1 //===- WholeProgramDevirt.cpp - Whole program virtual call optimization ---===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This pass implements whole program optimization of virtual calls in cases 11 // where we know (via !type metadata) that the list of callees is fixed. This 12 // includes the following: 13 // - Single implementation devirtualization: if a virtual call has a single 14 // possible callee, replace all calls with a direct call to that callee. 15 // - Virtual constant propagation: if the virtual function's return type is an 16 // integer <=64 bits and all possible callees are readnone, for each class and 17 // each list of constant arguments: evaluate the function, store the return 18 // value alongside the virtual table, and rewrite each virtual call as a load 19 // from the virtual table. 20 // - Uniform return value optimization: if the conditions for virtual constant 21 // propagation hold and each function returns the same constant value, replace 22 // each virtual call with that constant. 23 // - Unique return value optimization for i1 return values: if the conditions 24 // for virtual constant propagation hold and a single vtable's function 25 // returns 0, or a single vtable's function returns 1, replace each virtual 26 // call with a comparison of the vptr against that vtable's address. 27 // 28 // This pass is intended to be used during the regular and thin LTO pipelines. 29 // During regular LTO, the pass determines the best optimization for each 30 // virtual call and applies the resolutions directly to virtual calls that are 31 // eligible for virtual call optimization (i.e. calls that use either of the 32 // llvm.assume(llvm.type.test) or llvm.type.checked.load intrinsics). During 33 // ThinLTO, the pass operates in two phases: 34 // - Export phase: this is run during the thin link over a single merged module 35 // that contains all vtables with !type metadata that participate in the link. 36 // The pass computes a resolution for each virtual call and stores it in the 37 // type identifier summary. 38 // - Import phase: this is run during the thin backends over the individual 39 // modules. The pass applies the resolutions previously computed during the 40 // import phase to each eligible virtual call. 41 // 42 //===----------------------------------------------------------------------===// 43 44 #include "llvm/Transforms/IPO/WholeProgramDevirt.h" 45 #include "llvm/ADT/ArrayRef.h" 46 #include "llvm/ADT/DenseMap.h" 47 #include "llvm/ADT/DenseMapInfo.h" 48 #include "llvm/ADT/DenseSet.h" 49 #include "llvm/ADT/MapVector.h" 50 #include "llvm/ADT/SmallVector.h" 51 #include "llvm/ADT/iterator_range.h" 52 #include "llvm/Analysis/AliasAnalysis.h" 53 #include "llvm/Analysis/BasicAliasAnalysis.h" 54 #include "llvm/Analysis/OptimizationRemarkEmitter.h" 55 #include "llvm/Analysis/TypeMetadataUtils.h" 56 #include "llvm/IR/CallSite.h" 57 #include "llvm/IR/Constants.h" 58 #include "llvm/IR/DataLayout.h" 59 #include "llvm/IR/DebugLoc.h" 60 #include "llvm/IR/DerivedTypes.h" 61 #include "llvm/IR/Function.h" 62 #include "llvm/IR/GlobalAlias.h" 63 #include "llvm/IR/GlobalVariable.h" 64 #include "llvm/IR/IRBuilder.h" 65 #include "llvm/IR/InstrTypes.h" 66 #include "llvm/IR/Instruction.h" 67 #include "llvm/IR/Instructions.h" 68 #include "llvm/IR/Intrinsics.h" 69 #include "llvm/IR/LLVMContext.h" 70 #include "llvm/IR/Metadata.h" 71 #include "llvm/IR/Module.h" 72 #include "llvm/IR/ModuleSummaryIndexYAML.h" 73 #include "llvm/Pass.h" 74 #include "llvm/PassRegistry.h" 75 #include "llvm/PassSupport.h" 76 #include "llvm/Support/Casting.h" 77 #include "llvm/Support/Error.h" 78 #include "llvm/Support/FileSystem.h" 79 #include "llvm/Support/MathExtras.h" 80 #include "llvm/Transforms/IPO.h" 81 #include "llvm/Transforms/IPO/FunctionAttrs.h" 82 #include "llvm/Transforms/Utils/Evaluator.h" 83 #include <algorithm> 84 #include <cstddef> 85 #include <map> 86 #include <set> 87 #include <string> 88 89 using namespace llvm; 90 using namespace wholeprogramdevirt; 91 92 #define DEBUG_TYPE "wholeprogramdevirt" 93 94 static cl::opt<PassSummaryAction> ClSummaryAction( 95 "wholeprogramdevirt-summary-action", 96 cl::desc("What to do with the summary when running this pass"), 97 cl::values(clEnumValN(PassSummaryAction::None, "none", "Do nothing"), 98 clEnumValN(PassSummaryAction::Import, "import", 99 "Import typeid resolutions from summary and globals"), 100 clEnumValN(PassSummaryAction::Export, "export", 101 "Export typeid resolutions to summary and globals")), 102 cl::Hidden); 103 104 static cl::opt<std::string> ClReadSummary( 105 "wholeprogramdevirt-read-summary", 106 cl::desc("Read summary from given YAML file before running pass"), 107 cl::Hidden); 108 109 static cl::opt<std::string> ClWriteSummary( 110 "wholeprogramdevirt-write-summary", 111 cl::desc("Write summary to given YAML file after running pass"), 112 cl::Hidden); 113 114 static cl::opt<unsigned> 115 ClThreshold("wholeprogramdevirt-branch-funnel-threshold", cl::Hidden, 116 cl::init(10), cl::ZeroOrMore, 117 cl::desc("Maximum number of call targets per " 118 "call site to enable branch funnels")); 119 120 // Find the minimum offset that we may store a value of size Size bits at. If 121 // IsAfter is set, look for an offset before the object, otherwise look for an 122 // offset after the object. 123 uint64_t 124 wholeprogramdevirt::findLowestOffset(ArrayRef<VirtualCallTarget> Targets, 125 bool IsAfter, uint64_t Size) { 126 // Find a minimum offset taking into account only vtable sizes. 127 uint64_t MinByte = 0; 128 for (const VirtualCallTarget &Target : Targets) { 129 if (IsAfter) 130 MinByte = std::max(MinByte, Target.minAfterBytes()); 131 else 132 MinByte = std::max(MinByte, Target.minBeforeBytes()); 133 } 134 135 // Build a vector of arrays of bytes covering, for each target, a slice of the 136 // used region (see AccumBitVector::BytesUsed in 137 // llvm/Transforms/IPO/WholeProgramDevirt.h) starting at MinByte. Effectively, 138 // this aligns the used regions to start at MinByte. 139 // 140 // In this example, A, B and C are vtables, # is a byte already allocated for 141 // a virtual function pointer, AAAA... (etc.) are the used regions for the 142 // vtables and Offset(X) is the value computed for the Offset variable below 143 // for X. 144 // 145 // Offset(A) 146 // | | 147 // |MinByte 148 // A: ################AAAAAAAA|AAAAAAAA 149 // B: ########BBBBBBBBBBBBBBBB|BBBB 150 // C: ########################|CCCCCCCCCCCCCCCC 151 // | Offset(B) | 152 // 153 // This code produces the slices of A, B and C that appear after the divider 154 // at MinByte. 155 std::vector<ArrayRef<uint8_t>> Used; 156 for (const VirtualCallTarget &Target : Targets) { 157 ArrayRef<uint8_t> VTUsed = IsAfter ? Target.TM->Bits->After.BytesUsed 158 : Target.TM->Bits->Before.BytesUsed; 159 uint64_t Offset = IsAfter ? MinByte - Target.minAfterBytes() 160 : MinByte - Target.minBeforeBytes(); 161 162 // Disregard used regions that are smaller than Offset. These are 163 // effectively all-free regions that do not need to be checked. 164 if (VTUsed.size() > Offset) 165 Used.push_back(VTUsed.slice(Offset)); 166 } 167 168 if (Size == 1) { 169 // Find a free bit in each member of Used. 170 for (unsigned I = 0;; ++I) { 171 uint8_t BitsUsed = 0; 172 for (auto &&B : Used) 173 if (I < B.size()) 174 BitsUsed |= B[I]; 175 if (BitsUsed != 0xff) 176 return (MinByte + I) * 8 + 177 countTrailingZeros(uint8_t(~BitsUsed), ZB_Undefined); 178 } 179 } else { 180 // Find a free (Size/8) byte region in each member of Used. 181 // FIXME: see if alignment helps. 