1 //===- LazyValueInfo.cpp - Value constraint analysis ------------*- C++ -*-===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file defines the interface for lazy computation of value constraint 10 // information. 11 // 12 //===----------------------------------------------------------------------===// 13 14 #include "llvm/Analysis/LazyValueInfo.h" 15 #include "llvm/ADT/DenseSet.h" 16 #include "llvm/ADT/Optional.h" 17 #include "llvm/ADT/STLExtras.h" 18 #include "llvm/Analysis/AssumptionCache.h" 19 #include "llvm/Analysis/ConstantFolding.h" 20 #include "llvm/Analysis/InstructionSimplify.h" 21 #include "llvm/Analysis/TargetLibraryInfo.h" 22 #include "llvm/Analysis/ValueLattice.h" 23 #include "llvm/Analysis/ValueTracking.h" 24 #include "llvm/IR/AssemblyAnnotationWriter.h" 25 #include "llvm/IR/CFG.h" 26 #include "llvm/IR/ConstantRange.h" 27 #include "llvm/IR/Constants.h" 28 #include "llvm/IR/DataLayout.h" 29 #include "llvm/IR/Dominators.h" 30 #include "llvm/IR/Instructions.h" 31 #include "llvm/IR/IntrinsicInst.h" 32 #include "llvm/IR/Intrinsics.h" 33 #include "llvm/IR/LLVMContext.h" 34 #include "llvm/IR/PatternMatch.h" 35 #include "llvm/IR/ValueHandle.h" 36 #include "llvm/InitializePasses.h" 37 #include "llvm/Support/Debug.h" 38 #include "llvm/Support/FormattedStream.h" 39 #include "llvm/Support/KnownBits.h" 40 #include "llvm/Support/raw_ostream.h" 41 #include <map> 42 using namespace llvm; 43 using namespace PatternMatch; 44 45 #define DEBUG_TYPE "lazy-value-info" 46 47 // This is the number of worklist items we will process to try to discover an 48 // answer for a given value. 49 static const unsigned MaxProcessedPerValue = 500; 50 51 char LazyValueInfoWrapperPass::ID = 0; 52 LazyValueInfoWrapperPass::LazyValueInfoWrapperPass() : FunctionPass(ID) { 53 initializeLazyValueInfoWrapperPassPass(*PassRegistry::getPassRegistry()); 54 } 55 INITIALIZE_PASS_BEGIN(LazyValueInfoWrapperPass, "lazy-value-info", 56 "Lazy Value Information Analysis", false, true) 57 INITIALIZE_PASS_DEPENDENCY(AssumptionCacheTracker) 58 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass) 59 INITIALIZE_PASS_END(LazyValueInfoWrapperPass, "lazy-value-info", 60 "Lazy Value Information Analysis", false, true) 61 62 namespace llvm { 63 FunctionPass *createLazyValueInfoPass() { return new LazyValueInfoWrapperPass(); } 64 } 65 66 AnalysisKey LazyValueAnalysis::Key; 67 68 /// Returns true if this lattice value represents at most one possible value. 69 /// This is as precise as any lattice value can get while still representing 70 /// reachable code. 71 static bool hasSingleValue(const ValueLatticeElement &Val) { 72 if (Val.isConstantRange() && 73 Val.getConstantRange().isSingleElement()) 74 // Integer constants are single element ranges 75 return true; 76 if (Val.isConstant()) 77 // Non integer constants 78 return true; 79 return false; 80 } 81 82 /// Combine two sets of facts about the same value into a single set of 83 /// facts. Note that this method is not suitable for merging facts along 84 /// different paths in a CFG; that's what the mergeIn function is for. This 85 /// is for merging facts gathered about the same value at the same location 86 /// through two independent means. 87 /// Notes: 88 /// * This method does not promise to return the most precise possible lattice 89 /// value implied by A and B. It is allowed to return any lattice element 90 /// which is at least as strong as *either* A or B (unless our facts 91 /// conflict, see below). 92 /// * Due to unreachable code, the intersection of two lattice values could be 93 /// contradictory. If this happens, we return some valid lattice value so as 94 /// not confuse the rest of LVI. Ideally, we'd always return Undefined, but 95 /// we do not make this guarantee. TODO: This would be a useful enhancement. 96 static ValueLatticeElement intersect(const ValueLatticeElement &A, 97 const ValueLatticeElement &B) { 98 // Undefined is the strongest state. It means the value is known to be along 99 // an unreachable path. 100 if (A.isUnknown()) 101 return A; 102 if (B.isUnknown()) 103 return B; 104 105 // If we gave up for one, but got a useable fact from the other, use it. 106 if (A.isOverdefined()) 107 return B; 108 if (B.isOverdefined()) 109 return A; 110 111 // Can't get any more precise than constants. 112 if (hasSingleValue(A)) 113 return A; 114 if (hasSingleValue(B)) 115 return B; 116 117 // Could be either constant range or not constant here. 118 if (!A.isConstantRange() || !B.isConstantRange()) { 119 // TODO: Arbitrary choice, could be improved 120 return A; 121 } 122 123 // Intersect two constant ranges 124 ConstantRange Range = 125 A.getConstantRange().intersectWith(B.getConstantRange()); 126 // Note: An empty range is implicitly converted to unknown or undef depending 127 // on MayIncludeUndef internally. 128 return ValueLatticeElement::getRange( 129 std::move(Range), /*MayIncludeUndef=*/A.isConstantRangeIncludingUndef() | 130 B.isConstantRangeIncludingUndef()); 131 } 132 133 //===----------------------------------------------------------------------===// 134 // LazyValueInfoCache Decl 135 //===----------------------------------------------------------------------===// 136 137 namespace { 138 /// A callback value handle updates the cache when values are erased. 139 class LazyValueInfoCache; 140 struct LVIValueHandle final : public CallbackVH { 141 LazyValueInfoCache *Parent; 142 143 LVIValueHandle(Value *V, LazyValueInfoCache *P = nullptr) 144 : CallbackVH(V), Parent(P) { } 145 146 void deleted() override; 147 void allUsesReplacedWith(Value *V) override { 148 deleted(); 149 } 150 }; 151 } // end anonymous namespace 152 153 namespace { 154 using NonNullPointerSet = SmallDenseSet<AssertingVH<Value>, 2>; 155 156 /// This is the cache kept by LazyValueInfo which 157 /// maintains information about queries across the clients' queries. 158 class LazyValueInfoCache { 159 /// This is all of the cached information for one basic block. It contains 160 /// the per-value lattice elements, as well as a separate set for 161 /// overdefined values to reduce memory usage. Additionally pointers 162 /// dereferenced in the block are cached for nullability queries. 163 struct BlockCacheEntry { 164 SmallDenseMap<AssertingVH<Value>, ValueLatticeElement, 4> LatticeElements; 165 SmallDenseSet<AssertingVH<Value>, 4> OverDefined; 166 // None indicates that the nonnull pointers for this basic block 167 // block have not been computed yet. 168 Optional<NonNullPointerSet> NonNullPointers; 169 }; 170 171 /// Cached information per basic block. 172 DenseMap<PoisoningVH<BasicBlock>, std::unique_ptr<BlockCacheEntry>> 173 BlockCache; 174 /// Set of value handles used to erase values from the cache on deletion. 175 DenseSet<LVIValueHandle, DenseMapInfo<Value *>> ValueHandles; 176 177 const BlockCacheEntry *getBlockEntry(BasicBlock *BB) const { 178 auto It = BlockCache.find_as(BB); 179 if (It == BlockCache.end()) 180 return nullptr; 181 return It->second.get(); 182 } 183 184 BlockCacheEntry *getOrCreateBlockEntry(BasicBlock *BB) { 185 auto It = BlockCache.find_as(BB); 186 if (It == BlockCache.end()) 187 It = BlockCache.insert({ BB, std::make_unique<BlockCacheEntry>() }) 188 .first; 189 190 return It->second.get(); 191 } 192 193 void addValueHandle(Value *Val) { 194 auto HandleIt = ValueHandles.find_as(Val); 195 if (HandleIt == ValueHandles.end()) 196 ValueHandles.insert({ Val, this }); 197 } 198 199 public: 200 void insertResult(Value *Val, BasicBlock *BB, 201 const ValueLatticeElement &Result) { 202 BlockCacheEntry *Entry = getOrCreateBlockEntry(BB); 203 204 // Insert over-defined values into their own cache to reduce memory 205 // overhead. 206 if (Result.isOverdefined()) 207 Entry->OverDefined.insert(Val); 208 else 209 Entry->LatticeElements.insert({ Val, Result }); 210 211 addValueHandle(Val); 212 } 213 214 Optional<ValueLatticeElement> getCachedValueInfo(Value *V, 215 BasicBlock *BB) const { 216 const BlockCacheEntry *Entry = getBlockEntry(BB); 217 if (!Entry) 218 return None; 219 220 if (Entry->OverDefined.count(V)) 221 return ValueLatticeElement::getOverdefined(); 222 223 auto LatticeIt = Entry->LatticeElements.find_as(V); 224 if (LatticeIt == Entry->LatticeElements.end()) 225 return None; 226 227 return LatticeIt->second; 228 } 229 230 bool isNonNullAtEndOfBlock( 231 Value *V, BasicBlock *BB, 232 function_ref<NonNullPointerSet(BasicBlock *)> InitFn) { 233 BlockCacheEntry *Entry = getOrCreateBlockEntry(BB); 234 if (!Entry->NonNullPointers) { 235 Entry->NonNullPointers = InitFn(BB); 236 for (Value *V : *Entry->NonNullPointers) 237 addValueHandle(V); 238 } 239 240 return Entry->NonNullPointers->count(V); 241 } 242 243 /// clear - Empty the cache. 244 void clear() { 245 BlockCache.clear(); 246 ValueHandles.clear(); 247 } 248 249 /// Inform the cache that a given value has been deleted. 250 void eraseValue(Value *V); 251 252 /// This is part of the update interface to inform the cache 253 /// that a block has been deleted. 