1 //===- Loads.cpp - Local load analysis ------------------------------------===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file defines simple local analyses for load instructions. 11 // 12 //===----------------------------------------------------------------------===// 13 14 #include "llvm/Analysis/Loads.h" 15 #include "llvm/Analysis/AliasAnalysis.h" 16 #include "llvm/Analysis/ValueTracking.h" 17 #include "llvm/IR/DataLayout.h" 18 #include "llvm/IR/GlobalAlias.h" 19 #include "llvm/IR/GlobalVariable.h" 20 #include "llvm/IR/IntrinsicInst.h" 21 #include "llvm/IR/LLVMContext.h" 22 #include "llvm/IR/Module.h" 23 #include "llvm/IR/Operator.h" 24 #include "llvm/IR/Statepoint.h" 25 26 using namespace llvm; 27 28 static bool isDereferenceableFromAttribute(const Value *BV, APInt Offset, 29 Type *Ty, const DataLayout &DL, 30 const Instruction *CtxI, 31 const DominatorTree *DT, 32 const TargetLibraryInfo *TLI) { 33 assert(Offset.isNonNegative() && "offset can't be negative"); 34 assert(Ty->isSized() && "must be sized"); 35 36 APInt DerefBytes(Offset.getBitWidth(), 0); 37 bool CheckForNonNull = false; 38 if (const Argument *A = dyn_cast<Argument>(BV)) { 39 DerefBytes = A->getDereferenceableBytes(); 40 if (!DerefBytes.getBoolValue()) { 41 DerefBytes = A->getDereferenceableOrNullBytes(); 42 CheckForNonNull = true; 43 } 44 } else if (auto CS = ImmutableCallSite(BV)) { 45 DerefBytes = CS.getDereferenceableBytes(0); 46 if (!DerefBytes.getBoolValue()) { 47 DerefBytes = CS.getDereferenceableOrNullBytes(0); 48 CheckForNonNull = true; 49 } 50 } else if (const LoadInst *LI = dyn_cast<LoadInst>(BV)) { 51 if (MDNode *MD = LI->getMetadata(LLVMContext::MD_dereferenceable)) { 52 ConstantInt *CI = mdconst::extract<ConstantInt>(MD->getOperand(0)); 53 DerefBytes = CI->getLimitedValue(); 54 } 55 if (!DerefBytes.getBoolValue()) { 56 if (MDNode *MD = 57 LI->getMetadata(LLVMContext::MD_dereferenceable_or_null)) { 58 ConstantInt *CI = mdconst::extract<ConstantInt>(MD->getOperand(0)); 59 DerefBytes = CI->getLimitedValue(); 60 } 61 CheckForNonNull = true; 62 } 63 } 64 65 if (DerefBytes.getBoolValue()) 66 if (DerefBytes.uge(Offset + DL.getTypeStoreSize(Ty))) 67 if (!CheckForNonNull || isKnownNonNullAt(BV, CtxI, DT, TLI)) 68 return true; 69 70 return false; 71 } 72 73 static bool isDereferenceableFromAttribute(const Value *V, const DataLayout &DL, 74 const Instruction *CtxI, 75 const DominatorTree *DT, 76 const TargetLibraryInfo *TLI) { 77 Type *VTy = V->getType(); 78 Type *Ty = VTy->getPointerElementType(); 79 if (!Ty->isSized()) 80 return false; 81 82 APInt Offset(DL.getTypeStoreSizeInBits(VTy), 0); 83 return isDereferenceableFromAttribute(V, Offset, Ty, DL, CtxI, DT, TLI); 84 } 85 86 static bool isAligned(const Value *Base, APInt Offset, unsigned Align, 87 const DataLayout &DL) { 88 APInt BaseAlign(Offset.getBitWidth(), Base->getPointerAlignment(DL)); 89 90 if (!BaseAlign) { 91 Type *Ty = Base->getType()->getPointerElementType(); 92 if (!Ty->isSized()) 93 return false; 94 BaseAlign = DL.getABITypeAlignment(Ty); 95 } 96 97 APInt Alignment(Offset.getBitWidth(), Align); 98 99 assert(Alignment.isPowerOf2() && "must be a power of 2!"); 100 return BaseAlign.uge(Alignment) && !(Offset & (Alignment-1)); 101 } 102 103 static bool isAligned(const Value *Base, unsigned Align, const DataLayout &DL) { 104 Type *Ty = Base->getType(); 105 assert(Ty->isSized() && "must be sized"); 106 APInt Offset(DL.getTypeStoreSizeInBits(Ty), 0); 107 return isAligned(Base, Offset, Align, DL); 108 } 109 110 /// Test if V is always a pointer to allocated and suitably aligned memory for 111 /// a simple load or store. 