1 //===-- ArgumentPromotion.cpp - Promote by-reference arguments ------------===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This pass promotes "by reference" arguments to be "by value" arguments. In 11 // practice, this means looking for internal functions that have pointer 12 // arguments. If it can prove, through the use of alias analysis, that an 13 // argument is *only* loaded, then it can pass the value into the function 14 // instead of the address of the value. This can cause recursive simplification 15 // of code and lead to the elimination of allocas (especially in C++ template 16 // code like the STL). 17 // 18 // This pass also handles aggregate arguments that are passed into a function, 19 // scalarizing them if the elements of the aggregate are only loaded. Note that 20 // by default it refuses to scalarize aggregates which would require passing in 21 // more than three operands to the function, because passing thousands of 22 // operands for a large array or structure is unprofitable! This limit can be 23 // configured or disabled, however. 24 // 25 // Note that this transformation could also be done for arguments that are only 26 // stored to (returning the value instead), but does not currently. This case 27 // would be best handled when and if LLVM begins supporting multiple return 28 // values from functions. 29 // 30 //===----------------------------------------------------------------------===// 31 32 #include "llvm/ADT/DepthFirstIterator.h" 33 #include "llvm/ADT/Statistic.h" 34 #include "llvm/ADT/StringExtras.h" 35 #include "llvm/Analysis/AliasAnalysis.h" 36 #include "llvm/Analysis/AssumptionCache.h" 37 #include "llvm/Analysis/BasicAliasAnalysis.h" 38 #include "llvm/Analysis/CallGraph.h" 39 #include "llvm/Analysis/CallGraphSCCPass.h" 40 #include "llvm/Analysis/Loads.h" 41 #include "llvm/Analysis/TargetLibraryInfo.h" 42 #include "llvm/IR/CFG.h" 43 #include "llvm/IR/CallSite.h" 44 #include "llvm/IR/Constants.h" 45 #include "llvm/IR/DataLayout.h" 46 #include "llvm/IR/DebugInfo.h" 47 #include "llvm/IR/DerivedTypes.h" 48 #include "llvm/IR/Instructions.h" 49 #include "llvm/IR/LLVMContext.h" 50 #include "llvm/IR/Module.h" 51 #include "llvm/Support/Debug.h" 52 #include "llvm/Support/raw_ostream.h" 53 #include "llvm/Transforms/IPO.h" 54 #include <set> 55 using namespace llvm; 56 57 #define DEBUG_TYPE "argpromotion" 58 59 STATISTIC(NumArgumentsPromoted, "Number of pointer arguments promoted"); 60 STATISTIC(NumAggregatesPromoted, "Number of aggregate arguments promoted"); 61 STATISTIC(NumByValArgsPromoted, "Number of byval arguments promoted"); 62 STATISTIC(NumArgumentsDead, "Number of dead pointer args eliminated"); 63 64 /// A vector used to hold the indices of a single GEP instruction 65 typedef std::vector<uint64_t> IndicesVector; 66 67 /// DoPromotion - This method actually performs the promotion of the specified 68 /// arguments, and returns the new function. At this point, we know that it's 69 /// safe to do so. 70 static CallGraphNode * 71 doPromotion(Function *F, SmallPtrSetImpl<Argument *> &ArgsToPromote, 72 SmallPtrSetImpl<Argument *> &ByValArgsToTransform, CallGraph &CG) { 73 74 // Start by computing a new prototype for the function, which is the same as 75 // the old function, but has modified arguments. 76 FunctionType *FTy = F->getFunctionType(); 77 std::vector<Type *> Params; 78 79 typedef std::set<std::pair<Type *, IndicesVector>> ScalarizeTable; 80 81 // ScalarizedElements - If we are promoting a pointer that has elements 82 // accessed out of it, keep track of which elements are accessed so that we 83 // can add one argument for each. 84 // 85 // Arguments that are directly loaded will have a zero element value here, to 86 // handle cases where there are both a direct load and GEP accesses. 87 // 88 std::map<Argument *, ScalarizeTable> ScalarizedElements; 89 90 // OriginalLoads - Keep track of a representative load instruction from the 91 // original function so that we can tell the alias analysis implementation 92 // what the new GEP/Load instructions we are inserting look like. 93 // We need to keep the original loads for each argument and the elements 94 // of the argument that are accessed. 95 std::map<std::pair<Argument *, IndicesVector>, LoadInst *> OriginalLoads; 96 97 // Attribute - Keep track of the parameter attributes for the arguments 98 // that we are *not* promoting. For the ones that we do promote, the parameter 99 // attributes are lost 100 SmallVector<AttributeSet, 8> AttributesVec; 101 const AttributeSet &PAL = F->getAttributes(); 102 103 // Add any return attributes. 104 if (PAL.hasAttributes(AttributeSet::ReturnIndex)) 105 AttributesVec.push_back( 106 AttributeSet::get(F->getContext(), PAL.getRetAttributes())); 107 108 // First, determine the new argument list 109 unsigned ArgIndex = 1; 110 for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(); I != E; 111 ++I, ++ArgIndex) { 112 if (ByValArgsToTransform.count(&*I)) { 113 // Simple byval argument? Just add all the struct element types. 