182 for (unsigned I = 0;; ++I) { 183 for (auto &&B : Used) { 184 unsigned Byte = 0; 185 while ((I + Byte) < B.size() && Byte < (Size / 8)) { 186 if (B[I + Byte]) 187 goto NextI; 188 ++Byte; 189 } 190 } 191 return (MinByte + I) * 8; 192 NextI:; 193 } 194 } 195 } 196 197 void wholeprogramdevirt::setBeforeReturnValues( 198 MutableArrayRef<VirtualCallTarget> Targets, uint64_t AllocBefore, 199 unsigned BitWidth, int64_t &OffsetByte, uint64_t &OffsetBit) { 200 if (BitWidth == 1) 201 OffsetByte = -(AllocBefore / 8 + 1); 202 else 203 OffsetByte = -((AllocBefore + 7) / 8 + (BitWidth + 7) / 8); 204 OffsetBit = AllocBefore % 8; 205 206 for (VirtualCallTarget &Target : Targets) { 207 if (BitWidth == 1) 208 Target.setBeforeBit(AllocBefore); 209 else 210 Target.setBeforeBytes(AllocBefore, (BitWidth + 7) / 8); 211 } 212 } 213 214 void wholeprogramdevirt::setAfterReturnValues( 215 MutableArrayRef<VirtualCallTarget> Targets, uint64_t AllocAfter, 216 unsigned BitWidth, int64_t &OffsetByte, uint64_t &OffsetBit) { 217 if (BitWidth == 1) 218 OffsetByte = AllocAfter / 8; 219 else 220 OffsetByte = (AllocAfter + 7) / 8; 221 OffsetBit = AllocAfter % 8; 222 223 for (VirtualCallTarget &Target : Targets) { 224 if (BitWidth == 1) 225 Target.setAfterBit(AllocAfter); 226 else 227 Target.setAfterBytes(AllocAfter, (BitWidth + 7) / 8); 228 } 229 } 230 231 VirtualCallTarget::VirtualCallTarget(Function *Fn, const TypeMemberInfo *TM) 232 : Fn(Fn), TM(TM), 233 IsBigEndian(Fn->getParent()->getDataLayout().isBigEndian()), WasDevirt(false) {} 234 235 namespace { 236 237 // A slot in a set of virtual tables. The TypeID identifies the set of virtual 238 // tables, and the ByteOffset is the offset in bytes from the address point to 239 // the virtual function pointer. 240 struct VTableSlot { 241 Metadata *TypeID; 242 uint64_t ByteOffset; 243 }; 244 245 } // end anonymous namespace 246 247 namespace llvm { 248 249 template <> struct DenseMapInfo<VTableSlot> { 250 static VTableSlot getEmptyKey() { 251 return {DenseMapInfo<Metadata *>::getEmptyKey(), 252 DenseMapInfo<uint64_t>::getEmptyKey()}; 253 } 254 static VTableSlot getTombstoneKey() { 255 return {DenseMapInfo<Metadata *>::getTombstoneKey(), 256 DenseMapInfo<uint64_t>::getTombstoneKey()}; 257 } 258 static unsigned getHashValue(const VTableSlot &I) { 259 return DenseMapInfo<Metadata *>::getHashValue(I.TypeID) ^ 260 DenseMapInfo<uint64_t>::getHashValue(I.ByteOffset); 261 } 262 static bool isEqual(const VTableSlot &LHS, 263 const VTableSlot &RHS) { 264 return LHS.TypeID == RHS.TypeID && LHS.ByteOffset == RHS.ByteOffset; 265 } 266 }; 267 268 } // end namespace llvm 269 270 namespace { 271 272 // A virtual call site. VTable is the loaded virtual table pointer, and CS is 273 // the indirect virtual call. 274 struct VirtualCallSite { 275 Value *VTable; 276 CallSite CS; 277 278 // If non-null, this field points to the associated unsafe use count stored in 279 // the DevirtModule::NumUnsafeUsesForTypeTest map below. See the description 280 // of that field for details. 281 unsigned *NumUnsafeUses; 282 283 void 284 emitRemark(const StringRef OptName, const StringRef TargetName, 285 function_ref<OptimizationRemarkEmitter &(Function *)> OREGetter) { 286 Function *F = CS.getCaller(); 287 DebugLoc DLoc = CS->getDebugLoc(); 288 BasicBlock *Block = CS.getParent(); 289 290 using namespace ore; 291 OREGetter(F).emit(OptimizationRemark(DEBUG_TYPE, OptName, DLoc, Block) 292 << NV("Optimization", OptName) 293 << ": devirtualized a call to " 294 << NV("FunctionName", TargetName)); 295 } 296 297 void replaceAndErase( 298 const StringRef OptName, const StringRef TargetName, bool RemarksEnabled, 299 function_ref<OptimizationRemarkEmitter &(Function *)> OREGetter, 300 Value *New) { 301 if (RemarksEnabled) 302 emitRemark(OptName, TargetName, OREGetter); 303 CS->replaceAllUsesWith(New); 304 if (auto II = dyn_cast<InvokeInst>(CS.getInstruction())) { 305 BranchInst::Create(II->getNormalDest(), CS.getInstruction()); 306 II->getUnwindDest()->removePredecessor(II->getParent()); 307 } 308 CS->eraseFromParent(); 309 // This use is no longer unsafe. 310 if (NumUnsafeUses) 311 --*NumUnsafeUses; 312 } 313 }; 314 315 // Call site information collected for a specific VTableSlot and possibly a list 316 // of constant integer arguments. The grouping by arguments is handled by the 317 // VTableSlotInfo class. 318 struct CallSiteInfo { 319 /// The set of call sites for this slot. Used during regular LTO and the 320 /// import phase of ThinLTO (as well as the export phase of ThinLTO for any 321 /// call sites that appear in the merged module itself); in each of these 322 /// cases we are directly operating on the call sites at the IR level. 323 std::vector<VirtualCallSite> CallSites; 324 325 /// Whether all call sites represented by this CallSiteInfo, including those 326 /// in summaries, have been devirtualized. This starts off as true because a 327 /// default constructed CallSiteInfo represents no call sites. 328 bool AllCallSitesDevirted = true; 329 330 // These fields are used during the export phase of ThinLTO and reflect 331 // information collected from function summaries. 332 333 /// Whether any function summary contains an llvm.assume(llvm.type.test) for 334 /// this slot. 335 bool SummaryHasTypeTestAssumeUsers = false; 336 337 /// CFI-specific: a vector containing the list of function summaries that use 338 /// the llvm.type.checked.load intrinsic and therefore will require 339 /// resolutions for llvm.type.test in order to implement CFI checks if 340 /// devirtualization was unsuccessful. If devirtualization was successful, the 341 /// pass will clear this vector by calling markDevirt(). If at the end of the 342 /// pass the vector is non-empty, we will need to add a use of llvm.type.test 343 /// to each of the function summaries in the vector. 344 std::vector<FunctionSummary *> SummaryTypeCheckedLoadUsers; 345 346 bool isExported() const { 347 return SummaryHasTypeTestAssumeUsers || 348 !SummaryTypeCheckedLoadUsers.empty(); 349 } 350 351 void markSummaryHasTypeTestAssumeUsers() { 352 SummaryHasTypeTestAssumeUsers = true; 353 AllCallSitesDevirted = false; 354 } 355 356 void addSummaryTypeCheckedLoadUser(FunctionSummary *FS) { 357 SummaryTypeCheckedLoadUsers.push_back(FS); 358 AllCallSitesDevirted = false; 359 } 360 361 void markDevirt() { 362 AllCallSitesDevirted = true; 363 364 // As explained in the comment for SummaryTypeCheckedLoadUsers. 365 SummaryTypeCheckedLoadUsers.clear(); 366 } 367 }; 368 369 // Call site information collected for a specific VTableSlot. 370 struct VTableSlotInfo { 371 // The set of call sites which do not have all constant integer arguments 372 // (excluding "this"). 373 CallSiteInfo CSInfo; 374 375 // The set of call sites with all constant integer arguments (excluding 376 // "this"), grouped by argument list. 377 std::map<std::vector<uint64_t>, CallSiteInfo> ConstCSInfo; 378 379 void addCallSite(Value *VTable, CallSite CS, unsigned *NumUnsafeUses); 380 381 private: 382 CallSiteInfo &findCallSiteInfo(CallSite CS); 383 }; 384 385 CallSiteInfo &VTableSlotInfo::findCallSiteInfo(CallSite CS) { 386 std::vector<uint64_t> Args; 387 auto *CI = dyn_cast<IntegerType>(CS.getType()); 388 if (!CI || CI->getBitWidth() > 64 || CS.arg_empty()) 389 return CSInfo; 390 for (auto &&Arg : make_range(CS.arg_begin() + 1, CS.arg_end())) { 391 auto *CI = dyn_cast<ConstantInt>(Arg); 392 if (!CI || CI->getBitWidth() > 64) 393 return CSInfo; 394 Args.push_back(CI->getZExtValue()); 395 } 396 return ConstCSInfo[Args]; 397 } 398 399 void VTableSlotInfo::addCallSite(Value *VTable, CallSite CS, 400 unsigned *NumUnsafeUses) { 401 auto &CSI = findCallSiteInfo(CS); 402 CSI.AllCallSitesDevirted = false; 403 CSI.CallSites.push_back({VTable, CS, NumUnsafeUses}); 404 } 405 406 struct DevirtModule { 407 Module &M; 408 function_ref<AAResults &(Function &)> AARGetter; 409 410 ModuleSummaryIndex *ExportSummary; 411 const ModuleSummaryIndex *ImportSummary; 412 413 IntegerType *Int8Ty; 414 PointerType *Int8PtrTy; 415 IntegerType *Int32Ty; 416 IntegerType *Int64Ty; 417 IntegerType *IntPtrTy; 418 419 bool RemarksEnabled; 420 function_ref<OptimizationRemarkEmitter &(Function *)> OREGetter; 