lib/Analysis/Loads.cpp

   1 //===- Loads.cpp - Local load analysis ------------------------------------===//
   2 //
   3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
   4 // See https://llvm.org/LICENSE.txt for license information.
   5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
   6 //
   7 //===----------------------------------------------------------------------===//
   8 //
   9 // This file defines simple local analyses for load instructions.
  10 //
  11 //===----------------------------------------------------------------------===//
  12
  13 #include "llvm/Analysis/Loads.h"
  14 #include "llvm/Analysis/AliasAnalysis.h"
  15 #include "llvm/Analysis/ValueTracking.h"
  16 #include "llvm/IR/DataLayout.h"
  17 #include "llvm/IR/GlobalAlias.h"
  18 #include "llvm/IR/GlobalVariable.h"
  19 #include "llvm/IR/IntrinsicInst.h"
  20 #include "llvm/IR/LLVMContext.h"
  21 #include "llvm/IR/Module.h"
  22 #include "llvm/IR/Operator.h"
  23 #include "llvm/IR/Statepoint.h"
  24
  25 using namespace llvm;
  26
  27 static bool isAligned(const Value *Base, const APInt &Offset, unsigned Align,
  28                       const DataLayout &DL) {
  29   APInt BaseAlign(Offset.getBitWidth(), Base->getPointerAlignment(DL));
  30
  31   if (!BaseAlign) {
  32     Type *Ty = Base->getType()->getPointerElementType();
  33     if (!Ty->isSized())
  34       return false;
  35     BaseAlign = DL.getABITypeAlignment(Ty);
  36   }
  37
  38   APInt Alignment(Offset.getBitWidth(), Align);
  39
  40   assert(Alignment.isPowerOf2() && "must be a power of 2!");
  41   return BaseAlign.uge(Alignment) && !(Offset & (Alignment-1));
  42 }
  43
  44 static bool isAligned(const Value *Base, unsigned Align, const DataLayout &DL) {
  45   Type *Ty = Base->getType();
  46   assert(Ty->isSized() && "must be sized");
  47   APInt Offset(DL.getTypeStoreSizeInBits(Ty), 0);
  48   return isAligned(Base, Offset, Align, DL);
  49 }
  50
  51 /// Test if V is always a pointer to allocated and suitably aligned memory for
  52 /// a simple load or store.
  53 static bool isDereferenceableAndAlignedPointer(
  54     const Value *V, unsigned Align, const APInt &Size, const DataLayout &DL,
  55     const Instruction *CtxI, const DominatorTree *DT,
  56     SmallPtrSetImpl<const Value *> &Visited) {
  57   // Already visited?  Bail out, we've likely hit unreachable code.
  58   if (!Visited.insert(V).second)
  59     return false;
  60
  61   // Note that it is not safe to speculate into a malloc'd region because
  62   // malloc may return null.
  63
  64   // bitcast instructions are no-ops as far as dereferenceability is concerned.
  65   if (const BitCastOperator *BC = dyn_cast<BitCastOperator>(V))
  66     return isDereferenceableAndAlignedPointer(BC->getOperand(0), Align, Size,
  67                                               DL, CtxI, DT, Visited);
  68
  69   bool CheckForNonNull = false;
  70   APInt KnownDerefBytes(Size.getBitWidth(),
  71                         V->getPointerDereferenceableBytes(DL, CheckForNonNull));
  72   if (KnownDerefBytes.getBoolValue()) {
  73     if (KnownDerefBytes.uge(Size))
  74       if (!CheckForNonNull || isKnownNonZero(V, DL, 0, nullptr, CtxI, DT))
  75         return isAligned(V, Align, DL);
  76   }
  77
  78   // For GEPs, determine if the indexing lands within the allocated object.
  79   if (const GEPOperator *GEP = dyn_cast<GEPOperator>(V)) {
  80     const Value *Base = GEP->getPointerOperand();
  81
  82     APInt Offset(DL.getIndexTypeSizeInBits(GEP->getType()), 0);
  83     if (!GEP->accumulateConstantOffset(DL, Offset) || Offset.isNegative() ||
  84         !Offset.urem(APInt(Offset.getBitWidth(), Align)).isMinValue())
  85       return false;
  86
  87     // If the base pointer is dereferenceable for Offset+Size bytes, then the
  88     // GEP (== Base + Offset) is dereferenceable for Size bytes.  If the base
  89     // pointer is aligned to Align bytes, and the Offset is divisible by Align
  90     // then the GEP (== Base + Offset == k_0 * Align + k_1 * Align) is also
  91     // aligned to Align bytes.
