1 //===- Loads.cpp - Local load analysis ------------------------------------===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file defines simple local analyses for load instructions. 11 // 12 //===----------------------------------------------------------------------===// 13 14 #include "llvm/Analysis/Loads.h" 15 #include "llvm/Analysis/AliasAnalysis.h" 16 #include "llvm/Analysis/ValueTracking.h" 17 #include "llvm/IR/DataLayout.h" 18 #include "llvm/IR/GlobalAlias.h" 19 #include "llvm/IR/GlobalVariable.h" 20 #include "llvm/IR/IntrinsicInst.h" 21 #include "llvm/IR/LLVMContext.h" 22 #include "llvm/IR/Module.h" 23 #include "llvm/IR/Operator.h" 24 #include "llvm/IR/Statepoint.h" 25 26 using namespace llvm; 27 28 static bool isDereferenceableFromAttribute(const Value *BV, APInt Offset, 29 Type *Ty, const DataLayout &DL, 30 const Instruction *CtxI, 31 const DominatorTree *DT, 32 const TargetLibraryInfo *TLI) { 33 assert(Offset.isNonNegative() && "offset can't be negative"); 34 assert(Ty->isSized() && "must be sized"); 35 36 bool CheckForNonNull = false; 37 APInt DerefBytes(Offset.getBitWidth(), 38 BV->getPointerDereferenceableBytes(CheckForNonNull)); 39 40 if (DerefBytes.getBoolValue()) 41 if (DerefBytes.uge(Offset + DL.getTypeStoreSize(Ty))) 42 if (!CheckForNonNull || isKnownNonNullAt(BV, CtxI, DT, TLI)) 43 return true; 44 45 return false; 46 } 47 48 static bool isDereferenceableFromAttribute(const Value *V, const DataLayout &DL, 49 const Instruction *CtxI, 50 const DominatorTree *DT, 51 const TargetLibraryInfo *TLI) { 52 Type *VTy = V->getType(); 53 Type *Ty = VTy->getPointerElementType(); 54 if (!Ty->isSized()) 55 return false; 56 57 APInt Offset(DL.getTypeStoreSizeInBits(VTy), 0); 58 return isDereferenceableFromAttribute(V, Offset, Ty, DL, CtxI, DT, TLI); 59 } 60 61 static bool isAligned(const Value *Base, APInt Offset, unsigned Align, 62 const DataLayout &DL) { 63 APInt BaseAlign(Offset.getBitWidth(), Base->getPointerAlignment(DL)); 64 65 if (!BaseAlign) { 66 Type *Ty = Base->getType()->getPointerElementType(); 67 if (!Ty->isSized()) 68 return false; 69 BaseAlign = DL.getABITypeAlignment(Ty); 70 } 71 72 APInt Alignment(Offset.getBitWidth(), Align); 73 74 assert(Alignment.isPowerOf2() && "must be a power of 2!"); 75 return BaseAlign.uge(Alignment) && !(Offset & (Alignment-1)); 76 } 77 78 static bool isAligned(const Value *Base, unsigned Align, const DataLayout &DL) { 79 Type *Ty = Base->getType(); 80 assert(Ty->isSized() && "must be sized"); 81 APInt Offset(DL.getTypeStoreSizeInBits(Ty), 0); 82 return isAligned(Base, Offset, Align, DL); 83 } 84 85 /// Test if V is always a pointer to allocated and suitably aligned memory for 86 /// a simple load or store. 87 static bool isDereferenceableAndAlignedPointer( 88 const Value *V, unsigned Align, const DataLayout &DL, 89 const Instruction *CtxI, const DominatorTree *DT, 90 const TargetLibraryInfo *TLI, SmallPtrSetImpl<const Value *> &Visited) { 91 // Note that it is not safe to speculate into a malloc'd region because 92 // malloc may return null. 93 94 // These are obviously ok if aligned. 95 if (isa<AllocaInst>(V)) 96 return isAligned(V, Align, DL); 97 98 // It's not always safe to follow a bitcast, for example: 99 // bitcast i8* (alloca i8) to i32* 100 // would result in a 4-byte load from a 1-byte alloca. However, 101 // if we're casting from a pointer from a type of larger size 102 // to a type of smaller size (or the same size), and the alignment 103 // is at least as large as for the resulting pointer type, then 104 // we can look through the bitcast. 