1 //===----- X86CallFrameOptimization.cpp - Optimize x86 call sequences -----===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file defines a pass that optimizes call sequences on x86. 11 // Currently, it converts movs of function parameters onto the stack into 12 // pushes. This is beneficial for two main reasons: 13 // 1) The push instruction encoding is much smaller than a stack-ptr-based mov. 14 // 2) It is possible to push memory arguments directly. So, if the 15 // the transformation is performed pre-reg-alloc, it can help relieve 16 // register pressure. 17 // 18 //===----------------------------------------------------------------------===// 19 20 #include "MCTargetDesc/X86BaseInfo.h" 21 #include "X86FrameLowering.h" 22 #include "X86InstrInfo.h" 23 #include "X86MachineFunctionInfo.h" 24 #include "X86RegisterInfo.h" 25 #include "X86Subtarget.h" 26 #include "llvm/ADT/DenseSet.h" 27 #include "llvm/ADT/SmallVector.h" 28 #include "llvm/ADT/StringRef.h" 29 #include "llvm/CodeGen/MachineBasicBlock.h" 30 #include "llvm/CodeGen/MachineFrameInfo.h" 31 #include "llvm/CodeGen/MachineFunction.h" 32 #include "llvm/CodeGen/MachineFunctionPass.h" 33 #include "llvm/CodeGen/MachineInstr.h" 34 #include "llvm/CodeGen/MachineInstrBuilder.h" 35 #include "llvm/CodeGen/MachineOperand.h" 36 #include "llvm/CodeGen/MachineRegisterInfo.h" 37 #include "llvm/IR/DebugLoc.h" 38 #include "llvm/IR/Function.h" 39 #include "llvm/MC/MCDwarf.h" 40 #include "llvm/Support/CommandLine.h" 41 #include "llvm/Support/ErrorHandling.h" 42 #include "llvm/Support/MathExtras.h" 43 #include "llvm/Target/TargetInstrInfo.h" 44 #include "llvm/Target/TargetRegisterInfo.h" 45 #include <cassert> 46 #include <cstddef> 47 #include <cstdint> 48 #include <iterator> 49 50 using namespace llvm; 51 52 #define DEBUG_TYPE "x86-cf-opt" 53 54 static cl::opt<bool> 55 NoX86CFOpt("no-x86-call-frame-opt", 56 cl::desc("Avoid optimizing x86 call frames for size"), 57 cl::init(false), cl::Hidden); 58 59 namespace { 60 61 class X86CallFrameOptimization : public MachineFunctionPass { 62 public: 63 X86CallFrameOptimization() : MachineFunctionPass(ID) {} 64 65 bool runOnMachineFunction(MachineFunction &MF) override; 66 67 private: 68 // Information we know about a particular call site 69 struct CallContext { 70 CallContext() : FrameSetup(nullptr), MovVector(4, nullptr) {} 71 72 // Iterator referring to the frame setup instruction 73 MachineBasicBlock::iterator FrameSetup; 74 75 // Actual call instruction 76 MachineInstr *Call = nullptr; 77 78 // A copy of the stack pointer 79 MachineInstr *SPCopy = nullptr; 80 81 // The total displacement of all passed parameters 82 int64_t ExpectedDist = 0; 83 84 // The sequence of movs used to pass the parameters 85 SmallVector<MachineInstr *, 4> MovVector; 86 87 // True if this call site has no stack parameters 88 bool NoStackParams = false; 89 90 // True if this call site can use push instructions 91 bool UsePush = false; 92 }; 93 94 typedef SmallVector<CallContext, 8> ContextVector; 95 96 bool isLegal(MachineFunction &MF); 97 98 bool isProfitable(MachineFunction &MF, ContextVector &CallSeqMap); 99 100 void collectCallInfo(MachineFunction &MF, MachineBasicBlock &MBB, 101 MachineBasicBlock::iterator I, CallContext &Context); 102 103 void adjustCallSequence(MachineFunction &MF, const CallContext &Context); 104 105 MachineInstr *canFoldIntoRegPush(MachineBasicBlock::iterator FrameSetup, 106 unsigned Reg); 107 108 enum InstClassification { Convert, Skip, Exit }; 109 110 InstClassification classifyInstruction(MachineBasicBlock &MBB, 111 MachineBasicBlock::iterator MI, 112 const X86RegisterInfo &RegInfo, 113 DenseSet<unsigned int> &UsedRegs); 114 115 StringRef getPassName() const override { return "X86 Optimize Call Frame"; } 116 117 const X86InstrInfo *TII; 118 const X86FrameLowering *TFL; 119 const X86Subtarget *STI; 120 MachineRegisterInfo *MRI; 121 unsigned SlotSize; 122 unsigned Log2SlotSize; 123 static char ID; 124 }; 125 126 char X86CallFrameOptimization::ID = 0; 127 128 } // end anonymous namespace 129 130 // This checks whether the transformation is legal. 131 // Also returns false in cases where it's potentially legal, but 132 // we don't even want to try. 133 bool X86CallFrameOptimization::isLegal(MachineFunction &MF) { 134 if (NoX86CFOpt.getValue()) 135 return false; 136 137 // We can't encode multiple DW_CFA_GNU_args_size or DW_CFA_def_cfa_offset 138 // in the compact unwind encoding that Darwin uses. So, bail if there 139 // is a danger of that being generated. 140 if (STI->isTargetDarwin() && 141 (!MF.getLandingPads().empty() || 142 (MF.getFunction()->needsUnwindTableEntry() && !TFL->hasFP(MF)))) 143 return false; 144 145 // It is not valid to change the stack pointer outside the prolog/epilog 146 // on 64-bit Windows. 147 if (STI->isTargetWin64()) 148 return false; 149 150 // You would expect straight-line code between call-frame setup and 151 // call-frame destroy. You would be wrong. There are circumstances (e.g. 152 // CMOV_GR8 expansion of a select that feeds a function call!) where we can 153 // end up with the setup and the destroy in different basic blocks. 154 // This is bad, and breaks SP adjustment. 155 // So, check that all of the frames in the function are closed inside 156 // the same block, and, for good measure, that there are no nested frames. 157 unsigned FrameSetupOpcode = TII->getCallFrameSetupOpcode(); 158 unsigned FrameDestroyOpcode = TII->getCallFrameDestroyOpcode(); 159 for (MachineBasicBlock &BB : MF) { 160 bool InsideFrameSequence = false; 161 for (MachineInstr &MI : BB) { 162 if (MI.getOpcode() == FrameSetupOpcode) { 163 if (InsideFrameSequence) 164 return false; 165 InsideFrameSequence = true; 166 } else if (MI.getOpcode() == FrameDestroyOpcode) { 167 if (!InsideFrameSequence) 168 return false; 169 InsideFrameSequence = false; 170 } 171 } 172 173 if (InsideFrameSequence) 174 return false; 175 } 176 177 return true; 178 } 179 180 // Check whether this transformation is profitable for a particular 181 // function - in terms of code size. 182 bool X86CallFrameOptimization::isProfitable(MachineFunction &MF, 183 ContextVector &CallSeqVector) { 184 // This transformation is always a win when we do not expect to have 185 // a reserved call frame. Under other circumstances, it may be either 186 // a win or a loss, and requires a heuristic. 187 bool CannotReserveFrame = MF.getFrameInfo().hasVarSizedObjects(); 188 if (CannotReserveFrame) 189 return true; 190 191 unsigned StackAlign = TFL->getStackAlignment(); 192 193 int64_t Advantage = 0; 194 for (auto CC : CallSeqVector) { 195 // Call sites where no parameters are passed on the stack 196 // do not affect the cost, since there needs to be no 197 // stack adjustment. 198 if (CC.NoStackParams) 199 continue; 200 201 if (!CC.UsePush) { 202 // If we don't use pushes for a particular call site, 203 // we pay for not having a reserved call frame with an 204 // additional sub/add esp pair. The cost is ~3 bytes per instruction, 205 // depending on the size of the constant. 