1 //===-- ArgumentPromotion.cpp - Promote by-reference arguments ------------===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This pass promotes "by reference" arguments to be "by value" arguments. In 11 // practice, this means looking for internal functions that have pointer 12 // arguments. If it can prove, through the use of alias analysis, that an 13 // argument is *only* loaded, then it can pass the value into the function 14 // instead of the address of the value. This can cause recursive simplification 15 // of code and lead to the elimination of allocas (especially in C++ template 16 // code like the STL). 17 // 18 // This pass also handles aggregate arguments that are passed into a function, 19 // scalarizing them if the elements of the aggregate are only loaded. Note that 20 // by default it refuses to scalarize aggregates which would require passing in 21 // more than three operands to the function, because passing thousands of 22 // operands for a large array or structure is unprofitable! This limit can be 23 // configured or disabled, however. 24 // 25 // Note that this transformation could also be done for arguments that are only 26 // stored to (returning the value instead), but does not currently. This case 27 // would be best handled when and if LLVM begins supporting multiple return 28 // values from functions. 29 // 30 //===----------------------------------------------------------------------===// 31 32 #include "llvm/Transforms/IPO.h" 33 #include "llvm/ADT/DepthFirstIterator.h" 34 #include "llvm/ADT/Statistic.h" 35 #include "llvm/ADT/StringExtras.h" 36 #include "llvm/Analysis/AliasAnalysis.h" 37 #include "llvm/Analysis/AssumptionCache.h" 38 #include "llvm/Analysis/BasicAliasAnalysis.h" 39 #include "llvm/Analysis/CallGraph.h" 40 #include "llvm/Analysis/CallGraphSCCPass.h" 41 #include "llvm/Analysis/Loads.h" 42 #include "llvm/Analysis/TargetLibraryInfo.h" 43 #include "llvm/IR/CFG.h" 44 #include "llvm/IR/CallSite.h" 45 #include "llvm/IR/Constants.h" 46 #include "llvm/IR/DataLayout.h" 47 #include "llvm/IR/DebugInfo.h" 48 #include "llvm/IR/DerivedTypes.h" 49 #include "llvm/IR/Instructions.h" 50 #include "llvm/IR/LLVMContext.h" 51 #include "llvm/IR/Module.h" 52 #include "llvm/Support/Debug.h" 53 #include "llvm/Support/raw_ostream.h" 54 #include <set> 55 using namespace llvm; 56 57 #define DEBUG_TYPE "argpromotion" 58 59 STATISTIC(NumArgumentsPromoted , "Number of pointer arguments promoted"); 60 STATISTIC(NumAggregatesPromoted, "Number of aggregate arguments promoted"); 61 STATISTIC(NumByValArgsPromoted , "Number of byval arguments promoted"); 62 STATISTIC(NumArgumentsDead , "Number of dead pointer args eliminated"); 63 64 namespace { 65 /// ArgPromotion - The 'by reference' to 'by value' argument promotion pass. 66 /// 67 struct ArgPromotion : public CallGraphSCCPass { 68 void getAnalysisUsage(AnalysisUsage &AU) const override { 69 AU.addRequired<AssumptionCacheTracker>(); 70 AU.addRequired<TargetLibraryInfoWrapperPass>(); 71 getAAResultsAnalysisUsage(AU); 72 CallGraphSCCPass::getAnalysisUsage(AU); 73 } 74 75 bool runOnSCC(CallGraphSCC &SCC) override; 76 static char ID; // Pass identification, replacement for typeid 77 explicit ArgPromotion(unsigned maxElements = 3) 78 : CallGraphSCCPass(ID), maxElements(maxElements) { 79 initializeArgPromotionPass(*PassRegistry::getPassRegistry()); 80 } 81 82 private: 83 84 using llvm::Pass::doInitialization; 85 bool doInitialization(CallGraph &CG) override; 86 /// The maximum number of elements to expand, or 0 for unlimited. 87 unsigned maxElements; 88 }; 89 } 90 91 /// A vector used to hold the indices of a single GEP instruction 92 typedef std::vector<uint64_t> IndicesVector; 93 94 static CallGraphNode * 95 PromoteArguments(CallGraphNode *CGN, CallGraph &CG, 96 function_ref<AAResults &(Function &F)> AARGetter, 97 unsigned MaxElements); 98 static bool isDenselyPacked(Type *type, const DataLayout &DL); 99 static bool canPaddingBeAccessed(Argument *Arg); 100 static bool isSafeToPromoteArgument(Argument *Arg, bool isByVal, AAResults &AAR, 101 unsigned MaxElements); 102 static CallGraphNode * 103 DoPromotion(Function *F, SmallPtrSetImpl<Argument *> &ArgsToPromote, 104 SmallPtrSetImpl<Argument *> &ByValArgsToTransform, CallGraph &CG); 105 106 char ArgPromotion::ID = 0; 107 INITIALIZE_PASS_BEGIN(ArgPromotion, "argpromotion", 108 "Promote 'by reference' arguments to scalars", false, false) 109 INITIALIZE_PASS_DEPENDENCY(AssumptionCacheTracker) 110 INITIALIZE_PASS_DEPENDENCY(CallGraphWrapperPass) 111 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass) 112 INITIALIZE_PASS_END(ArgPromotion, "argpromotion", 113 "Promote 'by reference' arguments to scalars", false, false) 114 115 Pass *llvm::createArgumentPromotionPass(unsigned maxElements) { 116 return new ArgPromotion(maxElements); 117 } 118 119 static bool runImpl(CallGraphSCC &SCC, CallGraph &CG, 120 function_ref<AAResults &(Function &F)> AARGetter, 121 unsigned MaxElements) { 122 bool Changed = false, LocalChange; 123 124 do { // Iterate until we stop promoting from this SCC. 125 LocalChange = false; 126 // Attempt to promote arguments from all functions in this SCC. 127 for (CallGraphNode *OldNode : SCC) { 128 if (CallGraphNode *NewNode = 129 PromoteArguments(OldNode, CG, AARGetter, MaxElements)) { 130 LocalChange = true; 131 SCC.ReplaceNode(OldNode, NewNode); 132 } 133 } 134 Changed |= LocalChange; // Remember that we changed something. 