Bug Summary

File:llvm/lib/Transforms/ObjCARC/ObjCARCContract.cpp
Warning:line 719, column 3
Address of stack memory associated with local variable 'BRV' is still referred to by the stack variable 'OCAC' upon returning to the caller. This will be a dangling reference

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name ObjCARCContract.cpp -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -ffunction-sections -fdata-sections -fcoverage-compilation-dir=/build/llvm-toolchain-snapshot-14~++20220126111400+9b6c2ea30219/build-llvm -resource-dir /usr/lib/llvm-14/lib/clang/14.0.0 -D _DEBUG -D _GNU_SOURCE -D __STDC_CONSTANT_MACROS -D __STDC_FORMAT_MACROS -D __STDC_LIMIT_MACROS -I lib/Transforms/ObjCARC -I /build/llvm-toolchain-snapshot-14~++20220126111400+9b6c2ea30219/llvm/lib/Transforms/ObjCARC -I include -I /build/llvm-toolchain-snapshot-14~++20220126111400+9b6c2ea30219/llvm/include -D _FORTIFY_SOURCE=2 -D NDEBUG -U NDEBUG -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/x86_64-linux-gnu/c++/10 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/backward -internal-isystem /usr/lib/llvm-14/lib/clang/14.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fmacro-prefix-map=/build/llvm-toolchain-snapshot-14~++20220126111400+9b6c2ea30219/build-llvm=build-llvm -fmacro-prefix-map=/build/llvm-toolchain-snapshot-14~++20220126111400+9b6c2ea30219/= -fcoverage-prefix-map=/build/llvm-toolchain-snapshot-14~++20220126111400+9b6c2ea30219/build-llvm=build-llvm -fcoverage-prefix-map=/build/llvm-toolchain-snapshot-14~++20220126111400+9b6c2ea30219/= -O3 -Wno-unused-command-line-argument -Wno-unused-parameter -Wwrite-strings -Wno-missing-field-initializers -Wno-long-long -Wno-maybe-uninitialized -Wno-class-memaccess -Wno-redundant-move -Wno-pessimizing-move -Wno-noexcept-type -Wno-comment -std=c++14 -fdeprecated-macro -fdebug-compilation-dir=/build/llvm-toolchain-snapshot-14~++20220126111400+9b6c2ea30219/build-llvm -fdebug-prefix-map=/build/llvm-toolchain-snapshot-14~++20220126111400+9b6c2ea30219/build-llvm=build-llvm -fdebug-prefix-map=/build/llvm-toolchain-snapshot-14~++20220126111400+9b6c2ea30219/= -ferror-limit 19 -fvisibility-inlines-hidden -stack-protector 2 -fgnuc-version=4.2.1 -fcolor-diagnostics -vectorize-loops -vectorize-slp -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2022-01-26-130535-15419-1 -x c++ /build/llvm-toolchain-snapshot-14~++20220126111400+9b6c2ea30219/llvm/lib/Transforms/ObjCARC/ObjCARCContract.cpp
1//===- ObjCARCContract.cpp - ObjC ARC Optimization ------------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8/// \file
9/// This file defines late ObjC ARC optimizations. ARC stands for Automatic
10/// Reference Counting and is a system for managing reference counts for objects
11/// in Objective C.
12///
13/// This specific file mainly deals with ``contracting'' multiple lower level
14/// operations into singular higher level operations through pattern matching.
15///
16/// WARNING: This file knows about certain library functions. It recognizes them
17/// by name, and hardwires knowledge of their semantics.
18///
19/// WARNING: This file knows about how certain Objective-C library functions are
20/// used. Naive LLVM IR transformations which would otherwise be
21/// behavior-preserving may break these assumptions.
22///
23//===----------------------------------------------------------------------===//
24
25// TODO: ObjCARCContract could insert PHI nodes when uses aren't
26// dominated by single calls.
27
28#include "ARCRuntimeEntryPoints.h"
29#include "DependencyAnalysis.h"
30#include "ObjCARC.h"
31#include "ProvenanceAnalysis.h"
32#include "llvm/ADT/Statistic.h"
33#include "llvm/Analysis/AliasAnalysis.h"
34#include "llvm/Analysis/EHPersonalities.h"
35#include "llvm/Analysis/ObjCARCUtil.h"
36#include "llvm/IR/Dominators.h"
37#include "llvm/IR/InlineAsm.h"
38#include "llvm/IR/InstIterator.h"
39#include "llvm/IR/Operator.h"
40#include "llvm/IR/PassManager.h"
41#include "llvm/InitializePasses.h"
42#include "llvm/Support/CommandLine.h"
43#include "llvm/Support/Debug.h"
44#include "llvm/Support/raw_ostream.h"
45#include "llvm/Transforms/ObjCARC.h"
46
47using namespace llvm;
48using namespace llvm::objcarc;
49
50#define DEBUG_TYPE"objc-arc-contract" "objc-arc-contract"
51
52STATISTIC(NumPeeps, "Number of calls peephole-optimized")static llvm::Statistic NumPeeps = {"objc-arc-contract", "NumPeeps"
, "Number of calls peephole-optimized"}
;
53STATISTIC(NumStoreStrongs, "Number objc_storeStrong calls formed")static llvm::Statistic NumStoreStrongs = {"objc-arc-contract"
, "NumStoreStrongs", "Number objc_storeStrong calls formed"}
;
54
55//===----------------------------------------------------------------------===//
56// Declarations
57//===----------------------------------------------------------------------===//
58
59namespace {
60/// Late ARC optimizations
61///
62/// These change the IR in a way that makes it difficult to be analyzed by
63/// ObjCARCOpt, so it's run late.
