1 //===- InstructionCombining.cpp - Combine multiple instructions -----------===//
2 //
3 //                     The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // InstructionCombining - Combine instructions to form fewer, simple
11 // instructions.  This pass does not modify the CFG.  This pass is where
12 // algebraic simplification happens.
13 //
14 // This pass combines things like:
15 //    %Y = add i32 %X, 1
16 //    %Z = add i32 %Y, 1
17 // into:
18 //    %Z = add i32 %X, 2
19 //
20 // This is a simple worklist driven algorithm.
21 //
22 // This pass guarantees that the following canonicalizations are performed on
23 // the program:
24 //    1. If a binary operator has a constant operand, it is moved to the RHS
25 //    2. Bitwise operators with constant operands are always grouped so that
26 //       shifts are performed first, then or's, then and's, then xor's.
27 //    3. Compare instructions are converted from <,>,<=,>= to ==,!= if possible
28 //    4. All cmp instructions on boolean values are replaced with logical ops
29 //    5. add X, X is represented as (X*2) => (X << 1)
30 //    6. Multiplies with a power-of-two constant argument are transformed into
31 //       shifts.
32 //   ... etc.
33 //
34 //===----------------------------------------------------------------------===//
35 
36 #include "InstCombineInternal.h"
37 #include "llvm-c/Initialization.h"
38 #include "llvm-c/Transforms/InstCombine.h"
39 #include "llvm/ADT/APInt.h"
40 #include "llvm/ADT/ArrayRef.h"
41 #include "llvm/ADT/DenseMap.h"
42 #include "llvm/ADT/None.h"
43 #include "llvm/ADT/SmallPtrSet.h"
44 #include "llvm/ADT/SmallVector.h"
45 #include "llvm/ADT/Statistic.h"
46 #include "llvm/ADT/TinyPtrVector.h"
47 #include "llvm/Analysis/AliasAnalysis.h"
48 #include "llvm/Analysis/AssumptionCache.h"
49 #include "llvm/Analysis/BasicAliasAnalysis.h"
50 #include "llvm/Analysis/CFG.h"
51 #include "llvm/Analysis/ConstantFolding.h"
52 #include "llvm/Analysis/EHPersonalities.h"
53 #include "llvm/Analysis/GlobalsModRef.h"
54 #include "llvm/Analysis/InstructionSimplify.h"
55 #include "llvm/Analysis/LoopInfo.h"
56 #include "llvm/Analysis/MemoryBuiltins.h"
57 #include "llvm/Analysis/OptimizationRemarkEmitter.h"
58 #include "llvm/Analysis/TargetFolder.h"
59 #include "llvm/Analysis/TargetLibraryInfo.h"
60 #include "llvm/Transforms/Utils/Local.h"
61 #include "llvm/Analysis/ValueTracking.h"
62 #include "llvm/IR/BasicBlock.h"
63 #include "llvm/IR/CFG.h"
64 #include "llvm/IR/Constant.h"
65 #include "llvm/IR/Constants.h"
66 #include "llvm/IR/DIBuilder.h"
67 #include "llvm/IR/DataLayout.h"
68 #include "llvm/IR/DerivedTypes.h"
69 #include "llvm/IR/Dominators.h"
70 #include "llvm/IR/Function.h"
71 #include "llvm/IR/GetElementPtrTypeIterator.h"
72 #include "llvm/IR/IRBuilder.h"
73 #include "llvm/IR/InstrTypes.h"
74 #include "llvm/IR/Instruction.h"
75 #include "llvm/IR/Instructions.h"
76 #include "llvm/IR/IntrinsicInst.h"
77 #include "llvm/IR/Intrinsics.h"
78 #include "llvm/IR/LegacyPassManager.h"
79 #include "llvm/IR/Metadata.h"
80 #include "llvm/IR/Operator.h"
81 #include "llvm/IR/PassManager.h"
82 #include "llvm/IR/PatternMatch.h"
83 #include "llvm/IR/Type.h"
84 #include "llvm/IR/Use.h"
85 #include "llvm/IR/User.h"
86 #include "llvm/IR/Value.h"
87 #include "llvm/IR/ValueHandle.h"
88 #include "llvm/Pass.h"
89 #include "llvm/Support/CBindingWrapping.h"
90 #include "llvm/Support/Casting.h"
91 #include "llvm/Support/CommandLine.h"
92 #include "llvm/Support/Compiler.h"
93 #include "llvm/Support/Debug.h"
94 #include "llvm/Support/DebugCounter.h"
95 #include "llvm/Support/ErrorHandling.h"
96 #include "llvm/Support/KnownBits.h"
97 #include "llvm/Support/raw_ostream.h"
98 #include "llvm/Transforms/InstCombine/InstCombine.h"
99 #include "llvm/Transforms/InstCombine/InstCombineWorklist.h"
100 #include <algorithm>
101 #include <cassert>
102 #include <cstdint>
103 #include <memory>
104 #include <string>
105 #include <utility>
106 
107 using namespace llvm;
108 using namespace llvm::PatternMatch;
109 
110 #define DEBUG_TYPE "instcombine"
111 
112 STATISTIC(NumCombined , "Number of insts combined");
113 STATISTIC(NumConstProp, "Number of constant folds");
114 STATISTIC(NumDeadInst , "Number of dead inst eliminated");
115 STATISTIC(NumSunkInst , "Number of instructions sunk");
116 STATISTIC(NumExpand,    "Number of expansions");
117 STATISTIC(NumFactor   , "Number of factorizations");
118 STATISTIC(NumReassoc  , "Number of reassociations");
119 DEBUG_COUNTER(VisitCounter, "instcombine-visit",
120               "Controls which instructions are visited");
121 
122 static cl::opt<bool>
123 EnableExpensiveCombines("expensive-combines",
124                         cl::desc("Enable expensive instruction combines"));
125 
126 static cl::opt<unsigned>
127 MaxArraySize("instcombine-maxarray-size", cl::init(1024),
128              cl::desc("Maximum array size considered when doing a combine"));
129 
130 // FIXME: Remove this flag when it is no longer necessary to convert
131 // llvm.dbg.declare to avoid inaccurate debug info. Setting this to false
132 // increases variable availability at the cost of accuracy. Variables that
133 // cannot be promoted by mem2reg or SROA will be described as living in memory
134 // for their entire lifetime. However, passes like DSE and instcombine can
135 // delete stores to the alloca, leading to misleading and inaccurate debug
136 // information. This flag can be removed when those passes are fixed.
137 static cl::opt<unsigned> ShouldLowerDbgDeclare("instcombine-lower-dbg-declare",
138                                                cl::Hidden, cl::init(true));
139 
EmitGEPOffset(User * GEP)140 Value *InstCombiner::EmitGEPOffset(User *GEP) {
141   return llvm::EmitGEPOffset(&Builder, DL, GEP);
142 }
143 
144 /// Return true if it is desirable to convert an integer computation from a
145 /// given bit width to a new bit width.
146 /// We don't want to convert from a legal to an illegal type or from a smaller
147 /// to a larger illegal type. A width of '1' is always treated as a legal type
148 /// because i1 is a fundamental type in IR, and there are many specialized
149 /// optimizations for i1 types. Widths of 8, 16 or 32 are equally treated as
150 /// legal to convert to, in order to open up more combining opportunities.
151 /// NOTE: this treats i8, i16 and i32 specially, due to them being so common
152 /// from frontend languages.
shouldChangeType(unsigned FromWidth,unsigned ToWidth) const153 bool InstCombiner::shouldChangeType(unsigned FromWidth,
154                                     unsigned ToWidth) const {
155   bool FromLegal = FromWidth == 1 || DL.isLegalInteger(FromWidth);
156   bool ToLegal = ToWidth == 1 || DL.isLegalInteger(ToWidth);
157 
158   // Convert to widths of 8, 16 or 32 even if they are not legal types. Only
159   // shrink types, to prevent infinite loops.
160   if (ToWidth < FromWidth && (ToWidth == 8 || ToWidth == 16 || ToWidth == 32))
161     return true;
162 
163   // If this is a legal integer from type, and the result would be an illegal
164   // type, don't do the transformation.
165   if (FromLegal && !ToLegal)
166     return false;
167 
168   // Otherwise, if both are illegal, do not increase the size of the result. We
169   // do allow things like i160 -> i64, but not i64 -> i160.
170   if (!FromLegal && !ToLegal && ToWidth > FromWidth)
171     return false;
172 
173   return true;
174 }
175 
176 /// Return true if it is desirable to convert a computation from 'From' to 'To'.
177 /// We don't want to convert from a legal to an illegal type or from a smaller
178 /// to a larger illegal type. i1 is always treated as a legal type because it is
179 /// a fundamental type in IR, and there are many specialized optimizations for
180 /// i1 types.
shouldChangeType(Type * From,Type * To) const181 bool InstCombiner::shouldChangeType(Type *From, Type *To) const {
182   assert(From->isIntegerTy() && To->isIntegerTy());
183 
184   unsigned FromWidth = From->getPrimitiveSizeInBits();
185   unsigned ToWidth = To->getPrimitiveSizeInBits();
186   return shouldChangeType(FromWidth, ToWidth);
187 }
188 
189 // Return true, if No Signed Wrap should be maintained for I.
190 // The No Signed Wrap flag can be kept if the operation "B (I.getOpcode) C",
191 // where both B and C should be ConstantInts, results in a constant that does
192 // not overflow. This function only handles the Add and Sub opcodes. For
193 // all other opcodes, the function conservatively returns false.
MaintainNoSignedWrap(BinaryOperator & I,Value * B,Value * C)194 static bool MaintainNoSignedWrap(BinaryOperator &I, Value *B, Value *C) {
195   OverflowingBinaryOperator *OBO = dyn_cast<OverflowingBinaryOperator>(&I);
196   if (!OBO || !OBO->hasNoSignedWrap())
197     return false;
198 
199   // We reason about Add and Sub Only.
200   Instruction::BinaryOps Opcode = I.getOpcode();
201   if (Opcode != Instruction::Add && Opcode != Instruction::Sub)
202     return false;
203 
204   const APInt *BVal, *CVal;
205   if (!match(B, m_APInt(BVal)) || !match(C, m_APInt(CVal)))
206     return false;
207 
208   bool Overflow = false;
209   if (Opcode == Instruction::Add)
210     (void)BVal->sadd_ov(*CVal, Overflow);
211   else
212     (void)BVal->ssub_ov(*CVal, Overflow);
213 
214   return !Overflow;
215 }
216 
217 /// Conservatively clears subclassOptionalData after a reassociation or
218 /// commutation. We preserve fast-math flags when applicable as they can be
219 /// preserved.
ClearSubclassDataAfterReassociation(BinaryOperator & I)220 static void ClearSubclassDataAfterReassociation(BinaryOperator &I) {
221   FPMathOperator *FPMO = dyn_cast<FPMathOperator>(&I);
222   if (!FPMO) {
223     I.clearSubclassOptionalData();
224     return;
225   }
226 
227   FastMathFlags FMF = I.getFastMathFlags();
228   I.clearSubclassOptionalData();
229   I.setFastMathFlags(FMF);
230 }
231 
232 /// Combine constant operands of associative operations either before or after a
233 /// cast to eliminate one of the associative operations:
234 /// (op (cast (op X, C2)), C1) --> (cast (op X, op (C1, C2)))
235 /// (op (cast (op X, C2)), C1) --> (op (cast X), op (C1, C2))
simplifyAssocCastAssoc(BinaryOperator * BinOp1)236 static bool simplifyAssocCastAssoc(BinaryOperator *BinOp1) {
237   auto *Cast = dyn_cast<CastInst>(BinOp1->getOperand(0));
238   if (!Cast || !Cast->hasOneUse())
239     return false;
240 
241   // TODO: Enhance logic for other casts and remove this check.
242   auto CastOpcode = Cast->getOpcode();
243   if (CastOpcode != Instruction::ZExt)
244     return false;
245 
246   // TODO: Enhance logic for other BinOps and remove this check.
247   if (!BinOp1->isBitwiseLogicOp())
248     return false;
249 
250   auto AssocOpcode = BinOp1->getOpcode();
251   auto *BinOp2 = dyn_cast<BinaryOperator>(Cast->getOperand(0));
252   if (!BinOp2 || !BinOp2->hasOneUse() || BinOp2->getOpcode() != AssocOpcode)
253     return false;
254 
255   Constant *C1, *C2;
256   if (!match(BinOp1->getOperand(1), m_Constant(C1)) ||
257       !match(BinOp2->getOperand(1), m_Constant(C2)))
258     return false;
259 
260   // TODO: This assumes a zext cast.
261   // Eg, if it was a trunc, we'd cast C1 to the source type because casting C2
262   // to the destination type might lose bits.
