1 //===- ArgumentPromotion.cpp - Promote by-reference arguments -------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This pass promotes "by reference" arguments to be "by value" arguments. In 10 // practice, this means looking for internal functions that have pointer 11 // arguments. If it can prove, through the use of alias analysis, that an 12 // argument is *only* loaded, then it can pass the value into the function 13 // instead of the address of the value. This can cause recursive simplification 14 // of code and lead to the elimination of allocas (especially in C++ template 15 // code like the STL). 16 // 17 // This pass also handles aggregate arguments that are passed into a function, 18 // scalarizing them if the elements of the aggregate are only loaded. Note that 19 // by default it refuses to scalarize aggregates which would require passing in 20 // more than three operands to the function, because passing thousands of 21 // operands for a large array or structure is unprofitable! This limit can be 22 // configured or disabled, however. 23 // 24 // Note that this transformation could also be done for arguments that are only 25 // stored to (returning the value instead), but does not currently. This case 26 // would be best handled when and if LLVM begins supporting multiple return 27 // values from functions. 28 // 29 //===----------------------------------------------------------------------===// 30 31 #include "llvm/Transforms/IPO/ArgumentPromotion.h" 32 #include "llvm/ADT/DepthFirstIterator.h" 33 #include "llvm/ADT/None.h" 34 #include "llvm/ADT/Optional.h" 35 #include "llvm/ADT/STLExtras.h" 36 #include "llvm/ADT/SmallPtrSet.h" 37 #include "llvm/ADT/SmallVector.h" 38 #include "llvm/ADT/Statistic.h" 39 #include "llvm/ADT/StringExtras.h" 40 #include "llvm/ADT/Twine.h" 41 #include "llvm/Analysis/AliasAnalysis.h" 42 #include "llvm/Analysis/AssumptionCache.h" 43 #include "llvm/Analysis/BasicAliasAnalysis.h" 44 #include "llvm/Analysis/CGSCCPassManager.h" 45 #include "llvm/Analysis/CallGraph.h" 46 #include "llvm/Analysis/CallGraphSCCPass.h" 47 #include "llvm/Analysis/LazyCallGraph.h" 48 #include "llvm/Analysis/Loads.h" 49 #include "llvm/Analysis/MemoryLocation.h" 50 #include "llvm/Analysis/TargetLibraryInfo.h" 51 #include "llvm/Analysis/TargetTransformInfo.h" 52 #include "llvm/IR/Argument.h" 53 #include "llvm/IR/Attributes.h" 54 #include "llvm/IR/BasicBlock.h" 55 #include "llvm/IR/CFG.h" 56 #include "llvm/IR/CallSite.h" 57 #include "llvm/IR/Constants.h" 58 #include "llvm/IR/DataLayout.h" 59 #include "llvm/IR/DerivedTypes.h" 60 #include "llvm/IR/Function.h" 61 #include "llvm/IR/IRBuilder.h" 62 #include "llvm/IR/InstrTypes.h" 63 #include "llvm/IR/Instruction.h" 64 #include "llvm/IR/Instructions.h" 65 #include "llvm/IR/Metadata.h" 66 #include "llvm/IR/Module.h" 67 #include "llvm/IR/NoFolder.h" 68 #include "llvm/IR/PassManager.h" 69 #include "llvm/IR/Type.h" 70 #include "llvm/IR/Use.h" 71 #include "llvm/IR/User.h" 72 #include "llvm/IR/Value.h" 73 #include "llvm/Pass.h" 74 #include "llvm/Support/Casting.h" 75 #include "llvm/Support/Debug.h" 76 #include "llvm/Support/raw_ostream.h" 77 #include "llvm/Transforms/IPO.h" 78 #include <algorithm> 79 #include <cassert> 80 #include <cstdint> 81 #include <functional> 82 #include <iterator> 83 #include <map> 84 #include <set> 85 #include <string> 86 #include <utility> 87 #include <vector> 88 89 using namespace llvm; 90 91 #define DEBUG_TYPE "argpromotion" 92 93 STATISTIC(NumArgumentsPromoted, "Number of pointer arguments promoted"); 94 STATISTIC(NumAggregatesPromoted, "Number of aggregate arguments promoted"); 95 STATISTIC(NumByValArgsPromoted, "Number of byval arguments promoted"); 96 STATISTIC(NumArgumentsDead, "Number of dead pointer args eliminated"); 97 98 /// A vector used to hold the indices of a single GEP instruction 99 using IndicesVector = std::vector<uint64_t>; 100 101 /// DoPromotion - This method actually performs the promotion of the specified 102 /// arguments, and returns the new function. At this point, we know that it's 103 /// safe to do so. 104 static Function * 105 doPromotion(Function *F, SmallPtrSetImpl<Argument *> &ArgsToPromote, 106 SmallPtrSetImpl<Argument *> &ByValArgsToTransform, 107 Optional<function_ref<void(CallSite OldCS, CallSite NewCS)>> 108 ReplaceCallSite) { 109 // Start by computing a new prototype for the function, which is the same as 110 // the old function, but has modified arguments. 111 FunctionType *FTy = F->getFunctionType(); 112 std::vector<Type *> Params; 113 114 using ScalarizeTable = std::set<std::pair<Type *, IndicesVector>>; 115 116 // ScalarizedElements - If we are promoting a pointer that has elements 117 // accessed out of it, keep track of which elements are accessed so that we 118 // can add one argument for each. 119 // 120 // Arguments that are directly loaded will have a zero element value here, to 121 // handle cases where there are both a direct load and GEP accesses. 122 std::map<Argument *, ScalarizeTable> ScalarizedElements; 123 124 // OriginalLoads - Keep track of a representative load instruction from the 125 // original function so that we can tell the alias analysis implementation 126 // what the new GEP/Load instructions we are inserting look like. 127 // We need to keep the original loads for each argument and the elements 128 // of the argument that are accessed. 