114 Type *AgTy = cast<PointerType>(I->getType())->getElementType(); 115 StructType *STy = cast<StructType>(AgTy); 116 Params.insert(Params.end(), STy->element_begin(), STy->element_end()); 117 ++NumByValArgsPromoted; 118 } else if (!ArgsToPromote.count(&*I)) { 119 // Unchanged argument 120 Params.push_back(I->getType()); 121 AttributeSet attrs = PAL.getParamAttributes(ArgIndex); 122 if (attrs.hasAttributes(ArgIndex)) { 123 AttrBuilder B(attrs, ArgIndex); 124 AttributesVec.push_back( 125 AttributeSet::get(F->getContext(), Params.size(), B)); 126 } 127 } else if (I->use_empty()) { 128 // Dead argument (which are always marked as promotable) 129 ++NumArgumentsDead; 130 } else { 131 // Okay, this is being promoted. This means that the only uses are loads 132 // or GEPs which are only used by loads 133 134 // In this table, we will track which indices are loaded from the argument 135 // (where direct loads are tracked as no indices). 136 ScalarizeTable &ArgIndices = ScalarizedElements[&*I]; 137 for (User *U : I->users()) { 138 Instruction *UI = cast<Instruction>(U); 139 Type *SrcTy; 140 if (LoadInst *L = dyn_cast<LoadInst>(UI)) 141 SrcTy = L->getType(); 142 else 143 SrcTy = cast<GetElementPtrInst>(UI)->getSourceElementType(); 144 IndicesVector Indices; 145 Indices.reserve(UI->getNumOperands() - 1); 146 // Since loads will only have a single operand, and GEPs only a single 147 // non-index operand, this will record direct loads without any indices, 148 // and gep+loads with the GEP indices. 149 for (User::op_iterator II = UI->op_begin() + 1, IE = UI->op_end(); 150 II != IE; ++II) 151 Indices.push_back(cast<ConstantInt>(*II)->getSExtValue()); 152 // GEPs with a single 0 index can be merged with direct loads 153 if (Indices.size() == 1 && Indices.front() == 0) 154 Indices.clear(); 155 ArgIndices.insert(std::make_pair(SrcTy, Indices)); 156 LoadInst *OrigLoad; 157 if (LoadInst *L = dyn_cast<LoadInst>(UI)) 158 OrigLoad = L; 159 else 160 // Take any load, we will use it only to update Alias Analysis 161 OrigLoad = cast<LoadInst>(UI->user_back()); 162 OriginalLoads[std::make_pair(&*I, Indices)] = OrigLoad; 163 } 164 165 // Add a parameter to the function for each element passed in. 166 for (const auto &ArgIndex : ArgIndices) { 167 // not allowed to dereference ->begin() if size() is 0 168 Params.push_back(GetElementPtrInst::getIndexedType( 169 cast<PointerType>(I->getType()->getScalarType())->getElementType(), 170 ArgIndex.second)); 171 assert(Params.back()); 172 } 173 174 if (ArgIndices.size() == 1 && ArgIndices.begin()->second.empty()) 175 ++NumArgumentsPromoted; 176 else 177 ++NumAggregatesPromoted; 178 } 179 } 180 181 // Add any function attributes. 182 if (PAL.hasAttributes(AttributeSet::FunctionIndex)) 183 AttributesVec.push_back( 184 AttributeSet::get(FTy->getContext(), PAL.getFnAttributes())); 185 186 Type *RetTy = FTy->getReturnType(); 187 188 // Construct the new function type using the new arguments. 189 FunctionType *NFTy = FunctionType::get(RetTy, Params, FTy->isVarArg()); 190 191 // Create the new function body and insert it into the module. 192 Function *NF = Function::Create(NFTy, F->getLinkage(), F->getName()); 193 NF->copyAttributesFrom(F); 194 195 // Patch the pointer to LLVM function in debug info descriptor. 196 NF->setSubprogram(F->getSubprogram()); 197 F->setSubprogram(nullptr); 198 199 DEBUG(dbgs() << "ARG PROMOTION: Promoting to:" << *NF << "\n" 200 << "From: " << *F); 201 202 // Recompute the parameter attributes list based on the new arguments for 203 // the function. 204 NF->setAttributes(AttributeSet::get(F->getContext(), AttributesVec)); 205 AttributesVec.clear(); 206 207 F->getParent()->getFunctionList().insert(F->getIterator(), NF); 208 NF->takeName(F); 209 210 // Get a new callgraph node for NF. 211 CallGraphNode *NF_CGN = CG.getOrInsertFunction(NF); 212 213 // Loop over all of the callers of the function, transforming the call sites 214 // to pass in the loaded pointers. 215 // 216 SmallVector<Value *, 16> Args; 217 while (!F->use_empty()) { 218 CallSite CS(F->user_back()); 219 assert(CS.getCalledFunction() == F); 220 Instruction *Call = CS.getInstruction(); 221 const AttributeSet &CallPAL = CS.getAttributes(); 222 223 // Add any return attributes. 224 if (CallPAL.hasAttributes(AttributeSet::ReturnIndex)) 225 AttributesVec.push_back( 226 AttributeSet::get(F->getContext(), CallPAL.getRetAttributes())); 227 228 // Loop over the operands, inserting GEP and loads in the caller as 229 // appropriate. 230 CallSite::arg_iterator AI = CS.arg_begin(); 231 ArgIndex = 1; 232 for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(); I != E; 233 ++I, ++AI, ++ArgIndex) 234 if (!ArgsToPromote.count(&*I) && !ByValArgsToTransform.count(&*I)) { 235 Args.push_back(*AI); // Unmodified argument 236 237 if (CallPAL.hasAttributes(ArgIndex)) { 238 AttrBuilder B(CallPAL, ArgIndex); 239 AttributesVec.push_back( 240 AttributeSet::get(F->getContext(), Args.size(), B)); 241 } 242 } else if (ByValArgsToTransform.count(&*I)) { 243 // Emit a GEP and load for each element of the struct. 