LLVM  mainline
ArgumentPromotion.cpp
Go to the documentation of this file.
00001 //===-- ArgumentPromotion.cpp - Promote by-reference arguments ------------===//
00002 //
00003 //                     The LLVM Compiler Infrastructure
00004 //
00005 // This file is distributed under the University of Illinois Open Source
00006 // License. See LICENSE.TXT for details.
00007 //
00008 //===----------------------------------------------------------------------===//
00009 //
00010 // This pass promotes "by reference" arguments to be "by value" arguments.  In
00011 // practice, this means looking for internal functions that have pointer
00012 // arguments.  If it can prove, through the use of alias analysis, that an
00013 // argument is *only* loaded, then it can pass the value into the function
00014 // instead of the address of the value.  This can cause recursive simplification
00015 // of code and lead to the elimination of allocas (especially in C++ template
00016 // code like the STL).
00017 //
00018 // This pass also handles aggregate arguments that are passed into a function,
00019 // scalarizing them if the elements of the aggregate are only loaded.  Note that
00020 // by default it refuses to scalarize aggregates which would require passing in
00021 // more than three operands to the function, because passing thousands of
00022 // operands for a large array or structure is unprofitable! This limit can be
00023 // configured or disabled, however.
00024 //
00025 // Note that this transformation could also be done for arguments that are only
00026 // stored to (returning the value instead), but does not currently.  This case
00027 // would be best handled when and if LLVM begins supporting multiple return
00028 // values from functions.
00029 //
00030 //===----------------------------------------------------------------------===//
00031 
00032 #include "llvm/Transforms/IPO.h"
00033 #include "llvm/ADT/DepthFirstIterator.h"
00034 #include "llvm/ADT/Statistic.h"
00035 #include "llvm/ADT/StringExtras.h"
00036 #include "llvm/Analysis/AliasAnalysis.h"
00037 #include "llvm/Analysis/CallGraph.h"
00038 #include "llvm/Analysis/CallGraphSCCPass.h"
00039 #include "llvm/Analysis/ValueTracking.h"
00040 #include "llvm/IR/CFG.h"
00041 #include "llvm/IR/CallSite.h"
00042 #include "llvm/IR/Constants.h"
00043 #include "llvm/IR/DataLayout.h"
00044 #include "llvm/IR/DebugInfo.h"
00045 #include "llvm/IR/DerivedTypes.h"
00046 #include "llvm/IR/Instructions.h"
00047 #include "llvm/IR/LLVMContext.h"
00048 #include "llvm/IR/Module.h"
00049 #include "llvm/Support/Debug.h"
00050 #include "llvm/Support/raw_ostream.h"
00051 #include <set>
00052 using namespace llvm;
00053 
00054 #define DEBUG_TYPE "argpromotion"
00055 
00056 STATISTIC(NumArgumentsPromoted , "Number of pointer arguments promoted");
00057 STATISTIC(NumAggregatesPromoted, "Number of aggregate arguments promoted");
00058 STATISTIC(NumByValArgsPromoted , "Number of byval arguments promoted");
00059 STATISTIC(NumArgumentsDead     , "Number of dead pointer args eliminated");
00060 
00061 namespace {
00062   /// ArgPromotion - The 'by reference' to 'by value' argument promotion pass.
00063   ///
00064   struct ArgPromotion : public CallGraphSCCPass {
00065     void getAnalysisUsage(AnalysisUsage &AU) const override {
00066       AU.addRequired<AliasAnalysis>();
00067       CallGraphSCCPass::getAnalysisUsage(AU);
00068     }
00069 
00070     bool runOnSCC(CallGraphSCC &SCC) override;
00071     static char ID; // Pass identification, replacement for typeid
00072     explicit ArgPromotion(unsigned maxElements = 3)
00073         : CallGraphSCCPass(ID), maxElements(maxElements) {
00074       initializeArgPromotionPass(*PassRegistry::getPassRegistry());
00075     }
00076 
00077     /// A vector used to hold the indices of a single GEP instruction
00078     typedef std::vector<uint64_t> IndicesVector;
00079 
00080   private:
00081     bool isDenselyPacked(Type *type, const DataLayout &DL);
00082     bool canPaddingBeAccessed(Argument *Arg);
00083     CallGraphNode *PromoteArguments(CallGraphNode *CGN);
00084     bool isSafeToPromoteArgument(Argument *Arg, bool isByVal) const;
00085     CallGraphNode *DoPromotion(Function *F,
00086                               SmallPtrSetImpl<Argument*> &ArgsToPromote,
00087                               SmallPtrSetImpl<Argument*> &ByValArgsToTransform);
00088     
00089     using llvm::Pass::doInitialization;
00090     bool doInitialization(CallGraph &CG) override;
00091     /// The maximum number of elements to expand, or 0 for unlimited.
00092     unsigned maxElements;
00093     DenseMap<const Function *, DISubprogram *> FunctionDIs;
00094   };
00095 }
00096 
00097 char ArgPromotion::ID = 0;
00098 INITIALIZE_PASS_BEGIN(ArgPromotion, "argpromotion",
00099                 "Promote 'by reference' arguments to scalars", false, false)
00100 INITIALIZE_AG_DEPENDENCY(AliasAnalysis)
00101 INITIALIZE_PASS_DEPENDENCY(CallGraphWrapperPass)
00102 INITIALIZE_PASS_END(ArgPromotion, "argpromotion",
00103                 "Promote 'by reference' arguments to scalars", false, false)
00104 
00105 Pass *llvm::createArgumentPromotionPass(unsigned maxElements) {
00106   return new ArgPromotion(maxElements);
00107 }
00108 
00109 bool ArgPromotion::runOnSCC(CallGraphSCC &SCC) {
00110   bool Changed = false, LocalChange;
00111 
00112   do {  // Iterate until we stop promoting from this SCC.
00113     LocalChange = false;
00114     // Attempt to promote arguments from all functions in this SCC.