421 422 MapVector<VTableSlot, VTableSlotInfo> CallSlots; 423 424 // This map keeps track of the number of "unsafe" uses of a loaded function 425 // pointer. The key is the associated llvm.type.test intrinsic call generated 426 // by this pass. An unsafe use is one that calls the loaded function pointer 427 // directly. Every time we eliminate an unsafe use (for example, by 428 // devirtualizing it or by applying virtual constant propagation), we 429 // decrement the value stored in this map. If a value reaches zero, we can 430 // eliminate the type check by RAUWing the associated llvm.type.test call with 431 // true. 432 std::map<CallInst *, unsigned> NumUnsafeUsesForTypeTest; 433 434 DevirtModule(Module &M, function_ref<AAResults &(Function &)> AARGetter, 435 function_ref<OptimizationRemarkEmitter &(Function *)> OREGetter, 436 ModuleSummaryIndex *ExportSummary, 437 const ModuleSummaryIndex *ImportSummary) 438 : M(M), AARGetter(AARGetter), ExportSummary(ExportSummary), 439 ImportSummary(ImportSummary), Int8Ty(Type::getInt8Ty(M.getContext())), 440 Int8PtrTy(Type::getInt8PtrTy(M.getContext())), 441 Int32Ty(Type::getInt32Ty(M.getContext())), 442 Int64Ty(Type::getInt64Ty(M.getContext())), 443 IntPtrTy(M.getDataLayout().getIntPtrType(M.getContext(), 0)), 444 RemarksEnabled(areRemarksEnabled()), OREGetter(OREGetter) { 445 assert(!(ExportSummary && ImportSummary)); 446 } 447 448 bool areRemarksEnabled(); 449 450 void scanTypeTestUsers(Function *TypeTestFunc, Function *AssumeFunc); 451 void scanTypeCheckedLoadUsers(Function *TypeCheckedLoadFunc); 452 453 void buildTypeIdentifierMap( 454 std::vector<VTableBits> &Bits, 455 DenseMap<Metadata *, std::set<TypeMemberInfo>> &TypeIdMap); 456 Constant *getPointerAtOffset(Constant *I, uint64_t Offset); 457 bool 458 tryFindVirtualCallTargets(std::vector<VirtualCallTarget> &TargetsForSlot, 459 const std::set<TypeMemberInfo> &TypeMemberInfos, 460 uint64_t ByteOffset); 461 462 void applySingleImplDevirt(VTableSlotInfo &SlotInfo, Constant *TheFn, 463 bool &IsExported); 464 bool trySingleImplDevirt(MutableArrayRef<VirtualCallTarget> TargetsForSlot, 465 VTableSlotInfo &SlotInfo, 466 WholeProgramDevirtResolution *Res); 467 468 void applyICallBranchFunnel(VTableSlotInfo &SlotInfo, Constant *JT, 469 bool &IsExported); 470 void tryICallBranchFunnel(MutableArrayRef<VirtualCallTarget> TargetsForSlot, 471 VTableSlotInfo &SlotInfo, 472 WholeProgramDevirtResolution *Res, VTableSlot Slot); 473 474 bool tryEvaluateFunctionsWithArgs( 475 MutableArrayRef<VirtualCallTarget> TargetsForSlot, 476 ArrayRef<uint64_t> Args); 477 478 void applyUniformRetValOpt(CallSiteInfo &CSInfo, StringRef FnName, 479 uint64_t TheRetVal); 480 bool tryUniformRetValOpt(MutableArrayRef<VirtualCallTarget> TargetsForSlot, 481 CallSiteInfo &CSInfo, 482 WholeProgramDevirtResolution::ByArg *Res); 483 484 // Returns the global symbol name that is used to export information about the 485 // given vtable slot and list of arguments. 486 std::string getGlobalName(VTableSlot Slot, ArrayRef<uint64_t> Args, 487 StringRef Name); 488 489 bool shouldExportConstantsAsAbsoluteSymbols(); 490 491 // This function is called during the export phase to create a symbol 492 // definition containing information about the given vtable slot and list of 493 // arguments. 494 void exportGlobal(VTableSlot Slot, ArrayRef<uint64_t> Args, StringRef Name, 495 Constant *C); 496 void exportConstant(VTableSlot Slot, ArrayRef<uint64_t> Args, StringRef Name, 497 uint32_t Const, uint32_t &Storage); 498 499 // This function is called during the import phase to create a reference to 500 // the symbol definition created during the export phase. 501 Constant *importGlobal(VTableSlot Slot, ArrayRef<uint64_t> Args, 502 StringRef Name); 503 Constant *importConstant(VTableSlot Slot, ArrayRef<uint64_t> Args, 504 StringRef Name, IntegerType *IntTy, 505 uint32_t Storage); 506 507 Constant *getMemberAddr(const TypeMemberInfo *M); 508 509 void applyUniqueRetValOpt(CallSiteInfo &CSInfo, StringRef FnName, bool IsOne, 510 Constant *UniqueMemberAddr); 511 bool tryUniqueRetValOpt(unsigned BitWidth, 512 MutableArrayRef<VirtualCallTarget> TargetsForSlot, 513 CallSiteInfo &CSInfo, 514 WholeProgramDevirtResolution::ByArg *Res, 515 VTableSlot Slot, ArrayRef<uint64_t> Args); 516 517 void applyVirtualConstProp(CallSiteInfo &CSInfo, StringRef FnName, 518 Constant *Byte, Constant *Bit); 519 bool tryVirtualConstProp(MutableArrayRef<VirtualCallTarget> TargetsForSlot, 520 VTableSlotInfo &SlotInfo, 521 WholeProgramDevirtResolution *Res, VTableSlot Slot); 522 523 void rebuildGlobal(VTableBits &B); 524 525 // Apply the summary resolution for Slot to all virtual calls in SlotInfo. 526 void importResolution(VTableSlot Slot, VTableSlotInfo &SlotInfo); 527 528 // If we were able to eliminate all unsafe uses for a type checked load, 529 // eliminate the associated type tests by replacing them with true. 530 void removeRedundantTypeTests(); 531 532 bool run(); 533 534 // Lower the module using the action and summary passed as command line 535 // arguments. For testing purposes only. 536 static bool runForTesting( 537 Module &M, function_ref<AAResults &(Function &)> AARGetter, 538 function_ref<OptimizationRemarkEmitter &(Function *)> OREGetter); 539 }; 540 541 struct WholeProgramDevirt : public ModulePass { 542 static char ID; 543 544 bool UseCommandLine = false; 545 546 ModuleSummaryIndex *ExportSummary; 547 const ModuleSummaryIndex *ImportSummary; 548 549 WholeProgramDevirt() : ModulePass(ID), UseCommandLine(true) { 550 initializeWholeProgramDevirtPass(*PassRegistry::getPassRegistry()); 551 } 552 553 WholeProgramDevirt(ModuleSummaryIndex *ExportSummary, 554 const ModuleSummaryIndex *ImportSummary) 555 : ModulePass(ID), ExportSummary(ExportSummary), 556 ImportSummary(ImportSummary) { 557 initializeWholeProgramDevirtPass(*PassRegistry::getPassRegistry()); 558 } 559 560 bool runOnModule(Module &M) override { 561 if (skipModule(M)) 562 return false; 563 564 // In the new pass manager, we can request the optimization 565 // remark emitter pass on a per-function-basis, which the 566 // OREGetter will do for us. 567 // In the old pass manager, this is harder, so we just build 568 // an optimization remark emitter on the fly, when we need it. 569 std::unique_ptr<OptimizationRemarkEmitter> ORE; 570 auto OREGetter = [&](Function *F) -> OptimizationRemarkEmitter & { 571 ORE = make_unique<OptimizationRemarkEmitter>(F); 572 return *ORE; 573 }; 574 575 if (UseCommandLine) 576 return DevirtModule::runForTesting(M, LegacyAARGetter(*this), OREGetter); 577 578 return DevirtModule(M, LegacyAARGetter(*this), OREGetter, ExportSummary, 579 ImportSummary) 580 .run(); 581 } 582 583 void getAnalysisUsage(AnalysisUsage &AU) const override { 584 AU.addRequired<AssumptionCacheTracker>(); 585 AU.addRequired<TargetLibraryInfoWrapperPass>(); 586 } 587 }; 588 589 } // end anonymous namespace 590 591 INITIALIZE_PASS_BEGIN(WholeProgramDevirt, "wholeprogramdevirt", 592 "Whole program devirtualization", false, false) 593 INITIALIZE_PASS_DEPENDENCY(AssumptionCacheTracker) 594 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass) 595 INITIALIZE_PASS_END(WholeProgramDevirt, "wholeprogramdevirt", 596 "Whole program devirtualization", false, false) 597 char WholeProgramDevirt::ID = 0; 598 599 ModulePass * 600 llvm::createWholeProgramDevirtPass(ModuleSummaryIndex *ExportSummary, 601 const ModuleSummaryIndex *ImportSummary) { 602 return new WholeProgramDevirt(ExportSummary, ImportSummary); 603 } 604 605 PreservedAnalyses WholeProgramDevirtPass::run(Module &M, 606 ModuleAnalysisManager &AM) { 607 auto &FAM = AM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager(); 608 auto AARGetter = [&](Function &F) -> AAResults & { 609 return FAM.getResult<AAManager>(F); 610 }; 611 auto OREGetter = [&](Function *F) -> OptimizationRemarkEmitter & { 612 return FAM.getResult<OptimizationRemarkEmitterAnalysis>(*F); 613 }; 614 if (!DevirtModule(M, AARGetter, OREGetter, ExportSummary, ImportSummary) 615 .run()) 616 return PreservedAnalyses::all(); 617 return PreservedAnalyses::none(); 618 } 619 620 bool DevirtModule::runForTesting( 621 Module &M, function_ref<AAResults &(Function &)> AARGetter, 622 function_ref<OptimizationRemarkEmitter &(Function *)> OREGetter) { 623 ModuleSummaryIndex Summary(/*HaveGVs=*/false); 624 625 // Handle the command-line summary arguments. This code is for testing 626 // purposes only, so we handle errors directly. 