244 Type *AgTy = cast<PointerType>(I->getType())->getElementType(); 245 StructType *STy = cast<StructType>(AgTy); 246 Value *Idxs[2] = { 247 ConstantInt::get(Type::getInt32Ty(F->getContext()), 0), nullptr}; 248 for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i) { 249 Idxs[1] = ConstantInt::get(Type::getInt32Ty(F->getContext()), i); 250 Value *Idx = GetElementPtrInst::Create( 251 STy, *AI, Idxs, (*AI)->getName() + "." + Twine(i), Call); 252 // TODO: Tell AA about the new values? 253 Args.push_back(new LoadInst(Idx, Idx->getName() + ".val", Call)); 254 } 255 } else if (!I->use_empty()) { 256 // Non-dead argument: insert GEPs and loads as appropriate. 257 ScalarizeTable &ArgIndices = ScalarizedElements[&*I]; 258 // Store the Value* version of the indices in here, but declare it now 259 // for reuse. 260 std::vector<Value *> Ops; 261 for (const auto &ArgIndex : ArgIndices) { 262 Value *V = *AI; 263 LoadInst *OrigLoad = 264 OriginalLoads[std::make_pair(&*I, ArgIndex.second)]; 265 if (!ArgIndex.second.empty()) { 266 Ops.reserve(ArgIndex.second.size()); 267 Type *ElTy = V->getType(); 268 for (unsigned long II : ArgIndex.second) { 269 // Use i32 to index structs, and i64 for others (pointers/arrays). 270 // This satisfies GEP constraints. 271 Type *IdxTy = 272 (ElTy->isStructTy() ? Type::getInt32Ty(F->getContext()) 273 : Type::getInt64Ty(F->getContext())); 274 Ops.push_back(ConstantInt::get(IdxTy, II)); 275 // Keep track of the type we're currently indexing. 276 if (auto *ElPTy = dyn_cast<PointerType>(ElTy)) 277 ElTy = ElPTy->getElementType(); 278 else 279 ElTy = cast<CompositeType>(ElTy)->getTypeAtIndex(II); 280 } 281 // And create a GEP to extract those indices. 282 V = GetElementPtrInst::Create(ArgIndex.first, V, Ops, 283 V->getName() + ".idx", Call); 284 Ops.clear(); 285 } 286 // Since we're replacing a load make sure we take the alignment 287 // of the previous load. 288 LoadInst *newLoad = new LoadInst(V, V->getName() + ".val", Call); 289 newLoad->setAlignment(OrigLoad->getAlignment()); 290 // Transfer the AA info too. 291 AAMDNodes AAInfo; 292 OrigLoad->getAAMetadata(AAInfo); 293 newLoad->setAAMetadata(AAInfo); 294 295 Args.push_back(newLoad); 296 } 297 } 298 299 // Push any varargs arguments on the list. 300 for (; AI != CS.arg_end(); ++AI, ++ArgIndex) { 301 Args.push_back(*AI); 302 if (CallPAL.hasAttributes(ArgIndex)) { 303 AttrBuilder B(CallPAL, ArgIndex); 304 AttributesVec.push_back( 305 AttributeSet::get(F->getContext(), Args.size(), B)); 306 } 307 } 308 309 // Add any function attributes. 310 if (CallPAL.hasAttributes(AttributeSet::FunctionIndex)) 311 AttributesVec.push_back( 312 AttributeSet::get(Call->getContext(), CallPAL.getFnAttributes())); 313 314 SmallVector<OperandBundleDef, 1> OpBundles; 315 CS.getOperandBundlesAsDefs(OpBundles); 316 317 Instruction *New; 318 if (InvokeInst *II = dyn_cast<InvokeInst>(Call)) { 319 New = InvokeInst::Create(NF, II->getNormalDest(), II->getUnwindDest(), 320 Args, OpBundles, "", Call); 321 cast<InvokeInst>(New)->setCallingConv(CS.getCallingConv()); 322 cast<InvokeInst>(New)->setAttributes( 323 AttributeSet::get(II->getContext(), AttributesVec)); 324 } else { 325 New = CallInst::Create(NF, Args, OpBundles, "", Call); 326 cast<CallInst>(New)->setCallingConv(CS.getCallingConv()); 327 cast<CallInst>(New)->setAttributes( 328 AttributeSet::get(New->getContext(), AttributesVec)); 329 cast<CallInst>(New)->setTailCallKind( 330 cast<CallInst>(Call)->getTailCallKind()); 331 } 332 New->setDebugLoc(Call->getDebugLoc()); 333 Args.clear(); 334 AttributesVec.clear(); 335 336 // Update the callgraph to know that the callsite has been transformed. 337 CallGraphNode *CalleeNode = CG[Call->getParent()->getParent()]; 338 CalleeNode->replaceCallEdge(CS, CallSite(New), NF_CGN); 339 340 if (!Call->use_empty()) { 341 Call->replaceAllUsesWith(New); 342 New->takeName(Call); 343 } 344 345 // Finally, remove the old call from the program, reducing the use-count of 346 // F. 347 Call->eraseFromParent(); 348 } 349 350 // Since we have now created the new function, splice the body of the old 351 // function right into the new function, leaving the old rotting hulk of the 352 // function empty. 353 NF->getBasicBlockList().splice(NF->begin(), F->getBasicBlockList()); 354 355 // Loop over the argument list, transferring uses of the old arguments over to 356 // the new arguments, also transferring over the names as well. 357 // 358 for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(), 359 I2 = NF->arg_begin(); 360 I != E; ++I) { 361 if (!ArgsToPromote.count(&*I) && !ByValArgsToTransform.count(&*I)) { 362 // If this is an unmodified argument, move the name and users over to the 363 // new version. 364 I->replaceAllUsesWith(&*I2); 365 I2->takeName(&*I); 366 ++I2; 367 continue; 368 } 369 370 if (ByValArgsToTransform.count(&*I)) { 371 // In the callee, we create an alloca, and store each of the new incoming 372 // arguments into the alloca. 