1 //===- Loads.cpp - Local load analysis ------------------------------------===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file defines simple local analyses for load instructions. 11 // 12 //===----------------------------------------------------------------------===// 13 14 #include "llvm/Analysis/Loads.h" 15 #include "llvm/Analysis/AliasAnalysis.h" 16 #include "llvm/Analysis/ValueTracking.h" 17 #include "llvm/IR/DataLayout.h" 18 #include "llvm/IR/GlobalAlias.h" 19 #include "llvm/IR/GlobalVariable.h" 20 #include "llvm/IR/IntrinsicInst.h" 21 #include "llvm/IR/LLVMContext.h" 22 #include "llvm/IR/Module.h" 23 #include "llvm/IR/Operator.h" 24 #include "llvm/IR/Statepoint.h" 25 26 using namespace llvm; 27 28 static bool isDereferenceableFromAttribute(const Value *BV, APInt Offset, 29 Type *Ty, const DataLayout &DL, 30 const Instruction *CtxI, 31 const DominatorTree *DT, 32 const TargetLibraryInfo *TLI) { 33 assert(Offset.isNonNegative() && "offset can't be negative"); 34 assert(Ty->isSized() && "must be sized"); 35 36 bool CheckForNonNull = false; 37 APInt DerefBytes(Offset.getBitWidth(), 38 BV->getPointerDereferenceableBytes(CheckForNonNull)); 39 40 if (DerefBytes.getBoolValue()) 41 if (DerefBytes.uge(Offset + DL.getTypeStoreSize(Ty))) 42 if (!CheckForNonNull || isKnownNonNullAt(BV, CtxI, DT, TLI)) 43 return true; 44 45 return false; 46 } 47 48 static bool isDereferenceableFromAttribute(const Value *V, const DataLayout &DL, 49 const Instruction *CtxI, 50 const DominatorTree *DT, 51 const TargetLibraryInfo *TLI) { 52 Type *VTy = V->getType(); 53 Type *Ty = VTy->getPointerElementType(); 54 if (!Ty->isSized()) 55 return false; 56 57 APInt Offset(DL.getTypeStoreSizeInBits(VTy), 0); 58 return isDereferenceableFromAttribute(V, Offset, Ty, DL, CtxI, DT, TLI); 59 } 60 61 static bool isAligned(const Value *Base, APInt Offset, unsigned Align, 62 const DataLayout &DL) { 63 APInt BaseAlign(Offset.getBitWidth(), Base->getPointerAlignment(DL)); 64 65 if (!BaseAlign) { 66 Type *Ty = Base->getType()->getPointerElementType(); 67 if (!Ty->isSized()) 68 return false; 69 BaseAlign = DL.getABITypeAlignment(Ty); 70 } 71 72 APInt Alignment(Offset.getBitWidth(), Align); 73 74 assert(Alignment.isPowerOf2() && "must be a power of 2!"); 75 return BaseAlign.uge(Alignment) && !(Offset & (Alignment-1)); 76 } 77 78 static bool isAligned(const Value *Base, unsigned Align, const DataLayout &DL) { 79 Type *Ty = Base->getType(); 80 assert(Ty->isSized() && "must be sized"); 81 APInt Offset(DL.getTypeStoreSizeInBits(Ty), 0); 82 return isAligned(Base, Offset, Align, DL); 83 } 84 85 /// Test if V is always a pointer to allocated and suitably aligned memory for 86 /// a simple load or store. 87 static bool isDereferenceableAndAlignedPointer( 88 const Value *V, unsigned Align, const DataLayout &DL, 89 const Instruction *CtxI, const DominatorTree *DT, 90 const TargetLibraryInfo *TLI, SmallPtrSetImpl<const Value *> &Visited) { 91 // Note that it is not safe to speculate into a malloc'd region because 92 // malloc may return null. 93 94 bool CheckForNonNull; 95 if (V->isPointerDereferenceable(CheckForNonNull)) { 96 if (CheckForNonNull && !isKnownNonNullAt(V, CtxI, DT, TLI)) 97 return false; 98 return isAligned(V, Align, DL); 99 } 100 101 // It's not always safe to follow a bitcast, for example: 102 // bitcast i8* (alloca i8) to i32* 103 // would result in a 4-byte load from a 1-byte alloca. However, 104 // if we're casting from a pointer from a type of larger size 105 // to a type of smaller size (or the same size), and the alignment 106 // is at least as large as for the resulting pointer type, then 107 // we can look through the bitcast. 