00115     for (CallGraphSCC::iterator I = SCC.begin(), E = SCC.end(); I != E; ++I) {
00116       if (CallGraphNode *CGN = PromoteArguments(*I)) {
00117         LocalChange = true;
00118         SCC.ReplaceNode(*I, CGN);
00119       }
00120     }
00121     Changed |= LocalChange;               // Remember that we changed something.
00122   } while (LocalChange);
00123   
00124   return Changed;
00125 }
00126 
00127 /// \brief Checks if a type could have padding bytes.
00128 bool ArgPromotion::isDenselyPacked(Type *type, const DataLayout &DL) {
00129 
00130   // There is no size information, so be conservative.
00131   if (!type->isSized())
00132     return false;
00133 
00134   // If the alloc size is not equal to the storage size, then there are padding
00135   // bytes. For x86_fp80 on x86-64, size: 80 alloc size: 128.
00136   if (DL.getTypeSizeInBits(type) != DL.getTypeAllocSizeInBits(type))
00137     return false;
00138 
00139   if (!isa<CompositeType>(type))
00140     return true;
00141 
00142   // For homogenous sequential types, check for padding within members.
00143   if (SequentialType *seqTy = dyn_cast<SequentialType>(type))
00144     return isa<PointerType>(seqTy) ||
00145            isDenselyPacked(seqTy->getElementType(), DL);
00146 
00147   // Check for padding within and between elements of a struct.
00148   StructType *StructTy = cast<StructType>(type);
00149   const StructLayout *Layout = DL.getStructLayout(StructTy);
00150   uint64_t StartPos = 0;
00151   for (unsigned i = 0, E = StructTy->getNumElements(); i < E; ++i) {
00152     Type *ElTy = StructTy->getElementType(i);
00153     if (!isDenselyPacked(ElTy, DL))
00154       return false;
00155     if (StartPos != Layout->getElementOffsetInBits(i))
00156       return false;
00157     StartPos += DL.getTypeAllocSizeInBits(ElTy);
00158   }
00159 
00160   return true;
00161 }
00162 
00163 /// \brief Checks if the padding bytes of an argument could be accessed.
00164 bool ArgPromotion::canPaddingBeAccessed(Argument *arg) {
00165 
00166   assert(arg->hasByValAttr());
00167 
00168   // Track all the pointers to the argument to make sure they are not captured.
00169   SmallPtrSet<Value *, 16> PtrValues;
00170   PtrValues.insert(arg);
00171 
00172   // Track all of the stores.
00173   SmallVector<StoreInst *, 16> Stores;
00174 
00175   // Scan through the uses recursively to make sure the pointer is always used
00176   // sanely.
00177   SmallVector<Value *, 16> WorkList;
00178   WorkList.insert(WorkList.end(), arg->user_begin(), arg->user_end());
00179   while (!WorkList.empty()) {
00180     Value *V = WorkList.back();
00181     WorkList.pop_back();
00182     if (isa<GetElementPtrInst>(V) || isa<PHINode>(V)) {
00183       if (PtrValues.insert(V).second)
00184         WorkList.insert(WorkList.end(), V->user_begin(), V->user_end());
00185     } else if (StoreInst *Store = dyn_cast<StoreInst>(V)) {
00186       Stores.push_back(Store);
00187     } else if (!isa<LoadInst>(V)) {
00188       return true;
00189     }
00190   }
00191 
00192 // Check to make sure the pointers aren't captured
00193   for (StoreInst *Store : Stores)
00194     if (PtrValues.count(Store->getValueOperand()))
00195       return true;
00196 
00197   return false;
00198 }
00199 
00200 /// PromoteArguments - This method checks the specified function to see if there
00201 /// are any promotable arguments and if it is safe to promote the function (for
00202 /// example, all callers are direct).  If safe to promote some arguments, it
00203 /// calls the DoPromotion method.
00204 ///
00205 CallGraphNode *ArgPromotion::PromoteArguments(CallGraphNode *CGN) {
00206   Function *F = CGN->getFunction();
00207 
00208   // Make sure that it is local to this module.
00209   if (!F || !F->hasLocalLinkage()) return nullptr;
00210 
00211   // Don't promote arguments for variadic functions. Adding, removing, or
00212   // changing non-pack parameters can change the classification of pack
00213   // parameters. Frontends encode that classification at the call site in the
00214   // IR, while in the callee the classification is determined dynamically based
00215   // on the number of registers consumed so far.
00216   if (F->isVarArg()) return nullptr;
00217 
00218   // First check: see if there are any pointer arguments!  If not, quick exit.
00219   SmallVector<Argument*, 16> PointerArgs;
00220   for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(); I != E; ++I)
00221     if (I->getType()->isPointerTy())
00222       PointerArgs.push_back(I);
00223   if (PointerArgs.empty()) return nullptr;
00224 
00225   // Second check: make sure that all callers are direct callers.  We can't
00226   // transform functions that have indirect callers.  Also see if the function
00227   // is self-recursive.
00228   bool isSelfRecursive = false;
00229   for (Use &U : F->uses()) {
00230     CallSite CS(U.getUser());
00231     // Must be a direct call.
00232     if (CS.getInstruction() == nullptr || !CS.isCallee(&U)) return nullptr;
00233     
00234     if (CS.getInstruction()->getParent()->getParent() == F)
00235       isSelfRecursive = true;
00236   }
00237   
00238   const DataLayout &DL = F->getParent()->getDataLayout();
00239 
00240   // Check to see which arguments are promotable.  If an argument is promotable,
00241   // add it to ArgsToPromote.
00242   SmallPtrSet<Argument*, 8> ArgsToPromote;
00243   SmallPtrSet<Argument*, 8> ByValArgsToTransform;
00244   for (unsigned i = 0, e = PointerArgs.size(); i != e; ++i) {
00245     Argument *PtrArg = PointerArgs[i];
00246     Type *AgTy = cast<PointerType>(PtrArg->getType())->getElementType();
00247 
00248     // If this is a byval argument, and if the aggregate type is small, just
00249     // pass the elements, which is always safe, if the passed value is densely
00250     // packed or if we can prove the padding bytes are never accessed. This does
00251     // not apply to inalloca.