373 Instruction *InsertPt = &NF->begin()->front(); 374 375 // Just add all the struct element types. 376 Type *AgTy = cast<PointerType>(I->getType())->getElementType(); 377 Value *TheAlloca = new AllocaInst(AgTy, nullptr, "", InsertPt); 378 StructType *STy = cast<StructType>(AgTy); 379 Value *Idxs[2] = {ConstantInt::get(Type::getInt32Ty(F->getContext()), 0), 380 nullptr}; 381 382 for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i) { 383 Idxs[1] = ConstantInt::get(Type::getInt32Ty(F->getContext()), i); 384 Value *Idx = GetElementPtrInst::Create( 385 AgTy, TheAlloca, Idxs, TheAlloca->getName() + "." + Twine(i), 386 InsertPt); 387 I2->setName(I->getName() + "." + Twine(i)); 388 new StoreInst(&*I2++, Idx, InsertPt); 389 } 390 391 // Anything that used the arg should now use the alloca. 392 I->replaceAllUsesWith(TheAlloca); 393 TheAlloca->takeName(&*I); 394 395 // If the alloca is used in a call, we must clear the tail flag since 396 // the callee now uses an alloca from the caller. 397 for (User *U : TheAlloca->users()) { 398 CallInst *Call = dyn_cast<CallInst>(U); 399 if (!Call) 400 continue; 401 Call->setTailCall(false); 402 } 403 continue; 404 } 405 406 if (I->use_empty()) 407 continue; 408 409 // Otherwise, if we promoted this argument, then all users are load 410 // instructions (or GEPs with only load users), and all loads should be 411 // using the new argument that we added. 412 ScalarizeTable &ArgIndices = ScalarizedElements[&*I]; 413 414 while (!I->use_empty()) { 415 if (LoadInst *LI = dyn_cast<LoadInst>(I->user_back())) { 416 assert(ArgIndices.begin()->second.empty() && 417 "Load element should sort to front!"); 418 I2->setName(I->getName() + ".val"); 419 LI->replaceAllUsesWith(&*I2); 420 LI->eraseFromParent(); 421 DEBUG(dbgs() << "*** Promoted load of argument '" << I->getName() 422 << "' in function '" << F->getName() << "'\n"); 423 } else { 424 GetElementPtrInst *GEP = cast<GetElementPtrInst>(I->user_back()); 425 IndicesVector Operands; 426 Operands.reserve(GEP->getNumIndices()); 427 for (User::op_iterator II = GEP->idx_begin(), IE = GEP->idx_end(); 428 II != IE; ++II) 429 Operands.push_back(cast<ConstantInt>(*II)->getSExtValue()); 430 431 // GEPs with a single 0 index can be merged with direct loads 432 if (Operands.size() == 1 && Operands.front() == 0) 433 Operands.clear(); 434 435 Function::arg_iterator TheArg = I2; 436 for (ScalarizeTable::iterator It = ArgIndices.begin(); 437 It->second != Operands; ++It, ++TheArg) { 438 assert(It != ArgIndices.end() && "GEP not handled??"); 439 } 440 441 std::string NewName = I->getName(); 442 for (unsigned i = 0, e = Operands.size(); i != e; ++i) { 443 NewName += "." + utostr(Operands[i]); 444 } 445 NewName += ".val"; 446 TheArg->setName(NewName); 447 448 DEBUG(dbgs() << "*** Promoted agg argument '" << TheArg->getName() 449 << "' of function '" << NF->getName() << "'\n"); 450 451 // All of the uses must be load instructions. Replace them all with 452 // the argument specified by ArgNo. 453 while (!GEP->use_empty()) { 454 LoadInst *L = cast<LoadInst>(GEP->user_back()); 455 L->replaceAllUsesWith(&*TheArg); 456 L->eraseFromParent(); 457 } 458 GEP->eraseFromParent(); 459 } 460 } 461 462 // Increment I2 past all of the arguments added for this promoted pointer. 463 std::advance(I2, ArgIndices.size()); 464 } 465 466 NF_CGN->stealCalledFunctionsFrom(CG[F]); 467 468 // Now that the old function is dead, delete it. If there is a dangling 469 // reference to the CallgraphNode, just leave the dead function around for 470 // someone else to nuke. 471 CallGraphNode *CGN = CG[F]; 472 if (CGN->getNumReferences() == 0) 473 delete CG.removeFunctionFromModule(CGN); 474 else 475 F->setLinkage(Function::ExternalLinkage); 476 477 return NF_CGN; 478 } 479 480 /// AllCallersPassInValidPointerForArgument - Return true if we can prove that 481 /// all callees pass in a valid pointer for the specified function argument. 482 static bool allCallersPassInValidPointerForArgument(Argument *Arg) { 483 Function *Callee = Arg->getParent(); 484 const DataLayout &DL = Callee->getParent()->getDataLayout(); 485 486 unsigned ArgNo = Arg->getArgNo(); 487 488 // Look at all call sites of the function. At this point we know we only have 489 // direct callees. 490 for (User *U : Callee->users()) { 491 CallSite CS(U); 492 assert(CS && "Should only have direct calls!"); 493 494 if (!isDereferenceablePointer(CS.getArgument(ArgNo), DL)) 495 return false; 496 } 497 return true; 498 } 499 500 /// Returns true if Prefix is a prefix of longer. That means, Longer has a size 501 /// that is greater than or equal to the size of prefix, and each of the 502 /// elements in Prefix is the same as the corresponding elements in Longer. 503 /// 504 /// This means it also returns true when Prefix and Longer are equal! 