1 //===- LazyValueInfo.cpp - Value constraint analysis ------------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file defines the interface for lazy computation of value constraint
10 // information.
11 //
12 //===----------------------------------------------------------------------===//
13
14 #include "llvm/Analysis/LazyValueInfo.h"
15 #include "llvm/ADT/DenseSet.h"
16 #include "llvm/ADT/Optional.h"
17 #include "llvm/ADT/STLExtras.h"
18 #include "llvm/Analysis/AssumptionCache.h"
19 #include "llvm/Analysis/ConstantFolding.h"
20 #include "llvm/Analysis/InstructionSimplify.h"
21 #include "llvm/Analysis/TargetLibraryInfo.h"
22 #include "llvm/Analysis/ValueLattice.h"
23 #include "llvm/Analysis/ValueTracking.h"
24 #include "llvm/IR/AssemblyAnnotationWriter.h"
25 #include "llvm/IR/CFG.h"
26 #include "llvm/IR/ConstantRange.h"
27 #include "llvm/IR/Constants.h"
28 #include "llvm/IR/DataLayout.h"
29 #include "llvm/IR/Dominators.h"
30 #include "llvm/IR/Instructions.h"
31 #include "llvm/IR/IntrinsicInst.h"
32 #include "llvm/IR/Intrinsics.h"
33 #include "llvm/IR/LLVMContext.h"
34 #include "llvm/IR/PatternMatch.h"
35 #include "llvm/IR/ValueHandle.h"
36 #include "llvm/InitializePasses.h"
37 #include "llvm/Support/Debug.h"
38 #include "llvm/Support/FormattedStream.h"
39 #include "llvm/Support/KnownBits.h"
40 #include "llvm/Support/raw_ostream.h"
41 #include <map>
42 using namespace llvm;
43 using namespace PatternMatch;
44
45 #define DEBUG_TYPE "lazy-value-info"
46
47 // This is the number of worklist items we will process to try to discover an
48 // answer for a given value.
49 static const unsigned MaxProcessedPerValue = 500;
50
51 char LazyValueInfoWrapperPass::ID = 0;
LazyValueInfoWrapperPass()52 LazyValueInfoWrapperPass::LazyValueInfoWrapperPass() : FunctionPass(ID) {
53 initializeLazyValueInfoWrapperPassPass(*PassRegistry::getPassRegistry());
54 }
55 INITIALIZE_PASS_BEGIN(LazyValueInfoWrapperPass, "lazy-value-info",
56 "Lazy Value Information Analysis", false, true)
57 INITIALIZE_PASS_DEPENDENCY(AssumptionCacheTracker)
58 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass)
59 INITIALIZE_PASS_END(LazyValueInfoWrapperPass, "lazy-value-info",
60 "Lazy Value Information Analysis", false, true)
61
62 namespace llvm {
createLazyValueInfoPass()63 FunctionPass *createLazyValueInfoPass() { return new LazyValueInfoWrapperPass(); }
64 }
65
66 AnalysisKey LazyValueAnalysis::Key;
67
68 /// Returns true if this lattice value represents at most one possible value.
69 /// This is as precise as any lattice value can get while still representing
70 /// reachable code.
hasSingleValue(const ValueLatticeElement & Val)71 static bool hasSingleValue(const ValueLatticeElement &Val) {
72 if (Val.isConstantRange() &&
73 Val.getConstantRange().isSingleElement())
74 // Integer constants are single element ranges
75 return true;
76 if (Val.isConstant())
77 // Non integer constants
78 return true;
79 return false;
80 }
81
82 /// Combine two sets of facts about the same value into a single set of
83 /// facts. Note that this method is not suitable for merging facts along
84 /// different paths in a CFG; that's what the mergeIn function is for. This
85 /// is for merging facts gathered about the same value at the same location
86 /// through two independent means.
87 /// Notes:
88 /// * This method does not promise to return the most precise possible lattice
89 /// value implied by A and B. It is allowed to return any lattice element
90 /// which is at least as strong as *either* A or B (unless our facts
91 /// conflict, see below).
92 /// * Due to unreachable code, the intersection of two lattice values could be
93 /// contradictory. If this happens, we return some valid lattice value so as
94 /// not confuse the rest of LVI. Ideally, we'd always return Undefined, but
95 /// we do not make this guarantee. TODO: This would be a useful enhancement.
intersect(const ValueLatticeElement & A,const ValueLatticeElement & B)96 static ValueLatticeElement intersect(const ValueLatticeElement &A,
97 const ValueLatticeElement &B) {
98 // Undefined is the strongest state. It means the value is known to be along
99 // an unreachable path.
100 if (A.isUnknown())
101 return A;
102 if (B.isUnknown())
103 return B;
104
105 // If we gave up for one, but got a useable fact from the other, use it.
106 if (A.isOverdefined())
107 return B;
108 if (B.isOverdefined())
109 return A;
110
111 // Can't get any more precise than constants.
112 if (hasSingleValue(A))
113 return A;
114 if (hasSingleValue(B))
115 return B;
116
117 // Could be either constant range or not constant here.
118 if (!A.isConstantRange() || !B.isConstantRange()) {
119 // TODO: Arbitrary choice, could be improved
120 return A;
121 }
122
123 // Intersect two constant ranges
124 ConstantRange Range =
125 A.getConstantRange().intersectWith(B.getConstantRange());
126 // Note: An empty range is implicitly converted to unknown or undef depending
127 // on MayIncludeUndef internally.
128 return ValueLatticeElement::getRange(
129 std::move(Range), /*MayIncludeUndef=*/A.isConstantRangeIncludingUndef() |
130 B.isConstantRangeIncludingUndef());
131 }
132
133 //===----------------------------------------------------------------------===//
134 // LazyValueInfoCache Decl
135 //===----------------------------------------------------------------------===//
136
137 namespace {
138 /// A callback value handle updates the cache when values are erased.
139 class LazyValueInfoCache;
140 struct LVIValueHandle final : public CallbackVH {
141 LazyValueInfoCache *Parent;
142
LVIValueHandle__anondc48f1430111::LVIValueHandle143 LVIValueHandle(Value *V, LazyValueInfoCache *P = nullptr)
144 : CallbackVH(V), Parent(P) { }
145
146 void deleted() override;
allUsesReplacedWith__anondc48f1430111::LVIValueHandle147 void allUsesReplacedWith(Value *V) override {
148 deleted();
149 }
150 };
151 } // end anonymous namespace
152
153 namespace {
154 using NonNullPointerSet = SmallDenseSet<AssertingVH<Value>, 2>;
155
156 /// This is the cache kept by LazyValueInfo which
157 /// maintains information about queries across the clients' queries.
158 class LazyValueInfoCache {
159 /// This is all of the cached information for one basic block. It contains
160 /// the per-value lattice elements, as well as a separate set for
161 /// overdefined values to reduce memory usage. Additionally pointers
162 /// dereferenced in the block are cached for nullability queries.
163 struct BlockCacheEntry {
164 SmallDenseMap<AssertingVH<Value>, ValueLatticeElement, 4> LatticeElements;
165 SmallDenseSet<AssertingVH<Value>, 4> OverDefined;
166 // None indicates that the nonnull pointers for this basic block
167 // block have not been computed yet.
168 Optional<NonNullPointerSet> NonNullPointers;
169 };
170
171 /// Cached information per basic block.
172 DenseMap<PoisoningVH<BasicBlock>, std::unique_ptr<BlockCacheEntry>>
173 BlockCache;
174 /// Set of value handles used to erase values from the cache on deletion.
175 DenseSet<LVIValueHandle, DenseMapInfo<Value *>> ValueHandles;
176
getBlockEntry(BasicBlock * BB) const177 const BlockCacheEntry *getBlockEntry(BasicBlock *BB) const {
178 auto It = BlockCache.find_as(BB);
179 if (It == BlockCache.end())
180 return nullptr;
181 return It->second.get();
182 }
183
getOrCreateBlockEntry(BasicBlock * BB)184 BlockCacheEntry *getOrCreateBlockEntry(BasicBlock *BB) {
185 auto It = BlockCache.find_as(BB);
186 if (It == BlockCache.end())
187 It = BlockCache.insert({ BB, std::make_unique<BlockCacheEntry>() })
188 .first;
189
190 return It->second.get();
191 }
192
addValueHandle(Value * Val)193 void addValueHandle(Value *Val) {
194 auto HandleIt = ValueHandles.find_as(Val);
195 if (HandleIt == ValueHandles.end())
196 ValueHandles.insert({ Val, this });
197 }
198
199 public:
insertResult(Value * Val,BasicBlock * BB,const ValueLatticeElement & Result)200 void insertResult(Value *Val, BasicBlock *BB,
201 const ValueLatticeElement &Result) {
202 BlockCacheEntry *Entry = getOrCreateBlockEntry(BB);
203
204 // Insert over-defined values into their own cache to reduce memory
205 // overhead.
206 if (Result.isOverdefined())
207 Entry->OverDefined.insert(Val);
208 else
209 Entry->LatticeElements.insert({ Val, Result });
210
211 addValueHandle(Val);
212 }
213
getCachedValueInfo(Value * V,BasicBlock * BB) const214 Optional<ValueLatticeElement> getCachedValueInfo(Value *V,
215 BasicBlock *BB) const {
216 const BlockCacheEntry *Entry = getBlockEntry(BB);
217 if (!Entry)
218 return None;
219
220 if (Entry->OverDefined.count(V))
221 return ValueLatticeElement::getOverdefined();
222
223 auto LatticeIt = Entry->LatticeElements.find_as(V);
224 if (LatticeIt == Entry->LatticeElements.end())
225 return None;
226
227 return LatticeIt->second;
228 }
229
isNonNullAtEndOfBlock(Value * V,BasicBlock * BB,function_ref<NonNullPointerSet (BasicBlock *)> InitFn)230 bool isNonNullAtEndOfBlock(
231 Value *V, BasicBlock *BB,
232 function_ref<NonNullPointerSet(BasicBlock *)> InitFn) {
233 BlockCacheEntry *Entry = getOrCreateBlockEntry(BB);
234 if (!Entry->NonNullPointers) {
235 Entry->NonNullPointers = InitFn(BB);
236 for (Value *V : *Entry->NonNullPointers)
237 addValueHandle(V);
238 }
239
240 return Entry->NonNullPointers->count(V);
241 }
242
243 /// clear - Empty the cache.
clear()244 void clear() {
245 BlockCache.clear();
246 ValueHandles.clear();
247 }
248
249 /// Inform the cache that a given value has been deleted.
250 void eraseValue(Value *V);
251
252 /// This is part of the update interface to inform the cache
253 /// that a block has been deleted.
254 void eraseBlock(BasicBlock *BB);
255
256 /// Updates the cache to remove any influence an overdefined value in
257 /// OldSucc might have (unless also overdefined in NewSucc). This just
258 /// flushes elements from the cache and does not add any.
259 void threadEdgeImpl(BasicBlock *OldSucc,BasicBlock *NewSucc);
260 };
261 }
262
eraseValue(Value * V)263 void LazyValueInfoCache::eraseValue(Value *V) {
264 for (auto &Pair : BlockCache) {
265 Pair.second->LatticeElements.erase(V);
266 Pair.second->OverDefined.erase(V);
267 if (Pair.second->NonNullPointers)
268 Pair.second->NonNullPointers->erase(V);
269 }
270
271 auto HandleIt = ValueHandles.find_as(V);
272 if (HandleIt != ValueHandles.end())
273 ValueHandles.erase(HandleIt);
274 }
275
deleted()276 void LVIValueHandle::deleted() {
277 // This erasure deallocates *this, so it MUST happen after we're done
278 // using any and all members of *this.