64
65class ObjCARCContract {
66 bool Changed;
67 bool CFGChanged;
68 AAResults *AA;
69 DominatorTree *DT;
70 ProvenanceAnalysis PA;
71 ARCRuntimeEntryPoints EP;
72 BundledRetainClaimRVs *BundledInsts = nullptr;
73
74 /// The inline asm string to insert between calls and RetainRV calls to make
75 /// the optimization work on targets which need it.
76 const MDString *RVInstMarker;
77
78 /// The set of inserted objc_storeStrong calls. If at the end of walking the
79 /// function we have found no alloca instructions, these calls can be marked
80 /// "tail".
81 SmallPtrSet<CallInst *, 8> StoreStrongCalls;
82
83 /// Returns true if we eliminated Inst.
84 bool tryToPeepholeInstruction(
85 Function &F, Instruction *Inst, inst_iterator &Iter,
86 bool &TailOkForStoreStrong,
87 const DenseMap<BasicBlock *, ColorVector> &BlockColors);
88
89 bool optimizeRetainCall(Function &F, Instruction *Retain);
90
91 bool contractAutorelease(Function &F, Instruction *Autorelease,
92 ARCInstKind Class);
93
94 void tryToContractReleaseIntoStoreStrong(
95 Instruction *Release, inst_iterator &Iter,
96 const DenseMap<BasicBlock *, ColorVector> &BlockColors);
97
98public:
99 bool init(Module &M);
100 bool run(Function &F, AAResults *AA, DominatorTree *DT);
101 bool hasCFGChanged() const { return CFGChanged; }
102};
103
104class ObjCARCContractLegacyPass : public FunctionPass {
105 ObjCARCContract OCARCC;
106
107public:
108 void getAnalysisUsage(AnalysisUsage &AU) const override;
109 bool doInitialization(Module &M) override;
110 bool runOnFunction(Function &F) override;
111
112 static char ID;
113 ObjCARCContractLegacyPass() : FunctionPass(ID) {
114 initializeObjCARCContractLegacyPassPass(*PassRegistry::getPassRegistry());
115 }
116};
117}
118
119//===----------------------------------------------------------------------===//
120// Implementation
121//===----------------------------------------------------------------------===//
122
123/// Turn objc_retain into objc_retainAutoreleasedReturnValue if the operand is a
124/// return value. We do this late so we do not disrupt the dataflow analysis in
125/// ObjCARCOpt.
126bool ObjCARCContract::optimizeRetainCall(Function &F, Instruction *Retain) {
127 const auto *Call = dyn_cast<CallBase>(GetArgRCIdentityRoot(Retain));
128 if (!Call)
129 return false;
130 if (Call->getParent() != Retain->getParent())
131 return false;
132
133 // Check that the call is next to the retain.
134 BasicBlock::const_iterator I = ++Call->getIterator();
135 while (IsNoopInstruction(&*I))
136 ++I;
137 if (&*I != Retain)
138 return false;
139
140 // Turn it to an objc_retainAutoreleasedReturnValue.
141 Changed = true;
142 ++NumPeeps;
143
144 LLVM_DEBUG(do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << "Transforming objc_retain => "
"objc_retainAutoreleasedReturnValue since the operand is a "
"return value.\nOld: " << *Retain << "\n"; } } while
(false)
145 dbgs() << "Transforming objc_retain => "do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << "Transforming objc_retain => "
"objc_retainAutoreleasedReturnValue since the operand is a "
"return value.\nOld: " << *Retain << "\n"; } } while
(false)
146 "objc_retainAutoreleasedReturnValue since the operand is a "do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << "Transforming objc_retain => "
"objc_retainAutoreleasedReturnValue since the operand is a "
"return value.\nOld: " << *Retain << "\n"; } } while
(false)
147 "return value.\nOld: "do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << "Transforming objc_retain => "
"objc_retainAutoreleasedReturnValue since the operand is a "
"return value.\nOld: " << *Retain << "\n"; } } while
(false)
148 << *Retain << "\n")do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << "Transforming objc_retain => "
"objc_retainAutoreleasedReturnValue since the operand is a "
"return value.\nOld: " << *Retain << "\n"; } } while
(false)
;
149
150 // We do not have to worry about tail calls/does not throw since
151 // retain/retainRV have the same properties.
152 Function *Decl = EP.get(ARCRuntimeEntryPointKind::RetainRV);
153 cast<CallInst>(Retain)->setCalledFunction(Decl);
154
155 LLVM_DEBUG(dbgs() << "New: " << *Retain << "\n")do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << "New: " << *Retain
<< "\n"; } } while (false)
;
156 return true;
157}
158
159/// Merge an autorelease with a retain into a fused call.
160bool ObjCARCContract::contractAutorelease(Function &F, Instruction *Autorelease,
161 ARCInstKind Class) {
162 const Value *Arg = GetArgRCIdentityRoot(Autorelease);
163
164 // Check that there are no instructions between the retain and the autorelease
165 // (such as an autorelease_pop) which may change the count.