112 static bool isDereferenceableAndAlignedPointer( 113 const Value *V, unsigned Align, const DataLayout &DL, 114 const Instruction *CtxI, const DominatorTree *DT, 115 const TargetLibraryInfo *TLI, SmallPtrSetImpl<const Value *> &Visited) { 116 // Note that it is not safe to speculate into a malloc'd region because 117 // malloc may return null. 118 119 // These are obviously ok if aligned. 120 if (isa<AllocaInst>(V)) 121 return isAligned(V, Align, DL); 122 123 // It's not always safe to follow a bitcast, for example: 124 // bitcast i8* (alloca i8) to i32* 125 // would result in a 4-byte load from a 1-byte alloca. However, 126 // if we're casting from a pointer from a type of larger size 127 // to a type of smaller size (or the same size), and the alignment 128 // is at least as large as for the resulting pointer type, then 129 // we can look through the bitcast. 130 if (const BitCastOperator *BC = dyn_cast<BitCastOperator>(V)) { 131 Type *STy = BC->getSrcTy()->getPointerElementType(), 132 *DTy = BC->getDestTy()->getPointerElementType(); 133 if (STy->isSized() && DTy->isSized() && 134 (DL.getTypeStoreSize(STy) >= DL.getTypeStoreSize(DTy)) && 135 (DL.getABITypeAlignment(STy) >= DL.getABITypeAlignment(DTy))) 136 return isDereferenceableAndAlignedPointer(BC->getOperand(0), Align, DL, 137 CtxI, DT, TLI, Visited); 138 } 139 140 // Global variables which can't collapse to null are ok. 141 if (const GlobalVariable *GV = dyn_cast<GlobalVariable>(V)) 142 if (!GV->hasExternalWeakLinkage()) 143 return isAligned(V, Align, DL); 144 145 // byval arguments are okay. 146 if (const Argument *A = dyn_cast<Argument>(V)) 147 if (A->hasByValAttr()) 148 return isAligned(V, Align, DL); 149 150 if (isDereferenceableFromAttribute(V, DL, CtxI, DT, TLI)) 151 return isAligned(V, Align, DL); 152 153 // For GEPs, determine if the indexing lands within the allocated object. 154 if (const GEPOperator *GEP = dyn_cast<GEPOperator>(V)) { 155 Type *Ty = GEP->getResultElementType(); 156 const Value *Base = GEP->getPointerOperand(); 157 158 // Conservatively require that the base pointer be fully dereferenceable 159 // and aligned. 160 if (!Visited.insert(Base).second) 161 return false; 162 if (!isDereferenceableAndAlignedPointer(Base, Align, DL, CtxI, DT, TLI, 163 Visited)) 164 return false; 165 166 APInt Offset(DL.getPointerTypeSizeInBits(GEP->getType()), 0); 167 if (!GEP->accumulateConstantOffset(DL, Offset)) 168 return false; 169 170 // Check if the load is within the bounds of the underlying object 171 // and offset is aligned. 172 uint64_t LoadSize = DL.getTypeStoreSize(Ty); 173 Type *BaseType = GEP->getSourceElementType(); 174 assert(isPowerOf2_32(Align) && "must be a power of 2!"); 175 return (Offset + LoadSize).ule(DL.getTypeAllocSize(BaseType)) && 176 !(Offset & APInt(Offset.getBitWidth(), Align-1)); 177 } 178 179 // For gc.relocate, look through relocations 180 if (const GCRelocateInst *RelocateInst = dyn_cast<GCRelocateInst>(V)) 181 return isDereferenceableAndAlignedPointer( 182 RelocateInst->getDerivedPtr(), Align, DL, CtxI, DT, TLI, Visited); 183 184 if (const AddrSpaceCastInst *ASC = dyn_cast<AddrSpaceCastInst>(V)) 185 return isDereferenceableAndAlignedPointer(ASC->getOperand(0), Align, DL, 186 CtxI, DT, TLI, Visited); 187 188 // If we don't know, assume the worst. 189 return false; 190 } 191 192 bool llvm::isDereferenceableAndAlignedPointer(const Value *V, unsigned Align, 193 const DataLayout &DL, 194 const Instruction *CtxI, 195 const DominatorTree *DT, 196 const TargetLibraryInfo *TLI) { 197 // When dereferenceability information is provided by a dereferenceable 198 // attribute, we know exactly how many bytes are dereferenceable. If we can 199 // determine the exact offset to the attributed variable, we can use that 200 // information here. 201 Type *VTy = V->getType(); 202 Type *Ty = VTy->getPointerElementType(); 203 204 // Require ABI alignment for loads without alignment specification 205 if (Align == 0) 206 Align = DL.getABITypeAlignment(Ty); 207 208 if (Ty->isSized()) { 209 APInt Offset(DL.getTypeStoreSizeInBits(VTy), 0); 210 const Value *BV = V->stripAndAccumulateInBoundsConstantOffsets(DL, Offset); 211 212 if (Offset.isNonNegative()) 213 if (isDereferenceableFromAttribute(BV, Offset, Ty, DL, CtxI, DT, TLI) && 214 isAligned(BV, Offset, Align, DL)) 215 return true; 216 } 217 218 SmallPtrSet<const Value *, 32> Visited; 219 return ::isDereferenceableAndAlignedPointer(V, Align, DL, CtxI, DT, TLI, 220 Visited); 221 } 222 223 bool llvm::isDereferenceablePointer(const Value *V, const DataLayout &DL, 224 const Instruction *CtxI, 225 const DominatorTree *DT, 226 const TargetLibraryInfo *TLI) { 227 return isDereferenceableAndAlignedPointer(V, 1, DL, CtxI, DT, TLI); 228 } 229 230 /// \brief Test if A and B will obviously have the same value. 231 /// 232 /// This includes recognizing that %t0 and %t1 will have the same 233 /// value in code like this: 234 /// \code 235 /// %t0 = getelementptr \@a, 0, 3 236 /// store i32 0, i32* %t0 237 /// %t1 = getelementptr \@a, 0, 3 238 /// %t2 = load i32* %t1 239 /// \endcode 240 /// 241 static bool AreEquivalentAddressValues(const Value *A, const Value *B) { 242 // Test if the values are trivially equivalent. 243 if (A == B) 244 return true; 245 246 // Test if the values come from identical arithmetic instructions. 247 // Use isIdenticalToWhenDefined instead of isIdenticalTo because 248 // this function is only used when one address use dominates the 249 // other, which means that they'll always either have the same 250 // value or one of them will have an undefined value. 251 if (isa<BinaryOperator>(A) || isa<CastInst>(A) || isa<PHINode>(A) || 252 isa<GetElementPtrInst>(A)) 253 if (const Instruction *BI = dyn_cast<Instruction>(B)) 254 if (cast<Instruction>(A)->isIdenticalToWhenDefined(BI)) 255 return true; 256 257 // Otherwise they may not be equivalent. 258 return false; 259 } 260 261 /// \brief Check if executing a load of this pointer value cannot trap. 262 /// 263 /// If DT is specified this method performs context-sensitive analysis. 264 /// 265 /// If it is not obviously safe to load from the specified pointer, we do 266 /// a quick local scan of the basic block containing \c ScanFrom, to determine 267 /// if the address is already accessed. 268 /// 269 /// This uses the pointee type to determine how many bytes need to be safe to 270 /// load from the pointer. 271 bool llvm::isSafeToLoadUnconditionally(Value *V, unsigned Align, 272 Instruction *ScanFrom, 273 const DominatorTree *DT, 274 const TargetLibraryInfo *TLI) { 275 const DataLayout &DL = ScanFrom->getModule()->getDataLayout(); 276 277 // Zero alignment means that the load has the ABI alignment for the target 278 if (Align == 0) 279 Align = DL.getABITypeAlignment(V->getType()->getPointerElementType()); 280 assert(isPowerOf2_32(Align)); 281 282 // If DT is not specified we can't make context-sensitive query 283 const Instruction* CtxI = DT ? ScanFrom : nullptr; 284 if (isDereferenceableAndAlignedPointer(V, Align, DL, CtxI, DT, TLI)) 285 return true; 286 287 int64_t ByteOffset = 0; 288 Value *Base = V; 289 Base = GetPointerBaseWithConstantOffset(V, ByteOffset, DL); 290 291 if (ByteOffset < 0) // out of bounds 292 return false; 293 294 Type *BaseType = nullptr; 295 unsigned BaseAlign = 0; 296 if (const AllocaInst *AI = dyn_cast<AllocaInst>(Base)) { 297 // An alloca is safe to load from as load as it is suitably aligned. 298 BaseType = AI->getAllocatedType(); 299 BaseAlign = AI->getAlignment(); 300 } else if (const GlobalVariable *GV = dyn_cast<GlobalVariable>(Base)) { 301 // Global variables are not necessarily safe to load from if they are 302 // interposed arbitrarily. Their size may change or they may be weak and 303 // require a test to determine if they were in fact provided. 