105 if (const BitCastOperator *BC = dyn_cast<BitCastOperator>(V)) { 106 Type *STy = BC->getSrcTy()->getPointerElementType(), 107 *DTy = BC->getDestTy()->getPointerElementType(); 108 if (STy->isSized() && DTy->isSized() && 109 (DL.getTypeStoreSize(STy) >= DL.getTypeStoreSize(DTy)) && 110 (DL.getABITypeAlignment(STy) >= DL.getABITypeAlignment(DTy))) 111 return isDereferenceableAndAlignedPointer(BC->getOperand(0), Align, DL, 112 CtxI, DT, TLI, Visited); 113 } 114 115 // Global variables which can't collapse to null are ok. 116 if (const GlobalVariable *GV = dyn_cast<GlobalVariable>(V)) 117 if (!GV->hasExternalWeakLinkage()) 118 return isAligned(V, Align, DL); 119 120 // byval arguments are okay. 121 if (const Argument *A = dyn_cast<Argument>(V)) 122 if (A->hasByValAttr()) 123 return isAligned(V, Align, DL); 124 125 if (isDereferenceableFromAttribute(V, DL, CtxI, DT, TLI)) 126 return isAligned(V, Align, DL); 127 128 // For GEPs, determine if the indexing lands within the allocated object. 129 if (const GEPOperator *GEP = dyn_cast<GEPOperator>(V)) { 130 Type *Ty = GEP->getResultElementType(); 131 const Value *Base = GEP->getPointerOperand(); 132 133 // Conservatively require that the base pointer be fully dereferenceable 134 // and aligned. 135 if (!Visited.insert(Base).second) 136 return false; 137 if (!isDereferenceableAndAlignedPointer(Base, Align, DL, CtxI, DT, TLI, 138 Visited)) 139 return false; 140 141 APInt Offset(DL.getPointerTypeSizeInBits(GEP->getType()), 0); 142 if (!GEP->accumulateConstantOffset(DL, Offset)) 143 return false; 144 145 // Check if the load is within the bounds of the underlying object 146 // and offset is aligned. 147 uint64_t LoadSize = DL.getTypeStoreSize(Ty); 148 Type *BaseType = GEP->getSourceElementType(); 149 assert(isPowerOf2_32(Align) && "must be a power of 2!"); 150 return (Offset + LoadSize).ule(DL.getTypeAllocSize(BaseType)) && 151 !(Offset & APInt(Offset.getBitWidth(), Align-1)); 152 } 153 154 // For gc.relocate, look through relocations 155 if (const GCRelocateInst *RelocateInst = dyn_cast<GCRelocateInst>(V)) 156 return isDereferenceableAndAlignedPointer( 157 RelocateInst->getDerivedPtr(), Align, DL, CtxI, DT, TLI, Visited); 158 159 if (const AddrSpaceCastInst *ASC = dyn_cast<AddrSpaceCastInst>(V)) 160 return isDereferenceableAndAlignedPointer(ASC->getOperand(0), Align, DL, 161 CtxI, DT, TLI, Visited); 162 163 // If we don't know, assume the worst. 164 return false; 165 } 166 167 bool llvm::isDereferenceableAndAlignedPointer(const Value *V, unsigned Align, 168 const DataLayout &DL, 169 const Instruction *CtxI, 170 const DominatorTree *DT, 171 const TargetLibraryInfo *TLI) { 172 // When dereferenceability information is provided by a dereferenceable 173 // attribute, we know exactly how many bytes are dereferenceable. If we can 174 // determine the exact offset to the attributed variable, we can use that 175 // information here. 176 Type *VTy = V->getType(); 177 Type *Ty = VTy->getPointerElementType(); 178 179 // Require ABI alignment for loads without alignment specification 180 if (Align == 0) 181 Align = DL.getABITypeAlignment(Ty); 182 183 if (Ty->isSized()) { 184 APInt Offset(DL.getTypeStoreSizeInBits(VTy), 0); 185 const Value *BV = V->stripAndAccumulateInBoundsConstantOffsets(DL, Offset); 186 187 if (Offset.isNonNegative()) 188 if (isDereferenceableFromAttribute(BV, Offset, Ty, DL, CtxI, DT, TLI) && 189 isAligned(BV, Offset, Align, DL)) 190 return true; 191 } 192 193 SmallPtrSet<const Value *, 32> Visited; 194 return ::isDereferenceableAndAlignedPointer(V, Align, DL, CtxI, DT, TLI, 195 Visited); 196 } 197 198 bool llvm::isDereferenceablePointer(const Value *V, const DataLayout &DL, 199 const Instruction *CtxI, 200 const DominatorTree *DT, 201 const TargetLibraryInfo *TLI) { 202 return isDereferenceableAndAlignedPointer(V, 1, DL, CtxI, DT, TLI); 203 } 204 205 /// \brief Test if A and B will obviously have the same value. 