Y, and memcpy B which copies Y to Z, then we can rewrite
1214 /// B to be a memcpy from X to Z (or potentially a memmove, depending on
1215 /// circumstances). This allows later passes to remove the first memcpy
1216 /// altogether.
processMemCpy(MemCpyInst * M)1217 bool MemCpyOptPass::processMemCpy(MemCpyInst *M) {
1218 // We can only optimize non-volatile memcpy's.
1219 if (M->isVolatile()) return false;
1220
1221 // If the source and destination of the memcpy are the same, then zap it.
1222 if (M->getSource() == M->getDest()) {
1223 MD->removeInstruction(M);
1224 M->eraseFromParent();
1225 return false;
1226 }
1227
1228 // If copying from a constant, try to turn the memcpy into a memset.
1229 if (GlobalVariable *GV = dyn_cast<GlobalVariable>(M->getSource()))
1230 if (GV->isConstant() && GV->hasDefinitiveInitializer())
1231 if (Value *ByteVal = isBytewiseValue(GV->getInitializer())) {
1232 IRBuilder<> Builder(M);
1233 Builder.CreateMemSet(M->getRawDest(), ByteVal, M->getLength(),
1234 M->getDestAlignment(), false);
1235 MD->removeInstruction(M);
1236 M->eraseFromParent();
1237 ++NumCpyToSet;
1238 return true;
1239 }
1240
1241 MemDepResult DepInfo = MD->getDependency(M);
1242
1243 // Try to turn a partially redundant memset + memcpy into
1244 // memcpy + smaller memset. We don't need the memcpy size for this.
1245 if (DepInfo.isClobber())
1246 if (MemSetInst *MDep = dyn_cast<MemSetInst>(DepInfo.getInst()))
1247 if (processMemSetMemCpyDependence(M, MDep))
1248 return true;
1249
1250 // The optimizations after this point require the memcpy size.
1251 ConstantInt *CopySize = dyn_cast<ConstantInt>(M->getLength());
1252 if (!CopySize) return false;
1253
1254 // There are four possible optimizations we can do for memcpy:
1255 // a) memcpy-memcpy xform which exposes redundance for DSE.
1256 // b) call-memcpy xform for return slot optimization.
1257 // c) memcpy from freshly alloca'd space or space that has just started its
1258 // lifetime copies undefined data, and we can therefore eliminate the
1259 // memcpy in favor of the data that was already at the destination.
1260 // d) memcpy from a just-memset'd source can be turned into memset.
1261 if (DepInfo.isClobber()) {
1262 if (CallInst *C = dyn_cast<CallInst>(DepInfo.getInst())) {
1263 // FIXME: Can we pass in either of dest/src alignment here instead
1264 // of conservatively taking the minimum?
1265 unsigned Align = MinAlign(M->getDestAlignment(), M->getSourceAlignment());
1266 if (performCallSlotOptzn(M, M->getDest(), M->getSource(),
1267 CopySize->getZExtValue(), Align,
1268 C)) {
1269 MD->removeInstruction(M);
1270 M->eraseFromParent();
1271 return true;
1272 }
1273 }
1274 }
1275
1276 MemoryLocation SrcLoc = MemoryLocation::getForSource(M);
1277 MemDepResult SrcDepInfo = MD->getPointerDependencyFrom(
1278 SrcLoc, true, M->getIterator(), M->getParent());
1279
1280 if (SrcDepInfo.isClobber()) {
1281 if (MemCpyInst *MDep = dyn_cast<MemCpyInst>(SrcDepInfo.getInst()))
1282 return processMemCpyMemCpyDependence(M, MDep);
1283 } else if (SrcDepInfo.isDef()) {
1284 if (hasUndefContents(SrcDepInfo.getInst(), CopySize)) {
1285 MD->removeInstruction(M);
1286 M->eraseFromParent();
1287 ++NumMemCpyInstr;
1288 return true;
1289 }
1290 }
1291
1292 if (SrcDepInfo.isClobber())
1293 if (MemSetInst *MDep = dyn_cast<MemSetInst>(SrcDepInfo.getInst()))
1294 if (performMemCpyToMemSetOptzn(M, MDep)) {
1295 MD->removeInstruction(M);
1296 M->eraseFromParent();
1297 ++NumCpyToSet;
1298 return true;
1299 }
1300
1301 return false;
1302 }
1303
1304 /// Transforms memmove calls to memcpy calls when the src/dst are guaranteed
1305 /// not to alias.