505 static bool isPrefix(const IndicesVector &Prefix, const IndicesVector &Longer) { 506 if (Prefix.size() > Longer.size()) 507 return false; 508 return std::equal(Prefix.begin(), Prefix.end(), Longer.begin()); 509 } 510 511 /// Checks if Indices, or a prefix of Indices, is in Set. 512 static bool prefixIn(const IndicesVector &Indices, 513 std::set<IndicesVector> &Set) { 514 std::set<IndicesVector>::iterator Low; 515 Low = Set.upper_bound(Indices); 516 if (Low != Set.begin()) 517 Low--; 518 // Low is now the last element smaller than or equal to Indices. This means 519 // it points to a prefix of Indices (possibly Indices itself), if such 520 // prefix exists. 521 // 522 // This load is safe if any prefix of its operands is safe to load. 523 return Low != Set.end() && isPrefix(*Low, Indices); 524 } 525 526 /// Mark the given indices (ToMark) as safe in the given set of indices 527 /// (Safe). Marking safe usually means adding ToMark to Safe. However, if there 528 /// is already a prefix of Indices in Safe, Indices are implicitely marked safe 529 /// already. Furthermore, any indices that Indices is itself a prefix of, are 530 /// removed from Safe (since they are implicitely safe because of Indices now). 531 static void markIndicesSafe(const IndicesVector &ToMark, 532 std::set<IndicesVector> &Safe) { 533 std::set<IndicesVector>::iterator Low; 534 Low = Safe.upper_bound(ToMark); 535 // Guard against the case where Safe is empty 536 if (Low != Safe.begin()) 537 Low--; 538 // Low is now the last element smaller than or equal to Indices. This 539 // means it points to a prefix of Indices (possibly Indices itself), if 540 // such prefix exists. 541 if (Low != Safe.end()) { 542 if (isPrefix(*Low, ToMark)) 543 // If there is already a prefix of these indices (or exactly these 544 // indices) marked a safe, don't bother adding these indices 545 return; 546 547 // Increment Low, so we can use it as a "insert before" hint 548 ++Low; 549 } 550 // Insert 551 Low = Safe.insert(Low, ToMark); 552 ++Low; 553 // If there we're a prefix of longer index list(s), remove those 554 std::set<IndicesVector>::iterator End = Safe.end(); 555 while (Low != End && isPrefix(ToMark, *Low)) { 556 std::set<IndicesVector>::iterator Remove = Low; 557 ++Low; 558 Safe.erase(Remove); 559 } 560 } 561 562 /// isSafeToPromoteArgument - As you might guess from the name of this method, 563 /// it checks to see if it is both safe and useful to promote the argument. 564 /// This method limits promotion of aggregates to only promote up to three 565 /// elements of the aggregate in order to avoid exploding the number of 566 /// arguments passed in. 567 static bool isSafeToPromoteArgument(Argument *Arg, bool isByValOrInAlloca, 568 AAResults &AAR, unsigned MaxElements) { 569 typedef std::set<IndicesVector> GEPIndicesSet; 570 571 // Quick exit for unused arguments 572 if (Arg->use_empty()) 573 return true; 574 575 // We can only promote this argument if all of the uses are loads, or are GEP 576 // instructions (with constant indices) that are subsequently loaded. 577 // 578 // Promoting the argument causes it to be loaded in the caller 579 // unconditionally. This is only safe if we can prove that either the load 580 // would have happened in the callee anyway (ie, there is a load in the entry 581 // block) or the pointer passed in at every call site is guaranteed to be 582 // valid. 583 // In the former case, invalid loads can happen, but would have happened 584 // anyway, in the latter case, invalid loads won't happen. This prevents us 585 // from introducing an invalid load that wouldn't have happened in the 586 // original code. 587 // 588 // This set will contain all sets of indices that are loaded in the entry 589 // block, and thus are safe to unconditionally load in the caller. 590 // 591 // This optimization is also safe for InAlloca parameters, because it verifies 592 // that the address isn't captured. 593 GEPIndicesSet SafeToUnconditionallyLoad; 594 595 // This set contains all the sets of indices that we are planning to promote. 596 // This makes it possible to limit the number of arguments added. 597 GEPIndicesSet ToPromote; 598 599 // If the pointer is always valid, any load with first index 0 is valid. 600 if (isByValOrInAlloca || allCallersPassInValidPointerForArgument(Arg)) 601 SafeToUnconditionallyLoad.insert(IndicesVector(1, 0)); 602 603 // First, iterate the entry block and mark loads of (geps of) arguments as 604 // safe. 605 BasicBlock &EntryBlock = Arg->getParent()->front(); 606 // Declare this here so we can reuse it 607 IndicesVector Indices; 608 for (Instruction &I : EntryBlock) 609 if (LoadInst *LI = dyn_cast<LoadInst>(&I)) { 610 Value *V = LI->getPointerOperand(); 611 if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(V)) { 612 V = GEP->getPointerOperand(); 613 if (V == Arg) { 614 // This load actually loads (part of) Arg? Check the indices then. 615 Indices.reserve(GEP->getNumIndices()); 616 for (User::op_iterator II = GEP->idx_begin(), IE = GEP->idx_end(); 617 II != IE; ++II) 618 if (ConstantInt *CI = dyn_cast<ConstantInt>(*II)) 619 Indices.push_back(CI->getSExtValue()); 620 else 621 // We found a non-constant GEP index for this argument? Bail out 622 // right away, can't promote this argument at all. 623 return false; 624 625 // Indices checked out, mark them as safe 626 markIndicesSafe(Indices, SafeToUnconditionallyLoad); 627 Indices.clear(); 628 } 629 } else if (V == Arg) { 630 // Direct loads are equivalent to a GEP with a single 0 index. 