254 void eraseBlock(BasicBlock *BB); 255 256 /// Updates the cache to remove any influence an overdefined value in 257 /// OldSucc might have (unless also overdefined in NewSucc). This just 258 /// flushes elements from the cache and does not add any. 259 void threadEdgeImpl(BasicBlock *OldSucc,BasicBlock *NewSucc); 260 }; 261 } 262 263 void LazyValueInfoCache::eraseValue(Value *V) { 264 for (auto &Pair : BlockCache) { 265 Pair.second->LatticeElements.erase(V); 266 Pair.second->OverDefined.erase(V); 267 if (Pair.second->NonNullPointers) 268 Pair.second->NonNullPointers->erase(V); 269 } 270 271 auto HandleIt = ValueHandles.find_as(V); 272 if (HandleIt != ValueHandles.end()) 273 ValueHandles.erase(HandleIt); 274 } 275 276 void LVIValueHandle::deleted() { 277 // This erasure deallocates *this, so it MUST happen after we're done 278 // using any and all members of *this. 279 Parent->eraseValue(*this); 280 } 281 282 void LazyValueInfoCache::eraseBlock(BasicBlock *BB) { 283 BlockCache.erase(BB); 284 } 285 286 void LazyValueInfoCache::threadEdgeImpl(BasicBlock *OldSucc, 287 BasicBlock *NewSucc) { 288 // When an edge in the graph has been threaded, values that we could not 289 // determine a value for before (i.e. were marked overdefined) may be 290 // possible to solve now. We do NOT try to proactively update these values. 291 // Instead, we clear their entries from the cache, and allow lazy updating to 292 // recompute them when needed. 293 294 // The updating process is fairly simple: we need to drop cached info 295 // for all values that were marked overdefined in OldSucc, and for those same 296 // values in any successor of OldSucc (except NewSucc) in which they were 297 // also marked overdefined. 298 std::vector<BasicBlock*> worklist; 299 worklist.push_back(OldSucc); 300 301 const BlockCacheEntry *Entry = getBlockEntry(OldSucc); 302 if (!Entry || Entry->OverDefined.empty()) 303 return; // Nothing to process here. 304 SmallVector<Value *, 4> ValsToClear(Entry->OverDefined.begin(), 305 Entry->OverDefined.end()); 306 307 // Use a worklist to perform a depth-first search of OldSucc's successors. 308 // NOTE: We do not need a visited list since any blocks we have already 309 // visited will have had their overdefined markers cleared already, and we 310 // thus won't loop to their successors. 311 while (!worklist.empty()) { 312 BasicBlock *ToUpdate = worklist.back(); 313 worklist.pop_back(); 314 315 // Skip blocks only accessible through NewSucc. 316 if (ToUpdate == NewSucc) continue; 317 318 // If a value was marked overdefined in OldSucc, and is here too... 319 auto OI = BlockCache.find_as(ToUpdate); 320 if (OI == BlockCache.end() || OI->second->OverDefined.empty()) 321 continue; 322 auto &ValueSet = OI->second->OverDefined; 323 324 bool changed = false; 325 for (Value *V : ValsToClear) { 326 if (!ValueSet.erase(V)) 327 continue; 328 329 // If we removed anything, then we potentially need to update 330 // blocks successors too. 331 changed = true; 332 } 333 334 if (!changed) continue; 335 336 worklist.insert(worklist.end(), succ_begin(ToUpdate), succ_end(ToUpdate)); 337 } 338 } 339 340 341 namespace { 342 /// An assembly annotator class to print LazyValueCache information in 343 /// comments. 344 class LazyValueInfoImpl; 345 class LazyValueInfoAnnotatedWriter : public AssemblyAnnotationWriter { 346 LazyValueInfoImpl *LVIImpl; 347 // While analyzing which blocks we can solve values for, we need the dominator 348 // information. 349 DominatorTree &DT; 350 351 public: 352 LazyValueInfoAnnotatedWriter(LazyValueInfoImpl *L, DominatorTree &DTree) 353 : LVIImpl(L), DT(DTree) {} 354 355 void emitBasicBlockStartAnnot(const BasicBlock *BB, 356 formatted_raw_ostream &OS) override; 357 358 void emitInstructionAnnot(const Instruction *I, 359 formatted_raw_ostream &OS) override; 360 }; 361 } 362 namespace { 363 // The actual implementation of the lazy analysis and update. Note that the 364 // inheritance from LazyValueInfoCache is intended to be temporary while 365 // splitting the code and then transitioning to a has-a relationship. 366 class LazyValueInfoImpl { 367 368 /// Cached results from previous queries 369 LazyValueInfoCache TheCache; 370 371 /// This stack holds the state of the value solver during a query. 372 /// It basically emulates the callstack of the naive 373 /// recursive value lookup process. 374 SmallVector<std::pair<BasicBlock*, Value*>, 8> BlockValueStack; 375 376 /// Keeps track of which block-value pairs are in BlockValueStack. 377 DenseSet<std::pair<BasicBlock*, Value*> > BlockValueSet; 378 379 /// Push BV onto BlockValueStack unless it's already in there. 380 /// Returns true on success. 381 bool pushBlockValue(const std::pair<BasicBlock *, Value *> &BV) { 382 if (!BlockValueSet.insert(BV).second) 383 return false; // It's already in the stack. 384 385 LLVM_DEBUG(dbgs() << "PUSH: " << *BV.second << " in " 386 << BV.first->getName() << "\n"); 387 BlockValueStack.push_back(BV); 388 return true; 389 } 390 391 AssumptionCache *AC; ///< A pointer to the cache of @llvm.assume calls. 392 const DataLayout &DL; ///< A mandatory DataLayout 393 394 /// Declaration of the llvm.experimental.guard() intrinsic, 395 /// if it exists in the module. 396 Function *GuardDecl; 397 398 Optional<ValueLatticeElement> getBlockValue(Value *Val, BasicBlock *BB); 399 Optional<ValueLatticeElement> getEdgeValue(Value *V, BasicBlock *F, 400 BasicBlock *T, Instruction *CxtI = nullptr); 401 402 // These methods process one work item and may add more. A false value 403 // returned means that the work item was not completely processed and must 404 // be revisited after going through the new items. 405 bool solveBlockValue(Value *Val, BasicBlock *BB); 406 Optional<ValueLatticeElement> solveBlockValueImpl(Value *Val, BasicBlock *BB); 407 Optional<ValueLatticeElement> solveBlockValueNonLocal(Value *Val, 408 BasicBlock *BB); 409 Optional<ValueLatticeElement> solveBlockValuePHINode(PHINode *PN, 410 BasicBlock *BB); 411 Optional<ValueLatticeElement> solveBlockValueSelect(SelectInst *S, 412 BasicBlock *BB); 413 Optional<ConstantRange> getRangeFor(Value *V, Instruction *CxtI, 414 BasicBlock *BB); 415 Optional<ValueLatticeElement> solveBlockValueBinaryOpImpl( 416 Instruction *I, BasicBlock *BB, 417 std::function<ConstantRange(const ConstantRange &, 418 const ConstantRange &)> OpFn); 419 Optional<ValueLatticeElement> solveBlockValueBinaryOp(BinaryOperator *BBI, 420 BasicBlock *BB); 421 Optional<ValueLatticeElement> solveBlockValueCast(CastInst *CI, 422 BasicBlock *BB); 423 Optional<ValueLatticeElement> solveBlockValueOverflowIntrinsic( 424 WithOverflowInst *WO, BasicBlock *BB); 425 Optional<ValueLatticeElement> solveBlockValueIntrinsic(IntrinsicInst *II, 426 BasicBlock *BB); 427 Optional<ValueLatticeElement> solveBlockValueExtractValue( 428 ExtractValueInst *EVI, BasicBlock *BB); 429 bool isNonNullAtEndOfBlock(Value *Val, BasicBlock *BB); 430 void intersectAssumeOrGuardBlockValueConstantRange(Value *Val, 431 ValueLatticeElement &BBLV, 432 Instruction *BBI); 433 434 void solve(); 435 436 public: 437 /// This is the query interface to determine the lattice value for the 438 /// specified Value* at the context instruction (if specified) or at the 439 /// start of the block. 440 ValueLatticeElement getValueInBlock(Value *V, BasicBlock *BB, 441 Instruction *CxtI = nullptr); 442 443 /// This is the query interface to determine the lattice value for the 444 /// specified Value* at the specified instruction using only information 445 /// from assumes/guards and range metadata. Unlike getValueInBlock(), no 446 /// recursive query is performed. 447 ValueLatticeElement getValueAt(Value *V, Instruction *CxtI); 448 449 /// This is the query interface to determine the lattice 450 /// value for the specified Value* that is true on the specified edge. 451 ValueLatticeElement getValueOnEdge(Value *V, BasicBlock *FromBB, 452 BasicBlock *ToBB, 453 Instruction *CxtI = nullptr); 454 455 /// Complete flush all previously computed values 456 void clear() { 457 TheCache.clear(); 458 } 459 460 /// Printing the LazyValueInfo Analysis. 461 void printLVI(Function &F, DominatorTree &DTree, raw_ostream &OS) { 462 LazyValueInfoAnnotatedWriter Writer(this, DTree); 463 F.print(OS, &Writer); 464 } 465 466 /// This is part of the update interface to inform the cache 467 /// that a block has been deleted. 468 void eraseBlock(BasicBlock *BB) { 469 TheCache.eraseBlock(BB); 470 } 471 472 /// This is the update interface to inform the cache that an edge from 473 /// PredBB to OldSucc has been threaded to be from PredBB to NewSucc. 474 void threadEdge(BasicBlock *PredBB,BasicBlock *OldSucc,BasicBlock *NewSucc); 475 476 LazyValueInfoImpl(AssumptionCache *AC, const DataLayout &DL, 477 Function *GuardDecl) 478 : AC(AC), DL(DL), GuardDecl(GuardDecl) {} 479 }; 480 } // end anonymous namespace 481 482 483 void LazyValueInfoImpl::solve() { 484 SmallVector<std::pair<BasicBlock *, Value *>, 8> StartingStack( 485 BlockValueStack.begin(), BlockValueStack.end()); 486 487 unsigned processedCount = 0; 488 while (!BlockValueStack.empty()) { 489 processedCount++; 490 // Abort if we have to process too many values to get a result for this one. 491 // Because of the design of the overdefined cache currently being per-block 492 // to avoid naming-related issues (IE it wants to try to give different 493 // results for the same name in different blocks), overdefined results don't 494 // get cached globally, which in turn means we will often try to rediscover 495 // the same overdefined result again and again. Once something like 496 // PredicateInfo is used in LVI or CVP, we should be able to make the 497 // overdefined cache global, and remove this throttle. 498 if (processedCount > MaxProcessedPerValue) { 499 LLVM_DEBUG( 500 dbgs() << "Giving up on stack because we are getting too deep\n"); 501 // Fill in the original values 502 while (!StartingStack.empty()) { 503 std::pair<BasicBlock *, Value *> &e = StartingStack.back(); 504 TheCache.insertResult(e.second, e.first, 505 ValueLatticeElement::getOverdefined()); 506 StartingStack.pop_back(); 507 } 508 BlockValueSet.clear(); 509 BlockValueStack.clear(); 510 return; 511 } 512 std::pair<BasicBlock *, Value *> e = BlockValueStack.back(); 513 assert(BlockValueSet.count(e) && "Stack value should be in BlockValueSet!"); 514 515 if (solveBlockValue(e.second, e.first)) { 516 // The work item was completely processed. 