1 //===- Loads.cpp - Local load analysis ------------------------------------===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file defines simple local analyses for load instructions. 11 // 12 //===----------------------------------------------------------------------===// 13 14 #include "llvm/Analysis/Loads.h" 15 #include "llvm/Analysis/AliasAnalysis.h" 16 #include "llvm/Analysis/ValueTracking.h" 17 #include "llvm/IR/DataLayout.h" 18 #include "llvm/IR/GlobalAlias.h" 19 #include "llvm/IR/GlobalVariable.h" 20 #include "llvm/IR/IntrinsicInst.h" 21 #include "llvm/IR/LLVMContext.h" 22 #include "llvm/IR/Module.h" 23 #include "llvm/IR/Operator.h" 24 #include "llvm/IR/Statepoint.h" 25 26 using namespace llvm; 27 28 static bool isAligned(const Value *Base, const APInt &Offset, unsigned Align, 29 const DataLayout &DL) { 30 APInt BaseAlign(Offset.getBitWidth(), Base->getPointerAlignment(DL)); 31 32 if (!BaseAlign) { 33 Type *Ty = Base->getType()->getPointerElementType(); 34 if (!Ty->isSized()) 35 return false; 36 BaseAlign = DL.getABITypeAlignment(Ty); 37 } 38 39 APInt Alignment(Offset.getBitWidth(), Align); 40 41 assert(Alignment.isPowerOf2() && "must be a power of 2!"); 42 return BaseAlign.uge(Alignment) && !(Offset & (Alignment-1)); 43 } 44 45 static bool isAligned(const Value *Base, unsigned Align, const DataLayout &DL) { 46 Type *Ty = Base->getType(); 47 assert(Ty->isSized() && "must be sized"); 48 APInt Offset(DL.getTypeStoreSizeInBits(Ty), 0); 49 return isAligned(Base, Offset, Align, DL); 50 } 51 52 /// Test if V is always a pointer to allocated and suitably aligned memory for 53 /// a simple load or store. 54 static bool isDereferenceableAndAlignedPointer( 55 const Value *V, unsigned Align, const APInt &Size, const DataLayout &DL, 56 const Instruction *CtxI, const DominatorTree *DT, 57 const TargetLibraryInfo *TLI, SmallPtrSetImpl<const Value *> &Visited) { 58 // Note that it is not safe to speculate into a malloc'd region because 59 // malloc may return null. 60 61 // bitcast instructions are no-ops as far as dereferenceability is concerned. 62 if (const BitCastOperator *BC = dyn_cast<BitCastOperator>(V)) 63 return isDereferenceableAndAlignedPointer(BC->getOperand(0), Align, Size, 64 DL, CtxI, DT, TLI, Visited); 65 66 bool CheckForNonNull = false; 67 APInt KnownDerefBytes(Size.getBitWidth(), 68 V->getPointerDereferenceableBytes(DL, CheckForNonNull)); 69 if (KnownDerefBytes.getBoolValue()) { 70 if (KnownDerefBytes.uge(Size)) 71 if (!CheckForNonNull || isKnownNonNullAt(V, CtxI, DT, TLI)) 72 return isAligned(V, Align, DL); 73 } 74 75 // For GEPs, determine if the indexing lands within the allocated object. 76 if (const GEPOperator *GEP = dyn_cast<GEPOperator>(V)) { 77 const Value *Base = GEP->getPointerOperand(); 78 79 APInt Offset(DL.getPointerTypeSizeInBits(GEP->getType()), 0); 80 if (!GEP->accumulateConstantOffset(DL, Offset) || Offset.isNegative() || 81 !Offset.urem(APInt(Offset.getBitWidth(), Align)).isMinValue()) 82 return false; 83 84 // If the base pointer is dereferenceable for Offset+Size bytes, then the 85 // GEP (== Base + Offset) is dereferenceable for Size bytes. If the base 86 // pointer is aligned to Align bytes, and the Offset is divisible by Align 87 // then the GEP (== Base + Offset == k_0 * Align + k_1 * Align) is also 88 // aligned to Align bytes. 89 90 return Visited.insert(Base).second && 91 isDereferenceableAndAlignedPointer(Base, Align, Offset + Size, DL, 92 CtxI, DT, TLI, Visited); 93 } 94 95 // For gc.relocate, look through relocations 96 if (const GCRelocateInst *RelocateInst = dyn_cast<GCRelocateInst>(V)) 97 return isDereferenceableAndAlignedPointer( 98 RelocateInst->getDerivedPtr(), Align, Size, DL, CtxI, DT, TLI, Visited); 99 100 if (const AddrSpaceCastInst *ASC = dyn_cast<AddrSpaceCastInst>(V)) 101 return isDereferenceableAndAlignedPointer(ASC->getOperand(0), Align, Size, 102 DL, CtxI, DT, TLI, Visited); 103 104 // If we don't know, assume the worst. 