1 //===- LazyValueInfo.cpp - Value constraint analysis ------------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file defines the interface for lazy computation of value constraint
10 // information.
11 //
12 //===----------------------------------------------------------------------===//
13
14 #include "llvm/Analysis/LazyValueInfo.h"
15 #include "llvm/ADT/DenseSet.h"
16 #include "llvm/ADT/Optional.h"
17 #include "llvm/ADT/STLExtras.h"
18 #include "llvm/Analysis/AssumptionCache.h"
19 #include "llvm/Analysis/ConstantFolding.h"
20 #include "llvm/Analysis/InstructionSimplify.h"
21 #include "llvm/Analysis/TargetLibraryInfo.h"
22 #include "llvm/Analysis/ValueLattice.h"
23 #include "llvm/Analysis/ValueTracking.h"
24 #include "llvm/IR/AssemblyAnnotationWriter.h"
25 #include "llvm/IR/CFG.h"
26 #include "llvm/IR/ConstantRange.h"
27 #include "llvm/IR/Constants.h"
28 #include "llvm/IR/DataLayout.h"
29 #include "llvm/IR/Dominators.h"
30 #include "llvm/IR/Instructions.h"
31 #include "llvm/IR/IntrinsicInst.h"
32 #include "llvm/IR/Intrinsics.h"
33 #include "llvm/IR/LLVMContext.h"
34 #include "llvm/IR/PatternMatch.h"
35 #include "llvm/IR/ValueHandle.h"
36 #include "llvm/InitializePasses.h"
37 #include "llvm/Support/Debug.h"
38 #include "llvm/Support/FormattedStream.h"
39 #include "llvm/Support/KnownBits.h"
40 #include "llvm/Support/raw_ostream.h"
41 #include <map>
42 using namespace llvm;
43 using namespace PatternMatch;
44
45 #define DEBUG_TYPE "lazy-value-info"
46
47 // This is the number of worklist items we will process to try to discover an
48 // answer for a given value.
49 static const unsigned MaxProcessedPerValue = 500;
50
51 char LazyValueInfoWrapperPass::ID = 0;
LazyValueInfoWrapperPass()52 LazyValueInfoWrapperPass::LazyValueInfoWrapperPass() : FunctionPass(ID) {
53 initializeLazyValueInfoWrapperPassPass(*PassRegistry::getPassRegistry());
54 }
55 INITIALIZE_PASS_BEGIN(LazyValueInfoWrapperPass, "lazy-value-info",
56 "Lazy Value Information Analysis", false, true)
57 INITIALIZE_PASS_DEPENDENCY(AssumptionCacheTracker)
58 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass)
59 INITIALIZE_PASS_END(LazyValueInfoWrapperPass, "lazy-value-info",
60 "Lazy Value Information Analysis", false, true)
61
62 namespace llvm {
createLazyValueInfoPass()63 FunctionPass *createLazyValueInfoPass() { return new LazyValueInfoWrapperPass(); }
64 }
65
66 AnalysisKey LazyValueAnalysis::Key;
67
68 /// Returns true if this lattice value represents at most one possible value.
69 /// This is as precise as any lattice value can get while still representing
70 /// reachable code.
hasSingleValue(const ValueLatticeElement & Val)71 static bool hasSingleValue(const ValueLatticeElement &Val) {
72 if (Val.isConstantRange() &&
73 Val.getConstantRange().isSingleElement())
74 // Integer constants are single element ranges
75 return true;
76 if (Val.isConstant())
77 // Non integer constants
78 return true;
79 return false;
80 }
81
82 /// Combine two sets of facts about the same value into a single set of
83 /// facts. Note that this method is not suitable for merging facts along
84 /// different paths in a CFG; that's what the mergeIn function is for. This
85 /// is for merging facts gathered about the same value at the same location
86 /// through two independent means.
87 /// Notes:
88 /// * This method does not promise to return the most precise possible lattice
89 /// value implied by A and B. It is allowed to return any lattice element
90 /// which is at least as strong as *either* A or B (unless our facts
91 /// conflict, see below).
92 /// * Due to unreachable code, the intersection of two lattice values could be
93 /// contradictory. If this happens, we return some valid lattice value so as
94 /// not confuse the rest of LVI. Ideally, we'd always return Undefined, but
95 /// we do not make this guarantee. TODO: This would be a useful enhancement.
intersect(const ValueLatticeElement & A,const ValueLatticeElement & B)96 static ValueLatticeElement intersect(const ValueLatticeElement &A,
97 const ValueLatticeElement &B) {
98 // Undefined is the strongest state. It means the value is known to be along
99 // an unreachable path.
100 if (A.isUnknown())
101 return A;
102 if (B.isUnknown())
103 return B;
104
105 // If we gave up for one, but got a useable fact from the other, use it.
106 if (A.isOverdefined())
107 return B;
108 if (B.isOverdefined())
109 return A;
110
111 // Can't get any more precise than constants.
112 if (hasSingleValue(A))
113 return A;
114 if (hasSingleValue(B))
115 return B;
116
117 // Could be either constant range or not constant here.
118 if (!A.isConstantRange() || !B.isConstantRange()) {
119 // TODO: Arbitrary choice, could be improved
120 return A;
121 }
122
123 // Intersect two constant ranges
124 ConstantRange Range =
125 A.getConstantRange().intersectWith(B.getConstantRange());
126 // Note: An empty range is implicitly converted to unknown or undef depending
127 // on MayIncludeUndef internally.
128 return ValueLatticeElement::getRange(
129 std::move(Range), /*MayIncludeUndef=*/A.isConstantRangeIncludingUndef() |
130 B.isConstantRangeIncludingUndef());
131 }
132
133 //===----------------------------------------------------------------------===//
134 // LazyValueInfoCache Decl
135 //===----------------------------------------------------------------------===//
136
137 namespace {
138 /// A callback value handle updates the cache when values are erased.
139 class LazyValueInfoCache;
140 struct LVIValueHandle final : public CallbackVH {
141 LazyValueInfoCache *Parent;
142
LVIValueHandle__anonb19ab8520111::LVIValueHandle143 LVIValueHandle(Value *V, LazyValueInfoCache *P = nullptr)
144 : CallbackVH(V), Parent(P) { }
145
146 void deleted() override;
allUsesReplacedWith__anonb19ab8520111::LVIValueHandle147 void allUsesReplacedWith(Value *V) override {
148 deleted();
149 }
150 };
151 } // end anonymous namespace
152
153 namespace {
154 using NonNullPointerSet = SmallDenseSet<AssertingVH<Value>, 2>;
155
156 /// This is the cache kept by LazyValueInfo which
157 /// maintains information about queries across the clients' queries.
158 class LazyValueInfoCache {
159 /// This is all of the cached information for one basic block. It contains
160 /// the per-value lattice elements, as well as a separate set for
161 /// overdefined values to reduce memory usage. Additionally pointers
162 /// dereferenced in the block are cached for nullability queries.
163 struct BlockCacheEntry {
164 SmallDenseMap<AssertingVH<Value>, ValueLatticeElement, 4> LatticeElements;
165 SmallDenseSet<AssertingVH<Value>, 4> OverDefined;
166 // None indicates that the nonnull pointers for this basic block
167 // block have not been computed yet.
168 Optional<NonNullPointerSet> NonNullPointers;
169 };
170
171 /// Cached information per basic block.
172 DenseMap<PoisoningVH<BasicBlock>, std::unique_ptr<BlockCacheEntry>>
173 BlockCache;
174 /// Set of value handles used to erase values from the cache on deletion.
175 DenseSet<LVIValueHandle, DenseMapInfo<Value *>> ValueHandles;
176
getBlockEntry(BasicBlock * BB) const177 const BlockCacheEntry *getBlockEntry(BasicBlock *BB) const {
178 auto It = BlockCache.find_as(BB);
179 if (It == BlockCache.end())
180 return nullptr;
181 return It->second.get();
182 }
183
getOrCreateBlockEntry(BasicBlock * BB)184 BlockCacheEntry *getOrCreateBlockEntry(BasicBlock *BB) {
185 auto It = BlockCache.find_as(BB);
186 if (It == BlockCache.end())
187 It = BlockCache.insert({ BB, std::make_unique<BlockCacheEntry>() })
188 .first;
189
190 return It->second.get();
191 }
192
addValueHandle(Value * Val)193 void addValueHandle(Value *Val) {
194 auto HandleIt = ValueHandles.find_as(Val);
195 if (HandleIt == ValueHandles.end())
196 ValueHandles.insert({ Val, this });
197 }
198
199 public:
insertResult(Value * Val,BasicBlock * BB,const ValueLatticeElement & Result)200 void insertResult(Value *Val, BasicBlock *BB,
201 const ValueLatticeElement &Result) {
202 BlockCacheEntry *Entry = getOrCreateBlockEntry(BB);
203
204 // Insert over-defined values into their own cache to reduce memory
205 // overhead.
206 if (Result.isOverdefined())
207 Entry->OverDefined.insert(Val);
208 else
209 Entry->LatticeElements.insert({ Val, Result });
210
211 addValueHandle(Val);
212 }
213
getCachedValueInfo(Value * V,BasicBlock * BB) const214 Optional<ValueLatticeElement> getCachedValueInfo(Value *V,
215 BasicBlock *BB) const {
216 const BlockCacheEntry *Entry = getBlockEntry(BB);
217 if (!Entry)
218 return None;
219
220 if (Entry->OverDefined.count(V))
221 return ValueLatticeElement::getOverdefined();
222
223 auto LatticeIt = Entry->LatticeElements.find_as(V);
224 if (LatticeIt == Entry->LatticeElements.end())
225 return None;
226
227 return LatticeIt->second;
228 }
229
isNonNullAtEndOfBlock(Value * V,BasicBlock * BB,function_ref<NonNullPointerSet (BasicBlock *)> InitFn)230 bool isNonNullAtEndOfBlock(
231 Value *V, BasicBlock *BB,
232 function_ref<NonNullPointerSet(BasicBlock *)> InitFn) {
233 BlockCacheEntry *Entry = getOrCreateBlockEntry(BB);
234 if (!Entry->NonNullPointers) {
235 Entry->NonNullPointers = InitFn(BB);
236 for (Value *V : *Entry->NonNullPointers)
237 addValueHandle(V);
238 }
239
240 return Entry->NonNullPointers->count(V);
241 }
242
243 /// clear - Empty the cache.
clear()244 void clear() {
245 BlockCache.clear();
246 ValueHandles.clear();
247 }
248
249 /// Inform the cache that a given value has been deleted.
250 void eraseValue(Value *V);
251
252 /// This is part of the update interface to inform the cache
253 /// that a block has been deleted.
254 void eraseBlock(BasicBlock *BB);
255
256 /// Updates the cache to remove any influence an overdefined value in
257 /// OldSucc might have (unless also overdefined in NewSucc). This just
258 /// flushes elements from the cache and does not add any.
259 void threadEdgeImpl(BasicBlock *OldSucc,BasicBlock *NewSucc);
260 };
261 }
262
eraseValue(Value * V)263 void LazyValueInfoCache::eraseValue(Value *V) {
264 for (auto &Pair : BlockCache) {
265 Pair.second->LatticeElements.erase(V);
266 Pair.second->OverDefined.erase(V);
267 if (Pair.second->NonNullPointers)
268 Pair.second->NonNullPointers->erase(V);
269 }
270
271 auto HandleIt = ValueHandles.find_as(V);
272 if (HandleIt != ValueHandles.end())
273 ValueHandles.erase(HandleIt);
274 }
275
deleted()276 void LVIValueHandle::deleted() {
277 // This erasure deallocates *this, so it MUST happen after we're done
278 // using any and all members of *this.