517 assert(BlockValueStack.back() == e && "Nothing should have been pushed!"); 518 #ifndef NDEBUG 519 Optional<ValueLatticeElement> BBLV = 520 TheCache.getCachedValueInfo(e.second, e.first); 521 assert(BBLV && "Result should be in cache!"); 522 LLVM_DEBUG( 523 dbgs() << "POP " << *e.second << " in " << e.first->getName() << " = " 524 << *BBLV << "\n"); 525 #endif 526 527 BlockValueStack.pop_back(); 528 BlockValueSet.erase(e); 529 } else { 530 // More work needs to be done before revisiting. 531 assert(BlockValueStack.back() != e && "Stack should have been pushed!"); 532 } 533 } 534 } 535 536 Optional<ValueLatticeElement> LazyValueInfoImpl::getBlockValue(Value *Val, 537 BasicBlock *BB) { 538 // If already a constant, there is nothing to compute. 539 if (Constant *VC = dyn_cast<Constant>(Val)) 540 return ValueLatticeElement::get(VC); 541 542 if (Optional<ValueLatticeElement> OptLatticeVal = 543 TheCache.getCachedValueInfo(Val, BB)) 544 return OptLatticeVal; 545 546 // We have hit a cycle, assume overdefined. 547 if (!pushBlockValue({ BB, Val })) 548 return ValueLatticeElement::getOverdefined(); 549 550 // Yet to be resolved. 551 return None; 552 } 553 554 static ValueLatticeElement getFromRangeMetadata(Instruction *BBI) { 555 switch (BBI->getOpcode()) { 556 default: break; 557 case Instruction::Load: 558 case Instruction::Call: 559 case Instruction::Invoke: 560 if (MDNode *Ranges = BBI->getMetadata(LLVMContext::MD_range)) 561 if (isa<IntegerType>(BBI->getType())) { 562 return ValueLatticeElement::getRange( 563 getConstantRangeFromMetadata(*Ranges)); 564 } 565 break; 566 }; 567 // Nothing known - will be intersected with other facts 568 return ValueLatticeElement::getOverdefined(); 569 } 570 571 bool LazyValueInfoImpl::solveBlockValue(Value *Val, BasicBlock *BB) { 572 assert(!isa<Constant>(Val) && "Value should not be constant"); 573 assert(!TheCache.getCachedValueInfo(Val, BB) && 574 "Value should not be in cache"); 575 576 // Hold off inserting this value into the Cache in case we have to return 577 // false and come back later. 578 Optional<ValueLatticeElement> Res = solveBlockValueImpl(Val, BB); 579 if (!Res) 580 // Work pushed, will revisit 581 return false; 582 583 TheCache.insertResult(Val, BB, *Res); 584 return true; 585 } 586 587 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueImpl( 588 Value *Val, BasicBlock *BB) { 589 Instruction *BBI = dyn_cast<Instruction>(Val); 590 if (!BBI || BBI->getParent() != BB) 591 return solveBlockValueNonLocal(Val, BB); 592 593 if (PHINode *PN = dyn_cast<PHINode>(BBI)) 594 return solveBlockValuePHINode(PN, BB); 595 596 if (auto *SI = dyn_cast<SelectInst>(BBI)) 597 return solveBlockValueSelect(SI, BB); 598 599 // If this value is a nonnull pointer, record it's range and bailout. Note 600 // that for all other pointer typed values, we terminate the search at the 601 // definition. We could easily extend this to look through geps, bitcasts, 602 // and the like to prove non-nullness, but it's not clear that's worth it 603 // compile time wise. The context-insensitive value walk done inside 604 // isKnownNonZero gets most of the profitable cases at much less expense. 605 // This does mean that we have a sensitivity to where the defining 606 // instruction is placed, even if it could legally be hoisted much higher. 607 // That is unfortunate. 608 PointerType *PT = dyn_cast<PointerType>(BBI->getType()); 609 if (PT && isKnownNonZero(BBI, DL)) 610 return ValueLatticeElement::getNot(ConstantPointerNull::get(PT)); 611 612 if (BBI->getType()->isIntegerTy()) { 613 if (auto *CI = dyn_cast<CastInst>(BBI)) 614 return solveBlockValueCast(CI, BB); 615 616 if (BinaryOperator *BO = dyn_cast<BinaryOperator>(BBI)) 617 return solveBlockValueBinaryOp(BO, BB); 618 619 if (auto *EVI = dyn_cast<ExtractValueInst>(BBI)) 620 return solveBlockValueExtractValue(EVI, BB); 621 622 if (auto *II = dyn_cast<IntrinsicInst>(BBI)) 623 return solveBlockValueIntrinsic(II, BB); 624 } 625 626 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName() 627 << "' - unknown inst def found.\n"); 628 return getFromRangeMetadata(BBI); 629 } 630 631 static void AddNonNullPointer(Value *Ptr, NonNullPointerSet &PtrSet) { 632 // TODO: Use NullPointerIsDefined instead. 633 if (Ptr->getType()->getPointerAddressSpace() == 0) 634 PtrSet.insert(getUnderlyingObject(Ptr)); 635 } 636 637 static void AddNonNullPointersByInstruction( 638 Instruction *I, NonNullPointerSet &PtrSet) { 639 if (LoadInst *L = dyn_cast<LoadInst>(I)) { 640 AddNonNullPointer(L->getPointerOperand(), PtrSet); 641 } else if (StoreInst *S = dyn_cast<StoreInst>(I)) { 642 AddNonNullPointer(S->getPointerOperand(), PtrSet); 643 } else if (MemIntrinsic *MI = dyn_cast<MemIntrinsic>(I)) { 644 if (MI->isVolatile()) return; 645 646 // FIXME: check whether it has a valuerange that excludes zero? 647 ConstantInt *Len = dyn_cast<ConstantInt>(MI->getLength()); 648 if (!Len || Len->isZero()) return; 649 650 AddNonNullPointer(MI->getRawDest(), PtrSet); 651 if (MemTransferInst *MTI = dyn_cast<MemTransferInst>(MI)) 652 AddNonNullPointer(MTI->getRawSource(), PtrSet); 653 } 654 } 655 656 bool LazyValueInfoImpl::isNonNullAtEndOfBlock(Value *Val, BasicBlock *BB) { 657 if (NullPointerIsDefined(BB->getParent(), 658 Val->getType()->getPointerAddressSpace())) 659 return false; 660 661 Val = getUnderlyingObject(Val); 662 return TheCache.isNonNullAtEndOfBlock(Val, BB, [](BasicBlock *BB) { 663 NonNullPointerSet NonNullPointers; 664 for (Instruction &I : *BB) 665 AddNonNullPointersByInstruction(&I, NonNullPointers); 666 return NonNullPointers; 667 }); 668 } 669 670 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueNonLocal( 671 Value *Val, BasicBlock *BB) { 672 ValueLatticeElement Result; // Start Undefined. 673 674 // If this is the entry block, we must be asking about an argument. The 675 // value is overdefined. 676 if (BB == &BB->getParent()->getEntryBlock()) { 677 assert(isa<Argument>(Val) && "Unknown live-in to the entry block"); 678 return ValueLatticeElement::getOverdefined(); 679 } 680 681 // Loop over all of our predecessors, merging what we know from them into 682 // result. If we encounter an unexplored predecessor, we eagerly explore it 683 // in a depth first manner. In practice, this has the effect of discovering 684 // paths we can't analyze eagerly without spending compile times analyzing 685 // other paths. This heuristic benefits from the fact that predecessors are 686 // frequently arranged such that dominating ones come first and we quickly 687 // find a path to function entry. TODO: We should consider explicitly 688 // canonicalizing to make this true rather than relying on this happy 689 // accident. 690 for (pred_iterator PI = pred_begin(BB), E = pred_end(BB); PI != E; ++PI) { 691 Optional<ValueLatticeElement> EdgeResult = getEdgeValue(Val, *PI, BB); 692 if (!EdgeResult) 693 // Explore that input, then return here 694 return None; 695 696 Result.mergeIn(*EdgeResult); 697 698 // If we hit overdefined, exit early. The BlockVals entry is already set 699 // to overdefined. 700 if (Result.isOverdefined()) { 701 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName() 702 << "' - overdefined because of pred (non local).\n"); 703 return Result; 704 } 705 } 706 707 // Return the merged value, which is more precise than 'overdefined'. 708 assert(!Result.isOverdefined()); 709 return Result; 710 } 711 712 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValuePHINode( 713 PHINode *PN, BasicBlock *BB) { 714 ValueLatticeElement Result; // Start Undefined. 715 716 // Loop over all of our predecessors, merging what we know from them into 717 // result. See the comment about the chosen traversal order in 718 // solveBlockValueNonLocal; the same reasoning applies here. 719 for (unsigned i = 0, e = PN->getNumIncomingValues(); i != e; ++i) { 720 BasicBlock *PhiBB = PN->getIncomingBlock(i); 721 Value *PhiVal = PN->getIncomingValue(i); 722 // Note that we can provide PN as the context value to getEdgeValue, even 723 // though the results will be cached, because PN is the value being used as 724 // the cache key in the caller. 725 Optional<ValueLatticeElement> EdgeResult = 726 getEdgeValue(PhiVal, PhiBB, BB, PN); 727 if (!EdgeResult) 728 // Explore that input, then return here 729 return None; 730 731 Result.mergeIn(*EdgeResult); 732 733 // If we hit overdefined, exit early. The BlockVals entry is already set 734 // to overdefined. 735 if (Result.isOverdefined()) { 736 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName() 737 << "' - overdefined because of pred (local).\n"); 738 739 return Result; 740 } 741 } 742 743 // Return the merged value, which is more precise than 'overdefined'. 744 assert(!Result.isOverdefined() && "Possible PHI in entry block?"); 745 return Result; 746 } 747 748 static ValueLatticeElement getValueFromCondition(Value *Val, Value *Cond, 749 bool isTrueDest = true); 750 751 // If we can determine a constraint on the value given conditions assumed by 752 // the program, intersect those constraints with BBLV 753 void LazyValueInfoImpl::intersectAssumeOrGuardBlockValueConstantRange( 754 Value *Val, ValueLatticeElement &BBLV, Instruction *BBI) { 755 BBI = BBI ? BBI : dyn_cast<Instruction>(Val); 756 if (!BBI) 757 return; 758 759 BasicBlock *BB = BBI->getParent(); 760 for (auto &AssumeVH : AC->assumptionsFor(Val)) { 761 if (!AssumeVH) 762 continue; 763 764 // Only check assumes in the block of the context instruction. Other 765 // assumes will have already been taken into account when the value was 766 // propagated from predecessor blocks. 