1 //===- Loads.cpp - Local load analysis ------------------------------------===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file defines simple local analyses for load instructions. 11 // 12 //===----------------------------------------------------------------------===// 13 14 #include "llvm/Analysis/Loads.h" 15 #include "llvm/Analysis/AliasAnalysis.h" 16 #include "llvm/Analysis/ValueTracking.h" 17 #include "llvm/IR/DataLayout.h" 18 #include "llvm/IR/GlobalAlias.h" 19 #include "llvm/IR/GlobalVariable.h" 20 #include "llvm/IR/IntrinsicInst.h" 21 #include "llvm/IR/LLVMContext.h" 22 #include "llvm/IR/Module.h" 23 #include "llvm/IR/Operator.h" 24 #include "llvm/IR/Statepoint.h" 25 26 using namespace llvm; 27 28 static bool isDereferenceableFromAttribute(const Value *BV, APInt Size, 29 const DataLayout &DL, 30 const Instruction *CtxI, 31 const DominatorTree *DT, 32 const TargetLibraryInfo *TLI) { 33 bool CheckForNonNull = false; 34 APInt DerefBytes(Size.getBitWidth(), 35 BV->getPointerDereferenceableBytes(CheckForNonNull)); 36 37 if (DerefBytes.getBoolValue()) 38 if (DerefBytes.uge(Size)) 39 if (!CheckForNonNull || isKnownNonNullAt(BV, CtxI, DT, TLI)) 40 return true; 41 42 return false; 43 } 44 45 static bool isAligned(const Value *Base, APInt Offset, unsigned Align, 46 const DataLayout &DL) { 47 APInt BaseAlign(Offset.getBitWidth(), Base->getPointerAlignment(DL)); 48 49 if (!BaseAlign) { 50 Type *Ty = Base->getType()->getPointerElementType(); 51 if (!Ty->isSized()) 52 return false; 53 BaseAlign = DL.getABITypeAlignment(Ty); 54 } 55 56 APInt Alignment(Offset.getBitWidth(), Align); 57 58 assert(Alignment.isPowerOf2() && "must be a power of 2!"); 59 return BaseAlign.uge(Alignment) && !(Offset & (Alignment-1)); 60 } 61 62 static bool isAligned(const Value *Base, unsigned Align, const DataLayout &DL) { 63 Type *Ty = Base->getType(); 64 assert(Ty->isSized() && "must be sized"); 65 APInt Offset(DL.getTypeStoreSizeInBits(Ty), 0); 66 return isAligned(Base, Offset, Align, DL); 67 } 68 69 /// Test if V is always a pointer to allocated and suitably aligned memory for 70 /// a simple load or store. 71 static bool isDereferenceableAndAlignedPointer( 72 const Value *V, unsigned Align, APInt Size, const DataLayout &DL, 73 const Instruction *CtxI, const DominatorTree *DT, 74 const TargetLibraryInfo *TLI, SmallPtrSetImpl<const Value *> &Visited) { 75 // Note that it is not safe to speculate into a malloc'd region because 76 // malloc may return null. 77 78 bool CheckForNonNull; 79 if (V->isPointerDereferenceable(CheckForNonNull)) { 80 Type *ETy = V->getType()->getPointerElementType(); 81 if (ETy->isSized() && Size.ule(DL.getTypeStoreSize(ETy))) { 82 if (CheckForNonNull && !isKnownNonNullAt(V, CtxI, DT, TLI)) 83 return false; 84 return isAligned(V, Align, DL); 85 } 86 } 87 88 // bitcast instructions are no-ops as far as dereferenceability is concerned. 89 if (const BitCastOperator *BC = dyn_cast<BitCastOperator>(V)) 90 return isDereferenceableAndAlignedPointer(BC->getOperand(0), Align, Size, 91 DL, CtxI, DT, TLI, Visited); 92 93 if (isDereferenceableFromAttribute(V, Size, DL, CtxI, DT, TLI)) 94 return isAligned(V, Align, DL); 95 96 // For GEPs, determine if the indexing lands within the allocated object. 