279 Parent->eraseValue(*this);
280 }
281
eraseBlock(BasicBlock * BB)282 void LazyValueInfoCache::eraseBlock(BasicBlock *BB) {
283 BlockCache.erase(BB);
284 }
285
threadEdgeImpl(BasicBlock * OldSucc,BasicBlock * NewSucc)286 void LazyValueInfoCache::threadEdgeImpl(BasicBlock *OldSucc,
287 BasicBlock *NewSucc) {
288 // When an edge in the graph has been threaded, values that we could not
289 // determine a value for before (i.e. were marked overdefined) may be
290 // possible to solve now. We do NOT try to proactively update these values.
291 // Instead, we clear their entries from the cache, and allow lazy updating to
292 // recompute them when needed.
293
294 // The updating process is fairly simple: we need to drop cached info
295 // for all values that were marked overdefined in OldSucc, and for those same
296 // values in any successor of OldSucc (except NewSucc) in which they were
297 // also marked overdefined.
298 std::vector<BasicBlock*> worklist;
299 worklist.push_back(OldSucc);
300
301 const BlockCacheEntry *Entry = getBlockEntry(OldSucc);
302 if (!Entry || Entry->OverDefined.empty())
303 return; // Nothing to process here.
304 SmallVector<Value *, 4> ValsToClear(Entry->OverDefined.begin(),
305 Entry->OverDefined.end());
306
307 // Use a worklist to perform a depth-first search of OldSucc's successors.
308 // NOTE: We do not need a visited list since any blocks we have already
309 // visited will have had their overdefined markers cleared already, and we
310 // thus won't loop to their successors.
311 while (!worklist.empty()) {
312 BasicBlock *ToUpdate = worklist.back();
313 worklist.pop_back();
314
315 // Skip blocks only accessible through NewSucc.
316 if (ToUpdate == NewSucc) continue;
317
318 // If a value was marked overdefined in OldSucc, and is here too...
319 auto OI = BlockCache.find_as(ToUpdate);
320 if (OI == BlockCache.end() || OI->second->OverDefined.empty())
321 continue;
322 auto &ValueSet = OI->second->OverDefined;
323
324 bool changed = false;
325 for (Value *V : ValsToClear) {
326 if (!ValueSet.erase(V))
327 continue;
328
329 // If we removed anything, then we potentially need to update
330 // blocks successors too.
331 changed = true;
332 }
333
334 if (!changed) continue;
335
336 worklist.insert(worklist.end(), succ_begin(ToUpdate), succ_end(ToUpdate));
337 }
338 }
339
340
341 namespace {
342 /// An assembly annotator class to print LazyValueCache information in
343 /// comments.
344 class LazyValueInfoImpl;
345 class LazyValueInfoAnnotatedWriter : public AssemblyAnnotationWriter {
346 LazyValueInfoImpl *LVIImpl;
347 // While analyzing which blocks we can solve values for, we need the dominator
348 // information.
349 DominatorTree &DT;
350
351 public:
LazyValueInfoAnnotatedWriter(LazyValueInfoImpl * L,DominatorTree & DTree)352 LazyValueInfoAnnotatedWriter(LazyValueInfoImpl *L, DominatorTree &DTree)
353 : LVIImpl(L), DT(DTree) {}
354
355 void emitBasicBlockStartAnnot(const BasicBlock *BB,
356 formatted_raw_ostream &OS) override;
357
358 void emitInstructionAnnot(const Instruction *I,
359 formatted_raw_ostream &OS) override;
360 };
361 }
362 namespace {
363 // The actual implementation of the lazy analysis and update. Note that the
364 // inheritance from LazyValueInfoCache is intended to be temporary while
365 // splitting the code and then transitioning to a has-a relationship.
366 class LazyValueInfoImpl {
367
368 /// Cached results from previous queries
369 LazyValueInfoCache TheCache;
370
371 /// This stack holds the state of the value solver during a query.
372 /// It basically emulates the callstack of the naive
373 /// recursive value lookup process.
374 SmallVector<std::pair<BasicBlock*, Value*>, 8> BlockValueStack;
375
376 /// Keeps track of which block-value pairs are in BlockValueStack.
377 DenseSet<std::pair<BasicBlock*, Value*> > BlockValueSet;
378
379 /// Push BV onto BlockValueStack unless it's already in there.
380 /// Returns true on success.
pushBlockValue(const std::pair<BasicBlock *,Value * > & BV)381 bool pushBlockValue(const std::pair<BasicBlock *, Value *> &BV) {
382 if (!BlockValueSet.insert(BV).second)
383 return false; // It's already in the stack.
384
385 LLVM_DEBUG(dbgs() << "PUSH: " << *BV.second << " in "
386 << BV.first->getName() << "\n");
387 BlockValueStack.push_back(BV);
388 return true;
389 }
390
391 AssumptionCache *AC; ///< A pointer to the cache of @llvm.assume calls.
392 const DataLayout &DL; ///< A mandatory DataLayout
393
394 /// Declaration of the llvm.experimental.guard() intrinsic,
395 /// if it exists in the module.
396 Function *GuardDecl;
397
398 Optional<ValueLatticeElement> getBlockValue(Value *Val, BasicBlock *BB);
399 Optional<ValueLatticeElement> getEdgeValue(Value *V, BasicBlock *F,
400 BasicBlock *T, Instruction *CxtI = nullptr);
401
402 // These methods process one work item and may add more. A false value
403 // returned means that the work item was not completely processed and must
404 // be revisited after going through the new items.
405 bool solveBlockValue(Value *Val, BasicBlock *BB);
406 Optional<ValueLatticeElement> solveBlockValueImpl(Value *Val, BasicBlock *BB);
407 Optional<ValueLatticeElement> solveBlockValueNonLocal(Value *Val,
408 BasicBlock *BB);
409 Optional<ValueLatticeElement> solveBlockValuePHINode(PHINode *PN,
410 BasicBlock *BB);
411 Optional<ValueLatticeElement> solveBlockValueSelect(SelectInst *S,
412 BasicBlock *BB);
413 Optional<ConstantRange> getRangeFor(Value *V, Instruction *CxtI,
414 BasicBlock *BB);
415 Optional<ValueLatticeElement> solveBlockValueBinaryOpImpl(
416 Instruction *I, BasicBlock *BB,
417 std::function<ConstantRange(const ConstantRange &,
418 const ConstantRange &)> OpFn);
419 Optional<ValueLatticeElement> solveBlockValueBinaryOp(BinaryOperator *BBI,
420 BasicBlock *BB);
421 Optional<ValueLatticeElement> solveBlockValueCast(CastInst *CI,
422 BasicBlock *BB);
423 Optional<ValueLatticeElement> solveBlockValueOverflowIntrinsic(
424 WithOverflowInst *WO, BasicBlock *BB);
425 Optional<ValueLatticeElement> solveBlockValueIntrinsic(IntrinsicInst *II,
426 BasicBlock *BB);
427 Optional<ValueLatticeElement> solveBlockValueExtractValue(
428 ExtractValueInst *EVI, BasicBlock *BB);
429 bool isNonNullAtEndOfBlock(Value *Val, BasicBlock *BB);
430 void intersectAssumeOrGuardBlockValueConstantRange(Value *Val,
431 ValueLatticeElement &BBLV,
432 Instruction *BBI);
433
434 void solve();
435
436 public:
437 /// This is the query interface to determine the lattice value for the
438 /// specified Value* at the context instruction (if specified) or at the
439 /// start of the block.
440 ValueLatticeElement getValueInBlock(Value *V, BasicBlock *BB,
441 Instruction *CxtI = nullptr);
442
443 /// This is the query interface to determine the lattice value for the
444 /// specified Value* at the specified instruction using only information
445 /// from assumes/guards and range metadata. Unlike getValueInBlock(), no
446 /// recursive query is performed.
447 ValueLatticeElement getValueAt(Value *V, Instruction *CxtI);
448
449 /// This is the query interface to determine the lattice
450 /// value for the specified Value* that is true on the specified edge.
451 ValueLatticeElement getValueOnEdge(Value *V, BasicBlock *FromBB,
452 BasicBlock *ToBB,
453 Instruction *CxtI = nullptr);
454
455 /// Complete flush all previously computed values
clear()456 void clear() {
457 TheCache.clear();
458 }
459
460 /// Printing the LazyValueInfo Analysis.
printLVI(Function & F,DominatorTree & DTree,raw_ostream & OS)461 void printLVI(Function &F, DominatorTree &DTree, raw_ostream &OS) {
462 LazyValueInfoAnnotatedWriter Writer(this, DTree);
463 F.print(OS, &Writer);
464 }
465
466 /// This is part of the update interface to inform the cache
467 /// that a block has been deleted.
eraseBlock(BasicBlock * BB)468 void eraseBlock(BasicBlock *BB) {
469 TheCache.eraseBlock(BB);
470 }
471
472 /// This is the update interface to inform the cache that an edge from
473 /// PredBB to OldSucc has been threaded to be from PredBB to NewSucc.
474 void threadEdge(BasicBlock *PredBB,BasicBlock *OldSucc,BasicBlock *NewSucc);
475
LazyValueInfoImpl(AssumptionCache * AC,const DataLayout & DL,Function * GuardDecl)476 LazyValueInfoImpl(AssumptionCache *AC, const DataLayout &DL,
477 Function *GuardDecl)
478 : AC(AC), DL(DL), GuardDecl(GuardDecl) {}
479 };
480 } // end anonymous namespace
481
482
solve()483 void LazyValueInfoImpl::solve() {
484 SmallVector<std::pair<BasicBlock *, Value *>, 8> StartingStack(
485 BlockValueStack.begin(), BlockValueStack.end());
486
487 unsigned processedCount = 0;
488 while (!BlockValueStack.empty()) {
489 processedCount++;
490 // Abort if we have to process too many values to get a result for this one.
491 // Because of the design of the overdefined cache currently being per-block
492 // to avoid naming-related issues (IE it wants to try to give different
493 // results for the same name in different blocks), overdefined results don't
494 // get cached globally, which in turn means we will often try to rediscover
495 // the same overdefined result again and again. Once something like
496 // PredicateInfo is used in LVI or CVP, we should be able to make the
497 // overdefined cache global, and remove this throttle.
498 if (processedCount > MaxProcessedPerValue) {
499 LLVM_DEBUG(
500 dbgs() << "Giving up on stack because we are getting too deep\n");
501 // Fill in the original values
502 while (!StartingStack.empty()) {
503 std::pair<BasicBlock *, Value *> &e = StartingStack.back();
504 TheCache.insertResult(e.second, e.first,
505 ValueLatticeElement::getOverdefined());
506 StartingStack.pop_back();
507 }
508 BlockValueSet.clear();
509 BlockValueStack.clear();
510 return;
511 }
512 std::pair<BasicBlock *, Value *> e = BlockValueStack.back();
513 assert(BlockValueSet.count(e) && "Stack value should be in BlockValueSet!");
514
515 if (solveBlockValue(e.second, e.first)) {
516 // The work item was completely processed.
517 assert(BlockValueStack.back() == e && "Nothing should have been pushed!");
518 #ifndef NDEBUG
519 Optional<ValueLatticeElement> BBLV =
520 TheCache.getCachedValueInfo(e.second, e.first);
521 assert(BBLV && "Result should be in cache!");
522 LLVM_DEBUG(
523 dbgs() << "POP " << *e.second << " in " << e.first->getName() << " = "
524 << *BBLV << "\n");
525 #endif
526
527 BlockValueStack.pop_back();
528 BlockValueSet.erase(e);
529 } else {
530 // More work needs to be done before revisiting.
531 assert(BlockValueStack.back() != e && "Stack should have been pushed!");
532 }
533 }
534 }
535
getBlockValue(Value * Val,BasicBlock * BB)536 Optional<ValueLatticeElement> LazyValueInfoImpl::getBlockValue(Value *Val,
537 BasicBlock *BB) {
538 // If already a constant, there is nothing to compute.
539 if (Constant *VC = dyn_cast<Constant>(Val))
540 return ValueLatticeElement::get(VC);
541
542 if (Optional<ValueLatticeElement> OptLatticeVal =
543 TheCache.getCachedValueInfo(Val, BB))
544 return OptLatticeVal;
545
546 // We have hit a cycle, assume overdefined.