  92
  93     // Offset and Size may have different bit widths if we have visited an
  94     // addrspacecast, so we can't do arithmetic directly on the APInt values.
  95     return isDereferenceableAndAlignedPointer(
  96         Base, Align, Offset + Size.sextOrTrunc(Offset.getBitWidth()),
  97         DL, CtxI, DT, Visited);
  98   }
  99
 100   // For gc.relocate, look through relocations
 101   if (const GCRelocateInst *RelocateInst = dyn_cast<GCRelocateInst>(V))
 102     return isDereferenceableAndAlignedPointer(
 103         RelocateInst->getDerivedPtr(), Align, Size, DL, CtxI, DT, Visited);
 104
 105   if (const AddrSpaceCastInst *ASC = dyn_cast<AddrSpaceCastInst>(V))
 106     return isDereferenceableAndAlignedPointer(ASC->getOperand(0), Align, Size,
 107                                               DL, CtxI, DT, Visited);
 108
 109   if (const auto *Call = dyn_cast<CallBase>(V))
 110     if (auto *RP = getArgumentAliasingToReturnedPointer(Call))
 111       return isDereferenceableAndAlignedPointer(RP, Align, Size, DL, CtxI, DT,
 112                                                 Visited);
 113
 114   // If we don't know, assume the worst.
 115   return false;
 116 }
 117
 118 bool llvm::isDereferenceableAndAlignedPointer(const Value *V, unsigned Align,
 119                                               const APInt &Size,
 120                                               const DataLayout &DL,
 121                                               const Instruction *CtxI,
 122                                               const DominatorTree *DT) {
 123   SmallPtrSet<const Value *, 32> Visited;
 124   return ::isDereferenceableAndAlignedPointer(V, Align, Size, DL, CtxI, DT,
 125                                               Visited);
 126 }
 127
 128 bool llvm::isDereferenceableAndAlignedPointer(const Value *V, unsigned Align,
 129                                               const DataLayout &DL,
 130                                               const Instruction *CtxI,
 131                                               const DominatorTree *DT) {
 132   // When dereferenceability information is provided by a dereferenceable
 133   // attribute, we know exactly how many bytes are dereferenceable. If we can
 134   // determine the exact offset to the attributed variable, we can use that
 135   // information here.
 136   Type *VTy = V->getType();
 137   Type *Ty = VTy->getPointerElementType();
 138
 139   // Require ABI alignment for loads without alignment specification
 140   if (Align == 0)
 141     Align = DL.getABITypeAlignment(Ty);
 142
 143   if (!Ty->isSized())
 144     return false;
 145
 146   SmallPtrSet<const Value *, 32> Visited;
 147   return ::isDereferenceableAndAlignedPointer(
 148       V, Align, APInt(DL.getIndexTypeSizeInBits(VTy), DL.getTypeStoreSize(Ty)), DL,
 149       CtxI, DT, Visited);
 150 }
 151
 152 bool llvm::isDereferenceablePointer(const Value *V, const DataLayout &DL,
 153                                     const Instruction *CtxI,
 154                                     const DominatorTree *DT) {
 155   return isDereferenceableAndAlignedPointer(V, 1, DL, CtxI, DT);
 156 }
 157
 158 /// Test if A and B will obviously have the same value.
 159 ///
 160 /// This includes recognizing that %t0 and %t1 will have the same
 161 /// value in code like this:
 162 /// \code
 163 ///   %t0 = getelementptr \@a, 0, 3
 164 ///   store i32 0, i32* %t0
 165 ///   %t1 = getelementptr \@a, 0, 3
 166 ///   %t2 = load i32* %t1
 167 /// \endcode
 168 ///
 169 static bool AreEquivalentAddressValues(const Value *A, const Value *B) {
 170   // Test if the values are trivially equivalent.