129 std::map<std::pair<Argument *, IndicesVector>, LoadInst *> OriginalLoads; 130 131 // Attribute - Keep track of the parameter attributes for the arguments 132 // that we are *not* promoting. For the ones that we do promote, the parameter 133 // attributes are lost 134 SmallVector<AttributeSet, 8> ArgAttrVec; 135 AttributeList PAL = F->getAttributes(); 136 137 // First, determine the new argument list 138 unsigned ArgNo = 0; 139 for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(); I != E; 140 ++I, ++ArgNo) { 141 if (ByValArgsToTransform.count(&*I)) { 142 // Simple byval argument? Just add all the struct element types. 143 Type *AgTy = cast<PointerType>(I->getType())->getElementType(); 144 StructType *STy = cast<StructType>(AgTy); 145 Params.insert(Params.end(), STy->element_begin(), STy->element_end()); 146 ArgAttrVec.insert(ArgAttrVec.end(), STy->getNumElements(), 147 AttributeSet()); 148 ++NumByValArgsPromoted; 149 } else if (!ArgsToPromote.count(&*I)) { 150 // Unchanged argument 151 Params.push_back(I->getType()); 152 ArgAttrVec.push_back(PAL.getParamAttributes(ArgNo)); 153 } else if (I->use_empty()) { 154 // Dead argument (which are always marked as promotable) 155 ++NumArgumentsDead; 156 157 // There may be remaining metadata uses of the argument for things like 158 // llvm.dbg.value. Replace them with undef. 159 I->replaceAllUsesWith(UndefValue::get(I->getType())); 160 } else { 161 // Okay, this is being promoted. This means that the only uses are loads 162 // or GEPs which are only used by loads 163 164 // In this table, we will track which indices are loaded from the argument 165 // (where direct loads are tracked as no indices). 166 ScalarizeTable &ArgIndices = ScalarizedElements[&*I]; 167 for (User *U : I->users()) { 168 Instruction *UI = cast<Instruction>(U); 169 Type *SrcTy; 170 if (LoadInst *L = dyn_cast<LoadInst>(UI)) 171 SrcTy = L->getType(); 172 else 173 SrcTy = cast<GetElementPtrInst>(UI)->getSourceElementType(); 174 IndicesVector Indices; 175 Indices.reserve(UI->getNumOperands() - 1); 176 // Since loads will only have a single operand, and GEPs only a single 177 // non-index operand, this will record direct loads without any indices, 178 // and gep+loads with the GEP indices. 179 for (User::op_iterator II = UI->op_begin() + 1, IE = UI->op_end(); 180 II != IE; ++II) 181 Indices.push_back(cast<ConstantInt>(*II)->getSExtValue()); 182 // GEPs with a single 0 index can be merged with direct loads 183 if (Indices.size() == 1 && Indices.front() == 0) 184 Indices.clear(); 185 ArgIndices.insert(std::make_pair(SrcTy, Indices)); 186 LoadInst *OrigLoad; 187 if (LoadInst *L = dyn_cast<LoadInst>(UI)) 188 OrigLoad = L; 189 else 190 // Take any load, we will use it only to update Alias Analysis 191 OrigLoad = cast<LoadInst>(UI->user_back()); 192 OriginalLoads[std::make_pair(&*I, Indices)] = OrigLoad; 193 } 194 195 // Add a parameter to the function for each element passed in. 196 for (const auto &ArgIndex : ArgIndices) { 197 // not allowed to dereference ->begin() if size() is 0 198 Params.push_back(GetElementPtrInst::getIndexedType( 199 cast<PointerType>(I->getType()->getScalarType())->getElementType(), 200 ArgIndex.second)); 201 ArgAttrVec.push_back(AttributeSet()); 202 assert(Params.back()); 203 } 204 205 if (ArgIndices.size() == 1 && ArgIndices.begin()->second.empty()) 206 ++NumArgumentsPromoted; 207 else 208 ++NumAggregatesPromoted; 209 } 210 } 211 212 Type *RetTy = FTy->getReturnType(); 213 214 // Construct the new function type using the new arguments. 215 FunctionType *NFTy = FunctionType::get(RetTy, Params, FTy->isVarArg()); 216 217 // Create the new function body and insert it into the module. 218 Function *NF = Function::Create(NFTy, F->getLinkage(), F->getAddressSpace(), 219 F->getName()); 220 NF->copyAttributesFrom(F); 221 222 // Patch the pointer to LLVM function in debug info descriptor. 223 NF->setSubprogram(F->getSubprogram()); 224 F->setSubprogram(nullptr); 225 226 LLVM_DEBUG(dbgs() << "ARG PROMOTION: Promoting to:" << *NF << "\n" 227 << "From: " << *F); 228 229 // Recompute the parameter attributes list based on the new arguments for 230 // the function. 231 NF->setAttributes(AttributeList::get(F->getContext(), PAL.getFnAttributes(), 232 PAL.getRetAttributes(), ArgAttrVec)); 233 ArgAttrVec.clear(); 234 235 F->getParent()->getFunctionList().insert(F->getIterator(), NF); 236 NF->takeName(F); 237 238 // Loop over all of the callers of the function, transforming the call sites 239 // to pass in the loaded pointers. 240 // 241 SmallVector<Value *, 16> Args; 242 while (!F->use_empty()) { 243 CallSite CS(F->user_back()); 244 assert(CS.getCalledFunction() == F); 245 Instruction *Call = CS.getInstruction(); 246 const AttributeList &CallPAL = CS.getAttributes(); 247 IRBuilder<NoFolder> IRB(Call); 248 249 // Loop over the operands, inserting GEP and loads in the caller as 250 // appropriate. 251 CallSite::arg_iterator AI = CS.arg_begin(); 252 ArgNo = 0; 253 for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(); I != E; 254 ++I, ++AI, ++ArgNo) 255 if (!ArgsToPromote.count(&*I) && !ByValArgsToTransform.count(&*I)) { 256 Args.push_back(*AI); // Unmodified argument 257 ArgAttrVec.push_back(CallPAL.getParamAttributes(ArgNo)); 258 } else if (ByValArgsToTransform.count(&*I)) { 259 // Emit a GEP and load for each element of the struct. 