00252     bool isSafeToPromote =
00253         PtrArg->hasByValAttr() &&
00254         (isDenselyPacked(AgTy, DL) || !canPaddingBeAccessed(PtrArg));
00255     if (isSafeToPromote) {
00256       if (StructType *STy = dyn_cast<StructType>(AgTy)) {
00257         if (maxElements > 0 && STy->getNumElements() > maxElements) {
00258           DEBUG(dbgs() << "argpromotion disable promoting argument '"
00259                 << PtrArg->getName() << "' because it would require adding more"
00260                 << " than " << maxElements << " arguments to the function.\n");
00261           continue;
00262         }
00263         
00264         // If all the elements are single-value types, we can promote it.
00265         bool AllSimple = true;
00266         for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i) {
00267           if (!STy->getElementType(i)->isSingleValueType()) {
00268             AllSimple = false;
00269             break;
00270           }
00271         }
00272 
00273         // Safe to transform, don't even bother trying to "promote" it.
00274         // Passing the elements as a scalar will allow scalarrepl to hack on
00275         // the new alloca we introduce.
00276         if (AllSimple) {
00277           ByValArgsToTransform.insert(PtrArg);
00278           continue;
00279         }
00280       }
00281     }
00282 
00283     // If the argument is a recursive type and we're in a recursive
00284     // function, we could end up infinitely peeling the function argument.
00285     if (isSelfRecursive) {
00286       if (StructType *STy = dyn_cast<StructType>(AgTy)) {
00287         bool RecursiveType = false;
00288         for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i) {
00289           if (STy->getElementType(i) == PtrArg->getType()) {
00290             RecursiveType = true;
00291             break;
00292           }
00293         }
00294         if (RecursiveType)
00295           continue;
00296       }
00297     }
00298     
00299     // Otherwise, see if we can promote the pointer to its value.
00300     if (isSafeToPromoteArgument(PtrArg, PtrArg->hasByValOrInAllocaAttr()))
00301       ArgsToPromote.insert(PtrArg);
00302   }
00303 
00304   // No promotable pointer arguments.
00305   if (ArgsToPromote.empty() && ByValArgsToTransform.empty()) 
00306     return nullptr;
00307 
00308   return DoPromotion(F, ArgsToPromote, ByValArgsToTransform);
00309 }
00310 
00311 /// AllCallersPassInValidPointerForArgument - Return true if we can prove that
00312 /// all callees pass in a valid pointer for the specified function argument.
00313 static bool AllCallersPassInValidPointerForArgument(Argument *Arg) {
00314   Function *Callee = Arg->getParent();
00315   const DataLayout &DL = Callee->getParent()->getDataLayout();
00316 
00317   unsigned ArgNo = Arg->getArgNo();
00318 
00319   // Look at all call sites of the function.  At this pointer we know we only
00320   // have direct callees.
00321   for (User *U : Callee->users()) {
00322     CallSite CS(U);
00323     assert(CS && "Should only have direct calls!");
00324 
00325     if (!isDereferenceablePointer(CS.getArgument(ArgNo), DL))
00326       return false;
00327   }
00328   return true;
00329 }
00330 
00331 /// Returns true if Prefix is a prefix of longer. That means, Longer has a size
00332 /// that is greater than or equal to the size of prefix, and each of the
00333 /// elements in Prefix is the same as the corresponding elements in Longer.
00334 ///
00335 /// This means it also returns true when Prefix and Longer are equal!
00336 static bool IsPrefix(const ArgPromotion::IndicesVector &Prefix,
00337                      const ArgPromotion::IndicesVector &Longer) {
00338   if (Prefix.size() > Longer.size())
00339     return false;
00340   return std::equal(Prefix.begin(), Prefix.end(), Longer.begin());
00341 }
00342 
00343 
00344 /// Checks if Indices, or a prefix of Indices, is in Set.
00345 static bool PrefixIn(const ArgPromotion::IndicesVector &Indices,
00346                      std::set<ArgPromotion::IndicesVector> &Set) {
00347     std::set<ArgPromotion::IndicesVector>::iterator Low;
00348     Low = Set.upper_bound(Indices);
00349     if (Low != Set.begin())
00350       Low--;
00351     // Low is now the last element smaller than or equal to Indices. This means
00352     // it points to a prefix of Indices (possibly Indices itself), if such
00353     // prefix exists.
00354     //
00355     // This load is safe if any prefix of its operands is safe to load.
00356     return Low != Set.end() && IsPrefix(*Low, Indices);
00357 }
00358 
00359 /// Mark the given indices (ToMark) as safe in the given set of indices
00360 /// (Safe). Marking safe usually means adding ToMark to Safe. However, if there
00361 /// is already a prefix of Indices in Safe, Indices are implicitely marked safe
00362 /// already. Furthermore, any indices that Indices is itself a prefix of, are
00363 /// removed from Safe (since they are implicitely safe because of Indices now).
00364 static void MarkIndicesSafe(const ArgPromotion::IndicesVector &ToMark,
00365                             std::set<ArgPromotion::IndicesVector> &Safe) {
00366   std::set<ArgPromotion::IndicesVector>::iterator Low;
00367   Low = Safe.upper_bound(ToMark);
00368   // Guard against the case where Safe is empty
00369   if (Low != Safe.begin())
00370     Low--;
00371   // Low is now the last element smaller than or equal to Indices. This
00372   // means it points to a prefix of Indices (possibly Indices itself), if
00373   // such prefix exists.