631 markIndicesSafe(IndicesVector(1, 0), SafeToUnconditionallyLoad); 632 } 633 } 634 635 // Now, iterate all uses of the argument to see if there are any uses that are 636 // not (GEP+)loads, or any (GEP+)loads that are not safe to promote. 637 SmallVector<LoadInst *, 16> Loads; 638 IndicesVector Operands; 639 for (Use &U : Arg->uses()) { 640 User *UR = U.getUser(); 641 Operands.clear(); 642 if (LoadInst *LI = dyn_cast<LoadInst>(UR)) { 643 // Don't hack volatile/atomic loads 644 if (!LI->isSimple()) 645 return false; 646 Loads.push_back(LI); 647 // Direct loads are equivalent to a GEP with a zero index and then a load. 648 Operands.push_back(0); 649 } else if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(UR)) { 650 if (GEP->use_empty()) { 651 // Dead GEP's cause trouble later. Just remove them if we run into 652 // them. 653 GEP->eraseFromParent(); 654 // TODO: This runs the above loop over and over again for dead GEPs 655 // Couldn't we just do increment the UI iterator earlier and erase the 656 // use? 657 return isSafeToPromoteArgument(Arg, isByValOrInAlloca, AAR, 658 MaxElements); 659 } 660 661 // Ensure that all of the indices are constants. 662 for (User::op_iterator i = GEP->idx_begin(), e = GEP->idx_end(); i != e; 663 ++i) 664 if (ConstantInt *C = dyn_cast<ConstantInt>(*i)) 665 Operands.push_back(C->getSExtValue()); 666 else 667 return false; // Not a constant operand GEP! 668 669 // Ensure that the only users of the GEP are load instructions. 670 for (User *GEPU : GEP->users()) 671 if (LoadInst *LI = dyn_cast<LoadInst>(GEPU)) { 672 // Don't hack volatile/atomic loads 673 if (!LI->isSimple()) 674 return false; 675 Loads.push_back(LI); 676 } else { 677 // Other uses than load? 678 return false; 679 } 680 } else { 681 return false; // Not a load or a GEP. 682 } 683 684 // Now, see if it is safe to promote this load / loads of this GEP. Loading 685 // is safe if Operands, or a prefix of Operands, is marked as safe. 686 if (!prefixIn(Operands, SafeToUnconditionallyLoad)) 687 return false; 688 689 // See if we are already promoting a load with these indices. If not, check 690 // to make sure that we aren't promoting too many elements. If so, nothing 691 // to do. 692 if (ToPromote.find(Operands) == ToPromote.end()) { 693 if (MaxElements > 0 && ToPromote.size() == MaxElements) { 694 DEBUG(dbgs() << "argpromotion not promoting argument '" 695 << Arg->getName() 696 << "' because it would require adding more " 697 << "than " << MaxElements 698 << " arguments to the function.\n"); 699 // We limit aggregate promotion to only promoting up to a fixed number 700 // of elements of the aggregate. 701 return false; 702 } 703 ToPromote.insert(std::move(Operands)); 704 } 705 } 706 707 if (Loads.empty()) 708 return true; // No users, this is a dead argument. 709 710 // Okay, now we know that the argument is only used by load instructions and 711 // it is safe to unconditionally perform all of them. Use alias analysis to 712 // check to see if the pointer is guaranteed to not be modified from entry of 713 // the function to each of the load instructions. 714 715 // Because there could be several/many load instructions, remember which 716 // blocks we know to be transparent to the load. 717 df_iterator_default_set<BasicBlock *, 16> TranspBlocks; 718 719 for (LoadInst *Load : Loads) { 720 // Check to see if the load is invalidated from the start of the block to 721 // the load itself. 722 BasicBlock *BB = Load->getParent(); 723 724 MemoryLocation Loc = MemoryLocation::get(Load); 725 if (AAR.canInstructionRangeModRef(BB->front(), *Load, Loc, MRI_Mod)) 726 return false; // Pointer is invalidated! 727 728 // Now check every path from the entry block to the load for transparency. 729 // To do this, we perform a depth first search on the inverse CFG from the 730 // loading block. 731 for (BasicBlock *P : predecessors(BB)) { 732 for (BasicBlock *TranspBB : inverse_depth_first_ext(P, TranspBlocks)) 733 if (AAR.canBasicBlockModify(*TranspBB, Loc)) 734 return false; 735 } 736 } 737 738 // If the path from the entry of the function to each load is free of 739 // instructions that potentially invalidate the load, we can make the 740 // transformation! 741 return true; 742 } 743 744 /// \brief Checks if a type could have padding bytes. 745 static bool isDenselyPacked(Type *type, const DataLayout &DL) { 746 747 // There is no size information, so be conservative. 748 if (!type->isSized()) 749 return false; 750 751 // If the alloc size is not equal to the storage size, then there are padding 752 // bytes. For x86_fp80 on x86-64, size: 80 alloc size: 128. 