105 return false; 106 } 107 108 bool llvm::isDereferenceableAndAlignedPointer(const Value *V, unsigned Align, 109 const DataLayout &DL, 110 const Instruction *CtxI, 111 const DominatorTree *DT, 112 const TargetLibraryInfo *TLI) { 113 // When dereferenceability information is provided by a dereferenceable 114 // attribute, we know exactly how many bytes are dereferenceable. If we can 115 // determine the exact offset to the attributed variable, we can use that 116 // information here. 117 Type *VTy = V->getType(); 118 Type *Ty = VTy->getPointerElementType(); 119 120 // Require ABI alignment for loads without alignment specification 121 if (Align == 0) 122 Align = DL.getABITypeAlignment(Ty); 123 124 if (!Ty->isSized()) 125 return false; 126 127 SmallPtrSet<const Value *, 32> Visited; 128 return ::isDereferenceableAndAlignedPointer( 129 V, Align, APInt(DL.getTypeSizeInBits(VTy), DL.getTypeStoreSize(Ty)), DL, 130 CtxI, DT, TLI, Visited); 131 } 132 133 bool llvm::isDereferenceablePointer(const Value *V, const DataLayout &DL, 134 const Instruction *CtxI, 135 const DominatorTree *DT, 136 const TargetLibraryInfo *TLI) { 137 return isDereferenceableAndAlignedPointer(V, 1, DL, CtxI, DT, TLI); 138 } 139 140 /// \brief Test if A and B will obviously have the same value. 141 /// 142 /// This includes recognizing that %t0 and %t1 will have the same 143 /// value in code like this: 144 /// \code 145 /// %t0 = getelementptr \@a, 0, 3 146 /// store i32 0, i32* %t0 147 /// %t1 = getelementptr \@a, 0, 3 148 /// %t2 = load i32* %t1 149 /// \endcode 150 /// 151 static bool AreEquivalentAddressValues(const Value *A, const Value *B) { 152 // Test if the values are trivially equivalent. 153 if (A == B) 154 return true; 155 156 // Test if the values come from identical arithmetic instructions. 157 // Use isIdenticalToWhenDefined instead of isIdenticalTo because 158 // this function is only used when one address use dominates the 159 // other, which means that they'll always either have the same 160 // value or one of them will have an undefined value. 161 if (isa<BinaryOperator>(A) || isa<CastInst>(A) || isa<PHINode>(A) || 162 isa<GetElementPtrInst>(A)) 163 if (const Instruction *BI = dyn_cast<Instruction>(B)) 164 if (cast<Instruction>(A)->isIdenticalToWhenDefined(BI)) 165 return true; 166 167 // Otherwise they may not be equivalent. 168 return false; 169 } 170 171 /// \brief Check if executing a load of this pointer value cannot trap. 172 /// 173 /// If DT and ScanFrom are specified this method performs context-sensitive 174 /// analysis and returns true if it is safe to load immediately before ScanFrom. 175 /// 176 /// If it is not obviously safe to load from the specified pointer, we do 177 /// a quick local scan of the basic block containing \c ScanFrom, to determine 178 /// if the address is already accessed. 179 /// 180 /// This uses the pointee type to determine how many bytes need to be safe to 181 /// load from the pointer. 182 bool llvm::isSafeToLoadUnconditionally(Value *V, unsigned Align, 183 const DataLayout &DL, 184 Instruction *ScanFrom, 185 const DominatorTree *DT, 186 const TargetLibraryInfo *TLI) { 187 // Zero alignment means that the load has the ABI alignment for the target 188 if (Align == 0) 189 Align = DL.getABITypeAlignment(V->getType()->getPointerElementType()); 190 assert(isPowerOf2_32(Align)); 191 192 // If DT is not specified we can't make context-sensitive query 193 const Instruction* CtxI = DT ? ScanFrom : nullptr; 194 if (isDereferenceableAndAlignedPointer(V, Align, DL, CtxI, DT, TLI)) 195 return true; 196 197 int64_t ByteOffset = 0; 198 Value *Base = V; 199 Base = GetPointerBaseWithConstantOffset(V, ByteOffset, DL); 200 201 if (ByteOffset < 0) // out of bounds 202 return false; 203 204 Type *BaseType = nullptr; 205 unsigned BaseAlign = 0; 206 if (const AllocaInst *AI = dyn_cast<AllocaInst>(Base)) { 207 // An alloca is safe to load from as load as it is suitably aligned. 208 BaseType = AI->getAllocatedType(); 209 BaseAlign = AI->getAlignment(); 210 } else if (const GlobalVariable *GV = dyn_cast<GlobalVariable>(Base)) { 211 // Global variables are not necessarily safe to load from if they are 212 // interposed arbitrarily. Their size may change or they may be weak and 213 // require a test to determine if they were in fact provided. 