263 
264   // Fold the constants together in the destination type:
265   // (op (cast (op X, C2)), C1) --> (op (cast X), FoldedC)
266   Type *DestTy = C1->getType();
267   Constant *CastC2 = ConstantExpr::getCast(CastOpcode, C2, DestTy);
268   Constant *FoldedC = ConstantExpr::get(AssocOpcode, C1, CastC2);
269   Cast->setOperand(0, BinOp2->getOperand(0));
270   BinOp1->setOperand(1, FoldedC);
271   return true;
272 }
273 
274 /// This performs a few simplifications for operators that are associative or
275 /// commutative:
276 ///
277 ///  Commutative operators:
278 ///
279 ///  1. Order operands such that they are listed from right (least complex) to
280 ///     left (most complex).  This puts constants before unary operators before
281 ///     binary operators.
282 ///
283 ///  Associative operators:
284 ///
285 ///  2. Transform: "(A op B) op C" ==> "A op (B op C)" if "B op C" simplifies.
286 ///  3. Transform: "A op (B op C)" ==> "(A op B) op C" if "A op B" simplifies.
287 ///
288 ///  Associative and commutative operators:
289 ///
290 ///  4. Transform: "(A op B) op C" ==> "(C op A) op B" if "C op A" simplifies.
291 ///  5. Transform: "A op (B op C)" ==> "B op (C op A)" if "C op A" simplifies.
292 ///  6. Transform: "(A op C1) op (B op C2)" ==> "(A op B) op (C1 op C2)"
293 ///     if C1 and C2 are constants.
SimplifyAssociativeOrCommutative(BinaryOperator & I)294 bool InstCombiner::SimplifyAssociativeOrCommutative(BinaryOperator &I) {
295   Instruction::BinaryOps Opcode = I.getOpcode();
296   bool Changed = false;
297 
298   do {
299     // Order operands such that they are listed from right (least complex) to
300     // left (most complex).  This puts constants before unary operators before
301     // binary operators.
302     if (I.isCommutative() && getComplexity(I.getOperand(0)) <
303         getComplexity(I.getOperand(1)))
304       Changed = !I.swapOperands();
305 
306     BinaryOperator *Op0 = dyn_cast<BinaryOperator>(I.getOperand(0));
307     BinaryOperator *Op1 = dyn_cast<BinaryOperator>(I.getOperand(1));
308 
309     if (I.isAssociative()) {
310       // Transform: "(A op B) op C" ==> "A op (B op C)" if "B op C" simplifies.
311       if (Op0 && Op0->getOpcode() == Opcode) {
312         Value *A = Op0->getOperand(0);
313         Value *B = Op0->getOperand(1);
314         Value *C = I.getOperand(1);
315 
316         // Does "B op C" simplify?
317         if (Value *V = SimplifyBinOp(Opcode, B, C, SQ.getWithInstruction(&I))) {
318           // It simplifies to V.  Form "A op V".
319           I.setOperand(0, A);
320           I.setOperand(1, V);
321           // Conservatively clear the optional flags, since they may not be
322           // preserved by the reassociation.
323           if (MaintainNoSignedWrap(I, B, C) &&
324               (!Op0 || (isa<BinaryOperator>(Op0) && Op0->hasNoSignedWrap()))) {
325             // Note: this is only valid because SimplifyBinOp doesn't look at
326             // the operands to Op0.
327             I.clearSubclassOptionalData();
328             I.setHasNoSignedWrap(true);
329           } else {
330             ClearSubclassDataAfterReassociation(I);
331           }
332 
333           Changed = true;
334           ++NumReassoc;
335           continue;
336         }
337       }
338 
339       // Transform: "A op (B op C)" ==> "(A op B) op C" if "A op B" simplifies.
340       if (Op1 && Op1->getOpcode() == Opcode) {
341         Value *A = I.getOperand(0);
342         Value *B = Op1->getOperand(0);
343         Value *C = Op1->getOperand(1);
344 
345         // Does "A op B" simplify?
346         if (Value *V = SimplifyBinOp(Opcode, A, B, SQ.getWithInstruction(&I))) {
347           // It simplifies to V.  Form "V op C".
348           I.setOperand(0, V);
349           I.setOperand(1, C);
350           // Conservatively clear the optional flags, since they may not be
351           // preserved by the reassociation.
352           ClearSubclassDataAfterReassociation(I);
353           Changed = true;
354           ++NumReassoc;
355           continue;
356         }
357       }
358     }
359 
360     if (I.isAssociative() && I.isCommutative()) {
361       if (simplifyAssocCastAssoc(&I)) {
362         Changed = true;
363         ++NumReassoc;
364         continue;
365       }
366 
367       // Transform: "(A op B) op C" ==> "(C op A) op B" if "C op A" simplifies.
368       if (Op0 && Op0->getOpcode() == Opcode) {
369         Value *A = Op0->getOperand(0);
370         Value *B = Op0->getOperand(1);
371         Value *C = I.getOperand(1);
372 
373         // Does "C op A" simplify?
374         if (Value *V = SimplifyBinOp(Opcode, C, A, SQ.getWithInstruction(&I))) {
375           // It simplifies to V.  Form "V op B".
376           I.setOperand(0, V);
377           I.setOperand(1, B);
378           // Conservatively clear the optional flags, since they may not be
379           // preserved by the reassociation.
380           ClearSubclassDataAfterReassociation(I);
381           Changed = true;
382           ++NumReassoc;
383           continue;
384         }
385       }
386 
387       // Transform: "A op (B op C)" ==> "B op (C op A)" if "C op A" simplifies.
388       if (Op1 && Op1->getOpcode() == Opcode) {
389         Value *A = I.getOperand(0);
390         Value *B = Op1->getOperand(0);
391         Value *C = Op1->getOperand(1);
392 
393         // Does "C op A" simplify?
394         if (Value *V = SimplifyBinOp(Opcode, C, A, SQ.getWithInstruction(&I))) {
395           // It simplifies to V.  Form "B op V".
396           I.setOperand(0, B);
397           I.setOperand(1, V);
398           // Conservatively clear the optional flags, since they may not be
399           // preserved by the reassociation.
400           ClearSubclassDataAfterReassociation(I);
401           Changed = true;
402           ++NumReassoc;
403           continue;
404         }
405       }
406 
407       // Transform: "(A op C1) op (B op C2)" ==> "(A op B) op (C1 op C2)"
408       // if C1 and C2 are constants.
409       Value *A, *B;
410       Constant *C1, *C2;
411       if (Op0 && Op1 &&
412           Op0->getOpcode() == Opcode && Op1->getOpcode() == Opcode &&
413           match(Op0, m_OneUse(m_BinOp(m_Value(A), m_Constant(C1)))) &&
414           match(Op1, m_OneUse(m_BinOp(m_Value(B), m_Constant(C2))))) {
415         BinaryOperator *NewBO = BinaryOperator::Create(Opcode, A, B);
416         if (isa<FPMathOperator>(NewBO)) {
417           FastMathFlags Flags = I.getFastMathFlags();
418           Flags &= Op0->getFastMathFlags();
419           Flags &= Op1->getFastMathFlags();
420           NewBO->setFastMathFlags(Flags);
421         }
422         InsertNewInstWith(NewBO, I);
423         NewBO->takeName(Op1);
424         I.setOperand(0, NewBO);
425         I.setOperand(1, ConstantExpr::get(Opcode, C1, C2));
426         // Conservatively clear the optional flags, since they may not be
427         // preserved by the reassociation.
428         ClearSubclassDataAfterReassociation(I);
429 
430         Changed = true;
431         continue;
432       }
433     }
434 
435     // No further simplifications.
436     return Changed;
437   } while (true);
438 }
439 
440 /// Return whether "X LOp (Y ROp Z)" is always equal to
441 /// "(X LOp Y) ROp (X LOp Z)".
leftDistributesOverRight(Instruction::BinaryOps LOp,Instruction::BinaryOps ROp)442 static bool leftDistributesOverRight(Instruction::BinaryOps LOp,
443                                      Instruction::BinaryOps ROp) {
444   // X & (Y | Z) <--> (X & Y) | (X & Z)
445   // X & (Y ^ Z) <--> (X & Y) ^ (X & Z)
446   if (LOp == Instruction::And)
447     return ROp == Instruction::Or || ROp == Instruction::Xor;
448 
449   // X | (Y & Z) <--> (X | Y) & (X | Z)
450   if (LOp == Instruction::Or)
451     return ROp == Instruction::And;
452 
453   // X * (Y + Z) <--> (X * Y) + (X * Z)
454   // X * (Y - Z) <--> (X * Y) - (X * Z)
455   if (LOp == Instruction::Mul)
456     return ROp == Instruction::Add || ROp == Instruction::Sub;
457 
458   return false;
459 }
460 
461 /// Return whether "(X LOp Y) ROp Z" is always equal to
462 /// "(X ROp Z) LOp (Y ROp Z)".
rightDistributesOverLeft(Instruction::BinaryOps LOp,Instruction::BinaryOps ROp)463 static bool rightDistributesOverLeft(Instruction::BinaryOps LOp,
464                                      Instruction::BinaryOps ROp) {
465   if (Instruction::isCommutative(ROp))
466     return leftDistributesOverRight(ROp, LOp);
467 
468   // (X {&|^} Y) >> Z <--> (X >> Z) {&|^} (Y >> Z) for all shifts.
469   return Instruction::isBitwiseLogicOp(LOp) && Instruction::isShift(ROp);
470 
471   // TODO: It would be nice to handle division, aka "(X + Y)/Z = X/Z + Y/Z",
472   // but this requires knowing that the addition does not overflow and other
473   // such subtleties.
474 }
475 
476 /// This function returns identity value for given opcode, which can be used to
477 /// factor patterns like (X * 2) + X ==> (X * 2) + (X * 1) ==> X * (2 + 1).
getIdentityValue(Instruction::BinaryOps Opcode,Value * V)478 static Value *getIdentityValue(Instruction::BinaryOps Opcode, Value *V) {
479   if (isa<Constant>(V))
480     return nullptr;
481 
482   return ConstantExpr::getBinOpIdentity(Opcode, V->getType());
483 }
484 
485 /// This function predicates factorization using distributive laws. By default,
486 /// it just returns the 'Op' inputs. But for special-cases like
487 /// 'add(shl(X, 5), ...)', this function will have TopOpcode == Instruction::Add
488 /// and Op = shl(X, 5). The 'shl' is treated as the more general 'mul X, 32' to
489 /// allow more factorization opportunities.
490 static Instruction::BinaryOps
getBinOpsForFactorization(Instruction::BinaryOps TopOpcode,BinaryOperator * Op,Value * & LHS,Value * & RHS)491 getBinOpsForFactorization(Instruction::BinaryOps TopOpcode, BinaryOperator *Op,
492                           Value *&LHS, Value *&RHS) {
493   assert(Op && "Expected a binary operator");
494   LHS = Op->getOperand(0);
495   RHS = Op->getOperand(1);
496   if (TopOpcode == Instruction::Add || TopOpcode == Instruction::Sub) {
497     Constant *C;
498     if (match(Op, m_Shl(m_Value(), m_Constant(C)))) {
499       // X << C --> X * (1 << C)
500       RHS = ConstantExpr::getShl(ConstantInt::get(Op->getType(), 1), C);
501       return Instruction::Mul;
502     }
503     // TODO: We can add other conversions e.g. shr => div etc.
504   }
505   return Op->getOpcode();
506 }
507 
508 /// This tries to simplify binary operations by factorizing out common terms
509 /// (e. g. "(A*B)+(A*C)" -> "A*(B+C)").
tryFactorization(BinaryOperator & I,Instruction::BinaryOps InnerOpcode,Value * A,Value * B,Value * C,Value * D)510 Value *InstCombiner::tryFactorization(BinaryOperator &I,
511                                       Instruction::BinaryOps InnerOpcode,
512                                       Value *A, Value *B, Value *C, Value *D) {
513   assert(A && B && C && D && "All values must be provided");
514 
515   Value *V = nullptr;
516   Value *SimplifiedInst = nullptr;
517   Value *LHS = I.getOperand(0), *RHS = I.getOperand(1);
518   Instruction::BinaryOps TopLevelOpcode = I.getOpcode();
519 
520   // Does "X op' Y" always equal "Y op' X"?
521   bool InnerCommutative = Instruction::isCommutative(InnerOpcode);
522 
523   // Does "X op' (Y op Z)" always equal "(X op' Y) op (X op' Z)"?
524   if (leftDistributesOverRight(InnerOpcode, TopLevelOpcode))
525     // Does the instruction have the form "(A op' B) op (A op' D)" or, in the
526     // commutative case, "(A op' B) op (C op' A)"?