206 // TODO: Callee-pop functions should have a smaller penalty, because 207 // an add is needed even with a reserved call frame. 208 Advantage -= 6; 209 } else { 210 // We can use pushes. First, account for the fixed costs. 211 // We'll need a add after the call. 212 Advantage -= 3; 213 // If we have to realign the stack, we'll also need a sub before 214 if (CC.ExpectedDist % StackAlign) 215 Advantage -= 3; 216 // Now, for each push, we save ~3 bytes. For small constants, we actually, 217 // save more (up to 5 bytes), but 3 should be a good approximation. 218 Advantage += (CC.ExpectedDist >> Log2SlotSize) * 3; 219 } 220 } 221 222 return Advantage >= 0; 223 } 224 225 bool X86CallFrameOptimization::runOnMachineFunction(MachineFunction &MF) { 226 STI = &MF.getSubtarget<X86Subtarget>(); 227 TII = STI->getInstrInfo(); 228 TFL = STI->getFrameLowering(); 229 MRI = &MF.getRegInfo(); 230 231 const X86RegisterInfo &RegInfo = 232 *static_cast<const X86RegisterInfo *>(STI->getRegisterInfo()); 233 SlotSize = RegInfo.getSlotSize(); 234 assert(isPowerOf2_32(SlotSize) && "Expect power of 2 stack slot size"); 235 Log2SlotSize = Log2_32(SlotSize); 236 237 if (skipFunction(*MF.getFunction()) || !isLegal(MF)) 238 return false; 239 240 unsigned FrameSetupOpcode = TII->getCallFrameSetupOpcode(); 241 242 bool Changed = false; 243 244 ContextVector CallSeqVector; 245 246 for (auto &MBB : MF) 247 for (auto &MI : MBB) 248 if (MI.getOpcode() == FrameSetupOpcode) { 249 CallContext Context; 250 collectCallInfo(MF, MBB, MI, Context); 251 CallSeqVector.push_back(Context); 252 } 253 254 if (!isProfitable(MF, CallSeqVector)) 255 return false; 256 257 for (auto CC : CallSeqVector) { 258 if (CC.UsePush) { 259 adjustCallSequence(MF, CC); 260 Changed = true; 261 } 262 } 263 264 return Changed; 265 } 266 267 X86CallFrameOptimization::InstClassification 268 X86CallFrameOptimization::classifyInstruction( 269 MachineBasicBlock &MBB, MachineBasicBlock::iterator MI, 270 const X86RegisterInfo &RegInfo, DenseSet<unsigned int> &UsedRegs) { 271 if (MI == MBB.end()) 272 return Exit; 273 274 // The instructions we actually care about are movs onto the stack 275 int Opcode = MI->getOpcode(); 276 if (Opcode == X86::MOV32mi || Opcode == X86::MOV32mr || 277 Opcode == X86::MOV64mi32 || Opcode == X86::MOV64mr) 278 return Convert; 279 280 // Not all calling conventions have only stack MOVs between the stack 281 // adjust and the call. 282 283 // We want to tolerate other instructions, to cover more cases. 284 // In particular: 285 // a) PCrel calls, where we expect an additional COPY of the basereg. 286 // b) Passing frame-index addresses. 287 // c) Calling conventions that have inreg parameters. These generate 288 // both copies and movs into registers. 289 // To avoid creating lots of special cases, allow any instruction 290 // that does not write into memory, does not def or use the stack 291 // pointer, and does not def any register that was used by a preceding 292 // push. 293 // (Reading from memory is allowed, even if referenced through a 294 // frame index, since these will get adjusted properly in PEI) 295 296 // The reason for the last condition is that the pushes can't replace 297 // the movs in place, because the order must be reversed. 