97 if (const GEPOperator *GEP = dyn_cast<GEPOperator>(V)) { 98 const Value *Base = GEP->getPointerOperand(); 99 100 APInt Offset(DL.getPointerTypeSizeInBits(GEP->getType()), 0); 101 if (!GEP->accumulateConstantOffset(DL, Offset) || Offset.isNegative() || 102 !Offset.urem(APInt(Offset.getBitWidth(), Align)).isMinValue()) 103 return false; 104 105 // If the base pointer is dereferenceable for Offset+Size bytes, then the 106 // GEP (== Base + Offset) is dereferenceable for Size bytes. If the base 107 // pointer is aligned to Align bytes, and the Offset is divisible by Align 108 // then the GEP (== Base + Offset == k_0 * Align + k_1 * Align) is also 109 // aligned to Align bytes. 110 111 return Visited.insert(Base).second && 112 isDereferenceableAndAlignedPointer(Base, Align, Offset + Size, DL, 113 CtxI, DT, TLI, Visited); 114 } 115 116 // For gc.relocate, look through relocations 117 if (const GCRelocateInst *RelocateInst = dyn_cast<GCRelocateInst>(V)) 118 return isDereferenceableAndAlignedPointer( 119 RelocateInst->getDerivedPtr(), Align, Size, DL, CtxI, DT, TLI, Visited); 120 121 if (const AddrSpaceCastInst *ASC = dyn_cast<AddrSpaceCastInst>(V)) 122 return isDereferenceableAndAlignedPointer(ASC->getOperand(0), Align, Size, 123 DL, CtxI, DT, TLI, Visited); 124 125 // If we don't know, assume the worst. 126 return false; 127 } 128 129 bool llvm::isDereferenceableAndAlignedPointer(const Value *V, unsigned Align, 130 const DataLayout &DL, 131 const Instruction *CtxI, 132 const DominatorTree *DT, 133 const TargetLibraryInfo *TLI) { 134 // When dereferenceability information is provided by a dereferenceable 135 // attribute, we know exactly how many bytes are dereferenceable. If we can 136 // determine the exact offset to the attributed variable, we can use that 137 // information here. 138 Type *VTy = V->getType(); 139 Type *Ty = VTy->getPointerElementType(); 140 141 // Require ABI alignment for loads without alignment specification 142 if (Align == 0) 143 Align = DL.getABITypeAlignment(Ty); 144 145 if (!Ty->isSized()) 146 return false; 147 148 SmallPtrSet<const Value *, 32> Visited; 149 return ::isDereferenceableAndAlignedPointer( 150 V, Align, APInt(DL.getTypeSizeInBits(VTy), DL.getTypeStoreSize(Ty)), DL, 151 CtxI, DT, TLI, Visited); 152 } 153 154 bool llvm::isDereferenceablePointer(const Value *V, const DataLayout &DL, 155 const Instruction *CtxI, 156 const DominatorTree *DT, 157 const TargetLibraryInfo *TLI) { 158 return isDereferenceableAndAlignedPointer(V, 1, DL, CtxI, DT, TLI); 159 } 160 161 /// \brief Test if A and B will obviously have the same value. 162 /// 163 /// This includes recognizing that %t0 and %t1 will have the same 164 /// value in code like this: 165 /// \code 166 /// %t0 = getelementptr \@a, 0, 3 167 /// store i32 0, i32* %t0 168 /// %t1 = getelementptr \@a, 0, 3 169 /// %t2 = load i32* %t1 170 /// \endcode 171 /// 172 static bool AreEquivalentAddressValues(const Value *A, const Value *B) { 173 // Test if the values are trivially equivalent. 174 if (A == B) 175 return true; 176 177 // Test if the values come from identical arithmetic instructions. 178 // Use isIdenticalToWhenDefined instead of isIdenticalTo because 179 // this function is only used when one address use dominates the 180 // other, which means that they'll always either have the same 181 // value or one of them will have an undefined value. 182 if (isa<BinaryOperator>(A) || isa<CastInst>(A) || isa<PHINode>(A) || 183 isa<GetElementPtrInst>(A)) 184 if (const Instruction *BI = dyn_cast<Instruction>(B)) 185 if (cast<Instruction>(A)->isIdenticalToWhenDefined(BI)) 186 return true; 187 188 // Otherwise they may not be equivalent. 