260 Type *AgTy = cast<PointerType>(I->getType())->getElementType(); 261 StructType *STy = cast<StructType>(AgTy); 262 Value *Idxs[2] = { 263 ConstantInt::get(Type::getInt32Ty(F->getContext()), 0), nullptr}; 264 for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i) { 265 Idxs[1] = ConstantInt::get(Type::getInt32Ty(F->getContext()), i); 266 auto *Idx = 267 IRB.CreateGEP(STy, *AI, Idxs, (*AI)->getName() + "." + Twine(i)); 268 // TODO: Tell AA about the new values? 269 Args.push_back(IRB.CreateLoad(STy->getElementType(i), Idx, 270 Idx->getName() + ".val")); 271 ArgAttrVec.push_back(AttributeSet()); 272 } 273 } else if (!I->use_empty()) { 274 // Non-dead argument: insert GEPs and loads as appropriate. 275 ScalarizeTable &ArgIndices = ScalarizedElements[&*I]; 276 // Store the Value* version of the indices in here, but declare it now 277 // for reuse. 278 std::vector<Value *> Ops; 279 for (const auto &ArgIndex : ArgIndices) { 280 Value *V = *AI; 281 LoadInst *OrigLoad = 282 OriginalLoads[std::make_pair(&*I, ArgIndex.second)]; 283 if (!ArgIndex.second.empty()) { 284 Ops.reserve(ArgIndex.second.size()); 285 Type *ElTy = V->getType(); 286 for (auto II : ArgIndex.second) { 287 // Use i32 to index structs, and i64 for others (pointers/arrays). 288 // This satisfies GEP constraints. 289 Type *IdxTy = 290 (ElTy->isStructTy() ? Type::getInt32Ty(F->getContext()) 291 : Type::getInt64Ty(F->getContext())); 292 Ops.push_back(ConstantInt::get(IdxTy, II)); 293 // Keep track of the type we're currently indexing. 294 if (auto *ElPTy = dyn_cast<PointerType>(ElTy)) 295 ElTy = ElPTy->getElementType(); 296 else 297 ElTy = cast<CompositeType>(ElTy)->getTypeAtIndex(II); 298 } 299 // And create a GEP to extract those indices. 300 V = IRB.CreateGEP(ArgIndex.first, V, Ops, V->getName() + ".idx"); 301 Ops.clear(); 302 } 303 // Since we're replacing a load make sure we take the alignment 304 // of the previous load. 305 LoadInst *newLoad = 306 IRB.CreateLoad(OrigLoad->getType(), V, V->getName() + ".val"); 307 newLoad->setAlignment(OrigLoad->getAlignment()); 308 // Transfer the AA info too. 309 AAMDNodes AAInfo; 310 OrigLoad->getAAMetadata(AAInfo); 311 newLoad->setAAMetadata(AAInfo); 312 313 Args.push_back(newLoad); 314 ArgAttrVec.push_back(AttributeSet()); 315 } 316 } 317 318 // Push any varargs arguments on the list. 319 for (; AI != CS.arg_end(); ++AI, ++ArgNo) { 320 Args.push_back(*AI); 321 ArgAttrVec.push_back(CallPAL.getParamAttributes(ArgNo)); 322 } 323 324 SmallVector<OperandBundleDef, 1> OpBundles; 325 CS.getOperandBundlesAsDefs(OpBundles); 326 327 CallSite NewCS; 328 if (InvokeInst *II = dyn_cast<InvokeInst>(Call)) { 329 NewCS = InvokeInst::Create(NF, II->getNormalDest(), II->getUnwindDest(), 330 Args, OpBundles, "", Call); 331 } else { 332 auto *NewCall = CallInst::Create(NF, Args, OpBundles, "", Call); 333 NewCall->setTailCallKind(cast<CallInst>(Call)->getTailCallKind()); 334 NewCS = NewCall; 335 } 336 NewCS.setCallingConv(CS.getCallingConv()); 337 NewCS.setAttributes( 338 AttributeList::get(F->getContext(), CallPAL.getFnAttributes(), 339 CallPAL.getRetAttributes(), ArgAttrVec)); 340 NewCS->setDebugLoc(Call->getDebugLoc()); 341 uint64_t W; 342 if (Call->extractProfTotalWeight(W)) 343 NewCS->setProfWeight(W); 344 Args.clear(); 345 ArgAttrVec.clear(); 346 347 // Update the callgraph to know that the callsite has been transformed. 348 if (ReplaceCallSite) 349 (*ReplaceCallSite)(CS, NewCS); 350 351 if (!Call->use_empty()) { 352 Call->replaceAllUsesWith(NewCS.getInstruction()); 353 NewCS->takeName(Call); 354 } 355 356 // Finally, remove the old call from the program, reducing the use-count of 357 // F. 358 Call->eraseFromParent(); 359 } 360 361 const DataLayout &DL = F->getParent()->getDataLayout(); 362 363 // Since we have now created the new function, splice the body of the old 364 // function right into the new function, leaving the old rotting hulk of the 365 // function empty. 366 NF->getBasicBlockList().splice(NF->begin(), F->getBasicBlockList()); 367 368 // Loop over the argument list, transferring uses of the old arguments over to 369 // the new arguments, also transferring over the names as well. 370 for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(), 371 I2 = NF->arg_begin(); 372 I != E; ++I) { 373 if (!ArgsToPromote.count(&*I) && !ByValArgsToTransform.count(&*I)) { 374 // If this is an unmodified argument, move the name and users over to the 375 // new version. 376 I->replaceAllUsesWith(&*I2); 377 I2->takeName(&*I); 378 ++I2; 379 continue; 380 } 381 382 if (ByValArgsToTransform.count(&*I)) { 383 // In the callee, we create an alloca, and store each of the new incoming 384 // arguments into the alloca. 385 Instruction *InsertPt = &NF->begin()->front(); 386 387 // Just add all the struct element types. 388 Type *AgTy = cast<PointerType>(I->getType())->getElementType(); 389 Value *TheAlloca = new AllocaInst(AgTy, DL.getAllocaAddrSpace(), nullptr, 390 I->getParamAlignment(), "", InsertPt); 391 StructType *STy = cast<StructType>(AgTy); 392 Value *Idxs[2] = {ConstantInt::get(Type::getInt32Ty(F->getContext()), 0), 393 nullptr}; 394 395 for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i) { 396 Idxs[1] = ConstantInt::get(Type::getInt32Ty(F->getContext()), i); 397 Value *Idx = GetElementPtrInst::Create( 398 AgTy, TheAlloca, Idxs, TheAlloca->getName() + "." + Twine(i), 399 InsertPt); 400 I2->setName(I->getName() + "." + Twine(i)); 401 new StoreInst(&*I2++, Idx, InsertPt); 402 } 403 404 // Anything that used the arg should now use the alloca. 