298 // So if we have a MOV32mr that uses EDX, then an instruction that defs 299 // EDX, and then the call, after the transformation the push will use 300 // the modified version of EDX, and not the original one. 301 // Since we are still in SSA form at this point, we only need to 302 // make sure we don't clobber any *physical* registers that were 303 // used by an earlier mov that will become a push. 304 305 if (MI->isCall() || MI->mayStore()) 306 return Exit; 307 308 for (const MachineOperand &MO : MI->operands()) { 309 if (!MO.isReg()) 310 continue; 311 unsigned int Reg = MO.getReg(); 312 if (!RegInfo.isPhysicalRegister(Reg)) 313 continue; 314 if (RegInfo.regsOverlap(Reg, RegInfo.getStackRegister())) 315 return Exit; 316 if (MO.isDef()) { 317 for (unsigned int U : UsedRegs) 318 if (RegInfo.regsOverlap(Reg, U)) 319 return Exit; 320 } 321 } 322 323 return Skip; 324 } 325 326 void X86CallFrameOptimization::collectCallInfo(MachineFunction &MF, 327 MachineBasicBlock &MBB, 328 MachineBasicBlock::iterator I, 329 CallContext &Context) { 330 // Check that this particular call sequence is amenable to the 331 // transformation. 332 const X86RegisterInfo &RegInfo = 333 *static_cast<const X86RegisterInfo *>(STI->getRegisterInfo()); 334 335 // We expect to enter this at the beginning of a call sequence 336 assert(I->getOpcode() == TII->getCallFrameSetupOpcode()); 337 MachineBasicBlock::iterator FrameSetup = I++; 338 Context.FrameSetup = FrameSetup; 339 340 // How much do we adjust the stack? This puts an upper bound on 341 // the number of parameters actually passed on it. 342 unsigned int MaxAdjust = TII->getFrameSize(*FrameSetup) >> Log2SlotSize; 343 344 // A zero adjustment means no stack parameters 345 if (!MaxAdjust) { 346 Context.NoStackParams = true; 347 return; 348 } 349 350 // Skip over DEBUG_VALUE. 351 // For globals in PIC mode, we can have some LEAs here. Skip them as well. 352 // TODO: Extend this to something that covers more cases. 353 while (I->getOpcode() == X86::LEA32r || I->isDebugValue()) 354 ++I; 355 356 unsigned StackPtr = RegInfo.getStackRegister(); 357 // SelectionDAG (but not FastISel) inserts a copy of ESP into a virtual 358 // register here. If it's there, use that virtual register as stack pointer 359 // instead. 360 if (I->isCopy() && I->getOperand(0).isReg() && I->getOperand(1).isReg() && 361 I->getOperand(1).getReg() == StackPtr) { 362 Context.SPCopy = &*I++; 363 StackPtr = Context.SPCopy->getOperand(0).getReg(); 364 } 365 366 // Scan the call setup sequence for the pattern we're looking for. 367 // We only handle a simple case - a sequence of store instructions that 368 // push a sequence of stack-slot-aligned values onto the stack, with 369 // no gaps between them. 370 if (MaxAdjust > 4) 371 Context.MovVector.resize(MaxAdjust, nullptr); 372 373 InstClassification Classification; 374 DenseSet<unsigned int> UsedRegs; 375 376 while ((Classification = classifyInstruction(MBB, I, RegInfo, UsedRegs)) != 377 Exit) { 378 if (Classification == Skip) { 379 ++I; 380 continue; 381 } 382 383 // We know the instruction has a supported store opcode. 384 // We only want movs of the form: 385 // mov imm/reg, k(%StackPtr) 386 // If we run into something else, bail. 387 // Note that AddrBaseReg may, counter to its name, not be a register, 388 // but rather a frame index. 389 // TODO: Support the fi case. This should probably work now that we 390 // have the infrastructure to track the stack pointer within a call 391 // sequence. 