527     if (A == C || (InnerCommutative && A == D)) {
528       if (A != C)
529         std::swap(C, D);
530       // Consider forming "A op' (B op D)".
531       // If "B op D" simplifies then it can be formed with no cost.
532       V = SimplifyBinOp(TopLevelOpcode, B, D, SQ.getWithInstruction(&I));
533       // If "B op D" doesn't simplify then only go on if both of the existing
534       // operations "A op' B" and "C op' D" will be zapped as no longer used.
535       if (!V && LHS->hasOneUse() && RHS->hasOneUse())
536         V = Builder.CreateBinOp(TopLevelOpcode, B, D, RHS->getName());
537       if (V) {
538         SimplifiedInst = Builder.CreateBinOp(InnerOpcode, A, V);
539       }
540     }
541 
542   // Does "(X op Y) op' Z" always equal "(X op' Z) op (Y op' Z)"?
543   if (!SimplifiedInst && rightDistributesOverLeft(TopLevelOpcode, InnerOpcode))
544     // Does the instruction have the form "(A op' B) op (C op' B)" or, in the
545     // commutative case, "(A op' B) op (B op' D)"?
546     if (B == D || (InnerCommutative && B == C)) {
547       if (B != D)
548         std::swap(C, D);
549       // Consider forming "(A op C) op' B".
550       // If "A op C" simplifies then it can be formed with no cost.
551       V = SimplifyBinOp(TopLevelOpcode, A, C, SQ.getWithInstruction(&I));
552 
553       // If "A op C" doesn't simplify then only go on if both of the existing
554       // operations "A op' B" and "C op' D" will be zapped as no longer used.
555       if (!V && LHS->hasOneUse() && RHS->hasOneUse())
556         V = Builder.CreateBinOp(TopLevelOpcode, A, C, LHS->getName());
557       if (V) {
558         SimplifiedInst = Builder.CreateBinOp(InnerOpcode, V, B);
559       }
560     }
561 
562   if (SimplifiedInst) {
563     ++NumFactor;
564     SimplifiedInst->takeName(&I);
565 
566     // Check if we can add NSW flag to SimplifiedInst. If so, set NSW flag.
567     // TODO: Check for NUW.
568     if (BinaryOperator *BO = dyn_cast<BinaryOperator>(SimplifiedInst)) {
569       if (isa<OverflowingBinaryOperator>(SimplifiedInst)) {
570         bool HasNSW = false;
571         if (isa<OverflowingBinaryOperator>(&I))
572           HasNSW = I.hasNoSignedWrap();
573 
574         if (auto *LOBO = dyn_cast<OverflowingBinaryOperator>(LHS))
575           HasNSW &= LOBO->hasNoSignedWrap();
576 
577         if (auto *ROBO = dyn_cast<OverflowingBinaryOperator>(RHS))
578           HasNSW &= ROBO->hasNoSignedWrap();
579 
580         // We can propagate 'nsw' if we know that
581         //  %Y = mul nsw i16 %X, C
582         //  %Z = add nsw i16 %Y, %X
583         // =>
584         //  %Z = mul nsw i16 %X, C+1
585         //
586         // iff C+1 isn't INT_MIN
587         const APInt *CInt;
588         if (TopLevelOpcode == Instruction::Add &&
589             InnerOpcode == Instruction::Mul)
590           if (match(V, m_APInt(CInt)) && !CInt->isMinSignedValue())
591             BO->setHasNoSignedWrap(HasNSW);
592       }
593     }
594   }
595   return SimplifiedInst;
596 }
597 
598 /// This tries to simplify binary operations which some other binary operation
599 /// distributes over either by factorizing out common terms
600 /// (eg "(A*B)+(A*C)" -> "A*(B+C)") or expanding out if this results in
601 /// simplifications (eg: "A & (B | C) -> (A&B) | (A&C)" if this is a win).
602 /// Returns the simplified value, or null if it didn't simplify.
SimplifyUsingDistributiveLaws(BinaryOperator & I)603 Value *InstCombiner::SimplifyUsingDistributiveLaws(BinaryOperator &I) {
604   Value *LHS = I.getOperand(0), *RHS = I.getOperand(1);
605   BinaryOperator *Op0 = dyn_cast<BinaryOperator>(LHS);
606   BinaryOperator *Op1 = dyn_cast<BinaryOperator>(RHS);
607   Instruction::BinaryOps TopLevelOpcode = I.getOpcode();
608 
609   {
610     // Factorization.
611     Value *A, *B, *C, *D;
612     Instruction::BinaryOps LHSOpcode, RHSOpcode;
613     if (Op0)
614       LHSOpcode = getBinOpsForFactorization(TopLevelOpcode, Op0, A, B);
615     if (Op1)
616       RHSOpcode = getBinOpsForFactorization(TopLevelOpcode, Op1, C, D);
617 
618     // The instruction has the form "(A op' B) op (C op' D)".  Try to factorize
619     // a common term.
620     if (Op0 && Op1 && LHSOpcode == RHSOpcode)
621       if (Value *V = tryFactorization(I, LHSOpcode, A, B, C, D))
622         return V;
623 
624     // The instruction has the form "(A op' B) op (C)".  Try to factorize common
625     // term.
626     if (Op0)
627       if (Value *Ident = getIdentityValue(LHSOpcode, RHS))
628         if (Value *V = tryFactorization(I, LHSOpcode, A, B, RHS, Ident))
629           return V;
630 
631     // The instruction has the form "(B) op (C op' D)".  Try to factorize common
632     // term.
633     if (Op1)
634       if (Value *Ident = getIdentityValue(RHSOpcode, LHS))
635         if (Value *V = tryFactorization(I, RHSOpcode, LHS, Ident, C, D))
636           return V;
637   }
638 
639   // Expansion.
640   if (Op0 && rightDistributesOverLeft(Op0->getOpcode(), TopLevelOpcode)) {
641     // The instruction has the form "(A op' B) op C".  See if expanding it out
642     // to "(A op C) op' (B op C)" results in simplifications.
643     Value *A = Op0->getOperand(0), *B = Op0->getOperand(1), *C = RHS;
644     Instruction::BinaryOps InnerOpcode = Op0->getOpcode(); // op'
645 
646     Value *L = SimplifyBinOp(TopLevelOpcode, A, C, SQ.getWithInstruction(&I));
647     Value *R = SimplifyBinOp(TopLevelOpcode, B, C, SQ.getWithInstruction(&I));
648 
649     // Do "A op C" and "B op C" both simplify?
650     if (L && R) {
651       // They do! Return "L op' R".
652       ++NumExpand;
653       C = Builder.CreateBinOp(InnerOpcode, L, R);
654       C->takeName(&I);
655       return C;
656     }
657 
658     // Does "A op C" simplify to the identity value for the inner opcode?
659     if (L && L == ConstantExpr::getBinOpIdentity(InnerOpcode, L->getType())) {
660       // They do! Return "B op C".
661       ++NumExpand;
662       C = Builder.CreateBinOp(TopLevelOpcode, B, C);
663       C->takeName(&I);
664       return C;
665     }
666 
667     // Does "B op C" simplify to the identity value for the inner opcode?
668     if (R && R == ConstantExpr::getBinOpIdentity(InnerOpcode, R->getType())) {
669       // They do! Return "A op C".
670       ++NumExpand;
671       C = Builder.CreateBinOp(TopLevelOpcode, A, C);
672       C->takeName(&I);
673       return C;
674     }
675   }
676 
677   if (Op1 && leftDistributesOverRight(TopLevelOpcode, Op1->getOpcode())) {
678     // The instruction has the form "A op (B op' C)".  See if expanding it out
679     // to "(A op B) op' (A op C)" results in simplifications.
680     Value *A = LHS, *B = Op1->getOperand(0), *C = Op1->getOperand(1);
681     Instruction::BinaryOps InnerOpcode = Op1->getOpcode(); // op'
682 
683     Value *L = SimplifyBinOp(TopLevelOpcode, A, B, SQ.getWithInstruction(&I));
684     Value *R = SimplifyBinOp(TopLevelOpcode, A, C, SQ.getWithInstruction(&I));
685 
686     // Do "A op B" and "A op C" both simplify?
687     if (L && R) {
688       // They do! Return "L op' R".
689       ++NumExpand;
690       A = Builder.CreateBinOp(InnerOpcode, L, R);
691       A->takeName(&I);
692       return A;
693     }
694 
695     // Does "A op B" simplify to the identity value for the inner opcode?
696     if (L && L == ConstantExpr::getBinOpIdentity(InnerOpcode, L->getType())) {
697       // They do! Return "A op C".
698       ++NumExpand;
699       A = Builder.CreateBinOp(TopLevelOpcode, A, C);
700       A->takeName(&I);
701       return A;
702     }
703 
704     // Does "A op C" simplify to the identity value for the inner opcode?
705     if (R && R == ConstantExpr::getBinOpIdentity(InnerOpcode, R->getType())) {
706       // They do! Return "A op B".
707       ++NumExpand;
708       A = Builder.CreateBinOp(TopLevelOpcode, A, B);
709       A->takeName(&I);
710       return A;
711     }
712   }
713 
714   return SimplifySelectsFeedingBinaryOp(I, LHS, RHS);
715 }
716 
SimplifySelectsFeedingBinaryOp(BinaryOperator & I,Value * LHS,Value * RHS)717 Value *InstCombiner::SimplifySelectsFeedingBinaryOp(BinaryOperator &I,
718                                                     Value *LHS, Value *RHS) {
719   Instruction::BinaryOps Opcode = I.getOpcode();
720   // (op (select (a, b, c)), (select (a, d, e))) -> (select (a, (op b, d), (op
721   // c, e)))
722   Value *A, *B, *C, *D, *E;
723   Value *SI = nullptr;
724   if (match(LHS, m_Select(m_Value(A), m_Value(B), m_Value(C))) &&
725       match(RHS, m_Select(m_Specific(A), m_Value(D), m_Value(E)))) {
726     bool SelectsHaveOneUse = LHS->hasOneUse() && RHS->hasOneUse();
727     BuilderTy::FastMathFlagGuard Guard(Builder);
728     if (isa<FPMathOperator>(&I))
729       Builder.setFastMathFlags(I.getFastMathFlags());
730 
731     Value *V1 = SimplifyBinOp(Opcode, C, E, SQ.getWithInstruction(&I));
732     Value *V2 = SimplifyBinOp(Opcode, B, D, SQ.getWithInstruction(&I));
733     if (V1 && V2)
734       SI = Builder.CreateSelect(A, V2, V1);
735     else if (V2 && SelectsHaveOneUse)
736       SI = Builder.CreateSelect(A, V2, Builder.CreateBinOp(Opcode, C, E));
737     else if (V1 && SelectsHaveOneUse)
738       SI = Builder.CreateSelect(A, Builder.CreateBinOp(Opcode, B, D), V1);
739 
740     if (SI)
741       SI->takeName(&I);
742   }
743 
744   return SI;
745 }
746 
747 /// Given a 'sub' instruction, return the RHS of the instruction if the LHS is a
748 /// constant zero (which is the 'negate' form).
dyn_castNegVal(Value * V) const749 Value *InstCombiner::dyn_castNegVal(Value *V) const {
750   if (BinaryOperator::isNeg(V))
751     return BinaryOperator::getNegArgument(V);
752 
753   // Constants can be considered to be negated values if they can be folded.
754   if (ConstantInt *C = dyn_cast<ConstantInt>(V))
755     return ConstantExpr::getNeg(C);
756 
757   if (ConstantDataVector *C = dyn_cast<ConstantDataVector>(V))
758     if (C->getType()->getElementType()->isIntegerTy())
759       return ConstantExpr::getNeg(C);
760 
761   if (ConstantVector *CV = dyn_cast<ConstantVector>(V)) {
762     for (unsigned i = 0, e = CV->getNumOperands(); i != e; ++i) {
763       Constant *Elt = CV->getAggregateElement(i);
764       if (!Elt)
765         return nullptr;
766 
767       if (isa<UndefValue>(Elt))
768         continue;
769 
770       if (!isa<ConstantInt>(Elt))
771         return nullptr;
772     }
773     return ConstantExpr::getNeg(CV);
774   }
775 
776   return nullptr;
777 }
778 
foldOperationIntoSelectOperand(Instruction & I,Value * SO,InstCombiner::BuilderTy & Builder)779 static Value *foldOperationIntoSelectOperand(Instruction &I, Value *SO,
780                                              InstCombiner::BuilderTy &Builder) {
781   if (auto *Cast = dyn_cast<CastInst>(&I))
782     return Builder.CreateCast(Cast->getOpcode(), SO, I.getType());
783 
784   assert(I.isBinaryOp() && "Unexpected opcode for select folding");
785 
786   // Figure out if the constant is the left or the right argument.