 171   if (A == B)
 172     return true;
 173
 174   // Test if the values come from identical arithmetic instructions.
 175   // Use isIdenticalToWhenDefined instead of isIdenticalTo because
 176   // this function is only used when one address use dominates the
 177   // other, which means that they'll always either have the same
 178   // value or one of them will have an undefined value.
 179   if (isa<BinaryOperator>(A) || isa<CastInst>(A) || isa<PHINode>(A) ||
 180       isa<GetElementPtrInst>(A))
 181     if (const Instruction *BI = dyn_cast<Instruction>(B))
 182       if (cast<Instruction>(A)->isIdenticalToWhenDefined(BI))
 183         return true;
 184
 185   // Otherwise they may not be equivalent.
 186   return false;
 187 }
 188
 189 /// Check if executing a load of this pointer value cannot trap.
 190 ///
 191 /// If DT and ScanFrom are specified this method performs context-sensitive
 192 /// analysis and returns true if it is safe to load immediately before ScanFrom.
 193 ///
 194 /// If it is not obviously safe to load from the specified pointer, we do
 195 /// a quick local scan of the basic block containing \c ScanFrom, to determine
 196 /// if the address is already accessed.
 197 ///
 198 /// This uses the pointee type to determine how many bytes need to be safe to
 199 /// load from the pointer.
 200 bool llvm::isSafeToLoadUnconditionally(Value *V, unsigned Align,
 201                                        const DataLayout &DL,
 202                                        Instruction *ScanFrom,
 203                                        const DominatorTree *DT) {
 204   // Zero alignment means that the load has the ABI alignment for the target
 205   if (Align == 0)
 206     Align = DL.getABITypeAlignment(V->getType()->getPointerElementType());
 207   assert(isPowerOf2_32(Align));
 208
 209   // If DT is not specified we can't make context-sensitive query
 210   const Instruction* CtxI = DT ? ScanFrom : nullptr;
 211   if (isDereferenceableAndAlignedPointer(V, Align, DL, CtxI, DT))
 212     return true;
 213
 214   int64_t ByteOffset = 0;
 215   Value *Base = V;
 216   Base = GetPointerBaseWithConstantOffset(V, ByteOffset, DL);
 217
 218   if (ByteOffset < 0) // out of bounds
 219     return false;
 220
 221   Type *BaseType = nullptr;
 222   unsigned BaseAlign = 0;
 223   if (const AllocaInst *AI = dyn_cast<AllocaInst>(Base)) {
 224     // An alloca is safe to load from as load as it is suitably aligned.
 225     BaseType = AI->getAllocatedType();
 226     BaseAlign = AI->getAlignment();
 227   } else if (const GlobalVariable *GV = dyn_cast<GlobalVariable>(Base)) {
 228     // Global variables are not necessarily safe to load from if they are
 229     // interposed arbitrarily. Their size may change or they may be weak and
 230     // require a test to determine if they were in fact provided.
 231     if (!GV->isInterposable()) {
 232       BaseType = GV->getType()->getElementType();
 233       BaseAlign = GV->getAlignment();
 234     }
 235   }
 236
 237   PointerType *AddrTy = cast<PointerType>(V->getType());
 238   uint64_t LoadSize = DL.getTypeStoreSize(AddrTy->getElementType());
 239
 240   // If we found a base allocated type from either an alloca or global variable,
 241   // try to see if we are definitively within the allocated region. We need to
 242   // know the size of the base type and the loaded type to do anything in this
 243   // case.
 244   if (BaseType && BaseType->isSized()) {
 245     if (BaseAlign == 0)
 246       BaseAlign = DL.getPrefTypeAlignment(BaseType);
 247
 248     if (Align <= BaseAlign) {
 249       // Check if the load is within the bounds of the underlying object.
 250       if (ByteOffset + LoadSize <= DL.getTypeAllocSize(BaseType) &&
 251           ((ByteOffset % Align) == 0))
 252         return true;
 253     }
 254   }
 255
 256   if (!ScanFrom)
 257     return false;
 258
 259   // Otherwise, be a little bit aggressive by scanning the local block where we
 260   // want to check to see if the pointer is already being loaded or stored
 261   // from/to.  If so, the previous load or store would have already trapped,
 262   // so there is no harm doing an extra load (also, CSE will later eliminate
 263   // the load entirely).
