1 //===-- ArgumentPromotion.cpp - Promote by-reference arguments ------------===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This pass promotes "by reference" arguments to be "by value" arguments. In 11 // practice, this means looking for internal functions that have pointer 12 // arguments. If it can prove, through the use of alias analysis, that an 13 // argument is *only* loaded, then it can pass the value into the function 14 // instead of the address of the value. This can cause recursive simplification 15 // of code and lead to the elimination of allocas (especially in C++ template 16 // code like the STL). 17 // 18 // This pass also handles aggregate arguments that are passed into a function, 19 // scalarizing them if the elements of the aggregate are only loaded. Note that 20 // by default it refuses to scalarize aggregates which would require passing in 21 // more than three operands to the function, because passing thousands of 22 // operands for a large array or structure is unprofitable! This limit can be 23 // configured or disabled, however. 24 // 25 // Note that this transformation could also be done for arguments that are only 26 // stored to (returning the value instead), but does not currently. This case 27 // would be best handled when and if LLVM begins supporting multiple return 28 // values from functions. 29 // 30 //===----------------------------------------------------------------------===// 31 32 #include "llvm/Transforms/IPO/ArgumentPromotion.h" 33 #include "llvm/ADT/DepthFirstIterator.h" 34 #include "llvm/ADT/Optional.h" 35 #include "llvm/ADT/Statistic.h" 36 #include "llvm/ADT/StringExtras.h" 37 #include "llvm/Analysis/AliasAnalysis.h" 38 #include "llvm/Analysis/AssumptionCache.h" 39 #include "llvm/Analysis/BasicAliasAnalysis.h" 40 #include "llvm/Analysis/CallGraph.h" 41 #include "llvm/Analysis/CallGraphSCCPass.h" 42 #include "llvm/Analysis/LazyCallGraph.h" 43 #include "llvm/Analysis/Loads.h" 44 #include "llvm/Analysis/TargetLibraryInfo.h" 45 #include "llvm/IR/CFG.h" 46 #include "llvm/IR/CallSite.h" 47 #include "llvm/IR/Constants.h" 48 #include "llvm/IR/DataLayout.h" 49 #include "llvm/IR/DebugInfo.h" 50 #include "llvm/IR/DerivedTypes.h" 51 #include "llvm/IR/Instructions.h" 52 #include "llvm/IR/LLVMContext.h" 53 #include "llvm/IR/Module.h" 54 #include "llvm/Support/Debug.h" 55 #include "llvm/Support/raw_ostream.h" 56 #include "llvm/Transforms/IPO.h" 57 #include <set> 58 using namespace llvm; 59 60 #define DEBUG_TYPE "argpromotion" 61 62 STATISTIC(NumArgumentsPromoted, "Number of pointer arguments promoted"); 63 STATISTIC(NumAggregatesPromoted, "Number of aggregate arguments promoted"); 64 STATISTIC(NumByValArgsPromoted, "Number of byval arguments promoted"); 65 STATISTIC(NumArgumentsDead, "Number of dead pointer args eliminated"); 66 67 /// A vector used to hold the indices of a single GEP instruction 68 typedef std::vector<uint64_t> IndicesVector; 69 70 /// DoPromotion - This method actually performs the promotion of the specified 71 /// arguments, and returns the new function. At this point, we know that it's 72 /// safe to do so. 73 static Function * 74 doPromotion(Function *F, SmallPtrSetImpl<Argument *> &ArgsToPromote, 75 SmallPtrSetImpl<Argument *> &ByValArgsToTransform, 76 Optional<function_ref<void(CallSite OldCS, CallSite NewCS)>> 77 ReplaceCallSite) { 78 79 // Start by computing a new prototype for the function, which is the same as 80 // the old function, but has modified arguments. 81 FunctionType *FTy = F->getFunctionType(); 82 std::vector<Type *> Params; 83 84 typedef std::set<std::pair<Type *, IndicesVector>> ScalarizeTable; 85 86 // ScalarizedElements - If we are promoting a pointer that has elements 87 // accessed out of it, keep track of which elements are accessed so that we 88 // can add one argument for each. 89 // 90 // Arguments that are directly loaded will have a zero element value here, to 91 // handle cases where there are both a direct load and GEP accesses. 92 // 93 std::map<Argument *, ScalarizeTable> ScalarizedElements; 94 95 // OriginalLoads - Keep track of a representative load instruction from the 96 // original function so that we can tell the alias analysis implementation 97 // what the new GEP/Load instructions we are inserting look like. 98 // We need to keep the original loads for each argument and the elements 99 // of the argument that are accessed. 100 std::map<std::pair<Argument *, IndicesVector>, LoadInst *> OriginalLoads; 101 102 // Attribute - Keep track of the parameter attributes for the arguments 103 // that we are *not* promoting. For the ones that we do promote, the parameter 104 // attributes are lost 105 SmallVector<AttributeSet, 8> AttributesVec; 106 const AttributeSet &PAL = F->getAttributes(); 107 108 // Add any return attributes. 109 if (PAL.hasAttributes(AttributeSet::ReturnIndex)) 110 AttributesVec.push_back( 111 AttributeSet::get(F->getContext(), PAL.getRetAttributes())); 112 113 // First, determine the new argument list 114 unsigned ArgIndex = 1; 115 for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(); I != E; 116 ++I, ++ArgIndex) { 117 if (ByValArgsToTransform.count(&*I)) { 118 // Simple byval argument? Just add all the struct element types. 