547 if (!pushBlockValue({ BB, Val }))
548 return ValueLatticeElement::getOverdefined();
549
550 // Yet to be resolved.
551 return None;
552 }
553
getFromRangeMetadata(Instruction * BBI)554 static ValueLatticeElement getFromRangeMetadata(Instruction *BBI) {
555 switch (BBI->getOpcode()) {
556 default: break;
557 case Instruction::Load:
558 case Instruction::Call:
559 case Instruction::Invoke:
560 if (MDNode *Ranges = BBI->getMetadata(LLVMContext::MD_range))
561 if (isa<IntegerType>(BBI->getType())) {
562 return ValueLatticeElement::getRange(
563 getConstantRangeFromMetadata(*Ranges));
564 }
565 break;
566 };
567 // Nothing known - will be intersected with other facts
568 return ValueLatticeElement::getOverdefined();
569 }
570
solveBlockValue(Value * Val,BasicBlock * BB)571 bool LazyValueInfoImpl::solveBlockValue(Value *Val, BasicBlock *BB) {
572 assert(!isa<Constant>(Val) && "Value should not be constant");
573 assert(!TheCache.getCachedValueInfo(Val, BB) &&
574 "Value should not be in cache");
575
576 // Hold off inserting this value into the Cache in case we have to return
577 // false and come back later.
578 Optional<ValueLatticeElement> Res = solveBlockValueImpl(Val, BB);
579 if (!Res)
580 // Work pushed, will revisit
581 return false;
582
583 TheCache.insertResult(Val, BB, *Res);
584 return true;
585 }
586
solveBlockValueImpl(Value * Val,BasicBlock * BB)587 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueImpl(
588 Value *Val, BasicBlock *BB) {
589 Instruction *BBI = dyn_cast<Instruction>(Val);
590 if (!BBI || BBI->getParent() != BB)
591 return solveBlockValueNonLocal(Val, BB);
592
593 if (PHINode *PN = dyn_cast<PHINode>(BBI))
594 return solveBlockValuePHINode(PN, BB);
595
596 if (auto *SI = dyn_cast<SelectInst>(BBI))
597 return solveBlockValueSelect(SI, BB);
598
599 // If this value is a nonnull pointer, record it's range and bailout. Note
600 // that for all other pointer typed values, we terminate the search at the
601 // definition. We could easily extend this to look through geps, bitcasts,
602 // and the like to prove non-nullness, but it's not clear that's worth it
603 // compile time wise. The context-insensitive value walk done inside
604 // isKnownNonZero gets most of the profitable cases at much less expense.
605 // This does mean that we have a sensitivity to where the defining
606 // instruction is placed, even if it could legally be hoisted much higher.
607 // That is unfortunate.
608 PointerType *PT = dyn_cast<PointerType>(BBI->getType());
609 if (PT && isKnownNonZero(BBI, DL))
610 return ValueLatticeElement::getNot(ConstantPointerNull::get(PT));
611
612 if (BBI->getType()->isIntegerTy()) {
613 if (auto *CI = dyn_cast<CastInst>(BBI))
614 return solveBlockValueCast(CI, BB);
615
616 if (BinaryOperator *BO = dyn_cast<BinaryOperator>(BBI))
617 return solveBlockValueBinaryOp(BO, BB);
618
619 if (auto *EVI = dyn_cast<ExtractValueInst>(BBI))
620 return solveBlockValueExtractValue(EVI, BB);
621
622 if (auto *II = dyn_cast<IntrinsicInst>(BBI))
623 return solveBlockValueIntrinsic(II, BB);
624 }
625
626 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName()
627 << "' - unknown inst def found.\n");
628 return getFromRangeMetadata(BBI);
629 }
630
AddNonNullPointer(Value * Ptr,NonNullPointerSet & PtrSet)631 static void AddNonNullPointer(Value *Ptr, NonNullPointerSet &PtrSet) {
632 // TODO: Use NullPointerIsDefined instead.
633 if (Ptr->getType()->getPointerAddressSpace() == 0)
634 PtrSet.insert(getUnderlyingObject(Ptr));
635 }
636
AddNonNullPointersByInstruction(Instruction * I,NonNullPointerSet & PtrSet)637 static void AddNonNullPointersByInstruction(
638 Instruction *I, NonNullPointerSet &PtrSet) {
639 if (LoadInst *L = dyn_cast<LoadInst>(I)) {
640 AddNonNullPointer(L->getPointerOperand(), PtrSet);
641 } else if (StoreInst *S = dyn_cast<StoreInst>(I)) {
642 AddNonNullPointer(S->getPointerOperand(), PtrSet);
643 } else if (MemIntrinsic *MI = dyn_cast<MemIntrinsic>(I)) {
644 if (MI->isVolatile()) return;
645
646 // FIXME: check whether it has a valuerange that excludes zero?
647 ConstantInt *Len = dyn_cast<ConstantInt>(MI->getLength());
648 if (!Len || Len->isZero()) return;
649
650 AddNonNullPointer(MI->getRawDest(), PtrSet);
651 if (MemTransferInst *MTI = dyn_cast<MemTransferInst>(MI))
652 AddNonNullPointer(MTI->getRawSource(), PtrSet);
653 }
654 }
655
isNonNullAtEndOfBlock(Value * Val,BasicBlock * BB)656 bool LazyValueInfoImpl::isNonNullAtEndOfBlock(Value *Val, BasicBlock *BB) {
657 if (NullPointerIsDefined(BB->getParent(),
658 Val->getType()->getPointerAddressSpace()))
659 return false;
660
661 Val = getUnderlyingObject(Val);
662 return TheCache.isNonNullAtEndOfBlock(Val, BB, [](BasicBlock *BB) {
663 NonNullPointerSet NonNullPointers;
664 for (Instruction &I : *BB)
665 AddNonNullPointersByInstruction(&I, NonNullPointers);
666 return NonNullPointers;
667 });
668 }
669
solveBlockValueNonLocal(Value * Val,BasicBlock * BB)670 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueNonLocal(
671 Value *Val, BasicBlock *BB) {
672 ValueLatticeElement Result; // Start Undefined.
673
674 // If this is the entry block, we must be asking about an argument. The
675 // value is overdefined.
676 if (BB == &BB->getParent()->getEntryBlock()) {
677 assert(isa<Argument>(Val) && "Unknown live-in to the entry block");
678 return ValueLatticeElement::getOverdefined();
679 }
680
681 // Loop over all of our predecessors, merging what we know from them into
682 // result. If we encounter an unexplored predecessor, we eagerly explore it
683 // in a depth first manner. In practice, this has the effect of discovering
684 // paths we can't analyze eagerly without spending compile times analyzing
685 // other paths. This heuristic benefits from the fact that predecessors are
686 // frequently arranged such that dominating ones come first and we quickly
687 // find a path to function entry. TODO: We should consider explicitly
688 // canonicalizing to make this true rather than relying on this happy
689 // accident.
690 for (pred_iterator PI = pred_begin(BB), E = pred_end(BB); PI != E; ++PI) {
691 Optional<ValueLatticeElement> EdgeResult = getEdgeValue(Val, *PI, BB);
692 if (!EdgeResult)
693 // Explore that input, then return here
694 return None;
695
696 Result.mergeIn(*EdgeResult);
697
698 // If we hit overdefined, exit early. The BlockVals entry is already set
699 // to overdefined.
700 if (Result.isOverdefined()) {
701 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName()
702 << "' - overdefined because of pred (non local).\n");
703 return Result;
704 }
705 }
706
707 // Return the merged value, which is more precise than 'overdefined'.
708 assert(!Result.isOverdefined());
709 return Result;
710 }
711
solveBlockValuePHINode(PHINode * PN,BasicBlock * BB)712 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValuePHINode(
713 PHINode *PN, BasicBlock *BB) {
714 ValueLatticeElement Result; // Start Undefined.
715
716 // Loop over all of our predecessors, merging what we know from them into
717 // result. See the comment about the chosen traversal order in
718 // solveBlockValueNonLocal; the same reasoning applies here.
719 for (unsigned i = 0, e = PN->getNumIncomingValues(); i != e; ++i) {
720 BasicBlock *PhiBB = PN->getIncomingBlock(i);
721 Value *PhiVal = PN->getIncomingValue(i);
722 // Note that we can provide PN as the context value to getEdgeValue, even
723 // though the results will be cached, because PN is the value being used as
724 // the cache key in the caller.
725 Optional<ValueLatticeElement> EdgeResult =
726 getEdgeValue(PhiVal, PhiBB, BB, PN);
727 if (!EdgeResult)
728 // Explore that input, then return here
729 return None;
730
731 Result.mergeIn(*EdgeResult);
732
733 // If we hit overdefined, exit early. The BlockVals entry is already set
734 // to overdefined.
735 if (Result.isOverdefined()) {
736 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName()
737 << "' - overdefined because of pred (local).\n");
738
739 return Result;
740 }
741 }
742
743 // Return the merged value, which is more precise than 'overdefined'.
744 assert(!Result.isOverdefined() && "Possible PHI in entry block?");
745 return Result;
746 }
747
748 static ValueLatticeElement getValueFromCondition(Value *Val, Value *Cond,
749 bool isTrueDest = true);
750
751 // If we can determine a constraint on the value given conditions assumed by
752 // the program, intersect those constraints with BBLV
intersectAssumeOrGuardBlockValueConstantRange(Value * Val,ValueLatticeElement & BBLV,Instruction * BBI)753 void LazyValueInfoImpl::intersectAssumeOrGuardBlockValueConstantRange(
754 Value *Val, ValueLatticeElement &BBLV, Instruction *BBI) {
755 BBI = BBI ? BBI : dyn_cast<Instruction>(Val);
756 if (!BBI)
757 return;
758
759 BasicBlock *BB = BBI->getParent();
760 for (auto &AssumeVH : AC->assumptionsFor(Val)) {
761 if (!AssumeVH)
762 continue;
763
764 // Only check assumes in the block of the context instruction. Other
765 // assumes will have already been taken into account when the value was
766 // propagated from predecessor blocks.
767 auto *I = cast<CallInst>(AssumeVH);
768 if (I->getParent() != BB || !isValidAssumeForContext(I, BBI))
769 continue;
770
771 BBLV = intersect(BBLV, getValueFromCondition(Val, I->getArgOperand(0)));
772 }
773
774 // If guards are not used in the module, don't spend time looking for them
775 if (GuardDecl && !GuardDecl->use_empty() &&
776 BBI->getIterator() != BB->begin()) {
777 for (Instruction &I : make_range(std::next(BBI->getIterator().getReverse()),
778 BB->rend())) {
779 Value *Cond = nullptr;
780 if (match(&I, m_Intrinsic<Intrinsic::experimental_guard>(m_Value(Cond))))
781 BBLV = intersect(BBLV, getValueFromCondition(Val, Cond));
782 }
783 }
784
785 if (BBLV.isOverdefined()) {
786 // Check whether we're checking at the terminator, and the pointer has
787 // been dereferenced in this block.
788 PointerType *PTy = dyn_cast<PointerType>(Val->getType());
789 if (PTy && BB->getTerminator() == BBI &&
790 isNonNullAtEndOfBlock(Val, BB))
791 BBLV = ValueLatticeElement::getNot(ConstantPointerNull::get(PTy));
792 }
793 }
794
solveBlockValueSelect(SelectInst * SI,BasicBlock * BB)795 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueSelect(
796 SelectInst *SI, BasicBlock *BB) {
797 // Recurse on our inputs if needed
798 Optional<ValueLatticeElement> OptTrueVal =
799 getBlockValue(SI->getTrueValue(), BB);
800 if (!OptTrueVal)
801 return None;
802 ValueLatticeElement &TrueVal = *OptTrueVal;
803
804 // If we hit overdefined, don't ask more queries. We want to avoid poisoning
805 // extra slots in the table if we can.