108 if (const BitCastOperator *BC = dyn_cast<BitCastOperator>(V)) { 109 Type *STy = BC->getSrcTy()->getPointerElementType(), 110 *DTy = BC->getDestTy()->getPointerElementType(); 111 if (STy->isSized() && DTy->isSized() && 112 (DL.getTypeStoreSize(STy) >= DL.getTypeStoreSize(DTy)) && 113 (DL.getABITypeAlignment(STy) >= DL.getABITypeAlignment(DTy))) 114 return isDereferenceableAndAlignedPointer(BC->getOperand(0), Align, DL, 115 CtxI, DT, TLI, Visited); 116 } 117 118 if (isDereferenceableFromAttribute(V, DL, CtxI, DT, TLI)) 119 return isAligned(V, Align, DL); 120 121 // For GEPs, determine if the indexing lands within the allocated object. 122 if (const GEPOperator *GEP = dyn_cast<GEPOperator>(V)) { 123 Type *Ty = GEP->getResultElementType(); 124 const Value *Base = GEP->getPointerOperand(); 125 126 // Conservatively require that the base pointer be fully dereferenceable 127 // and aligned. 128 if (!Visited.insert(Base).second) 129 return false; 130 if (!isDereferenceableAndAlignedPointer(Base, Align, DL, CtxI, DT, TLI, 131 Visited)) 132 return false; 133 134 APInt Offset(DL.getPointerTypeSizeInBits(GEP->getType()), 0); 135 if (!GEP->accumulateConstantOffset(DL, Offset)) 136 return false; 137 138 // Check if the load is within the bounds of the underlying object 139 // and offset is aligned. 140 uint64_t LoadSize = DL.getTypeStoreSize(Ty); 141 Type *BaseType = GEP->getSourceElementType(); 142 assert(isPowerOf2_32(Align) && "must be a power of 2!"); 143 return (Offset + LoadSize).ule(DL.getTypeAllocSize(BaseType)) && 144 !(Offset & APInt(Offset.getBitWidth(), Align-1)); 145 } 146 147 // For gc.relocate, look through relocations 148 if (const GCRelocateInst *RelocateInst = dyn_cast<GCRelocateInst>(V)) 149 return isDereferenceableAndAlignedPointer( 150 RelocateInst->getDerivedPtr(), Align, DL, CtxI, DT, TLI, Visited); 151 152 if (const AddrSpaceCastInst *ASC = dyn_cast<AddrSpaceCastInst>(V)) 153 return isDereferenceableAndAlignedPointer(ASC->getOperand(0), Align, DL, 154 CtxI, DT, TLI, Visited); 155 156 // If we don't know, assume the worst. 157 return false; 158 } 159 160 bool llvm::isDereferenceableAndAlignedPointer(const Value *V, unsigned Align, 161 const DataLayout &DL, 162 const Instruction *CtxI, 163 const DominatorTree *DT, 164 const TargetLibraryInfo *TLI) { 165 // When dereferenceability information is provided by a dereferenceable 166 // attribute, we know exactly how many bytes are dereferenceable. If we can 167 // determine the exact offset to the attributed variable, we can use that 168 // information here. 169 Type *VTy = V->getType(); 170 Type *Ty = VTy->getPointerElementType(); 171 172 // Require ABI alignment for loads without alignment specification 173 if (Align == 0) 174 Align = DL.getABITypeAlignment(Ty); 175 176 if (Ty->isSized()) { 177 APInt Offset(DL.getTypeStoreSizeInBits(VTy), 0); 178 const Value *BV = V->stripAndAccumulateInBoundsConstantOffsets(DL, Offset); 179 180 if (Offset.isNonNegative()) 181 if (isDereferenceableFromAttribute(BV, Offset, Ty, DL, CtxI, DT, TLI) && 182 isAligned(BV, Offset, Align, DL)) 183 return true; 184 } 185 186 SmallPtrSet<const Value *, 32> Visited; 187 return ::isDereferenceableAndAlignedPointer(V, Align, DL, CtxI, DT, TLI, 188 Visited); 189 } 190 191 bool llvm::isDereferenceablePointer(const Value *V, const DataLayout &DL, 192 const Instruction *CtxI, 193 const DominatorTree *DT, 194 const TargetLibraryInfo *TLI) { 195 return isDereferenceableAndAlignedPointer(V, 1, DL, CtxI, DT, TLI); 196 } 197 198 /// \brief Test if A and B will obviously have the same value. 