119 Type *AgTy = cast<PointerType>(I->getType())->getElementType(); 120 StructType *STy = cast<StructType>(AgTy); 121 Params.insert(Params.end(), STy->element_begin(), STy->element_end()); 122 ++NumByValArgsPromoted; 123 } else if (!ArgsToPromote.count(&*I)) { 124 // Unchanged argument 125 Params.push_back(I->getType()); 126 AttributeSet attrs = PAL.getParamAttributes(ArgIndex); 127 if (attrs.hasAttributes(ArgIndex)) { 128 AttrBuilder B(attrs, ArgIndex); 129 AttributesVec.push_back( 130 AttributeSet::get(F->getContext(), Params.size(), B)); 131 } 132 } else if (I->use_empty()) { 133 // Dead argument (which are always marked as promotable) 134 ++NumArgumentsDead; 135 } else { 136 // Okay, this is being promoted. This means that the only uses are loads 137 // or GEPs which are only used by loads 138 139 // In this table, we will track which indices are loaded from the argument 140 // (where direct loads are tracked as no indices). 141 ScalarizeTable &ArgIndices = ScalarizedElements[&*I]; 142 for (User *U : I->users()) { 143 Instruction *UI = cast<Instruction>(U); 144 Type *SrcTy; 145 if (LoadInst *L = dyn_cast<LoadInst>(UI)) 146 SrcTy = L->getType(); 147 else 148 SrcTy = cast<GetElementPtrInst>(UI)->getSourceElementType(); 149 IndicesVector Indices; 150 Indices.reserve(UI->getNumOperands() - 1); 151 // Since loads will only have a single operand, and GEPs only a single 152 // non-index operand, this will record direct loads without any indices, 153 // and gep+loads with the GEP indices. 154 for (User::op_iterator II = UI->op_begin() + 1, IE = UI->op_end(); 155 II != IE; ++II) 156 Indices.push_back(cast<ConstantInt>(*II)->getSExtValue()); 157 // GEPs with a single 0 index can be merged with direct loads 158 if (Indices.size() == 1 && Indices.front() == 0) 159 Indices.clear(); 160 ArgIndices.insert(std::make_pair(SrcTy, Indices)); 161 LoadInst *OrigLoad; 162 if (LoadInst *L = dyn_cast<LoadInst>(UI)) 163 OrigLoad = L; 164 else 165 // Take any load, we will use it only to update Alias Analysis 166 OrigLoad = cast<LoadInst>(UI->user_back()); 167 OriginalLoads[std::make_pair(&*I, Indices)] = OrigLoad; 168 } 169 170 // Add a parameter to the function for each element passed in. 171 for (const auto &ArgIndex : ArgIndices) { 172 // not allowed to dereference ->begin() if size() is 0 173 Params.push_back(GetElementPtrInst::getIndexedType( 174 cast<PointerType>(I->getType()->getScalarType())->getElementType(), 175 ArgIndex.second)); 176 assert(Params.back()); 177 } 178 179 if (ArgIndices.size() == 1 && ArgIndices.begin()->second.empty()) 180 ++NumArgumentsPromoted; 181 else 182 ++NumAggregatesPromoted; 183 } 184 } 185 186 // Add any function attributes. 187 if (PAL.hasAttributes(AttributeSet::FunctionIndex)) 188 AttributesVec.push_back( 189 AttributeSet::get(FTy->getContext(), PAL.getFnAttributes())); 190 191 Type *RetTy = FTy->getReturnType(); 192 193 // Construct the new function type using the new arguments. 194 FunctionType *NFTy = FunctionType::get(RetTy, Params, FTy->isVarArg()); 195 196 // Create the new function body and insert it into the module. 197 Function *NF = Function::Create(NFTy, F->getLinkage(), F->getName()); 198 NF->copyAttributesFrom(F); 199 200 // Patch the pointer to LLVM function in debug info descriptor. 201 NF->setSubprogram(F->getSubprogram()); 202 F->setSubprogram(nullptr); 203 204 DEBUG(dbgs() << "ARG PROMOTION: Promoting to:" << *NF << "\n" 205 << "From: " << *F); 206 207 // Recompute the parameter attributes list based on the new arguments for 208 // the function. 209 NF->setAttributes(AttributeSet::get(F->getContext(), AttributesVec)); 210 AttributesVec.clear(); 211 212 F->getParent()->getFunctionList().insert(F->getIterator(), NF); 213 NF->takeName(F); 214 215 // Loop over all of the callers of the function, transforming the call sites 216 // to pass in the loaded pointers. 217 // 218 SmallVector<Value *, 16> Args; 219 while (!F->use_empty()) { 220 CallSite CS(F->user_back()); 221 assert(CS.getCalledFunction() == F); 222 Instruction *Call = CS.getInstruction(); 223 const AttributeSet &CallPAL = CS.getAttributes(); 224 225 // Add any return attributes. 226 if (CallPAL.hasAttributes(AttributeSet::ReturnIndex)) 227 AttributesVec.push_back( 228 AttributeSet::get(F->getContext(), CallPAL.getRetAttributes())); 229 230 // Loop over the operands, inserting GEP and loads in the caller as 231 // appropriate. 232 CallSite::arg_iterator AI = CS.arg_begin(); 233 ArgIndex = 1; 234 for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(); I != E; 235 ++I, ++AI, ++ArgIndex) 236 if (!ArgsToPromote.count(&*I) && !ByValArgsToTransform.count(&*I)) { 237 Args.push_back(*AI); // Unmodified argument 238 239 if (CallPAL.hasAttributes(ArgIndex)) { 240 AttrBuilder B(CallPAL, ArgIndex); 241 AttributesVec.push_back( 242 AttributeSet::get(F->getContext(), Args.size(), B)); 243 } 244 } else if (ByValArgsToTransform.count(&*I)) { 245 // Emit a GEP and load for each element of the struct. 