627 if (!ClReadSummary.empty()) { 628 ExitOnError ExitOnErr("-wholeprogramdevirt-read-summary: " + ClReadSummary + 629 ": "); 630 auto ReadSummaryFile = 631 ExitOnErr(errorOrToExpected(MemoryBuffer::getFile(ClReadSummary))); 632 633 yaml::Input In(ReadSummaryFile->getBuffer()); 634 In >> Summary; 635 ExitOnErr(errorCodeToError(In.error())); 636 } 637 638 bool Changed = 639 DevirtModule( 640 M, AARGetter, OREGetter, 641 ClSummaryAction == PassSummaryAction::Export ? &Summary : nullptr, 642 ClSummaryAction == PassSummaryAction::Import ? &Summary : nullptr) 643 .run(); 644 645 if (!ClWriteSummary.empty()) { 646 ExitOnError ExitOnErr( 647 "-wholeprogramdevirt-write-summary: " + ClWriteSummary + ": "); 648 std::error_code EC; 649 raw_fd_ostream OS(ClWriteSummary, EC, sys::fs::F_Text); 650 ExitOnErr(errorCodeToError(EC)); 651 652 yaml::Output Out(OS); 653 Out << Summary; 654 } 655 656 return Changed; 657 } 658 659 void DevirtModule::buildTypeIdentifierMap( 660 std::vector<VTableBits> &Bits, 661 DenseMap<Metadata *, std::set<TypeMemberInfo>> &TypeIdMap) { 662 DenseMap<GlobalVariable *, VTableBits *> GVToBits; 663 Bits.reserve(M.getGlobalList().size()); 664 SmallVector<MDNode *, 2> Types; 665 for (GlobalVariable &GV : M.globals()) { 666 Types.clear(); 667 GV.getMetadata(LLVMContext::MD_type, Types); 668 if (GV.isDeclaration() || Types.empty()) 669 continue; 670 671 VTableBits *&BitsPtr = GVToBits[&GV]; 672 if (!BitsPtr) { 673 Bits.emplace_back(); 674 Bits.back().GV = &GV; 675 Bits.back().ObjectSize = 676 M.getDataLayout().getTypeAllocSize(GV.getInitializer()->getType()); 677 BitsPtr = &Bits.back(); 678 } 679 680 for (MDNode *Type : Types) { 681 auto TypeID = Type->getOperand(1).get(); 682 683 uint64_t Offset = 684 cast<ConstantInt>( 685 cast<ConstantAsMetadata>(Type->getOperand(0))->getValue()) 686 ->getZExtValue(); 687 688 TypeIdMap[TypeID].insert({BitsPtr, Offset}); 689 } 690 } 691 } 692 693 Constant *DevirtModule::getPointerAtOffset(Constant *I, uint64_t Offset) { 694 if (I->getType()->isPointerTy()) { 695 if (Offset == 0) 696 return I; 697 return nullptr; 698 } 699 700 const DataLayout &DL = M.getDataLayout(); 701 702 if (auto *C = dyn_cast<ConstantStruct>(I)) { 703 const StructLayout *SL = DL.getStructLayout(C->getType()); 704 if (Offset >= SL->getSizeInBytes()) 705 return nullptr; 706 707 unsigned Op = SL->getElementContainingOffset(Offset); 708 return getPointerAtOffset(cast<Constant>(I->getOperand(Op)), 709 Offset - SL->getElementOffset(Op)); 710 } 711 if (auto *C = dyn_cast<ConstantArray>(I)) { 712 ArrayType *VTableTy = C->getType(); 713 uint64_t ElemSize = DL.getTypeAllocSize(VTableTy->getElementType()); 714 715 unsigned Op = Offset / ElemSize; 716 if (Op >= C->getNumOperands()) 717 return nullptr; 718 719 return getPointerAtOffset(cast<Constant>(I->getOperand(Op)), 720 Offset % ElemSize); 721 } 722 return nullptr; 723 } 724 725 bool DevirtModule::tryFindVirtualCallTargets( 726 std::vector<VirtualCallTarget> &TargetsForSlot, 727 const std::set<TypeMemberInfo> &TypeMemberInfos, uint64_t ByteOffset) { 728 for (const TypeMemberInfo &TM : TypeMemberInfos) { 729 if (!TM.Bits->GV->isConstant()) 730 return false; 731 732 Constant *Ptr = getPointerAtOffset(TM.Bits->GV->getInitializer(), 733 TM.Offset + ByteOffset); 734 if (!Ptr) 735 return false; 736 737 auto Fn = dyn_cast<Function>(Ptr->stripPointerCasts()); 738 if (!Fn) 739 return false; 740 741 // We can disregard __cxa_pure_virtual as a possible call target, as 742 // calls to pure virtuals are UB. 743 if (Fn->getName() == "__cxa_pure_virtual") 744 continue; 745 746 TargetsForSlot.push_back({Fn, &TM}); 747 } 748 749 // Give up if we couldn't find any targets. 750 return !TargetsForSlot.empty(); 751 } 752 753 void DevirtModule::applySingleImplDevirt(VTableSlotInfo &SlotInfo, 754 Constant *TheFn, bool &IsExported) { 755 auto Apply = [&](CallSiteInfo &CSInfo) { 756 for (auto &&VCallSite : CSInfo.CallSites) { 757 if (RemarksEnabled) 758 VCallSite.emitRemark("single-impl", 759 TheFn->stripPointerCasts()->getName(), OREGetter); 760 VCallSite.CS.setCalledFunction(ConstantExpr::getBitCast( 761 TheFn, VCallSite.CS.getCalledValue()->getType())); 762 // This use is no longer unsafe. 763 if (VCallSite.NumUnsafeUses) 764 --*VCallSite.NumUnsafeUses; 765 } 766 if (CSInfo.isExported()) 767 IsExported = true; 768 CSInfo.markDevirt(); 769 }; 770 Apply(SlotInfo.CSInfo); 771 for (auto &P : SlotInfo.ConstCSInfo) 772 Apply(P.second); 773 } 774 775 bool DevirtModule::trySingleImplDevirt( 776 MutableArrayRef<VirtualCallTarget> TargetsForSlot, 777 VTableSlotInfo &SlotInfo, WholeProgramDevirtResolution *Res) { 778 // See if the program contains a single implementation of this virtual 779 // function. 780 Function *TheFn = TargetsForSlot[0].Fn; 781 for (auto &&Target : TargetsForSlot) 782 if (TheFn != Target.Fn) 783 return false; 784 785 // If so, update each call site to call that implementation directly. 786 if (RemarksEnabled) 787 TargetsForSlot[0].WasDevirt = true; 788 789 bool IsExported = false; 790 applySingleImplDevirt(SlotInfo, TheFn, IsExported); 791 if (!IsExported) 792 return false; 793 794 // If the only implementation has local linkage, we must promote to external 795 // to make it visible to thin LTO objects. We can only get here during the 796 // ThinLTO export phase. 797 if (TheFn->hasLocalLinkage()) { 798 std::string NewName = (TheFn->getName() + "$merged").str(); 799 800 // Since we are renaming the function, any comdats with the same name must 801 // also be renamed. This is required when targeting COFF, as the comdat name 802 // must match one of the names of the symbols in the comdat. 803 if (Comdat *C = TheFn->getComdat()) { 804 if (C->getName() == TheFn->getName()) { 805 Comdat *NewC = M.getOrInsertComdat(NewName); 806 NewC->setSelectionKind(C->getSelectionKind()); 807 for (GlobalObject &GO : M.global_objects()) 808 if (GO.getComdat() == C) 809 GO.setComdat(NewC); 810 } 811 } 812 813 TheFn->setLinkage(GlobalValue::ExternalLinkage); 814 TheFn->setVisibility(GlobalValue::HiddenVisibility); 815 TheFn->setName(NewName); 816 } 817 818 Res->TheKind = WholeProgramDevirtResolution::SingleImpl; 819 Res->SingleImplName = TheFn->getName(); 820 821 return true; 822 } 823 824 void DevirtModule::tryICallBranchFunnel( 825 MutableArrayRef<VirtualCallTarget> TargetsForSlot, VTableSlotInfo &SlotInfo, 826 WholeProgramDevirtResolution *Res, VTableSlot Slot) { 827 Triple T(M.getTargetTriple()); 828 if (T.getArch() != Triple::x86_64) 829 return; 830 831 if (TargetsForSlot.size() > ClThreshold) 832 return; 833 834 bool HasNonDevirt = !SlotInfo.CSInfo.AllCallSitesDevirted; 835 if (!HasNonDevirt) 836 for (auto &P : SlotInfo.ConstCSInfo) 837 if (!P.second.AllCallSitesDevirted) { 838 HasNonDevirt = true; 839 break; 840 } 841 842 if (!HasNonDevirt) 843 return; 844 845 FunctionType *FT = 846 FunctionType::get(Type::getVoidTy(M.getContext()), {Int8PtrTy}, true); 847 Function *JT; 848 if (isa<MDString>(Slot.TypeID)) { 849 JT = Function::Create(FT, Function::ExternalLinkage, 850 getGlobalName(Slot, {}, "branch_funnel"), &M); 851 JT->setVisibility(GlobalValue::HiddenVisibility); 852 } else { 853 JT = Function::Create(FT, Function::InternalLinkage, "branch_funnel", &M); 854 } 855 JT->addAttribute(1, Attribute::Nest); 856 857 std::vector<Value *> JTArgs; 858 JTArgs.push_back(JT->arg_begin()); 859 for (auto &T : TargetsForSlot) { 860 JTArgs.push_back(getMemberAddr(T.TM)); 861 JTArgs.push_back(T.Fn); 862 } 863 864 BasicBlock *BB = BasicBlock::Create(M.getContext(), "", JT, nullptr); 865 Constant *Intr = 866 Intrinsic::getDeclaration(&M, llvm::Intrinsic::icall_branch_funnel, {}); 867 868 auto *CI = CallInst::Create(Intr, JTArgs, "", BB); 869 CI->setTailCallKind(CallInst::TCK_MustTail); 870 ReturnInst::Create(M.getContext(), nullptr, BB); 871 872 bool IsExported = false; 873 applyICallBranchFunnel(SlotInfo, JT, IsExported); 874 if (IsExported) 875 Res->TheKind = WholeProgramDevirtResolution::BranchFunnel; 876 } 877 878 void DevirtModule::applyICallBranchFunnel(VTableSlotInfo &SlotInfo, 879 Constant *JT, bool &IsExported) { 880 auto Apply = [&](CallSiteInfo &CSInfo) { 881 if (CSInfo.isExported()) 882 IsExported = true; 883 if (CSInfo.AllCallSitesDevirted) 884 return; 885 for (auto &&VCallSite : CSInfo.CallSites) { 886 CallSite CS = VCallSite.CS; 887 888 // Jump tables are only profitable if the retpoline mitigation is enabled. 