279 Parent->eraseValue(*this);
280 }
281
eraseBlock(BasicBlock * BB)282 void LazyValueInfoCache::eraseBlock(BasicBlock *BB) {
283 BlockCache.erase(BB);
284 }
285
threadEdgeImpl(BasicBlock * OldSucc,BasicBlock * NewSucc)286 void LazyValueInfoCache::threadEdgeImpl(BasicBlock *OldSucc,
287 BasicBlock *NewSucc) {
288 // When an edge in the graph has been threaded, values that we could not
289 // determine a value for before (i.e. were marked overdefined) may be
290 // possible to solve now. We do NOT try to proactively update these values.
291 // Instead, we clear their entries from the cache, and allow lazy updating to
292 // recompute them when needed.
293
294 // The updating process is fairly simple: we need to drop cached info
295 // for all values that were marked overdefined in OldSucc, and for those same
296 // values in any successor of OldSucc (except NewSucc) in which they were
297 // also marked overdefined.
298 std::vector<BasicBlock*> worklist;
299 worklist.push_back(OldSucc);
300
301 const BlockCacheEntry *Entry = getBlockEntry(OldSucc);
302 if (!Entry || Entry->OverDefined.empty())
303 return; // Nothing to process here.
304 SmallVector<Value *, 4> ValsToClear(Entry->OverDefined.begin(),
305 Entry->OverDefined.end());
306
307 // Use a worklist to perform a depth-first search of OldSucc's successors.
308 // NOTE: We do not need a visited list since any blocks we have already
309 // visited will have had their overdefined markers cleared already, and we
310 // thus won't loop to their successors.
311 while (!worklist.empty()) {
312 BasicBlock *ToUpdate = worklist.back();
313 worklist.pop_back();
314
315 // Skip blocks only accessible through NewSucc.
316 if (ToUpdate == NewSucc) continue;
317
318 // If a value was marked overdefined in OldSucc, and is here too...
319 auto OI = BlockCache.find_as(ToUpdate);
320 if (OI == BlockCache.end() || OI->second->OverDefined.empty())
321 continue;
322 auto &ValueSet = OI->second->OverDefined;
323
324 bool changed = false;
325 for (Value *V : ValsToClear) {
326 if (!ValueSet.erase(V))
327 continue;
328
329 // If we removed anything, then we potentially need to update
330 // blocks successors too.
331 changed = true;
332 }
333
334 if (!changed) continue;
335
336 llvm::append_range(worklist, successors(ToUpdate));
337 }
338 }
339
340
341 namespace {
342 /// An assembly annotator class to print LazyValueCache information in
343 /// comments.
344 class LazyValueInfoImpl;
345 class LazyValueInfoAnnotatedWriter : public AssemblyAnnotationWriter {
346 LazyValueInfoImpl *LVIImpl;
347 // While analyzing which blocks we can solve values for, we need the dominator
348 // information.
349 DominatorTree &DT;
350
351 public:
LazyValueInfoAnnotatedWriter(LazyValueInfoImpl * L,DominatorTree & DTree)352 LazyValueInfoAnnotatedWriter(LazyValueInfoImpl *L, DominatorTree &DTree)
353 : LVIImpl(L), DT(DTree) {}
354
355 void emitBasicBlockStartAnnot(const BasicBlock *BB,
356 formatted_raw_ostream &OS) override;
357
358 void emitInstructionAnnot(const Instruction *I,
359 formatted_raw_ostream &OS) override;
360 };
361 }
362 namespace {
363 // The actual implementation of the lazy analysis and update. Note that the
364 // inheritance from LazyValueInfoCache is intended to be temporary while
365 // splitting the code and then transitioning to a has-a relationship.
366 class LazyValueInfoImpl {
367
368 /// Cached results from previous queries
369 LazyValueInfoCache TheCache;
370
371 /// This stack holds the state of the value solver during a query.
372 /// It basically emulates the callstack of the naive
373 /// recursive value lookup process.
374 SmallVector<std::pair<BasicBlock*, Value*>, 8> BlockValueStack;
375
376 /// Keeps track of which block-value pairs are in BlockValueStack.
377 DenseSet<std::pair<BasicBlock*, Value*> > BlockValueSet;
378
379 /// Push BV onto BlockValueStack unless it's already in there.
380 /// Returns true on success.
pushBlockValue(const std::pair<BasicBlock *,Value * > & BV)381 bool pushBlockValue(const std::pair<BasicBlock *, Value *> &BV) {
382 if (!BlockValueSet.insert(BV).second)
383 return false; // It's already in the stack.
384
385 LLVM_DEBUG(dbgs() << "PUSH: " << *BV.second << " in "
386 << BV.first->getName() << "\n");
387 BlockValueStack.push_back(BV);
388 return true;
389 }
390
391 AssumptionCache *AC; ///< A pointer to the cache of @llvm.assume calls.
392 const DataLayout &DL; ///< A mandatory DataLayout
393
394 /// Declaration of the llvm.experimental.guard() intrinsic,
395 /// if it exists in the module.
396 Function *GuardDecl;
397
398 Optional<ValueLatticeElement> getBlockValue(Value *Val, BasicBlock *BB);
399 Optional<ValueLatticeElement> getEdgeValue(Value *V, BasicBlock *F,
400 BasicBlock *T, Instruction *CxtI = nullptr);
401
402 // These methods process one work item and may add more. A false value
403 // returned means that the work item was not completely processed and must
404 // be revisited after going through the new items.
405 bool solveBlockValue(Value *Val, BasicBlock *BB);
406 Optional<ValueLatticeElement> solveBlockValueImpl(Value *Val, BasicBlock *BB);
407 Optional<ValueLatticeElement> solveBlockValueNonLocal(Value *Val,
408 BasicBlock *BB);
409 Optional<ValueLatticeElement> solveBlockValuePHINode(PHINode *PN,
410 BasicBlock *BB);
411 Optional<ValueLatticeElement> solveBlockValueSelect(SelectInst *S,
412 BasicBlock *BB);
413 Optional<ConstantRange> getRangeFor(Value *V, Instruction *CxtI,
414 BasicBlock *BB);
415 Optional<ValueLatticeElement> solveBlockValueBinaryOpImpl(
416 Instruction *I, BasicBlock *BB,
417 std::function<ConstantRange(const ConstantRange &,
418 const ConstantRange &)> OpFn);
419 Optional<ValueLatticeElement> solveBlockValueBinaryOp(BinaryOperator *BBI,
420 BasicBlock *BB);
421 Optional<ValueLatticeElement> solveBlockValueCast(CastInst *CI,
422 BasicBlock *BB);
423 Optional<ValueLatticeElement> solveBlockValueOverflowIntrinsic(
424 WithOverflowInst *WO, BasicBlock *BB);
425 Optional<ValueLatticeElement> solveBlockValueIntrinsic(IntrinsicInst *II,
426 BasicBlock *BB);
427 Optional<ValueLatticeElement> solveBlockValueExtractValue(
428 ExtractValueInst *EVI, BasicBlock *BB);
429 bool isNonNullAtEndOfBlock(Value *Val, BasicBlock *BB);
430 void intersectAssumeOrGuardBlockValueConstantRange(Value *Val,
431 ValueLatticeElement &BBLV,
432 Instruction *BBI);
433
434 void solve();
435
436 public:
437 /// This is the query interface to determine the lattice value for the
438 /// specified Value* at the context instruction (if specified) or at the
439 /// start of the block.
440 ValueLatticeElement getValueInBlock(Value *V, BasicBlock *BB,
441 Instruction *CxtI = nullptr);
442
443 /// This is the query interface to determine the lattice value for the
444 /// specified Value* at the specified instruction using only information
445 /// from assumes/guards and range metadata. Unlike getValueInBlock(), no
446 /// recursive query is performed.
447 ValueLatticeElement getValueAt(Value *V, Instruction *CxtI);
448
449 /// This is the query interface to determine the lattice
450 /// value for the specified Value* that is true on the specified edge.
451 ValueLatticeElement getValueOnEdge(Value *V, BasicBlock *FromBB,
452 BasicBlock *ToBB,
453 Instruction *CxtI = nullptr);
454
455 /// Complete flush all previously computed values
clear()456 void clear() {
457 TheCache.clear();
458 }
459
460 /// Printing the LazyValueInfo Analysis.
printLVI(Function & F,DominatorTree & DTree,raw_ostream & OS)461 void printLVI(Function &F, DominatorTree &DTree, raw_ostream &OS) {
462 LazyValueInfoAnnotatedWriter Writer(this, DTree);
463 F.print(OS, &Writer);
464 }
465
466 /// This is part of the update interface to inform the cache
467 /// that a block has been deleted.
eraseBlock(BasicBlock * BB)468 void eraseBlock(BasicBlock *BB) {
469 TheCache.eraseBlock(BB);
470 }
471
472 /// This is the update interface to inform the cache that an edge from
473 /// PredBB to OldSucc has been threaded to be from PredBB to NewSucc.
474 void threadEdge(BasicBlock *PredBB,BasicBlock *OldSucc,BasicBlock *NewSucc);
475
LazyValueInfoImpl(AssumptionCache * AC,const DataLayout & DL,Function * GuardDecl)476 LazyValueInfoImpl(AssumptionCache *AC, const DataLayout &DL,
477 Function *GuardDecl)
478 : AC(AC), DL(DL), GuardDecl(GuardDecl) {}
479 };
480 } // end anonymous namespace
481
482
solve()483 void LazyValueInfoImpl::solve() {
484 SmallVector<std::pair<BasicBlock *, Value *>, 8> StartingStack(
485 BlockValueStack.begin(), BlockValueStack.end());
486
487 unsigned processedCount = 0;
488 while (!BlockValueStack.empty()) {
489 processedCount++;
490 // Abort if we have to process too many values to get a result for this one.
491 // Because of the design of the overdefined cache currently being per-block
492 // to avoid naming-related issues (IE it wants to try to give different
493 // results for the same name in different blocks), overdefined results don't
494 // get cached globally, which in turn means we will often try to rediscover
495 // the same overdefined result again and again. Once something like
496 // PredicateInfo is used in LVI or CVP, we should be able to make the
497 // overdefined cache global, and remove this throttle.
498 if (processedCount > MaxProcessedPerValue) {
499 LLVM_DEBUG(
500 dbgs() << "Giving up on stack because we are getting too deep\n");
501 // Fill in the original values
502 while (!StartingStack.empty()) {
503 std::pair<BasicBlock *, Value *> &e = StartingStack.back();
504 TheCache.insertResult(e.second, e.first,
505 ValueLatticeElement::getOverdefined());
506 StartingStack.pop_back();
507 }
508 BlockValueSet.clear();
509 BlockValueStack.clear();
510 return;
511 }
512 std::pair<BasicBlock *, Value *> e = BlockValueStack.back();
513 assert(BlockValueSet.count(e) && "Stack value should be in BlockValueSet!");
514
515 if (solveBlockValue(e.second, e.first)) {
516 // The work item was completely processed.
517 assert(BlockValueStack.back() == e && "Nothing should have been pushed!");
518 #ifndef NDEBUG
519 Optional<ValueLatticeElement> BBLV =
520 TheCache.getCachedValueInfo(e.second, e.first);
521 assert(BBLV && "Result should be in cache!");
522 LLVM_DEBUG(
523 dbgs() << "POP " << *e.second << " in " << e.first->getName() << " = "
524 << *BBLV << "\n");
525 #endif
526
527 BlockValueStack.pop_back();
528 BlockValueSet.erase(e);
529 } else {
530 // More work needs to be done before revisiting.
531 assert(BlockValueStack.back() != e && "Stack should have been pushed!");
532 }
533 }
534 }
535
getBlockValue(Value * Val,BasicBlock * BB)536 Optional<ValueLatticeElement> LazyValueInfoImpl::getBlockValue(Value *Val,
537 BasicBlock *BB) {
538 // If already a constant, there is nothing to compute.
539 if (Constant *VC = dyn_cast<Constant>(Val))
540 return ValueLatticeElement::get(VC);
541
542 if (Optional<ValueLatticeElement> OptLatticeVal =
543 TheCache.getCachedValueInfo(Val, BB))
544 return OptLatticeVal;
545
546 // We have hit a cycle, assume overdefined.