166 DependenceKind DK = Class == ARCInstKind::AutoreleaseRV
167 ? RetainAutoreleaseRVDep
168 : RetainAutoreleaseDep;
169 auto *Retain = dyn_cast_or_null<CallInst>(
170 findSingleDependency(DK, Arg, Autorelease->getParent(), Autorelease, PA));
171
172 if (!Retain || GetBasicARCInstKind(Retain) != ARCInstKind::Retain ||
173 GetArgRCIdentityRoot(Retain) != Arg)
174 return false;
175
176 Changed = true;
177 ++NumPeeps;
178
179 LLVM_DEBUG(dbgs() << " Fusing retain/autorelease!\n"do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << " Fusing retain/autorelease!\n"
" Autorelease:" << *Autorelease << "\n" " Retain: "
<< *Retain << "\n"; } } while (false)
180 " Autorelease:"do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << " Fusing retain/autorelease!\n"
" Autorelease:" << *Autorelease << "\n" " Retain: "
<< *Retain << "\n"; } } while (false)
181 << *Autoreleasedo { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << " Fusing retain/autorelease!\n"
" Autorelease:" << *Autorelease << "\n" " Retain: "
<< *Retain << "\n"; } } while (false)
182 << "\n"do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << " Fusing retain/autorelease!\n"
" Autorelease:" << *Autorelease << "\n" " Retain: "
<< *Retain << "\n"; } } while (false)
183 " Retain: "do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << " Fusing retain/autorelease!\n"
" Autorelease:" << *Autorelease << "\n" " Retain: "
<< *Retain << "\n"; } } while (false)
184 << *Retain << "\n")do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << " Fusing retain/autorelease!\n"
" Autorelease:" << *Autorelease << "\n" " Retain: "
<< *Retain << "\n"; } } while (false)
;
185
186 Function *Decl = EP.get(Class == ARCInstKind::AutoreleaseRV
187 ? ARCRuntimeEntryPointKind::RetainAutoreleaseRV
188 : ARCRuntimeEntryPointKind::RetainAutorelease);
189 Retain->setCalledFunction(Decl);
190
191 LLVM_DEBUG(dbgs() << " New RetainAutorelease: " << *Retain << "\n")do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << " New RetainAutorelease: "
<< *Retain << "\n"; } } while (false)
;
192
193 EraseInstruction(Autorelease);
194 return true;
195}
196
197static StoreInst *findSafeStoreForStoreStrongContraction(LoadInst *Load,
198 Instruction *Release,
199 ProvenanceAnalysis &PA,
200 AAResults *AA) {
201 StoreInst *Store = nullptr;
202 bool SawRelease = false;
203
204 // Get the location associated with Load.
205 MemoryLocation Loc = MemoryLocation::get(Load);
206 auto *LocPtr = Loc.Ptr->stripPointerCasts();
207
208 // Walk down to find the store and the release, which may be in either order.
209 for (auto I = std::next(BasicBlock::iterator(Load)),
210 E = Load->getParent()->end();
211 I != E; ++I) {
212 // If we found the store we were looking for and saw the release,
213 // break. There is no more work to be done.
214 if (Store && SawRelease)
215 break;
216
217 // Now we know that we have not seen either the store or the release. If I
218 // is the release, mark that we saw the release and continue.
219 Instruction *Inst = &*I;
220 if (Inst == Release) {
221 SawRelease = true;
222 continue;
223 }
224
225 // Otherwise, we check if Inst is a "good" store. Grab the instruction class
226 // of Inst.
227 ARCInstKind Class = GetBasicARCInstKind(Inst);
228
229 // If we have seen the store, but not the release...
230 if (Store) {
231 // We need to make sure that it is safe to move the release from its
232 // current position to the store. This implies proving that any
233 // instruction in between Store and the Release conservatively can not use
234 // the RCIdentityRoot of Release. If we can prove we can ignore Inst, so
235 // continue...
236 if (!CanUse(Inst, Load, PA, Class)) {
237 continue;
238 }
239
240 // Otherwise, be conservative and return nullptr.
241 return nullptr;
242 }
243
244 // Ok, now we know we have not seen a store yet.
245
246 // If Inst is a retain, we don't care about it as it doesn't prevent moving
247 // the load to the store.
248 //
249 // TODO: This is one area where the optimization could be made more
250 // aggressive.
251 if (IsRetain(Class))
252 continue;
253
254 // See if Inst can write to our load location, if it can not, just ignore
255 // the instruction.
256 if (!isModSet(AA->getModRefInfo(Inst, Loc)))
257 continue;
258
259 Store = dyn_cast<StoreInst>(Inst);
260
261 // If Inst can, then check if Inst is a simple store. If Inst is not a
262 // store or a store that is not simple, then we have some we do not
263 // understand writing to this memory implying we can not move the load
264 // over the write to any subsequent store that we may find.
265 if (!Store || !Store->isSimple())
266 return nullptr;
267
268 // Then make sure that the pointer we are storing to is Ptr. If so, we
269 // found our Store!
270 if (Store->getPointerOperand()->stripPointerCasts() == LocPtr)
271 continue;
272
273 // Otherwise, we have an unknown store to some other ptr that clobbers
274 // Loc.Ptr. Bail!
275 return nullptr;
276 }
277
278 // If we did not find the store or did not see the release, fail.
279 if (!Store || !SawRelease)
280 return nullptr;
281
282 // We succeeded!