787   bool ConstIsRHS = isa<Constant>(I.getOperand(1));
788   Constant *ConstOperand = cast<Constant>(I.getOperand(ConstIsRHS));
789 
790   if (auto *SOC = dyn_cast<Constant>(SO)) {
791     if (ConstIsRHS)
792       return ConstantExpr::get(I.getOpcode(), SOC, ConstOperand);
793     return ConstantExpr::get(I.getOpcode(), ConstOperand, SOC);
794   }
795 
796   Value *Op0 = SO, *Op1 = ConstOperand;
797   if (!ConstIsRHS)
798     std::swap(Op0, Op1);
799 
800   auto *BO = cast<BinaryOperator>(&I);
801   Value *RI = Builder.CreateBinOp(BO->getOpcode(), Op0, Op1,
802                                   SO->getName() + ".op");
803   auto *FPInst = dyn_cast<Instruction>(RI);
804   if (FPInst && isa<FPMathOperator>(FPInst))
805     FPInst->copyFastMathFlags(BO);
806   return RI;
807 }
808 
FoldOpIntoSelect(Instruction & Op,SelectInst * SI)809 Instruction *InstCombiner::FoldOpIntoSelect(Instruction &Op, SelectInst *SI) {
810   // Don't modify shared select instructions.
811   if (!SI->hasOneUse())
812     return nullptr;
813 
814   Value *TV = SI->getTrueValue();
815   Value *FV = SI->getFalseValue();
816   if (!(isa<Constant>(TV) || isa<Constant>(FV)))
817     return nullptr;
818 
819   // Bool selects with constant operands can be folded to logical ops.
820   if (SI->getType()->isIntOrIntVectorTy(1))
821     return nullptr;
822 
823   // If it's a bitcast involving vectors, make sure it has the same number of
824   // elements on both sides.
825   if (auto *BC = dyn_cast<BitCastInst>(&Op)) {
826     VectorType *DestTy = dyn_cast<VectorType>(BC->getDestTy());
827     VectorType *SrcTy = dyn_cast<VectorType>(BC->getSrcTy());
828 
829     // Verify that either both or neither are vectors.
830     if ((SrcTy == nullptr) != (DestTy == nullptr))
831       return nullptr;
832 
833     // If vectors, verify that they have the same number of elements.
834     if (SrcTy && SrcTy->getNumElements() != DestTy->getNumElements())
835       return nullptr;
836   }
837 
838   // Test if a CmpInst instruction is used exclusively by a select as
839   // part of a minimum or maximum operation. If so, refrain from doing
840   // any other folding. This helps out other analyses which understand
841   // non-obfuscated minimum and maximum idioms, such as ScalarEvolution
842   // and CodeGen. And in this case, at least one of the comparison
843   // operands has at least one user besides the compare (the select),
844   // which would often largely negate the benefit of folding anyway.
845   if (auto *CI = dyn_cast<CmpInst>(SI->getCondition())) {
846     if (CI->hasOneUse()) {
847       Value *Op0 = CI->getOperand(0), *Op1 = CI->getOperand(1);
848       if ((SI->getOperand(1) == Op0 && SI->getOperand(2) == Op1) ||
849           (SI->getOperand(2) == Op0 && SI->getOperand(1) == Op1))
850         return nullptr;
851     }
852   }
853 
854   Value *NewTV = foldOperationIntoSelectOperand(Op, TV, Builder);
855   Value *NewFV = foldOperationIntoSelectOperand(Op, FV, Builder);
856   return SelectInst::Create(SI->getCondition(), NewTV, NewFV, "", nullptr, SI);
857 }
858 
foldOperationIntoPhiValue(BinaryOperator * I,Value * InV,InstCombiner::BuilderTy & Builder)859 static Value *foldOperationIntoPhiValue(BinaryOperator *I, Value *InV,
860                                         InstCombiner::BuilderTy &Builder) {
861   bool ConstIsRHS = isa<Constant>(I->getOperand(1));
862   Constant *C = cast<Constant>(I->getOperand(ConstIsRHS));
863 
864   if (auto *InC = dyn_cast<Constant>(InV)) {
865     if (ConstIsRHS)
866       return ConstantExpr::get(I->getOpcode(), InC, C);
867     return ConstantExpr::get(I->getOpcode(), C, InC);
868   }
869 
870   Value *Op0 = InV, *Op1 = C;
871   if (!ConstIsRHS)
872     std::swap(Op0, Op1);
873 
874   Value *RI = Builder.CreateBinOp(I->getOpcode(), Op0, Op1, "phitmp");
875   auto *FPInst = dyn_cast<Instruction>(RI);
876   if (FPInst && isa<FPMathOperator>(FPInst))
877     FPInst->copyFastMathFlags(I);
878   return RI;
879 }
880 
foldOpIntoPhi(Instruction & I,PHINode * PN)881 Instruction *InstCombiner::foldOpIntoPhi(Instruction &I, PHINode *PN) {
882   unsigned NumPHIValues = PN->getNumIncomingValues();
883   if (NumPHIValues == 0)
884     return nullptr;
885 
886   // We normally only transform phis with a single use.  However, if a PHI has
887   // multiple uses and they are all the same operation, we can fold *all* of the
888   // uses into the PHI.
889   if (!PN->hasOneUse()) {
890     // Walk the use list for the instruction, comparing them to I.
891     for (User *U : PN->users()) {
892       Instruction *UI = cast<Instruction>(U);
893       if (UI != &I && !I.isIdenticalTo(UI))
894         return nullptr;
895     }
896     // Otherwise, we can replace *all* users with the new PHI we form.
897   }
898 
899   // Check to see if all of the operands of the PHI are simple constants
900   // (constantint/constantfp/undef).  If there is one non-constant value,
901   // remember the BB it is in.  If there is more than one or if *it* is a PHI,
902   // bail out.  We don't do arbitrary constant expressions here because moving
903   // their computation can be expensive without a cost model.
904   BasicBlock *NonConstBB = nullptr;
905   for (unsigned i = 0; i != NumPHIValues; ++i) {
906     Value *InVal = PN->getIncomingValue(i);
907     if (isa<Constant>(InVal) && !isa<ConstantExpr>(InVal))
908       continue;
909 
910     if (isa<PHINode>(InVal)) return nullptr;  // Itself a phi.
911     if (NonConstBB) return nullptr;  // More than one non-const value.
912 
913     NonConstBB = PN->getIncomingBlock(i);
914 
915     // If the InVal is an invoke at the end of the pred block, then we can't
916     // insert a computation after it without breaking the edge.
917     if (InvokeInst *II = dyn_cast<InvokeInst>(InVal))
918       if (II->getParent() == NonConstBB)
919         return nullptr;
920 
921     // If the incoming non-constant value is in I's block, we will remove one
922     // instruction, but insert another equivalent one, leading to infinite
923     // instcombine.
924     if (isPotentiallyReachable(I.getParent(), NonConstBB, &DT, LI))
925       return nullptr;
926   }
927 
928   // If there is exactly one non-constant value, we can insert a copy of the
929   // operation in that block.  However, if this is a critical edge, we would be
930   // inserting the computation on some other paths (e.g. inside a loop).  Only
931   // do this if the pred block is unconditionally branching into the phi block.
932   if (NonConstBB != nullptr) {
933     BranchInst *BI = dyn_cast<BranchInst>(NonConstBB->getTerminator());
934     if (!BI || !BI->isUnconditional()) return nullptr;
935   }
936 
937   // Okay, we can do the transformation: create the new PHI node.
938   PHINode *NewPN = PHINode::Create(I.getType(), PN->getNumIncomingValues());
939   InsertNewInstBefore(NewPN, *PN);
940   NewPN->takeName(PN);
941 
942   // If we are going to have to insert a new computation, do so right before the
943   // predecessor's terminator.
944   if (NonConstBB)
945     Builder.SetInsertPoint(NonConstBB->getTerminator());
946 
947   // Next, add all of the operands to the PHI.
948   if (SelectInst *SI = dyn_cast<SelectInst>(&I)) {
949     // We only currently try to fold the condition of a select when it is a phi,
950     // not the true/false values.
951     Value *TrueV = SI->getTrueValue();
952     Value *FalseV = SI->getFalseValue();
953     BasicBlock *PhiTransBB = PN->getParent();
954     for (unsigned i = 0; i != NumPHIValues; ++i) {
955       BasicBlock *ThisBB = PN->getIncomingBlock(i);
956       Value *TrueVInPred = TrueV->DoPHITranslation(PhiTransBB, ThisBB);
957       Value *FalseVInPred = FalseV->DoPHITranslation(PhiTransBB, ThisBB);
958       Value *InV = nullptr;
959       // Beware of ConstantExpr:  it may eventually evaluate to getNullValue,
960       // even if currently isNullValue gives false.
961       Constant *InC = dyn_cast<Constant>(PN->getIncomingValue(i));
962       // For vector constants, we cannot use isNullValue to fold into
963       // FalseVInPred versus TrueVInPred. When we have individual nonzero
964       // elements in the vector, we will incorrectly fold InC to
965       // `TrueVInPred`.
966       if (InC && !isa<ConstantExpr>(InC) && isa<ConstantInt>(InC))
967         InV = InC->isNullValue() ? FalseVInPred : TrueVInPred;
968       else {
969         // Generate the select in the same block as PN's current incoming block.
970         // Note: ThisBB need not be the NonConstBB because vector constants
971         // which are constants by definition are handled here.
972         // FIXME: This can lead to an increase in IR generation because we might
973         // generate selects for vector constant phi operand, that could not be
974         // folded to TrueVInPred or FalseVInPred as done for ConstantInt. For
975         // non-vector phis, this transformation was always profitable because
976         // the select would be generated exactly once in the NonConstBB.
977         Builder.SetInsertPoint(ThisBB->getTerminator());
978         InV = Builder.CreateSelect(PN->getIncomingValue(i), TrueVInPred,
979                                    FalseVInPred, "phitmp");
980       }
981       NewPN->addIncoming(InV, ThisBB);
982     }
983   } else if (CmpInst *CI = dyn_cast<CmpInst>(&I)) {
984     Constant *C = cast<Constant>(I.getOperand(1));
985     for (unsigned i = 0; i != NumPHIValues; ++i) {
986       Value *InV = nullptr;
987       if (Constant *InC = dyn_cast<Constant>(PN->getIncomingValue(i)))
988         InV = ConstantExpr::getCompare(CI->getPredicate(), InC, C);
989       else if (isa<ICmpInst>(CI))
990         InV = Builder.CreateICmp(CI->getPredicate(), PN->getIncomingValue(i),
991                                  C, "phitmp");
992       else
993         InV = Builder.CreateFCmp(CI->getPredicate(), PN->getIncomingValue(i),
994                                  C, "phitmp");
995       NewPN->addIncoming(InV, PN->getIncomingBlock(i));
996     }
997   } else if (auto *BO = dyn_cast<BinaryOperator>(&I)) {
998     for (unsigned i = 0; i != NumPHIValues; ++i) {
999       Value *InV = foldOperationIntoPhiValue(BO, PN->getIncomingValue(i),
1000                                              Builder);
1001       NewPN->addIncoming(InV, PN->getIncomingBlock(i));
1002     }
1003   } else {
1004     CastInst *CI = cast<CastInst>(&I);
1005     Type *RetTy = CI->getType();
1006     for (unsigned i = 0; i != NumPHIValues; ++i) {
1007       Value *InV;
1008       if (Constant *InC = dyn_cast<Constant>(PN->getIncomingValue(i)))
1009         InV = ConstantExpr::getCast(CI->getOpcode(), InC, RetTy);
1010       else
1011         InV = Builder.CreateCast(CI->getOpcode(), PN->getIncomingValue(i),
1012                                  I.getType(), "phitmp");
1013       NewPN->addIncoming(InV, PN->getIncomingBlock(i));
1014     }
1015   }
1016 
1017   for (auto UI = PN->user_begin(), E = PN->user_end(); UI != E;) {
1018     Instruction *User = cast<Instruction>(*UI++);
1019     if (User == &I) continue;
1020     replaceInstUsesWith(*User, NewPN);
1021     eraseInstFromFunction(*User);
1022   }
1023   return replaceInstUsesWith(I, NewPN);
1024 }
1025 
foldBinOpIntoSelectOrPhi(BinaryOperator & I)1026 Instruction *InstCombiner::foldBinOpIntoSelectOrPhi(BinaryOperator &I) {
1027   if (!isa<Constant>(I.getOperand(1)))
1028     return nullptr;
1029 
1030   if (auto *Sel = dyn_cast<SelectInst>(I.getOperand(0))) {
1031     if (Instruction *NewSel = FoldOpIntoSelect(I, Sel))
1032       return NewSel;
1033   } else if (auto *PN = dyn_cast<PHINode>(I.getOperand(0))) {
1034     if (Instruction *NewPhi = foldOpIntoPhi(I, PN))
1035       return NewPhi;
1036   }
1037   return nullptr;
1038 }
1039 
1040 /// Given a pointer type and a constant offset, determine whether or not there
1041 /// is a sequence of GEP indices into the pointed type that will land us at the
1042 /// specified offset. If so, fill them into NewIndices and return the resultant
1043 /// element type, otherwise return null.