246 Type *AgTy = cast<PointerType>(I->getType())->getElementType(); 247 StructType *STy = cast<StructType>(AgTy); 248 Value *Idxs[2] = { 249 ConstantInt::get(Type::getInt32Ty(F->getContext()), 0), nullptr}; 250 for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i) { 251 Idxs[1] = ConstantInt::get(Type::getInt32Ty(F->getContext()), i); 252 Value *Idx = GetElementPtrInst::Create( 253 STy, *AI, Idxs, (*AI)->getName() + "." + Twine(i), Call); 254 // TODO: Tell AA about the new values? 255 Args.push_back(new LoadInst(Idx, Idx->getName() + ".val", Call)); 256 } 257 } else if (!I->use_empty()) { 258 // Non-dead argument: insert GEPs and loads as appropriate. 259 ScalarizeTable &ArgIndices = ScalarizedElements[&*I]; 260 // Store the Value* version of the indices in here, but declare it now 261 // for reuse. 262 std::vector<Value *> Ops; 263 for (const auto &ArgIndex : ArgIndices) { 264 Value *V = *AI; 265 LoadInst *OrigLoad = 266 OriginalLoads[std::make_pair(&*I, ArgIndex.second)]; 267 if (!ArgIndex.second.empty()) { 268 Ops.reserve(ArgIndex.second.size()); 269 Type *ElTy = V->getType(); 270 for (unsigned long II : ArgIndex.second) { 271 // Use i32 to index structs, and i64 for others (pointers/arrays). 272 // This satisfies GEP constraints. 273 Type *IdxTy = 274 (ElTy->isStructTy() ? Type::getInt32Ty(F->getContext()) 275 : Type::getInt64Ty(F->getContext())); 276 Ops.push_back(ConstantInt::get(IdxTy, II)); 277 // Keep track of the type we're currently indexing. 278 if (auto *ElPTy = dyn_cast<PointerType>(ElTy)) 279 ElTy = ElPTy->getElementType(); 280 else 281 ElTy = cast<CompositeType>(ElTy)->getTypeAtIndex(II); 282 } 283 // And create a GEP to extract those indices. 284 V = GetElementPtrInst::Create(ArgIndex.first, V, Ops, 285 V->getName() + ".idx", Call); 286 Ops.clear(); 287 } 288 // Since we're replacing a load make sure we take the alignment 289 // of the previous load. 290 LoadInst *newLoad = new LoadInst(V, V->getName() + ".val", Call); 291 newLoad->setAlignment(OrigLoad->getAlignment()); 292 // Transfer the AA info too. 293 AAMDNodes AAInfo; 294 OrigLoad->getAAMetadata(AAInfo); 295 newLoad->setAAMetadata(AAInfo); 296 297 Args.push_back(newLoad); 298 } 299 } 300 301 // Push any varargs arguments on the list. 302 for (; AI != CS.arg_end(); ++AI, ++ArgIndex) { 303 Args.push_back(*AI); 304 if (CallPAL.hasAttributes(ArgIndex)) { 305 AttrBuilder B(CallPAL, ArgIndex); 306 AttributesVec.push_back( 307 AttributeSet::get(F->getContext(), Args.size(), B)); 308 } 309 } 310 311 // Add any function attributes. 312 if (CallPAL.hasAttributes(AttributeSet::FunctionIndex)) 313 AttributesVec.push_back( 314 AttributeSet::get(Call->getContext(), CallPAL.getFnAttributes())); 315 316 SmallVector<OperandBundleDef, 1> OpBundles; 317 CS.getOperandBundlesAsDefs(OpBundles); 318 319 Instruction *New; 320 if (InvokeInst *II = dyn_cast<InvokeInst>(Call)) { 321 New = InvokeInst::Create(NF, II->getNormalDest(), II->getUnwindDest(), 322 Args, OpBundles, "", Call); 323 cast<InvokeInst>(New)->setCallingConv(CS.getCallingConv()); 324 cast<InvokeInst>(New)->setAttributes( 325 AttributeSet::get(II->getContext(), AttributesVec)); 326 } else { 327 New = CallInst::Create(NF, Args, OpBundles, "", Call); 328 cast<CallInst>(New)->setCallingConv(CS.getCallingConv()); 329 cast<CallInst>(New)->setAttributes( 330 AttributeSet::get(New->getContext(), AttributesVec)); 331 cast<CallInst>(New)->setTailCallKind( 332 cast<CallInst>(Call)->getTailCallKind()); 333 } 334 New->setDebugLoc(Call->getDebugLoc()); 335 Args.clear(); 336 AttributesVec.clear(); 337 338 // Update the callgraph to know that the callsite has been transformed. 339 if (ReplaceCallSite) 340 (*ReplaceCallSite)(CS, CallSite(New)); 341 342 if (!Call->use_empty()) { 343 Call->replaceAllUsesWith(New); 344 New->takeName(Call); 345 } 346 347 // Finally, remove the old call from the program, reducing the use-count of 348 // F. 349 Call->eraseFromParent(); 350 } 351 352 // Since we have now created the new function, splice the body of the old 353 // function right into the new function, leaving the old rotting hulk of the 354 // function empty. 355 NF->getBasicBlockList().splice(NF->begin(), F->getBasicBlockList()); 356 357 // Loop over the argument list, transferring uses of the old arguments over to 358 // the new arguments, also transferring over the names as well. 359 // 360 for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(), 361 I2 = NF->arg_begin(); 362 I != E; ++I) { 363 if (!ArgsToPromote.count(&*I) && !ByValArgsToTransform.count(&*I)) { 364 // If this is an unmodified argument, move the name and users over to the 365 // new version. 366 I->replaceAllUsesWith(&*I2); 367 I2->takeName(&*I); 368 ++I2; 369 continue; 370 } 371 372 if (ByValArgsToTransform.count(&*I)) { 373 // In the callee, we create an alloca, and store each of the new incoming 374 // arguments into the alloca. 375 Instruction *InsertPt = &NF->begin()->front(); 376 377 // Just add all the struct element types. 378 Type *AgTy = cast<PointerType>(I->getType())->getElementType(); 379 Value *TheAlloca = new AllocaInst(AgTy, nullptr, "", InsertPt); 380 StructType *STy = cast<StructType>(AgTy); 381 Value *Idxs[2] = {ConstantInt::get(Type::getInt32Ty(F->getContext()), 0), 382 nullptr}; 383 384 for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i) { 385 Idxs[1] = ConstantInt::get(Type::getInt32Ty(F->getContext()), i); 386 Value *Idx = GetElementPtrInst::Create( 387 AgTy, TheAlloca, Idxs, TheAlloca->getName() + "." + Twine(i), 388 InsertPt); 389 I2->setName(I->getName() + "." + Twine(i)); 390 new StoreInst(&*I2++, Idx, InsertPt); 391 } 392 393 // Anything that used the arg should now use the alloca. 