283 return Store;
284}
285
286static Instruction *
287findRetainForStoreStrongContraction(Value *New, StoreInst *Store,
288 Instruction *Release,
289 ProvenanceAnalysis &PA) {
290 // Walk up from the Store to find the retain.
291 BasicBlock::iterator I = Store->getIterator();
292 BasicBlock::iterator Begin = Store->getParent()->begin();
293 while (I != Begin && GetBasicARCInstKind(&*I) != ARCInstKind::Retain) {
294 Instruction *Inst = &*I;
295
296 // It is only safe to move the retain to the store if we can prove
297 // conservatively that nothing besides the release can decrement reference
298 // counts in between the retain and the store.
299 if (CanDecrementRefCount(Inst, New, PA) && Inst != Release)
300 return nullptr;
301 --I;
302 }
303 Instruction *Retain = &*I;
304 if (GetBasicARCInstKind(Retain) != ARCInstKind::Retain)
305 return nullptr;
306 if (GetArgRCIdentityRoot(Retain) != New)
307 return nullptr;
308 return Retain;
309}
310
311/// Attempt to merge an objc_release with a store, load, and objc_retain to form
312/// an objc_storeStrong. An objc_storeStrong:
313///
314/// objc_storeStrong(i8** %old_ptr, i8* new_value)
315///
316/// is equivalent to the following IR sequence:
317///
318/// ; Load old value.
319/// %old_value = load i8** %old_ptr (1)
320///
321/// ; Increment the new value and then release the old value. This must occur
322/// ; in order in case old_value releases new_value in its destructor causing
323/// ; us to potentially have a dangling ptr.
324/// tail call i8* @objc_retain(i8* %new_value) (2)
325/// tail call void @objc_release(i8* %old_value) (3)
326///
327/// ; Store the new_value into old_ptr
328/// store i8* %new_value, i8** %old_ptr (4)
329///
330/// The safety of this optimization is based around the following
331/// considerations:
332///
333/// 1. We are forming the store strong at the store. Thus to perform this
334/// optimization it must be safe to move the retain, load, and release to
335/// (4).
336/// 2. We need to make sure that any re-orderings of (1), (2), (3), (4) are
337/// safe.
338void ObjCARCContract::tryToContractReleaseIntoStoreStrong(
339 Instruction *Release, inst_iterator &Iter,
340 const DenseMap<BasicBlock *, ColorVector> &BlockColors) {
341 // See if we are releasing something that we just loaded.
342 auto *Load = dyn_cast<LoadInst>(GetArgRCIdentityRoot(Release));
343 if (!Load || !Load->isSimple())
344 return;
345
346 // For now, require everything to be in one basic block.
347 BasicBlock *BB = Release->getParent();
348 if (Load->getParent() != BB)
349 return;
350
351 // First scan down the BB from Load, looking for a store of the RCIdentityRoot
352 // of Load's
353 StoreInst *Store =
354 findSafeStoreForStoreStrongContraction(Load, Release, PA, AA);
355 // If we fail, bail.
356 if (!Store)
357 return;
358
359 // Then find what new_value's RCIdentity Root is.
360 Value *New = GetRCIdentityRoot(Store->getValueOperand());
361
362 // Then walk up the BB and look for a retain on New without any intervening
363 // instructions which conservatively might decrement ref counts.
364 Instruction *Retain =
365 findRetainForStoreStrongContraction(New, Store, Release, PA);
366
367 // If we fail, bail.
368 if (!Retain)
369 return;
370
371 Changed = true;
372 ++NumStoreStrongs;
373
374 LLVM_DEBUG(do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { llvm::dbgs() << " Contracting retain, release into objc_storeStrong.\n"
<< " Old:\n" << " Store: " <<
*Store << "\n" << " Release: " <<
*Release << "\n" << " Retain: " <<
*Retain << "\n" << " Load: " <<
*Load << "\n"; } } while (false)
375 llvm::dbgs() << " Contracting retain, release into objc_storeStrong.\n"do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { llvm::dbgs() << " Contracting retain, release into objc_storeStrong.\n"
<< " Old:\n" << " Store: " <<
*Store << "\n" << " Release: " <<
*Release << "\n" << " Retain: " <<
*Retain << "\n" << " Load: " <<
*Load << "\n"; } } while (false)
376 << " Old:\n"do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { llvm::dbgs() << " Contracting retain, release into objc_storeStrong.\n"
<< " Old:\n" << " Store: " <<
*Store << "\n" << " Release: " <<
*Release << "\n" << " Retain: " <<
*Retain << "\n" << " Load: " <<
*Load << "\n"; } } while (false)
377 << " Store: " << *Store << "\n"do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { llvm::dbgs() << " Contracting retain, release into objc_storeStrong.\n"
<< " Old:\n" << " Store: " <<
*Store << "\n" << " Release: " <<
*Release << "\n" << " Retain: " <<