199 /// 200 /// This includes recognizing that %t0 and %t1 will have the same 201 /// value in code like this: 202 /// \code 203 /// %t0 = getelementptr \@a, 0, 3 204 /// store i32 0, i32* %t0 205 /// %t1 = getelementptr \@a, 0, 3 206 /// %t2 = load i32* %t1 207 /// \endcode 208 /// 209 static bool AreEquivalentAddressValues(const Value *A, const Value *B) { 210 // Test if the values are trivially equivalent. 211 if (A == B) 212 return true; 213 214 // Test if the values come from identical arithmetic instructions. 215 // Use isIdenticalToWhenDefined instead of isIdenticalTo because 216 // this function is only used when one address use dominates the 217 // other, which means that they'll always either have the same 218 // value or one of them will have an undefined value. 219 if (isa<BinaryOperator>(A) || isa<CastInst>(A) || isa<PHINode>(A) || 220 isa<GetElementPtrInst>(A)) 221 if (const Instruction *BI = dyn_cast<Instruction>(B)) 222 if (cast<Instruction>(A)->isIdenticalToWhenDefined(BI)) 223 return true; 224 225 // Otherwise they may not be equivalent. 226 return false; 227 } 228 229 /// \brief Check if executing a load of this pointer value cannot trap. 230 /// 231 /// If DT and ScanFrom are specified this method performs context-sensitive 232 /// analysis and returns true if it is safe to load immediately before ScanFrom. 233 /// 234 /// If it is not obviously safe to load from the specified pointer, we do 235 /// a quick local scan of the basic block containing \c ScanFrom, to determine 236 /// if the address is already accessed. 237 /// 238 /// This uses the pointee type to determine how many bytes need to be safe to 239 /// load from the pointer. 240 bool llvm::isSafeToLoadUnconditionally(Value *V, unsigned Align, 241 const DataLayout &DL, 242 Instruction *ScanFrom, 243 const DominatorTree *DT, 244 const TargetLibraryInfo *TLI) { 245 // Zero alignment means that the load has the ABI alignment for the target 246 if (Align == 0) 247 Align = DL.getABITypeAlignment(V->getType()->getPointerElementType()); 248 assert(isPowerOf2_32(Align)); 249 250 // If DT is not specified we can't make context-sensitive query 251 const Instruction* CtxI = DT ? ScanFrom : nullptr; 252 if (isDereferenceableAndAlignedPointer(V, Align, DL, CtxI, DT, TLI)) 253 return true; 254 255 int64_t ByteOffset = 0; 256 Value *Base = V; 257 Base = GetPointerBaseWithConstantOffset(V, ByteOffset, DL); 258 259 if (ByteOffset < 0) // out of bounds 260 return false; 261 262 Type *BaseType = nullptr; 263 unsigned BaseAlign = 0; 264 if (const AllocaInst *AI = dyn_cast<AllocaInst>(Base)) { 265 // An alloca is safe to load from as load as it is suitably aligned. 266 BaseType = AI->getAllocatedType(); 267 BaseAlign = AI->getAlignment(); 268 } else if (const GlobalVariable *GV = dyn_cast<GlobalVariable>(Base)) { 269 // Global variables are not necessarily safe to load from if they are 270 // interposed arbitrarily. Their size may change or they may be weak and 271 // require a test to determine if they were in fact provided. 272 if (!GV->isInterposable()) { 273 BaseType = GV->getType()->getElementType(); 274 BaseAlign = GV->getAlignment(); 275 } 276 } 277 278 PointerType *AddrTy = cast<PointerType>(V->getType()); 279 uint64_t LoadSize = DL.getTypeStoreSize(AddrTy->getElementType()); 280 281 // If we found a base allocated type from either an alloca or global variable, 282 // try to see if we are definitively within the allocated region. We need to 283 // know the size of the base type and the loaded type to do anything in this 284 // case. 285 if (BaseType && BaseType->isSized()) { 286 if (BaseAlign == 0) 287 BaseAlign = DL.getPrefTypeAlignment(BaseType); 288 289 if (Align <= BaseAlign) { 290 // Check if the load is within the bounds of the underlying object. 