806 if (TrueVal.isOverdefined())
807 return ValueLatticeElement::getOverdefined();
808
809 Optional<ValueLatticeElement> OptFalseVal =
810 getBlockValue(SI->getFalseValue(), BB);
811 if (!OptFalseVal)
812 return None;
813 ValueLatticeElement &FalseVal = *OptFalseVal;
814
815 // If we hit overdefined, don't ask more queries. We want to avoid poisoning
816 // extra slots in the table if we can.
817 if (FalseVal.isOverdefined())
818 return ValueLatticeElement::getOverdefined();
819
820 if (TrueVal.isConstantRange() && FalseVal.isConstantRange()) {
821 const ConstantRange &TrueCR = TrueVal.getConstantRange();
822 const ConstantRange &FalseCR = FalseVal.getConstantRange();
823 Value *LHS = nullptr;
824 Value *RHS = nullptr;
825 SelectPatternResult SPR = matchSelectPattern(SI, LHS, RHS);
826 // Is this a min specifically of our two inputs? (Avoid the risk of
827 // ValueTracking getting smarter looking back past our immediate inputs.)
828 if (SelectPatternResult::isMinOrMax(SPR.Flavor) &&
829 LHS == SI->getTrueValue() && RHS == SI->getFalseValue()) {
830 ConstantRange ResultCR = [&]() {
831 switch (SPR.Flavor) {
832 default:
833 llvm_unreachable("unexpected minmax type!");
834 case SPF_SMIN: /// Signed minimum
835 return TrueCR.smin(FalseCR);
836 case SPF_UMIN: /// Unsigned minimum
837 return TrueCR.umin(FalseCR);
838 case SPF_SMAX: /// Signed maximum
839 return TrueCR.smax(FalseCR);
840 case SPF_UMAX: /// Unsigned maximum
841 return TrueCR.umax(FalseCR);
842 };
843 }();
844 return ValueLatticeElement::getRange(
845 ResultCR, TrueVal.isConstantRangeIncludingUndef() |
846 FalseVal.isConstantRangeIncludingUndef());
847 }
848
849 if (SPR.Flavor == SPF_ABS) {
850 if (LHS == SI->getTrueValue())
851 return ValueLatticeElement::getRange(
852 TrueCR.abs(), TrueVal.isConstantRangeIncludingUndef());
853 if (LHS == SI->getFalseValue())
854 return ValueLatticeElement::getRange(
855 FalseCR.abs(), FalseVal.isConstantRangeIncludingUndef());
856 }
857
858 if (SPR.Flavor == SPF_NABS) {
859 ConstantRange Zero(APInt::getNullValue(TrueCR.getBitWidth()));
860 if (LHS == SI->getTrueValue())
861 return ValueLatticeElement::getRange(
862 Zero.sub(TrueCR.abs()), FalseVal.isConstantRangeIncludingUndef());
863 if (LHS == SI->getFalseValue())
864 return ValueLatticeElement::getRange(
865 Zero.sub(FalseCR.abs()), FalseVal.isConstantRangeIncludingUndef());
866 }
867 }
868
869 // Can we constrain the facts about the true and false values by using the
870 // condition itself? This shows up with idioms like e.g. select(a > 5, a, 5).
871 // TODO: We could potentially refine an overdefined true value above.
872 Value *Cond = SI->getCondition();
873 TrueVal = intersect(TrueVal,
874 getValueFromCondition(SI->getTrueValue(), Cond, true));
875 FalseVal = intersect(FalseVal,
876 getValueFromCondition(SI->getFalseValue(), Cond, false));
877
878 // Handle clamp idioms such as:
879 // %24 = constantrange<0, 17>
880 // %39 = icmp eq i32 %24, 0
881 // %40 = add i32 %24, -1
882 // %siv.next = select i1 %39, i32 16, i32 %40
883 // %siv.next = constantrange<0, 17> not <-1, 17>
884 // In general, this can handle any clamp idiom which tests the edge
885 // condition via an equality or inequality.
886 if (auto *ICI = dyn_cast<ICmpInst>(Cond)) {
887 ICmpInst::Predicate Pred = ICI->getPredicate();
888 Value *A = ICI->getOperand(0);
889 if (ConstantInt *CIBase = dyn_cast<ConstantInt>(ICI->getOperand(1))) {
890 auto addConstants = [](ConstantInt *A, ConstantInt *B) {
891 assert(A->getType() == B->getType());
892 return ConstantInt::get(A->getType(), A->getValue() + B->getValue());
893 };
894 // See if either input is A + C2, subject to the constraint from the
895 // condition that A != C when that input is used. We can assume that
896 // that input doesn't include C + C2.
897 ConstantInt *CIAdded;
898 switch (Pred) {
899 default: break;
900 case ICmpInst::ICMP_EQ:
901 if (match(SI->getFalseValue(), m_Add(m_Specific(A),
902 m_ConstantInt(CIAdded)))) {
903 auto ResNot = addConstants(CIBase, CIAdded);
904 FalseVal = intersect(FalseVal,
905 ValueLatticeElement::getNot(ResNot));
906 }
907 break;
908 case ICmpInst::ICMP_NE:
909 if (match(SI->getTrueValue(), m_Add(m_Specific(A),
910 m_ConstantInt(CIAdded)))) {
911 auto ResNot = addConstants(CIBase, CIAdded);
912 TrueVal = intersect(TrueVal,
913 ValueLatticeElement::getNot(ResNot));
914 }
915 break;
916 };
917 }
918 }
919
920 ValueLatticeElement Result = TrueVal;
921 Result.mergeIn(FalseVal);
922 return Result;
923 }
924
getRangeFor(Value * V,Instruction * CxtI,BasicBlock * BB)925 Optional<ConstantRange> LazyValueInfoImpl::getRangeFor(Value *V,
926 Instruction *CxtI,
927 BasicBlock *BB) {
928 Optional<ValueLatticeElement> OptVal = getBlockValue(V, BB);
929 if (!OptVal)
930 return None;
931
932 ValueLatticeElement &Val = *OptVal;
933 intersectAssumeOrGuardBlockValueConstantRange(V, Val, CxtI);
934 if (Val.isConstantRange())
935 return Val.getConstantRange();
936
937 const unsigned OperandBitWidth = DL.getTypeSizeInBits(V->getType());
938 return ConstantRange::getFull(OperandBitWidth);
939 }
940
solveBlockValueCast(CastInst * CI,BasicBlock * BB)941 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueCast(
942 CastInst *CI, BasicBlock *BB) {
943 // Without knowing how wide the input is, we can't analyze it in any useful
944 // way.
945 if (!CI->getOperand(0)->getType()->isSized())
946 return ValueLatticeElement::getOverdefined();
947
948 // Filter out casts we don't know how to reason about before attempting to
949 // recurse on our operand. This can cut a long search short if we know we're
950 // not going to be able to get any useful information anways.
951 switch (CI->getOpcode()) {
952 case Instruction::Trunc:
953 case Instruction::SExt:
954 case Instruction::ZExt:
955 case Instruction::BitCast:
956 break;
957 default:
958 // Unhandled instructions are overdefined.
959 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName()
960 << "' - overdefined (unknown cast).\n");
961 return ValueLatticeElement::getOverdefined();
962 }
963
964 // Figure out the range of the LHS. If that fails, we still apply the
965 // transfer rule on the full set since we may be able to locally infer
966 // interesting facts.
967 Optional<ConstantRange> LHSRes = getRangeFor(CI->getOperand(0), CI, BB);
968 if (!LHSRes.hasValue())
969 // More work to do before applying this transfer rule.
970 return None;
971 const ConstantRange &LHSRange = LHSRes.getValue();
972
973 const unsigned ResultBitWidth = CI->getType()->getIntegerBitWidth();
974
975 // NOTE: We're currently limited by the set of operations that ConstantRange
976 // can evaluate symbolically. Enhancing that set will allows us to analyze
977 // more definitions.
978 return ValueLatticeElement::getRange(LHSRange.castOp(CI->getOpcode(),
979 ResultBitWidth));
980 }
981
solveBlockValueBinaryOpImpl(Instruction * I,BasicBlock * BB,std::function<ConstantRange (const ConstantRange &,const ConstantRange &)> OpFn)982 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueBinaryOpImpl(
983 Instruction *I, BasicBlock *BB,
984 std::function<ConstantRange(const ConstantRange &,
985 const ConstantRange &)> OpFn) {
986 // Figure out the ranges of the operands. If that fails, use a
987 // conservative range, but apply the transfer rule anyways. This
988 // lets us pick up facts from expressions like "and i32 (call i32
989 // @foo()), 32"
990 Optional<ConstantRange> LHSRes = getRangeFor(I->getOperand(0), I, BB);
991 Optional<ConstantRange> RHSRes = getRangeFor(I->getOperand(1), I, BB);
992 if (!LHSRes.hasValue() || !RHSRes.hasValue())
993 // More work to do before applying this transfer rule.
994 return None;
995
996 const ConstantRange &LHSRange = LHSRes.getValue();
997 const ConstantRange &RHSRange = RHSRes.getValue();
998 return ValueLatticeElement::getRange(OpFn(LHSRange, RHSRange));
999 }
1000
solveBlockValueBinaryOp(BinaryOperator * BO,BasicBlock * BB)1001 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueBinaryOp(
1002 BinaryOperator *BO, BasicBlock *BB) {
1003 assert(BO->getOperand(0)->getType()->isSized() &&
1004 "all operands to binary operators are sized");
1005 if (BO->getOpcode() == Instruction::Xor) {
1006 // Xor is the only operation not supported by ConstantRange::binaryOp().
1007 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName()
1008 << "' - overdefined (unknown binary operator).\n");
1009 return ValueLatticeElement::getOverdefined();
1010 }
1011
1012 if (auto *OBO = dyn_cast<OverflowingBinaryOperator>(BO)) {
1013 unsigned NoWrapKind = 0;
1014 if (OBO->hasNoUnsignedWrap())
1015 NoWrapKind |= OverflowingBinaryOperator::NoUnsignedWrap;
1016 if (OBO->hasNoSignedWrap())
1017 NoWrapKind |= OverflowingBinaryOperator::NoSignedWrap;
1018
1019 return solveBlockValueBinaryOpImpl(
1020 BO, BB,
1021 [BO, NoWrapKind](const ConstantRange &CR1, const ConstantRange &CR2) {
1022 return CR1.overflowingBinaryOp(BO->getOpcode(), CR2, NoWrapKind);
1023 });
1024 }
1025
1026 return solveBlockValueBinaryOpImpl(
1027 BO, BB, [BO](const ConstantRange &CR1, const ConstantRange &CR2) {
1028 return CR1.binaryOp(BO->getOpcode(), CR2);
1029 });
1030 }
1031
1032 Optional<ValueLatticeElement>
solveBlockValueOverflowIntrinsic(WithOverflowInst * WO,BasicBlock * BB)1033 LazyValueInfoImpl::solveBlockValueOverflowIntrinsic(WithOverflowInst *WO,
1034 BasicBlock *BB) {
1035 return solveBlockValueBinaryOpImpl(
1036 WO, BB, [WO](const ConstantRange &CR1, const ConstantRange &CR2) {
1037 return CR1.binaryOp(WO->getBinaryOp(), CR2);
1038 });
1039 }
1040
solveBlockValueIntrinsic(IntrinsicInst * II,BasicBlock * BB)1041 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueIntrinsic(
1042 IntrinsicInst *II, BasicBlock *BB) {
1043 if (!ConstantRange::isIntrinsicSupported(II->getIntrinsicID())) {
1044 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName()
1045 << "' - overdefined (unknown intrinsic).\n");
1046 return ValueLatticeElement::getOverdefined();
1047 }
1048
1049 SmallVector<ConstantRange, 2> OpRanges;
1050 for (Value *Op : II->args()) {
1051 Optional<ConstantRange> Range = getRangeFor(Op, II, BB);
1052 if (!Range)
1053 return None;
1054 OpRanges.push_back(*Range);
1055 }
1056
1057 return ValueLatticeElement::getRange(
1058 ConstantRange::intrinsic(II->getIntrinsicID(), OpRanges));
1059 }
1060
solveBlockValueExtractValue(ExtractValueInst * EVI,BasicBlock * BB)1061 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueExtractValue(
1062 ExtractValueInst *EVI, BasicBlock *BB) {
1063 if (auto *WO = dyn_cast<WithOverflowInst>(EVI->getAggregateOperand()))
1064 if (EVI->getNumIndices() == 1 && *EVI->idx_begin() == 0)
1065 return solveBlockValueOverflowIntrinsic(WO, BB);
1066
1067 // Handle extractvalue of insertvalue to allow further simplification
1068 // based on replaced with.overflow intrinsics.