547 if (!pushBlockValue({ BB, Val }))
548 return ValueLatticeElement::getOverdefined();
549
550 // Yet to be resolved.
551 return None;
552 }
553
getFromRangeMetadata(Instruction * BBI)554 static ValueLatticeElement getFromRangeMetadata(Instruction *BBI) {
555 switch (BBI->getOpcode()) {
556 default: break;
557 case Instruction::Load:
558 case Instruction::Call:
559 case Instruction::Invoke:
560 if (MDNode *Ranges = BBI->getMetadata(LLVMContext::MD_range))
561 if (isa<IntegerType>(BBI->getType())) {
562 return ValueLatticeElement::getRange(
563 getConstantRangeFromMetadata(*Ranges));
564 }
565 break;
566 };
567 // Nothing known - will be intersected with other facts
568 return ValueLatticeElement::getOverdefined();
569 }
570
solveBlockValue(Value * Val,BasicBlock * BB)571 bool LazyValueInfoImpl::solveBlockValue(Value *Val, BasicBlock *BB) {
572 assert(!isa<Constant>(Val) && "Value should not be constant");
573 assert(!TheCache.getCachedValueInfo(Val, BB) &&
574 "Value should not be in cache");
575
576 // Hold off inserting this value into the Cache in case we have to return
577 // false and come back later.
578 Optional<ValueLatticeElement> Res = solveBlockValueImpl(Val, BB);
579 if (!Res)
580 // Work pushed, will revisit
581 return false;
582
583 TheCache.insertResult(Val, BB, *Res);
584 return true;
585 }
586
solveBlockValueImpl(Value * Val,BasicBlock * BB)587 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueImpl(
588 Value *Val, BasicBlock *BB) {
589 Instruction *BBI = dyn_cast<Instruction>(Val);
590 if (!BBI || BBI->getParent() != BB)
591 return solveBlockValueNonLocal(Val, BB);
592
593 if (PHINode *PN = dyn_cast<PHINode>(BBI))
594 return solveBlockValuePHINode(PN, BB);
595
596 if (auto *SI = dyn_cast<SelectInst>(BBI))
597 return solveBlockValueSelect(SI, BB);
598
599 // If this value is a nonnull pointer, record it's range and bailout. Note
600 // that for all other pointer typed values, we terminate the search at the
601 // definition. We could easily extend this to look through geps, bitcasts,
602 // and the like to prove non-nullness, but it's not clear that's worth it
603 // compile time wise. The context-insensitive value walk done inside
604 // isKnownNonZero gets most of the profitable cases at much less expense.
605 // This does mean that we have a sensitivity to where the defining
606 // instruction is placed, even if it could legally be hoisted much higher.
607 // That is unfortunate.
608 PointerType *PT = dyn_cast<PointerType>(BBI->getType());
609 if (PT && isKnownNonZero(BBI, DL))
610 return ValueLatticeElement::getNot(ConstantPointerNull::get(PT));
611
612 if (BBI->getType()->isIntegerTy()) {
613 if (auto *CI = dyn_cast<CastInst>(BBI))
614 return solveBlockValueCast(CI, BB);
615
616 if (BinaryOperator *BO = dyn_cast<BinaryOperator>(BBI))
617 return solveBlockValueBinaryOp(BO, BB);
618
619 if (auto *EVI = dyn_cast<ExtractValueInst>(BBI))
620 return solveBlockValueExtractValue(EVI, BB);
621
622 if (auto *II = dyn_cast<IntrinsicInst>(BBI))
623 return solveBlockValueIntrinsic(II, BB);
624 }
625
626 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName()
627 << "' - unknown inst def found.\n");
628 return getFromRangeMetadata(BBI);
629 }
630
AddNonNullPointer(Value * Ptr,NonNullPointerSet & PtrSet)631 static void AddNonNullPointer(Value *Ptr, NonNullPointerSet &PtrSet) {
632 // TODO: Use NullPointerIsDefined instead.
633 if (Ptr->getType()->getPointerAddressSpace() == 0)
634 PtrSet.insert(getUnderlyingObject(Ptr));
635 }
636
AddNonNullPointersByInstruction(Instruction * I,NonNullPointerSet & PtrSet)637 static void AddNonNullPointersByInstruction(
638 Instruction *I, NonNullPointerSet &PtrSet) {
639 if (LoadInst *L = dyn_cast<LoadInst>(I)) {
640 AddNonNullPointer(L->getPointerOperand(), PtrSet);
641 } else if (StoreInst *S = dyn_cast<StoreInst>(I)) {
642 AddNonNullPointer(S->getPointerOperand(), PtrSet);
643 } else if (MemIntrinsic *MI = dyn_cast<MemIntrinsic>(I)) {
644 if (MI->isVolatile()) return;
645
646 // FIXME: check whether it has a valuerange that excludes zero?
647 ConstantInt *Len = dyn_cast<ConstantInt>(MI->getLength());
648 if (!Len || Len->isZero()) return;
649
650 AddNonNullPointer(MI->getRawDest(), PtrSet);
651 if (MemTransferInst *MTI = dyn_cast<MemTransferInst>(MI))
652 AddNonNullPointer(MTI->getRawSource(), PtrSet);
653 }
654 }
655
isNonNullAtEndOfBlock(Value * Val,BasicBlock * BB)656 bool LazyValueInfoImpl::isNonNullAtEndOfBlock(Value *Val, BasicBlock *BB) {
657 if (NullPointerIsDefined(BB->getParent(),
658 Val->getType()->getPointerAddressSpace()))
659 return false;
660
661 Val = Val->stripInBoundsOffsets();
662 return TheCache.isNonNullAtEndOfBlock(Val, BB, [](BasicBlock *BB) {
663 NonNullPointerSet NonNullPointers;
664 for (Instruction &I : *BB)
665 AddNonNullPointersByInstruction(&I, NonNullPointers);
666 return NonNullPointers;
667 });
668 }
669
solveBlockValueNonLocal(Value * Val,BasicBlock * BB)670 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueNonLocal(
671 Value *Val, BasicBlock *BB) {
672 ValueLatticeElement Result; // Start Undefined.
673
674 // If this is the entry block, we must be asking about an argument. The
675 // value is overdefined.
676 if (BB->isEntryBlock()) {
677 assert(isa<Argument>(Val) && "Unknown live-in to the entry block");
678 return ValueLatticeElement::getOverdefined();
679 }
680
681 // Loop over all of our predecessors, merging what we know from them into
682 // result. If we encounter an unexplored predecessor, we eagerly explore it
683 // in a depth first manner. In practice, this has the effect of discovering
684 // paths we can't analyze eagerly without spending compile times analyzing
685 // other paths. This heuristic benefits from the fact that predecessors are
686 // frequently arranged such that dominating ones come first and we quickly
687 // find a path to function entry. TODO: We should consider explicitly
688 // canonicalizing to make this true rather than relying on this happy
689 // accident.
690 for (BasicBlock *Pred : predecessors(BB)) {
691 Optional<ValueLatticeElement> EdgeResult = getEdgeValue(Val, Pred, BB);
692 if (!EdgeResult)
693 // Explore that input, then return here
694 return None;
695
696 Result.mergeIn(*EdgeResult);
697
698 // If we hit overdefined, exit early. The BlockVals entry is already set
699 // to overdefined.
700 if (Result.isOverdefined()) {
701 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName()
702 << "' - overdefined because of pred (non local).\n");
703 return Result;
704 }
705 }
706
707 // Return the merged value, which is more precise than 'overdefined'.
708 assert(!Result.isOverdefined());
709 return Result;
710 }
711
solveBlockValuePHINode(PHINode * PN,BasicBlock * BB)712 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValuePHINode(
713 PHINode *PN, BasicBlock *BB) {
714 ValueLatticeElement Result; // Start Undefined.
715
716 // Loop over all of our predecessors, merging what we know from them into
717 // result. See the comment about the chosen traversal order in
718 // solveBlockValueNonLocal; the same reasoning applies here.
719 for (unsigned i = 0, e = PN->getNumIncomingValues(); i != e; ++i) {
720 BasicBlock *PhiBB = PN->getIncomingBlock(i);
721 Value *PhiVal = PN->getIncomingValue(i);
722 // Note that we can provide PN as the context value to getEdgeValue, even
723 // though the results will be cached, because PN is the value being used as
724 // the cache key in the caller.
725 Optional<ValueLatticeElement> EdgeResult =
726 getEdgeValue(PhiVal, PhiBB, BB, PN);
727 if (!EdgeResult)
728 // Explore that input, then return here
729 return None;
730
731 Result.mergeIn(*EdgeResult);
732
733 // If we hit overdefined, exit early. The BlockVals entry is already set
734 // to overdefined.
735 if (Result.isOverdefined()) {
736 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName()
737 << "' - overdefined because of pred (local).\n");
738
739 return Result;
740 }
741 }
742
743 // Return the merged value, which is more precise than 'overdefined'.
744 assert(!Result.isOverdefined() && "Possible PHI in entry block?");
745 return Result;
746 }
747
748 static ValueLatticeElement getValueFromCondition(Value *Val, Value *Cond,
749 bool isTrueDest = true);
750
751 // If we can determine a constraint on the value given conditions assumed by
752 // the program, intersect those constraints with BBLV
intersectAssumeOrGuardBlockValueConstantRange(Value * Val,ValueLatticeElement & BBLV,Instruction * BBI)753 void LazyValueInfoImpl::intersectAssumeOrGuardBlockValueConstantRange(
754 Value *Val, ValueLatticeElement &BBLV, Instruction *BBI) {
755 BBI = BBI ? BBI : dyn_cast<Instruction>(Val);
756 if (!BBI)
757 return;
758
759 BasicBlock *BB = BBI->getParent();
760 for (auto &AssumeVH : AC->assumptionsFor(Val)) {
761 if (!AssumeVH)
762 continue;
763
764 // Only check assumes in the block of the context instruction. Other
765 // assumes will have already been taken into account when the value was
766 // propagated from predecessor blocks.
767 auto *I = cast<CallInst>(AssumeVH);
768 if (I->getParent() != BB || !isValidAssumeForContext(I, BBI))
769 continue;
770
771 BBLV = intersect(BBLV, getValueFromCondition(Val, I->getArgOperand(0)));
772 }
773
774 // If guards are not used in the module, don't spend time looking for them
775 if (GuardDecl && !GuardDecl->use_empty() &&
776 BBI->getIterator() != BB->begin()) {
777 for (Instruction &I : make_range(std::next(BBI->getIterator().getReverse()),
778 BB->rend())) {
779 Value *Cond = nullptr;
780 if (match(&I, m_Intrinsic<Intrinsic::experimental_guard>(m_Value(Cond))))
781 BBLV = intersect(BBLV, getValueFromCondition(Val, Cond));
782 }
783 }
784
785 if (BBLV.isOverdefined()) {
786 // Check whether we're checking at the terminator, and the pointer has
787 // been dereferenced in this block.
788 PointerType *PTy = dyn_cast<PointerType>(Val->getType());
789 if (PTy && BB->getTerminator() == BBI &&
790 isNonNullAtEndOfBlock(Val, BB))
791 BBLV = ValueLatticeElement::getNot(ConstantPointerNull::get(PTy));
792 }
793 }
794
solveBlockValueSelect(SelectInst * SI,BasicBlock * BB)795 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueSelect(
796 SelectInst *SI, BasicBlock *BB) {
797 // Recurse on our inputs if needed
798 Optional<ValueLatticeElement> OptTrueVal =
799 getBlockValue(SI->getTrueValue(), BB);
800 if (!OptTrueVal)
801 return None;
802 ValueLatticeElement &TrueVal = *OptTrueVal;
803
804 Optional<ValueLatticeElement> OptFalseVal =
805 getBlockValue(SI->getFalseValue(), BB);
806 if (!OptFalseVal)
807 return None;
808 ValueLatticeElement &FalseVal = *OptFalseVal;
809
810 if (TrueVal.isConstantRange() && FalseVal.isConstantRange()) {
811 const ConstantRange &TrueCR = TrueVal.getConstantRange();
812 const ConstantRange &FalseCR = FalseVal.getConstantRange();
813 Value *LHS = nullptr;
814 Value *RHS = nullptr;
815 SelectPatternResult SPR = matchSelectPattern(SI, LHS, RHS);
816 // Is this a min specifically of our two inputs? (Avoid the risk of
817 // ValueTracking getting smarter looking back past our immediate inputs.)