135 } while (LocalChange); 136 137 return Changed; 138 } 139 140 bool ArgPromotion::runOnSCC(CallGraphSCC &SCC) { 141 if (skipSCC(SCC)) 142 return false; 143 144 // Get the callgraph information that we need to update to reflect our 145 // changes. 146 CallGraph &CG = getAnalysis<CallGraphWrapperPass>().getCallGraph(); 147 148 // We compute dedicated AA results for each function in the SCC as needed. We 149 // use a lambda referencing external objects so that they live long enough to 150 // be queried, but we re-use them each time. 151 Optional<BasicAAResult> BAR; 152 Optional<AAResults> AAR; 153 auto AARGetter = [&](Function &F) -> AAResults & { 154 BAR.emplace(createLegacyPMBasicAAResult(*this, F)); 155 AAR.emplace(createLegacyPMAAResults(*this, F, *BAR)); 156 return *AAR; 157 }; 158 159 return runImpl(SCC, CG, AARGetter, maxElements); 160 } 161 162 /// \brief Checks if a type could have padding bytes. 163 static bool isDenselyPacked(Type *type, const DataLayout &DL) { 164 165 // There is no size information, so be conservative. 166 if (!type->isSized()) 167 return false; 168 169 // If the alloc size is not equal to the storage size, then there are padding 170 // bytes. For x86_fp80 on x86-64, size: 80 alloc size: 128. 171 if (DL.getTypeSizeInBits(type) != DL.getTypeAllocSizeInBits(type)) 172 return false; 173 174 if (!isa<CompositeType>(type)) 175 return true; 176 177 // For homogenous sequential types, check for padding within members. 178 if (SequentialType *seqTy = dyn_cast<SequentialType>(type)) 179 return isa<PointerType>(seqTy) || 180 isDenselyPacked(seqTy->getElementType(), DL); 181 182 // Check for padding within and between elements of a struct. 183 StructType *StructTy = cast<StructType>(type); 184 const StructLayout *Layout = DL.getStructLayout(StructTy); 185 uint64_t StartPos = 0; 186 for (unsigned i = 0, E = StructTy->getNumElements(); i < E; ++i) { 187 Type *ElTy = StructTy->getElementType(i); 188 if (!isDenselyPacked(ElTy, DL)) 189 return false; 190 if (StartPos != Layout->getElementOffsetInBits(i)) 191 return false; 192 StartPos += DL.getTypeAllocSizeInBits(ElTy); 193 } 194 195 return true; 196 } 197 198 /// \brief Checks if the padding bytes of an argument could be accessed. 199 static bool canPaddingBeAccessed(Argument *arg) { 200 201 assert(arg->hasByValAttr()); 202 203 // Track all the pointers to the argument to make sure they are not captured. 204 SmallPtrSet<Value *, 16> PtrValues; 205 PtrValues.insert(arg); 206 207 // Track all of the stores. 208 SmallVector<StoreInst *, 16> Stores; 209 210 // Scan through the uses recursively to make sure the pointer is always used 211 // sanely. 212 SmallVector<Value *, 16> WorkList; 213 WorkList.insert(WorkList.end(), arg->user_begin(), arg->user_end()); 214 while (!WorkList.empty()) { 215 Value *V = WorkList.back(); 216 WorkList.pop_back(); 217 if (isa<GetElementPtrInst>(V) || isa<PHINode>(V)) { 218 if (PtrValues.insert(V).second) 219 WorkList.insert(WorkList.end(), V->user_begin(), V->user_end()); 220 } else if (StoreInst *Store = dyn_cast<StoreInst>(V)) { 221 Stores.push_back(Store); 222 } else if (!isa<LoadInst>(V)) { 223 return true; 224 } 225 } 226 227 // Check to make sure the pointers aren't captured 228 for (StoreInst *Store : Stores) 229 if (PtrValues.count(Store->getValueOperand())) 230 return true; 231 232 return false; 233 } 234 235 /// PromoteArguments - This method checks the specified function to see if there 236 /// are any promotable arguments and if it is safe to promote the function (for 237 /// example, all callers are direct). If safe to promote some arguments, it 238 /// calls the DoPromotion method. 239 /// 240 static CallGraphNode * 241 PromoteArguments(CallGraphNode *CGN, CallGraph &CG, 242 function_ref<AAResults &(Function &F)> AARGetter, 243 unsigned MaxElements) { 244 Function *F = CGN->getFunction(); 245 246 // Make sure that it is local to this module. 247 if (!F || !F->hasLocalLinkage()) return nullptr; 248 249 // Don't promote arguments for variadic functions. Adding, removing, or 250 // changing non-pack parameters can change the classification of pack 251 // parameters. Frontends encode that classification at the call site in the 252 // IR, while in the callee the classification is determined dynamically based 253 // on the number of registers consumed so far. 254 if (F->isVarArg()) return nullptr; 255 256 // First check: see if there are any pointer arguments! If not, quick exit. 257 SmallVector<Argument*, 16> PointerArgs; 258 for (Argument &I : F->args()) 259 if (I.getType()->isPointerTy()) 260 PointerArgs.push_back(&I); 261 if (PointerArgs.empty()) return nullptr; 262 263 // Second check: make sure that all callers are direct callers. We can't 264 // transform functions that have indirect callers. Also see if the function 265 // is self-recursive. 