1069 if (Value *V = SimplifyExtractValueInst(
1070 EVI->getAggregateOperand(), EVI->getIndices(),
1071 EVI->getModule()->getDataLayout()))
1072 return getBlockValue(V, BB);
1073
1074 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName()
1075 << "' - overdefined (unknown extractvalue).\n");
1076 return ValueLatticeElement::getOverdefined();
1077 }
1078
matchICmpOperand(const APInt * & Offset,Value * LHS,Value * Val,ICmpInst::Predicate Pred)1079 static bool matchICmpOperand(const APInt *&Offset, Value *LHS, Value *Val,
1080 ICmpInst::Predicate Pred) {
1081 if (LHS == Val)
1082 return true;
1083
1084 // Handle range checking idiom produced by InstCombine. We will subtract the
1085 // offset from the allowed range for RHS in this case.
1086 if (match(LHS, m_Add(m_Specific(Val), m_APInt(Offset))))
1087 return true;
1088
1089 // If (x | y) < C, then (x < C) && (y < C).
1090 if (match(LHS, m_c_Or(m_Specific(Val), m_Value())) &&
1091 (Pred == ICmpInst::ICMP_ULT || Pred == ICmpInst::ICMP_ULE))
1092 return true;
1093
1094 // If (x & y) > C, then (x > C) && (y > C).
1095 if (match(LHS, m_c_And(m_Specific(Val), m_Value())) &&
1096 (Pred == ICmpInst::ICMP_UGT || Pred == ICmpInst::ICMP_UGE))
1097 return true;
1098
1099 return false;
1100 }
1101
1102 /// Get value range for a "(Val + Offset) Pred RHS" condition.
getValueFromSimpleICmpCondition(CmpInst::Predicate Pred,Value * RHS,const APInt * Offset)1103 static ValueLatticeElement getValueFromSimpleICmpCondition(
1104 CmpInst::Predicate Pred, Value *RHS, const APInt *Offset) {
1105 ConstantRange RHSRange(RHS->getType()->getIntegerBitWidth(),
1106 /*isFullSet=*/true);
1107 if (ConstantInt *CI = dyn_cast<ConstantInt>(RHS))
1108 RHSRange = ConstantRange(CI->getValue());
1109 else if (Instruction *I = dyn_cast<Instruction>(RHS))
1110 if (auto *Ranges = I->getMetadata(LLVMContext::MD_range))
1111 RHSRange = getConstantRangeFromMetadata(*Ranges);
1112
1113 ConstantRange TrueValues =
1114 ConstantRange::makeAllowedICmpRegion(Pred, RHSRange);
1115
1116 if (Offset)
1117 TrueValues = TrueValues.subtract(*Offset);
1118
1119 return ValueLatticeElement::getRange(std::move(TrueValues));
1120 }
1121
getValueFromICmpCondition(Value * Val,ICmpInst * ICI,bool isTrueDest)1122 static ValueLatticeElement getValueFromICmpCondition(Value *Val, ICmpInst *ICI,
1123 bool isTrueDest) {
1124 Value *LHS = ICI->getOperand(0);
1125 Value *RHS = ICI->getOperand(1);
1126
1127 // Get the predicate that must hold along the considered edge.
1128 CmpInst::Predicate EdgePred =
1129 isTrueDest ? ICI->getPredicate() : ICI->getInversePredicate();
1130
1131 if (isa<Constant>(RHS)) {
1132 if (ICI->isEquality() && LHS == Val) {
1133 if (EdgePred == ICmpInst::ICMP_EQ)
1134 return ValueLatticeElement::get(cast<Constant>(RHS));
1135 else if (!isa<UndefValue>(RHS))
1136 return ValueLatticeElement::getNot(cast<Constant>(RHS));
1137 }
1138 }
1139
1140 if (!Val->getType()->isIntegerTy())
1141 return ValueLatticeElement::getOverdefined();
1142
1143 const APInt *Offset = nullptr;
1144 if (matchICmpOperand(Offset, LHS, Val, EdgePred))
1145 return getValueFromSimpleICmpCondition(EdgePred, RHS, Offset);
1146
1147 CmpInst::Predicate SwappedPred = CmpInst::getSwappedPredicate(EdgePred);
1148 if (matchICmpOperand(Offset, RHS, Val, SwappedPred))
1149 return getValueFromSimpleICmpCondition(SwappedPred, LHS, Offset);
1150
1151 // If (Val & Mask) == C then all the masked bits are known and we can compute
1152 // a value range based on that.
1153 const APInt *Mask, *C;
1154 if (EdgePred == ICmpInst::ICMP_EQ &&
1155 match(LHS, m_And(m_Specific(Val), m_APInt(Mask))) &&
1156 match(RHS, m_APInt(C))) {
1157 KnownBits Known;
1158 Known.Zero = ~*C & *Mask;
1159 Known.One = *C & *Mask;
1160 return ValueLatticeElement::getRange(
1161 ConstantRange::fromKnownBits(Known, /*IsSigned*/ false));
1162 }
1163
1164 return ValueLatticeElement::getOverdefined();
1165 }
1166
1167 // Handle conditions of the form
1168 // extractvalue(op.with.overflow(%x, C), 1).
getValueFromOverflowCondition(Value * Val,WithOverflowInst * WO,bool IsTrueDest)1169 static ValueLatticeElement getValueFromOverflowCondition(
1170 Value *Val, WithOverflowInst *WO, bool IsTrueDest) {
1171 // TODO: This only works with a constant RHS for now. We could also compute
1172 // the range of the RHS, but this doesn't fit into the current structure of
1173 // the edge value calculation.
1174 const APInt *C;
1175 if (WO->getLHS() != Val || !match(WO->getRHS(), m_APInt(C)))
1176 return ValueLatticeElement::getOverdefined();
1177
1178 // Calculate the possible values of %x for which no overflow occurs.
1179 ConstantRange NWR = ConstantRange::makeExactNoWrapRegion(
1180 WO->getBinaryOp(), *C, WO->getNoWrapKind());
1181
1182 // If overflow is false, %x is constrained to NWR. If overflow is true, %x is
1183 // constrained to it's inverse (all values that might cause overflow).
1184 if (IsTrueDest)
1185 NWR = NWR.inverse();
1186 return ValueLatticeElement::getRange(NWR);
1187 }
1188
1189 static ValueLatticeElement
1190 getValueFromCondition(Value *Val, Value *Cond, bool isTrueDest,
1191 SmallDenseMap<Value*, ValueLatticeElement> &Visited);
1192
1193 static ValueLatticeElement
getValueFromConditionImpl(Value * Val,Value * Cond,bool isTrueDest,SmallDenseMap<Value *,ValueLatticeElement> & Visited)1194 getValueFromConditionImpl(Value *Val, Value *Cond, bool isTrueDest,
1195 SmallDenseMap<Value*, ValueLatticeElement> &Visited) {
1196 if (ICmpInst *ICI = dyn_cast<ICmpInst>(Cond))
1197 return getValueFromICmpCondition(Val, ICI, isTrueDest);
1198
1199 if (auto *EVI = dyn_cast<ExtractValueInst>(Cond))
1200 if (auto *WO = dyn_cast<WithOverflowInst>(EVI->getAggregateOperand()))
1201 if (EVI->getNumIndices() == 1 && *EVI->idx_begin() == 1)
1202 return getValueFromOverflowCondition(Val, WO, isTrueDest);
1203
1204 // Handle conditions in the form of (cond1 && cond2), we know that on the
1205 // true dest path both of the conditions hold. Similarly for conditions of
1206 // the form (cond1 || cond2), we know that on the false dest path neither
1207 // condition holds.
1208 BinaryOperator *BO = dyn_cast<BinaryOperator>(Cond);
1209 if (!BO || (isTrueDest && BO->getOpcode() != BinaryOperator::And) ||
1210 (!isTrueDest && BO->getOpcode() != BinaryOperator::Or))
1211 return ValueLatticeElement::getOverdefined();
1212
1213 // Prevent infinite recursion if Cond references itself as in this example:
1214 // Cond: "%tmp4 = and i1 %tmp4, undef"
1215 // BL: "%tmp4 = and i1 %tmp4, undef"
1216 // BR: "i1 undef"
1217 Value *BL = BO->getOperand(0);
1218 Value *BR = BO->getOperand(1);
1219 if (BL == Cond || BR == Cond)
1220 return ValueLatticeElement::getOverdefined();
1221
1222 return intersect(getValueFromCondition(Val, BL, isTrueDest, Visited),
1223 getValueFromCondition(Val, BR, isTrueDest, Visited));
1224 }
1225
1226 static ValueLatticeElement
getValueFromCondition(Value * Val,Value * Cond,bool isTrueDest,SmallDenseMap<Value *,ValueLatticeElement> & Visited)1227 getValueFromCondition(Value *Val, Value *Cond, bool isTrueDest,
1228 SmallDenseMap<Value*, ValueLatticeElement> &Visited) {
1229 auto I = Visited.find(Cond);
1230 if (I != Visited.end())
1231 return I->second;
1232
1233 auto Result = getValueFromConditionImpl(Val, Cond, isTrueDest, Visited);
1234 Visited[Cond] = Result;
1235 return Result;
1236 }
1237
getValueFromCondition(Value * Val,Value * Cond,bool isTrueDest)1238 ValueLatticeElement getValueFromCondition(Value *Val, Value *Cond,
1239 bool isTrueDest) {
1240 assert(Cond && "precondition");
1241 SmallDenseMap<Value*, ValueLatticeElement> Visited;
1242 return getValueFromCondition(Val, Cond, isTrueDest, Visited);
1243 }
1244
1245 // Return true if Usr has Op as an operand, otherwise false.
usesOperand(User * Usr,Value * Op)1246 static bool usesOperand(User *Usr, Value *Op) {
1247 return find(Usr->operands(), Op) != Usr->op_end();
1248 }
1249
1250 // Return true if the instruction type of Val is supported by
1251 // constantFoldUser(). Currently CastInst, BinaryOperator and FreezeInst only.
1252 // Call this before calling constantFoldUser() to find out if it's even worth
1253 // attempting to call it.
isOperationFoldable(User * Usr)1254 static bool isOperationFoldable(User *Usr) {
1255 return isa<CastInst>(Usr) || isa<BinaryOperator>(Usr) || isa<FreezeInst>(Usr);
1256 }
1257
1258 // Check if Usr can be simplified to an integer constant when the value of one
1259 // of its operands Op is an integer constant OpConstVal. If so, return it as an
1260 // lattice value range with a single element or otherwise return an overdefined
1261 // lattice value.
constantFoldUser(User * Usr,Value * Op,const APInt & OpConstVal,const DataLayout & DL)1262 static ValueLatticeElement constantFoldUser(User *Usr, Value *Op,
1263 const APInt &OpConstVal,
1264 const DataLayout &DL) {
1265 assert(isOperationFoldable(Usr) && "Precondition");
1266 Constant* OpConst = Constant::getIntegerValue(Op->getType(), OpConstVal);
1267 // Check if Usr can be simplified to a constant.