206 /// 207 /// This includes recognizing that %t0 and %t1 will have the same 208 /// value in code like this: 209 /// \code 210 /// %t0 = getelementptr \@a, 0, 3 211 /// store i32 0, i32* %t0 212 /// %t1 = getelementptr \@a, 0, 3 213 /// %t2 = load i32* %t1 214 /// \endcode 215 /// 216 static bool AreEquivalentAddressValues(const Value *A, const Value *B) { 217 // Test if the values are trivially equivalent. 218 if (A == B) 219 return true; 220 221 // Test if the values come from identical arithmetic instructions. 222 // Use isIdenticalToWhenDefined instead of isIdenticalTo because 223 // this function is only used when one address use dominates the 224 // other, which means that they'll always either have the same 225 // value or one of them will have an undefined value. 226 if (isa<BinaryOperator>(A) || isa<CastInst>(A) || isa<PHINode>(A) || 227 isa<GetElementPtrInst>(A)) 228 if (const Instruction *BI = dyn_cast<Instruction>(B)) 229 if (cast<Instruction>(A)->isIdenticalToWhenDefined(BI)) 230 return true; 231 232 // Otherwise they may not be equivalent. 233 return false; 234 } 235 236 /// \brief Check if executing a load of this pointer value cannot trap. 237 /// 238 /// If DT and ScanFrom are specified this method performs context-sensitive 239 /// analysis and returns true if it is safe to load immediately before ScanFrom. 240 /// 241 /// If it is not obviously safe to load from the specified pointer, we do 242 /// a quick local scan of the basic block containing \c ScanFrom, to determine 243 /// if the address is already accessed. 244 /// 245 /// This uses the pointee type to determine how many bytes need to be safe to 246 /// load from the pointer. 247 bool llvm::isSafeToLoadUnconditionally(Value *V, unsigned Align, 248 const DataLayout &DL, 249 Instruction *ScanFrom, 250 const DominatorTree *DT, 251 const TargetLibraryInfo *TLI) { 252 // Zero alignment means that the load has the ABI alignment for the target 253 if (Align == 0) 254 Align = DL.getABITypeAlignment(V->getType()->getPointerElementType()); 255 assert(isPowerOf2_32(Align)); 256 257 // If DT is not specified we can't make context-sensitive query 258 const Instruction* CtxI = DT ? ScanFrom : nullptr; 259 if (isDereferenceableAndAlignedPointer(V, Align, DL, CtxI, DT, TLI)) 260 return true; 261 262 int64_t ByteOffset = 0; 263 Value *Base = V; 264 Base = GetPointerBaseWithConstantOffset(V, ByteOffset, DL); 265 266 if (ByteOffset < 0) // out of bounds 267 return false; 268 269 Type *BaseType = nullptr; 270 unsigned BaseAlign = 0; 271 if (const AllocaInst *AI = dyn_cast<AllocaInst>(Base)) { 272 // An alloca is safe to load from as load as it is suitably aligned. 273 BaseType = AI->getAllocatedType(); 274 BaseAlign = AI->getAlignment(); 275 } else if (const GlobalVariable *GV = dyn_cast<GlobalVariable>(Base)) { 276 // Global variables are not necessarily safe to load from if they are 277 // interposed arbitrarily. Their size may change or they may be weak and 278 // require a test to determine if they were in fact provided. 279 if (!GV->isInterposable()) { 280 BaseType = GV->getType()->getElementType(); 281 BaseAlign = GV->getAlignment(); 282 } 283 } 284 285 PointerType *AddrTy = cast<PointerType>(V->getType()); 286 uint64_t LoadSize = DL.getTypeStoreSize(AddrTy->getElementType()); 287 288 // If we found a base allocated type from either an alloca or global variable, 289 // try to see if we are definitively within the allocated region. We need to 290 // know the size of the base type and the loaded type to do anything in this 291 // case. 292 if (BaseType && BaseType->isSized()) { 293 if (BaseAlign == 0) 294 BaseAlign = DL.getPrefTypeAlignment(BaseType); 295 296 if (Align <= BaseAlign) { 297 // Check if the load is within the bounds of the underlying object. 