767 auto *I = cast<CallInst>(AssumeVH); 768 if (I->getParent() != BB || !isValidAssumeForContext(I, BBI)) 769 continue; 770 771 BBLV = intersect(BBLV, getValueFromCondition(Val, I->getArgOperand(0))); 772 } 773 774 // If guards are not used in the module, don't spend time looking for them 775 if (GuardDecl && !GuardDecl->use_empty() && 776 BBI->getIterator() != BB->begin()) { 777 for (Instruction &I : make_range(std::next(BBI->getIterator().getReverse()), 778 BB->rend())) { 779 Value *Cond = nullptr; 780 if (match(&I, m_Intrinsic<Intrinsic::experimental_guard>(m_Value(Cond)))) 781 BBLV = intersect(BBLV, getValueFromCondition(Val, Cond)); 782 } 783 } 784 785 if (BBLV.isOverdefined()) { 786 // Check whether we're checking at the terminator, and the pointer has 787 // been dereferenced in this block. 788 PointerType *PTy = dyn_cast<PointerType>(Val->getType()); 789 if (PTy && BB->getTerminator() == BBI && 790 isNonNullAtEndOfBlock(Val, BB)) 791 BBLV = ValueLatticeElement::getNot(ConstantPointerNull::get(PTy)); 792 } 793 } 794 795 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueSelect( 796 SelectInst *SI, BasicBlock *BB) { 797 // Recurse on our inputs if needed 798 Optional<ValueLatticeElement> OptTrueVal = 799 getBlockValue(SI->getTrueValue(), BB); 800 if (!OptTrueVal) 801 return None; 802 ValueLatticeElement &TrueVal = *OptTrueVal; 803 804 // If we hit overdefined, don't ask more queries. We want to avoid poisoning 805 // extra slots in the table if we can. 806 if (TrueVal.isOverdefined()) 807 return ValueLatticeElement::getOverdefined(); 808 809 Optional<ValueLatticeElement> OptFalseVal = 810 getBlockValue(SI->getFalseValue(), BB); 811 if (!OptFalseVal) 812 return None; 813 ValueLatticeElement &FalseVal = *OptFalseVal; 814 815 // If we hit overdefined, don't ask more queries. We want to avoid poisoning 816 // extra slots in the table if we can. 817 if (FalseVal.isOverdefined()) 818 return ValueLatticeElement::getOverdefined(); 819 820 if (TrueVal.isConstantRange() && FalseVal.isConstantRange()) { 821 const ConstantRange &TrueCR = TrueVal.getConstantRange(); 822 const ConstantRange &FalseCR = FalseVal.getConstantRange(); 823 Value *LHS = nullptr; 824 Value *RHS = nullptr; 825 SelectPatternResult SPR = matchSelectPattern(SI, LHS, RHS); 826 // Is this a min specifically of our two inputs? (Avoid the risk of 827 // ValueTracking getting smarter looking back past our immediate inputs.) 828 if (SelectPatternResult::isMinOrMax(SPR.Flavor) && 829 LHS == SI->getTrueValue() && RHS == SI->getFalseValue()) { 830 ConstantRange ResultCR = [&]() { 831 switch (SPR.Flavor) { 832 default: 833 llvm_unreachable("unexpected minmax type!"); 834 case SPF_SMIN: /// Signed minimum 835 return TrueCR.smin(FalseCR); 836 case SPF_UMIN: /// Unsigned minimum 837 return TrueCR.umin(FalseCR); 838 case SPF_SMAX: /// Signed maximum 839 return TrueCR.smax(FalseCR); 840 case SPF_UMAX: /// Unsigned maximum 841 return TrueCR.umax(FalseCR); 842 }; 843 }(); 844 return ValueLatticeElement::getRange( 845 ResultCR, TrueVal.isConstantRangeIncludingUndef() | 846 FalseVal.isConstantRangeIncludingUndef()); 847 } 848 849 if (SPR.Flavor == SPF_ABS) { 850 if (LHS == SI->getTrueValue()) 851 return ValueLatticeElement::getRange( 852 TrueCR.abs(), TrueVal.isConstantRangeIncludingUndef()); 853 if (LHS == SI->getFalseValue()) 854 return ValueLatticeElement::getRange( 855 FalseCR.abs(), FalseVal.isConstantRangeIncludingUndef()); 856 } 857 858 if (SPR.Flavor == SPF_NABS) { 859 ConstantRange Zero(APInt::getNullValue(TrueCR.getBitWidth())); 860 if (LHS == SI->getTrueValue()) 861 return ValueLatticeElement::getRange( 862 Zero.sub(TrueCR.abs()), FalseVal.isConstantRangeIncludingUndef()); 863 if (LHS == SI->getFalseValue()) 864 return ValueLatticeElement::getRange( 865 Zero.sub(FalseCR.abs()), FalseVal.isConstantRangeIncludingUndef()); 866 } 867 } 868 869 // Can we constrain the facts about the true and false values by using the 870 // condition itself? This shows up with idioms like e.g. select(a > 5, a, 5). 871 // TODO: We could potentially refine an overdefined true value above. 872 Value *Cond = SI->getCondition(); 873 TrueVal = intersect(TrueVal, 874 getValueFromCondition(SI->getTrueValue(), Cond, true)); 875 FalseVal = intersect(FalseVal, 876 getValueFromCondition(SI->getFalseValue(), Cond, false)); 877 878 // Handle clamp idioms such as: 879 // %24 = constantrange<0, 17> 880 // %39 = icmp eq i32 %24, 0 881 // %40 = add i32 %24, -1 882 // %siv.next = select i1 %39, i32 16, i32 %40 883 // %siv.next = constantrange<0, 17> not <-1, 17> 884 // In general, this can handle any clamp idiom which tests the edge 885 // condition via an equality or inequality. 886 if (auto *ICI = dyn_cast<ICmpInst>(Cond)) { 887 ICmpInst::Predicate Pred = ICI->getPredicate(); 888 Value *A = ICI->getOperand(0); 889 if (ConstantInt *CIBase = dyn_cast<ConstantInt>(ICI->getOperand(1))) { 890 auto addConstants = [](ConstantInt *A, ConstantInt *B) { 891 assert(A->getType() == B->getType()); 892 return ConstantInt::get(A->getType(), A->getValue() + B->getValue()); 893 }; 894 // See if either input is A + C2, subject to the constraint from the 895 // condition that A != C when that input is used. We can assume that 896 // that input doesn't include C + C2. 897 ConstantInt *CIAdded; 898 switch (Pred) { 899 default: break; 900 case ICmpInst::ICMP_EQ: 901 if (match(SI->getFalseValue(), m_Add(m_Specific(A), 902 m_ConstantInt(CIAdded)))) { 903 auto ResNot = addConstants(CIBase, CIAdded); 904 FalseVal = intersect(FalseVal, 905 ValueLatticeElement::getNot(ResNot)); 906 } 907 break; 908 case ICmpInst::ICMP_NE: 909 if (match(SI->getTrueValue(), m_Add(m_Specific(A), 910 m_ConstantInt(CIAdded)))) { 911 auto ResNot = addConstants(CIBase, CIAdded); 912 TrueVal = intersect(TrueVal, 913 ValueLatticeElement::getNot(ResNot)); 914 } 915 break; 916 }; 917 } 918 } 919 920 ValueLatticeElement Result = TrueVal; 921 Result.mergeIn(FalseVal); 922 return Result; 923 } 924 925 Optional<ConstantRange> LazyValueInfoImpl::getRangeFor(Value *V, 926 Instruction *CxtI, 927 BasicBlock *BB) { 928 Optional<ValueLatticeElement> OptVal = getBlockValue(V, BB); 929 if (!OptVal) 930 return None; 931 932 ValueLatticeElement &Val = *OptVal; 933 intersectAssumeOrGuardBlockValueConstantRange(V, Val, CxtI); 934 if (Val.isConstantRange()) 935 return Val.getConstantRange(); 936 937 const unsigned OperandBitWidth = DL.getTypeSizeInBits(V->getType()); 938 return ConstantRange::getFull(OperandBitWidth); 939 } 940 941 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueCast( 942 CastInst *CI, BasicBlock *BB) { 943 // Without knowing how wide the input is, we can't analyze it in any useful 944 // way. 945 if (!CI->getOperand(0)->getType()->isSized()) 946 return ValueLatticeElement::getOverdefined(); 947 948 // Filter out casts we don't know how to reason about before attempting to 949 // recurse on our operand. This can cut a long search short if we know we're 950 // not going to be able to get any useful information anways. 951 switch (CI->getOpcode()) { 952 case Instruction::Trunc: 953 case Instruction::SExt: 954 case Instruction::ZExt: 955 case Instruction::BitCast: 956 break; 957 default: 958 // Unhandled instructions are overdefined. 959 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName() 960 << "' - overdefined (unknown cast).\n"); 961 return ValueLatticeElement::getOverdefined(); 962 } 963 964 // Figure out the range of the LHS. If that fails, we still apply the 965 // transfer rule on the full set since we may be able to locally infer 966 // interesting facts. 967 Optional<ConstantRange> LHSRes = getRangeFor(CI->getOperand(0), CI, BB); 968 if (!LHSRes.hasValue()) 969 // More work to do before applying this transfer rule. 970 return None; 971 const ConstantRange &LHSRange = LHSRes.getValue(); 972 973 const unsigned ResultBitWidth = CI->getType()->getIntegerBitWidth(); 974 975 // NOTE: We're currently limited by the set of operations that ConstantRange 976 // can evaluate symbolically. Enhancing that set will allows us to analyze 977 // more definitions. 978 return ValueLatticeElement::getRange(LHSRange.castOp(CI->getOpcode(), 979 ResultBitWidth)); 980 } 981 982 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueBinaryOpImpl( 983 Instruction *I, BasicBlock *BB, 984 std::function<ConstantRange(const ConstantRange &, 985 const ConstantRange &)> OpFn) { 986 // Figure out the ranges of the operands. If that fails, use a 987 // conservative range, but apply the transfer rule anyways. This 988 // lets us pick up facts from expressions like "and i32 (call i32 989 // @foo()), 32" 990 Optional<ConstantRange> LHSRes = getRangeFor(I->getOperand(0), I, BB); 991 Optional<ConstantRange> RHSRes = getRangeFor(I->getOperand(1), I, BB); 992 if (!LHSRes.hasValue() || !RHSRes.hasValue()) 993 // More work to do before applying this transfer rule. 994 return None; 995 996 const ConstantRange &LHSRange = LHSRes.getValue(); 997 const ConstantRange &RHSRange = RHSRes.getValue(); 998 return ValueLatticeElement::getRange(OpFn(LHSRange, RHSRange)); 999 } 1000 1001 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueBinaryOp( 1002 BinaryOperator *BO, BasicBlock *BB) { 1003 assert(BO->getOperand(0)->getType()->isSized() && 1004 "all operands to binary operators are sized"); 1005 if (BO->getOpcode() == Instruction::Xor) { 1006 // Xor is the only operation not supported by ConstantRange::binaryOp(). 