394 I->replaceAllUsesWith(TheAlloca); 395 TheAlloca->takeName(&*I); 396 397 // If the alloca is used in a call, we must clear the tail flag since 398 // the callee now uses an alloca from the caller. 399 for (User *U : TheAlloca->users()) { 400 CallInst *Call = dyn_cast<CallInst>(U); 401 if (!Call) 402 continue; 403 Call->setTailCall(false); 404 } 405 continue; 406 } 407 408 if (I->use_empty()) 409 continue; 410 411 // Otherwise, if we promoted this argument, then all users are load 412 // instructions (or GEPs with only load users), and all loads should be 413 // using the new argument that we added. 414 ScalarizeTable &ArgIndices = ScalarizedElements[&*I]; 415 416 while (!I->use_empty()) { 417 if (LoadInst *LI = dyn_cast<LoadInst>(I->user_back())) { 418 assert(ArgIndices.begin()->second.empty() && 419 "Load element should sort to front!"); 420 I2->setName(I->getName() + ".val"); 421 LI->replaceAllUsesWith(&*I2); 422 LI->eraseFromParent(); 423 DEBUG(dbgs() << "*** Promoted load of argument '" << I->getName() 424 << "' in function '" << F->getName() << "'\n"); 425 } else { 426 GetElementPtrInst *GEP = cast<GetElementPtrInst>(I->user_back()); 427 IndicesVector Operands; 428 Operands.reserve(GEP->getNumIndices()); 429 for (User::op_iterator II = GEP->idx_begin(), IE = GEP->idx_end(); 430 II != IE; ++II) 431 Operands.push_back(cast<ConstantInt>(*II)->getSExtValue()); 432 433 // GEPs with a single 0 index can be merged with direct loads 434 if (Operands.size() == 1 && Operands.front() == 0) 435 Operands.clear(); 436 437 Function::arg_iterator TheArg = I2; 438 for (ScalarizeTable::iterator It = ArgIndices.begin(); 439 It->second != Operands; ++It, ++TheArg) { 440 assert(It != ArgIndices.end() && "GEP not handled??"); 441 } 442 443 std::string NewName = I->getName(); 444 for (unsigned i = 0, e = Operands.size(); i != e; ++i) { 445 NewName += "." + utostr(Operands[i]); 446 } 447 NewName += ".val"; 448 TheArg->setName(NewName); 449 450 DEBUG(dbgs() << "*** Promoted agg argument '" << TheArg->getName() 451 << "' of function '" << NF->getName() << "'\n"); 452 453 // All of the uses must be load instructions. Replace them all with 454 // the argument specified by ArgNo. 455 while (!GEP->use_empty()) { 456 LoadInst *L = cast<LoadInst>(GEP->user_back()); 457 L->replaceAllUsesWith(&*TheArg); 458 L->eraseFromParent(); 459 } 460 GEP->eraseFromParent(); 461 } 462 } 463 464 // Increment I2 past all of the arguments added for this promoted pointer. 465 std::advance(I2, ArgIndices.size()); 466 } 467 468 return NF; 469 } 470 471 /// AllCallersPassInValidPointerForArgument - Return true if we can prove that 472 /// all callees pass in a valid pointer for the specified function argument. 473 static bool allCallersPassInValidPointerForArgument(Argument *Arg) { 474 Function *Callee = Arg->getParent(); 475 const DataLayout &DL = Callee->getParent()->getDataLayout(); 476 477 unsigned ArgNo = Arg->getArgNo(); 478 479 // Look at all call sites of the function. At this point we know we only have 480 // direct callees. 481 for (User *U : Callee->users()) { 482 CallSite CS(U); 483 assert(CS && "Should only have direct calls!"); 484 485 if (!isDereferenceablePointer(CS.getArgument(ArgNo), DL)) 486 return false; 487 } 488 return true; 489 } 490 491 /// Returns true if Prefix is a prefix of longer. That means, Longer has a size 492 /// that is greater than or equal to the size of prefix, and each of the 493 /// elements in Prefix is the same as the corresponding elements in Longer. 494 /// 495 /// This means it also returns true when Prefix and Longer are equal! 496 static bool isPrefix(const IndicesVector &Prefix, const IndicesVector &Longer) { 497 if (Prefix.size() > Longer.size()) 498 return false; 499 return std::equal(Prefix.begin(), Prefix.end(), Longer.begin()); 500 } 501 502 /// Checks if Indices, or a prefix of Indices, is in Set. 503 static bool prefixIn(const IndicesVector &Indices, 504 std::set<IndicesVector> &Set) { 505 std::set<IndicesVector>::iterator Low; 506 Low = Set.upper_bound(Indices); 507 if (Low != Set.begin()) 508 Low--; 509 // Low is now the last element smaller than or equal to Indices. This means 510 // it points to a prefix of Indices (possibly Indices itself), if such 511 // prefix exists. 512 // 513 // This load is safe if any prefix of its operands is safe to load. 514 return Low != Set.end() && isPrefix(*Low, Indices); 515 } 516 517 /// Mark the given indices (ToMark) as safe in the given set of indices 518 /// (Safe). Marking safe usually means adding ToMark to Safe. However, if there 519 /// is already a prefix of Indices in Safe, Indices are implicitely marked safe 520 /// already. Furthermore, any indices that Indices is itself a prefix of, are 521 /// removed from Safe (since they are implicitely safe because of Indices now). 