405 I->replaceAllUsesWith(TheAlloca); 406 TheAlloca->takeName(&*I); 407 408 // If the alloca is used in a call, we must clear the tail flag since 409 // the callee now uses an alloca from the caller. 410 for (User *U : TheAlloca->users()) { 411 CallInst *Call = dyn_cast<CallInst>(U); 412 if (!Call) 413 continue; 414 Call->setTailCall(false); 415 } 416 continue; 417 } 418 419 if (I->use_empty()) 420 continue; 421 422 // Otherwise, if we promoted this argument, then all users are load 423 // instructions (or GEPs with only load users), and all loads should be 424 // using the new argument that we added. 425 ScalarizeTable &ArgIndices = ScalarizedElements[&*I]; 426 427 while (!I->use_empty()) { 428 if (LoadInst *LI = dyn_cast<LoadInst>(I->user_back())) { 429 assert(ArgIndices.begin()->second.empty() && 430 "Load element should sort to front!"); 431 I2->setName(I->getName() + ".val"); 432 LI->replaceAllUsesWith(&*I2); 433 LI->eraseFromParent(); 434 LLVM_DEBUG(dbgs() << "*** Promoted load of argument '" << I->getName() 435 << "' in function '" << F->getName() << "'\n"); 436 } else { 437 GetElementPtrInst *GEP = cast<GetElementPtrInst>(I->user_back()); 438 IndicesVector Operands; 439 Operands.reserve(GEP->getNumIndices()); 440 for (User::op_iterator II = GEP->idx_begin(), IE = GEP->idx_end(); 441 II != IE; ++II) 442 Operands.push_back(cast<ConstantInt>(*II)->getSExtValue()); 443 444 // GEPs with a single 0 index can be merged with direct loads 445 if (Operands.size() == 1 && Operands.front() == 0) 446 Operands.clear(); 447 448 Function::arg_iterator TheArg = I2; 449 for (ScalarizeTable::iterator It = ArgIndices.begin(); 450 It->second != Operands; ++It, ++TheArg) { 451 assert(It != ArgIndices.end() && "GEP not handled??"); 452 } 453 454 std::string NewName = I->getName(); 455 for (unsigned i = 0, e = Operands.size(); i != e; ++i) { 456 NewName += "." + utostr(Operands[i]); 457 } 458 NewName += ".val"; 459 TheArg->setName(NewName); 460 461 LLVM_DEBUG(dbgs() << "*** Promoted agg argument '" << TheArg->getName() 462 << "' of function '" << NF->getName() << "'\n"); 463 464 // All of the uses must be load instructions. Replace them all with 465 // the argument specified by ArgNo. 466 while (!GEP->use_empty()) { 467 LoadInst *L = cast<LoadInst>(GEP->user_back()); 468 L->replaceAllUsesWith(&*TheArg); 469 L->eraseFromParent(); 470 } 471 GEP->eraseFromParent(); 472 } 473 } 474 475 // Increment I2 past all of the arguments added for this promoted pointer. 476 std::advance(I2, ArgIndices.size()); 477 } 478 479 return NF; 480 } 481 482 /// AllCallersPassInValidPointerForArgument - Return true if we can prove that 483 /// all callees pass in a valid pointer for the specified function argument. 484 static bool allCallersPassInValidPointerForArgument(Argument *Arg) { 485 Function *Callee = Arg->getParent(); 486 const DataLayout &DL = Callee->getParent()->getDataLayout(); 487 488 unsigned ArgNo = Arg->getArgNo(); 489 490 // Look at all call sites of the function. At this point we know we only have 491 // direct callees. 492 for (User *U : Callee->users()) { 493 CallSite CS(U); 494 assert(CS && "Should only have direct calls!"); 495 496 if (!isDereferenceablePointer(CS.getArgument(ArgNo), DL)) 497 return false; 498 } 499 return true; 500 } 501 502 /// Returns true if Prefix is a prefix of longer. That means, Longer has a size 503 /// that is greater than or equal to the size of prefix, and each of the 504 /// elements in Prefix is the same as the corresponding elements in Longer. 505 /// 506 /// This means it also returns true when Prefix and Longer are equal! 507 static bool isPrefix(const IndicesVector &Prefix, const IndicesVector &Longer) { 508 if (Prefix.size() > Longer.size()) 509 return false; 510 return std::equal(Prefix.begin(), Prefix.end(), Longer.begin()); 511 } 512 513 /// Checks if Indices, or a prefix of Indices, is in Set. 514 static bool prefixIn(const IndicesVector &Indices, 515 std::set<IndicesVector> &Set) { 516 std::set<IndicesVector>::iterator Low; 517 Low = Set.upper_bound(Indices); 518 if (Low != Set.begin()) 519 Low--; 520 // Low is now the last element smaller than or equal to Indices. This means 521 // it points to a prefix of Indices (possibly Indices itself), if such 522 // prefix exists. 523 // 524 // This load is safe if any prefix of its operands is safe to load. 525 return Low != Set.end() && isPrefix(*Low, Indices); 526 } 527 528 /// Mark the given indices (ToMark) as safe in the given set of indices 529 /// (Safe). Marking safe usually means adding ToMark to Safe. However, if there 530 /// is already a prefix of Indices in Safe, Indices are implicitely marked safe 531 /// already. Furthermore, any indices that Indices is itself a prefix of, are 532 /// removed from Safe (since they are implicitely safe because of Indices now). 533 static void markIndicesSafe(const IndicesVector &ToMark, 534 std::set<IndicesVector> &Safe) { 535 std::set<IndicesVector>::iterator Low; 536 Low = Safe.upper_bound(ToMark); 537 // Guard against the case where Safe is empty 538 if (Low != Safe.begin()) 539 Low--; 540 // Low is now the last element smaller than or equal to Indices. This 541 // means it points to a prefix of Indices (possibly Indices itself), if 542 // such prefix exists. 