1007 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName() 1008 << "' - overdefined (unknown binary operator).\n"); 1009 return ValueLatticeElement::getOverdefined(); 1010 } 1011 1012 if (auto *OBO = dyn_cast<OverflowingBinaryOperator>(BO)) { 1013 unsigned NoWrapKind = 0; 1014 if (OBO->hasNoUnsignedWrap()) 1015 NoWrapKind |= OverflowingBinaryOperator::NoUnsignedWrap; 1016 if (OBO->hasNoSignedWrap()) 1017 NoWrapKind |= OverflowingBinaryOperator::NoSignedWrap; 1018 1019 return solveBlockValueBinaryOpImpl( 1020 BO, BB, 1021 [BO, NoWrapKind](const ConstantRange &CR1, const ConstantRange &CR2) { 1022 return CR1.overflowingBinaryOp(BO->getOpcode(), CR2, NoWrapKind); 1023 }); 1024 } 1025 1026 return solveBlockValueBinaryOpImpl( 1027 BO, BB, [BO](const ConstantRange &CR1, const ConstantRange &CR2) { 1028 return CR1.binaryOp(BO->getOpcode(), CR2); 1029 }); 1030 } 1031 1032 Optional<ValueLatticeElement> 1033 LazyValueInfoImpl::solveBlockValueOverflowIntrinsic(WithOverflowInst *WO, 1034 BasicBlock *BB) { 1035 return solveBlockValueBinaryOpImpl( 1036 WO, BB, [WO](const ConstantRange &CR1, const ConstantRange &CR2) { 1037 return CR1.binaryOp(WO->getBinaryOp(), CR2); 1038 }); 1039 } 1040 1041 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueIntrinsic( 1042 IntrinsicInst *II, BasicBlock *BB) { 1043 if (!ConstantRange::isIntrinsicSupported(II->getIntrinsicID())) { 1044 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName() 1045 << "' - overdefined (unknown intrinsic).\n"); 1046 return ValueLatticeElement::getOverdefined(); 1047 } 1048 1049 SmallVector<ConstantRange, 2> OpRanges; 1050 for (Value *Op : II->args()) { 1051 Optional<ConstantRange> Range = getRangeFor(Op, II, BB); 1052 if (!Range) 1053 return None; 1054 OpRanges.push_back(*Range); 1055 } 1056 1057 return ValueLatticeElement::getRange( 1058 ConstantRange::intrinsic(II->getIntrinsicID(), OpRanges)); 1059 } 1060 1061 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueExtractValue( 1062 ExtractValueInst *EVI, BasicBlock *BB) { 1063 if (auto *WO = dyn_cast<WithOverflowInst>(EVI->getAggregateOperand())) 1064 if (EVI->getNumIndices() == 1 && *EVI->idx_begin() == 0) 1065 return solveBlockValueOverflowIntrinsic(WO, BB); 1066 1067 // Handle extractvalue of insertvalue to allow further simplification 1068 // based on replaced with.overflow intrinsics. 1069 if (Value *V = SimplifyExtractValueInst( 1070 EVI->getAggregateOperand(), EVI->getIndices(), 1071 EVI->getModule()->getDataLayout())) 1072 return getBlockValue(V, BB); 1073 1074 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName() 1075 << "' - overdefined (unknown extractvalue).\n"); 1076 return ValueLatticeElement::getOverdefined(); 1077 } 1078 1079 static bool matchICmpOperand(const APInt *&Offset, Value *LHS, Value *Val, 1080 ICmpInst::Predicate Pred) { 1081 if (LHS == Val) 1082 return true; 1083 1084 // Handle range checking idiom produced by InstCombine. We will subtract the 1085 // offset from the allowed range for RHS in this case. 1086 if (match(LHS, m_Add(m_Specific(Val), m_APInt(Offset)))) 1087 return true; 1088 1089 // If (x | y) < C, then (x < C) && (y < C). 1090 if (match(LHS, m_c_Or(m_Specific(Val), m_Value())) && 1091 (Pred == ICmpInst::ICMP_ULT || Pred == ICmpInst::ICMP_ULE)) 1092 return true; 1093 1094 // If (x & y) > C, then (x > C) && (y > C). 1095 if (match(LHS, m_c_And(m_Specific(Val), m_Value())) && 1096 (Pred == ICmpInst::ICMP_UGT || Pred == ICmpInst::ICMP_UGE)) 1097 return true; 1098 1099 return false; 1100 } 1101 1102 /// Get value range for a "(Val + Offset) Pred RHS" condition. 1103 static ValueLatticeElement getValueFromSimpleICmpCondition( 1104 CmpInst::Predicate Pred, Value *RHS, const APInt *Offset) { 1105 ConstantRange RHSRange(RHS->getType()->getIntegerBitWidth(), 1106 /*isFullSet=*/true); 1107 if (ConstantInt *CI = dyn_cast<ConstantInt>(RHS)) 1108 RHSRange = ConstantRange(CI->getValue()); 1109 else if (Instruction *I = dyn_cast<Instruction>(RHS)) 1110 if (auto *Ranges = I->getMetadata(LLVMContext::MD_range)) 1111 RHSRange = getConstantRangeFromMetadata(*Ranges); 1112 1113 ConstantRange TrueValues = 1114 ConstantRange::makeAllowedICmpRegion(Pred, RHSRange); 1115 1116 if (Offset) 1117 TrueValues = TrueValues.subtract(*Offset); 1118 1119 return ValueLatticeElement::getRange(std::move(TrueValues)); 1120 } 1121 1122 static ValueLatticeElement getValueFromICmpCondition(Value *Val, ICmpInst *ICI, 1123 bool isTrueDest) { 1124 Value *LHS = ICI->getOperand(0); 1125 Value *RHS = ICI->getOperand(1); 1126 1127 // Get the predicate that must hold along the considered edge. 1128 CmpInst::Predicate EdgePred = 1129 isTrueDest ? ICI->getPredicate() : ICI->getInversePredicate(); 1130 1131 if (isa<Constant>(RHS)) { 1132 if (ICI->isEquality() && LHS == Val) { 1133 if (EdgePred == ICmpInst::ICMP_EQ) 1134 return ValueLatticeElement::get(cast<Constant>(RHS)); 1135 else if (!isa<UndefValue>(RHS)) 1136 return ValueLatticeElement::getNot(cast<Constant>(RHS)); 1137 } 1138 } 1139 1140 if (!Val->getType()->isIntegerTy()) 1141 return ValueLatticeElement::getOverdefined(); 1142 1143 const APInt *Offset = nullptr; 1144 if (matchICmpOperand(Offset, LHS, Val, EdgePred)) 1145 return getValueFromSimpleICmpCondition(EdgePred, RHS, Offset); 1146 1147 CmpInst::Predicate SwappedPred = CmpInst::getSwappedPredicate(EdgePred); 1148 if (matchICmpOperand(Offset, RHS, Val, SwappedPred)) 1149 return getValueFromSimpleICmpCondition(SwappedPred, LHS, Offset); 1150 1151 // If (Val & Mask) == C then all the masked bits are known and we can compute 1152 // a value range based on that. 1153 const APInt *Mask, *C; 1154 if (EdgePred == ICmpInst::ICMP_EQ && 1155 match(LHS, m_And(m_Specific(Val), m_APInt(Mask))) && 1156 match(RHS, m_APInt(C))) { 1157 KnownBits Known; 1158 Known.Zero = ~*C & *Mask; 1159 Known.One = *C & *Mask; 1160 return ValueLatticeElement::getRange( 1161 ConstantRange::fromKnownBits(Known, /*IsSigned*/ false)); 1162 } 1163 1164 return ValueLatticeElement::getOverdefined(); 1165 } 1166 1167 // Handle conditions of the form 1168 // extractvalue(op.with.overflow(%x, C), 1). 1169 static ValueLatticeElement getValueFromOverflowCondition( 1170 Value *Val, WithOverflowInst *WO, bool IsTrueDest) { 1171 // TODO: This only works with a constant RHS for now. We could also compute 1172 // the range of the RHS, but this doesn't fit into the current structure of 1173 // the edge value calculation. 1174 const APInt *C; 1175 if (WO->getLHS() != Val || !match(WO->getRHS(), m_APInt(C))) 1176 return ValueLatticeElement::getOverdefined(); 1177 1178 // Calculate the possible values of %x for which no overflow occurs. 1179 ConstantRange NWR = ConstantRange::makeExactNoWrapRegion( 1180 WO->getBinaryOp(), *C, WO->getNoWrapKind()); 1181 1182 // If overflow is false, %x is constrained to NWR. If overflow is true, %x is 1183 // constrained to it's inverse (all values that might cause overflow). 1184 if (IsTrueDest) 1185 NWR = NWR.inverse(); 1186 return ValueLatticeElement::getRange(NWR); 1187 } 1188 1189 static ValueLatticeElement 1190 getValueFromCondition(Value *Val, Value *Cond, bool isTrueDest, 1191 SmallDenseMap<Value*, ValueLatticeElement> &Visited); 1192 1193 static ValueLatticeElement 1194 getValueFromConditionImpl(Value *Val, Value *Cond, bool isTrueDest, 1195 SmallDenseMap<Value*, ValueLatticeElement> &Visited) { 1196 if (ICmpInst *ICI = dyn_cast<ICmpInst>(Cond)) 1197 return getValueFromICmpCondition(Val, ICI, isTrueDest); 1198 1199 if (auto *EVI = dyn_cast<ExtractValueInst>(Cond)) 1200 if (auto *WO = dyn_cast<WithOverflowInst>(EVI->getAggregateOperand())) 1201 if (EVI->getNumIndices() == 1 && *EVI->idx_begin() == 1) 1202 return getValueFromOverflowCondition(Val, WO, isTrueDest); 1203 1204 // Handle conditions in the form of (cond1 && cond2), we know that on the 1205 // true dest path both of the conditions hold. Similarly for conditions of 1206 // the form (cond1 || cond2), we know that on the false dest path neither 1207 // condition holds. 1208 BinaryOperator *BO = dyn_cast<BinaryOperator>(Cond); 1209 if (!BO || (isTrueDest && BO->getOpcode() != BinaryOperator::And) || 1210 (!isTrueDest && BO->getOpcode() != BinaryOperator::Or)) 1211 return ValueLatticeElement::getOverdefined(); 1212 1213 // Prevent infinite recursion if Cond references itself as in this example: 1214 // Cond: "%tmp4 = and i1 %tmp4, undef" 1215 // BL: "%tmp4 = and i1 %tmp4, undef" 1216 // BR: "i1 undef" 1217 Value *BL = BO->getOperand(0); 1218 Value *BR = BO->getOperand(1); 1219 if (BL == Cond || BR == Cond) 1220 return ValueLatticeElement::getOverdefined(); 1221 1222 return intersect(getValueFromCondition(Val, BL, isTrueDest, Visited), 1223 getValueFromCondition(Val, BR, isTrueDest, Visited)); 1224 } 1225 1226 static ValueLatticeElement 1227 getValueFromCondition(Value *Val, Value *Cond, bool isTrueDest, 1228 SmallDenseMap<Value*, ValueLatticeElement> &Visited) { 1229 auto I = Visited.find(Cond); 1230 if (I != Visited.end()) 1231 return I->second; 1232 1233 auto Result = getValueFromConditionImpl(Val, Cond, isTrueDest, Visited); 1234 Visited[Cond] = Result; 1235 return Result; 1236 } 1237 1238 ValueLatticeElement getValueFromCondition(Value *Val, Value *Cond, 1239 bool isTrueDest) { 1240 assert(Cond && "precondition"); 1241 SmallDenseMap<Value*, ValueLatticeElement> Visited; 1242 return getValueFromCondition(Val, Cond, isTrueDest, Visited); 1243 } 1244 1245 // Return true if Usr has Op as an operand, otherwise false. 