818 if (SelectPatternResult::isMinOrMax(SPR.Flavor) &&
819 LHS == SI->getTrueValue() && RHS == SI->getFalseValue()) {
820 ConstantRange ResultCR = [&]() {
821 switch (SPR.Flavor) {
822 default:
823 llvm_unreachable("unexpected minmax type!");
824 case SPF_SMIN: /// Signed minimum
825 return TrueCR.smin(FalseCR);
826 case SPF_UMIN: /// Unsigned minimum
827 return TrueCR.umin(FalseCR);
828 case SPF_SMAX: /// Signed maximum
829 return TrueCR.smax(FalseCR);
830 case SPF_UMAX: /// Unsigned maximum
831 return TrueCR.umax(FalseCR);
832 };
833 }();
834 return ValueLatticeElement::getRange(
835 ResultCR, TrueVal.isConstantRangeIncludingUndef() |
836 FalseVal.isConstantRangeIncludingUndef());
837 }
838
839 if (SPR.Flavor == SPF_ABS) {
840 if (LHS == SI->getTrueValue())
841 return ValueLatticeElement::getRange(
842 TrueCR.abs(), TrueVal.isConstantRangeIncludingUndef());
843 if (LHS == SI->getFalseValue())
844 return ValueLatticeElement::getRange(
845 FalseCR.abs(), FalseVal.isConstantRangeIncludingUndef());
846 }
847
848 if (SPR.Flavor == SPF_NABS) {
849 ConstantRange Zero(APInt::getNullValue(TrueCR.getBitWidth()));
850 if (LHS == SI->getTrueValue())
851 return ValueLatticeElement::getRange(
852 Zero.sub(TrueCR.abs()), FalseVal.isConstantRangeIncludingUndef());
853 if (LHS == SI->getFalseValue())
854 return ValueLatticeElement::getRange(
855 Zero.sub(FalseCR.abs()), FalseVal.isConstantRangeIncludingUndef());
856 }
857 }
858
859 // Can we constrain the facts about the true and false values by using the
860 // condition itself? This shows up with idioms like e.g. select(a > 5, a, 5).
861 // TODO: We could potentially refine an overdefined true value above.
862 Value *Cond = SI->getCondition();
863 TrueVal = intersect(TrueVal,
864 getValueFromCondition(SI->getTrueValue(), Cond, true));
865 FalseVal = intersect(FalseVal,
866 getValueFromCondition(SI->getFalseValue(), Cond, false));
867
868 ValueLatticeElement Result = TrueVal;
869 Result.mergeIn(FalseVal);
870 return Result;
871 }
872
getRangeFor(Value * V,Instruction * CxtI,BasicBlock * BB)873 Optional<ConstantRange> LazyValueInfoImpl::getRangeFor(Value *V,
874 Instruction *CxtI,
875 BasicBlock *BB) {
876 Optional<ValueLatticeElement> OptVal = getBlockValue(V, BB);
877 if (!OptVal)
878 return None;
879
880 ValueLatticeElement &Val = *OptVal;
881 intersectAssumeOrGuardBlockValueConstantRange(V, Val, CxtI);
882 if (Val.isConstantRange())
883 return Val.getConstantRange();
884
885 const unsigned OperandBitWidth = DL.getTypeSizeInBits(V->getType());
886 return ConstantRange::getFull(OperandBitWidth);
887 }
888
solveBlockValueCast(CastInst * CI,BasicBlock * BB)889 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueCast(
890 CastInst *CI, BasicBlock *BB) {
891 // Without knowing how wide the input is, we can't analyze it in any useful
892 // way.
893 if (!CI->getOperand(0)->getType()->isSized())
894 return ValueLatticeElement::getOverdefined();
895
896 // Filter out casts we don't know how to reason about before attempting to
897 // recurse on our operand. This can cut a long search short if we know we're
898 // not going to be able to get any useful information anways.
899 switch (CI->getOpcode()) {
900 case Instruction::Trunc:
901 case Instruction::SExt:
902 case Instruction::ZExt:
903 case Instruction::BitCast:
904 break;
905 default:
906 // Unhandled instructions are overdefined.
907 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName()
908 << "' - overdefined (unknown cast).\n");
909 return ValueLatticeElement::getOverdefined();
910 }
911
912 // Figure out the range of the LHS. If that fails, we still apply the
913 // transfer rule on the full set since we may be able to locally infer
914 // interesting facts.
915 Optional<ConstantRange> LHSRes = getRangeFor(CI->getOperand(0), CI, BB);
916 if (!LHSRes.hasValue())
917 // More work to do before applying this transfer rule.
918 return None;
919 const ConstantRange &LHSRange = LHSRes.getValue();
920
921 const unsigned ResultBitWidth = CI->getType()->getIntegerBitWidth();
922
923 // NOTE: We're currently limited by the set of operations that ConstantRange
924 // can evaluate symbolically. Enhancing that set will allows us to analyze
925 // more definitions.
926 return ValueLatticeElement::getRange(LHSRange.castOp(CI->getOpcode(),
927 ResultBitWidth));
928 }
929
solveBlockValueBinaryOpImpl(Instruction * I,BasicBlock * BB,std::function<ConstantRange (const ConstantRange &,const ConstantRange &)> OpFn)930 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueBinaryOpImpl(
931 Instruction *I, BasicBlock *BB,
932 std::function<ConstantRange(const ConstantRange &,
933 const ConstantRange &)> OpFn) {
934 // Figure out the ranges of the operands. If that fails, use a
935 // conservative range, but apply the transfer rule anyways. This
936 // lets us pick up facts from expressions like "and i32 (call i32
937 // @foo()), 32"
938 Optional<ConstantRange> LHSRes = getRangeFor(I->getOperand(0), I, BB);
939 Optional<ConstantRange> RHSRes = getRangeFor(I->getOperand(1), I, BB);
940 if (!LHSRes.hasValue() || !RHSRes.hasValue())
941 // More work to do before applying this transfer rule.
942 return None;
943
944 const ConstantRange &LHSRange = LHSRes.getValue();
945 const ConstantRange &RHSRange = RHSRes.getValue();
946 return ValueLatticeElement::getRange(OpFn(LHSRange, RHSRange));
947 }
948
solveBlockValueBinaryOp(BinaryOperator * BO,BasicBlock * BB)949 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueBinaryOp(
950 BinaryOperator *BO, BasicBlock *BB) {
951 assert(BO->getOperand(0)->getType()->isSized() &&
952 "all operands to binary operators are sized");
953 if (BO->getOpcode() == Instruction::Xor) {
954 // Xor is the only operation not supported by ConstantRange::binaryOp().
955 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName()
956 << "' - overdefined (unknown binary operator).\n");
957 return ValueLatticeElement::getOverdefined();
958 }
959
960 if (auto *OBO = dyn_cast<OverflowingBinaryOperator>(BO)) {
961 unsigned NoWrapKind = 0;
962 if (OBO->hasNoUnsignedWrap())
963 NoWrapKind |= OverflowingBinaryOperator::NoUnsignedWrap;
964 if (OBO->hasNoSignedWrap())
965 NoWrapKind |= OverflowingBinaryOperator::NoSignedWrap;
966
967 return solveBlockValueBinaryOpImpl(
968 BO, BB,
969 [BO, NoWrapKind](const ConstantRange &CR1, const ConstantRange &CR2) {
970 return CR1.overflowingBinaryOp(BO->getOpcode(), CR2, NoWrapKind);
971 });
972 }
973
974 return solveBlockValueBinaryOpImpl(
975 BO, BB, [BO](const ConstantRange &CR1, const ConstantRange &CR2) {
976 return CR1.binaryOp(BO->getOpcode(), CR2);
977 });
978 }
979
980 Optional<ValueLatticeElement>
solveBlockValueOverflowIntrinsic(WithOverflowInst * WO,BasicBlock * BB)981 LazyValueInfoImpl::solveBlockValueOverflowIntrinsic(WithOverflowInst *WO,
982 BasicBlock *BB) {
983 return solveBlockValueBinaryOpImpl(
984 WO, BB, [WO](const ConstantRange &CR1, const ConstantRange &CR2) {
985 return CR1.binaryOp(WO->getBinaryOp(), CR2);
986 });
987 }
988
solveBlockValueIntrinsic(IntrinsicInst * II,BasicBlock * BB)989 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueIntrinsic(
990 IntrinsicInst *II, BasicBlock *BB) {
991 if (!ConstantRange::isIntrinsicSupported(II->getIntrinsicID())) {
992 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName()
993 << "' - unknown intrinsic.\n");
994 return getFromRangeMetadata(II);
995 }
996
997 SmallVector<ConstantRange, 2> OpRanges;
998 for (Value *Op : II->args()) {
999 Optional<ConstantRange> Range = getRangeFor(Op, II, BB);
1000 if (!Range)
1001 return None;
1002 OpRanges.push_back(*Range);
1003 }
1004
1005 return ValueLatticeElement::getRange(
1006 ConstantRange::intrinsic(II->getIntrinsicID(), OpRanges));
1007 }
1008
solveBlockValueExtractValue(ExtractValueInst * EVI,BasicBlock * BB)1009 Optional<ValueLatticeElement> LazyValueInfoImpl::solveBlockValueExtractValue(
1010 ExtractValueInst *EVI, BasicBlock *BB) {
1011 if (auto *WO = dyn_cast<WithOverflowInst>(EVI->getAggregateOperand()))
1012 if (EVI->getNumIndices() == 1 && *EVI->idx_begin() == 0)
1013 return solveBlockValueOverflowIntrinsic(WO, BB);
1014
1015 // Handle extractvalue of insertvalue to allow further simplification
1016 // based on replaced with.overflow intrinsics.
1017 if (Value *V = SimplifyExtractValueInst(
1018 EVI->getAggregateOperand(), EVI->getIndices(),
1019 EVI->getModule()->getDataLayout()))
1020 return getBlockValue(V, BB);
1021
1022 LLVM_DEBUG(dbgs() << " compute BB '" << BB->getName()
1023 << "' - overdefined (unknown extractvalue).\n");
1024 return ValueLatticeElement::getOverdefined();
1025 }
1026
matchICmpOperand(APInt & Offset,Value * LHS,Value * Val,ICmpInst::Predicate Pred)1027 static bool matchICmpOperand(APInt &Offset, Value *LHS, Value *Val,
1028 ICmpInst::Predicate Pred) {
1029 if (LHS == Val)
1030 return true;
1031
1032 // Handle range checking idiom produced by InstCombine. We will subtract the
1033 // offset from the allowed range for RHS in this case.
1034 const APInt *C;
1035 if (match(LHS, m_Add(m_Specific(Val), m_APInt(C)))) {
1036 Offset = *C;
1037 return true;
1038 }
1039
1040 // Handle the symmetric case. This appears in saturation patterns like
1041 // (x == 16) ? 16 : (x + 1).
1042 if (match(Val, m_Add(m_Specific(LHS), m_APInt(C)))) {
1043 Offset = -*C;
1044 return true;
1045 }
1046
1047 // If (x | y) < C, then (x < C) && (y < C).
1048 if (match(LHS, m_c_Or(m_Specific(Val), m_Value())) &&
1049 (Pred == ICmpInst::ICMP_ULT || Pred == ICmpInst::ICMP_ULE))
1050 return true;
1051
1052 // If (x & y) > C, then (x > C) && (y > C).