543 if (Low != Safe.end()) { 544 if (isPrefix(*Low, ToMark)) 545 // If there is already a prefix of these indices (or exactly these 546 // indices) marked a safe, don't bother adding these indices 547 return; 548 549 // Increment Low, so we can use it as a "insert before" hint 550 ++Low; 551 } 552 // Insert 553 Low = Safe.insert(Low, ToMark); 554 ++Low; 555 // If there we're a prefix of longer index list(s), remove those 556 std::set<IndicesVector>::iterator End = Safe.end(); 557 while (Low != End && isPrefix(ToMark, *Low)) { 558 std::set<IndicesVector>::iterator Remove = Low; 559 ++Low; 560 Safe.erase(Remove); 561 } 562 } 563 564 /// isSafeToPromoteArgument - As you might guess from the name of this method, 565 /// it checks to see if it is both safe and useful to promote the argument. 566 /// This method limits promotion of aggregates to only promote up to three 567 /// elements of the aggregate in order to avoid exploding the number of 568 /// arguments passed in. 569 static bool isSafeToPromoteArgument(Argument *Arg, bool isByValOrInAlloca, 570 AAResults &AAR, unsigned MaxElements) { 571 using GEPIndicesSet = std::set<IndicesVector>; 572 573 // Quick exit for unused arguments 574 if (Arg->use_empty()) 575 return true; 576 577 // We can only promote this argument if all of the uses are loads, or are GEP 578 // instructions (with constant indices) that are subsequently loaded. 579 // 580 // Promoting the argument causes it to be loaded in the caller 581 // unconditionally. This is only safe if we can prove that either the load 582 // would have happened in the callee anyway (ie, there is a load in the entry 583 // block) or the pointer passed in at every call site is guaranteed to be 584 // valid. 585 // In the former case, invalid loads can happen, but would have happened 586 // anyway, in the latter case, invalid loads won't happen. This prevents us 587 // from introducing an invalid load that wouldn't have happened in the 588 // original code. 589 // 590 // This set will contain all sets of indices that are loaded in the entry 591 // block, and thus are safe to unconditionally load in the caller. 592 // 593 // This optimization is also safe for InAlloca parameters, because it verifies 594 // that the address isn't captured. 595 GEPIndicesSet SafeToUnconditionallyLoad; 596 597 // This set contains all the sets of indices that we are planning to promote. 598 // This makes it possible to limit the number of arguments added. 599 GEPIndicesSet ToPromote; 600 601 // If the pointer is always valid, any load with first index 0 is valid. 602 if (isByValOrInAlloca || allCallersPassInValidPointerForArgument(Arg)) 603 SafeToUnconditionallyLoad.insert(IndicesVector(1, 0)); 604 605 // First, iterate the entry block and mark loads of (geps of) arguments as 606 // safe. 607 BasicBlock &EntryBlock = Arg->getParent()->front(); 608 // Declare this here so we can reuse it 609 IndicesVector Indices; 610 for (Instruction &I : EntryBlock) 611 if (LoadInst *LI = dyn_cast<LoadInst>(&I)) { 612 Value *V = LI->getPointerOperand(); 613 if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(V)) { 614 V = GEP->getPointerOperand(); 615 if (V == Arg) { 616 // This load actually loads (part of) Arg? Check the indices then. 617 Indices.reserve(GEP->getNumIndices()); 618 for (User::op_iterator II = GEP->idx_begin(), IE = GEP->idx_end(); 619 II != IE; ++II) 620 if (ConstantInt *CI = dyn_cast<ConstantInt>(*II)) 621 Indices.push_back(CI->getSExtValue()); 622 else 623 // We found a non-constant GEP index for this argument? Bail out 624 // right away, can't promote this argument at all. 625 return false; 626 627 // Indices checked out, mark them as safe 628 markIndicesSafe(Indices, SafeToUnconditionallyLoad); 629 Indices.clear(); 630 } 631 } else if (V == Arg) { 632 // Direct loads are equivalent to a GEP with a single 0 index. 633 markIndicesSafe(IndicesVector(1, 0), SafeToUnconditionallyLoad); 634 } 635 } 636 637 // Now, iterate all uses of the argument to see if there are any uses that are 638 // not (GEP+)loads, or any (GEP+)loads that are not safe to promote. 639 SmallVector<LoadInst *, 16> Loads; 640 IndicesVector Operands; 641 for (Use &U : Arg->uses()) { 642 User *UR = U.getUser(); 643 Operands.clear(); 644 if (LoadInst *LI = dyn_cast<LoadInst>(UR)) { 645 // Don't hack volatile/atomic loads 646 if (!LI->isSimple()) 647 return false; 648 Loads.push_back(LI); 649 // Direct loads are equivalent to a GEP with a zero index and then a load. 650 Operands.push_back(0); 651 } else if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(UR)) { 652 if (GEP->use_empty()) { 653 // Dead GEP's cause trouble later. Just remove them if we run into 654 // them. 655 GEP->eraseFromParent(); 656 // TODO: This runs the above loop over and over again for dead GEPs 657 // Couldn't we just do increment the UI iterator earlier and erase the 658 // use? 659 return isSafeToPromoteArgument(Arg, isByValOrInAlloca, AAR, 660 MaxElements); 661 } 662 663 // Ensure that all of the indices are constants. 664 for (User::op_iterator i = GEP->idx_begin(), e = GEP->idx_end(); i != e; 665 ++i) 666 if (ConstantInt *C = dyn_cast<ConstantInt>(*i)) 667 Operands.push_back(C->getSExtValue()); 668 else 669 return false; // Not a constant operand GEP! 670 671 // Ensure that the only users of the GEP are load instructions. 