1246 static bool usesOperand(User *Usr, Value *Op) { 1247 return find(Usr->operands(), Op) != Usr->op_end(); 1248 } 1249 1250 // Return true if the instruction type of Val is supported by 1251 // constantFoldUser(). Currently CastInst, BinaryOperator and FreezeInst only. 1252 // Call this before calling constantFoldUser() to find out if it's even worth 1253 // attempting to call it. 1254 static bool isOperationFoldable(User *Usr) { 1255 return isa<CastInst>(Usr) || isa<BinaryOperator>(Usr) || isa<FreezeInst>(Usr); 1256 } 1257 1258 // Check if Usr can be simplified to an integer constant when the value of one 1259 // of its operands Op is an integer constant OpConstVal. If so, return it as an 1260 // lattice value range with a single element or otherwise return an overdefined 1261 // lattice value. 1262 static ValueLatticeElement constantFoldUser(User *Usr, Value *Op, 1263 const APInt &OpConstVal, 1264 const DataLayout &DL) { 1265 assert(isOperationFoldable(Usr) && "Precondition"); 1266 Constant* OpConst = Constant::getIntegerValue(Op->getType(), OpConstVal); 1267 // Check if Usr can be simplified to a constant. 1268 if (auto *CI = dyn_cast<CastInst>(Usr)) { 1269 assert(CI->getOperand(0) == Op && "Operand 0 isn't Op"); 1270 if (auto *C = dyn_cast_or_null<ConstantInt>( 1271 SimplifyCastInst(CI->getOpcode(), OpConst, 1272 CI->getDestTy(), DL))) { 1273 return ValueLatticeElement::getRange(ConstantRange(C->getValue())); 1274 } 1275 } else if (auto *BO = dyn_cast<BinaryOperator>(Usr)) { 1276 bool Op0Match = BO->getOperand(0) == Op; 1277 bool Op1Match = BO->getOperand(1) == Op; 1278 assert((Op0Match || Op1Match) && 1279 "Operand 0 nor Operand 1 isn't a match"); 1280 Value *LHS = Op0Match ? OpConst : BO->getOperand(0); 1281 Value *RHS = Op1Match ? OpConst : BO->getOperand(1); 1282 if (auto *C = dyn_cast_or_null<ConstantInt>( 1283 SimplifyBinOp(BO->getOpcode(), LHS, RHS, DL))) { 1284 return ValueLatticeElement::getRange(ConstantRange(C->getValue())); 1285 } 1286 } else if (isa<FreezeInst>(Usr)) { 1287 assert(cast<FreezeInst>(Usr)->getOperand(0) == Op && "Operand 0 isn't Op"); 1288 return ValueLatticeElement::getRange(ConstantRange(OpConstVal)); 1289 } 1290 return ValueLatticeElement::getOverdefined(); 1291 } 1292 1293 /// Compute the value of Val on the edge BBFrom -> BBTo. Returns false if 1294 /// Val is not constrained on the edge. Result is unspecified if return value 1295 /// is false. 1296 static Optional<ValueLatticeElement> getEdgeValueLocal(Value *Val, 1297 BasicBlock *BBFrom, 1298 BasicBlock *BBTo) { 1299 // TODO: Handle more complex conditionals. If (v == 0 || v2 < 1) is false, we 1300 // know that v != 0. 1301 if (BranchInst *BI = dyn_cast<BranchInst>(BBFrom->getTerminator())) { 1302 // If this is a conditional branch and only one successor goes to BBTo, then 1303 // we may be able to infer something from the condition. 1304 if (BI->isConditional() && 1305 BI->getSuccessor(0) != BI->getSuccessor(1)) { 1306 bool isTrueDest = BI->getSuccessor(0) == BBTo; 1307 assert(BI->getSuccessor(!isTrueDest) == BBTo && 1308 "BBTo isn't a successor of BBFrom"); 1309 Value *Condition = BI->getCondition(); 1310 1311 // If V is the condition of the branch itself, then we know exactly what 1312 // it is. 1313 if (Condition == Val) 1314 return ValueLatticeElement::get(ConstantInt::get( 1315 Type::getInt1Ty(Val->getContext()), isTrueDest)); 1316 1317 // If the condition of the branch is an equality comparison, we may be 1318 // able to infer the value. 1319 ValueLatticeElement Result = getValueFromCondition(Val, Condition, 1320 isTrueDest); 1321 if (!Result.isOverdefined()) 1322 return Result; 1323 1324 if (User *Usr = dyn_cast<User>(Val)) { 1325 assert(Result.isOverdefined() && "Result isn't overdefined"); 1326 // Check with isOperationFoldable() first to avoid linearly iterating 1327 // over the operands unnecessarily which can be expensive for 1328 // instructions with many operands. 1329 if (isa<IntegerType>(Usr->getType()) && isOperationFoldable(Usr)) { 1330 const DataLayout &DL = BBTo->getModule()->getDataLayout(); 1331 if (usesOperand(Usr, Condition)) { 1332 // If Val has Condition as an operand and Val can be folded into a 1333 // constant with either Condition == true or Condition == false, 1334 // propagate the constant. 1335 // eg. 1336 // ; %Val is true on the edge to %then. 1337 // %Val = and i1 %Condition, true. 1338 // br %Condition, label %then, label %else 1339 APInt ConditionVal(1, isTrueDest ? 1 : 0); 1340 Result = constantFoldUser(Usr, Condition, ConditionVal, DL); 1341 } else { 1342 // If one of Val's operand has an inferred value, we may be able to 1343 // infer the value of Val. 1344 // eg. 1345 // ; %Val is 94 on the edge to %then. 1346 // %Val = add i8 %Op, 1 1347 // %Condition = icmp eq i8 %Op, 93 1348 // br i1 %Condition, label %then, label %else 1349 for (unsigned i = 0; i < Usr->getNumOperands(); ++i) { 1350 Value *Op = Usr->getOperand(i); 1351 ValueLatticeElement OpLatticeVal = 1352 getValueFromCondition(Op, Condition, isTrueDest); 1353 if (Optional<APInt> OpConst = OpLatticeVal.asConstantInteger()) { 1354 Result = constantFoldUser(Usr, Op, OpConst.getValue(), DL); 1355 break; 1356 } 1357 } 1358 } 1359 } 1360 } 1361 if (!Result.isOverdefined()) 1362 return Result; 1363 } 1364 } 1365 1366 // If the edge was formed by a switch on the value, then we may know exactly 1367 // what it is. 1368 if (SwitchInst *SI = dyn_cast<SwitchInst>(BBFrom->getTerminator())) { 1369 Value *Condition = SI->getCondition(); 1370 if (!isa<IntegerType>(Val->getType())) 1371 return None; 1372 bool ValUsesConditionAndMayBeFoldable = false; 1373 if (Condition != Val) { 1374 // Check if Val has Condition as an operand. 1375 if (User *Usr = dyn_cast<User>(Val)) 1376 ValUsesConditionAndMayBeFoldable = isOperationFoldable(Usr) && 1377 usesOperand(Usr, Condition); 1378 if (!ValUsesConditionAndMayBeFoldable) 1379 return None; 1380 } 1381 assert((Condition == Val || ValUsesConditionAndMayBeFoldable) && 1382 "Condition != Val nor Val doesn't use Condition"); 1383 1384 bool DefaultCase = SI->getDefaultDest() == BBTo; 1385 unsigned BitWidth = Val->getType()->getIntegerBitWidth(); 1386 ConstantRange EdgesVals(BitWidth, DefaultCase/*isFullSet*/); 1387 1388 for (auto Case : SI->cases()) { 1389 APInt CaseValue = Case.getCaseValue()->getValue(); 1390 ConstantRange EdgeVal(CaseValue); 1391 if (ValUsesConditionAndMayBeFoldable) { 1392 User *Usr = cast<User>(Val); 1393 const DataLayout &DL = BBTo->getModule()->getDataLayout(); 1394 ValueLatticeElement EdgeLatticeVal = 1395 constantFoldUser(Usr, Condition, CaseValue, DL); 1396 if (EdgeLatticeVal.isOverdefined()) 1397 return None; 1398 EdgeVal = EdgeLatticeVal.getConstantRange(); 1399 } 1400 if (DefaultCase) { 1401 // It is possible that the default destination is the destination of 1402 // some cases. We cannot perform difference for those cases. 1403 // We know Condition != CaseValue in BBTo. In some cases we can use 1404 // this to infer Val == f(Condition) is != f(CaseValue). For now, we 1405 // only do this when f is identity (i.e. Val == Condition), but we 1406 // should be able to do this for any injective f. 1407 if (Case.getCaseSuccessor() != BBTo && Condition == Val) 1408 EdgesVals = EdgesVals.difference(EdgeVal); 1409 } else if (Case.getCaseSuccessor() == BBTo) 1410 EdgesVals = EdgesVals.unionWith(EdgeVal); 1411 } 1412 return ValueLatticeElement::getRange(std::move(EdgesVals)); 1413 } 1414 return None; 1415 } 1416 1417 /// Compute the value of Val on the edge BBFrom -> BBTo or the value at 1418 /// the basic block if the edge does not constrain Val. 1419 Optional<ValueLatticeElement> LazyValueInfoImpl::getEdgeValue( 1420 Value *Val, BasicBlock *BBFrom, BasicBlock *BBTo, Instruction *CxtI) { 1421 // If already a constant, there is nothing to compute. 1422 if (Constant *VC = dyn_cast<Constant>(Val)) 1423 return ValueLatticeElement::get(VC); 1424 1425 ValueLatticeElement LocalResult = getEdgeValueLocal(Val, BBFrom, BBTo) 1426 .getValueOr(ValueLatticeElement::getOverdefined()); 1427 if (hasSingleValue(LocalResult)) 1428 // Can't get any more precise here 1429 return LocalResult; 1430 1431 Optional<ValueLatticeElement> OptInBlock = getBlockValue(Val, BBFrom); 1432 if (!OptInBlock) 1433 return None; 1434 ValueLatticeElement &InBlock = *OptInBlock; 1435 1436 // Try to intersect ranges of the BB and the constraint on the edge. 1437 intersectAssumeOrGuardBlockValueConstantRange(Val, InBlock, 1438 BBFrom->getTerminator()); 1439 // We can use the context instruction (generically the ultimate instruction 1440 // the calling pass is trying to simplify) here, even though the result of 1441 // this function is generally cached when called from the solve* functions 1442 // (and that cached result might be used with queries using a different 1443 // context instruction), because when this function is called from the solve* 1444 // functions, the context instruction is not provided. When called from 1445 // LazyValueInfoImpl::getValueOnEdge, the context instruction is provided, 1446 // but then the result is not cached. 