291 if (ByteOffset + LoadSize <= DL.getTypeAllocSize(BaseType) && 292 ((ByteOffset % Align) == 0)) 293 return true; 294 } 295 } 296 297 if (!ScanFrom) 298 return false; 299 300 // Otherwise, be a little bit aggressive by scanning the local block where we 301 // want to check to see if the pointer is already being loaded or stored 302 // from/to. If so, the previous load or store would have already trapped, 303 // so there is no harm doing an extra load (also, CSE will later eliminate 304 // the load entirely). 305 BasicBlock::iterator BBI = ScanFrom->getIterator(), 306 E = ScanFrom->getParent()->begin(); 307 308 // We can at least always strip pointer casts even though we can't use the 309 // base here. 310 V = V->stripPointerCasts(); 311 312 while (BBI != E) { 313 --BBI; 314 315 // If we see a free or a call which may write to memory (i.e. which might do 316 // a free) the pointer could be marked invalid. 317 if (isa<CallInst>(BBI) && BBI->mayWriteToMemory() && 318 !isa<DbgInfoIntrinsic>(BBI)) 319 return false; 320 321 Value *AccessedPtr; 322 unsigned AccessedAlign; 323 if (LoadInst *LI = dyn_cast<LoadInst>(BBI)) { 324 AccessedPtr = LI->getPointerOperand(); 325 AccessedAlign = LI->getAlignment(); 326 } else if (StoreInst *SI = dyn_cast<StoreInst>(BBI)) { 327 AccessedPtr = SI->getPointerOperand(); 328 AccessedAlign = SI->getAlignment(); 329 } else 330 continue; 331 332 Type *AccessedTy = AccessedPtr->getType()->getPointerElementType(); 333 if (AccessedAlign == 0) 334 AccessedAlign = DL.getABITypeAlignment(AccessedTy); 335 if (AccessedAlign < Align) 336 continue; 337 338 // Handle trivial cases. 339 if (AccessedPtr == V) 340 return true; 341 342 if (AreEquivalentAddressValues(AccessedPtr->stripPointerCasts(), V) && 343 LoadSize <= DL.getTypeStoreSize(AccessedTy)) 344 return true; 345 } 346 return false; 347 } 348 349 /// DefMaxInstsToScan - the default number of maximum instructions 350 /// to scan in the block, used by FindAvailableLoadedValue(). 351 /// FindAvailableLoadedValue() was introduced in r60148, to improve jump 352 /// threading in part by eliminating partially redundant loads. 353 /// At that point, the value of MaxInstsToScan was already set to '6' 354 /// without documented explanation. 355 cl::opt<unsigned> 356 llvm::DefMaxInstsToScan("available-load-scan-limit", cl::init(6), cl::Hidden, 357 cl::desc("Use this to specify the default maximum number of instructions " 358 "to scan backward from a given instruction, when searching for " 359 "available loaded value")); 360 361 /// \brief Scan the ScanBB block backwards to see if we have the value at the 362 /// memory address *Ptr locally available within a small number of instructions. 363 /// 364 /// The scan starts from \c ScanFrom. \c MaxInstsToScan specifies the maximum 365 /// instructions to scan in the block. If it is set to \c 0, it will scan the whole 366 /// block. 367 /// 368 /// If the value is available, this function returns it. If not, it returns the 369 /// iterator for the last validated instruction that the value would be live 370 /// through. If we scanned the entire block and didn't find something that 371 /// invalidates \c *Ptr or provides it, \c ScanFrom is left at the last 372 /// instruction processed and this returns null. 373 /// 374 /// You can also optionally specify an alias analysis implementation, which 375 /// makes this more precise. 376 /// 377 /// If \c AATags is non-null and a load or store is found, the AA tags from the 378 /// load or store are recorded there. If there are no AA tags or if no access is 379 /// found, it is left unmodified. 