672 for (User *GEPU : GEP->users()) 673 if (LoadInst *LI = dyn_cast<LoadInst>(GEPU)) { 674 // Don't hack volatile/atomic loads 675 if (!LI->isSimple()) 676 return false; 677 Loads.push_back(LI); 678 } else { 679 // Other uses than load? 680 return false; 681 } 682 } else { 683 return false; // Not a load or a GEP. 684 } 685 686 // Now, see if it is safe to promote this load / loads of this GEP. Loading 687 // is safe if Operands, or a prefix of Operands, is marked as safe. 688 if (!prefixIn(Operands, SafeToUnconditionallyLoad)) 689 return false; 690 691 // See if we are already promoting a load with these indices. If not, check 692 // to make sure that we aren't promoting too many elements. If so, nothing 693 // to do. 694 if (ToPromote.find(Operands) == ToPromote.end()) { 695 if (MaxElements > 0 && ToPromote.size() == MaxElements) { 696 LLVM_DEBUG(dbgs() << "argpromotion not promoting argument '" 697 << Arg->getName() 698 << "' because it would require adding more " 699 << "than " << MaxElements 700 << " arguments to the function.\n"); 701 // We limit aggregate promotion to only promoting up to a fixed number 702 // of elements of the aggregate. 703 return false; 704 } 705 ToPromote.insert(std::move(Operands)); 706 } 707 } 708 709 if (Loads.empty()) 710 return true; // No users, this is a dead argument. 711 712 // Okay, now we know that the argument is only used by load instructions and 713 // it is safe to unconditionally perform all of them. Use alias analysis to 714 // check to see if the pointer is guaranteed to not be modified from entry of 715 // the function to each of the load instructions. 716 717 // Because there could be several/many load instructions, remember which 718 // blocks we know to be transparent to the load. 719 df_iterator_default_set<BasicBlock *, 16> TranspBlocks; 720 721 for (LoadInst *Load : Loads) { 722 // Check to see if the load is invalidated from the start of the block to 723 // the load itself. 724 BasicBlock *BB = Load->getParent(); 725 726 MemoryLocation Loc = MemoryLocation::get(Load); 727 if (AAR.canInstructionRangeModRef(BB->front(), *Load, Loc, ModRefInfo::Mod)) 728 return false; // Pointer is invalidated! 729 730 // Now check every path from the entry block to the load for transparency. 731 // To do this, we perform a depth first search on the inverse CFG from the 732 // loading block. 733 for (BasicBlock *P : predecessors(BB)) { 734 for (BasicBlock *TranspBB : inverse_depth_first_ext(P, TranspBlocks)) 735 if (AAR.canBasicBlockModify(*TranspBB, Loc)) 736 return false; 737 } 738 } 739 740 // If the path from the entry of the function to each load is free of 741 // instructions that potentially invalidate the load, we can make the 742 // transformation! 743 return true; 744 } 745 746 /// Checks if a type could have padding bytes. 747 static bool isDenselyPacked(Type *type, const DataLayout &DL) { 748 // There is no size information, so be conservative. 749 if (!type->isSized()) 750 return false; 751 752 // If the alloc size is not equal to the storage size, then there are padding 753 // bytes. For x86_fp80 on x86-64, size: 80 alloc size: 128. 754 if (DL.getTypeSizeInBits(type) != DL.getTypeAllocSizeInBits(type)) 755 return false; 756 757 if (!isa<CompositeType>(type)) 758 return true; 759 760 // For homogenous sequential types, check for padding within members. 761 if (SequentialType *seqTy = dyn_cast<SequentialType>(type)) 762 return isDenselyPacked(seqTy->getElementType(), DL); 763 764 // Check for padding within and between elements of a struct. 765 StructType *StructTy = cast<StructType>(type); 766 const StructLayout *Layout = DL.getStructLayout(StructTy); 767 uint64_t StartPos = 0; 768 for (unsigned i = 0, E = StructTy->getNumElements(); i < E; ++i) { 769 Type *ElTy = StructTy->getElementType(i); 770 if (!isDenselyPacked(ElTy, DL)) 771 return false; 772 if (StartPos != Layout->getElementOffsetInBits(i)) 773 return false; 774 StartPos += DL.getTypeAllocSizeInBits(ElTy); 775 } 776 777 return true; 778 } 779 780 /// Checks if the padding bytes of an argument could be accessed. 781 static bool canPaddingBeAccessed(Argument *arg) { 782 assert(arg->hasByValAttr()); 783 784 // Track all the pointers to the argument to make sure they are not captured. 785 SmallPtrSet<Value *, 16> PtrValues; 786 PtrValues.insert(arg); 787 788 // Track all of the stores. 789 SmallVector<StoreInst *, 16> Stores; 790 791 // Scan through the uses recursively to make sure the pointer is always used 792 // sanely. 793 SmallVector<Value *, 16> WorkList; 794 WorkList.insert(WorkList.end(), arg->user_begin(), arg->user_end()); 795 while (!WorkList.empty()) { 796 Value *V = WorkList.back(); 797 WorkList.pop_back(); 798 if (isa<GetElementPtrInst>(V) || isa<PHINode>(V)) { 799 if (PtrValues.insert(V).second) 800 WorkList.insert(WorkList.end(), V->user_begin(), V->user_end()); 801 } else if (StoreInst *Store = dyn_cast<StoreInst>(V)) { 802 Stores.push_back(Store); 803 } else if (!isa<LoadInst>(V)) { 804 return true; 805 } 806 } 807 808 // Check to make sure the pointers aren't captured 809 for (StoreInst *Store : Stores) 810 if (PtrValues.count(Store->getValueOperand())) 811 return true; 812 813 return false; 814 } 815 816 static bool areFunctionArgsABICompatible( 817 const Function &F, const TargetTransformInfo &TTI, 818 SmallPtrSetImpl<Argument *> &ArgsToPromote, 819 SmallPtrSetImpl<Argument *> &ByValArgsToTransform) { 820 for (const Use &U : F.uses()) { 821 CallSite CS(U.getUser()); 822 const Function *Caller = CS.getCaller(); 823 const Function *Callee = CS.getCalledFunction(); 824 if (!TTI.areFunctionArgsABICompatible(Caller, Callee, ArgsToPromote) || 825 !TTI.areFunctionArgsABICompatible(Caller, Callee, ByValArgsToTransform)) 826 return false; 827 } 828 return true; 829 } 830 831 /// PromoteArguments - This method checks the specified function to see if there 832 /// are any promotable arguments and if it is safe to promote the function (for 833 /// example, all callers are direct). If safe to promote some arguments, it 834 /// calls the DoPromotion method. 