214 if (!GV->isInterposable()) { 215 BaseType = GV->getType()->getElementType(); 216 BaseAlign = GV->getAlignment(); 217 } 218 } 219 220 PointerType *AddrTy = cast<PointerType>(V->getType()); 221 uint64_t LoadSize = DL.getTypeStoreSize(AddrTy->getElementType()); 222 223 // If we found a base allocated type from either an alloca or global variable, 224 // try to see if we are definitively within the allocated region. We need to 225 // know the size of the base type and the loaded type to do anything in this 226 // case. 227 if (BaseType && BaseType->isSized()) { 228 if (BaseAlign == 0) 229 BaseAlign = DL.getPrefTypeAlignment(BaseType); 230 231 if (Align <= BaseAlign) { 232 // Check if the load is within the bounds of the underlying object. 233 if (ByteOffset + LoadSize <= DL.getTypeAllocSize(BaseType) && 234 ((ByteOffset % Align) == 0)) 235 return true; 236 } 237 } 238 239 if (!ScanFrom) 240 return false; 241 242 // Otherwise, be a little bit aggressive by scanning the local block where we 243 // want to check to see if the pointer is already being loaded or stored 244 // from/to. If so, the previous load or store would have already trapped, 245 // so there is no harm doing an extra load (also, CSE will later eliminate 246 // the load entirely). 247 BasicBlock::iterator BBI = ScanFrom->getIterator(), 248 E = ScanFrom->getParent()->begin(); 249 250 // We can at least always strip pointer casts even though we can't use the 251 // base here. 252 V = V->stripPointerCasts(); 253 254 while (BBI != E) { 255 --BBI; 256 257 // If we see a free or a call which may write to memory (i.e. which might do 258 // a free) the pointer could be marked invalid. 259 if (isa<CallInst>(BBI) && BBI->mayWriteToMemory() && 260 !isa<DbgInfoIntrinsic>(BBI)) 261 return false; 262 263 Value *AccessedPtr; 264 unsigned AccessedAlign; 265 if (LoadInst *LI = dyn_cast<LoadInst>(BBI)) { 266 AccessedPtr = LI->getPointerOperand(); 267 AccessedAlign = LI->getAlignment(); 268 } else if (StoreInst *SI = dyn_cast<StoreInst>(BBI)) { 269 AccessedPtr = SI->getPointerOperand(); 270 AccessedAlign = SI->getAlignment(); 271 } else 272 continue; 273 274 Type *AccessedTy = AccessedPtr->getType()->getPointerElementType(); 275 if (AccessedAlign == 0) 276 AccessedAlign = DL.getABITypeAlignment(AccessedTy); 277 if (AccessedAlign < Align) 278 continue; 279 280 // Handle trivial cases. 281 if (AccessedPtr == V) 282 return true; 283 284 if (AreEquivalentAddressValues(AccessedPtr->stripPointerCasts(), V) && 285 LoadSize <= DL.getTypeStoreSize(AccessedTy)) 286 return true; 287 } 288 return false; 289 } 290 291 /// DefMaxInstsToScan - the default number of maximum instructions 292 /// to scan in the block, used by FindAvailableLoadedValue(). 293 /// FindAvailableLoadedValue() was introduced in r60148, to improve jump 294 /// threading in part by eliminating partially redundant loads. 295 /// At that point, the value of MaxInstsToScan was already set to '6' 296 /// without documented explanation. 297 cl::opt<unsigned> 298 llvm::DefMaxInstsToScan("available-load-scan-limit", cl::init(6), cl::Hidden, 299 cl::desc("Use this to specify the default maximum number of instructions " 300 "to scan backward from a given instruction, when searching for " 301 "available loaded value")); 302 303 /// \brief Scan the ScanBB block backwards to see if we have the value at the 304 /// memory address *Ptr locally available within a small number of instructions. 305 /// 306 /// The scan starts from \c ScanFrom. \c MaxInstsToScan specifies the maximum 307 /// instructions to scan in the block. If it is set to \c 0, it will scan the whole 308 /// block. 309 /// 310 /// If the value is available, this function returns it. If not, it returns the 311 /// iterator for the last validated instruction that the value would be live 312 /// through. If we scanned the entire block and didn't find something that 313 /// invalidates \c *Ptr or provides it, \c ScanFrom is left at the last 314 /// instruction processed and this returns null. 315 /// 316 /// You can also optionally specify an alias analysis implementation, which 317 /// makes this more precise. 