00374   if (Low != Safe.end()) {
00375     if (IsPrefix(*Low, ToMark))
00376       // If there is already a prefix of these indices (or exactly these
00377       // indices) marked a safe, don't bother adding these indices
00378       return;
00379 
00380     // Increment Low, so we can use it as a "insert before" hint
00381     ++Low;
00382   }
00383   // Insert
00384   Low = Safe.insert(Low, ToMark);
00385   ++Low;
00386   // If there we're a prefix of longer index list(s), remove those
00387   std::set<ArgPromotion::IndicesVector>::iterator End = Safe.end();
00388   while (Low != End && IsPrefix(ToMark, *Low)) {
00389     std::set<ArgPromotion::IndicesVector>::iterator Remove = Low;
00390     ++Low;
00391     Safe.erase(Remove);
00392   }
00393 }
00394 
00395 /// isSafeToPromoteArgument - As you might guess from the name of this method,
00396 /// it checks to see if it is both safe and useful to promote the argument.
00397 /// This method limits promotion of aggregates to only promote up to three
00398 /// elements of the aggregate in order to avoid exploding the number of
00399 /// arguments passed in.
00400 bool ArgPromotion::isSafeToPromoteArgument(Argument *Arg,
00401                                            bool isByValOrInAlloca) const {
00402   typedef std::set<IndicesVector> GEPIndicesSet;
00403 
00404   // Quick exit for unused arguments
00405   if (Arg->use_empty())
00406     return true;
00407 
00408   // We can only promote this argument if all of the uses are loads, or are GEP
00409   // instructions (with constant indices) that are subsequently loaded.
00410   //
00411   // Promoting the argument causes it to be loaded in the caller
00412   // unconditionally. This is only safe if we can prove that either the load
00413   // would have happened in the callee anyway (ie, there is a load in the entry
00414   // block) or the pointer passed in at every call site is guaranteed to be
00415   // valid.
00416   // In the former case, invalid loads can happen, but would have happened
00417   // anyway, in the latter case, invalid loads won't happen. This prevents us
00418   // from introducing an invalid load that wouldn't have happened in the
00419   // original code.
00420   //
00421   // This set will contain all sets of indices that are loaded in the entry
00422   // block, and thus are safe to unconditionally load in the caller.
00423   //
00424   // This optimization is also safe for InAlloca parameters, because it verifies
00425   // that the address isn't captured.
00426   GEPIndicesSet SafeToUnconditionallyLoad;
00427 
00428   // This set contains all the sets of indices that we are planning to promote.
00429   // This makes it possible to limit the number of arguments added.
00430   GEPIndicesSet ToPromote;
00431 
00432   // If the pointer is always valid, any load with first index 0 is valid.
00433   if (isByValOrInAlloca || AllCallersPassInValidPointerForArgument(Arg))
00434     SafeToUnconditionallyLoad.insert(IndicesVector(1, 0));
00435 
00436   // First, iterate the entry block and mark loads of (geps of) arguments as
00437   // safe.
00438   BasicBlock *EntryBlock = Arg->getParent()->begin();
00439   // Declare this here so we can reuse it
00440   IndicesVector Indices;
00441   for (BasicBlock::iterator I = EntryBlock->begin(), E = EntryBlock->end();
00442        I != E; ++I)
00443     if (LoadInst *LI = dyn_cast<LoadInst>(I)) {
00444       Value *V = LI->getPointerOperand();
00445       if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(V)) {
00446         V = GEP->getPointerOperand();
00447         if (V == Arg) {
00448           // This load actually loads (part of) Arg? Check the indices then.
00449           Indices.reserve(GEP->getNumIndices());
00450           for (User::op_iterator II = GEP->idx_begin(), IE = GEP->idx_end();
00451                II != IE; ++II)
00452             if (ConstantInt *CI = dyn_cast<ConstantInt>(*II))
00453               Indices.push_back(CI->getSExtValue());
00454             else
00455               // We found a non-constant GEP index for this argument? Bail out
00456               // right away, can't promote this argument at all.
00457               return false;
00458 
00459           // Indices checked out, mark them as safe
00460           MarkIndicesSafe(Indices, SafeToUnconditionallyLoad);
00461           Indices.clear();
00462         }
00463       } else if (V == Arg) {
00464         // Direct loads are equivalent to a GEP with a single 0 index.
00465         MarkIndicesSafe(IndicesVector(1, 0), SafeToUnconditionallyLoad);
00466       }
00467     }
00468 
00469   // Now, iterate all uses of the argument to see if there are any uses that are
00470   // not (GEP+)loads, or any (GEP+)loads that are not safe to promote.
00471   SmallVector<LoadInst*, 16> Loads;
00472   IndicesVector Operands;
00473   for (Use &U : Arg->uses()) {
00474     User *UR = U.getUser();
00475     Operands.clear();
00476     if (LoadInst *LI = dyn_cast<LoadInst>(UR)) {
00477       // Don't hack volatile/atomic loads
00478       if (!LI->isSimple()) return false;
00479       Loads.push_back(LI);
00480       // Direct loads are equivalent to a GEP with a zero index and then a load.
00481       Operands.push_back(0);
00482     } else if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(UR)) {
00483       if (GEP->use_empty()) {
00484         // Dead GEP's cause trouble later.  Just remove them if we run into
00485         // them.
00486         getAnalysis<AliasAnalysis>().deleteValue(GEP);
00487         GEP->eraseFromParent();
00488         // TODO: This runs the above loop over and over again for dead GEPs
00489         // Couldn't we just do increment the UI iterator earlier and erase the
00490         // use?
00491         return isSafeToPromoteArgument(Arg, isByValOrInAlloca);
00492       }
00493 
00494       // Ensure that all of the indices are constants.
00495       for (User::op_iterator i = GEP->idx_begin(), e = GEP->idx_end();
00496         i != e; ++i)
00497         if (ConstantInt *C = dyn_cast<ConstantInt>(*i))
00498           Operands.push_back(C->getSExtValue());
00499         else
00500           return false;  // Not a constant operand GEP!
00501 
00502       // Ensure that the only users of the GEP are load instructions.
00503       for (User *GEPU : GEP->users())
00504         if (LoadInst *LI = dyn_cast<LoadInst>(GEPU)) {
00505           // Don't hack volatile/atomic loads
00506           if (!LI->isSimple()) return false;
00507           Loads.push_back(LI);
00508         } else {
00509           // Other uses than load?