266 bool isSelfRecursive = false; 267 for (Use &U : F->uses()) { 268 CallSite CS(U.getUser()); 269 // Must be a direct call. 270 if (CS.getInstruction() == nullptr || !CS.isCallee(&U)) return nullptr; 271 272 if (CS.getInstruction()->getParent()->getParent() == F) 273 isSelfRecursive = true; 274 } 275 276 const DataLayout &DL = F->getParent()->getDataLayout(); 277 278 AAResults &AAR = AARGetter(*F); 279 280 // Check to see which arguments are promotable. If an argument is promotable, 281 // add it to ArgsToPromote. 282 SmallPtrSet<Argument*, 8> ArgsToPromote; 283 SmallPtrSet<Argument*, 8> ByValArgsToTransform; 284 for (Argument *PtrArg : PointerArgs) { 285 Type *AgTy = cast<PointerType>(PtrArg->getType())->getElementType(); 286 287 // Replace sret attribute with noalias. This reduces register pressure by 288 // avoiding a register copy. 289 if (PtrArg->hasStructRetAttr()) { 290 unsigned ArgNo = PtrArg->getArgNo(); 291 F->setAttributes( 292 F->getAttributes() 293 .removeAttribute(F->getContext(), ArgNo + 1, Attribute::StructRet) 294 .addAttribute(F->getContext(), ArgNo + 1, Attribute::NoAlias)); 295 for (Use &U : F->uses()) { 296 CallSite CS(U.getUser()); 297 CS.setAttributes( 298 CS.getAttributes() 299 .removeAttribute(F->getContext(), ArgNo + 1, 300 Attribute::StructRet) 301 .addAttribute(F->getContext(), ArgNo + 1, Attribute::NoAlias)); 302 } 303 } 304 305 // If this is a byval argument, and if the aggregate type is small, just 306 // pass the elements, which is always safe, if the passed value is densely 307 // packed or if we can prove the padding bytes are never accessed. This does 308 // not apply to inalloca. 309 bool isSafeToPromote = 310 PtrArg->hasByValAttr() && 311 (isDenselyPacked(AgTy, DL) || !canPaddingBeAccessed(PtrArg)); 312 if (isSafeToPromote) { 313 if (StructType *STy = dyn_cast<StructType>(AgTy)) { 314 if (MaxElements > 0 && STy->getNumElements() > MaxElements) { 315 DEBUG(dbgs() << "argpromotion disable promoting argument '" 316 << PtrArg->getName() << "' because it would require adding more" 317 << " than " << MaxElements << " arguments to the function.\n"); 318 continue; 319 } 320 321 // If all the elements are single-value types, we can promote it. 322 bool AllSimple = true; 323 for (const auto *EltTy : STy->elements()) { 324 if (!EltTy->isSingleValueType()) { 325 AllSimple = false; 326 break; 327 } 328 } 329 330 // Safe to transform, don't even bother trying to "promote" it. 331 // Passing the elements as a scalar will allow sroa to hack on 332 // the new alloca we introduce. 333 if (AllSimple) { 334 ByValArgsToTransform.insert(PtrArg); 335 continue; 336 } 337 } 338 } 339 340 // If the argument is a recursive type and we're in a recursive 341 // function, we could end up infinitely peeling the function argument. 342 if (isSelfRecursive) { 343 if (StructType *STy = dyn_cast<StructType>(AgTy)) { 344 bool RecursiveType = false; 345 for (const auto *EltTy : STy->elements()) { 346 if (EltTy == PtrArg->getType()) { 347 RecursiveType = true; 348 break; 349 } 350 } 351 if (RecursiveType) 352 continue; 353 } 354 } 355 356 // Otherwise, see if we can promote the pointer to its value. 357 if (isSafeToPromoteArgument(PtrArg, PtrArg->hasByValOrInAllocaAttr(), AAR, 358 MaxElements)) 359 ArgsToPromote.insert(PtrArg); 360 } 361 362 // No promotable pointer arguments. 363 if (ArgsToPromote.empty() && ByValArgsToTransform.empty()) 364 return nullptr; 365 366 return DoPromotion(F, ArgsToPromote, ByValArgsToTransform, CG); 367 } 368 369 /// AllCallersPassInValidPointerForArgument - Return true if we can prove that 370 /// all callees pass in a valid pointer for the specified function argument. 371 static bool AllCallersPassInValidPointerForArgument(Argument *Arg) { 372 Function *Callee = Arg->getParent(); 373 const DataLayout &DL = Callee->getParent()->getDataLayout(); 374 375 unsigned ArgNo = Arg->getArgNo(); 376 377 // Look at all call sites of the function. At this point we know we only have 378 // direct callees. 379 for (User *U : Callee->users()) { 380 CallSite CS(U); 381 assert(CS && "Should only have direct calls!"); 382 383 if (!isDereferenceablePointer(CS.getArgument(ArgNo), DL)) 384 return false; 385 } 386 return true; 387 } 388 389 /// Returns true if Prefix is a prefix of longer. That means, Longer has a size 390 /// that is greater than or equal to the size of prefix, and each of the 391 /// elements in Prefix is the same as the corresponding elements in Longer. 392 /// 393 /// This means it also returns true when Prefix and Longer are equal! 394 static bool IsPrefix(const IndicesVector &Prefix, const IndicesVector &Longer) { 395 if (Prefix.size() > Longer.size()) 396 return false; 397 return std::equal(Prefix.begin(), Prefix.end(), Longer.begin()); 398 } 399 400 401 /// Checks if Indices, or a prefix of Indices, is in Set. 402 static bool PrefixIn(const IndicesVector &Indices, 403 std::set<IndicesVector> &Set) { 404 std::set<IndicesVector>::iterator Low; 405 Low = Set.upper_bound(Indices); 406 if (Low != Set.begin()) 407 Low--; 408 // Low is now the last element smaller than or equal to Indices. This means 409 // it points to a prefix of Indices (possibly Indices itself), if such 410 // prefix exists. 