889 Attribute FSAttr = CS.getCaller()->getFnAttribute("target-features"); 890 if (FSAttr.hasAttribute(Attribute::None) || 891 !FSAttr.getValueAsString().contains("+retpoline")) 892 continue; 893 894 if (RemarksEnabled) 895 VCallSite.emitRemark("branch-funnel", 896 JT->stripPointerCasts()->getName(), OREGetter); 897 898 // Pass the address of the vtable in the nest register, which is r10 on 899 // x86_64. 900 std::vector<Type *> NewArgs; 901 NewArgs.push_back(Int8PtrTy); 902 for (Type *T : CS.getFunctionType()->params()) 903 NewArgs.push_back(T); 904 PointerType *NewFT = PointerType::getUnqual( 905 FunctionType::get(CS.getFunctionType()->getReturnType(), NewArgs, 906 CS.getFunctionType()->isVarArg())); 907 908 IRBuilder<> IRB(CS.getInstruction()); 909 std::vector<Value *> Args; 910 Args.push_back(IRB.CreateBitCast(VCallSite.VTable, Int8PtrTy)); 911 for (unsigned I = 0; I != CS.getNumArgOperands(); ++I) 912 Args.push_back(CS.getArgOperand(I)); 913 914 CallSite NewCS; 915 if (CS.isCall()) 916 NewCS = IRB.CreateCall(IRB.CreateBitCast(JT, NewFT), Args); 917 else 918 NewCS = IRB.CreateInvoke( 919 IRB.CreateBitCast(JT, NewFT), 920 cast<InvokeInst>(CS.getInstruction())->getNormalDest(), 921 cast<InvokeInst>(CS.getInstruction())->getUnwindDest(), Args); 922 NewCS.setCallingConv(CS.getCallingConv()); 923 924 AttributeList Attrs = CS.getAttributes(); 925 std::vector<AttributeSet> NewArgAttrs; 926 NewArgAttrs.push_back(AttributeSet::get( 927 M.getContext(), ArrayRef<Attribute>{Attribute::get( 928 M.getContext(), Attribute::Nest)})); 929 for (unsigned I = 0; I + 2 < Attrs.getNumAttrSets(); ++I) 930 NewArgAttrs.push_back(Attrs.getParamAttributes(I)); 931 NewCS.setAttributes( 932 AttributeList::get(M.getContext(), Attrs.getFnAttributes(), 933 Attrs.getRetAttributes(), NewArgAttrs)); 934 935 CS->replaceAllUsesWith(NewCS.getInstruction()); 936 CS->eraseFromParent(); 937 938 // This use is no longer unsafe. 939 if (VCallSite.NumUnsafeUses) 940 --*VCallSite.NumUnsafeUses; 941 } 942 // Don't mark as devirtualized because there may be callers compiled without 943 // retpoline mitigation, which would mean that they are lowered to 944 // llvm.type.test and therefore require an llvm.type.test resolution for the 945 // type identifier. 946 }; 947 Apply(SlotInfo.CSInfo); 948 for (auto &P : SlotInfo.ConstCSInfo) 949 Apply(P.second); 950 } 951 952 bool DevirtModule::tryEvaluateFunctionsWithArgs( 953 MutableArrayRef<VirtualCallTarget> TargetsForSlot, 954 ArrayRef<uint64_t> Args) { 955 // Evaluate each function and store the result in each target's RetVal 956 // field. 957 for (VirtualCallTarget &Target : TargetsForSlot) { 958 if (Target.Fn->arg_size() != Args.size() + 1) 959 return false; 960 961 Evaluator Eval(M.getDataLayout(), nullptr); 962 SmallVector<Constant *, 2> EvalArgs; 963 EvalArgs.push_back( 964 Constant::getNullValue(Target.Fn->getFunctionType()->getParamType(0))); 965 for (unsigned I = 0; I != Args.size(); ++I) { 966 auto *ArgTy = dyn_cast<IntegerType>( 967 Target.Fn->getFunctionType()->getParamType(I + 1)); 968 if (!ArgTy) 969 return false; 970 EvalArgs.push_back(ConstantInt::get(ArgTy, Args[I])); 971 } 972 973 Constant *RetVal; 974 if (!Eval.EvaluateFunction(Target.Fn, RetVal, EvalArgs) || 975 !isa<ConstantInt>(RetVal)) 976 return false; 977 Target.RetVal = cast<ConstantInt>(RetVal)->getZExtValue(); 978 } 979 return true; 980 } 981 982 void DevirtModule::applyUniformRetValOpt(CallSiteInfo &CSInfo, StringRef FnName, 983 uint64_t TheRetVal) { 984 for (auto Call : CSInfo.CallSites) 985 Call.replaceAndErase( 986 "uniform-ret-val", FnName, RemarksEnabled, OREGetter, 987 ConstantInt::get(cast<IntegerType>(Call.CS.getType()), TheRetVal)); 988 CSInfo.markDevirt(); 989 } 990 991 bool DevirtModule::tryUniformRetValOpt( 992 MutableArrayRef<VirtualCallTarget> TargetsForSlot, CallSiteInfo &CSInfo, 993 WholeProgramDevirtResolution::ByArg *Res) { 994 // Uniform return value optimization. If all functions return the same 995 // constant, replace all calls with that constant. 996 uint64_t TheRetVal = TargetsForSlot[0].RetVal; 997 for (const VirtualCallTarget &Target : TargetsForSlot) 998 if (Target.RetVal != TheRetVal) 999 return false; 1000 1001 if (CSInfo.isExported()) { 1002 Res->TheKind = WholeProgramDevirtResolution::ByArg::UniformRetVal; 1003 Res->Info = TheRetVal; 1004 } 1005 1006 applyUniformRetValOpt(CSInfo, TargetsForSlot[0].Fn->getName(), TheRetVal); 1007 if (RemarksEnabled) 1008 for (auto &&Target : TargetsForSlot) 1009 Target.WasDevirt = true; 1010 return true; 1011 } 1012 1013 std::string DevirtModule::getGlobalName(VTableSlot Slot, 1014 ArrayRef<uint64_t> Args, 1015 StringRef Name) { 1016 std::string FullName = "__typeid_"; 1017 raw_string_ostream OS(FullName); 1018 OS << cast<MDString>(Slot.TypeID)->getString() << '_' << Slot.ByteOffset; 1019 for (uint64_t Arg : Args) 1020 OS << '_' << Arg; 1021 OS << '_' << Name; 1022 return OS.str(); 1023 } 1024 1025 bool DevirtModule::shouldExportConstantsAsAbsoluteSymbols() { 1026 Triple T(M.getTargetTriple()); 1027 return (T.getArch() == Triple::x86 || T.getArch() == Triple::x86_64) && 1028 T.getObjectFormat() == Triple::ELF; 1029 } 1030 1031 void DevirtModule::exportGlobal(VTableSlot Slot, ArrayRef<uint64_t> Args, 1032 StringRef Name, Constant *C) { 1033 GlobalAlias *GA = GlobalAlias::create(Int8Ty, 0, GlobalValue::ExternalLinkage, 1034 getGlobalName(Slot, Args, Name), C, &M); 1035 GA->setVisibility(GlobalValue::HiddenVisibility); 1036 } 1037 1038 void DevirtModule::exportConstant(VTableSlot Slot, ArrayRef<uint64_t> Args, 1039 StringRef Name, uint32_t Const, 1040 uint32_t &Storage) { 1041 if (shouldExportConstantsAsAbsoluteSymbols()) { 1042 exportGlobal( 1043 Slot, Args, Name, 1044 ConstantExpr::getIntToPtr(ConstantInt::get(Int32Ty, Const), Int8PtrTy)); 1045 return; 1046 } 1047 1048 Storage = Const; 1049 } 1050 1051 Constant *DevirtModule::importGlobal(VTableSlot Slot, ArrayRef<uint64_t> Args, 1052 StringRef Name) { 1053 Constant *C = M.getOrInsertGlobal(getGlobalName(Slot, Args, Name), Int8Ty); 1054 auto *GV = dyn_cast<GlobalVariable>(C); 1055 if (GV) 1056 GV->setVisibility(GlobalValue::HiddenVisibility); 1057 return C; 1058 } 1059 1060 Constant *DevirtModule::importConstant(VTableSlot Slot, ArrayRef<uint64_t> Args, 1061 StringRef Name, IntegerType *IntTy, 1062 uint32_t Storage) { 1063 if (!shouldExportConstantsAsAbsoluteSymbols()) 1064 return ConstantInt::get(IntTy, Storage); 1065 1066 Constant *C = importGlobal(Slot, Args, Name); 1067 auto *GV = cast<GlobalVariable>(C->stripPointerCasts()); 1068 C = ConstantExpr::getPtrToInt(C, IntTy); 1069 1070 // We only need to set metadata if the global is newly created, in which 1071 // case it would not have hidden visibility. 