*Retain << "\n" << " Load: " <<
*Load << "\n"; } } while (false)
378 << " Release: " << *Release << "\n"do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { llvm::dbgs() << " Contracting retain, release into objc_storeStrong.\n"
<< " Old:\n" << " Store: " <<
*Store << "\n" << " Release: " <<
*Release << "\n" << " Retain: " <<
*Retain << "\n" << " Load: " <<
*Load << "\n"; } } while (false)
379 << " Retain: " << *Retain << "\n"do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { llvm::dbgs() << " Contracting retain, release into objc_storeStrong.\n"
<< " Old:\n" << " Store: " <<
*Store << "\n" << " Release: " <<
*Release << "\n" << " Retain: " <<
*Retain << "\n" << " Load: " <<
*Load << "\n"; } } while (false)
380 << " Load: " << *Load << "\n")do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { llvm::dbgs() << " Contracting retain, release into objc_storeStrong.\n"
<< " Old:\n" << " Store: " <<
*Store << "\n" << " Release: " <<
*Release << "\n" << " Retain: " <<
*Retain << "\n" << " Load: " <<
*Load << "\n"; } } while (false)
;
381
382 LLVMContext &C = Release->getContext();
383 Type *I8X = PointerType::getUnqual(Type::getInt8Ty(C));
384 Type *I8XX = PointerType::getUnqual(I8X);
385
386 Value *Args[] = { Load->getPointerOperand(), New };
387 if (Args[0]->getType() != I8XX)
388 Args[0] = new BitCastInst(Args[0], I8XX, "", Store);
389 if (Args[1]->getType() != I8X)
390 Args[1] = new BitCastInst(Args[1], I8X, "", Store);
391 Function *Decl = EP.get(ARCRuntimeEntryPointKind::StoreStrong);
392 CallInst *StoreStrong =
393 objcarc::createCallInstWithColors(Decl, Args, "", Store, BlockColors);
394 StoreStrong->setDoesNotThrow();
395 StoreStrong->setDebugLoc(Store->getDebugLoc());
396
397 // We can't set the tail flag yet, because we haven't yet determined
398 // whether there are any escaping allocas. Remember this call, so that
399 // we can set the tail flag once we know it's safe.
400 StoreStrongCalls.insert(StoreStrong);
401
402 LLVM_DEBUG(llvm::dbgs() << " New Store Strong: " << *StoreStrongdo { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { llvm::dbgs() << " New Store Strong: "
<< *StoreStrong << "\n"; } } while (false)
403 << "\n")do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { llvm::dbgs() << " New Store Strong: "
<< *StoreStrong << "\n"; } } while (false)
;
404
405 if (&*Iter == Retain) ++Iter;
406 if (&*Iter == Store) ++Iter;
407 Store->eraseFromParent();
408 Release->eraseFromParent();
409 EraseInstruction(Retain);
410 if (Load->use_empty())
411 Load->eraseFromParent();
412}
413
414bool ObjCARCContract::tryToPeepholeInstruction(
415 Function &F, Instruction *Inst, inst_iterator &Iter,
416 bool &TailOkForStoreStrongs,
417 const DenseMap<BasicBlock *, ColorVector> &BlockColors) {
418 // Only these library routines return their argument. In particular,
419 // objc_retainBlock does not necessarily return its argument.
420 ARCInstKind Class = GetBasicARCInstKind(Inst);
421 switch (Class) {
422 case ARCInstKind::FusedRetainAutorelease:
423 case ARCInstKind::FusedRetainAutoreleaseRV:
424 return false;
425 case ARCInstKind::Autorelease:
426 case ARCInstKind::AutoreleaseRV:
427 return contractAutorelease(F, Inst, Class);
428 case ARCInstKind::Retain:
429 // Attempt to convert retains to retainrvs if they are next to function
430 // calls.
431 if (!optimizeRetainCall(F, Inst))
432 return false;
433 // If we succeed in our optimization, fall through.
434 LLVM_FALLTHROUGH[[gnu::fallthrough]];
435 case ARCInstKind::RetainRV:
436 case ARCInstKind::UnsafeClaimRV: {
437 bool IsInstContainedInBundle = BundledInsts->contains(Inst);
438
439 // Return now if the target doesn't need a special inline-asm marker. Return
440 // true if this is a bundled retainRV/claimRV call, which is going to be
441 // erased at the end of this pass, to avoid undoing objc-arc-expand and
442 // replacing uses of the retainRV/claimRV call's argument with its result.
443 if (!RVInstMarker)
444 return IsInstContainedInBundle;
445
446 // The target needs a special inline-asm marker.
447
448 // We don't have to emit the marker if this is a bundled call since the
449 // backend is responsible for emitting it. Return false to undo
450 // objc-arc-expand.
451 if (IsInstContainedInBundle)
452 return false;
453
454 BasicBlock::iterator BBI = Inst->getIterator();
455 BasicBlock *InstParent = Inst->getParent();
456
457 // Step up to see if the call immediately precedes the RV call.
458 // If it's an invoke, we have to cross a block boundary. And we have
459 // to carefully dodge no-op instructions.