189 return false; 190 } 191 192 /// \brief Check if executing a load of this pointer value cannot trap. 193 /// 194 /// If DT and ScanFrom are specified this method performs context-sensitive 195 /// analysis and returns true if it is safe to load immediately before ScanFrom. 196 /// 197 /// If it is not obviously safe to load from the specified pointer, we do 198 /// a quick local scan of the basic block containing \c ScanFrom, to determine 199 /// if the address is already accessed. 200 /// 201 /// This uses the pointee type to determine how many bytes need to be safe to 202 /// load from the pointer. 203 bool llvm::isSafeToLoadUnconditionally(Value *V, unsigned Align, 204 const DataLayout &DL, 205 Instruction *ScanFrom, 206 const DominatorTree *DT, 207 const TargetLibraryInfo *TLI) { 208 // Zero alignment means that the load has the ABI alignment for the target 209 if (Align == 0) 210 Align = DL.getABITypeAlignment(V->getType()->getPointerElementType()); 211 assert(isPowerOf2_32(Align)); 212 213 // If DT is not specified we can't make context-sensitive query 214 const Instruction* CtxI = DT ? ScanFrom : nullptr; 215 if (isDereferenceableAndAlignedPointer(V, Align, DL, CtxI, DT, TLI)) 216 return true; 217 218 int64_t ByteOffset = 0; 219 Value *Base = V; 220 Base = GetPointerBaseWithConstantOffset(V, ByteOffset, DL); 221 222 if (ByteOffset < 0) // out of bounds 223 return false; 224 225 Type *BaseType = nullptr; 226 unsigned BaseAlign = 0; 227 if (const AllocaInst *AI = dyn_cast<AllocaInst>(Base)) { 228 // An alloca is safe to load from as load as it is suitably aligned. 229 BaseType = AI->getAllocatedType(); 230 BaseAlign = AI->getAlignment(); 231 } else if (const GlobalVariable *GV = dyn_cast<GlobalVariable>(Base)) { 232 // Global variables are not necessarily safe to load from if they are 233 // interposed arbitrarily. Their size may change or they may be weak and 234 // require a test to determine if they were in fact provided. 235 if (!GV->isInterposable()) { 236 BaseType = GV->getType()->getElementType(); 237 BaseAlign = GV->getAlignment(); 238 } 239 } 240 241 PointerType *AddrTy = cast<PointerType>(V->getType()); 242 uint64_t LoadSize = DL.getTypeStoreSize(AddrTy->getElementType()); 243 244 // If we found a base allocated type from either an alloca or global variable, 245 // try to see if we are definitively within the allocated region. We need to 246 // know the size of the base type and the loaded type to do anything in this 247 // case. 248 if (BaseType && BaseType->isSized()) { 249 if (BaseAlign == 0) 250 BaseAlign = DL.getPrefTypeAlignment(BaseType); 251 252 if (Align <= BaseAlign) { 253 // Check if the load is within the bounds of the underlying object. 254 if (ByteOffset + LoadSize <= DL.getTypeAllocSize(BaseType) && 255 ((ByteOffset % Align) == 0)) 256 return true; 257 } 258 } 259 260 if (!ScanFrom) 261 return false; 262 263 // Otherwise, be a little bit aggressive by scanning the local block where we 264 // want to check to see if the pointer is already being loaded or stored 265 // from/to. If so, the previous load or store would have already trapped, 266 // so there is no harm doing an extra load (also, CSE will later eliminate 267 // the load entirely). 