835 static Function * 836 promoteArguments(Function *F, function_ref<AAResults &(Function &F)> AARGetter, 837 unsigned MaxElements, 838 Optional<function_ref<void(CallSite OldCS, CallSite NewCS)>> 839 ReplaceCallSite, 840 const TargetTransformInfo &TTI) { 841 // Don't perform argument promotion for naked functions; otherwise we can end 842 // up removing parameters that are seemingly 'not used' as they are referred 843 // to in the assembly. 844 if(F->hasFnAttribute(Attribute::Naked)) 845 return nullptr; 846 847 // Make sure that it is local to this module. 848 if (!F->hasLocalLinkage()) 849 return nullptr; 850 851 // Don't promote arguments for variadic functions. Adding, removing, or 852 // changing non-pack parameters can change the classification of pack 853 // parameters. Frontends encode that classification at the call site in the 854 // IR, while in the callee the classification is determined dynamically based 855 // on the number of registers consumed so far. 856 if (F->isVarArg()) 857 return nullptr; 858 859 // First check: see if there are any pointer arguments! If not, quick exit. 860 SmallVector<Argument *, 16> PointerArgs; 861 for (Argument &I : F->args()) 862 if (I.getType()->isPointerTy()) 863 PointerArgs.push_back(&I); 864 if (PointerArgs.empty()) 865 return nullptr; 866 867 // Second check: make sure that all callers are direct callers. We can't 868 // transform functions that have indirect callers. Also see if the function 869 // is self-recursive and check that target features are compatible. 870 bool isSelfRecursive = false; 871 for (Use &U : F->uses()) { 872 CallSite CS(U.getUser()); 873 // Must be a direct call. 874 if (CS.getInstruction() == nullptr || !CS.isCallee(&U)) 875 return nullptr; 876 877 // Can't change signature of musttail callee 878 if (CS.isMustTailCall()) 879 return nullptr; 880 881 if (CS.getInstruction()->getParent()->getParent() == F) 882 isSelfRecursive = true; 883 } 884 885 // Can't change signature of musttail caller 886 // FIXME: Support promoting whole chain of musttail functions 887 for (BasicBlock &BB : *F) 888 if (BB.getTerminatingMustTailCall()) 889 return nullptr; 890 891 const DataLayout &DL = F->getParent()->getDataLayout(); 892 893 AAResults &AAR = AARGetter(*F); 894 895 // Check to see which arguments are promotable. If an argument is promotable, 896 // add it to ArgsToPromote. 897 SmallPtrSet<Argument *, 8> ArgsToPromote; 898 SmallPtrSet<Argument *, 8> ByValArgsToTransform; 899 for (Argument *PtrArg : PointerArgs) { 900 Type *AgTy = cast<PointerType>(PtrArg->getType())->getElementType(); 901 902 // Replace sret attribute with noalias. This reduces register pressure by 903 // avoiding a register copy. 904 if (PtrArg->hasStructRetAttr()) { 905 unsigned ArgNo = PtrArg->getArgNo(); 906 F->removeParamAttr(ArgNo, Attribute::StructRet); 907 F->addParamAttr(ArgNo, Attribute::NoAlias); 908 for (Use &U : F->uses()) { 909 CallSite CS(U.getUser()); 910 CS.removeParamAttr(ArgNo, Attribute::StructRet); 911 CS.addParamAttr(ArgNo, Attribute::NoAlias); 912 } 913 } 914 915 // If this is a byval argument, and if the aggregate type is small, just 916 // pass the elements, which is always safe, if the passed value is densely 917 // packed or if we can prove the padding bytes are never accessed. This does 918 // not apply to inalloca. 919 bool isSafeToPromote = 920 PtrArg->hasByValAttr() && 921 (isDenselyPacked(AgTy, DL) || !canPaddingBeAccessed(PtrArg)); 922 if (isSafeToPromote) { 923 if (StructType *STy = dyn_cast<StructType>(AgTy)) { 924 if (MaxElements > 0 && STy->getNumElements() > MaxElements) { 925 LLVM_DEBUG(dbgs() << "argpromotion disable promoting argument '" 926 << PtrArg->getName() 927 << "' because it would require adding more" 928 << " than " << MaxElements 929 << " arguments to the function.\n"); 930 continue; 931 } 932 933 // If all the elements are single-value types, we can promote it. 934 bool AllSimple = true; 935 for (const auto *EltTy : STy->elements()) { 936 if (!EltTy->isSingleValueType()) { 937 AllSimple = false; 938 break; 939 } 940 } 941 942 // Safe to transform, don't even bother trying to "promote" it. 943 // Passing the elements as a scalar will allow sroa to hack on 944 // the new alloca we introduce. 945 if (AllSimple) { 946 ByValArgsToTransform.insert(PtrArg); 947 continue; 948 } 949 } 950 } 951 952 // If the argument is a recursive type and we're in a recursive 953 // function, we could end up infinitely peeling the function argument. 954 if (isSelfRecursive) { 955 if (StructType *STy = dyn_cast<StructType>(AgTy)) { 956 bool RecursiveType = false; 957 for (const auto *EltTy : STy->elements()) { 958 if (EltTy == PtrArg->getType()) { 959 RecursiveType = true; 960 break; 961 } 962 } 963 if (RecursiveType) 964 continue; 965 } 966 } 967 968 // Otherwise, see if we can promote the pointer to its value. 969 if (isSafeToPromoteArgument(PtrArg, PtrArg->hasByValOrInAllocaAttr(), AAR, 970 MaxElements)) 971 ArgsToPromote.insert(PtrArg); 972 } 973 974 // No promotable pointer arguments. 