1053 if (match(LHS, m_c_And(m_Specific(Val), m_Value())) &&
1054 (Pred == ICmpInst::ICMP_UGT || Pred == ICmpInst::ICMP_UGE))
1055 return true;
1056
1057 return false;
1058 }
1059
1060 /// Get value range for a "(Val + Offset) Pred RHS" condition.
getValueFromSimpleICmpCondition(CmpInst::Predicate Pred,Value * RHS,const APInt & Offset)1061 static ValueLatticeElement getValueFromSimpleICmpCondition(
1062 CmpInst::Predicate Pred, Value *RHS, const APInt &Offset) {
1063 ConstantRange RHSRange(RHS->getType()->getIntegerBitWidth(),
1064 /*isFullSet=*/true);
1065 if (ConstantInt *CI = dyn_cast<ConstantInt>(RHS))
1066 RHSRange = ConstantRange(CI->getValue());
1067 else if (Instruction *I = dyn_cast<Instruction>(RHS))
1068 if (auto *Ranges = I->getMetadata(LLVMContext::MD_range))
1069 RHSRange = getConstantRangeFromMetadata(*Ranges);
1070
1071 ConstantRange TrueValues =
1072 ConstantRange::makeAllowedICmpRegion(Pred, RHSRange);
1073 return ValueLatticeElement::getRange(TrueValues.subtract(Offset));
1074 }
1075
getValueFromICmpCondition(Value * Val,ICmpInst * ICI,bool isTrueDest)1076 static ValueLatticeElement getValueFromICmpCondition(Value *Val, ICmpInst *ICI,
1077 bool isTrueDest) {
1078 Value *LHS = ICI->getOperand(0);
1079 Value *RHS = ICI->getOperand(1);
1080
1081 // Get the predicate that must hold along the considered edge.
1082 CmpInst::Predicate EdgePred =
1083 isTrueDest ? ICI->getPredicate() : ICI->getInversePredicate();
1084
1085 if (isa<Constant>(RHS)) {
1086 if (ICI->isEquality() && LHS == Val) {
1087 if (EdgePred == ICmpInst::ICMP_EQ)
1088 return ValueLatticeElement::get(cast<Constant>(RHS));
1089 else if (!isa<UndefValue>(RHS))
1090 return ValueLatticeElement::getNot(cast<Constant>(RHS));
1091 }
1092 }
1093
1094 Type *Ty = Val->getType();
1095 if (!Ty->isIntegerTy())
1096 return ValueLatticeElement::getOverdefined();
1097
1098 APInt Offset(Ty->getScalarSizeInBits(), 0);
1099 if (matchICmpOperand(Offset, LHS, Val, EdgePred))
1100 return getValueFromSimpleICmpCondition(EdgePred, RHS, Offset);
1101
1102 CmpInst::Predicate SwappedPred = CmpInst::getSwappedPredicate(EdgePred);
1103 if (matchICmpOperand(Offset, RHS, Val, SwappedPred))
1104 return getValueFromSimpleICmpCondition(SwappedPred, LHS, Offset);
1105
1106 const APInt *Mask, *C;
1107 if (match(LHS, m_And(m_Specific(Val), m_APInt(Mask))) &&
1108 match(RHS, m_APInt(C))) {
1109 // If (Val & Mask) == C then all the masked bits are known and we can
1110 // compute a value range based on that.
1111 if (EdgePred == ICmpInst::ICMP_EQ) {
1112 KnownBits Known;
1113 Known.Zero = ~*C & *Mask;
1114 Known.One = *C & *Mask;
1115 return ValueLatticeElement::getRange(
1116 ConstantRange::fromKnownBits(Known, /*IsSigned*/ false));
1117 }
1118 // If (Val & Mask) != 0 then the value must be larger than the lowest set
1119 // bit of Mask.
1120 if (EdgePred == ICmpInst::ICMP_NE && !Mask->isNullValue() &&
1121 C->isNullValue()) {
1122 unsigned BitWidth = Ty->getIntegerBitWidth();
1123 return ValueLatticeElement::getRange(ConstantRange::getNonEmpty(
1124 APInt::getOneBitSet(BitWidth, Mask->countTrailingZeros()),
1125 APInt::getNullValue(BitWidth)));
1126 }
1127 }
1128
1129 return ValueLatticeElement::getOverdefined();
1130 }
1131
1132 // Handle conditions of the form
1133 // extractvalue(op.with.overflow(%x, C), 1).
getValueFromOverflowCondition(Value * Val,WithOverflowInst * WO,bool IsTrueDest)1134 static ValueLatticeElement getValueFromOverflowCondition(
1135 Value *Val, WithOverflowInst *WO, bool IsTrueDest) {
1136 // TODO: This only works with a constant RHS for now. We could also compute
1137 // the range of the RHS, but this doesn't fit into the current structure of
1138 // the edge value calculation.
1139 const APInt *C;
1140 if (WO->getLHS() != Val || !match(WO->getRHS(), m_APInt(C)))
1141 return ValueLatticeElement::getOverdefined();
1142
1143 // Calculate the possible values of %x for which no overflow occurs.
1144 ConstantRange NWR = ConstantRange::makeExactNoWrapRegion(
1145 WO->getBinaryOp(), *C, WO->getNoWrapKind());
1146
1147 // If overflow is false, %x is constrained to NWR. If overflow is true, %x is
1148 // constrained to it's inverse (all values that might cause overflow).
1149 if (IsTrueDest)
1150 NWR = NWR.inverse();
1151 return ValueLatticeElement::getRange(NWR);
1152 }
1153
1154 static Optional<ValueLatticeElement>
getValueFromConditionImpl(Value * Val,Value * Cond,bool isTrueDest,bool isRevisit,SmallDenseMap<Value *,ValueLatticeElement> & Visited,SmallVectorImpl<Value * > & Worklist)1155 getValueFromConditionImpl(Value *Val, Value *Cond, bool isTrueDest,
1156 bool isRevisit,
1157 SmallDenseMap<Value *, ValueLatticeElement> &Visited,
1158 SmallVectorImpl<Value *> &Worklist) {
1159 if (!isRevisit) {
1160 if (ICmpInst *ICI = dyn_cast<ICmpInst>(Cond))
1161 return getValueFromICmpCondition(Val, ICI, isTrueDest);
1162
1163 if (auto *EVI = dyn_cast<ExtractValueInst>(Cond))
1164 if (auto *WO = dyn_cast<WithOverflowInst>(EVI->getAggregateOperand()))
1165 if (EVI->getNumIndices() == 1 && *EVI->idx_begin() == 1)
1166 return getValueFromOverflowCondition(Val, WO, isTrueDest);
1167 }
1168
1169 Value *L, *R;
1170 bool IsAnd;
1171 if (match(Cond, m_LogicalAnd(m_Value(L), m_Value(R))))
1172 IsAnd = true;
1173 else if (match(Cond, m_LogicalOr(m_Value(L), m_Value(R))))
1174 IsAnd = false;
1175 else
1176 return ValueLatticeElement::getOverdefined();
1177
1178 auto LV = Visited.find(L);
1179 auto RV = Visited.find(R);
1180
1181 // if (L && R) -> intersect L and R
1182 // if (!(L || R)) -> intersect L and R
1183 // if (L || R) -> union L and R
1184 // if (!(L && R)) -> union L and R
1185 if ((isTrueDest ^ IsAnd) && (LV != Visited.end())) {
1186 ValueLatticeElement V = LV->second;
1187 if (V.isOverdefined())
1188 return V;
1189 if (RV != Visited.end()) {
1190 V.mergeIn(RV->second);
1191 return V;
1192 }
1193 }
1194
1195 if (LV == Visited.end() || RV == Visited.end()) {
1196 assert(!isRevisit);
1197 if (LV == Visited.end())
1198 Worklist.push_back(L);
1199 if (RV == Visited.end())
1200 Worklist.push_back(R);
1201 return None;
1202 }
1203
1204 return intersect(LV->second, RV->second);
1205 }
1206
getValueFromCondition(Value * Val,Value * Cond,bool isTrueDest)1207 ValueLatticeElement getValueFromCondition(Value *Val, Value *Cond,
1208 bool isTrueDest) {
1209 assert(Cond && "precondition");
1210 SmallDenseMap<Value*, ValueLatticeElement> Visited;
1211 SmallVector<Value *> Worklist;
1212
1213 Worklist.push_back(Cond);
1214 do {
1215 Value *CurrentCond = Worklist.back();
1216 // Insert an Overdefined placeholder into the set to prevent
1217 // infinite recursion if there exists IRs that use not
1218 // dominated by its def as in this example:
1219 // "%tmp3 = or i1 undef, %tmp4"
1220 // "%tmp4 = or i1 undef, %tmp3"
1221 auto Iter =
1222 Visited.try_emplace(CurrentCond, ValueLatticeElement::getOverdefined());
1223 bool isRevisit = !Iter.second;
1224 Optional<ValueLatticeElement> Result = getValueFromConditionImpl(
1225 Val, CurrentCond, isTrueDest, isRevisit, Visited, Worklist);
1226 if (Result) {
1227 Visited[CurrentCond] = *Result;
1228 Worklist.pop_back();
1229 }
1230 } while (!Worklist.empty());
1231
1232 auto Result = Visited.find(Cond);
1233 assert(Result != Visited.end());
1234 return Result->second;
1235 }
1236
1237 // Return true if Usr has Op as an operand, otherwise false.
usesOperand(User * Usr,Value * Op)1238 static bool usesOperand(User *Usr, Value *Op) {
1239 return is_contained(Usr->operands(), Op);
1240 }
1241
1242 // Return true if the instruction type of Val is supported by
1243 // constantFoldUser(). Currently CastInst, BinaryOperator and FreezeInst only.
1244 // Call this before calling constantFoldUser() to find out if it's even worth
1245 // attempting to call it.
isOperationFoldable(User * Usr)1246 static bool isOperationFoldable(User *Usr) {
1247 return isa<CastInst>(Usr) || isa<BinaryOperator>(Usr) || isa<FreezeInst>(Usr);
1248 }
1249
1250 // Check if Usr can be simplified to an integer constant when the value of one
1251 // of its operands Op is an integer constant OpConstVal. If so, return it as an
1252 // lattice value range with a single element or otherwise return an overdefined
1253 // lattice value.
constantFoldUser(User * Usr,Value * Op,const APInt & OpConstVal,const DataLayout & DL)1254 static ValueLatticeElement constantFoldUser(User *Usr, Value *Op,
1255 const APInt &OpConstVal,
1256 const DataLayout &DL) {
1257 assert(isOperationFoldable(Usr) && "Precondition");
1258 Constant* OpConst = Constant::getIntegerValue(Op->getType(), OpConstVal);
1259 // Check if Usr can be simplified to a constant.
1260 if (auto *CI = dyn_cast<CastInst>(Usr)) {
1261 assert(CI->getOperand(0) == Op && "Operand 0 isn't Op");
1262 if (auto *C = dyn_cast_or_null<ConstantInt>(
1263 SimplifyCastInst(CI->getOpcode(), OpConst,
1264 CI->getDestTy(), DL))) {
1265 return ValueLatticeElement::getRange(ConstantRange(C->getValue()));
1266 }
1267 } else if (auto *BO = dyn_cast<BinaryOperator>(Usr)) {
1268 bool Op0Match = BO->getOperand(0) == Op;
1269 bool Op1Match = BO->getOperand(1) == Op;
1270 assert((Op0Match || Op1Match) &&
1271 "Operand 0 nor Operand 1 isn't a match");
1272 Value *LHS = Op0Match ? OpConst : BO->getOperand(0);
1273 Value *RHS = Op1Match ? OpConst : BO->getOperand(1);
1274 if (auto *C = dyn_cast_or_null<ConstantInt>(
1275 SimplifyBinOp(BO->getOpcode(), LHS, RHS, DL))) {
1276 return ValueLatticeElement::getRange(ConstantRange(C->getValue()));
1277 }
1278 } else if (isa<FreezeInst>(Usr)) {
1279 assert(cast<FreezeInst>(Usr)->getOperand(0) == Op && "Operand 0 isn't Op");
1280 return ValueLatticeElement::getRange(ConstantRange(OpConstVal));
1281 }
1282 return ValueLatticeElement::getOverdefined();
1283 }
1284
1285 /// Compute the value of Val on the edge BBFrom -> BBTo. Returns false if
1286 /// Val is not constrained on the edge. Result is unspecified if return value
1287 /// is false.
getEdgeValueLocal(Value * Val,BasicBlock * BBFrom,BasicBlock * BBTo)1288 static Optional<ValueLatticeElement> getEdgeValueLocal(Value *Val,
1289 BasicBlock *BBFrom,
1290 BasicBlock *BBTo) {
1291 // TODO: Handle more complex conditionals. If (v == 0 || v2 < 1) is false, we
1292 // know that v != 0.