411 // 412 // This load is safe if any prefix of its operands is safe to load. 413 return Low != Set.end() && IsPrefix(*Low, Indices); 414 } 415 416 /// Mark the given indices (ToMark) as safe in the given set of indices 417 /// (Safe). Marking safe usually means adding ToMark to Safe. However, if there 418 /// is already a prefix of Indices in Safe, Indices are implicitely marked safe 419 /// already. Furthermore, any indices that Indices is itself a prefix of, are 420 /// removed from Safe (since they are implicitely safe because of Indices now). 421 static void MarkIndicesSafe(const IndicesVector &ToMark, 422 std::set<IndicesVector> &Safe) { 423 std::set<IndicesVector>::iterator Low; 424 Low = Safe.upper_bound(ToMark); 425 // Guard against the case where Safe is empty 426 if (Low != Safe.begin()) 427 Low--; 428 // Low is now the last element smaller than or equal to Indices. This 429 // means it points to a prefix of Indices (possibly Indices itself), if 430 // such prefix exists. 431 if (Low != Safe.end()) { 432 if (IsPrefix(*Low, ToMark)) 433 // If there is already a prefix of these indices (or exactly these 434 // indices) marked a safe, don't bother adding these indices 435 return; 436 437 // Increment Low, so we can use it as a "insert before" hint 438 ++Low; 439 } 440 // Insert 441 Low = Safe.insert(Low, ToMark); 442 ++Low; 443 // If there we're a prefix of longer index list(s), remove those 444 std::set<IndicesVector>::iterator End = Safe.end(); 445 while (Low != End && IsPrefix(ToMark, *Low)) { 446 std::set<IndicesVector>::iterator Remove = Low; 447 ++Low; 448 Safe.erase(Remove); 449 } 450 } 451 452 /// isSafeToPromoteArgument - As you might guess from the name of this method, 453 /// it checks to see if it is both safe and useful to promote the argument. 454 /// This method limits promotion of aggregates to only promote up to three 455 /// elements of the aggregate in order to avoid exploding the number of 456 /// arguments passed in. 457 static bool isSafeToPromoteArgument(Argument *Arg, bool isByValOrInAlloca, 458 AAResults &AAR, unsigned MaxElements) { 459 typedef std::set<IndicesVector> GEPIndicesSet; 460 461 // Quick exit for unused arguments 462 if (Arg->use_empty()) 463 return true; 464 465 // We can only promote this argument if all of the uses are loads, or are GEP 466 // instructions (with constant indices) that are subsequently loaded. 467 // 468 // Promoting the argument causes it to be loaded in the caller 469 // unconditionally. This is only safe if we can prove that either the load 470 // would have happened in the callee anyway (ie, there is a load in the entry 471 // block) or the pointer passed in at every call site is guaranteed to be 472 // valid. 473 // In the former case, invalid loads can happen, but would have happened 474 // anyway, in the latter case, invalid loads won't happen. This prevents us 475 // from introducing an invalid load that wouldn't have happened in the 476 // original code. 477 // 478 // This set will contain all sets of indices that are loaded in the entry 479 // block, and thus are safe to unconditionally load in the caller. 480 // 481 // This optimization is also safe for InAlloca parameters, because it verifies 482 // that the address isn't captured. 483 GEPIndicesSet SafeToUnconditionallyLoad; 484 485 // This set contains all the sets of indices that we are planning to promote. 486 // This makes it possible to limit the number of arguments added. 487 GEPIndicesSet ToPromote; 488 489 // If the pointer is always valid, any load with first index 0 is valid. 490 if (isByValOrInAlloca || AllCallersPassInValidPointerForArgument(Arg)) 491 SafeToUnconditionallyLoad.insert(IndicesVector(1, 0)); 492 493 // First, iterate the entry block and mark loads of (geps of) arguments as 494 // safe. 495 BasicBlock &EntryBlock = Arg->getParent()->front(); 496 // Declare this here so we can reuse it 497 IndicesVector Indices; 498 for (Instruction &I : EntryBlock) 499 if (LoadInst *LI = dyn_cast<LoadInst>(&I)) { 500 Value *V = LI->getPointerOperand(); 501 if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(V)) { 502 V = GEP->getPointerOperand(); 503 if (V == Arg) { 504 // This load actually loads (part of) Arg? Check the indices then. 505 Indices.reserve(GEP->getNumIndices()); 506 for (User::op_iterator II = GEP->idx_begin(), IE = GEP->idx_end(); 507 II != IE; ++II) 508 if (ConstantInt *CI = dyn_cast<ConstantInt>(*II)) 509 Indices.push_back(CI->getSExtValue()); 510 else 511 // We found a non-constant GEP index for this argument? Bail out 512 // right away, can't promote this argument at all. 513 return false; 514 515 // Indices checked out, mark them as safe 516 MarkIndicesSafe(Indices, SafeToUnconditionallyLoad); 517 Indices.clear(); 518 } 519 } else if (V == Arg) { 520 // Direct loads are equivalent to a GEP with a single 0 index. 