460 do {
461 if (BBI == InstParent->begin()) {
462 BasicBlock *Pred = InstParent->getSinglePredecessor();
463 if (!Pred)
464 goto decline_rv_optimization;
465 BBI = Pred->getTerminator()->getIterator();
466 break;
467 }
468 --BBI;
469 } while (IsNoopInstruction(&*BBI));
470
471 if (GetRCIdentityRoot(&*BBI) == GetArgRCIdentityRoot(Inst)) {
472 LLVM_DEBUG(dbgs() << "Adding inline asm marker for the return value "do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << "Adding inline asm marker for the return value "
"optimization.\n"; } } while (false)
473 "optimization.\n")do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << "Adding inline asm marker for the return value "
"optimization.\n"; } } while (false)
;
474 Changed = true;
475 InlineAsm *IA =
476 InlineAsm::get(FunctionType::get(Type::getVoidTy(Inst->getContext()),
477 /*isVarArg=*/false),
478 RVInstMarker->getString(),
479 /*Constraints=*/"", /*hasSideEffects=*/true);
480
481 objcarc::createCallInstWithColors(IA, None, "", Inst, BlockColors);
482 }
483 decline_rv_optimization:
484 return false;
485 }
486 case ARCInstKind::InitWeak: {
487 // objc_initWeak(p, null) => *p = null
488 CallInst *CI = cast<CallInst>(Inst);
489 if (IsNullOrUndef(CI->getArgOperand(1))) {
490 Value *Null = ConstantPointerNull::get(cast<PointerType>(CI->getType()));
491 Changed = true;
492 new StoreInst(Null, CI->getArgOperand(0), CI);
493
494 LLVM_DEBUG(dbgs() << "OBJCARCContract: Old = " << *CI << "\n"do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << "OBJCARCContract: Old = "
<< *CI << "\n" << " New = "
<< *Null << "\n"; } } while (false)
495 << " New = " << *Null << "\n")do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << "OBJCARCContract: Old = "
<< *CI << "\n" << " New = "
<< *Null << "\n"; } } while (false)
;
496
497 CI->replaceAllUsesWith(Null);
498 CI->eraseFromParent();
499 }
500 return true;
501 }
502 case ARCInstKind::Release:
503 // Try to form an objc store strong from our release. If we fail, there is
504 // nothing further to do below, so continue.
505 tryToContractReleaseIntoStoreStrong(Inst, Iter, BlockColors);
506 return true;
507 case ARCInstKind::User:
508 // Be conservative if the function has any alloca instructions.
509 // Technically we only care about escaping alloca instructions,
510 // but this is sufficient to handle some interesting cases.
511 if (isa<AllocaInst>(Inst))
512 TailOkForStoreStrongs = false;
513 return true;
514 case ARCInstKind::IntrinsicUser:
515 // Remove calls to @llvm.objc.clang.arc.use(...).
516 Changed = true;
517 Inst->eraseFromParent();
518 return true;
519 default:
520 if (auto *CI = dyn_cast<CallInst>(Inst))
521 if (CI->getIntrinsicID() == Intrinsic::objc_clang_arc_noop_use) {
522 // Remove calls to @llvm.objc.clang.arc.noop.use(...).
523 Changed = true;
524 CI->eraseFromParent();
525 }
526 return true;
527 }
528}
529
530//===----------------------------------------------------------------------===//
531// Top Level Driver
532//===----------------------------------------------------------------------===//
533
534bool ObjCARCContract::init(Module &M) {
535 EP.init(&M);
536
537 // Initialize RVInstMarker.
538 RVInstMarker = getRVInstMarker(M);
539
540 return false;
541}
542
543bool ObjCARCContract::run(Function &F, AAResults *A, DominatorTree *D) {
544 if (!EnableARCOpts)
2
Assuming 'EnableARCOpts' is true
3
Taking false branch
545 return false;
546
547 Changed = CFGChanged = false;
548 AA = A;
549 DT = D;
550 PA.setAA(A);
551 BundledRetainClaimRVs BRV(true, RVInstMarker);
552 BundledInsts = &BRV;
553
554 std::pair<bool, bool> R = BundledInsts->insertAfterInvokes(F, DT);
555 Changed |= R.first;
556 CFGChanged |= R.second;
557
558 DenseMap<BasicBlock *, ColorVector> BlockColors;
559 if (F.hasPersonalityFn() &&
4
Assuming the condition is false
560 isScopedEHPersonality(classifyEHPersonality(F.getPersonalityFn())))
561 BlockColors = colorEHFunclets(F);
562
563 LLVM_DEBUG(llvm::dbgs() << "**** ObjCARC Contract ****\n")do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { llvm::dbgs() << "**** ObjCARC Contract ****\n"
; } } while (false)
;
5
Assuming 'DebugFlag' is false
564
565 // Track whether it's ok to mark objc_storeStrong calls with the "tail"
566 // keyword. Be conservative if the function has variadic arguments.
567 // It seems that functions which "return twice" are also unsafe for the
568 // "tail" argument, because they are setjmp, which could need to
569 // return to an earlier stack state.
570 bool TailOkForStoreStrongs =
571 !F.isVarArg() && !F.callsFunctionThatReturnsTwice();
6
Assuming the condition is false
572
573 // For ObjC library calls which return their argument, replace uses of the
574 // argument with uses of the call return value, if it dominates the use. This
575 // reduces register pressure.
576 for (inst_iterator I = inst_begin(&F), E = inst_end(&F); I != E;) {
7
Loop condition is false. Execution continues on line 714
577 Instruction *Inst = &*I++;
578
579 LLVM_DEBUG(dbgs() << "Visiting: " << *Inst << "\n")do { if (::llvm::DebugFlag && ::llvm::isCurrentDebugType
("objc-arc-contract")) { dbgs() << "Visiting: " <<
*Inst << "\n"; } } while (false)
;
580
581 if (auto *CI = dyn_cast<CallInst>(Inst))
582 if (objcarc::hasAttachedCallOpBundle(CI)) {
583 BundledInsts->insertRVCallWithColors(&*I, CI, BlockColors);
584 --I;
585 Changed = true;
586 }
587
588 // First try to peephole Inst. If there is nothing further we can do in
589 // terms of undoing objc-arc-expand, process the next inst.