392 if (!I->getOperand(X86::AddrBaseReg).isReg() || 393 (I->getOperand(X86::AddrBaseReg).getReg() != StackPtr) || 394 !I->getOperand(X86::AddrScaleAmt).isImm() || 395 (I->getOperand(X86::AddrScaleAmt).getImm() != 1) || 396 (I->getOperand(X86::AddrIndexReg).getReg() != X86::NoRegister) || 397 (I->getOperand(X86::AddrSegmentReg).getReg() != X86::NoRegister) || 398 !I->getOperand(X86::AddrDisp).isImm()) 399 return; 400 401 int64_t StackDisp = I->getOperand(X86::AddrDisp).getImm(); 402 assert(StackDisp >= 0 && 403 "Negative stack displacement when passing parameters"); 404 405 // We really don't want to consider the unaligned case. 406 if (StackDisp & (SlotSize - 1)) 407 return; 408 StackDisp >>= Log2SlotSize; 409 410 assert((size_t)StackDisp < Context.MovVector.size() && 411 "Function call has more parameters than the stack is adjusted for."); 412 413 // If the same stack slot is being filled twice, something's fishy. 414 if (Context.MovVector[StackDisp] != nullptr) 415 return; 416 Context.MovVector[StackDisp] = &*I; 417 418 for (const MachineOperand &MO : I->uses()) { 419 if (!MO.isReg()) 420 continue; 421 unsigned int Reg = MO.getReg(); 422 if (RegInfo.isPhysicalRegister(Reg)) 423 UsedRegs.insert(Reg); 424 } 425 426 ++I; 427 } 428 429 // We now expect the end of the sequence. If we stopped early, 430 // or reached the end of the block without finding a call, bail. 431 if (I == MBB.end() || !I->isCall()) 432 return; 433 434 Context.Call = &*I; 435 if ((++I)->getOpcode() != TII->getCallFrameDestroyOpcode()) 436 return; 437 438 // Now, go through the vector, and see that we don't have any gaps, 439 // but only a series of MOVs. 440 auto MMI = Context.MovVector.begin(), MME = Context.MovVector.end(); 441 for (; MMI != MME; ++MMI, Context.ExpectedDist += SlotSize) 442 if (*MMI == nullptr) 443 break; 444 445 // If the call had no parameters, do nothing 446 if (MMI == Context.MovVector.begin()) 447 return; 448 449 // We are either at the last parameter, or a gap. 450 // Make sure it's not a gap 451 for (; MMI != MME; ++MMI) 452 if (*MMI != nullptr) 453 return; 454 455 Context.UsePush = true; 456 } 457 458 void X86CallFrameOptimization::adjustCallSequence(MachineFunction &MF, 459 const CallContext &Context) { 460 // Ok, we can in fact do the transformation for this call. 461 // Do not remove the FrameSetup instruction, but adjust the parameters. 462 // PEI will end up finalizing the handling of this. 463 MachineBasicBlock::iterator FrameSetup = Context.FrameSetup; 464 MachineBasicBlock &MBB = *(FrameSetup->getParent()); 465 TII->setFrameAdjustment(*FrameSetup, Context.ExpectedDist); 466 467 DebugLoc DL = FrameSetup->getDebugLoc(); 468 bool Is64Bit = STI->is64Bit(); 469 // Now, iterate through the vector in reverse order, and replace the movs 470 // with pushes. MOVmi/MOVmr doesn't have any defs, so no need to 471 // replace uses. 472 for (int Idx = (Context.ExpectedDist >> Log2SlotSize) - 1; Idx >= 0; --Idx) { 473 MachineBasicBlock::iterator MOV = *Context.MovVector[Idx]; 474 MachineOperand PushOp = MOV->getOperand(X86::AddrNumOperands); 475 MachineBasicBlock::iterator Push = nullptr; 476 unsigned PushOpcode; 477 switch (MOV->getOpcode()) { 478 default: 479 llvm_unreachable("Unexpected Opcode!"); 480 case X86::MOV32mi: 481 case X86::MOV64mi32: 482 PushOpcode = Is64Bit ? X86::PUSH64i32 : X86::PUSHi32; 483 // If the operand is a small (8-bit) immediate, we can use a 484 // PUSH instruction with a shorter encoding. 485 // Note that isImm() may fail even though this is a MOVmi, because 486 // the operand can also be a symbol. 487 if (PushOp.isImm()) { 488 int64_t Val = PushOp.getImm(); 489 if (isInt<8>(Val)) 490 PushOpcode = Is64Bit ? X86::PUSH64i8 : X86::PUSH32i8; 491 } 492 Push = BuildMI(MBB, Context.Call, DL, TII->get(PushOpcode)).add(PushOp); 493 break; 494 case X86::MOV32mr: 495 case X86::MOV64mr: { 496 unsigned int Reg = PushOp.getReg(); 497 498 // If storing a 32-bit vreg on 64-bit targets, extend to a 64-bit vreg 499 // in preparation for the PUSH64. The upper 32 bits can be undef. 