processMemMove(MemMoveInst * M)1306 bool MemCpyOptPass::processMemMove(MemMoveInst *M) {
1307 AliasAnalysis &AA = LookupAliasAnalysis();
1308
1309 if (!TLI->has(LibFunc_memmove))
1310 return false;
1311
1312 // See if the pointers alias.
1313 if (!AA.isNoAlias(MemoryLocation::getForDest(M),
1314 MemoryLocation::getForSource(M)))
1315 return false;
1316
1317 LLVM_DEBUG(dbgs() << "MemCpyOptPass: Optimizing memmove -> memcpy: " << *M
1318 << "\n");
1319
1320 // If not, then we know we can transform this.
1321 Type *ArgTys[3] = { M->getRawDest()->getType(),
1322 M->getRawSource()->getType(),
1323 M->getLength()->getType() };
1324 M->setCalledFunction(Intrinsic::getDeclaration(M->getModule(),
1325 Intrinsic::memcpy, ArgTys));
1326
1327 // MemDep may have over conservative information about this instruction, just
1328 // conservatively flush it from the cache.
1329 MD->removeInstruction(M);
1330
1331 ++NumMoveToCpy;
1332 return true;
1333 }
1334
1335 /// This is called on every byval argument in call sites.
processByValArgument(CallSite CS,unsigned ArgNo)1336 bool MemCpyOptPass::processByValArgument(CallSite CS, unsigned ArgNo) {
1337 const DataLayout &DL = CS.getCaller()->getParent()->getDataLayout();
1338 // Find out what feeds this byval argument.
1339 Value *ByValArg = CS.getArgument(ArgNo);
1340 Type *ByValTy = cast<PointerType>(ByValArg->getType())->getElementType();
1341 uint64_t ByValSize = DL.getTypeAllocSize(ByValTy);
1342 MemDepResult DepInfo = MD->getPointerDependencyFrom(
1343 MemoryLocation(ByValArg, LocationSize::precise(ByValSize)), true,
1344 CS.getInstruction()->getIterator(), CS.getInstruction()->getParent());
1345 if (!DepInfo.isClobber())
1346 return false;
1347
1348 // If the byval argument isn't fed by a memcpy, ignore it. If it is fed by
1349 // a memcpy, see if we can byval from the source of the memcpy instead of the
1350 // result.
1351 MemCpyInst *MDep = dyn_cast<MemCpyInst>(DepInfo.getInst());
1352 if (!MDep || MDep->isVolatile() ||
1353 ByValArg->stripPointerCasts() != MDep->getDest())
1354 return false;
1355
1356 // The length of the memcpy must be larger or equal to the size of the byval.
1357 ConstantInt *C1 = dyn_cast<ConstantInt>(MDep->getLength());
1358 if (!C1 || C1->getValue().getZExtValue() < ByValSize)
1359 return false;
1360
1361 // Get the alignment of the byval. If the call doesn't specify the alignment,
1362 // then it is some target specific value that we can't know.
1363 unsigned ByValAlign = CS.getParamAlignment(ArgNo);
1364 if (ByValAlign == 0) return false;
1365
1366 // If it is greater than the memcpy, then we check to see if we can force the
1367 // source of the memcpy to the alignment we need. If we fail, we bail out.