521 MarkIndicesSafe(IndicesVector(1, 0), SafeToUnconditionallyLoad); 522 } 523 } 524 525 // Now, iterate all uses of the argument to see if there are any uses that are 526 // not (GEP+)loads, or any (GEP+)loads that are not safe to promote. 527 SmallVector<LoadInst*, 16> Loads; 528 IndicesVector Operands; 529 for (Use &U : Arg->uses()) { 530 User *UR = U.getUser(); 531 Operands.clear(); 532 if (LoadInst *LI = dyn_cast<LoadInst>(UR)) { 533 // Don't hack volatile/atomic loads 534 if (!LI->isSimple()) return false; 535 Loads.push_back(LI); 536 // Direct loads are equivalent to a GEP with a zero index and then a load. 537 Operands.push_back(0); 538 } else if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(UR)) { 539 if (GEP->use_empty()) { 540 // Dead GEP's cause trouble later. Just remove them if we run into 541 // them. 542 GEP->eraseFromParent(); 543 // TODO: This runs the above loop over and over again for dead GEPs 544 // Couldn't we just do increment the UI iterator earlier and erase the 545 // use? 546 return isSafeToPromoteArgument(Arg, isByValOrInAlloca, AAR, 547 MaxElements); 548 } 549 550 // Ensure that all of the indices are constants. 551 for (User::op_iterator i = GEP->idx_begin(), e = GEP->idx_end(); 552 i != e; ++i) 553 if (ConstantInt *C = dyn_cast<ConstantInt>(*i)) 554 Operands.push_back(C->getSExtValue()); 555 else 556 return false; // Not a constant operand GEP! 557 558 // Ensure that the only users of the GEP are load instructions. 559 for (User *GEPU : GEP->users()) 560 if (LoadInst *LI = dyn_cast<LoadInst>(GEPU)) { 561 // Don't hack volatile/atomic loads 562 if (!LI->isSimple()) return false; 563 Loads.push_back(LI); 564 } else { 565 // Other uses than load? 566 return false; 567 } 568 } else { 569 return false; // Not a load or a GEP. 570 } 571 572 // Now, see if it is safe to promote this load / loads of this GEP. Loading 573 // is safe if Operands, or a prefix of Operands, is marked as safe. 574 if (!PrefixIn(Operands, SafeToUnconditionallyLoad)) 575 return false; 576 577 // See if we are already promoting a load with these indices. If not, check 578 // to make sure that we aren't promoting too many elements. If so, nothing 579 // to do. 580 if (ToPromote.find(Operands) == ToPromote.end()) { 581 if (MaxElements > 0 && ToPromote.size() == MaxElements) { 582 DEBUG(dbgs() << "argpromotion not promoting argument '" 583 << Arg->getName() << "' because it would require adding more " 584 << "than " << MaxElements << " arguments to the function.\n"); 585 // We limit aggregate promotion to only promoting up to a fixed number 586 // of elements of the aggregate. 587 return false; 588 } 589 ToPromote.insert(std::move(Operands)); 590 } 591 } 592 593 if (Loads.empty()) return true; // No users, this is a dead argument. 594 595 // Okay, now we know that the argument is only used by load instructions and 596 // it is safe to unconditionally perform all of them. Use alias analysis to 597 // check to see if the pointer is guaranteed to not be modified from entry of 598 // the function to each of the load instructions. 599 600 // Because there could be several/many load instructions, remember which 601 // blocks we know to be transparent to the load. 602 df_iterator_default_set<BasicBlock*, 16> TranspBlocks; 603 604 for (LoadInst *Load : Loads) { 605 // Check to see if the load is invalidated from the start of the block to 606 // the load itself. 607 BasicBlock *BB = Load->getParent(); 608 609 MemoryLocation Loc = MemoryLocation::get(Load); 610 if (AAR.canInstructionRangeModRef(BB->front(), *Load, Loc, MRI_Mod)) 611 return false; // Pointer is invalidated! 612 613 // Now check every path from the entry block to the load for transparency. 614 // To do this, we perform a depth first search on the inverse CFG from the 615 // loading block. 616 for (BasicBlock *P : predecessors(BB)) { 617 for (BasicBlock *TranspBB : inverse_depth_first_ext(P, TranspBlocks)) 618 if (AAR.canBasicBlockModify(*TranspBB, Loc)) 619 return false; 620 } 621 } 622 623 // If the path from the entry of the function to each load is free of 624 // instructions that potentially invalidate the load, we can make the 625 // transformation! 626 return true; 627 } 628 629 /// DoPromotion - This method actually performs the promotion of the specified 630 /// arguments, and returns the new function. At this point, we know that it's 631 /// safe to do so. 632 static CallGraphNode * 633 DoPromotion(Function *F, SmallPtrSetImpl<Argument *> &ArgsToPromote, 634 SmallPtrSetImpl<Argument *> &ByValArgsToTransform, CallGraph &CG) { 635 636 // Start by computing a new prototype for the function, which is the same as 637 // the old function, but has modified arguments. 638 FunctionType *FTy = F->getFunctionType(); 639 std::vector<Type*> Params; 640 641 typedef std::set<std::pair<Type *, IndicesVector>> ScalarizeTable; 642 643 // ScalarizedElements - If we are promoting a pointer that has elements 644 // accessed out of it, keep track of which elements are accessed so that we 645 // can add one argument for each. 646 // 647 // Arguments that are directly loaded will have a zero element value here, to 648 // handle cases where there are both a direct load and GEP accesses. 