1293 if (BranchInst *BI = dyn_cast<BranchInst>(BBFrom->getTerminator())) {
1294 // If this is a conditional branch and only one successor goes to BBTo, then
1295 // we may be able to infer something from the condition.
1296 if (BI->isConditional() &&
1297 BI->getSuccessor(0) != BI->getSuccessor(1)) {
1298 bool isTrueDest = BI->getSuccessor(0) == BBTo;
1299 assert(BI->getSuccessor(!isTrueDest) == BBTo &&
1300 "BBTo isn't a successor of BBFrom");
1301 Value *Condition = BI->getCondition();
1302
1303 // If V is the condition of the branch itself, then we know exactly what
1304 // it is.
1305 if (Condition == Val)
1306 return ValueLatticeElement::get(ConstantInt::get(
1307 Type::getInt1Ty(Val->getContext()), isTrueDest));
1308
1309 // If the condition of the branch is an equality comparison, we may be
1310 // able to infer the value.
1311 ValueLatticeElement Result = getValueFromCondition(Val, Condition,
1312 isTrueDest);
1313 if (!Result.isOverdefined())
1314 return Result;
1315
1316 if (User *Usr = dyn_cast<User>(Val)) {
1317 assert(Result.isOverdefined() && "Result isn't overdefined");
1318 // Check with isOperationFoldable() first to avoid linearly iterating
1319 // over the operands unnecessarily which can be expensive for
1320 // instructions with many operands.
1321 if (isa<IntegerType>(Usr->getType()) && isOperationFoldable(Usr)) {
1322 const DataLayout &DL = BBTo->getModule()->getDataLayout();
1323 if (usesOperand(Usr, Condition)) {
1324 // If Val has Condition as an operand and Val can be folded into a
1325 // constant with either Condition == true or Condition == false,
1326 // propagate the constant.
1327 // eg.
1328 // ; %Val is true on the edge to %then.
1329 // %Val = and i1 %Condition, true.
1330 // br %Condition, label %then, label %else
1331 APInt ConditionVal(1, isTrueDest ? 1 : 0);
1332 Result = constantFoldUser(Usr, Condition, ConditionVal, DL);
1333 } else {
1334 // If one of Val's operand has an inferred value, we may be able to
1335 // infer the value of Val.
1336 // eg.
1337 // ; %Val is 94 on the edge to %then.
1338 // %Val = add i8 %Op, 1
1339 // %Condition = icmp eq i8 %Op, 93
1340 // br i1 %Condition, label %then, label %else
1341 for (unsigned i = 0; i < Usr->getNumOperands(); ++i) {
1342 Value *Op = Usr->getOperand(i);
1343 ValueLatticeElement OpLatticeVal =
1344 getValueFromCondition(Op, Condition, isTrueDest);
1345 if (Optional<APInt> OpConst = OpLatticeVal.asConstantInteger()) {
1346 Result = constantFoldUser(Usr, Op, OpConst.getValue(), DL);
1347 break;
1348 }
1349 }
1350 }
1351 }
1352 }
1353 if (!Result.isOverdefined())
1354 return Result;
1355 }
1356 }
1357
1358 // If the edge was formed by a switch on the value, then we may know exactly
1359 // what it is.
1360 if (SwitchInst *SI = dyn_cast<SwitchInst>(BBFrom->getTerminator())) {
1361 Value *Condition = SI->getCondition();
1362 if (!isa<IntegerType>(Val->getType()))
1363 return None;
1364 bool ValUsesConditionAndMayBeFoldable = false;
1365 if (Condition != Val) {
1366 // Check if Val has Condition as an operand.
1367 if (User *Usr = dyn_cast<User>(Val))
1368 ValUsesConditionAndMayBeFoldable = isOperationFoldable(Usr) &&
1369 usesOperand(Usr, Condition);
1370 if (!ValUsesConditionAndMayBeFoldable)
1371 return None;
1372 }
1373 assert((Condition == Val || ValUsesConditionAndMayBeFoldable) &&
1374 "Condition != Val nor Val doesn't use Condition");
1375
1376 bool DefaultCase = SI->getDefaultDest() == BBTo;
1377 unsigned BitWidth = Val->getType()->getIntegerBitWidth();
1378 ConstantRange EdgesVals(BitWidth, DefaultCase/*isFullSet*/);
1379
1380 for (auto Case : SI->cases()) {
1381 APInt CaseValue = Case.getCaseValue()->getValue();
1382 ConstantRange EdgeVal(CaseValue);
1383 if (ValUsesConditionAndMayBeFoldable) {
1384 User *Usr = cast<User>(Val);
1385 const DataLayout &DL = BBTo->getModule()->getDataLayout();
1386 ValueLatticeElement EdgeLatticeVal =
1387 constantFoldUser(Usr, Condition, CaseValue, DL);
1388 if (EdgeLatticeVal.isOverdefined())
1389 return None;
1390 EdgeVal = EdgeLatticeVal.getConstantRange();
1391 }
1392 if (DefaultCase) {
1393 // It is possible that the default destination is the destination of
1394 // some cases. We cannot perform difference for those cases.
1395 // We know Condition != CaseValue in BBTo. In some cases we can use
1396 // this to infer Val == f(Condition) is != f(CaseValue). For now, we
1397 // only do this when f is identity (i.e. Val == Condition), but we
1398 // should be able to do this for any injective f.
1399 if (Case.getCaseSuccessor() != BBTo && Condition == Val)
1400 EdgesVals = EdgesVals.difference(EdgeVal);
1401 } else if (Case.getCaseSuccessor() == BBTo)
1402 EdgesVals = EdgesVals.unionWith(EdgeVal);
1403 }
1404 return ValueLatticeElement::getRange(std::move(EdgesVals));
1405 }
1406 return None;
1407 }
1408
1409 /// Compute the value of Val on the edge BBFrom -> BBTo or the value at
1410 /// the basic block if the edge does not constrain Val.
getEdgeValue(Value * Val,BasicBlock * BBFrom,BasicBlock * BBTo,Instruction * CxtI)1411 Optional<ValueLatticeElement> LazyValueInfoImpl::getEdgeValue(
1412 Value *Val, BasicBlock *BBFrom, BasicBlock *BBTo, Instruction *CxtI) {
1413 // If already a constant, there is nothing to compute.
1414 if (Constant *VC = dyn_cast<Constant>(Val))
1415 return ValueLatticeElement::get(VC);
1416
1417 ValueLatticeElement LocalResult = getEdgeValueLocal(Val, BBFrom, BBTo)
1418 .getValueOr(ValueLatticeElement::getOverdefined());
1419 if (hasSingleValue(LocalResult))
1420 // Can't get any more precise here
1421 return LocalResult;
1422
1423 Optional<ValueLatticeElement> OptInBlock = getBlockValue(Val, BBFrom);
1424 if (!OptInBlock)
1425 return None;
1426 ValueLatticeElement &InBlock = *OptInBlock;
1427
1428 // Try to intersect ranges of the BB and the constraint on the edge.
1429 intersectAssumeOrGuardBlockValueConstantRange(Val, InBlock,
1430 BBFrom->getTerminator());
1431 // We can use the context instruction (generically the ultimate instruction
1432 // the calling pass is trying to simplify) here, even though the result of
1433 // this function is generally cached when called from the solve* functions
1434 // (and that cached result might be used with queries using a different
1435 // context instruction), because when this function is called from the solve*
1436 // functions, the context instruction is not provided. When called from
1437 // LazyValueInfoImpl::getValueOnEdge, the context instruction is provided,
1438 // but then the result is not cached.
1439 intersectAssumeOrGuardBlockValueConstantRange(Val, InBlock, CxtI);
1440
1441 return intersect(LocalResult, InBlock);
1442 }
1443
getValueInBlock(Value * V,BasicBlock * BB,Instruction * CxtI)1444 ValueLatticeElement LazyValueInfoImpl::getValueInBlock(Value *V, BasicBlock *BB,
1445 Instruction *CxtI) {
1446 LLVM_DEBUG(dbgs() << "LVI Getting block end value " << *V << " at '"
1447 << BB->getName() << "'\n");
1448
1449 assert(BlockValueStack.empty() && BlockValueSet.empty());
1450 Optional<ValueLatticeElement> OptResult = getBlockValue(V, BB);
1451 if (!OptResult) {
1452 solve();
1453 OptResult = getBlockValue(V, BB);
1454 assert(OptResult && "Value not available after solving");
1455 }
1456 ValueLatticeElement Result = *OptResult;
1457 intersectAssumeOrGuardBlockValueConstantRange(V, Result, CxtI);
1458
1459 LLVM_DEBUG(dbgs() << " Result = " << Result << "\n");
1460 return Result;
1461 }
1462
getValueAt(Value * V,Instruction * CxtI)1463 ValueLatticeElement LazyValueInfoImpl::getValueAt(Value *V, Instruction *CxtI) {
1464 LLVM_DEBUG(dbgs() << "LVI Getting value " << *V << " at '" << CxtI->getName()
1465 << "'\n");
1466
1467 if (auto *C = dyn_cast<Constant>(V))
1468 return ValueLatticeElement::get(C);
1469
1470 ValueLatticeElement Result = ValueLatticeElement::getOverdefined();
1471 if (auto *I = dyn_cast<Instruction>(V))
1472 Result = getFromRangeMetadata(I);
1473 intersectAssumeOrGuardBlockValueConstantRange(V, Result, CxtI);
1474
1475 LLVM_DEBUG(dbgs() << " Result = " << Result << "\n");
1476 return Result;
1477 }
1478
1479 ValueLatticeElement LazyValueInfoImpl::
getValueOnEdge(Value * V,BasicBlock * FromBB,BasicBlock * ToBB,Instruction * CxtI)1480 getValueOnEdge(Value *V, BasicBlock *FromBB, BasicBlock *ToBB,
1481 Instruction *CxtI) {
1482 LLVM_DEBUG(dbgs() << "LVI Getting edge value " << *V << " from '"
1483 << FromBB->getName() << "' to '" << ToBB->getName()
1484 << "'\n");
1485
1486 Optional<ValueLatticeElement> Result = getEdgeValue(V, FromBB, ToBB, CxtI);
1487 if (!Result) {
1488 solve();
1489 Result = getEdgeValue(V, FromBB, ToBB, CxtI);
1490 assert(Result && "More work to do after problem solved?");
1491 }
1492
1493 LLVM_DEBUG(dbgs() << " Result = " << *Result << "\n");
1494 return *Result;
1495 }
1496
threadEdge(BasicBlock * PredBB,BasicBlock * OldSucc,BasicBlock * NewSucc)1497 void LazyValueInfoImpl::threadEdge(BasicBlock *PredBB, BasicBlock *OldSucc,
1498 BasicBlock *NewSucc) {
1499 TheCache.threadEdgeImpl(OldSucc, NewSucc);
1500 }
1501
1502 //===----------------------------------------------------------------------===//
1503 // LazyValueInfo Impl
1504 //===----------------------------------------------------------------------===//
1505
1506 /// This lazily constructs the LazyValueInfoImpl.
getImpl(void * & PImpl,AssumptionCache * AC,const Module * M)1507 static LazyValueInfoImpl &getImpl(void *&PImpl, AssumptionCache *AC,
1508 const Module *M) {
1509 if (!PImpl) {
1510 assert(M && "getCache() called with a null Module");
1511 const DataLayout &DL = M->getDataLayout();
1512 Function *GuardDecl = M->getFunction(
1513 Intrinsic::getName(Intrinsic::experimental_guard));
1514 PImpl = new LazyValueInfoImpl(AC, DL, GuardDecl);
1515 }
1516 return *static_cast<LazyValueInfoImpl*>(PImpl);
1517 }
1518
runOnFunction(Function & F)1519 bool LazyValueInfoWrapperPass::runOnFunction(Function &F) {
1520 Info.AC = &getAnalysis<AssumptionCacheTracker>().getAssumptionCache(F);
1521 Info.TLI = &getAnalysis<TargetLibraryInfoWrapperPass>().getTLI(F);
1522
1523 if (Info.PImpl)
1524 getImpl(Info.PImpl, Info.AC, F.getParent()).clear();
1525
1526 // Fully lazy.