380 Value *llvm::FindAvailableLoadedValue(LoadInst *Load, BasicBlock *ScanBB, 381 BasicBlock::iterator &ScanFrom, 382 unsigned MaxInstsToScan, 383 AliasAnalysis *AA, AAMDNodes *AATags) { 384 if (MaxInstsToScan == 0) 385 MaxInstsToScan = ~0U; 386 387 Value *Ptr = Load->getPointerOperand(); 388 Type *AccessTy = Load->getType(); 389 390 // We can never remove a volatile load 391 if (Load->isVolatile()) 392 return nullptr; 393 394 // Anything stronger than unordered is currently unimplemented. 395 if (!Load->isUnordered()) 396 return nullptr; 397 398 const DataLayout &DL = ScanBB->getModule()->getDataLayout(); 399 400 // Try to get the store size for the type. 401 uint64_t AccessSize = DL.getTypeStoreSize(AccessTy); 402 403 Value *StrippedPtr = Ptr->stripPointerCasts(); 404 405 while (ScanFrom != ScanBB->begin()) { 406 // We must ignore debug info directives when counting (otherwise they 407 // would affect codegen). 408 Instruction *Inst = &*--ScanFrom; 409 if (isa<DbgInfoIntrinsic>(Inst)) 410 continue; 411 412 // Restore ScanFrom to expected value in case next test succeeds 413 ScanFrom++; 414 415 // Don't scan huge blocks. 416 if (MaxInstsToScan-- == 0) 417 return nullptr; 418 419 --ScanFrom; 420 // If this is a load of Ptr, the loaded value is available. 421 // (This is true even if the load is volatile or atomic, although 422 // those cases are unlikely.) 423 if (LoadInst *LI = dyn_cast<LoadInst>(Inst)) 424 if (AreEquivalentAddressValues( 425 LI->getPointerOperand()->stripPointerCasts(), StrippedPtr) && 426 CastInst::isBitOrNoopPointerCastable(LI->getType(), AccessTy, DL)) { 427 428 // We can value forward from an atomic to a non-atomic, but not the 429 // other way around. 430 if (LI->isAtomic() < Load->isAtomic()) 431 return nullptr; 432 433 if (AATags) 434 LI->getAAMetadata(*AATags); 435 return LI; 436 } 437 438 if (StoreInst *SI = dyn_cast<StoreInst>(Inst)) { 439 Value *StorePtr = SI->getPointerOperand()->stripPointerCasts(); 440 // If this is a store through Ptr, the value is available! 441 // (This is true even if the store is volatile or atomic, although 442 // those cases are unlikely.) 443 if (AreEquivalentAddressValues(StorePtr, StrippedPtr) && 444 CastInst::isBitOrNoopPointerCastable(SI->getValueOperand()->getType(), 445 AccessTy, DL)) { 446 447 // We can value forward from an atomic to a non-atomic, but not the 448 // other way around. 449 if (SI->isAtomic() < Load->isAtomic()) 450 return nullptr; 451 452 if (AATags) 453 SI->getAAMetadata(*AATags); 454 return SI->getOperand(0); 455 } 456 457 // If both StrippedPtr and StorePtr reach all the way to an alloca or 458 // global and they are different, ignore the store. This is a trivial form 459 // of alias analysis that is important for reg2mem'd code. 460 if ((isa<AllocaInst>(StrippedPtr) || isa<GlobalVariable>(StrippedPtr)) && 461 (isa<AllocaInst>(StorePtr) || isa<GlobalVariable>(StorePtr)) && 462 StrippedPtr != StorePtr) 463 continue; 464 465 // If we have alias analysis and it says the store won't modify the loaded 466 // value, ignore the store. 467 if (AA && (AA->getModRefInfo(SI, StrippedPtr, AccessSize) & MRI_Mod) == 0) 468 continue; 469 470 // Otherwise the store that may or may not alias the pointer, bail out. 471 ++ScanFrom; 472 return nullptr; 473 } 474 475 // If this is some other instruction that may clobber Ptr, bail out. 476 if (Inst->mayWriteToMemory()) { 477 // If alias analysis claims that it really won't modify the load, 478 // ignore it. 479 if (AA && 480 (AA->getModRefInfo(Inst, StrippedPtr, AccessSize) & MRI_Mod) == 0) 481 continue; 482 483 // May modify the pointer, bail out. 484 ++ScanFrom; 485 return nullptr; 486 } 487 } 488 489 // Got to the start of the block, we didn't find it, but are done for this 490 // block. 491 return nullptr; 492 } 493