1268 if (auto *CI = dyn_cast<CastInst>(Usr)) {
1269 assert(CI->getOperand(0) == Op && "Operand 0 isn't Op");
1270 if (auto *C = dyn_cast_or_null<ConstantInt>(
1271 SimplifyCastInst(CI->getOpcode(), OpConst,
1272 CI->getDestTy(), DL))) {
1273 return ValueLatticeElement::getRange(ConstantRange(C->getValue()));
1274 }
1275 } else if (auto *BO = dyn_cast<BinaryOperator>(Usr)) {
1276 bool Op0Match = BO->getOperand(0) == Op;
1277 bool Op1Match = BO->getOperand(1) == Op;
1278 assert((Op0Match || Op1Match) &&
1279 "Operand 0 nor Operand 1 isn't a match");
1280 Value *LHS = Op0Match ? OpConst : BO->getOperand(0);
1281 Value *RHS = Op1Match ? OpConst : BO->getOperand(1);
1282 if (auto *C = dyn_cast_or_null<ConstantInt>(
1283 SimplifyBinOp(BO->getOpcode(), LHS, RHS, DL))) {
1284 return ValueLatticeElement::getRange(ConstantRange(C->getValue()));
1285 }
1286 } else if (isa<FreezeInst>(Usr)) {
1287 assert(cast<FreezeInst>(Usr)->getOperand(0) == Op && "Operand 0 isn't Op");
1288 return ValueLatticeElement::getRange(ConstantRange(OpConstVal));
1289 }
1290 return ValueLatticeElement::getOverdefined();
1291 }
1292
1293 /// Compute the value of Val on the edge BBFrom -> BBTo. Returns false if
1294 /// Val is not constrained on the edge. Result is unspecified if return value
1295 /// is false.
getEdgeValueLocal(Value * Val,BasicBlock * BBFrom,BasicBlock * BBTo)1296 static Optional<ValueLatticeElement> getEdgeValueLocal(Value *Val,
1297 BasicBlock *BBFrom,
1298 BasicBlock *BBTo) {
1299 // TODO: Handle more complex conditionals. If (v == 0 || v2 < 1) is false, we
1300 // know that v != 0.
1301 if (BranchInst *BI = dyn_cast<BranchInst>(BBFrom->getTerminator())) {
1302 // If this is a conditional branch and only one successor goes to BBTo, then
1303 // we may be able to infer something from the condition.
1304 if (BI->isConditional() &&
1305 BI->getSuccessor(0) != BI->getSuccessor(1)) {
1306 bool isTrueDest = BI->getSuccessor(0) == BBTo;
1307 assert(BI->getSuccessor(!isTrueDest) == BBTo &&
1308 "BBTo isn't a successor of BBFrom");
1309 Value *Condition = BI->getCondition();
1310
1311 // If V is the condition of the branch itself, then we know exactly what
1312 // it is.
1313 if (Condition == Val)
1314 return ValueLatticeElement::get(ConstantInt::get(
1315 Type::getInt1Ty(Val->getContext()), isTrueDest));
1316
1317 // If the condition of the branch is an equality comparison, we may be
1318 // able to infer the value.
1319 ValueLatticeElement Result = getValueFromCondition(Val, Condition,
1320 isTrueDest);
1321 if (!Result.isOverdefined())
1322 return Result;
1323
1324 if (User *Usr = dyn_cast<User>(Val)) {
1325 assert(Result.isOverdefined() && "Result isn't overdefined");
1326 // Check with isOperationFoldable() first to avoid linearly iterating
1327 // over the operands unnecessarily which can be expensive for
1328 // instructions with many operands.
1329 if (isa<IntegerType>(Usr->getType()) && isOperationFoldable(Usr)) {
1330 const DataLayout &DL = BBTo->getModule()->getDataLayout();
1331 if (usesOperand(Usr, Condition)) {
1332 // If Val has Condition as an operand and Val can be folded into a
1333 // constant with either Condition == true or Condition == false,
1334 // propagate the constant.
1335 // eg.
1336 // ; %Val is true on the edge to %then.
1337 // %Val = and i1 %Condition, true.
1338 // br %Condition, label %then, label %else
1339 APInt ConditionVal(1, isTrueDest ? 1 : 0);
1340 Result = constantFoldUser(Usr, Condition, ConditionVal, DL);
1341 } else {
1342 // If one of Val's operand has an inferred value, we may be able to
1343 // infer the value of Val.
1344 // eg.
1345 // ; %Val is 94 on the edge to %then.
1346 // %Val = add i8 %Op, 1
1347 // %Condition = icmp eq i8 %Op, 93
1348 // br i1 %Condition, label %then, label %else
1349 for (unsigned i = 0; i < Usr->getNumOperands(); ++i) {
1350 Value *Op = Usr->getOperand(i);
1351 ValueLatticeElement OpLatticeVal =
1352 getValueFromCondition(Op, Condition, isTrueDest);
1353 if (Optional<APInt> OpConst = OpLatticeVal.asConstantInteger()) {
1354 Result = constantFoldUser(Usr, Op, OpConst.getValue(), DL);
1355 break;
1356 }
1357 }
1358 }
1359 }
1360 }
1361 if (!Result.isOverdefined())
1362 return Result;
1363 }
1364 }
1365
1366 // If the edge was formed by a switch on the value, then we may know exactly
1367 // what it is.
1368 if (SwitchInst *SI = dyn_cast<SwitchInst>(BBFrom->getTerminator())) {
1369 Value *Condition = SI->getCondition();
1370 if (!isa<IntegerType>(Val->getType()))
1371 return None;
1372 bool ValUsesConditionAndMayBeFoldable = false;
1373 if (Condition != Val) {
1374 // Check if Val has Condition as an operand.
1375 if (User *Usr = dyn_cast<User>(Val))
1376 ValUsesConditionAndMayBeFoldable = isOperationFoldable(Usr) &&
1377 usesOperand(Usr, Condition);
1378 if (!ValUsesConditionAndMayBeFoldable)
1379 return None;
1380 }
1381 assert((Condition == Val || ValUsesConditionAndMayBeFoldable) &&
1382 "Condition != Val nor Val doesn't use Condition");
1383
1384 bool DefaultCase = SI->getDefaultDest() == BBTo;
1385 unsigned BitWidth = Val->getType()->getIntegerBitWidth();
1386 ConstantRange EdgesVals(BitWidth, DefaultCase/*isFullSet*/);
1387
1388 for (auto Case : SI->cases()) {
1389 APInt CaseValue = Case.getCaseValue()->getValue();
1390 ConstantRange EdgeVal(CaseValue);
1391 if (ValUsesConditionAndMayBeFoldable) {
1392 User *Usr = cast<User>(Val);
1393 const DataLayout &DL = BBTo->getModule()->getDataLayout();
1394 ValueLatticeElement EdgeLatticeVal =
1395 constantFoldUser(Usr, Condition, CaseValue, DL);
1396 if (EdgeLatticeVal.isOverdefined())
1397 return None;
1398 EdgeVal = EdgeLatticeVal.getConstantRange();
1399 }
1400 if (DefaultCase) {
1401 // It is possible that the default destination is the destination of
1402 // some cases. We cannot perform difference for those cases.
1403 // We know Condition != CaseValue in BBTo. In some cases we can use
1404 // this to infer Val == f(Condition) is != f(CaseValue). For now, we
1405 // only do this when f is identity (i.e. Val == Condition), but we
1406 // should be able to do this for any injective f.
1407 if (Case.getCaseSuccessor() != BBTo && Condition == Val)
1408 EdgesVals = EdgesVals.difference(EdgeVal);
1409 } else if (Case.getCaseSuccessor() == BBTo)
1410 EdgesVals = EdgesVals.unionWith(EdgeVal);
1411 }
1412 return ValueLatticeElement::getRange(std::move(EdgesVals));
1413 }
1414 return None;
1415 }
1416
1417 /// Compute the value of Val on the edge BBFrom -> BBTo or the value at
1418 /// the basic block if the edge does not constrain Val.
getEdgeValue(Value * Val,BasicBlock * BBFrom,BasicBlock * BBTo,Instruction * CxtI)1419 Optional<ValueLatticeElement> LazyValueInfoImpl::getEdgeValue(
1420 Value *Val, BasicBlock *BBFrom, BasicBlock *BBTo, Instruction *CxtI) {
1421 // If already a constant, there is nothing to compute.
1422 if (Constant *VC = dyn_cast<Constant>(Val))
1423 return ValueLatticeElement::get(VC);
1424
1425 ValueLatticeElement LocalResult = getEdgeValueLocal(Val, BBFrom, BBTo)
1426 .getValueOr(ValueLatticeElement::getOverdefined());
1427 if (hasSingleValue(LocalResult))
1428 // Can't get any more precise here
1429 return LocalResult;
1430
1431 Optional<ValueLatticeElement> OptInBlock = getBlockValue(Val, BBFrom);
1432 if (!OptInBlock)
1433 return None;
1434 ValueLatticeElement &InBlock = *OptInBlock;
1435
1436 // Try to intersect ranges of the BB and the constraint on the edge.
1437 intersectAssumeOrGuardBlockValueConstantRange(Val, InBlock,
1438 BBFrom->getTerminator());
1439 // We can use the context instruction (generically the ultimate instruction
1440 // the calling pass is trying to simplify) here, even though the result of
1441 // this function is generally cached when called from the solve* functions
1442 // (and that cached result might be used with queries using a different
1443 // context instruction), because when this function is called from the solve*
1444 // functions, the context instruction is not provided. When called from
1445 // LazyValueInfoImpl::getValueOnEdge, the context instruction is provided,
1446 // but then the result is not cached.
1447 intersectAssumeOrGuardBlockValueConstantRange(Val, InBlock, CxtI);
1448
1449 return intersect(LocalResult, InBlock);
1450 }
1451
getValueInBlock(Value * V,BasicBlock * BB,Instruction * CxtI)1452 ValueLatticeElement LazyValueInfoImpl::getValueInBlock(Value *V, BasicBlock *BB,
1453 Instruction *CxtI) {
1454 LLVM_DEBUG(dbgs() << "LVI Getting block end value " << *V << " at '"
1455 << BB->getName() << "'\n");
1456
1457 assert(BlockValueStack.empty() && BlockValueSet.empty());
1458 Optional<ValueLatticeElement> OptResult = getBlockValue(V, BB);
1459 if (!OptResult) {
1460 solve();
1461 OptResult = getBlockValue(V, BB);
1462 assert(OptResult && "Value not available after solving");
1463 }
1464 ValueLatticeElement Result = *OptResult;
1465 intersectAssumeOrGuardBlockValueConstantRange(V, Result, CxtI);
1466
1467 LLVM_DEBUG(dbgs() << " Result = " << Result << "\n");
1468 return Result;
1469 }
1470
getValueAt(Value * V,Instruction * CxtI)1471 ValueLatticeElement LazyValueInfoImpl::getValueAt(Value *V, Instruction *CxtI) {
1472 LLVM_DEBUG(dbgs() << "LVI Getting value " << *V << " at '" << CxtI->getName()
1473 << "'\n");
1474
1475 if (auto *C = dyn_cast<Constant>(V))
1476 return ValueLatticeElement::get(C);
1477
1478 ValueLatticeElement Result = ValueLatticeElement::getOverdefined();
1479 if (auto *I = dyn_cast<Instruction>(V))
1480 Result = getFromRangeMetadata(I);
1481 intersectAssumeOrGuardBlockValueConstantRange(V, Result, CxtI);
1482
1483 LLVM_DEBUG(dbgs() << " Result = " << Result << "\n");
1484 return Result;
1485 }
1486
1487 ValueLatticeElement LazyValueInfoImpl::
getValueOnEdge(Value * V,BasicBlock * FromBB,BasicBlock * ToBB,Instruction * CxtI)1488 getValueOnEdge(Value *V, BasicBlock *FromBB, BasicBlock *ToBB,
1489 Instruction *CxtI) {
1490 LLVM_DEBUG(dbgs() << "LVI Getting edge value " << *V << " from '"
1491 << FromBB->getName() << "' to '" << ToBB->getName()
1492 << "'\n");
1493
1494 Optional<ValueLatticeElement> Result = getEdgeValue(V, FromBB, ToBB, CxtI);
1495 if (!Result) {
1496 solve();
1497 Result = getEdgeValue(V, FromBB, ToBB, CxtI);
1498 assert(Result && "More work to do after problem solved?");
1499 }
1500
1501 LLVM_DEBUG(dbgs() << " Result = " << *Result << "\n");
1502 return *Result;
1503 }
1504
threadEdge(BasicBlock * PredBB,BasicBlock * OldSucc,BasicBlock * NewSucc)1505 void LazyValueInfoImpl::threadEdge(BasicBlock *PredBB, BasicBlock *OldSucc,
1506 BasicBlock *NewSucc) {
1507 TheCache.threadEdgeImpl(OldSucc, NewSucc);
1508 }
1509
1510 //===----------------------------------------------------------------------===//
1511 // LazyValueInfo Impl
1512 //===----------------------------------------------------------------------===//
1513
1514 /// This lazily constructs the LazyValueInfoImpl.