FindElementAtOffset(PointerType * PtrTy,int64_t Offset,SmallVectorImpl<Value * > & NewIndices)1044 Type *InstCombiner::FindElementAtOffset(PointerType *PtrTy, int64_t Offset,
1045                                         SmallVectorImpl<Value *> &NewIndices) {
1046   Type *Ty = PtrTy->getElementType();
1047   if (!Ty->isSized())
1048     return nullptr;
1049 
1050   // Start with the index over the outer type.  Note that the type size
1051   // might be zero (even if the offset isn't zero) if the indexed type
1052   // is something like [0 x {int, int}]
1053   Type *IndexTy = DL.getIndexType(PtrTy);
1054   int64_t FirstIdx = 0;
1055   if (int64_t TySize = DL.getTypeAllocSize(Ty)) {
1056     FirstIdx = Offset/TySize;
1057     Offset -= FirstIdx*TySize;
1058 
1059     // Handle hosts where % returns negative instead of values [0..TySize).
1060     if (Offset < 0) {
1061       --FirstIdx;
1062       Offset += TySize;
1063       assert(Offset >= 0);
1064     }
1065     assert((uint64_t)Offset < (uint64_t)TySize && "Out of range offset");
1066   }
1067 
1068   NewIndices.push_back(ConstantInt::get(IndexTy, FirstIdx));
1069 
1070   // Index into the types.  If we fail, set OrigBase to null.
1071   while (Offset) {
1072     // Indexing into tail padding between struct/array elements.
1073     if (uint64_t(Offset * 8) >= DL.getTypeSizeInBits(Ty))
1074       return nullptr;
1075 
1076     if (StructType *STy = dyn_cast<StructType>(Ty)) {
1077       const StructLayout *SL = DL.getStructLayout(STy);
1078       assert(Offset < (int64_t)SL->getSizeInBytes() &&
1079              "Offset must stay within the indexed type");
1080 
1081       unsigned Elt = SL->getElementContainingOffset(Offset);
1082       NewIndices.push_back(ConstantInt::get(Type::getInt32Ty(Ty->getContext()),
1083                                             Elt));
1084 
1085       Offset -= SL->getElementOffset(Elt);
1086       Ty = STy->getElementType(Elt);
1087     } else if (ArrayType *AT = dyn_cast<ArrayType>(Ty)) {
1088       uint64_t EltSize = DL.getTypeAllocSize(AT->getElementType());
1089       assert(EltSize && "Cannot index into a zero-sized array");
1090       NewIndices.push_back(ConstantInt::get(IndexTy,Offset/EltSize));
1091       Offset %= EltSize;
1092       Ty = AT->getElementType();
1093     } else {
1094       // Otherwise, we can't index into the middle of this atomic type, bail.
1095       return nullptr;
1096     }
1097   }
1098 
1099   return Ty;
1100 }
1101 
shouldMergeGEPs(GEPOperator & GEP,GEPOperator & Src)1102 static bool shouldMergeGEPs(GEPOperator &GEP, GEPOperator &Src) {
1103   // If this GEP has only 0 indices, it is the same pointer as
1104   // Src. If Src is not a trivial GEP too, don't combine
1105   // the indices.
1106   if (GEP.hasAllZeroIndices() && !Src.hasAllZeroIndices() &&
1107       !Src.hasOneUse())
1108     return false;
1109   return true;
1110 }
1111 
1112 /// Return a value X such that Val = X * Scale, or null if none.
1113 /// If the multiplication is known not to overflow, then NoSignedWrap is set.
Descale(Value * Val,APInt Scale,bool & NoSignedWrap)1114 Value *InstCombiner::Descale(Value *Val, APInt Scale, bool &NoSignedWrap) {
1115   assert(isa<IntegerType>(Val->getType()) && "Can only descale integers!");
1116   assert(cast<IntegerType>(Val->getType())->getBitWidth() ==
1117          Scale.getBitWidth() && "Scale not compatible with value!");
1118 
1119   // If Val is zero or Scale is one then Val = Val * Scale.
1120   if (match(Val, m_Zero()) || Scale == 1) {
1121     NoSignedWrap = true;
1122     return Val;
1123   }
1124 
1125   // If Scale is zero then it does not divide Val.
1126   if (Scale.isMinValue())
1127     return nullptr;
1128 
1129   // Look through chains of multiplications, searching for a constant that is
1130   // divisible by Scale.  For example, descaling X*(Y*(Z*4)) by a factor of 4
1131   // will find the constant factor 4 and produce X*(Y*Z).  Descaling X*(Y*8) by
1132   // a factor of 4 will produce X*(Y*2).  The principle of operation is to bore
1133   // down from Val:
1134   //
1135   //     Val = M1 * X          ||   Analysis starts here and works down
1136   //      M1 = M2 * Y          ||   Doesn't descend into terms with more
1137   //      M2 =  Z * 4          \/   than one use
1138   //
1139   // Then to modify a term at the bottom:
1140   //
1141   //     Val = M1 * X
1142   //      M1 =  Z * Y          ||   Replaced M2 with Z
1143   //
1144   // Then to work back up correcting nsw flags.
1145 
1146   // Op - the term we are currently analyzing.  Starts at Val then drills down.
1147   // Replaced with its descaled value before exiting from the drill down loop.
1148   Value *Op = Val;
1149 
1150   // Parent - initially null, but after drilling down notes where Op came from.
1151   // In the example above, Parent is (Val, 0) when Op is M1, because M1 is the
1152   // 0'th operand of Val.
1153   std::pair<Instruction *, unsigned> Parent;
1154 
1155   // Set if the transform requires a descaling at deeper levels that doesn't
1156   // overflow.
1157   bool RequireNoSignedWrap = false;
1158 
1159   // Log base 2 of the scale. Negative if not a power of 2.
1160   int32_t logScale = Scale.exactLogBase2();
1161 
1162   for (;; Op = Parent.first->getOperand(Parent.second)) { // Drill down
1163     if (ConstantInt *CI = dyn_cast<ConstantInt>(Op)) {
1164       // If Op is a constant divisible by Scale then descale to the quotient.
1165       APInt Quotient(Scale), Remainder(Scale); // Init ensures right bitwidth.
1166       APInt::sdivrem(CI->getValue(), Scale, Quotient, Remainder);
1167       if (!Remainder.isMinValue())
1168         // Not divisible by Scale.
1169         return nullptr;
1170       // Replace with the quotient in the parent.
1171       Op = ConstantInt::get(CI->getType(), Quotient);
1172       NoSignedWrap = true;
1173       break;
1174     }
1175 
1176     if (BinaryOperator *BO = dyn_cast<BinaryOperator>(Op)) {
1177       if (BO->getOpcode() == Instruction::Mul) {
1178         // Multiplication.
1179         NoSignedWrap = BO->hasNoSignedWrap();
1180         if (RequireNoSignedWrap && !NoSignedWrap)
1181           return nullptr;
1182 
1183         // There are three cases for multiplication: multiplication by exactly
1184         // the scale, multiplication by a constant different to the scale, and
1185         // multiplication by something else.
1186         Value *LHS = BO->getOperand(0);
1187         Value *RHS = BO->getOperand(1);
1188 
1189         if (ConstantInt *CI = dyn_cast<ConstantInt>(RHS)) {
1190           // Multiplication by a constant.
1191           if (CI->getValue() == Scale) {
1192             // Multiplication by exactly the scale, replace the multiplication
1193             // by its left-hand side in the parent.
1194             Op = LHS;
1195             break;
1196           }
1197 
1198           // Otherwise drill down into the constant.
1199           if (!Op->hasOneUse())
1200             return nullptr;
1201 
1202           Parent = std::make_pair(BO, 1);
1203           continue;
1204         }
1205 
1206         // Multiplication by something else. Drill down into the left-hand side
1207         // since that's where the reassociate pass puts the good stuff.
1208         if (!Op->hasOneUse())
1209           return nullptr;
1210 
1211         Parent = std::make_pair(BO, 0);
1212         continue;
1213       }
1214 
1215       if (logScale > 0 && BO->getOpcode() == Instruction::Shl &&
1216           isa<ConstantInt>(BO->getOperand(1))) {
1217         // Multiplication by a power of 2.
1218         NoSignedWrap = BO->hasNoSignedWrap();
1219         if (RequireNoSignedWrap && !NoSignedWrap)
1220           return nullptr;
1221 
1222         Value *LHS = BO->getOperand(0);
1223         int32_t Amt = cast<ConstantInt>(BO->getOperand(1))->
1224           getLimitedValue(Scale.getBitWidth());
1225         // Op = LHS << Amt.
1226 
1227         if (Amt == logScale) {
1228           // Multiplication by exactly the scale, replace the multiplication
1229           // by its left-hand side in the parent.
1230           Op = LHS;
1231           break;
1232         }
1233         if (Amt < logScale || !Op->hasOneUse())
1234           return nullptr;
1235 
1236         // Multiplication by more than the scale.  Reduce the multiplying amount
1237         // by the scale in the parent.
1238         Parent = std::make_pair(BO, 1);
1239         Op = ConstantInt::get(BO->getType(), Amt - logScale);
1240         break;
1241       }
1242     }
1243 
1244     if (!Op->hasOneUse())
1245       return nullptr;
1246 
1247     if (CastInst *Cast = dyn_cast<CastInst>(Op)) {
1248       if (Cast->getOpcode() == Instruction::SExt) {
1249         // Op is sign-extended from a smaller type, descale in the smaller type.
1250         unsigned SmallSize = Cast->getSrcTy()->getPrimitiveSizeInBits();
1251         APInt SmallScale = Scale.trunc(SmallSize);
1252         // Suppose Op = sext X, and we descale X as Y * SmallScale.  We want to
1253         // descale Op as (sext Y) * Scale.  In order to have
1254         //   sext (Y * SmallScale) = (sext Y) * Scale
1255         // some conditions need to hold however: SmallScale must sign-extend to
1256         // Scale and the multiplication Y * SmallScale should not overflow.
1257         if (SmallScale.sext(Scale.getBitWidth()) != Scale)
1258           // SmallScale does not sign-extend to Scale.
1259           return nullptr;
1260         assert(SmallScale.exactLogBase2() == logScale);
1261         // Require that Y * SmallScale must not overflow.
1262         RequireNoSignedWrap = true;
1263 
1264         // Drill down through the cast.
1265         Parent = std::make_pair(Cast, 0);
1266         Scale = SmallScale;
1267         continue;
1268       }
1269 
1270       if (Cast->getOpcode() == Instruction::Trunc) {
1271         // Op is truncated from a larger type, descale in the larger type.
1272         // Suppose Op = trunc X, and we descale X as Y * sext Scale.  Then
1273         //   trunc (Y * sext Scale) = (trunc Y) * Scale
1274         // always holds.  However (trunc Y) * Scale may overflow even if
1275         // trunc (Y * sext Scale) does not, so nsw flags need to be cleared
1276         // from this point up in the expression (see later).
1277         if (RequireNoSignedWrap)
1278           return nullptr;
1279 
1280         // Drill down through the cast.
1281         unsigned LargeSize = Cast->getSrcTy()->getPrimitiveSizeInBits();
1282         Parent = std::make_pair(Cast, 0);
1283         Scale = Scale.sext(LargeSize);
1284         if (logScale + 1 == (int32_t)Cast->getType()->getPrimitiveSizeInBits())
1285           logScale = -1;
1286         assert(Scale.exactLogBase2() == logScale);
1287         continue;
1288       }
1289     }
1290 
1291     // Unsupported expression, bail out.
1292     return nullptr;
1293   }
1294 
1295   // If Op is zero then Val = Op * Scale.
1296   if (match(Op, m_Zero())) {
1297     NoSignedWrap = true;
1298     return Op;
1299   }
1300 
1301   // We know that we can successfully descale, so from here on we can safely
1302   // modify the IR.  Op holds the descaled version of the deepest term in the
1303   // expression.  NoSignedWrap is 'true' if multiplying Op by Scale is known
1304   // not to overflow.