318 /// 319 /// If \c AATags is non-null and a load or store is found, the AA tags from the 320 /// load or store are recorded there. If there are no AA tags or if no access is 321 /// found, it is left unmodified. 322 Value *llvm::FindAvailableLoadedValue(LoadInst *Load, BasicBlock *ScanBB, 323 BasicBlock::iterator &ScanFrom, 324 unsigned MaxInstsToScan, 325 AliasAnalysis *AA, AAMDNodes *AATags, 326 bool *IsLoadCSE) { 327 if (MaxInstsToScan == 0) 328 MaxInstsToScan = ~0U; 329 330 Value *Ptr = Load->getPointerOperand(); 331 Type *AccessTy = Load->getType(); 332 333 // We can never remove a volatile load 334 if (Load->isVolatile()) 335 return nullptr; 336 337 // Anything stronger than unordered is currently unimplemented. 338 if (!Load->isUnordered()) 339 return nullptr; 340 341 const DataLayout &DL = ScanBB->getModule()->getDataLayout(); 342 343 // Try to get the store size for the type. 344 uint64_t AccessSize = DL.getTypeStoreSize(AccessTy); 345 346 Value *StrippedPtr = Ptr->stripPointerCasts(); 347 348 while (ScanFrom != ScanBB->begin()) { 349 // We must ignore debug info directives when counting (otherwise they 350 // would affect codegen). 351 Instruction *Inst = &*--ScanFrom; 352 if (isa<DbgInfoIntrinsic>(Inst)) 353 continue; 354 355 // Restore ScanFrom to expected value in case next test succeeds 356 ScanFrom++; 357 358 // Don't scan huge blocks. 359 if (MaxInstsToScan-- == 0) 360 return nullptr; 361 362 --ScanFrom; 363 // If this is a load of Ptr, the loaded value is available. 364 // (This is true even if the load is volatile or atomic, although 365 // those cases are unlikely.) 366 if (LoadInst *LI = dyn_cast<LoadInst>(Inst)) 367 if (AreEquivalentAddressValues( 368 LI->getPointerOperand()->stripPointerCasts(), StrippedPtr) && 369 CastInst::isBitOrNoopPointerCastable(LI->getType(), AccessTy, DL)) { 370 371 // We can value forward from an atomic to a non-atomic, but not the 372 // other way around. 373 if (LI->isAtomic() < Load->isAtomic()) 374 return nullptr; 375 376 if (AATags) 377 LI->getAAMetadata(*AATags); 378 if (IsLoadCSE) 379 *IsLoadCSE = true; 380 return LI; 381 } 382 383 if (StoreInst *SI = dyn_cast<StoreInst>(Inst)) { 384 Value *StorePtr = SI->getPointerOperand()->stripPointerCasts(); 385 // If this is a store through Ptr, the value is available! 386 // (This is true even if the store is volatile or atomic, although 387 // those cases are unlikely.) 388 if (AreEquivalentAddressValues(StorePtr, StrippedPtr) && 389 CastInst::isBitOrNoopPointerCastable(SI->getValueOperand()->getType(), 390 AccessTy, DL)) { 391 392 // We can value forward from an atomic to a non-atomic, but not the 393 // other way around. 394 if (SI->isAtomic() < Load->isAtomic()) 395 return nullptr; 396 397 if (AATags) 398 SI->getAAMetadata(*AATags); 399 return SI->getOperand(0); 400 } 401 402 // If both StrippedPtr and StorePtr reach all the way to an alloca or 403 // global and they are different, ignore the store. This is a trivial form 404 // of alias analysis that is important for reg2mem'd code. 405 if ((isa<AllocaInst>(StrippedPtr) || isa<GlobalVariable>(StrippedPtr)) && 406 (isa<AllocaInst>(StorePtr) || isa<GlobalVariable>(StorePtr)) && 407 StrippedPtr != StorePtr) 408 continue; 409 410 // If we have alias analysis and it says the store won't modify the loaded 411 // value, ignore the store. 412 if (AA && (AA->getModRefInfo(SI, StrippedPtr, AccessSize) & MRI_Mod) == 0) 413 continue; 414 415 // Otherwise the store that may or may not alias the pointer, bail out. 416 ++ScanFrom; 417 return nullptr; 418 } 419 420 // If this is some other instruction that may clobber Ptr, bail out. 421 if (Inst->mayWriteToMemory()) { 422 // If alias analysis claims that it really won't modify the load, 423 // ignore it. 424 if (AA && 425 (AA->getModRefInfo(Inst, StrippedPtr, AccessSize) & MRI_Mod) == 0) 426 continue; 427 428 // May modify the pointer, bail out. 429 ++ScanFrom; 430 return nullptr; 431 } 432 } 433 434 // Got to the start of the block, we didn't find it, but are done for this 435 // block. 436 return nullptr; 437 } 438