getImpl(void * & PImpl,AssumptionCache * AC,const Module * M)1515 static LazyValueInfoImpl &getImpl(void *&PImpl, AssumptionCache *AC,
1516 const Module *M) {
1517 if (!PImpl) {
1518 assert(M && "getCache() called with a null Module");
1519 const DataLayout &DL = M->getDataLayout();
1520 Function *GuardDecl = M->getFunction(
1521 Intrinsic::getName(Intrinsic::experimental_guard));
1522 PImpl = new LazyValueInfoImpl(AC, DL, GuardDecl);
1523 }
1524 return *static_cast<LazyValueInfoImpl*>(PImpl);
1525 }
1526
runOnFunction(Function & F)1527 bool LazyValueInfoWrapperPass::runOnFunction(Function &F) {
1528 Info.AC = &getAnalysis<AssumptionCacheTracker>().getAssumptionCache(F);
1529 Info.TLI = &getAnalysis<TargetLibraryInfoWrapperPass>().getTLI(F);
1530
1531 if (Info.PImpl)
1532 getImpl(Info.PImpl, Info.AC, F.getParent()).clear();
1533
1534 // Fully lazy.
1535 return false;
1536 }
1537
getAnalysisUsage(AnalysisUsage & AU) const1538 void LazyValueInfoWrapperPass::getAnalysisUsage(AnalysisUsage &AU) const {
1539 AU.setPreservesAll();
1540 AU.addRequired<AssumptionCacheTracker>();
1541 AU.addRequired<TargetLibraryInfoWrapperPass>();
1542 }
1543
getLVI()1544 LazyValueInfo &LazyValueInfoWrapperPass::getLVI() { return Info; }
1545
~LazyValueInfo()1546 LazyValueInfo::~LazyValueInfo() { releaseMemory(); }
1547
releaseMemory()1548 void LazyValueInfo::releaseMemory() {
1549 // If the cache was allocated, free it.
1550 if (PImpl) {
1551 delete &getImpl(PImpl, AC, nullptr);
1552 PImpl = nullptr;
1553 }
1554 }
1555
invalidate(Function & F,const PreservedAnalyses & PA,FunctionAnalysisManager::Invalidator & Inv)1556 bool LazyValueInfo::invalidate(Function &F, const PreservedAnalyses &PA,
1557 FunctionAnalysisManager::Invalidator &Inv) {
1558 // We need to invalidate if we have either failed to preserve this analyses
1559 // result directly or if any of its dependencies have been invalidated.
1560 auto PAC = PA.getChecker<LazyValueAnalysis>();
1561 if (!(PAC.preserved() || PAC.preservedSet<AllAnalysesOn<Function>>()))
1562 return true;
1563
1564 return false;
1565 }
1566
releaseMemory()1567 void LazyValueInfoWrapperPass::releaseMemory() { Info.releaseMemory(); }
1568
run(Function & F,FunctionAnalysisManager & FAM)1569 LazyValueInfo LazyValueAnalysis::run(Function &F,
1570 FunctionAnalysisManager &FAM) {
1571 auto &AC = FAM.getResult<AssumptionAnalysis>(F);
1572 auto &TLI = FAM.getResult<TargetLibraryAnalysis>(F);
1573
1574 return LazyValueInfo(&AC, &F.getParent()->getDataLayout(), &TLI);
1575 }
1576
1577 /// Returns true if we can statically tell that this value will never be a
1578 /// "useful" constant. In practice, this means we've got something like an
1579 /// alloca or a malloc call for which a comparison against a constant can
1580 /// only be guarding dead code. Note that we are potentially giving up some
1581 /// precision in dead code (a constant result) in favour of avoiding a
1582 /// expensive search for a easily answered common query.
isKnownNonConstant(Value * V)1583 static bool isKnownNonConstant(Value *V) {
1584 V = V->stripPointerCasts();
1585 // The return val of alloc cannot be a Constant.
1586 if (isa<AllocaInst>(V))
1587 return true;
1588 return false;
1589 }
1590
getConstant(Value * V,Instruction * CxtI)1591 Constant *LazyValueInfo::getConstant(Value *V, Instruction *CxtI) {
1592 // Bail out early if V is known not to be a Constant.
1593 if (isKnownNonConstant(V))
1594 return nullptr;
1595
1596 BasicBlock *BB = CxtI->getParent();
1597 ValueLatticeElement Result =
1598 getImpl(PImpl, AC, BB->getModule()).getValueInBlock(V, BB, CxtI);
1599
1600 if (Result.isConstant())
1601 return Result.getConstant();
1602 if (Result.isConstantRange()) {
1603 const ConstantRange &CR = Result.getConstantRange();
1604 if (const APInt *SingleVal = CR.getSingleElement())
1605 return ConstantInt::get(V->getContext(), *SingleVal);
1606 }
1607 return nullptr;
1608 }
1609
getConstantRange(Value * V,Instruction * CxtI,bool UndefAllowed)1610 ConstantRange LazyValueInfo::getConstantRange(Value *V, Instruction *CxtI,
1611 bool UndefAllowed) {
1612 assert(V->getType()->isIntegerTy());
1613 unsigned Width = V->getType()->getIntegerBitWidth();
1614 BasicBlock *BB = CxtI->getParent();
1615 ValueLatticeElement Result =
1616 getImpl(PImpl, AC, BB->getModule()).getValueInBlock(V, BB, CxtI);
1617 if (Result.isUnknown())
1618 return ConstantRange::getEmpty(Width);
1619 if (Result.isConstantRange(UndefAllowed))
1620 return Result.getConstantRange(UndefAllowed);
1621 // We represent ConstantInt constants as constant ranges but other kinds
1622 // of integer constants, i.e. ConstantExpr will be tagged as constants
1623 assert(!(Result.isConstant() && isa<ConstantInt>(Result.getConstant())) &&
1624 "ConstantInt value must be represented as constantrange");
1625 return ConstantRange::getFull(Width);
1626 }
1627
1628 /// Determine whether the specified value is known to be a
1629 /// constant on the specified edge. Return null if not.
getConstantOnEdge(Value * V,BasicBlock * FromBB,BasicBlock * ToBB,Instruction * CxtI)1630 Constant *LazyValueInfo::getConstantOnEdge(Value *V, BasicBlock *FromBB,
1631 BasicBlock *ToBB,
1632 Instruction *CxtI) {
1633 Module *M = FromBB->getModule();
1634 ValueLatticeElement Result =
1635 getImpl(PImpl, AC, M).getValueOnEdge(V, FromBB, ToBB, CxtI);
1636
1637 if (Result.isConstant())
1638 return Result.getConstant();
1639 if (Result.isConstantRange()) {
1640 const ConstantRange &CR = Result.getConstantRange();
1641 if (const APInt *SingleVal = CR.getSingleElement())
1642 return ConstantInt::get(V->getContext(), *SingleVal);
1643 }
1644 return nullptr;
1645 }
1646
getConstantRangeOnEdge(Value * V,BasicBlock * FromBB,BasicBlock * ToBB,Instruction * CxtI)1647 ConstantRange LazyValueInfo::getConstantRangeOnEdge(Value *V,
1648 BasicBlock *FromBB,
1649 BasicBlock *ToBB,
1650 Instruction *CxtI) {
1651 unsigned Width = V->getType()->getIntegerBitWidth();
1652 Module *M = FromBB->getModule();
1653 ValueLatticeElement Result =
1654 getImpl(PImpl, AC, M).getValueOnEdge(V, FromBB, ToBB, CxtI);
1655
1656 if (Result.isUnknown())
1657 return ConstantRange::getEmpty(Width);
1658 if (Result.isConstantRange())
1659 return Result.getConstantRange();
1660 // We represent ConstantInt constants as constant ranges but other kinds
1661 // of integer constants, i.e. ConstantExpr will be tagged as constants
1662 assert(!(Result.isConstant() && isa<ConstantInt>(Result.getConstant())) &&
1663 "ConstantInt value must be represented as constantrange");
1664 return ConstantRange::getFull(Width);
1665 }
1666
1667 static LazyValueInfo::Tristate
getPredicateResult(unsigned Pred,Constant * C,const ValueLatticeElement & Val,const DataLayout & DL,TargetLibraryInfo * TLI)1668 getPredicateResult(unsigned Pred, Constant *C, const ValueLatticeElement &Val,
1669 const DataLayout &DL, TargetLibraryInfo *TLI) {
1670 // If we know the value is a constant, evaluate the conditional.
1671 Constant *Res = nullptr;
1672 if (Val.isConstant()) {
1673 Res = ConstantFoldCompareInstOperands(Pred, Val.getConstant(), C, DL, TLI);
1674 if (ConstantInt *ResCI = dyn_cast<ConstantInt>(Res))
1675 return ResCI->isZero() ? LazyValueInfo::False : LazyValueInfo::True;
1676 return LazyValueInfo::Unknown;
1677 }
1678
1679 if (Val.isConstantRange()) {
1680 ConstantInt *CI = dyn_cast<ConstantInt>(C);
1681 if (!CI) return LazyValueInfo::Unknown;
1682
1683 const ConstantRange &CR = Val.getConstantRange();
1684 if (Pred == ICmpInst::ICMP_EQ) {
1685 if (!CR.contains(CI->getValue()))
1686 return LazyValueInfo::False;
1687
1688 if (CR.isSingleElement())
1689 return LazyValueInfo::True;
1690 } else if (Pred == ICmpInst::ICMP_NE) {
1691 if (!CR.contains(CI->getValue()))
1692 return LazyValueInfo::True;
1693
1694 if (CR.isSingleElement())
1695 return LazyValueInfo::False;
1696 } else {
1697 // Handle more complex predicates.
1698 ConstantRange TrueValues = ConstantRange::makeExactICmpRegion(
1699 (ICmpInst::Predicate)Pred, CI->getValue());
1700 if (TrueValues.contains(CR))
1701 return LazyValueInfo::True;
1702 if (TrueValues.inverse().contains(CR))
1703 return LazyValueInfo::False;
1704 }
1705 return LazyValueInfo::Unknown;
1706 }
1707
1708 if (Val.isNotConstant()) {
1709 // If this is an equality comparison, we can try to fold it knowing that
1710 // "V != C1".
1711 if (Pred == ICmpInst::ICMP_EQ) {
1712 // !C1 == C -> false iff C1 == C.
1713 Res = ConstantFoldCompareInstOperands(ICmpInst::ICMP_NE,
1714 Val.getNotConstant(), C, DL,
1715 TLI);
1716 if (Res->isNullValue())
1717 return LazyValueInfo::False;
1718 } else if (Pred == ICmpInst::ICMP_NE) {
1719 // !C1 != C -> true iff C1 == C.