753 if (DL.getTypeSizeInBits(type) != DL.getTypeAllocSizeInBits(type)) 754 return false; 755 756 if (!isa<CompositeType>(type)) 757 return true; 758 759 // For homogenous sequential types, check for padding within members. 760 if (SequentialType *seqTy = dyn_cast<SequentialType>(type)) 761 return isDenselyPacked(seqTy->getElementType(), DL); 762 763 // Check for padding within and between elements of a struct. 764 StructType *StructTy = cast<StructType>(type); 765 const StructLayout *Layout = DL.getStructLayout(StructTy); 766 uint64_t StartPos = 0; 767 for (unsigned i = 0, E = StructTy->getNumElements(); i < E; ++i) { 768 Type *ElTy = StructTy->getElementType(i); 769 if (!isDenselyPacked(ElTy, DL)) 770 return false; 771 if (StartPos != Layout->getElementOffsetInBits(i)) 772 return false; 773 StartPos += DL.getTypeAllocSizeInBits(ElTy); 774 } 775 776 return true; 777 } 778 779 /// \brief Checks if the padding bytes of an argument could be accessed. 780 static bool canPaddingBeAccessed(Argument *arg) { 781 782 assert(arg->hasByValAttr()); 783 784 // Track all the pointers to the argument to make sure they are not captured. 785 SmallPtrSet<Value *, 16> PtrValues; 786 PtrValues.insert(arg); 787 788 // Track all of the stores. 789 SmallVector<StoreInst *, 16> Stores; 790 791 // Scan through the uses recursively to make sure the pointer is always used 792 // sanely. 793 SmallVector<Value *, 16> WorkList; 794 WorkList.insert(WorkList.end(), arg->user_begin(), arg->user_end()); 795 while (!WorkList.empty()) { 796 Value *V = WorkList.back(); 797 WorkList.pop_back(); 798 if (isa<GetElementPtrInst>(V) || isa<PHINode>(V)) { 799 if (PtrValues.insert(V).second) 800 WorkList.insert(WorkList.end(), V->user_begin(), V->user_end()); 801 } else if (StoreInst *Store = dyn_cast<StoreInst>(V)) { 802 Stores.push_back(Store); 803 } else if (!isa<LoadInst>(V)) { 804 return true; 805 } 806 } 807 808 // Check to make sure the pointers aren't captured 809 for (StoreInst *Store : Stores) 810 if (PtrValues.count(Store->getValueOperand())) 811 return true; 812 813 return false; 814 } 815 816 /// PromoteArguments - This method checks the specified function to see if there 817 /// are any promotable arguments and if it is safe to promote the function (for 818 /// example, all callers are direct). If safe to promote some arguments, it 819 /// calls the DoPromotion method. 820 /// 821 static CallGraphNode * 822 promoteArguments(CallGraphNode *CGN, CallGraph &CG, 823 function_ref<AAResults &(Function &F)> AARGetter, 824 unsigned MaxElements) { 825 Function *F = CGN->getFunction(); 826 827 // Make sure that it is local to this module. 828 if (!F || !F->hasLocalLinkage()) 829 return nullptr; 830 831 // Don't promote arguments for variadic functions. Adding, removing, or 832 // changing non-pack parameters can change the classification of pack 833 // parameters. Frontends encode that classification at the call site in the 834 // IR, while in the callee the classification is determined dynamically based 835 // on the number of registers consumed so far. 836 if (F->isVarArg()) 837 return nullptr; 838 839 // First check: see if there are any pointer arguments! If not, quick exit. 840 SmallVector<Argument *, 16> PointerArgs; 841 for (Argument &I : F->args()) 842 if (I.getType()->isPointerTy()) 843 PointerArgs.push_back(&I); 844 if (PointerArgs.empty()) 845 return nullptr; 846 847 // Second check: make sure that all callers are direct callers. We can't 848 // transform functions that have indirect callers. Also see if the function 849 // is self-recursive. 850 bool isSelfRecursive = false; 851 for (Use &U : F->uses()) { 852 CallSite CS(U.getUser()); 853 // Must be a direct call. 854 if (CS.getInstruction() == nullptr || !CS.isCallee(&U)) 855 return nullptr; 856 857 if (CS.getInstruction()->getParent()->getParent() == F) 858 isSelfRecursive = true; 859 } 860 861 const DataLayout &DL = F->getParent()->getDataLayout(); 862 863 AAResults &AAR = AARGetter(*F); 864 865 // Check to see which arguments are promotable. If an argument is promotable, 866 // add it to ArgsToPromote. 867 SmallPtrSet<Argument *, 8> ArgsToPromote; 868 SmallPtrSet<Argument *, 8> ByValArgsToTransform; 869 for (Argument *PtrArg : PointerArgs) { 870 Type *AgTy = cast<PointerType>(PtrArg->getType())->getElementType(); 871 872 // Replace sret attribute with noalias. This reduces register pressure by 873 // avoiding a register copy. 874 if (PtrArg->hasStructRetAttr()) { 875 unsigned ArgNo = PtrArg->getArgNo(); 876 F->setAttributes( 877 F->getAttributes() 878 .removeAttribute(F->getContext(), ArgNo + 1, Attribute::StructRet) 879 .addAttribute(F->getContext(), ArgNo + 1, Attribute::NoAlias)); 880 for (Use &U : F->uses()) { 881 CallSite CS(U.getUser()); 882 CS.setAttributes( 883 CS.getAttributes() 884 .removeAttribute(F->getContext(), ArgNo + 1, 885 Attribute::StructRet) 886 .addAttribute(F->getContext(), ArgNo + 1, Attribute::NoAlias)); 887 } 888 } 889 890 // If this is a byval argument, and if the aggregate type is small, just 891 // pass the elements, which is always safe, if the passed value is densely 892 // packed or if we can prove the padding bytes are never accessed. This does 893 // not apply to inalloca. 