649 // 650 std::map<Argument*, ScalarizeTable> ScalarizedElements; 651 652 // OriginalLoads - Keep track of a representative load instruction from the 653 // original function so that we can tell the alias analysis implementation 654 // what the new GEP/Load instructions we are inserting look like. 655 // We need to keep the original loads for each argument and the elements 656 // of the argument that are accessed. 657 std::map<std::pair<Argument*, IndicesVector>, LoadInst*> OriginalLoads; 658 659 // Attribute - Keep track of the parameter attributes for the arguments 660 // that we are *not* promoting. For the ones that we do promote, the parameter 661 // attributes are lost 662 SmallVector<AttributeSet, 8> AttributesVec; 663 const AttributeSet &PAL = F->getAttributes(); 664 665 // Add any return attributes. 666 if (PAL.hasAttributes(AttributeSet::ReturnIndex)) 667 AttributesVec.push_back(AttributeSet::get(F->getContext(), 668 PAL.getRetAttributes())); 669 670 // First, determine the new argument list 671 unsigned ArgIndex = 1; 672 for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(); I != E; 673 ++I, ++ArgIndex) { 674 if (ByValArgsToTransform.count(&*I)) { 675 // Simple byval argument? Just add all the struct element types. 676 Type *AgTy = cast<PointerType>(I->getType())->getElementType(); 677 StructType *STy = cast<StructType>(AgTy); 678 Params.insert(Params.end(), STy->element_begin(), STy->element_end()); 679 ++NumByValArgsPromoted; 680 } else if (!ArgsToPromote.count(&*I)) { 681 // Unchanged argument 682 Params.push_back(I->getType()); 683 AttributeSet attrs = PAL.getParamAttributes(ArgIndex); 684 if (attrs.hasAttributes(ArgIndex)) { 685 AttrBuilder B(attrs, ArgIndex); 686 AttributesVec. 687 push_back(AttributeSet::get(F->getContext(), Params.size(), B)); 688 } 689 } else if (I->use_empty()) { 690 // Dead argument (which are always marked as promotable) 691 ++NumArgumentsDead; 692 } else { 693 // Okay, this is being promoted. This means that the only uses are loads 694 // or GEPs which are only used by loads 695 696 // In this table, we will track which indices are loaded from the argument 697 // (where direct loads are tracked as no indices). 698 ScalarizeTable &ArgIndices = ScalarizedElements[&*I]; 699 for (User *U : I->users()) { 700 Instruction *UI = cast<Instruction>(U); 701 Type *SrcTy; 702 if (LoadInst *L = dyn_cast<LoadInst>(UI)) 703 SrcTy = L->getType(); 704 else 705 SrcTy = cast<GetElementPtrInst>(UI)->getSourceElementType(); 706 IndicesVector Indices; 707 Indices.reserve(UI->getNumOperands() - 1); 708 // Since loads will only have a single operand, and GEPs only a single 709 // non-index operand, this will record direct loads without any indices, 710 // and gep+loads with the GEP indices. 711 for (User::op_iterator II = UI->op_begin() + 1, IE = UI->op_end(); 712 II != IE; ++II) 713 Indices.push_back(cast<ConstantInt>(*II)->getSExtValue()); 714 // GEPs with a single 0 index can be merged with direct loads 715 if (Indices.size() == 1 && Indices.front() == 0) 716 Indices.clear(); 717 ArgIndices.insert(std::make_pair(SrcTy, Indices)); 718 LoadInst *OrigLoad; 719 if (LoadInst *L = dyn_cast<LoadInst>(UI)) 720 OrigLoad = L; 721 else 722 // Take any load, we will use it only to update Alias Analysis 723 OrigLoad = cast<LoadInst>(UI->user_back()); 724 OriginalLoads[std::make_pair(&*I, Indices)] = OrigLoad; 725 } 726 727 // Add a parameter to the function for each element passed in. 728 for (const auto &ArgIndex : ArgIndices) { 729 // not allowed to dereference ->begin() if size() is 0 730 Params.push_back(GetElementPtrInst::getIndexedType( 731 cast<PointerType>(I->getType()->getScalarType())->getElementType(), 732 ArgIndex.second)); 733 assert(Params.back()); 734 } 735 736 if (ArgIndices.size() == 1 && ArgIndices.begin()->second.empty()) 737 ++NumArgumentsPromoted; 738 else 739 ++NumAggregatesPromoted; 740 } 741 } 742 743 // Add any function attributes. 744 if (PAL.hasAttributes(AttributeSet::FunctionIndex)) 745 AttributesVec.push_back(AttributeSet::get(FTy->getContext(), 746 PAL.getFnAttributes())); 747 748 Type *RetTy = FTy->getReturnType(); 749 750 // Construct the new function type using the new arguments. 751 FunctionType *NFTy = FunctionType::get(RetTy, Params, FTy->isVarArg()); 752 753 // Create the new function body and insert it into the module. 754 Function *NF = Function::Create(NFTy, F->getLinkage(), F->getName()); 755 NF->copyAttributesFrom(F); 756 757 // Patch the pointer to LLVM function in debug info descriptor. 758 NF->setSubprogram(F->getSubprogram()); 759 F->setSubprogram(nullptr); 760 761 DEBUG(dbgs() << "ARG PROMOTION: Promoting to:" << *NF << "\n" 762 << "From: " << *F); 763 764 // Recompute the parameter attributes list based on the new arguments for 765 // the function. 