1305 
1306   if (!Parent.first)
1307     // The expression only had one term.
1308     return Op;
1309 
1310   // Rewrite the parent using the descaled version of its operand.
1311   assert(Parent.first->hasOneUse() && "Drilled down when more than one use!");
1312   assert(Op != Parent.first->getOperand(Parent.second) &&
1313          "Descaling was a no-op?");
1314   Parent.first->setOperand(Parent.second, Op);
1315   Worklist.Add(Parent.first);
1316 
1317   // Now work back up the expression correcting nsw flags.  The logic is based
1318   // on the following observation: if X * Y is known not to overflow as a signed
1319   // multiplication, and Y is replaced by a value Z with smaller absolute value,
1320   // then X * Z will not overflow as a signed multiplication either.  As we work
1321   // our way up, having NoSignedWrap 'true' means that the descaled value at the
1322   // current level has strictly smaller absolute value than the original.
1323   Instruction *Ancestor = Parent.first;
1324   do {
1325     if (BinaryOperator *BO = dyn_cast<BinaryOperator>(Ancestor)) {
1326       // If the multiplication wasn't nsw then we can't say anything about the
1327       // value of the descaled multiplication, and we have to clear nsw flags
1328       // from this point on up.
1329       bool OpNoSignedWrap = BO->hasNoSignedWrap();
1330       NoSignedWrap &= OpNoSignedWrap;
1331       if (NoSignedWrap != OpNoSignedWrap) {
1332         BO->setHasNoSignedWrap(NoSignedWrap);
1333         Worklist.Add(Ancestor);
1334       }
1335     } else if (Ancestor->getOpcode() == Instruction::Trunc) {
1336       // The fact that the descaled input to the trunc has smaller absolute
1337       // value than the original input doesn't tell us anything useful about
1338       // the absolute values of the truncations.
1339       NoSignedWrap = false;
1340     }
1341     assert((Ancestor->getOpcode() != Instruction::SExt || NoSignedWrap) &&
1342            "Failed to keep proper track of nsw flags while drilling down?");
1343 
1344     if (Ancestor == Val)
1345       // Got to the top, all done!
1346       return Val;
1347 
1348     // Move up one level in the expression.
1349     assert(Ancestor->hasOneUse() && "Drilled down when more than one use!");
1350     Ancestor = Ancestor->user_back();
1351   } while (true);
1352 }
1353 
foldShuffledBinop(BinaryOperator & Inst)1354 Instruction *InstCombiner::foldShuffledBinop(BinaryOperator &Inst) {
1355   if (!Inst.getType()->isVectorTy()) return nullptr;
1356 
1357   // It may not be safe to reorder shuffles and things like div, urem, etc.
1358   // because we may trap when executing those ops on unknown vector elements.
1359   // See PR20059.
1360   if (!isSafeToSpeculativelyExecute(&Inst))
1361     return nullptr;
1362 
1363   unsigned VWidth = cast<VectorType>(Inst.getType())->getNumElements();
1364   Value *LHS = Inst.getOperand(0), *RHS = Inst.getOperand(1);
1365   assert(cast<VectorType>(LHS->getType())->getNumElements() == VWidth);
1366   assert(cast<VectorType>(RHS->getType())->getNumElements() == VWidth);
1367 
1368   auto createBinOpShuffle = [&](Value *X, Value *Y, Constant *M) {
1369     Value *XY = Builder.CreateBinOp(Inst.getOpcode(), X, Y);
1370     if (auto *BO = dyn_cast<BinaryOperator>(XY))
1371       BO->copyIRFlags(&Inst);
1372     return new ShuffleVectorInst(XY, UndefValue::get(XY->getType()), M);
1373   };
1374 
1375   // If both arguments of the binary operation are shuffles that use the same
1376   // mask and shuffle within a single vector, move the shuffle after the binop.
1377   Value *V1, *V2;
1378   Constant *Mask;
1379   if (match(LHS, m_ShuffleVector(m_Value(V1), m_Undef(), m_Constant(Mask))) &&
1380       match(RHS, m_ShuffleVector(m_Value(V2), m_Undef(), m_Specific(Mask))) &&
1381       V1->getType() == V2->getType() &&
1382       (LHS->hasOneUse() || RHS->hasOneUse() || LHS == RHS)) {
1383     // Op(shuffle(V1, Mask), shuffle(V2, Mask)) -> shuffle(Op(V1, V2), Mask)
1384     return createBinOpShuffle(V1, V2, Mask);
1385   }
1386 
1387   // If one argument is a shuffle within one vector and the other is a constant,
1388   // try moving the shuffle after the binary operation. This canonicalization
1389   // intends to move shuffles closer to other shuffles and binops closer to
1390   // other binops, so they can be folded. It may also enable demanded elements
1391   // transforms.
1392   Constant *C;
1393   if (match(&Inst, m_c_BinOp(
1394           m_OneUse(m_ShuffleVector(m_Value(V1), m_Undef(), m_Constant(Mask))),
1395           m_Constant(C))) &&
1396       V1->getType() == Inst.getType()) {
1397     // Find constant NewC that has property:
1398     //   shuffle(NewC, ShMask) = C
1399     // If such constant does not exist (example: ShMask=<0,0> and C=<1,2>)
1400     // reorder is not possible. A 1-to-1 mapping is not required. Example:
1401     // ShMask = <1,1,2,2> and C = <5,5,6,6> --> NewC = <undef,5,6,undef>
1402     SmallVector<int, 16> ShMask;
1403     ShuffleVectorInst::getShuffleMask(Mask, ShMask);
1404     SmallVector<Constant *, 16>
1405         NewVecC(VWidth, UndefValue::get(C->getType()->getScalarType()));
1406     bool MayChange = true;
1407     for (unsigned I = 0; I < VWidth; ++I) {
1408       if (ShMask[I] >= 0) {
1409         assert(ShMask[I] < (int)VWidth);
1410         Constant *CElt = C->getAggregateElement(I);
1411         Constant *NewCElt = NewVecC[ShMask[I]];
1412         if (!CElt || (!isa<UndefValue>(NewCElt) && NewCElt != CElt)) {
1413           MayChange = false;
1414           break;
1415         }
1416         NewVecC[ShMask[I]] = CElt;
1417       }
1418     }
1419     if (MayChange) {
1420       Constant *NewC = ConstantVector::get(NewVecC);
1421       // It may not be safe to execute a binop on a vector with undef elements
1422       // because the entire instruction can be folded to undef or create poison
1423       // that did not exist in the original code.
1424       bool ConstOp1 = isa<Constant>(Inst.getOperand(1));
1425       if (Inst.isIntDivRem() || (Inst.isShift() && ConstOp1))
1426         NewC = getSafeVectorConstantForBinop(Inst.getOpcode(), NewC, ConstOp1);
1427 
1428       // Op(shuffle(V1, Mask), C) -> shuffle(Op(V1, NewC), Mask)
1429       // Op(C, shuffle(V1, Mask)) -> shuffle(Op(NewC, V1), Mask)
1430       Value *NewLHS = isa<Constant>(LHS) ? NewC : V1;
1431       Value *NewRHS = isa<Constant>(LHS) ? V1 : NewC;
1432       return createBinOpShuffle(NewLHS, NewRHS, Mask);
1433     }
1434   }
1435 
1436   return nullptr;
1437 }
1438 
visitGetElementPtrInst(GetElementPtrInst & GEP)1439 Instruction *InstCombiner::visitGetElementPtrInst(GetElementPtrInst &GEP) {
1440   SmallVector<Value*, 8> Ops(GEP.op_begin(), GEP.op_end());
1441   Type *GEPType = GEP.getType();
1442   Type *GEPEltType = GEP.getSourceElementType();
1443   if (Value *V = SimplifyGEPInst(GEPEltType, Ops, SQ.getWithInstruction(&GEP)))
1444     return replaceInstUsesWith(GEP, V);
1445 
1446   Value *PtrOp = GEP.getOperand(0);
1447 
1448   // Eliminate unneeded casts for indices, and replace indices which displace
1449   // by multiples of a zero size type with zero.
1450   bool MadeChange = false;
1451 
1452   // Index width may not be the same width as pointer width.
1453   // Data layout chooses the right type based on supported integer types.
1454   Type *NewScalarIndexTy =
1455       DL.getIndexType(GEP.getPointerOperandType()->getScalarType());
1456 
1457   gep_type_iterator GTI = gep_type_begin(GEP);
1458   for (User::op_iterator I = GEP.op_begin() + 1, E = GEP.op_end(); I != E;
1459        ++I, ++GTI) {
1460     // Skip indices into struct types.
1461     if (GTI.isStruct())
1462       continue;
1463 
1464     Type *IndexTy = (*I)->getType();
1465     Type *NewIndexType =
1466         IndexTy->isVectorTy()
1467             ? VectorType::get(NewScalarIndexTy, IndexTy->getVectorNumElements())
1468             : NewScalarIndexTy;
1469 
1470     // If the element type has zero size then any index over it is equivalent
1471     // to an index of zero, so replace it with zero if it is not zero already.
1472     Type *EltTy = GTI.getIndexedType();
1473     if (EltTy->isSized() && DL.getTypeAllocSize(EltTy) == 0)
1474       if (!isa<Constant>(*I) || !cast<Constant>(*I)->isNullValue()) {
1475         *I = Constant::getNullValue(NewIndexType);
1476         MadeChange = true;
1477       }
1478 
1479     if (IndexTy != NewIndexType) {
1480       // If we are using a wider index than needed for this platform, shrink
1481       // it to what we need.  If narrower, sign-extend it to what we need.
1482       // This explicit cast can make subsequent optimizations more obvious.
1483       *I = Builder.CreateIntCast(*I, NewIndexType, true);
1484       MadeChange = true;
1485     }
1486   }
1487   if (MadeChange)
1488     return &GEP;
1489 
1490   // Check to see if the inputs to the PHI node are getelementptr instructions.
1491   if (auto *PN = dyn_cast<PHINode>(PtrOp)) {
1492     auto *Op1 = dyn_cast<GetElementPtrInst>(PN->getOperand(0));
1493     if (!Op1)
1494       return nullptr;
1495 
1496     // Don't fold a GEP into itself through a PHI node. This can only happen
1497     // through the back-edge of a loop. Folding a GEP into itself means that
1498     // the value of the previous iteration needs to be stored in the meantime,
1499     // thus requiring an additional register variable to be live, but not
1500     // actually achieving anything (the GEP still needs to be executed once per
1501     // loop iteration).
1502     if (Op1 == &GEP)
1503       return nullptr;
1504 
1505     int DI = -1;
1506 
1507     for (auto I = PN->op_begin()+1, E = PN->op_end(); I !=E; ++I) {
1508       auto *Op2 = dyn_cast<GetElementPtrInst>(*I);
1509       if (!Op2 || Op1->getNumOperands() != Op2->getNumOperands())
1510         return nullptr;
1511 
1512       // As for Op1 above, don't try to fold a GEP into itself.
1513       if (Op2 == &GEP)
1514         return nullptr;
1515 
1516       // Keep track of the type as we walk the GEP.
1517       Type *CurTy = nullptr;
1518 
1519       for (unsigned J = 0, F = Op1->getNumOperands(); J != F; ++J) {
1520         if (Op1->getOperand(J)->getType() != Op2->getOperand(J)->getType())
1521           return nullptr;
1522 
1523         if (Op1->getOperand(J) != Op2->getOperand(J)) {
1524           if (DI == -1) {
1525             // We have not seen any differences yet in the GEPs feeding the
1526             // PHI yet, so we record this one if it is allowed to be a
1527             // variable.
1528 
1529             // The first two arguments can vary for any GEP, the rest have to be
1530             // static for struct slots
1531             if (J > 1 && CurTy->isStructTy())
1532               return nullptr;
1533 
1534             DI = J;
1535           } else {
1536             // The GEP is different by more than one input. While this could be
1537             // extended to support GEPs that vary by more than one variable it
1538             // doesn't make sense since it greatly increases the complexity and
1539             // would result in an R+R+R addressing mode which no backend
1540             // directly supports and would need to be broken into several
1541             // simpler instructions anyway.
1542             return nullptr;
1543           }
1544         }
1545 
1546         // Sink down a layer of the type for the next iteration.
1547         if (J > 0) {
1548           if (J == 1) {
1549             CurTy = Op1->getSourceElementType();
1550           } else if (auto *CT = dyn_cast<CompositeType>(CurTy)) {
1551             CurTy = CT->getTypeAtIndex(Op1->getOperand(J));
1552           } else {
1553             CurTy = nullptr;
1554           }
1555         }
1556       }
1557     }
1558 
1559     // If not all GEPs are identical we'll have to create a new PHI node.