 264   BasicBlock::iterator BBI = ScanFrom->getIterator(),
 265                        E = ScanFrom->getParent()->begin();
 266
 267   // We can at least always strip pointer casts even though we can't use the
 268   // base here.
 269   V = V->stripPointerCasts();
 270
 271   while (BBI != E) {
 272     --BBI;
 273
 274     // If we see a free or a call which may write to memory (i.e. which might do
 275     // a free) the pointer could be marked invalid.
 276     if (isa<CallInst>(BBI) && BBI->mayWriteToMemory() &&
 277         !isa<DbgInfoIntrinsic>(BBI))
 278       return false;
 279
 280     Value *AccessedPtr;
 281     unsigned AccessedAlign;
 282     if (LoadInst *LI = dyn_cast<LoadInst>(BBI)) {
 283       // Ignore volatile loads. The execution of a volatile load cannot
 284       // be used to prove an address is backed by regular memory; it can,
 285       // for example, point to an MMIO register.
 286       if (LI->isVolatile())
 287         continue;
 288       AccessedPtr = LI->getPointerOperand();
 289       AccessedAlign = LI->getAlignment();
 290     } else if (StoreInst *SI = dyn_cast<StoreInst>(BBI)) {
 291       // Ignore volatile stores (see comment for loads).
 292       if (SI->isVolatile())
 293         continue;
 294       AccessedPtr = SI->getPointerOperand();
 295       AccessedAlign = SI->getAlignment();
 296     } else
 297       continue;
 298
 299     Type *AccessedTy = AccessedPtr->getType()->getPointerElementType();
 300     if (AccessedAlign == 0)
 301       AccessedAlign = DL.getABITypeAlignment(AccessedTy);
 302     if (AccessedAlign < Align)
 303       continue;
 304
 305     // Handle trivial cases.
 306     if (AccessedPtr == V)
 307       return true;
 308
 309     if (AreEquivalentAddressValues(AccessedPtr->stripPointerCasts(), V) &&
 310         LoadSize <= DL.getTypeStoreSize(AccessedTy))
 311       return true;
 312   }
 313   return false;
 314 }
 315
 316 /// DefMaxInstsToScan - the default number of maximum instructions
 317 /// to scan in the block, used by FindAvailableLoadedValue().
 318 /// FindAvailableLoadedValue() was introduced in r60148, to improve jump
 319 /// threading in part by eliminating partially redundant loads.
 320 /// At that point, the value of MaxInstsToScan was already set to '6'
 321 /// without documented explanation.
 322 cl::opt<unsigned>
 323 llvm::DefMaxInstsToScan("available-load-scan-limit", cl::init(6), cl::Hidden,
 324   cl::desc("Use this to specify the default maximum number of instructions "
 325            "to scan backward from a given instruction, when searching for "
 326            "available loaded value"));
 327
 328 Value *llvm::FindAvailableLoadedValue(LoadInst *Load,
 329                                       BasicBlock *ScanBB,
 330                                       BasicBlock::iterator &ScanFrom,
 331                                       unsigned MaxInstsToScan,
 332                                       AliasAnalysis *AA, bool *IsLoad,
 333                                       unsigned *NumScanedInst) {
 334   // Don't CSE load that is volatile or anything stronger than unordered.
 335   if (!Load->isUnordered())
 336     return nullptr;
 337
 338   return FindAvailablePtrLoadStore(
 339       Load->getPointerOperand(), Load->getType(), Load->isAtomic(), ScanBB,
 340       ScanFrom, MaxInstsToScan, AA, IsLoad, NumScanedInst);
 341 }
 342
 343 Value *llvm::FindAvailablePtrLoadStore(Value *Ptr, Type *AccessTy,
 344                                        bool AtLeastAtomic, BasicBlock *ScanBB,
 345                                        BasicBlock::iterator &ScanFrom,
 346                                        unsigned MaxInstsToScan,
 347                                        AliasAnalysis *AA, bool *IsLoadCSE,
 348                                        unsigned *NumScanedInst) {
 349   if (MaxInstsToScan == 0)
 350     MaxInstsToScan = ~0U;
 351
 352   const DataLayout &DL = ScanBB->getModule()->getDataLayout();
 353
 354   // Try to get the store size for the type.