1527 return false;
1528 }
1529
getAnalysisUsage(AnalysisUsage & AU) const1530 void LazyValueInfoWrapperPass::getAnalysisUsage(AnalysisUsage &AU) const {
1531 AU.setPreservesAll();
1532 AU.addRequired<AssumptionCacheTracker>();
1533 AU.addRequired<TargetLibraryInfoWrapperPass>();
1534 }
1535
getLVI()1536 LazyValueInfo &LazyValueInfoWrapperPass::getLVI() { return Info; }
1537
~LazyValueInfo()1538 LazyValueInfo::~LazyValueInfo() { releaseMemory(); }
1539
releaseMemory()1540 void LazyValueInfo::releaseMemory() {
1541 // If the cache was allocated, free it.
1542 if (PImpl) {
1543 delete &getImpl(PImpl, AC, nullptr);
1544 PImpl = nullptr;
1545 }
1546 }
1547
invalidate(Function & F,const PreservedAnalyses & PA,FunctionAnalysisManager::Invalidator & Inv)1548 bool LazyValueInfo::invalidate(Function &F, const PreservedAnalyses &PA,
1549 FunctionAnalysisManager::Invalidator &Inv) {
1550 // We need to invalidate if we have either failed to preserve this analyses
1551 // result directly or if any of its dependencies have been invalidated.
1552 auto PAC = PA.getChecker<LazyValueAnalysis>();
1553 if (!(PAC.preserved() || PAC.preservedSet<AllAnalysesOn<Function>>()))
1554 return true;
1555
1556 return false;
1557 }
1558
releaseMemory()1559 void LazyValueInfoWrapperPass::releaseMemory() { Info.releaseMemory(); }
1560
run(Function & F,FunctionAnalysisManager & FAM)1561 LazyValueInfo LazyValueAnalysis::run(Function &F,
1562 FunctionAnalysisManager &FAM) {
1563 auto &AC = FAM.getResult<AssumptionAnalysis>(F);
1564 auto &TLI = FAM.getResult<TargetLibraryAnalysis>(F);
1565
1566 return LazyValueInfo(&AC, &F.getParent()->getDataLayout(), &TLI);
1567 }
1568
1569 /// Returns true if we can statically tell that this value will never be a
1570 /// "useful" constant. In practice, this means we've got something like an
1571 /// alloca or a malloc call for which a comparison against a constant can
1572 /// only be guarding dead code. Note that we are potentially giving up some
1573 /// precision in dead code (a constant result) in favour of avoiding a
1574 /// expensive search for a easily answered common query.
isKnownNonConstant(Value * V)1575 static bool isKnownNonConstant(Value *V) {
1576 V = V->stripPointerCasts();
1577 // The return val of alloc cannot be a Constant.
1578 if (isa<AllocaInst>(V))
1579 return true;
1580 return false;
1581 }
1582
getConstant(Value * V,Instruction * CxtI)1583 Constant *LazyValueInfo::getConstant(Value *V, Instruction *CxtI) {
1584 // Bail out early if V is known not to be a Constant.
1585 if (isKnownNonConstant(V))
1586 return nullptr;
1587
1588 BasicBlock *BB = CxtI->getParent();
1589 ValueLatticeElement Result =
1590 getImpl(PImpl, AC, BB->getModule()).getValueInBlock(V, BB, CxtI);
1591
1592 if (Result.isConstant())
1593 return Result.getConstant();
1594 if (Result.isConstantRange()) {
1595 const ConstantRange &CR = Result.getConstantRange();
1596 if (const APInt *SingleVal = CR.getSingleElement())
1597 return ConstantInt::get(V->getContext(), *SingleVal);
1598 }
1599 return nullptr;
1600 }
1601
getConstantRange(Value * V,Instruction * CxtI,bool UndefAllowed)1602 ConstantRange LazyValueInfo::getConstantRange(Value *V, Instruction *CxtI,
1603 bool UndefAllowed) {
1604 assert(V->getType()->isIntegerTy());
1605 unsigned Width = V->getType()->getIntegerBitWidth();
1606 BasicBlock *BB = CxtI->getParent();
1607 ValueLatticeElement Result =
1608 getImpl(PImpl, AC, BB->getModule()).getValueInBlock(V, BB, CxtI);
1609 if (Result.isUnknown())
1610 return ConstantRange::getEmpty(Width);
1611 if (Result.isConstantRange(UndefAllowed))
1612 return Result.getConstantRange(UndefAllowed);
1613 // We represent ConstantInt constants as constant ranges but other kinds
1614 // of integer constants, i.e. ConstantExpr will be tagged as constants
1615 assert(!(Result.isConstant() && isa<ConstantInt>(Result.getConstant())) &&
1616 "ConstantInt value must be represented as constantrange");
1617 return ConstantRange::getFull(Width);
1618 }
1619
1620 /// Determine whether the specified value is known to be a
1621 /// constant on the specified edge. Return null if not.
getConstantOnEdge(Value * V,BasicBlock * FromBB,BasicBlock * ToBB,Instruction * CxtI)1622 Constant *LazyValueInfo::getConstantOnEdge(Value *V, BasicBlock *FromBB,
1623 BasicBlock *ToBB,
1624 Instruction *CxtI) {
1625 Module *M = FromBB->getModule();
1626 ValueLatticeElement Result =
1627 getImpl(PImpl, AC, M).getValueOnEdge(V, FromBB, ToBB, CxtI);
1628
1629 if (Result.isConstant())
1630 return Result.getConstant();
1631 if (Result.isConstantRange()) {
1632 const ConstantRange &CR = Result.getConstantRange();
1633 if (const APInt *SingleVal = CR.getSingleElement())
1634 return ConstantInt::get(V->getContext(), *SingleVal);
1635 }
1636 return nullptr;
1637 }
1638
getConstantRangeOnEdge(Value * V,BasicBlock * FromBB,BasicBlock * ToBB,Instruction * CxtI)1639 ConstantRange LazyValueInfo::getConstantRangeOnEdge(Value *V,
1640 BasicBlock *FromBB,
1641 BasicBlock *ToBB,
1642 Instruction *CxtI) {
1643 unsigned Width = V->getType()->getIntegerBitWidth();
1644 Module *M = FromBB->getModule();
1645 ValueLatticeElement Result =
1646 getImpl(PImpl, AC, M).getValueOnEdge(V, FromBB, ToBB, CxtI);
1647
1648 if (Result.isUnknown())
1649 return ConstantRange::getEmpty(Width);
1650 if (Result.isConstantRange())
1651 return Result.getConstantRange();
1652 // We represent ConstantInt constants as constant ranges but other kinds
1653 // of integer constants, i.e. ConstantExpr will be tagged as constants
1654 assert(!(Result.isConstant() && isa<ConstantInt>(Result.getConstant())) &&
1655 "ConstantInt value must be represented as constantrange");
1656 return ConstantRange::getFull(Width);
1657 }
1658
1659 static LazyValueInfo::Tristate
getPredicateResult(unsigned Pred,Constant * C,const ValueLatticeElement & Val,const DataLayout & DL,TargetLibraryInfo * TLI)1660 getPredicateResult(unsigned Pred, Constant *C, const ValueLatticeElement &Val,
1661 const DataLayout &DL, TargetLibraryInfo *TLI) {
1662 // If we know the value is a constant, evaluate the conditional.
1663 Constant *Res = nullptr;
1664 if (Val.isConstant()) {
1665 Res = ConstantFoldCompareInstOperands(Pred, Val.getConstant(), C, DL, TLI);
1666 if (ConstantInt *ResCI = dyn_cast<ConstantInt>(Res))
1667 return ResCI->isZero() ? LazyValueInfo::False : LazyValueInfo::True;
1668 return LazyValueInfo::Unknown;
1669 }
1670
1671 if (Val.isConstantRange()) {
1672 ConstantInt *CI = dyn_cast<ConstantInt>(C);
1673 if (!CI) return LazyValueInfo::Unknown;
1674
1675 const ConstantRange &CR = Val.getConstantRange();
1676 if (Pred == ICmpInst::ICMP_EQ) {
1677 if (!CR.contains(CI->getValue()))
1678 return LazyValueInfo::False;
1679
1680 if (CR.isSingleElement())
1681 return LazyValueInfo::True;
1682 } else if (Pred == ICmpInst::ICMP_NE) {
1683 if (!CR.contains(CI->getValue()))
1684 return LazyValueInfo::True;
1685
1686 if (CR.isSingleElement())
1687 return LazyValueInfo::False;
1688 } else {
1689 // Handle more complex predicates.
1690 ConstantRange TrueValues = ConstantRange::makeExactICmpRegion(
1691 (ICmpInst::Predicate)Pred, CI->getValue());
1692 if (TrueValues.contains(CR))
1693 return LazyValueInfo::True;
1694 if (TrueValues.inverse().contains(CR))
1695 return LazyValueInfo::False;
1696 }
1697 return LazyValueInfo::Unknown;
1698 }
1699
1700 if (Val.isNotConstant()) {
1701 // If this is an equality comparison, we can try to fold it knowing that
1702 // "V != C1".
1703 if (Pred == ICmpInst::ICMP_EQ) {
1704 // !C1 == C -> false iff C1 == C.
1705 Res = ConstantFoldCompareInstOperands(ICmpInst::ICMP_NE,
1706 Val.getNotConstant(), C, DL,
1707 TLI);
1708 if (Res->isNullValue())
1709 return LazyValueInfo::False;
1710 } else if (Pred == ICmpInst::ICMP_NE) {
1711 // !C1 != C -> true iff C1 == C.
1712 Res = ConstantFoldCompareInstOperands(ICmpInst::ICMP_NE,
1713 Val.getNotConstant(), C, DL,
1714 TLI);
1715 if (Res->isNullValue())
1716 return LazyValueInfo::True;
1717 }
1718 return LazyValueInfo::Unknown;
1719 }
1720
1721 return LazyValueInfo::Unknown;
1722 }
1723
1724 /// Determine whether the specified value comparison with a constant is known to
1725 /// be true or false on the specified CFG edge. Pred is a CmpInst predicate.
1726 LazyValueInfo::Tristate
getPredicateOnEdge(unsigned Pred,Value * V,Constant * C,BasicBlock * FromBB,BasicBlock * ToBB,Instruction * CxtI)1727 LazyValueInfo::getPredicateOnEdge(unsigned Pred, Value *V, Constant *C,
1728 BasicBlock *FromBB, BasicBlock *ToBB,
1729 Instruction *CxtI) {
1730 Module *M = FromBB->getModule();
1731 ValueLatticeElement Result =
1732 getImpl(PImpl, AC, M).getValueOnEdge(V, FromBB, ToBB, CxtI);
1733
1734 return getPredicateResult(Pred, C, Result, M->getDataLayout(), TLI);
1735 }
1736
1737 LazyValueInfo::Tristate
getPredicateAt(unsigned Pred,Value * V,Constant * C,Instruction * CxtI,bool UseBlockValue)1738 LazyValueInfo::getPredicateAt(unsigned Pred, Value *V, Constant *C,
1739 Instruction *CxtI, bool UseBlockValue) {
1740 // Is or is not NonNull are common predicates being queried. If
1741 // isKnownNonZero can tell us the result of the predicate, we can
1742 // return it quickly. But this is only a fastpath, and falling
1743 // through would still be correct.