1560     // Check that the old PHI node has only one use so that it will get
1561     // removed.
1562     if (DI != -1 && !PN->hasOneUse())
1563       return nullptr;
1564 
1565     auto *NewGEP = cast<GetElementPtrInst>(Op1->clone());
1566     if (DI == -1) {
1567       // All the GEPs feeding the PHI are identical. Clone one down into our
1568       // BB so that it can be merged with the current GEP.
1569       GEP.getParent()->getInstList().insert(
1570           GEP.getParent()->getFirstInsertionPt(), NewGEP);
1571     } else {
1572       // All the GEPs feeding the PHI differ at a single offset. Clone a GEP
1573       // into the current block so it can be merged, and create a new PHI to
1574       // set that index.
1575       PHINode *NewPN;
1576       {
1577         IRBuilderBase::InsertPointGuard Guard(Builder);
1578         Builder.SetInsertPoint(PN);
1579         NewPN = Builder.CreatePHI(Op1->getOperand(DI)->getType(),
1580                                   PN->getNumOperands());
1581       }
1582 
1583       for (auto &I : PN->operands())
1584         NewPN->addIncoming(cast<GEPOperator>(I)->getOperand(DI),
1585                            PN->getIncomingBlock(I));
1586 
1587       NewGEP->setOperand(DI, NewPN);
1588       GEP.getParent()->getInstList().insert(
1589           GEP.getParent()->getFirstInsertionPt(), NewGEP);
1590       NewGEP->setOperand(DI, NewPN);
1591     }
1592 
1593     GEP.setOperand(0, NewGEP);
1594     PtrOp = NewGEP;
1595   }
1596 
1597   // Combine Indices - If the source pointer to this getelementptr instruction
1598   // is a getelementptr instruction, combine the indices of the two
1599   // getelementptr instructions into a single instruction.
1600   if (auto *Src = dyn_cast<GEPOperator>(PtrOp)) {
1601     if (!shouldMergeGEPs(*cast<GEPOperator>(&GEP), *Src))
1602       return nullptr;
1603 
1604     // Try to reassociate loop invariant GEP chains to enable LICM.
1605     if (LI && Src->getNumOperands() == 2 && GEP.getNumOperands() == 2 &&
1606         Src->hasOneUse()) {
1607       if (Loop *L = LI->getLoopFor(GEP.getParent())) {
1608         Value *GO1 = GEP.getOperand(1);
1609         Value *SO1 = Src->getOperand(1);
1610         // Reassociate the two GEPs if SO1 is variant in the loop and GO1 is
1611         // invariant: this breaks the dependence between GEPs and allows LICM
1612         // to hoist the invariant part out of the loop.
1613         if (L->isLoopInvariant(GO1) && !L->isLoopInvariant(SO1)) {
1614           // We have to be careful here.
1615           // We have something like:
1616           //  %src = getelementptr <ty>, <ty>* %base, <ty> %idx
1617           //  %gep = getelementptr <ty>, <ty>* %src, <ty> %idx2
1618           // If we just swap idx & idx2 then we could inadvertantly
1619           // change %src from a vector to a scalar, or vice versa.
1620           // Cases:
1621           //  1) %base a scalar & idx a scalar & idx2 a vector
1622           //      => Swapping idx & idx2 turns %src into a vector type.
1623           //  2) %base a scalar & idx a vector & idx2 a scalar
1624           //      => Swapping idx & idx2 turns %src in a scalar type
1625           //  3) %base, %idx, and %idx2 are scalars
1626           //      => %src & %gep are scalars
1627           //      => swapping idx & idx2 is safe
1628           //  4) %base a vector
1629           //      => %src is a vector
1630           //      => swapping idx & idx2 is safe.
1631           auto *SO0 = Src->getOperand(0);
1632           auto *SO0Ty = SO0->getType();
1633           if (!isa<VectorType>(GEPType) || // case 3
1634               isa<VectorType>(SO0Ty)) {    // case 4
1635             Src->setOperand(1, GO1);
1636             GEP.setOperand(1, SO1);
1637             return &GEP;
1638           } else {
1639             // Case 1 or 2
1640             // -- have to recreate %src & %gep
1641             // put NewSrc at same location as %src
1642             Builder.SetInsertPoint(cast<Instruction>(PtrOp));
1643             auto *NewSrc = cast<GetElementPtrInst>(
1644                 Builder.CreateGEP(SO0, GO1, Src->getName()));
1645             NewSrc->setIsInBounds(Src->isInBounds());
1646             auto *NewGEP = GetElementPtrInst::Create(nullptr, NewSrc, {SO1});
1647             NewGEP->setIsInBounds(GEP.isInBounds());
1648             return NewGEP;
1649           }
1650         }
1651       }
1652     }
1653 
1654     // Note that if our source is a gep chain itself then we wait for that
1655     // chain to be resolved before we perform this transformation.  This
1656     // avoids us creating a TON of code in some cases.
1657     if (auto *SrcGEP = dyn_cast<GEPOperator>(Src->getOperand(0)))
1658       if (SrcGEP->getNumOperands() == 2 && shouldMergeGEPs(*Src, *SrcGEP))
1659         return nullptr;   // Wait until our source is folded to completion.
1660 
1661     SmallVector<Value*, 8> Indices;
1662 
1663     // Find out whether the last index in the source GEP is a sequential idx.
1664     bool EndsWithSequential = false;
1665     for (gep_type_iterator I = gep_type_begin(*Src), E = gep_type_end(*Src);
1666          I != E; ++I)
1667       EndsWithSequential = I.isSequential();
1668 
1669     // Can we combine the two pointer arithmetics offsets?
1670     if (EndsWithSequential) {
1671       // Replace: gep (gep %P, long B), long A, ...
1672       // With:    T = long A+B; gep %P, T, ...
1673       Value *SO1 = Src->getOperand(Src->getNumOperands()-1);
1674       Value *GO1 = GEP.getOperand(1);
1675 
1676       // If they aren't the same type, then the input hasn't been processed
1677       // by the loop above yet (which canonicalizes sequential index types to
1678       // intptr_t).  Just avoid transforming this until the input has been
1679       // normalized.
1680       if (SO1->getType() != GO1->getType())
1681         return nullptr;
1682 
1683       Value *Sum =
1684           SimplifyAddInst(GO1, SO1, false, false, SQ.getWithInstruction(&GEP));
1685       // Only do the combine when we are sure the cost after the
1686       // merge is never more than that before the merge.
1687       if (Sum == nullptr)
1688         return nullptr;
1689 
1690       // Update the GEP in place if possible.
1691       if (Src->getNumOperands() == 2) {
1692         GEP.setOperand(0, Src->getOperand(0));
1693         GEP.setOperand(1, Sum);
1694         return &GEP;
1695       }
1696       Indices.append(Src->op_begin()+1, Src->op_end()-1);
1697       Indices.push_back(Sum);
1698       Indices.append(GEP.op_begin()+2, GEP.op_end());
1699     } else if (isa<Constant>(*GEP.idx_begin()) &&
1700                cast<Constant>(*GEP.idx_begin())->isNullValue() &&
1701                Src->getNumOperands() != 1) {
1702       // Otherwise we can do the fold if the first index of the GEP is a zero
1703       Indices.append(Src->op_begin()+1, Src->op_end());
1704       Indices.append(GEP.idx_begin()+1, GEP.idx_end());
1705     }
1706 
1707     if (!Indices.empty())
1708       return GEP.isInBounds() && Src->isInBounds()
1709                  ? GetElementPtrInst::CreateInBounds(
1710                        Src->getSourceElementType(), Src->getOperand(0), Indices,
1711                        GEP.getName())
1712                  : GetElementPtrInst::Create(Src->getSourceElementType(),
1713                                              Src->getOperand(0), Indices,
1714                                              GEP.getName());
1715   }
1716 
1717   if (GEP.getNumIndices() == 1) {
1718     unsigned AS = GEP.getPointerAddressSpace();
1719     if (GEP.getOperand(1)->getType()->getScalarSizeInBits() ==
1720         DL.getIndexSizeInBits(AS)) {
1721       uint64_t TyAllocSize = DL.getTypeAllocSize(GEPEltType);
1722 
1723       bool Matched = false;
1724       uint64_t C;
1725       Value *V = nullptr;
1726       if (TyAllocSize == 1) {
1727         V = GEP.getOperand(1);
1728         Matched = true;
1729       } else if (match(GEP.getOperand(1),
1730                        m_AShr(m_Value(V), m_ConstantInt(C)))) {
1731         if (TyAllocSize == 1ULL << C)
1732           Matched = true;
1733       } else if (match(GEP.getOperand(1),
1734                        m_SDiv(m_Value(V), m_ConstantInt(C)))) {
1735         if (TyAllocSize == C)
1736           Matched = true;
1737       }
1738 
1739       if (Matched) {
1740         // Canonicalize (gep i8* X, -(ptrtoint Y))
1741         // to (inttoptr (sub (ptrtoint X), (ptrtoint Y)))
1742         // The GEP pattern is emitted by the SCEV expander for certain kinds of
1743         // pointer arithmetic.
1744         if (match(V, m_Neg(m_PtrToInt(m_Value())))) {
1745           Operator *Index = cast<Operator>(V);
1746           Value *PtrToInt = Builder.CreatePtrToInt(PtrOp, Index->getType());
1747           Value *NewSub = Builder.CreateSub(PtrToInt, Index->getOperand(1));
1748           return CastInst::Create(Instruction::IntToPtr, NewSub, GEPType);
1749         }
1750         // Canonicalize (gep i8* X, (ptrtoint Y)-(ptrtoint X))
1751         // to (bitcast Y)
1752         Value *Y;
1753         if (match(V, m_Sub(m_PtrToInt(m_Value(Y)),
1754                            m_PtrToInt(m_Specific(GEP.getOperand(0))))))
1755           return CastInst::CreatePointerBitCastOrAddrSpaceCast(Y, GEPType);
1756       }
1757     }
1758   }
1759 
1760   // We do not handle pointer-vector geps here.
1761   if (GEPType->isVectorTy())
1762     return nullptr;
1763 
1764   // Handle gep(bitcast x) and gep(gep x, 0, 0, 0).
1765   Value *StrippedPtr = PtrOp->stripPointerCasts();
1766   PointerType *StrippedPtrTy = cast<PointerType>(StrippedPtr->getType());
1767 
1768   if (StrippedPtr != PtrOp) {
1769     bool HasZeroPointerIndex = false;
1770     if (auto *C = dyn_cast<ConstantInt>(GEP.getOperand(1)))
1771       HasZeroPointerIndex = C->isZero();
1772 
1773     // Transform: GEP (bitcast [10 x i8]* X to [0 x i8]*), i32 0, ...
1774     // into     : GEP [10 x i8]* X, i32 0, ...
1775     //
1776     // Likewise, transform: GEP (bitcast i8* X to [0 x i8]*), i32 0, ...
1777     //           into     : GEP i8* X, ...
1778     //
1779     // This occurs when the program declares an array extern like "int X[];"
1780     if (HasZeroPointerIndex) {
1781       if (auto *CATy = dyn_cast<ArrayType>(GEPEltType)) {
1782         // GEP (bitcast i8* X to [0 x i8]*), i32 0, ... ?
1783         if (CATy->getElementType() == StrippedPtrTy->getElementType()) {
1784           // -> GEP i8* X, ...
1785           SmallVector<Value*, 8> Idx(GEP.idx_begin()+1, GEP.idx_end());
1786           GetElementPtrInst *Res = GetElementPtrInst::Create(
1787               StrippedPtrTy->getElementType(), StrippedPtr, Idx, GEP.getName());
1788           Res->setIsInBounds(GEP.isInBounds());
1789           if (StrippedPtrTy->getAddressSpace() == GEP.getAddressSpace())
1790             return Res;
1791           // Insert Res, and create an addrspacecast.
1792           // e.g.,
1793           // GEP (addrspacecast i8 addrspace(1)* X to [0 x i8]*), i32 0, ...
1794           // ->
1795           // %0 = GEP i8 addrspace(1)* X, ...
1796           // addrspacecast i8 addrspace(1)* %0 to i8*
1797           return new AddrSpaceCastInst(Builder.Insert(Res), GEPType);
1798         }
1799 
1800         if (auto *XATy = dyn_cast<ArrayType>(StrippedPtrTy->getElementType())) {
1801           // GEP (bitcast [10 x i8]* X to [0 x i8]*), i32 0, ... ?
1802           if (CATy->getElementType() == XATy->getElementType()) {
1803             // -> GEP [10 x i8]* X, i32 0, ...
1804             // At this point, we know that the cast source type is a pointer
1805             // to an array of the same type as the destination pointer
1806             // array.  Because the array type is never stepped over (there
1807             // is a leading zero) we can fold the cast into this GEP.