766 NF->setAttributes(AttributeSet::get(F->getContext(), AttributesVec)); 767 AttributesVec.clear(); 768 769 F->getParent()->getFunctionList().insert(F->getIterator(), NF); 770 NF->takeName(F); 771 772 // Get a new callgraph node for NF. 773 CallGraphNode *NF_CGN = CG.getOrInsertFunction(NF); 774 775 // Loop over all of the callers of the function, transforming the call sites 776 // to pass in the loaded pointers. 777 // 778 SmallVector<Value*, 16> Args; 779 while (!F->use_empty()) { 780 CallSite CS(F->user_back()); 781 assert(CS.getCalledFunction() == F); 782 Instruction *Call = CS.getInstruction(); 783 const AttributeSet &CallPAL = CS.getAttributes(); 784 785 // Add any return attributes. 786 if (CallPAL.hasAttributes(AttributeSet::ReturnIndex)) 787 AttributesVec.push_back(AttributeSet::get(F->getContext(), 788 CallPAL.getRetAttributes())); 789 790 // Loop over the operands, inserting GEP and loads in the caller as 791 // appropriate. 792 CallSite::arg_iterator AI = CS.arg_begin(); 793 ArgIndex = 1; 794 for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(); 795 I != E; ++I, ++AI, ++ArgIndex) 796 if (!ArgsToPromote.count(&*I) && !ByValArgsToTransform.count(&*I)) { 797 Args.push_back(*AI); // Unmodified argument 798 799 if (CallPAL.hasAttributes(ArgIndex)) { 800 AttrBuilder B(CallPAL, ArgIndex); 801 AttributesVec. 802 push_back(AttributeSet::get(F->getContext(), Args.size(), B)); 803 } 804 } else if (ByValArgsToTransform.count(&*I)) { 805 // Emit a GEP and load for each element of the struct. 806 Type *AgTy = cast<PointerType>(I->getType())->getElementType(); 807 StructType *STy = cast<StructType>(AgTy); 808 Value *Idxs[2] = { 809 ConstantInt::get(Type::getInt32Ty(F->getContext()), 0), nullptr }; 810 for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i) { 811 Idxs[1] = ConstantInt::get(Type::getInt32Ty(F->getContext()), i); 812 Value *Idx = GetElementPtrInst::Create( 813 STy, *AI, Idxs, (*AI)->getName() + "." + Twine(i), Call); 814 // TODO: Tell AA about the new values? 815 Args.push_back(new LoadInst(Idx, Idx->getName()+".val", Call)); 816 } 817 } else if (!I->use_empty()) { 818 // Non-dead argument: insert GEPs and loads as appropriate. 819 ScalarizeTable &ArgIndices = ScalarizedElements[&*I]; 820 // Store the Value* version of the indices in here, but declare it now 821 // for reuse. 822 std::vector<Value*> Ops; 823 for (const auto &ArgIndex : ArgIndices) { 824 Value *V = *AI; 825 LoadInst *OrigLoad = 826 OriginalLoads[std::make_pair(&*I, ArgIndex.second)]; 827 if (!ArgIndex.second.empty()) { 828 Ops.reserve(ArgIndex.second.size()); 829 Type *ElTy = V->getType(); 830 for (unsigned long II : ArgIndex.second) { 831 // Use i32 to index structs, and i64 for others (pointers/arrays). 832 // This satisfies GEP constraints. 833 Type *IdxTy = (ElTy->isStructTy() ? 834 Type::getInt32Ty(F->getContext()) : 835 Type::getInt64Ty(F->getContext())); 836 Ops.push_back(ConstantInt::get(IdxTy, II)); 837 // Keep track of the type we're currently indexing. 838 ElTy = cast<CompositeType>(ElTy)->getTypeAtIndex(II); 839 } 840 // And create a GEP to extract those indices. 841 V = GetElementPtrInst::Create(ArgIndex.first, V, Ops, 842 V->getName() + ".idx", Call); 843 Ops.clear(); 844 } 845 // Since we're replacing a load make sure we take the alignment 846 // of the previous load. 847 LoadInst *newLoad = new LoadInst(V, V->getName()+".val", Call); 848 newLoad->setAlignment(OrigLoad->getAlignment()); 849 // Transfer the AA info too. 850 AAMDNodes AAInfo; 851 OrigLoad->getAAMetadata(AAInfo); 852 newLoad->setAAMetadata(AAInfo); 853 854 Args.push_back(newLoad); 855 } 856 } 857 858 // Push any varargs arguments on the list. 859 for (; AI != CS.arg_end(); ++AI, ++ArgIndex) { 860 Args.push_back(*AI); 861 if (CallPAL.hasAttributes(ArgIndex)) { 862 AttrBuilder B(CallPAL, ArgIndex); 863 AttributesVec. 864 push_back(AttributeSet::get(F->getContext(), Args.size(), B)); 865 } 866 } 867 868 // Add any function attributes. 869 if (CallPAL.hasAttributes(AttributeSet::FunctionIndex)) 870 AttributesVec.push_back(AttributeSet::get(Call->getContext(), 871 CallPAL.getFnAttributes())); 872 873 SmallVector<OperandBundleDef, 1> OpBundles; 874 CS.getOperandBundlesAsDefs(OpBundles); 875 876 Instruction *New; 877 if (InvokeInst *II = dyn_cast<InvokeInst>(Call)) { 878 New = InvokeInst::Create(NF, II->getNormalDest(), II->getUnwindDest(), 879 Args, OpBundles, "", Call); 880 cast<InvokeInst>(New)->setCallingConv(CS.getCallingConv()); 881 cast<InvokeInst>(New)->setAttributes(AttributeSet::get(II->getContext(), 882 AttributesVec)); 883 } else { 884 New = CallInst::Create(NF, Args, OpBundles, "", Call); 885 cast<CallInst>(New)->setCallingConv(CS.getCallingConv()); 886 cast<CallInst>(New)->setAttributes(AttributeSet::get(New->getContext(), 887 AttributesVec)); 888 if (cast<CallInst>(Call)->isTailCall()) 889 cast<CallInst>(New)->setTailCall(); 890 } 891 New->setDebugLoc(Call->getDebugLoc()); 892 Args.clear(); 893 AttributesVec.clear(); 894 895 // Update the callgraph to know that the callsite has been transformed. 