1072 if (GV->hasMetadata(LLVMContext::MD_absolute_symbol)) 1073 return C; 1074 1075 auto SetAbsRange = [&](uint64_t Min, uint64_t Max) { 1076 auto *MinC = ConstantAsMetadata::get(ConstantInt::get(IntPtrTy, Min)); 1077 auto *MaxC = ConstantAsMetadata::get(ConstantInt::get(IntPtrTy, Max)); 1078 GV->setMetadata(LLVMContext::MD_absolute_symbol, 1079 MDNode::get(M.getContext(), {MinC, MaxC})); 1080 }; 1081 unsigned AbsWidth = IntTy->getBitWidth(); 1082 if (AbsWidth == IntPtrTy->getBitWidth()) 1083 SetAbsRange(~0ull, ~0ull); // Full set. 1084 else 1085 SetAbsRange(0, 1ull << AbsWidth); 1086 return C; 1087 } 1088 1089 void DevirtModule::applyUniqueRetValOpt(CallSiteInfo &CSInfo, StringRef FnName, 1090 bool IsOne, 1091 Constant *UniqueMemberAddr) { 1092 for (auto &&Call : CSInfo.CallSites) { 1093 IRBuilder<> B(Call.CS.getInstruction()); 1094 Value *Cmp = 1095 B.CreateICmp(IsOne ? ICmpInst::ICMP_EQ : ICmpInst::ICMP_NE, 1096 B.CreateBitCast(Call.VTable, Int8PtrTy), UniqueMemberAddr); 1097 Cmp = B.CreateZExt(Cmp, Call.CS->getType()); 1098 Call.replaceAndErase("unique-ret-val", FnName, RemarksEnabled, OREGetter, 1099 Cmp); 1100 } 1101 CSInfo.markDevirt(); 1102 } 1103 1104 Constant *DevirtModule::getMemberAddr(const TypeMemberInfo *M) { 1105 Constant *C = ConstantExpr::getBitCast(M->Bits->GV, Int8PtrTy); 1106 return ConstantExpr::getGetElementPtr(Int8Ty, C, 1107 ConstantInt::get(Int64Ty, M->Offset)); 1108 } 1109 1110 bool DevirtModule::tryUniqueRetValOpt( 1111 unsigned BitWidth, MutableArrayRef<VirtualCallTarget> TargetsForSlot, 1112 CallSiteInfo &CSInfo, WholeProgramDevirtResolution::ByArg *Res, 1113 VTableSlot Slot, ArrayRef<uint64_t> Args) { 1114 // IsOne controls whether we look for a 0 or a 1. 1115 auto tryUniqueRetValOptFor = [&](bool IsOne) { 1116 const TypeMemberInfo *UniqueMember = nullptr; 1117 for (const VirtualCallTarget &Target : TargetsForSlot) { 1118 if (Target.RetVal == (IsOne ? 1 : 0)) { 1119 if (UniqueMember) 1120 return false; 1121 UniqueMember = Target.TM; 1122 } 1123 } 1124 1125 // We should have found a unique member or bailed out by now. We already 1126 // checked for a uniform return value in tryUniformRetValOpt. 1127 assert(UniqueMember); 1128 1129 Constant *UniqueMemberAddr = getMemberAddr(UniqueMember); 1130 if (CSInfo.isExported()) { 1131 Res->TheKind = WholeProgramDevirtResolution::ByArg::UniqueRetVal; 1132 Res->Info = IsOne; 1133 1134 exportGlobal(Slot, Args, "unique_member", UniqueMemberAddr); 1135 } 1136 1137 // Replace each call with the comparison. 1138 applyUniqueRetValOpt(CSInfo, TargetsForSlot[0].Fn->getName(), IsOne, 1139 UniqueMemberAddr); 1140 1141 // Update devirtualization statistics for targets. 1142 if (RemarksEnabled) 1143 for (auto &&Target : TargetsForSlot) 1144 Target.WasDevirt = true; 1145 1146 return true; 1147 }; 1148 1149 if (BitWidth == 1) { 1150 if (tryUniqueRetValOptFor(true)) 1151 return true; 1152 if (tryUniqueRetValOptFor(false)) 1153 return true; 1154 } 1155 return false; 1156 } 1157 1158 void DevirtModule::applyVirtualConstProp(CallSiteInfo &CSInfo, StringRef FnName, 1159 Constant *Byte, Constant *Bit) { 1160 for (auto Call : CSInfo.CallSites) { 1161 auto *RetType = cast<IntegerType>(Call.CS.getType()); 1162 IRBuilder<> B(Call.CS.getInstruction()); 1163 Value *Addr = 1164 B.CreateGEP(Int8Ty, B.CreateBitCast(Call.VTable, Int8PtrTy), Byte); 1165 if (RetType->getBitWidth() == 1) { 1166 Value *Bits = B.CreateLoad(Addr); 1167 Value *BitsAndBit = B.CreateAnd(Bits, Bit); 1168 auto IsBitSet = B.CreateICmpNE(BitsAndBit, ConstantInt::get(Int8Ty, 0)); 1169 Call.replaceAndErase("virtual-const-prop-1-bit", FnName, RemarksEnabled, 1170 OREGetter, IsBitSet); 1171 } else { 1172 Value *ValAddr = B.CreateBitCast(Addr, RetType->getPointerTo()); 1173 Value *Val = B.CreateLoad(RetType, ValAddr); 1174 Call.replaceAndErase("virtual-const-prop", FnName, RemarksEnabled, 1175 OREGetter, Val); 1176 } 1177 } 1178 CSInfo.markDevirt(); 1179 } 1180 1181 bool DevirtModule::tryVirtualConstProp( 1182 MutableArrayRef<VirtualCallTarget> TargetsForSlot, VTableSlotInfo &SlotInfo, 1183 WholeProgramDevirtResolution *Res, VTableSlot Slot) { 1184 // This only works if the function returns an integer. 1185 auto RetType = dyn_cast<IntegerType>(TargetsForSlot[0].Fn->getReturnType()); 1186 if (!RetType) 1187 return false; 1188 unsigned BitWidth = RetType->getBitWidth(); 1189 if (BitWidth > 64) 1190 return false; 1191 1192 // Make sure that each function is defined, does not access memory, takes at 1193 // least one argument, does not use its first argument (which we assume is 1194 // 'this'), and has the same return type. 1195 // 1196 // Note that we test whether this copy of the function is readnone, rather 1197 // than testing function attributes, which must hold for any copy of the 1198 // function, even a less optimized version substituted at link time. This is 1199 // sound because the virtual constant propagation optimizations effectively 1200 // inline all implementations of the virtual function into each call site, 1201 // rather than using function attributes to perform local optimization. 1202 for (VirtualCallTarget &Target : TargetsForSlot) { 1203 if (Target.Fn->isDeclaration() || 1204 computeFunctionBodyMemoryAccess(*Target.Fn, AARGetter(*Target.Fn)) != 1205 MAK_ReadNone || 1206 Target.Fn->arg_empty() || !Target.Fn->arg_begin()->use_empty() || 1207 Target.Fn->getReturnType() != RetType) 1208 return false; 1209 } 1210 1211 for (auto &&CSByConstantArg : SlotInfo.ConstCSInfo) { 1212 if (!tryEvaluateFunctionsWithArgs(TargetsForSlot, CSByConstantArg.first)) 1213 continue; 1214 1215 WholeProgramDevirtResolution::ByArg *ResByArg = nullptr; 1216 if (Res) 1217 ResByArg = &Res->ResByArg[CSByConstantArg.first]; 1218 1219 if (tryUniformRetValOpt(TargetsForSlot, CSByConstantArg.second, ResByArg)) 1220 continue; 1221 1222 if (tryUniqueRetValOpt(BitWidth, TargetsForSlot, CSByConstantArg.second, 1223 ResByArg, Slot, CSByConstantArg.first)) 1224 continue; 1225 1226 // Find an allocation offset in bits in all vtables associated with the 1227 // type. 1228 uint64_t AllocBefore = 1229 findLowestOffset(TargetsForSlot, /*IsAfter=*/false, BitWidth); 1230 uint64_t AllocAfter = 1231 findLowestOffset(TargetsForSlot, /*IsAfter=*/true, BitWidth); 1232 1233 // Calculate the total amount of padding needed to store a value at both 1234 // ends of the object. 1235 uint64_t TotalPaddingBefore = 0, TotalPaddingAfter = 0; 1236 for (auto &&Target : TargetsForSlot) { 1237 TotalPaddingBefore += std::max<int64_t>( 1238 (AllocBefore + 7) / 8 - Target.allocatedBeforeBytes() - 1, 0); 1239 TotalPaddingAfter += std::max<int64_t>( 1240 (AllocAfter + 7) / 8 - Target.allocatedAfterBytes() - 1, 0); 1241 } 1242 1243 // If the amount of padding is too large, give up. 1244 // FIXME: do something smarter here. 1245 if (std::min(TotalPaddingBefore, TotalPaddingAfter) > 128) 1246 continue; 1247 1248 // Calculate the offset to the value as a (possibly negative) byte offset 1249 // and (if applicable) a bit offset, and store the values in the targets. 1250 int64_t OffsetByte; 1251 uint64_t OffsetBit; 1252 if (TotalPaddingBefore <= TotalPaddingAfter) 1253 setBeforeReturnValues(TargetsForSlot, AllocBefore, BitWidth, OffsetByte, 1254 OffsetBit); 1255 else 1256 setAfterReturnValues(TargetsForSlot, AllocAfter, BitWidth, OffsetByte, 1257 OffsetBit); 1258 1259 if (RemarksEnabled) 1260 for (auto &&Target : TargetsForSlot) 1261 Target.WasDevirt = true; 1262 1263 1264 if (CSByConstantArg.second.isExported()) { 1265 ResByArg->TheKind = WholeProgramDevirtResolution::ByArg::VirtualConstProp; 1266 exportConstant(Slot, CSByConstantArg.first, "byte", OffsetByte, 1267 ResByArg->Byte); 1268 exportConstant(Slot, CSByConstantArg.first, "bit", 1ULL << OffsetBit, 1269 ResByArg->Bit); 1270 } 1271 1272 // Rewrite each call to a load from OffsetByte/OffsetBit. 