522 static void markIndicesSafe(const IndicesVector &ToMark, 523 std::set<IndicesVector> &Safe) { 524 std::set<IndicesVector>::iterator Low; 525 Low = Safe.upper_bound(ToMark); 526 // Guard against the case where Safe is empty 527 if (Low != Safe.begin()) 528 Low--; 529 // Low is now the last element smaller than or equal to Indices. This 530 // means it points to a prefix of Indices (possibly Indices itself), if 531 // such prefix exists. 532 if (Low != Safe.end()) { 533 if (isPrefix(*Low, ToMark)) 534 // If there is already a prefix of these indices (or exactly these 535 // indices) marked a safe, don't bother adding these indices 536 return; 537 538 // Increment Low, so we can use it as a "insert before" hint 539 ++Low; 540 } 541 // Insert 542 Low = Safe.insert(Low, ToMark); 543 ++Low; 544 // If there we're a prefix of longer index list(s), remove those 545 std::set<IndicesVector>::iterator End = Safe.end(); 546 while (Low != End && isPrefix(ToMark, *Low)) { 547 std::set<IndicesVector>::iterator Remove = Low; 548 ++Low; 549 Safe.erase(Remove); 550 } 551 } 552 553 /// isSafeToPromoteArgument - As you might guess from the name of this method, 554 /// it checks to see if it is both safe and useful to promote the argument. 555 /// This method limits promotion of aggregates to only promote up to three 556 /// elements of the aggregate in order to avoid exploding the number of 557 /// arguments passed in. 558 static bool isSafeToPromoteArgument(Argument *Arg, bool isByValOrInAlloca, 559 AAResults &AAR, unsigned MaxElements) { 560 typedef std::set<IndicesVector> GEPIndicesSet; 561 562 // Quick exit for unused arguments 563 if (Arg->use_empty()) 564 return true; 565 566 // We can only promote this argument if all of the uses are loads, or are GEP 567 // instructions (with constant indices) that are subsequently loaded. 568 // 569 // Promoting the argument causes it to be loaded in the caller 570 // unconditionally. This is only safe if we can prove that either the load 571 // would have happened in the callee anyway (ie, there is a load in the entry 572 // block) or the pointer passed in at every call site is guaranteed to be 573 // valid. 574 // In the former case, invalid loads can happen, but would have happened 575 // anyway, in the latter case, invalid loads won't happen. This prevents us 576 // from introducing an invalid load that wouldn't have happened in the 577 // original code. 578 // 579 // This set will contain all sets of indices that are loaded in the entry 580 // block, and thus are safe to unconditionally load in the caller. 581 // 582 // This optimization is also safe for InAlloca parameters, because it verifies 583 // that the address isn't captured. 584 GEPIndicesSet SafeToUnconditionallyLoad; 585 586 // This set contains all the sets of indices that we are planning to promote. 587 // This makes it possible to limit the number of arguments added. 588 GEPIndicesSet ToPromote; 589 590 // If the pointer is always valid, any load with first index 0 is valid. 591 if (isByValOrInAlloca || allCallersPassInValidPointerForArgument(Arg)) 592 SafeToUnconditionallyLoad.insert(IndicesVector(1, 0)); 593 594 // First, iterate the entry block and mark loads of (geps of) arguments as 595 // safe. 596 BasicBlock &EntryBlock = Arg->getParent()->front(); 597 // Declare this here so we can reuse it 598 IndicesVector Indices; 599 for (Instruction &I : EntryBlock) 600 if (LoadInst *LI = dyn_cast<LoadInst>(&I)) { 601 Value *V = LI->getPointerOperand(); 602 if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(V)) { 603 V = GEP->getPointerOperand(); 604 if (V == Arg) { 605 // This load actually loads (part of) Arg? Check the indices then. 606 Indices.reserve(GEP->getNumIndices()); 607 for (User::op_iterator II = GEP->idx_begin(), IE = GEP->idx_end(); 608 II != IE; ++II) 609 if (ConstantInt *CI = dyn_cast<ConstantInt>(*II)) 610 Indices.push_back(CI->getSExtValue()); 611 else 612 // We found a non-constant GEP index for this argument? Bail out 613 // right away, can't promote this argument at all. 614 return false; 615 616 // Indices checked out, mark them as safe 617 markIndicesSafe(Indices, SafeToUnconditionallyLoad); 618 Indices.clear(); 619 } 620 } else if (V == Arg) { 621 // Direct loads are equivalent to a GEP with a single 0 index. 622 markIndicesSafe(IndicesVector(1, 0), SafeToUnconditionallyLoad); 623 } 624 } 625 626 // Now, iterate all uses of the argument to see if there are any uses that are 627 // not (GEP+)loads, or any (GEP+)loads that are not safe to promote. 628 SmallVector<LoadInst *, 16> Loads; 629 IndicesVector Operands; 630 for (Use &U : Arg->uses()) { 631 User *UR = U.getUser(); 632 Operands.clear(); 633 if (LoadInst *LI = dyn_cast<LoadInst>(UR)) { 634 // Don't hack volatile/atomic loads 635 if (!LI->isSimple()) 636 return false; 637 Loads.push_back(LI); 638 // Direct loads are equivalent to a GEP with a zero index and then a load. 639 Operands.push_back(0); 640 } else if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(UR)) { 641 if (GEP->use_empty()) { 642 // Dead GEP's cause trouble later. Just remove them if we run into 643 // them. 644 GEP->eraseFromParent(); 645 // TODO: This runs the above loop over and over again for dead GEPs 646 // Couldn't we just do increment the UI iterator earlier and erase the 647 // use? 648 return isSafeToPromoteArgument(Arg, isByValOrInAlloca, AAR, 649 MaxElements); 650 } 651 652 // Ensure that all of the indices are constants. 