298 if (ByteOffset + LoadSize <= DL.getTypeAllocSize(BaseType) && 299 ((ByteOffset % Align) == 0)) 300 return true; 301 } 302 } 303 304 if (!ScanFrom) 305 return false; 306 307 // Otherwise, be a little bit aggressive by scanning the local block where we 308 // want to check to see if the pointer is already being loaded or stored 309 // from/to. If so, the previous load or store would have already trapped, 310 // so there is no harm doing an extra load (also, CSE will later eliminate 311 // the load entirely). 312 BasicBlock::iterator BBI = ScanFrom->getIterator(), 313 E = ScanFrom->getParent()->begin(); 314 315 // We can at least always strip pointer casts even though we can't use the 316 // base here. 317 V = V->stripPointerCasts(); 318 319 while (BBI != E) { 320 --BBI; 321 322 // If we see a free or a call which may write to memory (i.e. which might do 323 // a free) the pointer could be marked invalid. 324 if (isa<CallInst>(BBI) && BBI->mayWriteToMemory() && 325 !isa<DbgInfoIntrinsic>(BBI)) 326 return false; 327 328 Value *AccessedPtr; 329 unsigned AccessedAlign; 330 if (LoadInst *LI = dyn_cast<LoadInst>(BBI)) { 331 AccessedPtr = LI->getPointerOperand(); 332 AccessedAlign = LI->getAlignment(); 333 } else if (StoreInst *SI = dyn_cast<StoreInst>(BBI)) { 334 AccessedPtr = SI->getPointerOperand(); 335 AccessedAlign = SI->getAlignment(); 336 } else 337 continue; 338 339 Type *AccessedTy = AccessedPtr->getType()->getPointerElementType(); 340 if (AccessedAlign == 0) 341 AccessedAlign = DL.getABITypeAlignment(AccessedTy); 342 if (AccessedAlign < Align) 343 continue; 344 345 // Handle trivial cases. 346 if (AccessedPtr == V) 347 return true; 348 349 if (AreEquivalentAddressValues(AccessedPtr->stripPointerCasts(), V) && 350 LoadSize <= DL.getTypeStoreSize(AccessedTy)) 351 return true; 352 } 353 return false; 354 } 355 356 /// DefMaxInstsToScan - the default number of maximum instructions 357 /// to scan in the block, used by FindAvailableLoadedValue(). 358 /// FindAvailableLoadedValue() was introduced in r60148, to improve jump 359 /// threading in part by eliminating partially redundant loads. 360 /// At that point, the value of MaxInstsToScan was already set to '6' 361 /// without documented explanation. 362 cl::opt<unsigned> 363 llvm::DefMaxInstsToScan("available-load-scan-limit", cl::init(6), cl::Hidden, 364 cl::desc("Use this to specify the default maximum number of instructions " 365 "to scan backward from a given instruction, when searching for " 366 "available loaded value")); 367 368 /// \brief Scan the ScanBB block backwards to see if we have the value at the 369 /// memory address *Ptr locally available within a small number of instructions. 370 /// 371 /// The scan starts from \c ScanFrom. \c MaxInstsToScan specifies the maximum 372 /// instructions to scan in the block. If it is set to \c 0, it will scan the whole 373 /// block. 374 /// 375 /// If the value is available, this function returns it. If not, it returns the 376 /// iterator for the last validated instruction that the value would be live 377 /// through. If we scanned the entire block and didn't find something that 378 /// invalidates \c *Ptr or provides it, \c ScanFrom is left at the last 379 /// instruction processed and this returns null. 380 /// 381 /// You can also optionally specify an alias analysis implementation, which 382 /// makes this more precise. 383 /// 384 /// If \c AATags is non-null and a load or store is found, the AA tags from the 385 /// load or store are recorded there. If there are no AA tags or if no access is 386 /// found, it is left unmodified. 