1273 Constant *ByteConst = ConstantInt::get(Int32Ty, OffsetByte); 1274 Constant *BitConst = ConstantInt::get(Int8Ty, 1ULL << OffsetBit); 1275 applyVirtualConstProp(CSByConstantArg.second, 1276 TargetsForSlot[0].Fn->getName(), ByteConst, BitConst); 1277 } 1278 return true; 1279 } 1280 1281 void DevirtModule::rebuildGlobal(VTableBits &B) { 1282 if (B.Before.Bytes.empty() && B.After.Bytes.empty()) 1283 return; 1284 1285 // Align each byte array to pointer width. 1286 unsigned PointerSize = M.getDataLayout().getPointerSize(); 1287 B.Before.Bytes.resize(alignTo(B.Before.Bytes.size(), PointerSize)); 1288 B.After.Bytes.resize(alignTo(B.After.Bytes.size(), PointerSize)); 1289 1290 // Before was stored in reverse order; flip it now. 1291 for (size_t I = 0, Size = B.Before.Bytes.size(); I != Size / 2; ++I) 1292 std::swap(B.Before.Bytes[I], B.Before.Bytes[Size - 1 - I]); 1293 1294 // Build an anonymous global containing the before bytes, followed by the 1295 // original initializer, followed by the after bytes. 1296 auto NewInit = ConstantStruct::getAnon( 1297 {ConstantDataArray::get(M.getContext(), B.Before.Bytes), 1298 B.GV->getInitializer(), 1299 ConstantDataArray::get(M.getContext(), B.After.Bytes)}); 1300 auto NewGV = 1301 new GlobalVariable(M, NewInit->getType(), B.GV->isConstant(), 1302 GlobalVariable::PrivateLinkage, NewInit, "", B.GV); 1303 NewGV->setSection(B.GV->getSection()); 1304 NewGV->setComdat(B.GV->getComdat()); 1305 1306 // Copy the original vtable's metadata to the anonymous global, adjusting 1307 // offsets as required. 1308 NewGV->copyMetadata(B.GV, B.Before.Bytes.size()); 1309 1310 // Build an alias named after the original global, pointing at the second 1311 // element (the original initializer). 1312 auto Alias = GlobalAlias::create( 1313 B.GV->getInitializer()->getType(), 0, B.GV->getLinkage(), "", 1314 ConstantExpr::getGetElementPtr( 1315 NewInit->getType(), NewGV, 1316 ArrayRef<Constant *>{ConstantInt::get(Int32Ty, 0), 1317 ConstantInt::get(Int32Ty, 1)}), 1318 &M); 1319 Alias->setVisibility(B.GV->getVisibility()); 1320 Alias->takeName(B.GV); 1321 1322 B.GV->replaceAllUsesWith(Alias); 1323 B.GV->eraseFromParent(); 1324 } 1325 1326 bool DevirtModule::areRemarksEnabled() { 1327 const auto &FL = M.getFunctionList(); 1328 for (const Function &Fn : FL) { 1329 const auto &BBL = Fn.getBasicBlockList(); 1330 if (BBL.empty()) 1331 continue; 1332 auto DI = OptimizationRemark(DEBUG_TYPE, "", DebugLoc(), &BBL.front()); 1333 return DI.isEnabled(); 1334 } 1335 return false; 1336 } 1337 1338 void DevirtModule::scanTypeTestUsers(Function *TypeTestFunc, 1339 Function *AssumeFunc) { 1340 // Find all virtual calls via a virtual table pointer %p under an assumption 1341 // of the form llvm.assume(llvm.type.test(%p, %md)). This indicates that %p 1342 // points to a member of the type identifier %md. Group calls by (type ID, 1343 // offset) pair (effectively the identity of the virtual function) and store 1344 // to CallSlots. 1345 DenseSet<Value *> SeenPtrs; 1346 for (auto I = TypeTestFunc->use_begin(), E = TypeTestFunc->use_end(); 1347 I != E;) { 1348 auto CI = dyn_cast<CallInst>(I->getUser()); 1349 ++I; 1350 if (!CI) 1351 continue; 1352 1353 // Search for virtual calls based on %p and add them to DevirtCalls. 1354 SmallVector<DevirtCallSite, 1> DevirtCalls; 1355 SmallVector<CallInst *, 1> Assumes; 1356 findDevirtualizableCallsForTypeTest(DevirtCalls, Assumes, CI); 1357 1358 // If we found any, add them to CallSlots. Only do this if we haven't seen 1359 // the vtable pointer before, as it may have been CSE'd with pointers from 1360 // other call sites, and we don't want to process call sites multiple times. 1361 if (!Assumes.empty()) { 1362 Metadata *TypeId = 1363 cast<MetadataAsValue>(CI->getArgOperand(1))->getMetadata(); 1364 Value *Ptr = CI->getArgOperand(0)->stripPointerCasts(); 1365 if (SeenPtrs.insert(Ptr).second) { 1366 for (DevirtCallSite Call : DevirtCalls) { 1367 CallSlots[{TypeId, Call.Offset}].addCallSite(Ptr, Call.CS, nullptr); 1368 } 1369 } 1370 } 1371 1372 // We no longer need the assumes or the type test. 1373 for (auto Assume : Assumes) 1374 Assume->eraseFromParent(); 1375 // We can't use RecursivelyDeleteTriviallyDeadInstructions here because we 1376 // may use the vtable argument later. 1377 if (CI->use_empty()) 1378 CI->eraseFromParent(); 1379 } 1380 } 1381 1382 void DevirtModule::scanTypeCheckedLoadUsers(Function *TypeCheckedLoadFunc) { 1383 Function *TypeTestFunc = Intrinsic::getDeclaration(&M, Intrinsic::type_test); 1384 1385 for (auto I = TypeCheckedLoadFunc->use_begin(), 1386 E = TypeCheckedLoadFunc->use_end(); 1387 I != E;) { 1388 auto CI = dyn_cast<CallInst>(I->getUser()); 1389 ++I; 1390 if (!CI) 1391 continue; 1392 1393 Value *Ptr = CI->getArgOperand(0); 1394 Value *Offset = CI->getArgOperand(1); 1395 Value *TypeIdValue = CI->getArgOperand(2); 1396 Metadata *TypeId = cast<MetadataAsValue>(TypeIdValue)->getMetadata(); 1397 1398 SmallVector<DevirtCallSite, 1> DevirtCalls; 1399 SmallVector<Instruction *, 1> LoadedPtrs; 1400 SmallVector<Instruction *, 1> Preds; 1401 bool HasNonCallUses = false; 1402 findDevirtualizableCallsForTypeCheckedLoad(DevirtCalls, LoadedPtrs, Preds, 1403 HasNonCallUses, CI); 1404 1405 // Start by generating "pessimistic" code that explicitly loads the function 1406 // pointer from the vtable and performs the type check. If possible, we will 1407 // eliminate the load and the type check later. 1408 1409 // If possible, only generate the load at the point where it is used. 1410 // This helps avoid unnecessary spills. 1411 IRBuilder<> LoadB( 1412 (LoadedPtrs.size() == 1 && !HasNonCallUses) ? LoadedPtrs[0] : CI); 1413 Value *GEP = LoadB.CreateGEP(Int8Ty, Ptr, Offset); 1414 Value *GEPPtr = LoadB.CreateBitCast(GEP, PointerType::getUnqual(Int8PtrTy)); 1415 Value *LoadedValue = LoadB.CreateLoad(Int8PtrTy, GEPPtr); 1416 1417 for (Instruction *LoadedPtr : LoadedPtrs) { 1418 LoadedPtr->replaceAllUsesWith(LoadedValue); 1419 LoadedPtr->eraseFromParent(); 1420 } 1421 1422 // Likewise for the type test. 1423 IRBuilder<> CallB((Preds.size() == 1 && !HasNonCallUses) ? Preds[0] : CI); 1424 CallInst *TypeTestCall = CallB.CreateCall(TypeTestFunc, {Ptr, TypeIdValue}); 1425 1426 for (Instruction *Pred : Preds) { 1427 Pred->replaceAllUsesWith(TypeTestCall); 1428 Pred->eraseFromParent(); 1429 } 1430 1431 // We have already erased any extractvalue instructions that refer to the 1432 // intrinsic call, but the intrinsic may have other non-extractvalue uses 1433 // (although this is unlikely). In that case, explicitly build a pair and 1434 // RAUW it. 1435 if (!CI->use_empty()) { 1436 Value *Pair = UndefValue::get(CI->getType()); 1437 IRBuilder<> B(CI); 1438 Pair = B.CreateInsertValue(Pair, LoadedValue, {0}); 1439 Pair = B.CreateInsertValue(Pair, TypeTestCall, {1}); 1440 CI->replaceAllUsesWith(Pair); 1441 } 1442 1443 // The number of unsafe uses is initially the number of uses. 1444 auto &NumUnsafeUses = NumUnsafeUsesForTypeTest[TypeTestCall]; 1445 NumUnsafeUses = DevirtCalls.size(); 1446 1447 // If the function pointer has a non-call user, we cannot eliminate the type 1448 // check, as one of those users may eventually call the pointer. Increment 1449 // the unsafe use count to make sure it cannot reach zero. 1450 if (HasNonCallUses) 1451 ++NumUnsafeUses; 1452 for (DevirtCallSite Call : DevirtCalls) { 1453 CallSlots[{TypeId, Call.Offset}].addCallSite(Ptr, Call.CS, 1454 &NumUnsafeUses); 1455 } 1456 1457 CI->eraseFromParent(); 1458 } 1459 } 1460 1461 void DevirtModule::importResolution(VTableSlot Slot, VTableSlotInfo &SlotInfo) { 1462 const TypeIdSummary *TidSummary = 1463 ImportSummary->getTypeIdSummary(cast<MDString>(Slot.TypeID)->getString()); 1464 if (!TidSummary) 1465 return; 1466 auto ResI = TidSummary->WPDRes.find(Slot.ByteOffset); 1467 if (ResI == TidSummary->WPDRes.end()) 1468 return; 1469 const WholeProgramDevirtResolution &Res = ResI->second; 1470 1471 if (Res.TheKind == WholeProgramDevirtResolution::SingleImpl) { 1472 // The type of the function in the declaration is irrelevant because every 1473 // call site will cast it to the correct type. 1474 auto *SingleImpl = M.getOrInsertFunction( 1475 Res.SingleImplName, Type::getVoidTy(M.getContext())); 1476 1477 // This is the import phase so we should not be exporting anything. 