268 BasicBlock::iterator BBI = ScanFrom->getIterator(), 269 E = ScanFrom->getParent()->begin(); 270 271 // We can at least always strip pointer casts even though we can't use the 272 // base here. 273 V = V->stripPointerCasts(); 274 275 while (BBI != E) { 276 --BBI; 277 278 // If we see a free or a call which may write to memory (i.e. which might do 279 // a free) the pointer could be marked invalid. 280 if (isa<CallInst>(BBI) && BBI->mayWriteToMemory() && 281 !isa<DbgInfoIntrinsic>(BBI)) 282 return false; 283 284 Value *AccessedPtr; 285 unsigned AccessedAlign; 286 if (LoadInst *LI = dyn_cast<LoadInst>(BBI)) { 287 AccessedPtr = LI->getPointerOperand(); 288 AccessedAlign = LI->getAlignment(); 289 } else if (StoreInst *SI = dyn_cast<StoreInst>(BBI)) { 290 AccessedPtr = SI->getPointerOperand(); 291 AccessedAlign = SI->getAlignment(); 292 } else 293 continue; 294 295 Type *AccessedTy = AccessedPtr->getType()->getPointerElementType(); 296 if (AccessedAlign == 0) 297 AccessedAlign = DL.getABITypeAlignment(AccessedTy); 298 if (AccessedAlign < Align) 299 continue; 300 301 // Handle trivial cases. 302 if (AccessedPtr == V) 303 return true; 304 305 if (AreEquivalentAddressValues(AccessedPtr->stripPointerCasts(), V) && 306 LoadSize <= DL.getTypeStoreSize(AccessedTy)) 307 return true; 308 } 309 return false; 310 } 311 312 /// DefMaxInstsToScan - the default number of maximum instructions 313 /// to scan in the block, used by FindAvailableLoadedValue(). 314 /// FindAvailableLoadedValue() was introduced in r60148, to improve jump 315 /// threading in part by eliminating partially redundant loads. 316 /// At that point, the value of MaxInstsToScan was already set to '6' 317 /// without documented explanation. 318 cl::opt<unsigned> 319 llvm::DefMaxInstsToScan("available-load-scan-limit", cl::init(6), cl::Hidden, 320 cl::desc("Use this to specify the default maximum number of instructions " 321 "to scan backward from a given instruction, when searching for " 322 "available loaded value")); 323 324 /// \brief Scan the ScanBB block backwards to see if we have the value at the 325 /// memory address *Ptr locally available within a small number of instructions. 326 /// 327 /// The scan starts from \c ScanFrom. \c MaxInstsToScan specifies the maximum 328 /// instructions to scan in the block. If it is set to \c 0, it will scan the whole 329 /// block. 330 /// 331 /// If the value is available, this function returns it. If not, it returns the 332 /// iterator for the last validated instruction that the value would be live 333 /// through. If we scanned the entire block and didn't find something that 334 /// invalidates \c *Ptr or provides it, \c ScanFrom is left at the last 335 /// instruction processed and this returns null. 336 /// 337 /// You can also optionally specify an alias analysis implementation, which 338 /// makes this more precise. 339 /// 340 /// If \c AATags is non-null and a load or store is found, the AA tags from the 341 /// load or store are recorded there. If there are no AA tags or if no access is 342 /// found, it is left unmodified. 343 Value *llvm::FindAvailableLoadedValue(LoadInst *Load, BasicBlock *ScanBB, 344 BasicBlock::iterator &ScanFrom, 345 unsigned MaxInstsToScan, 346 AliasAnalysis *AA, AAMDNodes *AATags) { 347 if (MaxInstsToScan == 0) 348 MaxInstsToScan = ~0U; 349 350 Value *Ptr = Load->getPointerOperand(); 351 Type *AccessTy = Load->getType(); 352 353 // We can never remove a volatile load 354 if (Load->isVolatile()) 355 return nullptr; 356 357 // Anything stronger than unordered is currently unimplemented. 