975 if (ArgsToPromote.empty() && ByValArgsToTransform.empty()) 976 return nullptr; 977 978 if (!areFunctionArgsABICompatible(*F, TTI, ArgsToPromote, 979 ByValArgsToTransform)) 980 return nullptr; 981 982 return doPromotion(F, ArgsToPromote, ByValArgsToTransform, ReplaceCallSite); 983 } 984 985 PreservedAnalyses ArgumentPromotionPass::run(LazyCallGraph::SCC &C, 986 CGSCCAnalysisManager &AM, 987 LazyCallGraph &CG, 988 CGSCCUpdateResult &UR) { 989 bool Changed = false, LocalChange; 990 991 // Iterate until we stop promoting from this SCC. 992 do { 993 LocalChange = false; 994 995 for (LazyCallGraph::Node &N : C) { 996 Function &OldF = N.getFunction(); 997 998 FunctionAnalysisManager &FAM = 999 AM.getResult<FunctionAnalysisManagerCGSCCProxy>(C, CG).getManager(); 1000 // FIXME: This lambda must only be used with this function. We should 1001 // skip the lambda and just get the AA results directly. 1002 auto AARGetter = [&](Function &F) -> AAResults & { 1003 assert(&F == &OldF && "Called with an unexpected function!"); 1004 return FAM.getResult<AAManager>(F); 1005 }; 1006 1007 const TargetTransformInfo &TTI = FAM.getResult<TargetIRAnalysis>(OldF); 1008 Function *NewF = 1009 promoteArguments(&OldF, AARGetter, MaxElements, None, TTI); 1010 if (!NewF) 1011 continue; 1012 LocalChange = true; 1013 1014 // Directly substitute the functions in the call graph. Note that this 1015 // requires the old function to be completely dead and completely 1016 // replaced by the new function. It does no call graph updates, it merely 1017 // swaps out the particular function mapped to a particular node in the 1018 // graph. 1019 C.getOuterRefSCC().replaceNodeFunction(N, *NewF); 1020 OldF.eraseFromParent(); 1021 } 1022 1023 Changed |= LocalChange; 1024 } while (LocalChange); 1025 1026 if (!Changed) 1027 return PreservedAnalyses::all(); 1028 1029 return PreservedAnalyses::none(); 1030 } 1031 1032 namespace { 1033 1034 /// ArgPromotion - The 'by reference' to 'by value' argument promotion pass. 1035 struct ArgPromotion : public CallGraphSCCPass { 1036 // Pass identification, replacement for typeid 1037 static char ID; 1038 1039 explicit ArgPromotion(unsigned MaxElements = 3) 1040 : CallGraphSCCPass(ID), MaxElements(MaxElements) { 1041 initializeArgPromotionPass(*PassRegistry::getPassRegistry()); 1042 } 1043 1044 void getAnalysisUsage(AnalysisUsage &AU) const override { 1045 AU.addRequired<AssumptionCacheTracker>(); 1046 AU.addRequired<TargetLibraryInfoWrapperPass>(); 1047 AU.addRequired<TargetTransformInfoWrapperPass>(); 1048 getAAResultsAnalysisUsage(AU); 1049 CallGraphSCCPass::getAnalysisUsage(AU); 1050 } 1051 1052 bool runOnSCC(CallGraphSCC &SCC) override; 1053 1054 private: 1055 using llvm::Pass::doInitialization; 1056 1057 bool doInitialization(CallGraph &CG) override; 1058 1059 /// The maximum number of elements to expand, or 0 for unlimited. 1060 unsigned MaxElements; 1061 }; 1062 1063 } // end anonymous namespace 1064 1065 char ArgPromotion::ID = 0; 1066 1067 INITIALIZE_PASS_BEGIN(ArgPromotion, "argpromotion", 1068 "Promote 'by reference' arguments to scalars", false, 1069 false) 1070 INITIALIZE_PASS_DEPENDENCY(AssumptionCacheTracker) 1071 INITIALIZE_PASS_DEPENDENCY(CallGraphWrapperPass) 1072 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass) 1073 INITIALIZE_PASS_DEPENDENCY(TargetTransformInfoWrapperPass) 1074 INITIALIZE_PASS_END(ArgPromotion, "argpromotion", 1075 "Promote 'by reference' arguments to scalars", false, false) 1076 1077 Pass *llvm::createArgumentPromotionPass(unsigned MaxElements) { 1078 return new ArgPromotion(MaxElements); 1079 } 1080 1081 bool ArgPromotion::runOnSCC(CallGraphSCC &SCC) { 1082 if (skipSCC(SCC)) 1083 return false; 1084 1085 // Get the callgraph information that we need to update to reflect our 1086 // changes. 1087 CallGraph &CG = getAnalysis<CallGraphWrapperPass>().getCallGraph(); 1088 1089 LegacyAARGetter AARGetter(*this); 1090 1091 bool Changed = false, LocalChange; 1092 1093 // Iterate until we stop promoting from this SCC. 1094 do { 1095 LocalChange = false; 1096 // Attempt to promote arguments from all functions in this SCC. 1097 for (CallGraphNode *OldNode : SCC) { 1098 Function *OldF = OldNode->getFunction(); 1099 if (!OldF) 1100 continue; 1101 1102 auto ReplaceCallSite = [&](CallSite OldCS, CallSite NewCS) { 1103 Function *Caller = OldCS.getInstruction()->getParent()->getParent(); 1104 CallGraphNode *NewCalleeNode = 1105 CG.getOrInsertFunction(NewCS.getCalledFunction()); 1106 CallGraphNode *CallerNode = CG[Caller]; 1107 CallerNode->replaceCallEdge(OldCS, NewCS, NewCalleeNode); 1108 }; 1109 1110 const TargetTransformInfo &TTI = 1111 getAnalysis<TargetTransformInfoWrapperPass>().getTTI(*OldF); 1112 if (Function *NewF = promoteArguments(OldF, AARGetter, MaxElements, 1113 {ReplaceCallSite}, TTI)) { 1114 LocalChange = true; 1115 1116 // Update the call graph for the newly promoted function. 1117 CallGraphNode *NewNode = CG.getOrInsertFunction(NewF); 1118 NewNode->stealCalledFunctionsFrom(OldNode); 1119 if (OldNode->getNumReferences() == 0) 1120 delete CG.removeFunctionFromModule(OldNode); 1121 else 1122 OldF->setLinkage(Function::ExternalLinkage); 1123 1124 // And updat ethe SCC we're iterating as well. 1125 SCC.ReplaceNode(OldNode, NewNode); 1126 } 1127 } 1128 // Remember that we changed something. 1129 Changed |= LocalChange; 1130 } while (LocalChange); 1131 1132 return Changed; 1133 } 1134 1135 bool ArgPromotion::doInitialization(CallGraph &CG) { 1136 return CallGraphSCCPass::doInitialization(CG); 1137 } 1138