1478 bool IsExported = false; 1479 applySingleImplDevirt(SlotInfo, SingleImpl, IsExported); 1480 assert(!IsExported); 1481 } 1482 1483 for (auto &CSByConstantArg : SlotInfo.ConstCSInfo) { 1484 auto I = Res.ResByArg.find(CSByConstantArg.first); 1485 if (I == Res.ResByArg.end()) 1486 continue; 1487 auto &ResByArg = I->second; 1488 // FIXME: We should figure out what to do about the "function name" argument 1489 // to the apply* functions, as the function names are unavailable during the 1490 // importing phase. For now we just pass the empty string. This does not 1491 // impact correctness because the function names are just used for remarks. 1492 switch (ResByArg.TheKind) { 1493 case WholeProgramDevirtResolution::ByArg::UniformRetVal: 1494 applyUniformRetValOpt(CSByConstantArg.second, "", ResByArg.Info); 1495 break; 1496 case WholeProgramDevirtResolution::ByArg::UniqueRetVal: { 1497 Constant *UniqueMemberAddr = 1498 importGlobal(Slot, CSByConstantArg.first, "unique_member"); 1499 applyUniqueRetValOpt(CSByConstantArg.second, "", ResByArg.Info, 1500 UniqueMemberAddr); 1501 break; 1502 } 1503 case WholeProgramDevirtResolution::ByArg::VirtualConstProp: { 1504 Constant *Byte = importConstant(Slot, CSByConstantArg.first, "byte", 1505 Int32Ty, ResByArg.Byte); 1506 Constant *Bit = importConstant(Slot, CSByConstantArg.first, "bit", Int8Ty, 1507 ResByArg.Bit); 1508 applyVirtualConstProp(CSByConstantArg.second, "", Byte, Bit); 1509 break; 1510 } 1511 default: 1512 break; 1513 } 1514 } 1515 1516 if (Res.TheKind == WholeProgramDevirtResolution::BranchFunnel) { 1517 auto *JT = M.getOrInsertFunction(getGlobalName(Slot, {}, "branch_funnel"), 1518 Type::getVoidTy(M.getContext())); 1519 bool IsExported = false; 1520 applyICallBranchFunnel(SlotInfo, JT, IsExported); 1521 assert(!IsExported); 1522 } 1523 } 1524 1525 void DevirtModule::removeRedundantTypeTests() { 1526 auto True = ConstantInt::getTrue(M.getContext()); 1527 for (auto &&U : NumUnsafeUsesForTypeTest) { 1528 if (U.second == 0) { 1529 U.first->replaceAllUsesWith(True); 1530 U.first->eraseFromParent(); 1531 } 1532 } 1533 } 1534 1535 bool DevirtModule::run() { 1536 Function *TypeTestFunc = 1537 M.getFunction(Intrinsic::getName(Intrinsic::type_test)); 1538 Function *TypeCheckedLoadFunc = 1539 M.getFunction(Intrinsic::getName(Intrinsic::type_checked_load)); 1540 Function *AssumeFunc = M.getFunction(Intrinsic::getName(Intrinsic::assume)); 1541 1542 // Normally if there are no users of the devirtualization intrinsics in the 1543 // module, this pass has nothing to do. But if we are exporting, we also need 1544 // to handle any users that appear only in the function summaries. 1545 if (!ExportSummary && 1546 (!TypeTestFunc || TypeTestFunc->use_empty() || !AssumeFunc || 1547 AssumeFunc->use_empty()) && 1548 (!TypeCheckedLoadFunc || TypeCheckedLoadFunc->use_empty())) 1549 return false; 1550 1551 if (TypeTestFunc && AssumeFunc) 1552 scanTypeTestUsers(TypeTestFunc, AssumeFunc); 1553 1554 if (TypeCheckedLoadFunc) 1555 scanTypeCheckedLoadUsers(TypeCheckedLoadFunc); 1556 1557 if (ImportSummary) { 1558 for (auto &S : CallSlots) 1559 importResolution(S.first, S.second); 1560 1561 removeRedundantTypeTests(); 1562 1563 // The rest of the code is only necessary when exporting or during regular 1564 // LTO, so we are done. 1565 return true; 1566 } 1567 1568 // Rebuild type metadata into a map for easy lookup. 1569 std::vector<VTableBits> Bits; 1570 DenseMap<Metadata *, std::set<TypeMemberInfo>> TypeIdMap; 1571 buildTypeIdentifierMap(Bits, TypeIdMap); 1572 if (TypeIdMap.empty()) 1573 return true; 1574 1575 // Collect information from summary about which calls to try to devirtualize. 1576 if (ExportSummary) { 1577 DenseMap<GlobalValue::GUID, TinyPtrVector<Metadata *>> MetadataByGUID; 1578 for (auto &P : TypeIdMap) { 1579 if (auto *TypeId = dyn_cast<MDString>(P.first)) 1580 MetadataByGUID[GlobalValue::getGUID(TypeId->getString())].push_back( 1581 TypeId); 1582 } 1583 1584 for (auto &P : *ExportSummary) { 1585 for (auto &S : P.second.SummaryList) { 1586 auto *FS = dyn_cast<FunctionSummary>(S.get()); 1587 if (!FS) 1588 continue; 1589 // FIXME: Only add live functions. 1590 for (FunctionSummary::VFuncId VF : FS->type_test_assume_vcalls()) { 1591 for (Metadata *MD : MetadataByGUID[VF.GUID]) { 1592 CallSlots[{MD, VF.Offset}] 1593 .CSInfo.markSummaryHasTypeTestAssumeUsers(); 1594 } 1595 } 1596 for (FunctionSummary::VFuncId VF : FS->type_checked_load_vcalls()) { 1597 for (Metadata *MD : MetadataByGUID[VF.GUID]) { 1598 CallSlots[{MD, VF.Offset}].CSInfo.addSummaryTypeCheckedLoadUser(FS); 1599 } 1600 } 1601 for (const FunctionSummary::ConstVCall &VC : 1602 FS->type_test_assume_const_vcalls()) { 1603 for (Metadata *MD : MetadataByGUID[VC.VFunc.GUID]) { 1604 CallSlots[{MD, VC.VFunc.Offset}] 1605 .ConstCSInfo[VC.Args] 1606 .markSummaryHasTypeTestAssumeUsers(); 1607 } 1608 } 1609 for (const FunctionSummary::ConstVCall &VC : 1610 FS->type_checked_load_const_vcalls()) { 1611 for (Metadata *MD : MetadataByGUID[VC.VFunc.GUID]) { 1612 CallSlots[{MD, VC.VFunc.Offset}] 1613 .ConstCSInfo[VC.Args] 1614 .addSummaryTypeCheckedLoadUser(FS); 1615 } 1616 } 1617 } 1618 } 1619 } 1620 1621 // For each (type, offset) pair: 1622 bool DidVirtualConstProp = false; 1623 std::map<std::string, Function*> DevirtTargets; 1624 for (auto &S : CallSlots) { 1625 // Search each of the members of the type identifier for the virtual 1626 // function implementation at offset S.first.ByteOffset, and add to 1627 // TargetsForSlot. 1628 std::vector<VirtualCallTarget> TargetsForSlot; 1629 if (tryFindVirtualCallTargets(TargetsForSlot, TypeIdMap[S.first.TypeID], 1630 S.first.ByteOffset)) { 1631 WholeProgramDevirtResolution *Res = nullptr; 1632 if (ExportSummary && isa<MDString>(S.first.TypeID)) 1633 Res = &ExportSummary 1634 ->getOrInsertTypeIdSummary( 1635 cast<MDString>(S.first.TypeID)->getString()) 1636 .WPDRes[S.first.ByteOffset]; 1637 1638 if (!trySingleImplDevirt(TargetsForSlot, S.second, Res)) { 1639 DidVirtualConstProp |= 1640 tryVirtualConstProp(TargetsForSlot, S.second, Res, S.first); 1641 1642 tryICallBranchFunnel(TargetsForSlot, S.second, Res, S.first); 1643 } 1644 1645 // Collect functions devirtualized at least for one call site for stats. 1646 if (RemarksEnabled) 1647 for (const auto &T : TargetsForSlot) 1648 if (T.WasDevirt) 1649 DevirtTargets[T.Fn->getName()] = T.Fn; 1650 } 1651 1652 // CFI-specific: if we are exporting and any llvm.type.checked.load 1653 // intrinsics were *not* devirtualized, we need to add the resulting 1654 // llvm.type.test intrinsics to the function summaries so that the 1655 // LowerTypeTests pass will export them. 1656 if (ExportSummary && isa<MDString>(S.first.TypeID)) { 1657 auto GUID = 1658 GlobalValue::getGUID(cast<MDString>(S.first.TypeID)->getString()); 1659 for (auto FS : S.second.CSInfo.SummaryTypeCheckedLoadUsers) 1660 FS->addTypeTest(GUID); 1661 for (auto &CCS : S.second.ConstCSInfo) 1662 for (auto FS : CCS.second.SummaryTypeCheckedLoadUsers) 1663 FS->addTypeTest(GUID); 1664 } 1665 } 1666 1667 if (RemarksEnabled) { 1668 // Generate remarks for each devirtualized function. 1669 for (const auto &DT : DevirtTargets) { 1670 Function *F = DT.second; 1671 1672 using namespace ore; 1673 OREGetter(F).emit(OptimizationRemark(DEBUG_TYPE, "Devirtualized", F) 1674 << "devirtualized " 1675 << NV("FunctionName", F->getName())); 1676 } 1677 } 1678 1679 removeRedundantTypeTests(); 1680 1681 // Rebuild each global we touched as part of virtual constant propagation to 1682 // include the before and after bytes. 1683 if (DidVirtualConstProp) 1684 for (VTableBits &B : Bits) 1685 rebuildGlobal(B); 1686 1687 return true; 1688 } 1689