896 CallGraphNode *CalleeNode = CG[Call->getParent()->getParent()]; 897 CalleeNode->replaceCallEdge(CS, CallSite(New), NF_CGN); 898 899 if (!Call->use_empty()) { 900 Call->replaceAllUsesWith(New); 901 New->takeName(Call); 902 } 903 904 // Finally, remove the old call from the program, reducing the use-count of 905 // F. 906 Call->eraseFromParent(); 907 } 908 909 // Since we have now created the new function, splice the body of the old 910 // function right into the new function, leaving the old rotting hulk of the 911 // function empty. 912 NF->getBasicBlockList().splice(NF->begin(), F->getBasicBlockList()); 913 914 // Loop over the argument list, transferring uses of the old arguments over to 915 // the new arguments, also transferring over the names as well. 916 // 917 for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(), 918 I2 = NF->arg_begin(); I != E; ++I) { 919 if (!ArgsToPromote.count(&*I) && !ByValArgsToTransform.count(&*I)) { 920 // If this is an unmodified argument, move the name and users over to the 921 // new version. 922 I->replaceAllUsesWith(&*I2); 923 I2->takeName(&*I); 924 ++I2; 925 continue; 926 } 927 928 if (ByValArgsToTransform.count(&*I)) { 929 // In the callee, we create an alloca, and store each of the new incoming 930 // arguments into the alloca. 931 Instruction *InsertPt = &NF->begin()->front(); 932 933 // Just add all the struct element types. 934 Type *AgTy = cast<PointerType>(I->getType())->getElementType(); 935 Value *TheAlloca = new AllocaInst(AgTy, nullptr, "", InsertPt); 936 StructType *STy = cast<StructType>(AgTy); 937 Value *Idxs[2] = { 938 ConstantInt::get(Type::getInt32Ty(F->getContext()), 0), nullptr }; 939 940 for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i) { 941 Idxs[1] = ConstantInt::get(Type::getInt32Ty(F->getContext()), i); 942 Value *Idx = GetElementPtrInst::Create( 943 AgTy, TheAlloca, Idxs, TheAlloca->getName() + "." + Twine(i), 944 InsertPt); 945 I2->setName(I->getName()+"."+Twine(i)); 946 new StoreInst(&*I2++, Idx, InsertPt); 947 } 948 949 // Anything that used the arg should now use the alloca. 950 I->replaceAllUsesWith(TheAlloca); 951 TheAlloca->takeName(&*I); 952 953 // If the alloca is used in a call, we must clear the tail flag since 954 // the callee now uses an alloca from the caller. 955 for (User *U : TheAlloca->users()) { 956 CallInst *Call = dyn_cast<CallInst>(U); 957 if (!Call) 958 continue; 959 Call->setTailCall(false); 960 } 961 continue; 962 } 963 964 if (I->use_empty()) 965 continue; 966 967 // Otherwise, if we promoted this argument, then all users are load 968 // instructions (or GEPs with only load users), and all loads should be 969 // using the new argument that we added. 970 ScalarizeTable &ArgIndices = ScalarizedElements[&*I]; 971 972 while (!I->use_empty()) { 973 if (LoadInst *LI = dyn_cast<LoadInst>(I->user_back())) { 974 assert(ArgIndices.begin()->second.empty() && 975 "Load element should sort to front!"); 976 I2->setName(I->getName()+".val"); 977 LI->replaceAllUsesWith(&*I2); 978 LI->eraseFromParent(); 979 DEBUG(dbgs() << "*** Promoted load of argument '" << I->getName() 980 << "' in function '" << F->getName() << "'\n"); 981 } else { 982 GetElementPtrInst *GEP = cast<GetElementPtrInst>(I->user_back()); 983 IndicesVector Operands; 984 Operands.reserve(GEP->getNumIndices()); 985 for (User::op_iterator II = GEP->idx_begin(), IE = GEP->idx_end(); 986 II != IE; ++II) 987 Operands.push_back(cast<ConstantInt>(*II)->getSExtValue()); 988 989 // GEPs with a single 0 index can be merged with direct loads 990 if (Operands.size() == 1 && Operands.front() == 0) 991 Operands.clear(); 992 993 Function::arg_iterator TheArg = I2; 994 for (ScalarizeTable::iterator It = ArgIndices.begin(); 995 It->second != Operands; ++It, ++TheArg) { 996 assert(It != ArgIndices.end() && "GEP not handled??"); 997 } 998 999 std::string NewName = I->getName(); 1000 for (unsigned i = 0, e = Operands.size(); i != e; ++i) { 1001 NewName += "." + utostr(Operands[i]); 1002 } 1003 NewName += ".val"; 1004 TheArg->setName(NewName); 1005 1006 DEBUG(dbgs() << "*** Promoted agg argument '" << TheArg->getName() 1007 << "' of function '" << NF->getName() << "'\n"); 1008 1009 // All of the uses must be load instructions. Replace them all with 1010 // the argument specified by ArgNo. 1011 while (!GEP->use_empty()) { 1012 LoadInst *L = cast<LoadInst>(GEP->user_back()); 1013 L->replaceAllUsesWith(&*TheArg); 1014 L->eraseFromParent(); 1015 } 1016 GEP->eraseFromParent(); 1017 } 1018 } 1019 1020 // Increment I2 past all of the arguments added for this promoted pointer. 1021 std::advance(I2, ArgIndices.size()); 1022 } 1023 1024 NF_CGN->stealCalledFunctionsFrom(CG[F]); 1025 1026 // Now that the old function is dead, delete it. If there is a dangling 1027 // reference to the CallgraphNode, just leave the dead function around for 1028 // someone else to nuke. 1029 CallGraphNode *CGN = CG[F]; 1030 if (CGN->getNumReferences() == 0) 1031 delete CG.removeFunctionFromModule(CGN); 1032 else 1033 F->setLinkage(Function::ExternalLinkage); 1034 1035 return NF_CGN; 1036 } 1037 1038 bool ArgPromotion::doInitialization(CallGraph &CG) { 1039 return CallGraphSCCPass::doInitialization(CG); 1040 } 1041