00510           return false;
00511         }
00512     } else {
00513       return false;  // Not a load or a GEP.
00514     }
00515 
00516     // Now, see if it is safe to promote this load / loads of this GEP. Loading
00517     // is safe if Operands, or a prefix of Operands, is marked as safe.
00518     if (!PrefixIn(Operands, SafeToUnconditionallyLoad))
00519       return false;
00520 
00521     // See if we are already promoting a load with these indices. If not, check
00522     // to make sure that we aren't promoting too many elements.  If so, nothing
00523     // to do.
00524     if (ToPromote.find(Operands) == ToPromote.end()) {
00525       if (maxElements > 0 && ToPromote.size() == maxElements) {
00526         DEBUG(dbgs() << "argpromotion not promoting argument '"
00527               << Arg->getName() << "' because it would require adding more "
00528               << "than " << maxElements << " arguments to the function.\n");
00529         // We limit aggregate promotion to only promoting up to a fixed number
00530         // of elements of the aggregate.
00531         return false;
00532       }
00533       ToPromote.insert(std::move(Operands));
00534     }
00535   }
00536 
00537   if (Loads.empty()) return true;  // No users, this is a dead argument.
00538 
00539   // Okay, now we know that the argument is only used by load instructions and
00540   // it is safe to unconditionally perform all of them. Use alias analysis to
00541   // check to see if the pointer is guaranteed to not be modified from entry of
00542   // the function to each of the load instructions.
00543 
00544   // Because there could be several/many load instructions, remember which
00545   // blocks we know to be transparent to the load.
00546   SmallPtrSet<BasicBlock*, 16> TranspBlocks;
00547 
00548   AliasAnalysis &AA = getAnalysis<AliasAnalysis>();
00549 
00550   for (unsigned i = 0, e = Loads.size(); i != e; ++i) {
00551     // Check to see if the load is invalidated from the start of the block to
00552     // the load itself.
00553     LoadInst *Load = Loads[i];
00554     BasicBlock *BB = Load->getParent();
00555 
00556     AliasAnalysis::Location Loc = AA.getLocation(Load);
00557     if (AA.canInstructionRangeModRef(BB->front(), *Load, Loc,
00558         AliasAnalysis::Mod))
00559       return false;  // Pointer is invalidated!
00560 
00561     // Now check every path from the entry block to the load for transparency.
00562     // To do this, we perform a depth first search on the inverse CFG from the
00563     // loading block.
00564     for (BasicBlock *P : predecessors(BB)) {
00565       for (BasicBlock *TranspBB : inverse_depth_first_ext(P, TranspBlocks))
00566         if (AA.canBasicBlockModify(*TranspBB, Loc))
00567           return false;
00568     }
00569   }
00570 
00571   // If the path from the entry of the function to each load is free of
00572   // instructions that potentially invalidate the load, we can make the
00573   // transformation!
00574   return true;
00575 }
00576 
00577 /// DoPromotion - This method actually performs the promotion of the specified
00578 /// arguments, and returns the new function.  At this point, we know that it's
00579 /// safe to do so.
00580 CallGraphNode *ArgPromotion::DoPromotion(Function *F,
00581                              SmallPtrSetImpl<Argument*> &ArgsToPromote,
00582                              SmallPtrSetImpl<Argument*> &ByValArgsToTransform) {
00583 
00584   // Start by computing a new prototype for the function, which is the same as
00585   // the old function, but has modified arguments.
00586   FunctionType *FTy = F->getFunctionType();
00587   std::vector<Type*> Params;
00588 
00589   typedef std::set<std::pair<Type *, IndicesVector>> ScalarizeTable;
00590 
00591   // ScalarizedElements - If we are promoting a pointer that has elements
00592   // accessed out of it, keep track of which elements are accessed so that we
00593   // can add one argument for each.
00594   //
00595   // Arguments that are directly loaded will have a zero element value here, to
00596   // handle cases where there are both a direct load and GEP accesses.
00597   //
00598   std::map<Argument*, ScalarizeTable> ScalarizedElements;
00599 
00600   // OriginalLoads - Keep track of a representative load instruction from the
00601   // original function so that we can tell the alias analysis implementation
00602   // what the new GEP/Load instructions we are inserting look like.
00603   // We need to keep the original loads for each argument and the elements
00604   // of the argument that are accessed.
00605   std::map<std::pair<Argument*, IndicesVector>, LoadInst*> OriginalLoads;
00606 
00607   // Attribute - Keep track of the parameter attributes for the arguments
00608   // that we are *not* promoting. For the ones that we do promote, the parameter
00609   // attributes are lost
00610   SmallVector<AttributeSet, 8> AttributesVec;
00611   const AttributeSet &PAL = F->getAttributes();
00612 
00613   // Add any return attributes.
00614   if (PAL.hasAttributes(AttributeSet::ReturnIndex))
00615     AttributesVec.push_back(AttributeSet::get(F->getContext(),
00616                                               PAL.getRetAttributes()));
00617 
00618   // First, determine the new argument list
00619   unsigned ArgIndex = 1;
00620   for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(); I != E;
00621        ++I, ++ArgIndex) {
00622     if (ByValArgsToTransform.count(I)) {
00623       // Simple byval argument? Just add all the struct element types.
00624       Type *AgTy = cast<PointerType>(I->getType())->getElementType();
00625       StructType *STy = cast<StructType>(AgTy);
00626       Params.insert(Params.end(), STy->element_begin(), STy->element_end());
00627       ++NumByValArgsPromoted;
00628     } else if (!ArgsToPromote.count(I)) {
00629       // Unchanged argument
00630       Params.push_back(I->getType());
00631       AttributeSet attrs = PAL.getParamAttributes(ArgIndex);
00632       if (attrs.hasAttributes(ArgIndex)) {
00633         AttrBuilder B(attrs, ArgIndex);
00634         AttributesVec.
00635           push_back(AttributeSet::get(F->getContext(), Params.size(), B));
00636       }
00637     } else if (I->use_empty()) {
00638       // Dead argument (which are always marked as promotable)
00639       ++NumArgumentsDead;
00640     } else {
00641       // Okay, this is being promoted. This means that the only uses are loads
00642       // or GEPs which are only used by loads
00643 
00644       // In this table, we will track which indices are loaded from the argument
00645       // (where direct loads are tracked as no indices).