1744 Module *M = CxtI->getModule();
1745 const DataLayout &DL = M->getDataLayout();
1746 if (V->getType()->isPointerTy() && C->isNullValue() &&
1747 isKnownNonZero(V->stripPointerCastsSameRepresentation(), DL)) {
1748 if (Pred == ICmpInst::ICMP_EQ)
1749 return LazyValueInfo::False;
1750 else if (Pred == ICmpInst::ICMP_NE)
1751 return LazyValueInfo::True;
1752 }
1753
1754 ValueLatticeElement Result = UseBlockValue
1755 ? getImpl(PImpl, AC, M).getValueInBlock(V, CxtI->getParent(), CxtI)
1756 : getImpl(PImpl, AC, M).getValueAt(V, CxtI);
1757 Tristate Ret = getPredicateResult(Pred, C, Result, DL, TLI);
1758 if (Ret != Unknown)
1759 return Ret;
1760
1761 // Note: The following bit of code is somewhat distinct from the rest of LVI;
1762 // LVI as a whole tries to compute a lattice value which is conservatively
1763 // correct at a given location. In this case, we have a predicate which we
1764 // weren't able to prove about the merged result, and we're pushing that
1765 // predicate back along each incoming edge to see if we can prove it
1766 // separately for each input. As a motivating example, consider:
1767 // bb1:
1768 // %v1 = ... ; constantrange<1, 5>
1769 // br label %merge
1770 // bb2:
1771 // %v2 = ... ; constantrange<10, 20>
1772 // br label %merge
1773 // merge:
1774 // %phi = phi [%v1, %v2] ; constantrange<1,20>
1775 // %pred = icmp eq i32 %phi, 8
1776 // We can't tell from the lattice value for '%phi' that '%pred' is false
1777 // along each path, but by checking the predicate over each input separately,
1778 // we can.
1779 // We limit the search to one step backwards from the current BB and value.
1780 // We could consider extending this to search further backwards through the
1781 // CFG and/or value graph, but there are non-obvious compile time vs quality
1782 // tradeoffs.
1783 if (CxtI) {
1784 BasicBlock *BB = CxtI->getParent();
1785
1786 // Function entry or an unreachable block. Bail to avoid confusing
1787 // analysis below.
1788 pred_iterator PI = pred_begin(BB), PE = pred_end(BB);
1789 if (PI == PE)
1790 return Unknown;
1791
1792 // If V is a PHI node in the same block as the context, we need to ask
1793 // questions about the predicate as applied to the incoming value along
1794 // each edge. This is useful for eliminating cases where the predicate is
1795 // known along all incoming edges.
1796 if (auto *PHI = dyn_cast<PHINode>(V))
1797 if (PHI->getParent() == BB) {
1798 Tristate Baseline = Unknown;
1799 for (unsigned i = 0, e = PHI->getNumIncomingValues(); i < e; i++) {
1800 Value *Incoming = PHI->getIncomingValue(i);
1801 BasicBlock *PredBB = PHI->getIncomingBlock(i);
1802 // Note that PredBB may be BB itself.
1803 Tristate Result = getPredicateOnEdge(Pred, Incoming, C, PredBB, BB,
1804 CxtI);
1805
1806 // Keep going as long as we've seen a consistent known result for
1807 // all inputs.
1808 Baseline = (i == 0) ? Result /* First iteration */
1809 : (Baseline == Result ? Baseline : Unknown); /* All others */
1810 if (Baseline == Unknown)
1811 break;
1812 }
1813 if (Baseline != Unknown)
1814 return Baseline;
1815 }
1816
1817 // For a comparison where the V is outside this block, it's possible
1818 // that we've branched on it before. Look to see if the value is known
1819 // on all incoming edges.
1820 if (!isa<Instruction>(V) ||
1821 cast<Instruction>(V)->getParent() != BB) {
1822 // For predecessor edge, determine if the comparison is true or false
1823 // on that edge. If they're all true or all false, we can conclude
1824 // the value of the comparison in this block.
1825 Tristate Baseline = getPredicateOnEdge(Pred, V, C, *PI, BB, CxtI);
1826 if (Baseline != Unknown) {
1827 // Check that all remaining incoming values match the first one.
1828 while (++PI != PE) {
1829 Tristate Ret = getPredicateOnEdge(Pred, V, C, *PI, BB, CxtI);
1830 if (Ret != Baseline) break;
1831 }
1832 // If we terminated early, then one of the values didn't match.
1833 if (PI == PE) {
1834 return Baseline;
1835 }
1836 }
1837 }
1838 }
1839 return Unknown;
1840 }
1841
getPredicateAt(unsigned P,Value * LHS,Value * RHS,Instruction * CxtI,bool UseBlockValue)1842 LazyValueInfo::Tristate LazyValueInfo::getPredicateAt(unsigned P, Value *LHS,
1843 Value *RHS,
1844 Instruction *CxtI,
1845 bool UseBlockValue) {
1846 CmpInst::Predicate Pred = (CmpInst::Predicate)P;
1847
1848 if (auto *C = dyn_cast<Constant>(RHS))
1849 return getPredicateAt(P, LHS, C, CxtI, UseBlockValue);
1850 if (auto *C = dyn_cast<Constant>(LHS))
1851 return getPredicateAt(CmpInst::getSwappedPredicate(Pred), RHS, C, CxtI,
1852 UseBlockValue);
1853
1854 // Got two non-Constant values. While we could handle them somewhat,
1855 // by getting their constant ranges, and applying ConstantRange::icmp(),
1856 // so far it did not appear to be profitable.
1857 return LazyValueInfo::Unknown;
1858 }
1859
threadEdge(BasicBlock * PredBB,BasicBlock * OldSucc,BasicBlock * NewSucc)1860 void LazyValueInfo::threadEdge(BasicBlock *PredBB, BasicBlock *OldSucc,
1861 BasicBlock *NewSucc) {
1862 if (PImpl) {
1863 getImpl(PImpl, AC, PredBB->getModule())
1864 .threadEdge(PredBB, OldSucc, NewSucc);
1865 }
1866 }
1867
eraseBlock(BasicBlock * BB)1868 void LazyValueInfo::eraseBlock(BasicBlock *BB) {
1869 if (PImpl) {
1870 getImpl(PImpl, AC, BB->getModule()).eraseBlock(BB);
1871 }
1872 }
1873
1874
printLVI(Function & F,DominatorTree & DTree,raw_ostream & OS)1875 void LazyValueInfo::printLVI(Function &F, DominatorTree &DTree, raw_ostream &OS) {
1876 if (PImpl) {
1877 getImpl(PImpl, AC, F.getParent()).printLVI(F, DTree, OS);
1878 }
1879 }
1880
1881 // Print the LVI for the function arguments at the start of each basic block.
emitBasicBlockStartAnnot(const BasicBlock * BB,formatted_raw_ostream & OS)1882 void LazyValueInfoAnnotatedWriter::emitBasicBlockStartAnnot(
1883 const BasicBlock *BB, formatted_raw_ostream &OS) {
1884 // Find if there are latticevalues defined for arguments of the function.
1885 auto *F = BB->getParent();
1886 for (auto &Arg : F->args()) {
1887 ValueLatticeElement Result = LVIImpl->getValueInBlock(
1888 const_cast<Argument *>(&Arg), const_cast<BasicBlock *>(BB));
1889 if (Result.isUnknown())
1890 continue;
1891 OS << "; LatticeVal for: '" << Arg << "' is: " << Result << "\n";
1892 }
1893 }
1894
1895 // This function prints the LVI analysis for the instruction I at the beginning
1896 // of various basic blocks. It relies on calculated values that are stored in
1897 // the LazyValueInfoCache, and in the absence of cached values, recalculate the
1898 // LazyValueInfo for `I`, and print that info.
emitInstructionAnnot(const Instruction * I,formatted_raw_ostream & OS)1899 void LazyValueInfoAnnotatedWriter::emitInstructionAnnot(
1900 const Instruction *I, formatted_raw_ostream &OS) {
1901
1902 auto *ParentBB = I->getParent();
1903 SmallPtrSet<const BasicBlock*, 16> BlocksContainingLVI;
1904 // We can generate (solve) LVI values only for blocks that are dominated by
1905 // the I's parent. However, to avoid generating LVI for all dominating blocks,
1906 // that contain redundant/uninteresting information, we print LVI for
1907 // blocks that may use this LVI information (such as immediate successor
1908 // blocks, and blocks that contain uses of `I`).
1909 auto printResult = [&](const BasicBlock *BB) {
1910 if (!BlocksContainingLVI.insert(BB).second)
1911 return;
1912 ValueLatticeElement Result = LVIImpl->getValueInBlock(
1913 const_cast<Instruction *>(I), const_cast<BasicBlock *>(BB));
1914 OS << "; LatticeVal for: '" << *I << "' in BB: '";
1915 BB->printAsOperand(OS, false);
1916 OS << "' is: " << Result << "\n";
1917 };
1918
1919 printResult(ParentBB);
1920 // Print the LVI analysis results for the immediate successor blocks, that
1921 // are dominated by `ParentBB`.
1922 for (auto *BBSucc : successors(ParentBB))
1923 if (DT.dominates(ParentBB, BBSucc))
1924 printResult(BBSucc);
1925
1926 // Print LVI in blocks where `I` is used.
1927 for (auto *U : I->users())
1928 if (auto *UseI = dyn_cast<Instruction>(U))
1929 if (!isa<PHINode>(UseI) || DT.dominates(ParentBB, UseI->getParent()))
1930 printResult(UseI->getParent());
1931
1932 }
1933
1934 namespace {
1935 // Printer class for LazyValueInfo results.
1936 class LazyValueInfoPrinter : public FunctionPass {
1937 public:
1938 static char ID; // Pass identification, replacement for typeid
LazyValueInfoPrinter()1939 LazyValueInfoPrinter() : FunctionPass(ID) {
1940 initializeLazyValueInfoPrinterPass(*PassRegistry::getPassRegistry());
1941 }
1942
getAnalysisUsage(AnalysisUsage & AU) const1943 void getAnalysisUsage(AnalysisUsage &AU) const override {
1944 AU.setPreservesAll();
1945 AU.addRequired<LazyValueInfoWrapperPass>();
1946 AU.addRequired<DominatorTreeWrapperPass>();
1947 }
1948
1949 // Get the mandatory dominator tree analysis and pass this in to the
1950 // LVIPrinter. We cannot rely on the LVI's DT, since it's optional.
runOnFunction(Function & F)1951 bool runOnFunction(Function &F) override {
1952 dbgs() << "LVI for function '" << F.getName() << "':\n";
1953 auto &LVI = getAnalysis<LazyValueInfoWrapperPass>().getLVI();
1954 auto &DTree = getAnalysis<DominatorTreeWrapperPass>().getDomTree();
1955 LVI.printLVI(F, DTree, dbgs());
1956 return false;
1957 }
1958 };
1959 }
1960
1961 char LazyValueInfoPrinter::ID = 0;
1962 INITIALIZE_PASS_BEGIN(LazyValueInfoPrinter, "print-lazy-value-info",
1963 "Lazy Value Info Printer Pass", false, false)
1964 INITIALIZE_PASS_DEPENDENCY(LazyValueInfoWrapperPass)
1965 INITIALIZE_PASS_END(LazyValueInfoPrinter, "print-lazy-value-info",
1966 "Lazy Value Info Printer Pass", false, false)
1967