500 if (Is64Bit && MOV->getOpcode() == X86::MOV32mr) { 501 unsigned UndefReg = MRI->createVirtualRegister(&X86::GR64RegClass); 502 Reg = MRI->createVirtualRegister(&X86::GR64RegClass); 503 BuildMI(MBB, Context.Call, DL, TII->get(X86::IMPLICIT_DEF), UndefReg); 504 BuildMI(MBB, Context.Call, DL, TII->get(X86::INSERT_SUBREG), Reg) 505 .addReg(UndefReg) 506 .add(PushOp) 507 .addImm(X86::sub_32bit); 508 } 509 510 // If PUSHrmm is not slow on this target, try to fold the source of the 511 // push into the instruction. 512 bool SlowPUSHrmm = STI->isAtom() || STI->isSLM(); 513 514 // Check that this is legal to fold. Right now, we're extremely 515 // conservative about that. 516 MachineInstr *DefMov = nullptr; 517 if (!SlowPUSHrmm && (DefMov = canFoldIntoRegPush(FrameSetup, Reg))) { 518 PushOpcode = Is64Bit ? X86::PUSH64rmm : X86::PUSH32rmm; 519 Push = BuildMI(MBB, Context.Call, DL, TII->get(PushOpcode)); 520 521 unsigned NumOps = DefMov->getDesc().getNumOperands(); 522 for (unsigned i = NumOps - X86::AddrNumOperands; i != NumOps; ++i) 523 Push->addOperand(DefMov->getOperand(i)); 524 525 DefMov->eraseFromParent(); 526 } else { 527 PushOpcode = Is64Bit ? X86::PUSH64r : X86::PUSH32r; 528 Push = BuildMI(MBB, Context.Call, DL, TII->get(PushOpcode)) 529 .addReg(Reg) 530 .getInstr(); 531 } 532 break; 533 } 534 } 535 536 // For debugging, when using SP-based CFA, we need to adjust the CFA 537 // offset after each push. 538 // TODO: This is needed only if we require precise CFA. 539 if (!TFL->hasFP(MF)) 540 TFL->BuildCFI( 541 MBB, std::next(Push), DL, 542 MCCFIInstruction::createAdjustCfaOffset(nullptr, SlotSize)); 543 544 MBB.erase(MOV); 545 } 546 547 // The stack-pointer copy is no longer used in the call sequences. 548 // There should not be any other users, but we can't commit to that, so: 549 if (Context.SPCopy && MRI->use_empty(Context.SPCopy->getOperand(0).getReg())) 550 Context.SPCopy->eraseFromParent(); 551 552 // Once we've done this, we need to make sure PEI doesn't assume a reserved 553 // frame. 554 X86MachineFunctionInfo *FuncInfo = MF.getInfo<X86MachineFunctionInfo>(); 555 FuncInfo->setHasPushSequences(true); 556 } 557 558 MachineInstr *X86CallFrameOptimization::canFoldIntoRegPush( 559 MachineBasicBlock::iterator FrameSetup, unsigned Reg) { 560 // Do an extremely restricted form of load folding. 561 // ISel will often create patterns like: 562 // movl 4(%edi), %eax 563 // movl 8(%edi), %ecx 564 // movl 12(%edi), %edx 565 // movl %edx, 8(%esp) 566 // movl %ecx, 4(%esp) 567 // movl %eax, (%esp) 568 // call 569 // Get rid of those with prejudice. 570 if (!TargetRegisterInfo::isVirtualRegister(Reg)) 571 return nullptr; 572 573 // Make sure this is the only use of Reg. 574 if (!MRI->hasOneNonDBGUse(Reg)) 575 return nullptr; 576 577 MachineInstr &DefMI = *MRI->getVRegDef(Reg); 578 579 // Make sure the def is a MOV from memory. 580 // If the def is in another block, give up. 581 if ((DefMI.getOpcode() != X86::MOV32rm && 582 DefMI.getOpcode() != X86::MOV64rm) || 583 DefMI.getParent() != FrameSetup->getParent()) 584 return nullptr; 585 586 // Make sure we don't have any instructions between DefMI and the 587 // push that make folding the load illegal. 588 for (MachineBasicBlock::iterator I = DefMI; I != FrameSetup; ++I) 589 if (I->isLoadFoldBarrier()) 590 return nullptr; 591 592 return &DefMI; 593 } 594 595 FunctionPass *llvm::createX86CallFrameOptimization() { 596 return new X86CallFrameOptimization(); 597 } 598