358 if (!Load->isUnordered()) 359 return nullptr; 360 361 const DataLayout &DL = ScanBB->getModule()->getDataLayout(); 362 363 // Try to get the store size for the type. 364 uint64_t AccessSize = DL.getTypeStoreSize(AccessTy); 365 366 Value *StrippedPtr = Ptr->stripPointerCasts(); 367 368 while (ScanFrom != ScanBB->begin()) { 369 // We must ignore debug info directives when counting (otherwise they 370 // would affect codegen). 371 Instruction *Inst = &*--ScanFrom; 372 if (isa<DbgInfoIntrinsic>(Inst)) 373 continue; 374 375 // Restore ScanFrom to expected value in case next test succeeds 376 ScanFrom++; 377 378 // Don't scan huge blocks. 379 if (MaxInstsToScan-- == 0) 380 return nullptr; 381 382 --ScanFrom; 383 // If this is a load of Ptr, the loaded value is available. 384 // (This is true even if the load is volatile or atomic, although 385 // those cases are unlikely.) 386 if (LoadInst *LI = dyn_cast<LoadInst>(Inst)) 387 if (AreEquivalentAddressValues( 388 LI->getPointerOperand()->stripPointerCasts(), StrippedPtr) && 389 CastInst::isBitOrNoopPointerCastable(LI->getType(), AccessTy, DL)) { 390 391 // We can value forward from an atomic to a non-atomic, but not the 392 // other way around. 393 if (LI->isAtomic() < Load->isAtomic()) 394 return nullptr; 395 396 if (AATags) 397 LI->getAAMetadata(*AATags); 398 return LI; 399 } 400 401 if (StoreInst *SI = dyn_cast<StoreInst>(Inst)) { 402 Value *StorePtr = SI->getPointerOperand()->stripPointerCasts(); 403 // If this is a store through Ptr, the value is available! 404 // (This is true even if the store is volatile or atomic, although 405 // those cases are unlikely.) 406 if (AreEquivalentAddressValues(StorePtr, StrippedPtr) && 407 CastInst::isBitOrNoopPointerCastable(SI->getValueOperand()->getType(), 408 AccessTy, DL)) { 409 410 // We can value forward from an atomic to a non-atomic, but not the 411 // other way around. 412 if (SI->isAtomic() < Load->isAtomic()) 413 return nullptr; 414 415 if (AATags) 416 SI->getAAMetadata(*AATags); 417 return SI->getOperand(0); 418 } 419 420 // If both StrippedPtr and StorePtr reach all the way to an alloca or 421 // global and they are different, ignore the store. This is a trivial form 422 // of alias analysis that is important for reg2mem'd code. 423 if ((isa<AllocaInst>(StrippedPtr) || isa<GlobalVariable>(StrippedPtr)) && 424 (isa<AllocaInst>(StorePtr) || isa<GlobalVariable>(StorePtr)) && 425 StrippedPtr != StorePtr) 426 continue; 427 428 // If we have alias analysis and it says the store won't modify the loaded 429 // value, ignore the store. 430 if (AA && (AA->getModRefInfo(SI, StrippedPtr, AccessSize) & MRI_Mod) == 0) 431 continue; 432 433 // Otherwise the store that may or may not alias the pointer, bail out. 434 ++ScanFrom; 435 return nullptr; 436 } 437 438 // If this is some other instruction that may clobber Ptr, bail out. 439 if (Inst->mayWriteToMemory()) { 440 // If alias analysis claims that it really won't modify the load, 441 // ignore it. 442 if (AA && 443 (AA->getModRefInfo(Inst, StrippedPtr, AccessSize) & MRI_Mod) == 0) 444 continue; 445 446 // May modify the pointer, bail out. 447 ++ScanFrom; 448 return nullptr; 449 } 450 } 451 452 // Got to the start of the block, we didn't find it, but are done for this 453 // block. 454 return nullptr; 455 } 456