1447 intersectAssumeOrGuardBlockValueConstantRange(Val, InBlock, CxtI); 1448 1449 return intersect(LocalResult, InBlock); 1450 } 1451 1452 ValueLatticeElement LazyValueInfoImpl::getValueInBlock(Value *V, BasicBlock *BB, 1453 Instruction *CxtI) { 1454 LLVM_DEBUG(dbgs() << "LVI Getting block end value " << *V << " at '" 1455 << BB->getName() << "'\n"); 1456 1457 assert(BlockValueStack.empty() && BlockValueSet.empty()); 1458 Optional<ValueLatticeElement> OptResult = getBlockValue(V, BB); 1459 if (!OptResult) { 1460 solve(); 1461 OptResult = getBlockValue(V, BB); 1462 assert(OptResult && "Value not available after solving"); 1463 } 1464 ValueLatticeElement Result = *OptResult; 1465 intersectAssumeOrGuardBlockValueConstantRange(V, Result, CxtI); 1466 1467 LLVM_DEBUG(dbgs() << " Result = " << Result << "\n"); 1468 return Result; 1469 } 1470 1471 ValueLatticeElement LazyValueInfoImpl::getValueAt(Value *V, Instruction *CxtI) { 1472 LLVM_DEBUG(dbgs() << "LVI Getting value " << *V << " at '" << CxtI->getName() 1473 << "'\n"); 1474 1475 if (auto *C = dyn_cast<Constant>(V)) 1476 return ValueLatticeElement::get(C); 1477 1478 ValueLatticeElement Result = ValueLatticeElement::getOverdefined(); 1479 if (auto *I = dyn_cast<Instruction>(V)) 1480 Result = getFromRangeMetadata(I); 1481 intersectAssumeOrGuardBlockValueConstantRange(V, Result, CxtI); 1482 1483 LLVM_DEBUG(dbgs() << " Result = " << Result << "\n"); 1484 return Result; 1485 } 1486 1487 ValueLatticeElement LazyValueInfoImpl:: 1488 getValueOnEdge(Value *V, BasicBlock *FromBB, BasicBlock *ToBB, 1489 Instruction *CxtI) { 1490 LLVM_DEBUG(dbgs() << "LVI Getting edge value " << *V << " from '" 1491 << FromBB->getName() << "' to '" << ToBB->getName() 1492 << "'\n"); 1493 1494 Optional<ValueLatticeElement> Result = getEdgeValue(V, FromBB, ToBB, CxtI); 1495 if (!Result) { 1496 solve(); 1497 Result = getEdgeValue(V, FromBB, ToBB, CxtI); 1498 assert(Result && "More work to do after problem solved?"); 1499 } 1500 1501 LLVM_DEBUG(dbgs() << " Result = " << *Result << "\n"); 1502 return *Result; 1503 } 1504 1505 void LazyValueInfoImpl::threadEdge(BasicBlock *PredBB, BasicBlock *OldSucc, 1506 BasicBlock *NewSucc) { 1507 TheCache.threadEdgeImpl(OldSucc, NewSucc); 1508 } 1509 1510 //===----------------------------------------------------------------------===// 1511 // LazyValueInfo Impl 1512 //===----------------------------------------------------------------------===// 1513 1514 /// This lazily constructs the LazyValueInfoImpl. 1515 static LazyValueInfoImpl &getImpl(void *&PImpl, AssumptionCache *AC, 1516 const Module *M) { 1517 if (!PImpl) { 1518 assert(M && "getCache() called with a null Module"); 1519 const DataLayout &DL = M->getDataLayout(); 1520 Function *GuardDecl = M->getFunction( 1521 Intrinsic::getName(Intrinsic::experimental_guard)); 1522 PImpl = new LazyValueInfoImpl(AC, DL, GuardDecl); 1523 } 1524 return *static_cast<LazyValueInfoImpl*>(PImpl); 1525 } 1526 1527 bool LazyValueInfoWrapperPass::runOnFunction(Function &F) { 1528 Info.AC = &getAnalysis<AssumptionCacheTracker>().getAssumptionCache(F); 1529 Info.TLI = &getAnalysis<TargetLibraryInfoWrapperPass>().getTLI(F); 1530 1531 if (Info.PImpl) 1532 getImpl(Info.PImpl, Info.AC, F.getParent()).clear(); 1533 1534 // Fully lazy. 1535 return false; 1536 } 1537 1538 void LazyValueInfoWrapperPass::getAnalysisUsage(AnalysisUsage &AU) const { 1539 AU.setPreservesAll(); 1540 AU.addRequired<AssumptionCacheTracker>(); 1541 AU.addRequired<TargetLibraryInfoWrapperPass>(); 1542 } 1543 1544 LazyValueInfo &LazyValueInfoWrapperPass::getLVI() { return Info; } 1545 1546 LazyValueInfo::~LazyValueInfo() { releaseMemory(); } 1547 1548 void LazyValueInfo::releaseMemory() { 1549 // If the cache was allocated, free it. 1550 if (PImpl) { 1551 delete &getImpl(PImpl, AC, nullptr); 1552 PImpl = nullptr; 1553 } 1554 } 1555 1556 bool LazyValueInfo::invalidate(Function &F, const PreservedAnalyses &PA, 1557 FunctionAnalysisManager::Invalidator &Inv) { 1558 // We need to invalidate if we have either failed to preserve this analyses 1559 // result directly or if any of its dependencies have been invalidated. 1560 auto PAC = PA.getChecker<LazyValueAnalysis>(); 1561 if (!(PAC.preserved() || PAC.preservedSet<AllAnalysesOn<Function>>())) 1562 return true; 1563 1564 return false; 1565 } 1566 1567 void LazyValueInfoWrapperPass::releaseMemory() { Info.releaseMemory(); } 1568 1569 LazyValueInfo LazyValueAnalysis::run(Function &F, 1570 FunctionAnalysisManager &FAM) { 1571 auto &AC = FAM.getResult<AssumptionAnalysis>(F); 1572 auto &TLI = FAM.getResult<TargetLibraryAnalysis>(F); 1573 1574 return LazyValueInfo(&AC, &F.getParent()->getDataLayout(), &TLI); 1575 } 1576 1577 /// Returns true if we can statically tell that this value will never be a 1578 /// "useful" constant. In practice, this means we've got something like an 1579 /// alloca or a malloc call for which a comparison against a constant can 1580 /// only be guarding dead code. Note that we are potentially giving up some 1581 /// precision in dead code (a constant result) in favour of avoiding a 1582 /// expensive search for a easily answered common query. 1583 static bool isKnownNonConstant(Value *V) { 1584 V = V->stripPointerCasts(); 1585 // The return val of alloc cannot be a Constant. 1586 if (isa<AllocaInst>(V)) 1587 return true; 1588 return false; 1589 } 1590 1591 Constant *LazyValueInfo::getConstant(Value *V, Instruction *CxtI) { 1592 // Bail out early if V is known not to be a Constant. 1593 if (isKnownNonConstant(V)) 1594 return nullptr; 1595 1596 BasicBlock *BB = CxtI->getParent(); 1597 ValueLatticeElement Result = 1598 getImpl(PImpl, AC, BB->getModule()).getValueInBlock(V, BB, CxtI); 1599 1600 if (Result.isConstant()) 1601 return Result.getConstant(); 1602 if (Result.isConstantRange()) { 1603 const ConstantRange &CR = Result.getConstantRange(); 1604 if (const APInt *SingleVal = CR.getSingleElement()) 1605 return ConstantInt::get(V->getContext(), *SingleVal); 1606 } 1607 return nullptr; 1608 } 1609 1610 ConstantRange LazyValueInfo::getConstantRange(Value *V, Instruction *CxtI, 1611 bool UndefAllowed) { 1612 assert(V->getType()->isIntegerTy()); 1613 unsigned Width = V->getType()->getIntegerBitWidth(); 1614 BasicBlock *BB = CxtI->getParent(); 1615 ValueLatticeElement Result = 1616 getImpl(PImpl, AC, BB->getModule()).getValueInBlock(V, BB, CxtI); 1617 if (Result.isUnknown()) 1618 return ConstantRange::getEmpty(Width); 1619 if (Result.isConstantRange(UndefAllowed)) 1620 return Result.getConstantRange(UndefAllowed); 1621 // We represent ConstantInt constants as constant ranges but other kinds 1622 // of integer constants, i.e. ConstantExpr will be tagged as constants 1623 assert(!(Result.isConstant() && isa<ConstantInt>(Result.getConstant())) && 1624 "ConstantInt value must be represented as constantrange"); 1625 return ConstantRange::getFull(Width); 1626 } 1627 1628 /// Determine whether the specified value is known to be a 1629 /// constant on the specified edge. Return null if not. 1630 Constant *LazyValueInfo::getConstantOnEdge(Value *V, BasicBlock *FromBB, 1631 BasicBlock *ToBB, 1632 Instruction *CxtI) { 1633 Module *M = FromBB->getModule(); 1634 ValueLatticeElement Result = 1635 getImpl(PImpl, AC, M).getValueOnEdge(V, FromBB, ToBB, CxtI); 1636 1637 if (Result.isConstant()) 1638 return Result.getConstant(); 1639 if (Result.isConstantRange()) { 1640 const ConstantRange &CR = Result.getConstantRange(); 1641 if (const APInt *SingleVal = CR.getSingleElement()) 1642 return ConstantInt::get(V->getContext(), *SingleVal); 1643 } 1644 return nullptr; 1645 } 1646 1647 ConstantRange LazyValueInfo::getConstantRangeOnEdge(Value *V, 1648 BasicBlock *FromBB, 1649 BasicBlock *ToBB, 1650 Instruction *CxtI) { 1651 unsigned Width = V->getType()->getIntegerBitWidth(); 1652 Module *M = FromBB->getModule(); 1653 ValueLatticeElement Result = 1654 getImpl(PImpl, AC, M).getValueOnEdge(V, FromBB, ToBB, CxtI); 1655 1656 if (Result.isUnknown()) 1657 return ConstantRange::getEmpty(Width); 1658 if (Result.isConstantRange()) 1659 return Result.getConstantRange(); 1660 // We represent ConstantInt constants as constant ranges but other kinds 1661 // of integer constants, i.e. ConstantExpr will be tagged as constants 1662 assert(!(Result.isConstant() && isa<ConstantInt>(Result.getConstant())) && 1663 "ConstantInt value must be represented as constantrange"); 1664 return ConstantRange::getFull(Width); 1665 } 1666 1667 static LazyValueInfo::Tristate 1668 getPredicateResult(unsigned Pred, Constant *C, const ValueLatticeElement &Val, 1669 const DataLayout &DL, TargetLibraryInfo *TLI) { 1670 // If we know the value is a constant, evaluate the conditional. 1671 Constant *Res = nullptr; 1672 if (Val.isConstant()) { 1673 Res = ConstantFoldCompareInstOperands(Pred, Val.getConstant(), C, DL, TLI); 1674 if (ConstantInt *ResCI = dyn_cast<ConstantInt>(Res)) 1675 return ResCI->isZero() ? LazyValueInfo::False : LazyValueInfo::True; 1676 return LazyValueInfo::Unknown; 1677 } 1678 1679 if (Val.isConstantRange()) { 1680 ConstantInt *CI = dyn_cast<ConstantInt>(C); 1681 if (!CI) return LazyValueInfo::Unknown; 1682 1683 const ConstantRange &CR = Val.getConstantRange(); 1684 if (Pred == ICmpInst::ICMP_EQ) { 1685 if (!CR.contains(CI->getValue())) 1686 return LazyValueInfo::False; 1687 1688 if (CR.isSingleElement()) 1689 return LazyValueInfo::True; 1690 } else if (Pred == ICmpInst::ICMP_NE) { 1691 if (!CR.contains(CI->getValue())) 1692 return LazyValueInfo::True; 1693 1694 if (CR.isSingleElement()) 1695 return LazyValueInfo::False; 1696 } else { 1697 // Handle more complex predicates. 1698 ConstantRange TrueValues = ConstantRange::makeExactICmpRegion( 1699 (ICmpInst::Predicate)Pred, CI->getValue()); 1700 if (TrueValues.contains(CR)) 1701 return LazyValueInfo::True; 1702 if (TrueValues.inverse().contains(CR)) 1703 return LazyValueInfo::False; 1704 } 1705 return LazyValueInfo::Unknown; 1706 } 1707 1708 if (Val.isNotConstant()) { 1709 // If this is an equality comparison, we can try to fold it knowing that 1710 // "V != C1". 