00646       ScalarizeTable &ArgIndices = ScalarizedElements[I];
00647       for (User *U : I->users()) {
00648         Instruction *UI = cast<Instruction>(U);
00649         Type *SrcTy;
00650         if (LoadInst *L = dyn_cast<LoadInst>(UI))
00651           SrcTy = L->getType();
00652         else
00653           SrcTy = cast<GetElementPtrInst>(UI)->getSourceElementType();
00654         IndicesVector Indices;
00655         Indices.reserve(UI->getNumOperands() - 1);
00656         // Since loads will only have a single operand, and GEPs only a single
00657         // non-index operand, this will record direct loads without any indices,
00658         // and gep+loads with the GEP indices.
00659         for (User::op_iterator II = UI->op_begin() + 1, IE = UI->op_end();
00660              II != IE; ++II)
00661           Indices.push_back(cast<ConstantInt>(*II)->getSExtValue());
00662         // GEPs with a single 0 index can be merged with direct loads
00663         if (Indices.size() == 1 && Indices.front() == 0)
00664           Indices.clear();
00665         ArgIndices.insert(std::make_pair(SrcTy, Indices));
00666         LoadInst *OrigLoad;
00667         if (LoadInst *L = dyn_cast<LoadInst>(UI))
00668           OrigLoad = L;
00669         else
00670           // Take any load, we will use it only to update Alias Analysis
00671           OrigLoad = cast<LoadInst>(UI->user_back());
00672         OriginalLoads[std::make_pair(I, Indices)] = OrigLoad;
00673       }
00674 
00675       // Add a parameter to the function for each element passed in.
00676       for (ScalarizeTable::iterator SI = ArgIndices.begin(),
00677              E = ArgIndices.end(); SI != E; ++SI) {
00678         // not allowed to dereference ->begin() if size() is 0
00679         Params.push_back(GetElementPtrInst::getIndexedType(
00680             cast<PointerType>(I->getType()->getScalarType())->getElementType(),
00681             SI->second));
00682         assert(Params.back());
00683       }
00684 
00685       if (ArgIndices.size() == 1 && ArgIndices.begin()->second.empty())
00686         ++NumArgumentsPromoted;
00687       else
00688         ++NumAggregatesPromoted;
00689     }
00690   }
00691 
00692   // Add any function attributes.
00693   if (PAL.hasAttributes(AttributeSet::FunctionIndex))
00694     AttributesVec.push_back(AttributeSet::get(FTy->getContext(),
00695                                               PAL.getFnAttributes()));
00696 
00697   Type *RetTy = FTy->getReturnType();
00698 
00699   // Construct the new function type using the new arguments.
00700   FunctionType *NFTy = FunctionType::get(RetTy, Params, FTy->isVarArg());
00701 
00702   // Create the new function body and insert it into the module.
00703   Function *NF = Function::Create(NFTy, F->getLinkage(), F->getName());
00704   NF->copyAttributesFrom(F);
00705 
00706   // Patch the pointer to LLVM function in debug info descriptor.
00707   auto DI = FunctionDIs.find(F);
00708   if (DI != FunctionDIs.end()) {
00709     DISubprogram *SP = DI->second;
00710     SP->replaceFunction(NF);
00711     // Ensure the map is updated so it can be reused on subsequent argument
00712     // promotions of the same function.
00713     FunctionDIs.erase(DI);
00714     FunctionDIs[NF] = SP;
00715   }
00716 
00717   DEBUG(dbgs() << "ARG PROMOTION:  Promoting to:" << *NF << "\n"
00718         << "From: " << *F);
00719   
00720   // Recompute the parameter attributes list based on the new arguments for
00721   // the function.
00722   NF->setAttributes(AttributeSet::get(F->getContext(), AttributesVec));
00723   AttributesVec.clear();
00724 
00725   F->getParent()->getFunctionList().insert(F, NF);
00726   NF->takeName(F);
00727 
00728   // Get the alias analysis information that we need to update to reflect our
00729   // changes.
00730   AliasAnalysis &AA = getAnalysis<AliasAnalysis>();
00731 
00732   // Get the callgraph information that we need to update to reflect our
00733   // changes.
00734   CallGraph &CG = getAnalysis<CallGraphWrapperPass>().getCallGraph();
00735 
00736   // Get a new callgraph node for NF.
00737   CallGraphNode *NF_CGN = CG.getOrInsertFunction(NF);
00738 
00739   // Loop over all of the callers of the function, transforming the call sites
00740   // to pass in the loaded pointers.
00741   //
00742   SmallVector<Value*, 16> Args;
00743   while (!F->use_empty()) {
00744     CallSite CS(F->user_back());
00745     assert(CS.getCalledFunction() == F);
00746     Instruction *Call = CS.getInstruction();
00747     const AttributeSet &CallPAL = CS.getAttributes();
00748 
00749     // Add any return attributes.
00750     if (CallPAL.hasAttributes(AttributeSet::ReturnIndex))
00751       AttributesVec.push_back(AttributeSet::get(F->getContext(),
00752                                                 CallPAL.getRetAttributes()));
00753 
00754     // Loop over the operands, inserting GEP and loads in the caller as
00755     // appropriate.
00756     CallSite::arg_iterator AI = CS.arg_begin();
00757     ArgIndex = 1;
00758     for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end();
00759          I != E; ++I, ++AI, ++ArgIndex)
00760       if (!ArgsToPromote.count(I) && !ByValArgsToTransform.count(I)) {
00761         Args.push_back(*AI);          // Unmodified argument
00762 
00763         if (CallPAL.hasAttributes(ArgIndex)) {
00764           AttrBuilder B(CallPAL, ArgIndex);
00765           AttributesVec.
00766             push_back(AttributeSet::get(F->getContext(), Args.size(), B));
00767         }
00768       } else if (ByValArgsToTransform.count(I)) {
00769         // Emit a GEP and load for each element of the struct.