1368 AssumptionCache &AC = LookupAssumptionCache();
1369 DominatorTree &DT = LookupDomTree();
1370 if (MDep->getSourceAlignment() < ByValAlign &&
1371 getOrEnforceKnownAlignment(MDep->getSource(), ByValAlign, DL,
1372 CS.getInstruction(), &AC, &DT) < ByValAlign)
1373 return false;
1374
1375 // The address space of the memcpy source must match the byval argument
1376 if (MDep->getSource()->getType()->getPointerAddressSpace() !=
1377 ByValArg->getType()->getPointerAddressSpace())
1378 return false;
1379
1380 // Verify that the copied-from memory doesn't change in between the memcpy and
1381 // the byval call.
1382 // memcpy(a <- b)
1383 // *b = 42;
1384 // foo(*a)
1385 // It would be invalid to transform the second memcpy into foo(*b).
1386 //
1387 // NOTE: This is conservative, it will stop on any read from the source loc,
1388 // not just the defining memcpy.
1389 MemDepResult SourceDep = MD->getPointerDependencyFrom(
1390 MemoryLocation::getForSource(MDep), false,
1391 CS.getInstruction()->getIterator(), MDep->getParent());
1392 if (!SourceDep.isClobber() || SourceDep.getInst() != MDep)
1393 return false;
1394
1395 Value *TmpCast = MDep->getSource();
1396 if (MDep->getSource()->getType() != ByValArg->getType())
1397 TmpCast = new BitCastInst(MDep->getSource(), ByValArg->getType(),
1398 "tmpcast", CS.getInstruction());
1399
1400 LLVM_DEBUG(dbgs() << "MemCpyOptPass: Forwarding memcpy to byval:\n"
1401 << " " << *MDep << "\n"
1402 << " " << *CS.getInstruction() << "\n");
1403
1404 // Otherwise we're good! Update the byval argument.
1405 CS.setArgument(ArgNo, TmpCast);
1406 ++NumMemCpyInstr;
1407 return true;
1408 }
1409
1410 /// Executes one iteration of MemCpyOptPass.
iterateOnFunction(Function & F)1411 bool MemCpyOptPass::iterateOnFunction(Function &F) {
1412 bool MadeChange = false;
1413
1414 DominatorTree &DT = LookupDomTree();
1415
1416 // Walk all instruction in the function.
1417 for (BasicBlock &BB : F) {
1418 // Skip unreachable blocks. For example processStore assumes that an
1419 // instruction in a BB can't be dominated by a later instruction in the
1420 // same BB (which is a scenario that can happen for an unreachable BB that
1421 // has itself as a predecessor).
1422 if (!DT.isReachableFromEntry(&BB))
1423 continue;
1424
1425 for (BasicBlock::iterator BI = BB.begin(), BE = BB.end(); BI != BE;) {
1426 // Avoid invalidating the iterator.
1427 Instruction *I = &*BI++;
1428
1429 bool RepeatInstruction = false;
1430
1431 if (StoreInst *SI = dyn_cast<StoreInst>(I))
1432 MadeChange |= processStore(SI, BI);
1433 else if (MemSetInst *M = dyn_cast<MemSetInst>(I))
1434 RepeatInstruction = processMemSet(M, BI);
1435 else if (MemCpyInst *M = dyn_cast<MemCpyInst>(I))
1436 RepeatInstruction = processMemCpy(M);
1437 else if (MemMoveInst *M = dyn_cast<MemMoveInst>(I))
1438 RepeatInstruction = processMemMove(M);
1439 else if (auto CS = CallSite(I)) {
1440 for (unsigned i = 0, e = CS.arg_size(); i != e; ++i)
1441 if (CS.isByValArgument(i))
1442 MadeChange |= processByValArgument(CS, i);
1443 }
1444
1445 // Reprocess the instruction if desired.