653 for (User::op_iterator i = GEP->idx_begin(), e = GEP->idx_end(); i != e; 654 ++i) 655 if (ConstantInt *C = dyn_cast<ConstantInt>(*i)) 656 Operands.push_back(C->getSExtValue()); 657 else 658 return false; // Not a constant operand GEP! 659 660 // Ensure that the only users of the GEP are load instructions. 661 for (User *GEPU : GEP->users()) 662 if (LoadInst *LI = dyn_cast<LoadInst>(GEPU)) { 663 // Don't hack volatile/atomic loads 664 if (!LI->isSimple()) 665 return false; 666 Loads.push_back(LI); 667 } else { 668 // Other uses than load? 669 return false; 670 } 671 } else { 672 return false; // Not a load or a GEP. 673 } 674 675 // Now, see if it is safe to promote this load / loads of this GEP. Loading 676 // is safe if Operands, or a prefix of Operands, is marked as safe. 677 if (!prefixIn(Operands, SafeToUnconditionallyLoad)) 678 return false; 679 680 // See if we are already promoting a load with these indices. If not, check 681 // to make sure that we aren't promoting too many elements. If so, nothing 682 // to do. 683 if (ToPromote.find(Operands) == ToPromote.end()) { 684 if (MaxElements > 0 && ToPromote.size() == MaxElements) { 685 DEBUG(dbgs() << "argpromotion not promoting argument '" 686 << Arg->getName() 687 << "' because it would require adding more " 688 << "than " << MaxElements 689 << " arguments to the function.\n"); 690 // We limit aggregate promotion to only promoting up to a fixed number 691 // of elements of the aggregate. 692 return false; 693 } 694 ToPromote.insert(std::move(Operands)); 695 } 696 } 697 698 if (Loads.empty()) 699 return true; // No users, this is a dead argument. 700 701 // Okay, now we know that the argument is only used by load instructions and 702 // it is safe to unconditionally perform all of them. Use alias analysis to 703 // check to see if the pointer is guaranteed to not be modified from entry of 704 // the function to each of the load instructions. 705 706 // Because there could be several/many load instructions, remember which 707 // blocks we know to be transparent to the load. 708 df_iterator_default_set<BasicBlock *, 16> TranspBlocks; 709 710 for (LoadInst *Load : Loads) { 711 // Check to see if the load is invalidated from the start of the block to 712 // the load itself. 713 BasicBlock *BB = Load->getParent(); 714 715 MemoryLocation Loc = MemoryLocation::get(Load); 716 if (AAR.canInstructionRangeModRef(BB->front(), *Load, Loc, MRI_Mod)) 717 return false; // Pointer is invalidated! 718 719 // Now check every path from the entry block to the load for transparency. 720 // To do this, we perform a depth first search on the inverse CFG from the 721 // loading block. 722 for (BasicBlock *P : predecessors(BB)) { 723 for (BasicBlock *TranspBB : inverse_depth_first_ext(P, TranspBlocks)) 724 if (AAR.canBasicBlockModify(*TranspBB, Loc)) 725 return false; 726 } 727 } 728 729 // If the path from the entry of the function to each load is free of 730 // instructions that potentially invalidate the load, we can make the 731 // transformation! 732 return true; 733 } 734 735 /// \brief Checks if a type could have padding bytes. 736 static bool isDenselyPacked(Type *type, const DataLayout &DL) { 737 738 // There is no size information, so be conservative. 739 if (!type->isSized()) 740 return false; 741 742 // If the alloc size is not equal to the storage size, then there are padding 743 // bytes. For x86_fp80 on x86-64, size: 80 alloc size: 128. 744 if (DL.getTypeSizeInBits(type) != DL.getTypeAllocSizeInBits(type)) 745 return false; 746 747 if (!isa<CompositeType>(type)) 748 return true; 749 750 // For homogenous sequential types, check for padding within members. 751 if (SequentialType *seqTy = dyn_cast<SequentialType>(type)) 752 return isDenselyPacked(seqTy->getElementType(), DL); 753 754 // Check for padding within and between elements of a struct. 755 StructType *StructTy = cast<StructType>(type); 756 const StructLayout *Layout = DL.getStructLayout(StructTy); 757 uint64_t StartPos = 0; 758 for (unsigned i = 0, E = StructTy->getNumElements(); i < E; ++i) { 759 Type *ElTy = StructTy->getElementType(i); 760 if (!isDenselyPacked(ElTy, DL)) 761 return false; 762 if (StartPos != Layout->getElementOffsetInBits(i)) 763 return false; 764 StartPos += DL.getTypeAllocSizeInBits(ElTy); 765 } 766 767 return true; 768 } 769 770 /// \brief Checks if the padding bytes of an argument could be accessed. 771 static bool canPaddingBeAccessed(Argument *arg) { 772 773 assert(arg->hasByValAttr()); 774 775 // Track all the pointers to the argument to make sure they are not captured. 776 SmallPtrSet<Value *, 16> PtrValues; 777 PtrValues.insert(arg); 778 779 // Track all of the stores. 780 SmallVector<StoreInst *, 16> Stores; 781 782 // Scan through the uses recursively to make sure the pointer is always used 783 // sanely. 