1720 Res = ConstantFoldCompareInstOperands(ICmpInst::ICMP_NE,
1721 Val.getNotConstant(), C, DL,
1722 TLI);
1723 if (Res->isNullValue())
1724 return LazyValueInfo::True;
1725 }
1726 return LazyValueInfo::Unknown;
1727 }
1728
1729 return LazyValueInfo::Unknown;
1730 }
1731
1732 /// Determine whether the specified value comparison with a constant is known to
1733 /// be true or false on the specified CFG edge. Pred is a CmpInst predicate.
1734 LazyValueInfo::Tristate
getPredicateOnEdge(unsigned Pred,Value * V,Constant * C,BasicBlock * FromBB,BasicBlock * ToBB,Instruction * CxtI)1735 LazyValueInfo::getPredicateOnEdge(unsigned Pred, Value *V, Constant *C,
1736 BasicBlock *FromBB, BasicBlock *ToBB,
1737 Instruction *CxtI) {
1738 Module *M = FromBB->getModule();
1739 ValueLatticeElement Result =
1740 getImpl(PImpl, AC, M).getValueOnEdge(V, FromBB, ToBB, CxtI);
1741
1742 return getPredicateResult(Pred, C, Result, M->getDataLayout(), TLI);
1743 }
1744
1745 LazyValueInfo::Tristate
getPredicateAt(unsigned Pred,Value * V,Constant * C,Instruction * CxtI,bool UseBlockValue)1746 LazyValueInfo::getPredicateAt(unsigned Pred, Value *V, Constant *C,
1747 Instruction *CxtI, bool UseBlockValue) {
1748 // Is or is not NonNull are common predicates being queried. If
1749 // isKnownNonZero can tell us the result of the predicate, we can
1750 // return it quickly. But this is only a fastpath, and falling
1751 // through would still be correct.
1752 Module *M = CxtI->getModule();
1753 const DataLayout &DL = M->getDataLayout();
1754 if (V->getType()->isPointerTy() && C->isNullValue() &&
1755 isKnownNonZero(V->stripPointerCastsSameRepresentation(), DL)) {
1756 if (Pred == ICmpInst::ICMP_EQ)
1757 return LazyValueInfo::False;
1758 else if (Pred == ICmpInst::ICMP_NE)
1759 return LazyValueInfo::True;
1760 }
1761
1762 ValueLatticeElement Result = UseBlockValue
1763 ? getImpl(PImpl, AC, M).getValueInBlock(V, CxtI->getParent(), CxtI)
1764 : getImpl(PImpl, AC, M).getValueAt(V, CxtI);
1765 Tristate Ret = getPredicateResult(Pred, C, Result, DL, TLI);
1766 if (Ret != Unknown)
1767 return Ret;
1768
1769 // Note: The following bit of code is somewhat distinct from the rest of LVI;
1770 // LVI as a whole tries to compute a lattice value which is conservatively
1771 // correct at a given location. In this case, we have a predicate which we
1772 // weren't able to prove about the merged result, and we're pushing that
1773 // predicate back along each incoming edge to see if we can prove it
1774 // separately for each input. As a motivating example, consider:
1775 // bb1:
1776 // %v1 = ... ; constantrange<1, 5>
1777 // br label %merge
1778 // bb2:
1779 // %v2 = ... ; constantrange<10, 20>
1780 // br label %merge
1781 // merge:
1782 // %phi = phi [%v1, %v2] ; constantrange<1,20>
1783 // %pred = icmp eq i32 %phi, 8
1784 // We can't tell from the lattice value for '%phi' that '%pred' is false
1785 // along each path, but by checking the predicate over each input separately,
1786 // we can.
1787 // We limit the search to one step backwards from the current BB and value.
1788 // We could consider extending this to search further backwards through the
1789 // CFG and/or value graph, but there are non-obvious compile time vs quality
1790 // tradeoffs.
1791 if (CxtI) {
1792 BasicBlock *BB = CxtI->getParent();
1793
1794 // Function entry or an unreachable block. Bail to avoid confusing
1795 // analysis below.
1796 pred_iterator PI = pred_begin(BB), PE = pred_end(BB);
1797 if (PI == PE)
1798 return Unknown;
1799
1800 // If V is a PHI node in the same block as the context, we need to ask
1801 // questions about the predicate as applied to the incoming value along
1802 // each edge. This is useful for eliminating cases where the predicate is
1803 // known along all incoming edges.
1804 if (auto *PHI = dyn_cast<PHINode>(V))
1805 if (PHI->getParent() == BB) {
1806 Tristate Baseline = Unknown;
1807 for (unsigned i = 0, e = PHI->getNumIncomingValues(); i < e; i++) {
1808 Value *Incoming = PHI->getIncomingValue(i);
1809 BasicBlock *PredBB = PHI->getIncomingBlock(i);
1810 // Note that PredBB may be BB itself.
1811 Tristate Result = getPredicateOnEdge(Pred, Incoming, C, PredBB, BB,
1812 CxtI);
1813
1814 // Keep going as long as we've seen a consistent known result for
1815 // all inputs.
1816 Baseline = (i == 0) ? Result /* First iteration */
1817 : (Baseline == Result ? Baseline : Unknown); /* All others */
1818 if (Baseline == Unknown)
1819 break;
1820 }
1821 if (Baseline != Unknown)
1822 return Baseline;
1823 }
1824
1825 // For a comparison where the V is outside this block, it's possible
1826 // that we've branched on it before. Look to see if the value is known
1827 // on all incoming edges.
1828 if (!isa<Instruction>(V) ||
1829 cast<Instruction>(V)->getParent() != BB) {
1830 // For predecessor edge, determine if the comparison is true or false
1831 // on that edge. If they're all true or all false, we can conclude
1832 // the value of the comparison in this block.
1833 Tristate Baseline = getPredicateOnEdge(Pred, V, C, *PI, BB, CxtI);
1834 if (Baseline != Unknown) {
1835 // Check that all remaining incoming values match the first one.
1836 while (++PI != PE) {
1837 Tristate Ret = getPredicateOnEdge(Pred, V, C, *PI, BB, CxtI);
1838 if (Ret != Baseline) break;
1839 }
1840 // If we terminated early, then one of the values didn't match.
1841 if (PI == PE) {
1842 return Baseline;
1843 }
1844 }
1845 }
1846 }
1847 return Unknown;
1848 }
1849
threadEdge(BasicBlock * PredBB,BasicBlock * OldSucc,BasicBlock * NewSucc)1850 void LazyValueInfo::threadEdge(BasicBlock *PredBB, BasicBlock *OldSucc,
1851 BasicBlock *NewSucc) {
1852 if (PImpl) {
1853 getImpl(PImpl, AC, PredBB->getModule())
1854 .threadEdge(PredBB, OldSucc, NewSucc);
1855 }
1856 }
1857
eraseBlock(BasicBlock * BB)1858 void LazyValueInfo::eraseBlock(BasicBlock *BB) {
1859 if (PImpl) {
1860 getImpl(PImpl, AC, BB->getModule()).eraseBlock(BB);
1861 }
1862 }
1863
1864
printLVI(Function & F,DominatorTree & DTree,raw_ostream & OS)1865 void LazyValueInfo::printLVI(Function &F, DominatorTree &DTree, raw_ostream &OS) {
1866 if (PImpl) {
1867 getImpl(PImpl, AC, F.getParent()).printLVI(F, DTree, OS);
1868 }
1869 }
1870
1871 // Print the LVI for the function arguments at the start of each basic block.
emitBasicBlockStartAnnot(const BasicBlock * BB,formatted_raw_ostream & OS)1872 void LazyValueInfoAnnotatedWriter::emitBasicBlockStartAnnot(
1873 const BasicBlock *BB, formatted_raw_ostream &OS) {
1874 // Find if there are latticevalues defined for arguments of the function.
1875 auto *F = BB->getParent();
1876 for (auto &Arg : F->args()) {
1877 ValueLatticeElement Result = LVIImpl->getValueInBlock(
1878 const_cast<Argument *>(&Arg), const_cast<BasicBlock *>(BB));
1879 if (Result.isUnknown())
1880 continue;
1881 OS << "; LatticeVal for: '" << Arg << "' is: " << Result << "\n";
1882 }
1883 }
1884
1885 // This function prints the LVI analysis for the instruction I at the beginning
1886 // of various basic blocks. It relies on calculated values that are stored in
1887 // the LazyValueInfoCache, and in the absence of cached values, recalculate the
1888 // LazyValueInfo for `I`, and print that info.
emitInstructionAnnot(const Instruction * I,formatted_raw_ostream & OS)1889 void LazyValueInfoAnnotatedWriter::emitInstructionAnnot(
1890 const Instruction *I, formatted_raw_ostream &OS) {
1891
1892 auto *ParentBB = I->getParent();
1893 SmallPtrSet<const BasicBlock*, 16> BlocksContainingLVI;
1894 // We can generate (solve) LVI values only for blocks that are dominated by
1895 // the I's parent. However, to avoid generating LVI for all dominating blocks,
1896 // that contain redundant/uninteresting information, we print LVI for
1897 // blocks that may use this LVI information (such as immediate successor
1898 // blocks, and blocks that contain uses of `I`).
1899 auto printResult = [&](const BasicBlock *BB) {
1900 if (!BlocksContainingLVI.insert(BB).second)
1901 return;
1902 ValueLatticeElement Result = LVIImpl->getValueInBlock(
1903 const_cast<Instruction *>(I), const_cast<BasicBlock *>(BB));
1904 OS << "; LatticeVal for: '" << *I << "' in BB: '";
1905 BB->printAsOperand(OS, false);
1906 OS << "' is: " << Result << "\n";
1907 };
1908
1909 printResult(ParentBB);
1910 // Print the LVI analysis results for the immediate successor blocks, that
1911 // are dominated by `ParentBB`.
1912 for (auto *BBSucc : successors(ParentBB))
1913 if (DT.dominates(ParentBB, BBSucc))
1914 printResult(BBSucc);
1915
1916 // Print LVI in blocks where `I` is used.
1917 for (auto *U : I->users())
1918 if (auto *UseI = dyn_cast<Instruction>(U))
1919 if (!isa<PHINode>(UseI) || DT.dominates(ParentBB, UseI->getParent()))
1920 printResult(UseI->getParent());
1921
1922 }
1923
1924 namespace {
1925 // Printer class for LazyValueInfo results.
1926 class LazyValueInfoPrinter : public FunctionPass {
1927 public:
1928 static char ID; // Pass identification, replacement for typeid
LazyValueInfoPrinter()1929 LazyValueInfoPrinter() : FunctionPass(ID) {
1930 initializeLazyValueInfoPrinterPass(*PassRegistry::getPassRegistry());
1931 }
1932
getAnalysisUsage(AnalysisUsage & AU) const1933 void getAnalysisUsage(AnalysisUsage &AU) const override {
1934 AU.setPreservesAll();
1935 AU.addRequired<LazyValueInfoWrapperPass>();
1936 AU.addRequired<DominatorTreeWrapperPass>();
1937 }
1938
1939 // Get the mandatory dominator tree analysis and pass this in to the
1940 // LVIPrinter. We cannot rely on the LVI's DT, since it's optional.
runOnFunction(Function & F)1941 bool runOnFunction(Function &F) override {
1942 dbgs() << "LVI for function '" << F.getName() << "':\n";
1943 auto &LVI = getAnalysis<LazyValueInfoWrapperPass>().getLVI();
1944 auto &DTree = getAnalysis<DominatorTreeWrapperPass>().getDomTree();
1945 LVI.printLVI(F, DTree, dbgs());
1946 return false;
1947 }
1948 };
1949 }
1950
1951 char LazyValueInfoPrinter::ID = 0;
1952 INITIALIZE_PASS_BEGIN(LazyValueInfoPrinter, "print-lazy-value-info",
1953 "Lazy Value Info Printer Pass", false, false)
1954 INITIALIZE_PASS_DEPENDENCY(LazyValueInfoWrapperPass)
1955 INITIALIZE_PASS_END(LazyValueInfoPrinter, "print-lazy-value-info",
1956 "Lazy Value Info Printer Pass", false, false)
1957