00770         Type *AgTy = cast<PointerType>(I->getType())->getElementType();
00771         StructType *STy = cast<StructType>(AgTy);
00772         Value *Idxs[2] = {
00773               ConstantInt::get(Type::getInt32Ty(F->getContext()), 0), nullptr };
00774         for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i) {
00775           Idxs[1] = ConstantInt::get(Type::getInt32Ty(F->getContext()), i);
00776           Value *Idx = GetElementPtrInst::Create(
00777               STy, *AI, Idxs, (*AI)->getName() + "." + utostr(i), Call);
00778           // TODO: Tell AA about the new values?
00779           Args.push_back(new LoadInst(Idx, Idx->getName()+".val", Call));
00780         }
00781       } else if (!I->use_empty()) {
00782         // Non-dead argument: insert GEPs and loads as appropriate.
00783         ScalarizeTable &ArgIndices = ScalarizedElements[I];
00784         // Store the Value* version of the indices in here, but declare it now
00785         // for reuse.
00786         std::vector<Value*> Ops;
00787         for (ScalarizeTable::iterator SI = ArgIndices.begin(),
00788                E = ArgIndices.end(); SI != E; ++SI) {
00789           Value *V = *AI;
00790           LoadInst *OrigLoad = OriginalLoads[std::make_pair(I, SI->second)];
00791           if (!SI->second.empty()) {
00792             Ops.reserve(SI->second.size());
00793             Type *ElTy = V->getType();
00794             for (IndicesVector::const_iterator II = SI->second.begin(),
00795                                                IE = SI->second.end();
00796                  II != IE; ++II) {
00797               // Use i32 to index structs, and i64 for others (pointers/arrays).
00798               // This satisfies GEP constraints.
00799               Type *IdxTy = (ElTy->isStructTy() ?
00800                     Type::getInt32Ty(F->getContext()) : 
00801                     Type::getInt64Ty(F->getContext()));
00802               Ops.push_back(ConstantInt::get(IdxTy, *II));
00803               // Keep track of the type we're currently indexing.
00804               ElTy = cast<CompositeType>(ElTy)->getTypeAtIndex(*II);
00805             }
00806             // And create a GEP to extract those indices.
00807             V = GetElementPtrInst::Create(SI->first, V, Ops,
00808                                           V->getName() + ".idx", Call);
00809             Ops.clear();
00810             AA.copyValue(OrigLoad->getOperand(0), V);
00811           }
00812           // Since we're replacing a load make sure we take the alignment
00813           // of the previous load.
00814           LoadInst *newLoad = new LoadInst(V, V->getName()+".val", Call);
00815           newLoad->setAlignment(OrigLoad->getAlignment());
00816           // Transfer the AA info too.
00817           AAMDNodes AAInfo;
00818           OrigLoad->getAAMetadata(AAInfo);
00819           newLoad->setAAMetadata(AAInfo);
00820 
00821           Args.push_back(newLoad);
00822           AA.copyValue(OrigLoad, Args.back());
00823         }
00824       }
00825 
00826     // Push any varargs arguments on the list.
00827     for (; AI != CS.arg_end(); ++AI, ++ArgIndex) {
00828       Args.push_back(*AI);
00829       if (CallPAL.hasAttributes(ArgIndex)) {
00830         AttrBuilder B(CallPAL, ArgIndex);
00831         AttributesVec.
00832           push_back(AttributeSet::get(F->getContext(), Args.size(), B));
00833       }
00834     }
00835 
00836     // Add any function attributes.
00837     if (CallPAL.hasAttributes(AttributeSet::FunctionIndex))
00838       AttributesVec.push_back(AttributeSet::get(Call->getContext(),
00839                                                 CallPAL.getFnAttributes()));
00840 
00841     Instruction *New;
00842     if (InvokeInst *II = dyn_cast<InvokeInst>(Call)) {
00843       New = InvokeInst::Create(NF, II->getNormalDest(), II->getUnwindDest(),
00844                                Args, "", Call);
00845       cast<InvokeInst>(New)->setCallingConv(CS.getCallingConv());
00846       cast<InvokeInst>(New)->setAttributes(AttributeSet::get(II->getContext(),
00847                                                             AttributesVec));
00848     } else {
00849       New = CallInst::Create(NF, Args, "", Call);
00850       cast<CallInst>(New)->setCallingConv(CS.getCallingConv());
00851       cast<CallInst>(New)->setAttributes(AttributeSet::get(New->getContext(),
00852                                                           AttributesVec));
00853       if (cast<CallInst>(Call)->isTailCall())
00854         cast<CallInst>(New)->setTailCall();
00855     }
00856     New->setDebugLoc(Call->getDebugLoc());
00857     Args.clear();
00858     AttributesVec.clear();
00859 
00860     // Update the alias analysis implementation to know that we are replacing
00861     // the old call with a new one.
00862     AA.replaceWithNewValue(Call, New);
00863 
00864     // Update the callgraph to know that the callsite has been transformed.
00865     CallGraphNode *CalleeNode = CG[Call->getParent()->getParent()];
00866     CalleeNode->replaceCallEdge(CS, CallSite(New), NF_CGN);
00867 
00868     if (!Call->use_empty()) {
00869       Call->replaceAllUsesWith(New);
00870       New->takeName(Call);
00871     }
00872 
00873     // Finally, remove the old call from the program, reducing the use-count of
00874     // F.
00875     Call->eraseFromParent();
00876   }
00877 
00878   // Since we have now created the new function, splice the body of the old
00879   // function right into the new function, leaving the old rotting hulk of the
00880   // function empty.
00881   NF->getBasicBlockList().splice(NF->begin(), F->getBasicBlockList());
00882 
00883   // Loop over the argument list, transferring uses of the old arguments over to
00884   // the new arguments, also transferring over the names as well.