1446 if (RepeatInstruction) {
1447 if (BI != BB.begin())
1448 --BI;
1449 MadeChange = true;
1450 }
1451 }
1452 }
1453
1454 return MadeChange;
1455 }
1456
run(Function & F,FunctionAnalysisManager & AM)1457 PreservedAnalyses MemCpyOptPass::run(Function &F, FunctionAnalysisManager &AM) {
1458 auto &MD = AM.getResult<MemoryDependenceAnalysis>(F);
1459 auto &TLI = AM.getResult<TargetLibraryAnalysis>(F);
1460
1461 auto LookupAliasAnalysis = [&]() -> AliasAnalysis & {
1462 return AM.getResult<AAManager>(F);
1463 };
1464 auto LookupAssumptionCache = [&]() -> AssumptionCache & {
1465 return AM.getResult<AssumptionAnalysis>(F);
1466 };
1467 auto LookupDomTree = [&]() -> DominatorTree & {
1468 return AM.getResult<DominatorTreeAnalysis>(F);
1469 };
1470
1471 bool MadeChange = runImpl(F, &MD, &TLI, LookupAliasAnalysis,
1472 LookupAssumptionCache, LookupDomTree);
1473 if (!MadeChange)
1474 return PreservedAnalyses::all();
1475
1476 PreservedAnalyses PA;
1477 PA.preserveSet<CFGAnalyses>();
1478 PA.preserve<GlobalsAA>();
1479 PA.preserve<MemoryDependenceAnalysis>();
1480 return PA;
1481 }
1482
runImpl(Function & F,MemoryDependenceResults * MD_,TargetLibraryInfo * TLI_,std::function<AliasAnalysis & ()> LookupAliasAnalysis_,std::function<AssumptionCache & ()> LookupAssumptionCache_,std::function<DominatorTree & ()> LookupDomTree_)1483 bool MemCpyOptPass::runImpl(
1484 Function &F, MemoryDependenceResults *MD_, TargetLibraryInfo *TLI_,
1485 std::function<AliasAnalysis &()> LookupAliasAnalysis_,
1486 std::function<AssumptionCache &()> LookupAssumptionCache_,
1487 std::function<DominatorTree &()> LookupDomTree_) {
1488 bool MadeChange = false;
1489 MD = MD_;
1490 TLI = TLI_;
1491 LookupAliasAnalysis = std::move(LookupAliasAnalysis_);
1492 LookupAssumptionCache = std::move(LookupAssumptionCache_);
1493 LookupDomTree = std::move(LookupDomTree_);
1494
1495 // If we don't have at least memset and memcpy, there is little point of doing
1496 // anything here. These are required by a freestanding implementation, so if
1497 // even they are disabled, there is no point in trying hard.
1498 if (!TLI->has(LibFunc_memset) || !TLI->has(LibFunc_memcpy))
1499 return false;
1500
1501 while (true) {
1502 if (!iterateOnFunction(F))
1503 break;
1504 MadeChange = true;
1505 }
1506
1507 MD = nullptr;
1508 return MadeChange;
1509 }
1510
1511 /// This is the main transformation entry point for a function.
runOnFunction(Function & F)1512 bool MemCpyOptLegacyPass::runOnFunction(Function &F) {
1513 if (skipFunction(F))
1514 return false;
1515
1516 auto *MD = &getAnalysis<MemoryDependenceWrapperPass>().getMemDep();
1517 auto *TLI = &getAnalysis<TargetLibraryInfoWrapperPass>().getTLI();
1518
1519 auto LookupAliasAnalysis = [this]() -> AliasAnalysis & {
1520 return getAnalysis<AAResultsWrapperPass>().getAAResults();
1521 };
1522 auto LookupAssumptionCache = [this, &F]() -> AssumptionCache & {
1523 return getAnalysis<AssumptionCacheTracker>().getAssumptionCache(F);
1524 };
1525 auto LookupDomTree = [this]() -> DominatorTree & {
1526 return getAnalysis<DominatorTreeWrapperPass>().getDomTree();
1527 };
1528
1529 return Impl.runImpl(F, MD, TLI, LookupAliasAnalysis, LookupAssumptionCache,
1530 LookupDomTree);
1531 }
1532