304 if (!GV->isInterposable()) { 305 BaseType = GV->getType()->getElementType(); 306 BaseAlign = GV->getAlignment(); 307 } 308 } 309 310 PointerType *AddrTy = cast<PointerType>(V->getType()); 311 uint64_t LoadSize = DL.getTypeStoreSize(AddrTy->getElementType()); 312 313 // If we found a base allocated type from either an alloca or global variable, 314 // try to see if we are definitively within the allocated region. We need to 315 // know the size of the base type and the loaded type to do anything in this 316 // case. 317 if (BaseType && BaseType->isSized()) { 318 if (BaseAlign == 0) 319 BaseAlign = DL.getPrefTypeAlignment(BaseType); 320 321 if (Align <= BaseAlign) { 322 // Check if the load is within the bounds of the underlying object. 323 if (ByteOffset + LoadSize <= DL.getTypeAllocSize(BaseType) && 324 ((ByteOffset % Align) == 0)) 325 return true; 326 } 327 } 328 329 // Otherwise, be a little bit aggressive by scanning the local block where we 330 // want to check to see if the pointer is already being loaded or stored 331 // from/to. If so, the previous load or store would have already trapped, 332 // so there is no harm doing an extra load (also, CSE will later eliminate 333 // the load entirely). 334 BasicBlock::iterator BBI = ScanFrom->getIterator(), 335 E = ScanFrom->getParent()->begin(); 336 337 // We can at least always strip pointer casts even though we can't use the 338 // base here. 339 V = V->stripPointerCasts(); 340 341 while (BBI != E) { 342 --BBI; 343 344 // If we see a free or a call which may write to memory (i.e. which might do 345 // a free) the pointer could be marked invalid. 346 if (isa<CallInst>(BBI) && BBI->mayWriteToMemory() && 347 !isa<DbgInfoIntrinsic>(BBI)) 348 return false; 349 350 Value *AccessedPtr; 351 unsigned AccessedAlign; 352 if (LoadInst *LI = dyn_cast<LoadInst>(BBI)) { 353 AccessedPtr = LI->getPointerOperand(); 354 AccessedAlign = LI->getAlignment(); 355 } else if (StoreInst *SI = dyn_cast<StoreInst>(BBI)) { 356 AccessedPtr = SI->getPointerOperand(); 357 AccessedAlign = SI->getAlignment(); 358 } else 359 continue; 360 361 Type *AccessedTy = AccessedPtr->getType()->getPointerElementType(); 362 if (AccessedAlign == 0) 363 AccessedAlign = DL.getABITypeAlignment(AccessedTy); 364 if (AccessedAlign < Align) 365 continue; 366 367 // Handle trivial cases. 368 if (AccessedPtr == V) 369 return true; 370 371 if (AreEquivalentAddressValues(AccessedPtr->stripPointerCasts(), V) && 372 LoadSize <= DL.getTypeStoreSize(AccessedTy)) 373 return true; 374 } 375 return false; 376 } 377 378 /// DefMaxInstsToScan - the default number of maximum instructions 379 /// to scan in the block, used by FindAvailableLoadedValue(). 380 /// FindAvailableLoadedValue() was introduced in r60148, to improve jump 381 /// threading in part by eliminating partially redundant loads. 382 /// At that point, the value of MaxInstsToScan was already set to '6' 383 /// without documented explanation. 384 cl::opt<unsigned> 385 llvm::DefMaxInstsToScan("available-load-scan-limit", cl::init(6), cl::Hidden, 386 cl::desc("Use this to specify the default maximum number of instructions " 387 "to scan backward from a given instruction, when searching for " 388 "available loaded value")); 389 390 /// \brief Scan the ScanBB block backwards to see if we have the value at the 391 /// memory address *Ptr locally available within a small number of instructions. 392 /// 393 /// The scan starts from \c ScanFrom. \c MaxInstsToScan specifies the maximum 394 /// instructions to scan in the block. If it is set to \c 0, it will scan the whole 395 /// block. 