1711 if (Pred == ICmpInst::ICMP_EQ) { 1712 // !C1 == C -> false iff C1 == C. 1713 Res = ConstantFoldCompareInstOperands(ICmpInst::ICMP_NE, 1714 Val.getNotConstant(), C, DL, 1715 TLI); 1716 if (Res->isNullValue()) 1717 return LazyValueInfo::False; 1718 } else if (Pred == ICmpInst::ICMP_NE) { 1719 // !C1 != C -> true iff C1 == C. 1720 Res = ConstantFoldCompareInstOperands(ICmpInst::ICMP_NE, 1721 Val.getNotConstant(), C, DL, 1722 TLI); 1723 if (Res->isNullValue()) 1724 return LazyValueInfo::True; 1725 } 1726 return LazyValueInfo::Unknown; 1727 } 1728 1729 return LazyValueInfo::Unknown; 1730 } 1731 1732 /// Determine whether the specified value comparison with a constant is known to 1733 /// be true or false on the specified CFG edge. Pred is a CmpInst predicate. 1734 LazyValueInfo::Tristate 1735 LazyValueInfo::getPredicateOnEdge(unsigned Pred, Value *V, Constant *C, 1736 BasicBlock *FromBB, BasicBlock *ToBB, 1737 Instruction *CxtI) { 1738 Module *M = FromBB->getModule(); 1739 ValueLatticeElement Result = 1740 getImpl(PImpl, AC, M).getValueOnEdge(V, FromBB, ToBB, CxtI); 1741 1742 return getPredicateResult(Pred, C, Result, M->getDataLayout(), TLI); 1743 } 1744 1745 LazyValueInfo::Tristate 1746 LazyValueInfo::getPredicateAt(unsigned Pred, Value *V, Constant *C, 1747 Instruction *CxtI, bool UseBlockValue) { 1748 // Is or is not NonNull are common predicates being queried. If 1749 // isKnownNonZero can tell us the result of the predicate, we can 1750 // return it quickly. But this is only a fastpath, and falling 1751 // through would still be correct. 1752 Module *M = CxtI->getModule(); 1753 const DataLayout &DL = M->getDataLayout(); 1754 if (V->getType()->isPointerTy() && C->isNullValue() && 1755 isKnownNonZero(V->stripPointerCastsSameRepresentation(), DL)) { 1756 if (Pred == ICmpInst::ICMP_EQ) 1757 return LazyValueInfo::False; 1758 else if (Pred == ICmpInst::ICMP_NE) 1759 return LazyValueInfo::True; 1760 } 1761 1762 ValueLatticeElement Result = UseBlockValue 1763 ? getImpl(PImpl, AC, M).getValueInBlock(V, CxtI->getParent(), CxtI) 1764 : getImpl(PImpl, AC, M).getValueAt(V, CxtI); 1765 Tristate Ret = getPredicateResult(Pred, C, Result, DL, TLI); 1766 if (Ret != Unknown) 1767 return Ret; 1768 1769 // Note: The following bit of code is somewhat distinct from the rest of LVI; 1770 // LVI as a whole tries to compute a lattice value which is conservatively 1771 // correct at a given location. In this case, we have a predicate which we 1772 // weren't able to prove about the merged result, and we're pushing that 1773 // predicate back along each incoming edge to see if we can prove it 1774 // separately for each input. As a motivating example, consider: 1775 // bb1: 1776 // %v1 = ... ; constantrange<1, 5> 1777 // br label %merge 1778 // bb2: 1779 // %v2 = ... ; constantrange<10, 20> 1780 // br label %merge 1781 // merge: 1782 // %phi = phi [%v1, %v2] ; constantrange<1,20> 1783 // %pred = icmp eq i32 %phi, 8 1784 // We can't tell from the lattice value for '%phi' that '%pred' is false 1785 // along each path, but by checking the predicate over each input separately, 1786 // we can. 1787 // We limit the search to one step backwards from the current BB and value. 1788 // We could consider extending this to search further backwards through the 1789 // CFG and/or value graph, but there are non-obvious compile time vs quality 1790 // tradeoffs. 1791 if (CxtI) { 1792 BasicBlock *BB = CxtI->getParent(); 1793 1794 // Function entry or an unreachable block. Bail to avoid confusing 1795 // analysis below. 1796 pred_iterator PI = pred_begin(BB), PE = pred_end(BB); 1797 if (PI == PE) 1798 return Unknown; 1799 1800 // If V is a PHI node in the same block as the context, we need to ask 1801 // questions about the predicate as applied to the incoming value along 1802 // each edge. This is useful for eliminating cases where the predicate is 1803 // known along all incoming edges. 1804 if (auto *PHI = dyn_cast<PHINode>(V)) 1805 if (PHI->getParent() == BB) { 1806 Tristate Baseline = Unknown; 1807 for (unsigned i = 0, e = PHI->getNumIncomingValues(); i < e; i++) { 1808 Value *Incoming = PHI->getIncomingValue(i); 1809 BasicBlock *PredBB = PHI->getIncomingBlock(i); 1810 // Note that PredBB may be BB itself. 1811 Tristate Result = getPredicateOnEdge(Pred, Incoming, C, PredBB, BB, 1812 CxtI); 1813 1814 // Keep going as long as we've seen a consistent known result for 1815 // all inputs. 1816 Baseline = (i == 0) ? Result /* First iteration */ 1817 : (Baseline == Result ? Baseline : Unknown); /* All others */ 1818 if (Baseline == Unknown) 1819 break; 1820 } 1821 if (Baseline != Unknown) 1822 return Baseline; 1823 } 1824 1825 // For a comparison where the V is outside this block, it's possible 1826 // that we've branched on it before. Look to see if the value is known 1827 // on all incoming edges. 1828 if (!isa<Instruction>(V) || 1829 cast<Instruction>(V)->getParent() != BB) { 1830 // For predecessor edge, determine if the comparison is true or false 1831 // on that edge. If they're all true or all false, we can conclude 1832 // the value of the comparison in this block. 1833 Tristate Baseline = getPredicateOnEdge(Pred, V, C, *PI, BB, CxtI); 1834 if (Baseline != Unknown) { 1835 // Check that all remaining incoming values match the first one. 1836 while (++PI != PE) { 1837 Tristate Ret = getPredicateOnEdge(Pred, V, C, *PI, BB, CxtI); 1838 if (Ret != Baseline) break; 1839 } 1840 // If we terminated early, then one of the values didn't match. 1841 if (PI == PE) { 1842 return Baseline; 1843 } 1844 } 1845 } 1846 } 1847 return Unknown; 1848 } 1849 1850 void LazyValueInfo::threadEdge(BasicBlock *PredBB, BasicBlock *OldSucc, 1851 BasicBlock *NewSucc) { 1852 if (PImpl) { 1853 getImpl(PImpl, AC, PredBB->getModule()) 1854 .threadEdge(PredBB, OldSucc, NewSucc); 1855 } 1856 } 1857 1858 void LazyValueInfo::eraseBlock(BasicBlock *BB) { 1859 if (PImpl) { 1860 getImpl(PImpl, AC, BB->getModule()).eraseBlock(BB); 1861 } 1862 } 1863 1864 1865 void LazyValueInfo::printLVI(Function &F, DominatorTree &DTree, raw_ostream &OS) { 1866 if (PImpl) { 1867 getImpl(PImpl, AC, F.getParent()).printLVI(F, DTree, OS); 1868 } 1869 } 1870 1871 // Print the LVI for the function arguments at the start of each basic block. 1872 void LazyValueInfoAnnotatedWriter::emitBasicBlockStartAnnot( 1873 const BasicBlock *BB, formatted_raw_ostream &OS) { 1874 // Find if there are latticevalues defined for arguments of the function. 1875 auto *F = BB->getParent(); 1876 for (auto &Arg : F->args()) { 1877 ValueLatticeElement Result = LVIImpl->getValueInBlock( 1878 const_cast<Argument *>(&Arg), const_cast<BasicBlock *>(BB)); 1879 if (Result.isUnknown()) 1880 continue; 1881 OS << "; LatticeVal for: '" << Arg << "' is: " << Result << "\n"; 1882 } 1883 } 1884 1885 // This function prints the LVI analysis for the instruction I at the beginning 1886 // of various basic blocks. It relies on calculated values that are stored in 1887 // the LazyValueInfoCache, and in the absence of cached values, recalculate the 1888 // LazyValueInfo for `I`, and print that info. 1889 void LazyValueInfoAnnotatedWriter::emitInstructionAnnot( 1890 const Instruction *I, formatted_raw_ostream &OS) { 1891 1892 auto *ParentBB = I->getParent(); 1893 SmallPtrSet<const BasicBlock*, 16> BlocksContainingLVI; 1894 // We can generate (solve) LVI values only for blocks that are dominated by 1895 // the I's parent. However, to avoid generating LVI for all dominating blocks, 1896 // that contain redundant/uninteresting information, we print LVI for 1897 // blocks that may use this LVI information (such as immediate successor 1898 // blocks, and blocks that contain uses of `I`). 1899 auto printResult = [&](const BasicBlock *BB) { 1900 if (!BlocksContainingLVI.insert(BB).second) 1901 return; 1902 ValueLatticeElement Result = LVIImpl->getValueInBlock( 1903 const_cast<Instruction *>(I), const_cast<BasicBlock *>(BB)); 1904 OS << "; LatticeVal for: '" << *I << "' in BB: '"; 1905 BB->printAsOperand(OS, false); 1906 OS << "' is: " << Result << "\n"; 1907 }; 1908 1909 printResult(ParentBB); 1910 // Print the LVI analysis results for the immediate successor blocks, that 1911 // are dominated by `ParentBB`. 1912 for (auto *BBSucc : successors(ParentBB)) 1913 if (DT.dominates(ParentBB, BBSucc)) 1914 printResult(BBSucc); 1915 1916 // Print LVI in blocks where `I` is used. 1917 for (auto *U : I->users()) 1918 if (auto *UseI = dyn_cast<Instruction>(U)) 1919 if (!isa<PHINode>(UseI) || DT.dominates(ParentBB, UseI->getParent())) 1920 printResult(UseI->getParent()); 1921 1922 } 1923 1924 namespace { 1925 // Printer class for LazyValueInfo results. 1926 class LazyValueInfoPrinter : public FunctionPass { 1927 public: 1928 static char ID; // Pass identification, replacement for typeid 1929 LazyValueInfoPrinter() : FunctionPass(ID) { 1930 initializeLazyValueInfoPrinterPass(*PassRegistry::getPassRegistry()); 1931 } 1932 1933 void getAnalysisUsage(AnalysisUsage &AU) const override { 1934 AU.setPreservesAll(); 1935 AU.addRequired<LazyValueInfoWrapperPass>(); 1936 AU.addRequired<DominatorTreeWrapperPass>(); 1937 } 1938 1939 // Get the mandatory dominator tree analysis and pass this in to the 1940 // LVIPrinter. We cannot rely on the LVI's DT, since it's optional. 1941 bool runOnFunction(Function &F) override { 1942 dbgs() << "LVI for function '" << F.getName() << "':\n"; 1943 auto &LVI = getAnalysis<LazyValueInfoWrapperPass>().getLVI(); 1944 auto &DTree = getAnalysis<DominatorTreeWrapperPass>().getDomTree(); 1945 LVI.printLVI(F, DTree, dbgs()); 1946 return false; 1947 } 1948 }; 1949 } 1950 1951 char LazyValueInfoPrinter::ID = 0; 1952 INITIALIZE_PASS_BEGIN(LazyValueInfoPrinter, "print-lazy-value-info", 1953 "Lazy Value Info Printer Pass", false, false) 1954 INITIALIZE_PASS_DEPENDENCY(LazyValueInfoWrapperPass) 1955 INITIALIZE_PASS_END(LazyValueInfoPrinter, "print-lazy-value-info", 1956 "Lazy Value Info Printer Pass", false, false) 1957