784 SmallVector<Value *, 16> WorkList; 785 WorkList.insert(WorkList.end(), arg->user_begin(), arg->user_end()); 786 while (!WorkList.empty()) { 787 Value *V = WorkList.back(); 788 WorkList.pop_back(); 789 if (isa<GetElementPtrInst>(V) || isa<PHINode>(V)) { 790 if (PtrValues.insert(V).second) 791 WorkList.insert(WorkList.end(), V->user_begin(), V->user_end()); 792 } else if (StoreInst *Store = dyn_cast<StoreInst>(V)) { 793 Stores.push_back(Store); 794 } else if (!isa<LoadInst>(V)) { 795 return true; 796 } 797 } 798 799 // Check to make sure the pointers aren't captured 800 for (StoreInst *Store : Stores) 801 if (PtrValues.count(Store->getValueOperand())) 802 return true; 803 804 return false; 805 } 806 807 /// PromoteArguments - This method checks the specified function to see if there 808 /// are any promotable arguments and if it is safe to promote the function (for 809 /// example, all callers are direct). If safe to promote some arguments, it 810 /// calls the DoPromotion method. 811 /// 812 static Function * 813 promoteArguments(Function *F, function_ref<AAResults &(Function &F)> AARGetter, 814 unsigned MaxElements, 815 Optional<function_ref<void(CallSite OldCS, CallSite NewCS)>> 816 ReplaceCallSite) { 817 // Make sure that it is local to this module. 818 if (!F->hasLocalLinkage()) 819 return nullptr; 820 821 // Don't promote arguments for variadic functions. Adding, removing, or 822 // changing non-pack parameters can change the classification of pack 823 // parameters. Frontends encode that classification at the call site in the 824 // IR, while in the callee the classification is determined dynamically based 825 // on the number of registers consumed so far. 826 if (F->isVarArg()) 827 return nullptr; 828 829 // First check: see if there are any pointer arguments! If not, quick exit. 830 SmallVector<Argument *, 16> PointerArgs; 831 for (Argument &I : F->args()) 832 if (I.getType()->isPointerTy()) 833 PointerArgs.push_back(&I); 834 if (PointerArgs.empty()) 835 return nullptr; 836 837 // Second check: make sure that all callers are direct callers. We can't 838 // transform functions that have indirect callers. Also see if the function 839 // is self-recursive. 840 bool isSelfRecursive = false; 841 for (Use &U : F->uses()) { 842 CallSite CS(U.getUser()); 843 // Must be a direct call. 844 if (CS.getInstruction() == nullptr || !CS.isCallee(&U)) 845 return nullptr; 846 847 if (CS.getInstruction()->getParent()->getParent() == F) 848 isSelfRecursive = true; 849 } 850 851 const DataLayout &DL = F->getParent()->getDataLayout(); 852 853 AAResults &AAR = AARGetter(*F); 854 855 // Check to see which arguments are promotable. If an argument is promotable, 856 // add it to ArgsToPromote. 857 SmallPtrSet<Argument *, 8> ArgsToPromote; 858 SmallPtrSet<Argument *, 8> ByValArgsToTransform; 859 for (Argument *PtrArg : PointerArgs) { 860 Type *AgTy = cast<PointerType>(PtrArg->getType())->getElementType(); 861 862 // Replace sret attribute with noalias. This reduces register pressure by 863 // avoiding a register copy. 864 if (PtrArg->hasStructRetAttr()) { 865 unsigned ArgNo = PtrArg->getArgNo(); 866 F->setAttributes( 867 F->getAttributes() 868 .removeAttribute(F->getContext(), ArgNo + 1, Attribute::StructRet) 869 .addAttribute(F->getContext(), ArgNo + 1, Attribute::NoAlias)); 870 for (Use &U : F->uses()) { 871 CallSite CS(U.getUser()); 872 CS.setAttributes( 873 CS.getAttributes() 874 .removeAttribute(F->getContext(), ArgNo + 1, 875 Attribute::StructRet) 876 .addAttribute(F->getContext(), ArgNo + 1, Attribute::NoAlias)); 877 } 878 } 879 880 // If this is a byval argument, and if the aggregate type is small, just 881 // pass the elements, which is always safe, if the passed value is densely 882 // packed or if we can prove the padding bytes are never accessed. This does 883 // not apply to inalloca. 884 bool isSafeToPromote = 885 PtrArg->hasByValAttr() && 886 (isDenselyPacked(AgTy, DL) || !canPaddingBeAccessed(PtrArg)); 887 if (isSafeToPromote) { 888 if (StructType *STy = dyn_cast<StructType>(AgTy)) { 889 if (MaxElements > 0 && STy->getNumElements() > MaxElements) { 890 DEBUG(dbgs() << "argpromotion disable promoting argument '" 891 << PtrArg->getName() 892 << "' because it would require adding more" 893 << " than " << MaxElements 894 << " arguments to the function.\n"); 895 continue; 896 } 897 898 // If all the elements are single-value types, we can promote it. 899 bool AllSimple = true; 900 for (const auto *EltTy : STy->elements()) { 901 if (!EltTy->isSingleValueType()) { 902 AllSimple = false; 903 break; 904 } 905 } 906 907 // Safe to transform, don't even bother trying to "promote" it. 908 // Passing the elements as a scalar will allow sroa to hack on 909 // the new alloca we introduce. 910 if (AllSimple) { 911 ByValArgsToTransform.insert(PtrArg); 912 continue; 913 } 914 } 915 } 916 917 // If the argument is a recursive type and we're in a recursive 918 // function, we could end up infinitely peeling the function argument. 919 if (isSelfRecursive) { 920 if (StructType *STy = dyn_cast<StructType>(AgTy)) { 921 bool RecursiveType = false; 922 for (const auto *EltTy : STy->elements()) { 923 if (EltTy == PtrArg->getType()) { 924 RecursiveType = true; 925 break; 926 } 927 } 928 if (RecursiveType) 929 continue; 930 } 931 } 932 933 // Otherwise, see if we can promote the pointer to its value. 