387 Value *llvm::FindAvailableLoadedValue(LoadInst *Load, BasicBlock *ScanBB, 388 BasicBlock::iterator &ScanFrom, 389 unsigned MaxInstsToScan, 390 AliasAnalysis *AA, AAMDNodes *AATags) { 391 if (MaxInstsToScan == 0) 392 MaxInstsToScan = ~0U; 393 394 Value *Ptr = Load->getPointerOperand(); 395 Type *AccessTy = Load->getType(); 396 397 // We can never remove a volatile load 398 if (Load->isVolatile()) 399 return nullptr; 400 401 // Anything stronger than unordered is currently unimplemented. 402 if (!Load->isUnordered()) 403 return nullptr; 404 405 const DataLayout &DL = ScanBB->getModule()->getDataLayout(); 406 407 // Try to get the store size for the type. 408 uint64_t AccessSize = DL.getTypeStoreSize(AccessTy); 409 410 Value *StrippedPtr = Ptr->stripPointerCasts(); 411 412 while (ScanFrom != ScanBB->begin()) { 413 // We must ignore debug info directives when counting (otherwise they 414 // would affect codegen). 415 Instruction *Inst = &*--ScanFrom; 416 if (isa<DbgInfoIntrinsic>(Inst)) 417 continue; 418 419 // Restore ScanFrom to expected value in case next test succeeds 420 ScanFrom++; 421 422 // Don't scan huge blocks. 423 if (MaxInstsToScan-- == 0) 424 return nullptr; 425 426 --ScanFrom; 427 // If this is a load of Ptr, the loaded value is available. 428 // (This is true even if the load is volatile or atomic, although 429 // those cases are unlikely.) 430 if (LoadInst *LI = dyn_cast<LoadInst>(Inst)) 431 if (AreEquivalentAddressValues( 432 LI->getPointerOperand()->stripPointerCasts(), StrippedPtr) && 433 CastInst::isBitOrNoopPointerCastable(LI->getType(), AccessTy, DL)) { 434 435 // We can value forward from an atomic to a non-atomic, but not the 436 // other way around. 437 if (LI->isAtomic() < Load->isAtomic()) 438 return nullptr; 439 440 if (AATags) 441 LI->getAAMetadata(*AATags); 442 return LI; 443 } 444 445 if (StoreInst *SI = dyn_cast<StoreInst>(Inst)) { 446 Value *StorePtr = SI->getPointerOperand()->stripPointerCasts(); 447 // If this is a store through Ptr, the value is available! 448 // (This is true even if the store is volatile or atomic, although 449 // those cases are unlikely.) 450 if (AreEquivalentAddressValues(StorePtr, StrippedPtr) && 451 CastInst::isBitOrNoopPointerCastable(SI->getValueOperand()->getType(), 452 AccessTy, DL)) { 453 454 // We can value forward from an atomic to a non-atomic, but not the 455 // other way around. 456 if (SI->isAtomic() < Load->isAtomic()) 457 return nullptr; 458 459 if (AATags) 460 SI->getAAMetadata(*AATags); 461 return SI->getOperand(0); 462 } 463 464 // If both StrippedPtr and StorePtr reach all the way to an alloca or 465 // global and they are different, ignore the store. This is a trivial form 466 // of alias analysis that is important for reg2mem'd code. 467 if ((isa<AllocaInst>(StrippedPtr) || isa<GlobalVariable>(StrippedPtr)) && 468 (isa<AllocaInst>(StorePtr) || isa<GlobalVariable>(StorePtr)) && 469 StrippedPtr != StorePtr) 470 continue; 471 472 // If we have alias analysis and it says the store won't modify the loaded 473 // value, ignore the store. 474 if (AA && (AA->getModRefInfo(SI, StrippedPtr, AccessSize) & MRI_Mod) == 0) 475 continue; 476 477 // Otherwise the store that may or may not alias the pointer, bail out. 478 ++ScanFrom; 479 return nullptr; 480 } 481 482 // If this is some other instruction that may clobber Ptr, bail out. 483 if (Inst->mayWriteToMemory()) { 484 // If alias analysis claims that it really won't modify the load, 485 // ignore it. 486 if (AA && 487 (AA->getModRefInfo(Inst, StrippedPtr, AccessSize) & MRI_Mod) == 0) 488 continue; 489 490 // May modify the pointer, bail out. 491 ++ScanFrom; 492 return nullptr; 493 } 494 } 495 496 // Got to the start of the block, we didn't find it, but are done for this 497 // block. 498 return nullptr; 499 } 500