590 if (tryToPeepholeInstruction(F, Inst, I, TailOkForStoreStrongs,
591 BlockColors))
592 continue;
593
594 // Otherwise, try to undo objc-arc-expand.
595
596 // Don't use GetArgRCIdentityRoot because we don't want to look through bitcasts
597 // and such; to do the replacement, the argument must have type i8*.
598
599 // Function for replacing uses of Arg dominated by Inst.
600 auto ReplaceArgUses = [Inst, this](Value *Arg) {
601 // If we're compiling bugpointed code, don't get in trouble.
602 if (!isa<Instruction>(Arg) && !isa<Argument>(Arg))
603 return;
604
605 // Look through the uses of the pointer.
606 for (Value::use_iterator UI = Arg->use_begin(), UE = Arg->use_end();
607 UI != UE; ) {
608 // Increment UI now, because we may unlink its element.
609 Use &U = *UI++;
610 unsigned OperandNo = U.getOperandNo();
611
612 // If the call's return value dominates a use of the call's argument
613 // value, rewrite the use to use the return value. We check for
614 // reachability here because an unreachable call is considered to
615 // trivially dominate itself, which would lead us to rewriting its
616 // argument in terms of its return value, which would lead to
617 // infinite loops in GetArgRCIdentityRoot.
618 if (!DT->isReachableFromEntry(U) || !DT->dominates(Inst, U))
619 continue;
620
621 Changed = true;
622 Instruction *Replacement = Inst;
623 Type *UseTy = U.get()->getType();
624 if (PHINode *PHI = dyn_cast<PHINode>(U.getUser())) {
625 // For PHI nodes, insert the bitcast in the predecessor block.
626 unsigned ValNo = PHINode::getIncomingValueNumForOperand(OperandNo);
627 BasicBlock *IncomingBB = PHI->getIncomingBlock(ValNo);
628 if (Replacement->getType() != UseTy) {
629 // A catchswitch is both a pad and a terminator, meaning a basic
630 // block with a catchswitch has no insertion point. Keep going up
631 // the dominator tree until we find a non-catchswitch.
632 BasicBlock *InsertBB = IncomingBB;
633 while (isa<CatchSwitchInst>(InsertBB->getFirstNonPHI())) {
634 InsertBB = DT->getNode(InsertBB)->getIDom()->getBlock();
635 }
636
637 assert(DT->dominates(Inst, &InsertBB->back()) &&(static_cast <bool> (DT->dominates(Inst, &InsertBB
->back()) && "Invalid insertion point for bitcast"
) ? void (0) : __assert_fail ("DT->dominates(Inst, &InsertBB->back()) && \"Invalid insertion point for bitcast\""
, "llvm/lib/Transforms/ObjCARC/ObjCARCContract.cpp", 638, __extension__
__PRETTY_FUNCTION__))
638 "Invalid insertion point for bitcast")(static_cast <bool> (DT->dominates(Inst, &InsertBB
->back()) && "Invalid insertion point for bitcast"
) ? void (0) : __assert_fail ("DT->dominates(Inst, &InsertBB->back()) && \"Invalid insertion point for bitcast\""
, "llvm/lib/Transforms/ObjCARC/ObjCARCContract.cpp", 638, __extension__
__PRETTY_FUNCTION__))
;
639 Replacement =
640 new BitCastInst(Replacement, UseTy, "", &InsertBB->back());
641 }
642
643 // While we're here, rewrite all edges for this PHI, rather
644 // than just one use at a time, to minimize the number of
645 // bitcasts we emit.
646 for (unsigned i = 0, e = PHI->getNumIncomingValues(); i != e; ++i)
647 if (PHI->getIncomingBlock(i) == IncomingBB) {
648 // Keep the UI iterator valid.
649 if (UI != UE &&
650 &PHI->getOperandUse(
651 PHINode::getOperandNumForIncomingValue(i)) == &*UI)
652 ++UI;
653 PHI->setIncomingValue(i, Replacement);
654 }
655 } else {
656 if (Replacement->getType() != UseTy)
657 Replacement = new BitCastInst(Replacement, UseTy, "",
658 cast<Instruction>(U.getUser()));
659 U.set(Replacement);
660 }
661 }
662 };
663
664 Value *Arg = cast<CallInst>(Inst)->getArgOperand(0);
665 Value *OrigArg = Arg;
666
667 // TODO: Change this to a do-while.
668 for (;;) {
669 ReplaceArgUses(Arg);
670
671 // If Arg is a no-op casted pointer, strip one level of casts and iterate.
672 if (const BitCastInst *BI = dyn_cast<BitCastInst>(Arg))
673 Arg = BI->getOperand(0);
674 else if (isa<GEPOperator>(Arg) &&
675 cast<GEPOperator>(Arg)->hasAllZeroIndices())
676 Arg = cast<GEPOperator>(Arg)->getPointerOperand();
677 else if (isa<GlobalAlias>(Arg) &&
678 !cast<GlobalAlias>(Arg)->isInterposable())
679 Arg = cast<GlobalAlias>(Arg)->getAliasee();
680 else {
681 // If Arg is a PHI node, get PHIs that are equivalent to it and replace
682 // their uses.