894 bool isSafeToPromote = 895 PtrArg->hasByValAttr() && 896 (isDenselyPacked(AgTy, DL) || !canPaddingBeAccessed(PtrArg)); 897 if (isSafeToPromote) { 898 if (StructType *STy = dyn_cast<StructType>(AgTy)) { 899 if (MaxElements > 0 && STy->getNumElements() > MaxElements) { 900 DEBUG(dbgs() << "argpromotion disable promoting argument '" 901 << PtrArg->getName() 902 << "' because it would require adding more" 903 << " than " << MaxElements 904 << " arguments to the function.\n"); 905 continue; 906 } 907 908 // If all the elements are single-value types, we can promote it. 909 bool AllSimple = true; 910 for (const auto *EltTy : STy->elements()) { 911 if (!EltTy->isSingleValueType()) { 912 AllSimple = false; 913 break; 914 } 915 } 916 917 // Safe to transform, don't even bother trying to "promote" it. 918 // Passing the elements as a scalar will allow sroa to hack on 919 // the new alloca we introduce. 920 if (AllSimple) { 921 ByValArgsToTransform.insert(PtrArg); 922 continue; 923 } 924 } 925 } 926 927 // If the argument is a recursive type and we're in a recursive 928 // function, we could end up infinitely peeling the function argument. 929 if (isSelfRecursive) { 930 if (StructType *STy = dyn_cast<StructType>(AgTy)) { 931 bool RecursiveType = false; 932 for (const auto *EltTy : STy->elements()) { 933 if (EltTy == PtrArg->getType()) { 934 RecursiveType = true; 935 break; 936 } 937 } 938 if (RecursiveType) 939 continue; 940 } 941 } 942 943 // Otherwise, see if we can promote the pointer to its value. 944 if (isSafeToPromoteArgument(PtrArg, PtrArg->hasByValOrInAllocaAttr(), AAR, 945 MaxElements)) 946 ArgsToPromote.insert(PtrArg); 947 } 948 949 // No promotable pointer arguments. 950 if (ArgsToPromote.empty() && ByValArgsToTransform.empty()) 951 return nullptr; 952 953 return doPromotion(F, ArgsToPromote, ByValArgsToTransform, CG); 954 } 955 956 namespace { 957 /// ArgPromotion - The 'by reference' to 'by value' argument promotion pass. 958 /// 959 struct ArgPromotion : public CallGraphSCCPass { 960 void getAnalysisUsage(AnalysisUsage &AU) const override { 961 AU.addRequired<AssumptionCacheTracker>(); 962 AU.addRequired<TargetLibraryInfoWrapperPass>(); 963 getAAResultsAnalysisUsage(AU); 964 CallGraphSCCPass::getAnalysisUsage(AU); 965 } 966 967 bool runOnSCC(CallGraphSCC &SCC) override; 968 static char ID; // Pass identification, replacement for typeid 969 explicit ArgPromotion(unsigned MaxElements = 3) 970 : CallGraphSCCPass(ID), MaxElements(MaxElements) { 971 initializeArgPromotionPass(*PassRegistry::getPassRegistry()); 972 } 973 974 private: 975 using llvm::Pass::doInitialization; 976 bool doInitialization(CallGraph &CG) override; 977 /// The maximum number of elements to expand, or 0 for unlimited. 978 unsigned MaxElements; 979 }; 980 } 981 982 char ArgPromotion::ID = 0; 983 INITIALIZE_PASS_BEGIN(ArgPromotion, "argpromotion", 984 "Promote 'by reference' arguments to scalars", false, 985 false) 986 INITIALIZE_PASS_DEPENDENCY(AssumptionCacheTracker) 987 INITIALIZE_PASS_DEPENDENCY(CallGraphWrapperPass) 988 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass) 989 INITIALIZE_PASS_END(ArgPromotion, "argpromotion", 990 "Promote 'by reference' arguments to scalars", false, false) 991 992 Pass *llvm::createArgumentPromotionPass(unsigned MaxElements) { 993 return new ArgPromotion(MaxElements); 994 } 995 996 bool ArgPromotion::runOnSCC(CallGraphSCC &SCC) { 997 if (skipSCC(SCC)) 998 return false; 999 1000 // Get the callgraph information that we need to update to reflect our 1001 // changes. 1002 CallGraph &CG = getAnalysis<CallGraphWrapperPass>().getCallGraph(); 1003 1004 // We compute dedicated AA results for each function in the SCC as needed. We 1005 // use a lambda referencing external objects so that they live long enough to 1006 // be queried, but we re-use them each time. 1007 Optional<BasicAAResult> BAR; 1008 Optional<AAResults> AAR; 1009 auto AARGetter = [&](Function &F) -> AAResults & { 1010 BAR.emplace(createLegacyPMBasicAAResult(*this, F)); 1011 AAR.emplace(createLegacyPMAAResults(*this, F, *BAR)); 1012 return *AAR; 1013 }; 1014 1015 bool Changed = false, LocalChange; 1016 1017 // Iterate until we stop promoting from this SCC. 1018 do { 1019 LocalChange = false; 1020 // Attempt to promote arguments from all functions in this SCC. 1021 for (CallGraphNode *OldNode : SCC) { 1022 if (CallGraphNode *NewNode = 1023 promoteArguments(OldNode, CG, AARGetter, MaxElements)) { 1024 LocalChange = true; 1025 SCC.ReplaceNode(OldNode, NewNode); 1026 } 1027 } 1028 // Remember that we changed something. 1029 Changed |= LocalChange; 1030 } while (LocalChange); 1031 1032 return Changed; 1033 } 1034 1035 bool ArgPromotion::doInitialization(CallGraph &CG) { 1036 return CallGraphSCCPass::doInitialization(CG); 1037 } 1038