396 /// 397 /// If the value is available, this function returns it. If not, it returns the 398 /// iterator for the last validated instruction that the value would be live 399 /// through. If we scanned the entire block and didn't find something that 400 /// invalidates \c *Ptr or provides it, \c ScanFrom is left at the last 401 /// instruction processed and this returns null. 402 /// 403 /// You can also optionally specify an alias analysis implementation, which 404 /// makes this more precise. 405 /// 406 /// If \c AATags is non-null and a load or store is found, the AA tags from the 407 /// load or store are recorded there. If there are no AA tags or if no access is 408 /// found, it is left unmodified. 409 Value *llvm::FindAvailableLoadedValue(LoadInst *Load, BasicBlock *ScanBB, 410 BasicBlock::iterator &ScanFrom, 411 unsigned MaxInstsToScan, 412 AliasAnalysis *AA, AAMDNodes *AATags) { 413 if (MaxInstsToScan == 0) 414 MaxInstsToScan = ~0U; 415 416 Value *Ptr = Load->getPointerOperand(); 417 Type *AccessTy = Load->getType(); 418 419 const DataLayout &DL = ScanBB->getModule()->getDataLayout(); 420 421 // Try to get the store size for the type. 422 uint64_t AccessSize = DL.getTypeStoreSize(AccessTy); 423 424 Value *StrippedPtr = Ptr->stripPointerCasts(); 425 426 while (ScanFrom != ScanBB->begin()) { 427 // We must ignore debug info directives when counting (otherwise they 428 // would affect codegen). 429 Instruction *Inst = &*--ScanFrom; 430 if (isa<DbgInfoIntrinsic>(Inst)) 431 continue; 432 433 // Restore ScanFrom to expected value in case next test succeeds 434 ScanFrom++; 435 436 // Don't scan huge blocks. 437 if (MaxInstsToScan-- == 0) 438 return nullptr; 439 440 --ScanFrom; 441 // If this is a load of Ptr, the loaded value is available. 442 // (This is true even if the load is volatile or atomic, although 443 // those cases are unlikely.) 444 if (LoadInst *LI = dyn_cast<LoadInst>(Inst)) 445 if (AreEquivalentAddressValues( 446 LI->getPointerOperand()->stripPointerCasts(), StrippedPtr) && 447 CastInst::isBitOrNoopPointerCastable(LI->getType(), AccessTy, DL)) { 448 if (AATags) 449 LI->getAAMetadata(*AATags); 450 return LI; 451 } 452 453 if (StoreInst *SI = dyn_cast<StoreInst>(Inst)) { 454 Value *StorePtr = SI->getPointerOperand()->stripPointerCasts(); 455 // If this is a store through Ptr, the value is available! 456 // (This is true even if the store is volatile or atomic, although 457 // those cases are unlikely.) 458 if (AreEquivalentAddressValues(StorePtr, StrippedPtr) && 459 CastInst::isBitOrNoopPointerCastable(SI->getValueOperand()->getType(), 460 AccessTy, DL)) { 461 if (AATags) 462 SI->getAAMetadata(*AATags); 463 return SI->getOperand(0); 464 } 465 466 // If both StrippedPtr and StorePtr reach all the way to an alloca or 467 // global and they are different, ignore the store. This is a trivial form 468 // of alias analysis that is important for reg2mem'd code. 469 if ((isa<AllocaInst>(StrippedPtr) || isa<GlobalVariable>(StrippedPtr)) && 470 (isa<AllocaInst>(StorePtr) || isa<GlobalVariable>(StorePtr)) && 471 StrippedPtr != StorePtr) 472 continue; 473 474 // If we have alias analysis and it says the store won't modify the loaded 475 // value, ignore the store. 476 if (AA && (AA->getModRefInfo(SI, StrippedPtr, AccessSize) & MRI_Mod) == 0) 477 continue; 478 479 // Otherwise the store that may or may not alias the pointer, bail out. 480 ++ScanFrom; 481 return nullptr; 482 } 483 484 // If this is some other instruction that may clobber Ptr, bail out. 485 if (Inst->mayWriteToMemory()) { 486 // If alias analysis claims that it really won't modify the load, 487 // ignore it. 488 if (AA && 489 (AA->getModRefInfo(Inst, StrippedPtr, AccessSize) & MRI_Mod) == 0) 490 continue; 491 492 // May modify the pointer, bail out. 493 ++ScanFrom; 494 return nullptr; 495 } 496 } 497 498 // Got to the start of the block, we didn't find it, but are done for this 499 // block. 500 return nullptr; 501 } 502