 355   auto AccessSize = LocationSize::precise(DL.getTypeStoreSize(AccessTy));
 356
 357   Value *StrippedPtr = Ptr->stripPointerCasts();
 358
 359   while (ScanFrom != ScanBB->begin()) {
 360     // We must ignore debug info directives when counting (otherwise they
 361     // would affect codegen).
 362     Instruction *Inst = &*--ScanFrom;
 363     if (isa<DbgInfoIntrinsic>(Inst))
 364       continue;
 365
 366     // Restore ScanFrom to expected value in case next test succeeds
 367     ScanFrom++;
 368
 369     if (NumScanedInst)
 370       ++(*NumScanedInst);
 371
 372     // Don't scan huge blocks.
 373     if (MaxInstsToScan-- == 0)
 374       return nullptr;
 375
 376     --ScanFrom;
 377     // If this is a load of Ptr, the loaded value is available.
 378     // (This is true even if the load is volatile or atomic, although
 379     // those cases are unlikely.)
 380     if (LoadInst *LI = dyn_cast<LoadInst>(Inst))
 381       if (AreEquivalentAddressValues(
 382               LI->getPointerOperand()->stripPointerCasts(), StrippedPtr) &&
 383           CastInst::isBitOrNoopPointerCastable(LI->getType(), AccessTy, DL)) {
 384
 385         // We can value forward from an atomic to a non-atomic, but not the
 386         // other way around.
 387         if (LI->isAtomic() < AtLeastAtomic)
 388           return nullptr;
 389
 390         if (IsLoadCSE)
 391             *IsLoadCSE = true;
 392         return LI;
 393       }
 394
 395     if (StoreInst *SI = dyn_cast<StoreInst>(Inst)) {
 396       Value *StorePtr = SI->getPointerOperand()->stripPointerCasts();
 397       // If this is a store through Ptr, the value is available!
 398       // (This is true even if the store is volatile or atomic, although
 399       // those cases are unlikely.)
 400       if (AreEquivalentAddressValues(StorePtr, StrippedPtr) &&
 401           CastInst::isBitOrNoopPointerCastable(SI->getValueOperand()->getType(),
 402                                                AccessTy, DL)) {
 403
 404         // We can value forward from an atomic to a non-atomic, but not the
 405         // other way around.
 406         if (SI->isAtomic() < AtLeastAtomic)
 407           return nullptr;
 408
 409         if (IsLoadCSE)
 410           *IsLoadCSE = false;
 411         return SI->getOperand(0);
 412       }
 413
 414       // If both StrippedPtr and StorePtr reach all the way to an alloca or
 415       // global and they are different, ignore the store. This is a trivial form
 416       // of alias analysis that is important for reg2mem'd code.
 417       if ((isa<AllocaInst>(StrippedPtr) || isa<GlobalVariable>(StrippedPtr)) &&
 418           (isa<AllocaInst>(StorePtr) || isa<GlobalVariable>(StorePtr)) &&
 419           StrippedPtr != StorePtr)
 420         continue;
 421
 422       // If we have alias analysis and it says the store won't modify the loaded
 423       // value, ignore the store.
 424       if (AA && !isModSet(AA->getModRefInfo(SI, StrippedPtr, AccessSize)))
 425         continue;
 426
 427       // Otherwise the store that may or may not alias the pointer, bail out.
 428       ++ScanFrom;
 429       return nullptr;
 430     }
 431
 432     // If this is some other instruction that may clobber Ptr, bail out.
 433     if (Inst->mayWriteToMemory()) {
 434       // If alias analysis claims that it really won't modify the load,
 435       // ignore it.
 436       if (AA && !isModSet(AA->getModRefInfo(Inst, StrippedPtr, AccessSize)))
 437         continue;
 438
 439       // May modify the pointer, bail out.
 440       ++ScanFrom;
 441       return nullptr;
 442     }
 443   }
 444
 445   // Got to the start of the block, we didn't find it, but are done for this
 446   // block.
 447   return nullptr;
 448 }