00885   //
00886   for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(),
00887        I2 = NF->arg_begin(); I != E; ++I) {
00888     if (!ArgsToPromote.count(I) && !ByValArgsToTransform.count(I)) {
00889       // If this is an unmodified argument, move the name and users over to the
00890       // new version.
00891       I->replaceAllUsesWith(I2);
00892       I2->takeName(I);
00893       AA.replaceWithNewValue(I, I2);
00894       ++I2;
00895       continue;
00896     }
00897 
00898     if (ByValArgsToTransform.count(I)) {
00899       // In the callee, we create an alloca, and store each of the new incoming
00900       // arguments into the alloca.
00901       Instruction *InsertPt = NF->begin()->begin();
00902 
00903       // Just add all the struct element types.
00904       Type *AgTy = cast<PointerType>(I->getType())->getElementType();
00905       Value *TheAlloca = new AllocaInst(AgTy, nullptr, "", InsertPt);
00906       StructType *STy = cast<StructType>(AgTy);
00907       Value *Idxs[2] = {
00908             ConstantInt::get(Type::getInt32Ty(F->getContext()), 0), nullptr };
00909 
00910       for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i) {
00911         Idxs[1] = ConstantInt::get(Type::getInt32Ty(F->getContext()), i);
00912         Value *Idx = GetElementPtrInst::Create(
00913             AgTy, TheAlloca, Idxs, TheAlloca->getName() + "." + Twine(i),
00914             InsertPt);
00915         I2->setName(I->getName()+"."+Twine(i));
00916         new StoreInst(I2++, Idx, InsertPt);
00917       }
00918 
00919       // Anything that used the arg should now use the alloca.
00920       I->replaceAllUsesWith(TheAlloca);
00921       TheAlloca->takeName(I);
00922       AA.replaceWithNewValue(I, TheAlloca);
00923 
00924       // If the alloca is used in a call, we must clear the tail flag since
00925       // the callee now uses an alloca from the caller.
00926       for (User *U : TheAlloca->users()) {
00927         CallInst *Call = dyn_cast<CallInst>(U);
00928         if (!Call)
00929           continue;
00930         Call->setTailCall(false);
00931       }
00932       continue;
00933     }
00934 
00935     if (I->use_empty()) {
00936       AA.deleteValue(I);
00937       continue;
00938     }
00939 
00940     // Otherwise, if we promoted this argument, then all users are load
00941     // instructions (or GEPs with only load users), and all loads should be
00942     // using the new argument that we added.
00943     ScalarizeTable &ArgIndices = ScalarizedElements[I];
00944 
00945     while (!I->use_empty()) {
00946       if (LoadInst *LI = dyn_cast<LoadInst>(I->user_back())) {
00947         assert(ArgIndices.begin()->second.empty() &&
00948                "Load element should sort to front!");
00949         I2->setName(I->getName()+".val");
00950         LI->replaceAllUsesWith(I2);
00951         AA.replaceWithNewValue(LI, I2);
00952         LI->eraseFromParent();
00953         DEBUG(dbgs() << "*** Promoted load of argument '" << I->getName()
00954               << "' in function '" << F->getName() << "'\n");
00955       } else {
00956         GetElementPtrInst *GEP = cast<GetElementPtrInst>(I->user_back());
00957         IndicesVector Operands;
00958         Operands.reserve(GEP->getNumIndices());
00959         for (User::op_iterator II = GEP->idx_begin(), IE = GEP->idx_end();
00960              II != IE; ++II)
00961           Operands.push_back(cast<ConstantInt>(*II)->getSExtValue());
00962 
00963         // GEPs with a single 0 index can be merged with direct loads
00964         if (Operands.size() == 1 && Operands.front() == 0)
00965           Operands.clear();
00966 
00967         Function::arg_iterator TheArg = I2;
00968         for (ScalarizeTable::iterator It = ArgIndices.begin();
00969              It->second != Operands; ++It, ++TheArg) {
00970           assert(It != ArgIndices.end() && "GEP not handled??");
00971         }
00972 
00973         std::string NewName = I->getName();
00974         for (unsigned i = 0, e = Operands.size(); i != e; ++i) {
00975             NewName += "." + utostr(Operands[i]);
00976         }
00977         NewName += ".val";
00978         TheArg->setName(NewName);
00979 
00980         DEBUG(dbgs() << "*** Promoted agg argument '" << TheArg->getName()
00981               << "' of function '" << NF->getName() << "'\n");
00982 
00983         // All of the uses must be load instructions.  Replace them all with
00984         // the argument specified by ArgNo.
00985         while (!GEP->use_empty()) {
00986           LoadInst *L = cast<LoadInst>(GEP->user_back());
00987           L->replaceAllUsesWith(TheArg);
00988           AA.replaceWithNewValue(L, TheArg);
00989           L->eraseFromParent();
00990         }
00991         AA.deleteValue(GEP);
00992         GEP->eraseFromParent();
00993       }
00994     }
00995 
00996     // Increment I2 past all of the arguments added for this promoted pointer.
00997     std::advance(I2, ArgIndices.size());
00998   }
00999 
01000   // Tell the alias analysis that the old function is about to disappear.
01001   AA.replaceWithNewValue(F, NF);
01002 
01003   
01004   NF_CGN->stealCalledFunctionsFrom(CG[F]);
01005   
01006   // Now that the old function is dead, delete it.  If there is a dangling
01007   // reference to the CallgraphNode, just leave the dead function around for
01008   // someone else to nuke.
01009   CallGraphNode *CGN = CG[F];
01010   if (CGN->getNumReferences() == 0)
01011     delete CG.removeFunctionFromModule(CGN);
01012   else
01013     F->setLinkage(Function::ExternalLinkage);
01014   
01015   return NF_CGN;
01016 }
01017 
01018 bool ArgPromotion::doInitialization(CallGraph &CG) {
01019   FunctionDIs = makeSubprogramMap(CG.getModule());
01020   return CallGraphSCCPass::doInitialization(CG);
01021 }