683 if (PHINode *PN = dyn_cast<PHINode>(Arg)) {
684 SmallVector<Value *, 1> PHIList;
685 getEquivalentPHIs(*PN, PHIList);
686 for (Value *PHI : PHIList)
687 ReplaceArgUses(PHI);
688 }
689 break;
690 }
691 }
692
693 // Replace bitcast users of Arg that are dominated by Inst.
694 SmallVector<BitCastInst *, 2> BitCastUsers;
695
696 // Add all bitcast users of the function argument first.
697 for (User *U : OrigArg->users())
698 if (auto *BC = dyn_cast<BitCastInst>(U))
699 BitCastUsers.push_back(BC);
700
701 // Replace the bitcasts with the call return. Iterate until list is empty.
702 while (!BitCastUsers.empty()) {
703 auto *BC = BitCastUsers.pop_back_val();
704 for (User *U : BC->users())
705 if (auto *B = dyn_cast<BitCastInst>(U))
706 BitCastUsers.push_back(B);
707
708 ReplaceArgUses(BC);
709 }
710 }
711
712 // If this function has no escaping allocas or suspicious vararg usage,
713 // objc_storeStrong calls can be marked with the "tail" keyword.
714 if (TailOkForStoreStrongs
7.1
'TailOkForStoreStrongs' is false
)
8
Taking false branch
715 for (CallInst *CI : StoreStrongCalls)
716 CI->setTailCall();
717 StoreStrongCalls.clear();
718
719 return Changed;
9
Address of stack memory associated with local variable 'BRV' is still referred to by the stack variable 'OCAC' upon returning to the caller. This will be a dangling reference
720}
721
722//===----------------------------------------------------------------------===//
723// Misc Pass Manager
724//===----------------------------------------------------------------------===//
725
726char ObjCARCContractLegacyPass::ID = 0;
727INITIALIZE_PASS_BEGIN(ObjCARCContractLegacyPass, "objc-arc-contract",static void *initializeObjCARCContractLegacyPassPassOnce(PassRegistry
&Registry) {
728 "ObjC ARC contraction", false, false)static void *initializeObjCARCContractLegacyPassPassOnce(PassRegistry
&Registry) {
729INITIALIZE_PASS_DEPENDENCY(AAResultsWrapperPass)initializeAAResultsWrapperPassPass(Registry);
730INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)initializeDominatorTreeWrapperPassPass(Registry);
731INITIALIZE_PASS_END(ObjCARCContractLegacyPass, "objc-arc-contract",PassInfo *PI = new PassInfo( "ObjC ARC contraction", "objc-arc-contract"
, &ObjCARCContractLegacyPass::ID, PassInfo::NormalCtor_t(
callDefaultCtor<ObjCARCContractLegacyPass>), false, false
); Registry.registerPass(*PI, true); return PI; } static llvm
::once_flag InitializeObjCARCContractLegacyPassPassFlag; void
llvm::initializeObjCARCContractLegacyPassPass(PassRegistry &
Registry) { llvm::call_once(InitializeObjCARCContractLegacyPassPassFlag
, initializeObjCARCContractLegacyPassPassOnce, std::ref(Registry
)); }
732 "ObjC ARC contraction", false, false)PassInfo *PI = new PassInfo( "ObjC ARC contraction", "objc-arc-contract"
, &ObjCARCContractLegacyPass::ID, PassInfo::NormalCtor_t(
callDefaultCtor<ObjCARCContractLegacyPass>), false, false
); Registry.registerPass(*PI, true); return PI; } static llvm
::once_flag InitializeObjCARCContractLegacyPassPassFlag; void
llvm::initializeObjCARCContractLegacyPassPass(PassRegistry &
Registry) { llvm::call_once(InitializeObjCARCContractLegacyPassPassFlag
, initializeObjCARCContractLegacyPassPassOnce, std::ref(Registry
)); }
733
734void ObjCARCContractLegacyPass::getAnalysisUsage(AnalysisUsage &AU) const {
735 AU.addRequired<AAResultsWrapperPass>();
736 AU.addRequired<DominatorTreeWrapperPass>();
737}
738
739Pass *llvm::createObjCARCContractPass() {
740 return new ObjCARCContractLegacyPass();
741}
742
743bool ObjCARCContractLegacyPass::doInitialization(Module &M) {
744 return OCARCC.init(M);
745}
746
747bool ObjCARCContractLegacyPass::runOnFunction(Function &F) {
748 auto *AA = &getAnalysis<AAResultsWrapperPass>().getAAResults();
749 auto *DT = &getAnalysis<DominatorTreeWrapperPass>().getDomTree();
750 return OCARCC.run(F, AA, DT);
751}
752
753PreservedAnalyses ObjCARCContractPass::run(Function &F,
754 FunctionAnalysisManager &AM) {
755 ObjCARCContract OCAC;
756 OCAC.init(*F.getParent());
757
758 bool Changed = OCAC.run(F, &AM.getResult<AAManager>(F),
1
Calling 'ObjCARCContract::run'
759 &AM.getResult<DominatorTreeAnalysis>(F));
760 bool CFGChanged = OCAC.hasCFGChanged();
761 if (Changed) {
762 PreservedAnalyses PA;
763 if (!CFGChanged)
764 PA.preserveSet<CFGAnalyses>();
765 return PA;
766 }
767 return PreservedAnalyses::all();
768}