934 if (isSafeToPromoteArgument(PtrArg, PtrArg->hasByValOrInAllocaAttr(), AAR, 935 MaxElements)) 936 ArgsToPromote.insert(PtrArg); 937 } 938 939 // No promotable pointer arguments. 940 if (ArgsToPromote.empty() && ByValArgsToTransform.empty()) 941 return nullptr; 942 943 return doPromotion(F, ArgsToPromote, ByValArgsToTransform, ReplaceCallSite); 944 } 945 946 PreservedAnalyses ArgumentPromotionPass::run(LazyCallGraph::SCC &C, 947 CGSCCAnalysisManager &AM, 948 LazyCallGraph &CG, 949 CGSCCUpdateResult &UR) { 950 bool Changed = false, LocalChange; 951 952 // Iterate until we stop promoting from this SCC. 953 do { 954 LocalChange = false; 955 956 for (LazyCallGraph::Node &N : C) { 957 Function &OldF = N.getFunction(); 958 959 FunctionAnalysisManager &FAM = 960 AM.getResult<FunctionAnalysisManagerCGSCCProxy>(C, CG).getManager(); 961 // FIXME: This lambda must only be used with this function. We should 962 // skip the lambda and just get the AA results directly. 963 auto AARGetter = [&](Function &F) -> AAResults & { 964 assert(&F == &OldF && "Called with an unexpected function!"); 965 return FAM.getResult<AAManager>(F); 966 }; 967 968 Function *NewF = promoteArguments(&OldF, AARGetter, 3u, None); 969 if (!NewF) 970 continue; 971 LocalChange = true; 972 973 // Directly substitute the functions in the call graph. Note that this 974 // requires the old function to be completely dead and completely 975 // replaced by the new function. It does no call graph updates, it merely 976 // swaps out the particular function mapped to a particular node in the 977 // graph. 978 C.getOuterRefSCC().replaceNodeFunction(N, *NewF); 979 OldF.eraseFromParent(); 980 } 981 982 Changed |= LocalChange; 983 } while (LocalChange); 984 985 if (!Changed) 986 return PreservedAnalyses::all(); 987 988 return PreservedAnalyses::none(); 989 } 990 991 namespace { 992 /// ArgPromotion - The 'by reference' to 'by value' argument promotion pass. 993 /// 994 struct ArgPromotion : public CallGraphSCCPass { 995 void getAnalysisUsage(AnalysisUsage &AU) const override { 996 AU.addRequired<AssumptionCacheTracker>(); 997 AU.addRequired<TargetLibraryInfoWrapperPass>(); 998 getAAResultsAnalysisUsage(AU); 999 CallGraphSCCPass::getAnalysisUsage(AU); 1000 } 1001 1002 bool runOnSCC(CallGraphSCC &SCC) override; 1003 static char ID; // Pass identification, replacement for typeid 1004 explicit ArgPromotion(unsigned MaxElements = 3) 1005 : CallGraphSCCPass(ID), MaxElements(MaxElements) { 1006 initializeArgPromotionPass(*PassRegistry::getPassRegistry()); 1007 } 1008 1009 private: 1010 using llvm::Pass::doInitialization; 1011 bool doInitialization(CallGraph &CG) override; 1012 /// The maximum number of elements to expand, or 0 for unlimited. 1013 unsigned MaxElements; 1014 }; 1015 } 1016 1017 char ArgPromotion::ID = 0; 1018 INITIALIZE_PASS_BEGIN(ArgPromotion, "argpromotion", 1019 "Promote 'by reference' arguments to scalars", false, 1020 false) 1021 INITIALIZE_PASS_DEPENDENCY(AssumptionCacheTracker) 1022 INITIALIZE_PASS_DEPENDENCY(CallGraphWrapperPass) 1023 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass) 1024 INITIALIZE_PASS_END(ArgPromotion, "argpromotion", 1025 "Promote 'by reference' arguments to scalars", false, false) 1026 1027 Pass *llvm::createArgumentPromotionPass(unsigned MaxElements) { 1028 return new ArgPromotion(MaxElements); 1029 } 1030 1031 bool ArgPromotion::runOnSCC(CallGraphSCC &SCC) { 1032 if (skipSCC(SCC)) 1033 return false; 1034 1035 // Get the callgraph information that we need to update to reflect our 1036 // changes. 1037 CallGraph &CG = getAnalysis<CallGraphWrapperPass>().getCallGraph(); 1038 1039 LegacyAARGetter AARGetter(*this); 1040 1041 bool Changed = false, LocalChange; 1042 1043 // Iterate until we stop promoting from this SCC. 1044 do { 1045 LocalChange = false; 1046 // Attempt to promote arguments from all functions in this SCC. 1047 for (CallGraphNode *OldNode : SCC) { 1048 Function *OldF = OldNode->getFunction(); 1049 if (!OldF) 1050 continue; 1051 1052 auto ReplaceCallSite = [&](CallSite OldCS, CallSite NewCS) { 1053 Function *Caller = OldCS.getInstruction()->getParent()->getParent(); 1054 CallGraphNode *NewCalleeNode = 1055 CG.getOrInsertFunction(NewCS.getCalledFunction()); 1056 CallGraphNode *CallerNode = CG[Caller]; 1057 CallerNode->replaceCallEdge(OldCS, NewCS, NewCalleeNode); 1058 }; 1059 1060 if (Function *NewF = promoteArguments(OldF, AARGetter, MaxElements, 1061 {ReplaceCallSite})) { 1062 LocalChange = true; 1063 1064 // Update the call graph for the newly promoted function. 1065 CallGraphNode *NewNode = CG.getOrInsertFunction(NewF); 1066 NewNode->stealCalledFunctionsFrom(OldNode); 1067 if (OldNode->getNumReferences() == 0) 1068 delete CG.removeFunctionFromModule(OldNode); 1069 else 1070 OldF->setLinkage(Function::ExternalLinkage); 1071 1072 // And updat ethe SCC we're iterating as well. 1073 SCC.ReplaceNode(OldNode, NewNode); 1074 } 1075 } 1076 // Remember that we changed something. 1077 Changed |= LocalChange; 1078 } while (LocalChange); 1079 1080 return Changed; 1081 } 1082 1083 bool ArgPromotion::doInitialization(CallGraph &CG) { 1084 return CallGraphSCCPass::doInitialization(CG); 1085 } 1086