1808             if (StrippedPtrTy->getAddressSpace() == GEP.getAddressSpace()) {
1809               GEP.setOperand(0, StrippedPtr);
1810               GEP.setSourceElementType(XATy);
1811               return &GEP;
1812             }
1813             // Cannot replace the base pointer directly because StrippedPtr's
1814             // address space is different. Instead, create a new GEP followed by
1815             // an addrspacecast.
1816             // e.g.,
1817             // GEP (addrspacecast [10 x i8] addrspace(1)* X to [0 x i8]*),
1818             //   i32 0, ...
1819             // ->
1820             // %0 = GEP [10 x i8] addrspace(1)* X, ...
1821             // addrspacecast i8 addrspace(1)* %0 to i8*
1822             SmallVector<Value*, 8> Idx(GEP.idx_begin(), GEP.idx_end());
1823             Value *NewGEP = GEP.isInBounds()
1824                                 ? Builder.CreateInBoundsGEP(
1825                                       nullptr, StrippedPtr, Idx, GEP.getName())
1826                                 : Builder.CreateGEP(nullptr, StrippedPtr, Idx,
1827                                                     GEP.getName());
1828             return new AddrSpaceCastInst(NewGEP, GEPType);
1829           }
1830         }
1831       }
1832     } else if (GEP.getNumOperands() == 2) {
1833       // Transform things like:
1834       // %t = getelementptr i32* bitcast ([2 x i32]* %str to i32*), i32 %V
1835       // into:  %t1 = getelementptr [2 x i32]* %str, i32 0, i32 %V; bitcast
1836       Type *SrcEltTy = StrippedPtrTy->getElementType();
1837       if (SrcEltTy->isArrayTy() &&
1838           DL.getTypeAllocSize(SrcEltTy->getArrayElementType()) ==
1839               DL.getTypeAllocSize(GEPEltType)) {
1840         Type *IdxType = DL.getIndexType(GEPType);
1841         Value *Idx[2] = { Constant::getNullValue(IdxType), GEP.getOperand(1) };
1842         Value *NewGEP =
1843             GEP.isInBounds()
1844                 ? Builder.CreateInBoundsGEP(nullptr, StrippedPtr, Idx,
1845                                             GEP.getName())
1846                 : Builder.CreateGEP(nullptr, StrippedPtr, Idx, GEP.getName());
1847 
1848         // V and GEP are both pointer types --> BitCast
1849         return CastInst::CreatePointerBitCastOrAddrSpaceCast(NewGEP, GEPType);
1850       }
1851 
1852       // Transform things like:
1853       // %V = mul i64 %N, 4
1854       // %t = getelementptr i8* bitcast (i32* %arr to i8*), i32 %V
1855       // into:  %t1 = getelementptr i32* %arr, i32 %N; bitcast
1856       if (GEPEltType->isSized() && SrcEltTy->isSized()) {
1857         // Check that changing the type amounts to dividing the index by a scale
1858         // factor.
1859         uint64_t ResSize = DL.getTypeAllocSize(GEPEltType);
1860         uint64_t SrcSize = DL.getTypeAllocSize(SrcEltTy);
1861         if (ResSize && SrcSize % ResSize == 0) {
1862           Value *Idx = GEP.getOperand(1);
1863           unsigned BitWidth = Idx->getType()->getPrimitiveSizeInBits();
1864           uint64_t Scale = SrcSize / ResSize;
1865 
1866           // Earlier transforms ensure that the index has the right type
1867           // according to Data Layout, which considerably simplifies the
1868           // logic by eliminating implicit casts.
1869           assert(Idx->getType() == DL.getIndexType(GEPType) &&
1870                  "Index type does not match the Data Layout preferences");
1871 
1872           bool NSW;
1873           if (Value *NewIdx = Descale(Idx, APInt(BitWidth, Scale), NSW)) {
1874             // Successfully decomposed Idx as NewIdx * Scale, form a new GEP.
1875             // If the multiplication NewIdx * Scale may overflow then the new
1876             // GEP may not be "inbounds".
1877             Value *NewGEP =
1878                 GEP.isInBounds() && NSW
1879                     ? Builder.CreateInBoundsGEP(nullptr, StrippedPtr, NewIdx,
1880                                                 GEP.getName())
1881                     : Builder.CreateGEP(nullptr, StrippedPtr, NewIdx,
1882                                         GEP.getName());
1883 
1884             // The NewGEP must be pointer typed, so must the old one -> BitCast
1885             return CastInst::CreatePointerBitCastOrAddrSpaceCast(NewGEP,
1886                                                                  GEPType);
1887           }
1888         }
1889       }
1890 
1891       // Similarly, transform things like:
1892       // getelementptr i8* bitcast ([100 x double]* X to i8*), i32 %tmp
1893       //   (where tmp = 8*tmp2) into:
1894       // getelementptr [100 x double]* %arr, i32 0, i32 %tmp2; bitcast
1895       if (GEPEltType->isSized() && SrcEltTy->isSized() &&
1896           SrcEltTy->isArrayTy()) {
1897         // Check that changing to the array element type amounts to dividing the
1898         // index by a scale factor.
1899         uint64_t ResSize = DL.getTypeAllocSize(GEPEltType);
1900         uint64_t ArrayEltSize =
1901             DL.getTypeAllocSize(SrcEltTy->getArrayElementType());
1902         if (ResSize && ArrayEltSize % ResSize == 0) {
1903           Value *Idx = GEP.getOperand(1);
1904           unsigned BitWidth = Idx->getType()->getPrimitiveSizeInBits();
1905           uint64_t Scale = ArrayEltSize / ResSize;
1906 
1907           // Earlier transforms ensure that the index has the right type
1908           // according to the Data Layout, which considerably simplifies
1909           // the logic by eliminating implicit casts.
1910           assert(Idx->getType() == DL.getIndexType(GEPType) &&
1911                  "Index type does not match the Data Layout preferences");
1912 
1913           bool NSW;
1914           if (Value *NewIdx = Descale(Idx, APInt(BitWidth, Scale), NSW)) {
1915             // Successfully decomposed Idx as NewIdx * Scale, form a new GEP.
1916             // If the multiplication NewIdx * Scale may overflow then the new
1917             // GEP may not be "inbounds".
1918             Type *IndTy = DL.getIndexType(GEPType);
1919             Value *Off[2] = {Constant::getNullValue(IndTy), NewIdx};
1920 
1921             Value *NewGEP = GEP.isInBounds() && NSW
1922                                 ? Builder.CreateInBoundsGEP(
1923                                       SrcEltTy, StrippedPtr, Off, GEP.getName())
1924                                 : Builder.CreateGEP(SrcEltTy, StrippedPtr, Off,
1925                                                     GEP.getName());
1926             // The NewGEP must be pointer typed, so must the old one -> BitCast
1927             return CastInst::CreatePointerBitCastOrAddrSpaceCast(NewGEP,
1928                                                                  GEPType);
1929           }
1930         }
1931       }
1932     }
1933   }
1934 
1935   // addrspacecast between types is canonicalized as a bitcast, then an
1936   // addrspacecast. To take advantage of the below bitcast + struct GEP, look
1937   // through the addrspacecast.
1938   Value *ASCStrippedPtrOp = PtrOp;
1939   if (auto *ASC = dyn_cast<AddrSpaceCastInst>(PtrOp)) {
1940     //   X = bitcast A addrspace(1)* to B addrspace(1)*
1941     //   Y = addrspacecast A addrspace(1)* to B addrspace(2)*
1942     //   Z = gep Y, <...constant indices...>
1943     // Into an addrspacecasted GEP of the struct.
1944     if (auto *BC = dyn_cast<BitCastInst>(ASC->getOperand(0)))
1945       ASCStrippedPtrOp = BC;
1946   }
1947 
1948   if (auto *BCI = dyn_cast<BitCastInst>(ASCStrippedPtrOp)) {
1949     Value *SrcOp = BCI->getOperand(0);
1950     PointerType *SrcType = cast<PointerType>(BCI->getSrcTy());
1951     Type *SrcEltType = SrcType->getElementType();
1952 
1953     // GEP directly using the source operand if this GEP is accessing an element
1954     // of a bitcasted pointer to vector or array of the same dimensions:
1955     // gep (bitcast <c x ty>* X to [c x ty]*), Y, Z --> gep X, Y, Z
1956     // gep (bitcast [c x ty]* X to <c x ty>*), Y, Z --> gep X, Y, Z
1957     auto areMatchingArrayAndVecTypes = [](Type *ArrTy, Type *VecTy) {
1958       return ArrTy->getArrayElementType() == VecTy->getVectorElementType() &&
1959              ArrTy->getArrayNumElements() == VecTy->getVectorNumElements();
1960     };
1961     if (GEP.getNumOperands() == 3 &&
1962         ((GEPEltType->isArrayTy() && SrcEltType->isVectorTy() &&
1963           areMatchingArrayAndVecTypes(GEPEltType, SrcEltType)) ||
1964          (GEPEltType->isVectorTy() && SrcEltType->isArrayTy() &&
1965           areMatchingArrayAndVecTypes(SrcEltType, GEPEltType)))) {
1966       GEP.setOperand(0, SrcOp);
1967       GEP.setSourceElementType(SrcEltType);
1968       return &GEP;
1969     }
1970 
1971     // See if we can simplify:
1972     //   X = bitcast A* to B*
1973     //   Y = gep X, <...constant indices...>
1974     // into a gep of the original struct. This is important for SROA and alias
1975     // analysis of unions. If "A" is also a bitcast, wait for A/X to be merged.
1976     unsigned OffsetBits = DL.getIndexTypeSizeInBits(GEPType);
1977     APInt Offset(OffsetBits, 0);
1978     if (!isa<BitCastInst>(SrcOp) && GEP.accumulateConstantOffset(DL, Offset)) {
1979       // If this GEP instruction doesn't move the pointer, just replace the GEP
1980       // with a bitcast of the real input to the dest type.
1981       if (!Offset) {
1982         // If the bitcast is of an allocation, and the allocation will be
1983         // converted to match the type of the cast, don't touch this.
1984         if (isa<AllocaInst>(SrcOp) || isAllocationFn(SrcOp, &TLI)) {
1985           // See if the bitcast simplifies, if so, don't nuke this GEP yet.
1986           if (Instruction *I = visitBitCast(*BCI)) {
1987             if (I != BCI) {
1988               I->takeName(BCI);
1989               BCI->getParent()->getInstList().insert(BCI->getIterator(), I);
1990               replaceInstUsesWith(*BCI, I);
1991             }
1992             return &GEP;
1993           }
1994         }
1995 
1996         if (SrcType->getPointerAddressSpace() != GEP.getAddressSpace())
1997           return new AddrSpaceCastInst(SrcOp, GEPType);
1998         return new BitCastInst(SrcOp, GEPType);
1999       }
2000 
2001       // Otherwise, if the offset is non-zero, we need to find out if there is a
2002       // field at Offset in 'A's type.  If so, we can pull the cast through the
2003       // GEP.
2004       SmallVector<Value*, 8> NewIndices;
2005       if (FindElementAtOffset(SrcType, Offset.getSExtValue(), NewIndices)) {
2006         Value *NGEP =
2007             GEP.isInBounds()
2008                 ? Builder.CreateInBoundsGEP(nullptr, SrcOp, NewIndices)
2009                 : Builder.CreateGEP(nullptr, SrcOp, NewIndices);
2010 
2011         if (NGEP->getType() == GEPType)
2012           return replaceInstUsesWith(GEP, NGEP);
2013         NGEP->takeName(&GEP);
2014 
2015         if (NGEP->getType()->getPointerAddressSpace() != GEP.getAddressSpace())
2016           return new AddrSpaceCastInst(NGEP, GEPType);
2017         return new BitCastInst(NGEP, GEPType);
2018       }
2019     }
2020   }
2021 
2022   if (!GEP.isInBounds()) {
2023     unsigned IdxWidth =
2024         DL.getIndexSizeInBits(PtrOp->getType()->getPointerAddressSpace());
2025     APInt BasePtrOffset(IdxWidth, 0);
2026     Value *UnderlyingPtrOp =
2027             PtrOp->stripAndAccumulateInBoundsConstantOffsets(DL,
2028                                                              BasePtrOffset);
2029     if (auto *AI = dyn_cast<AllocaInst>(UnderlyingPtrOp)) {
2030       if (GEP.accumulateConstantOffset(DL, BasePtrOffset) &&
2031           BasePtrOffset.isNonNegative()) {
2032         APInt AllocSize(IdxWidth, DL.getTypeAllocSize(AI->getAllocatedType()));
2033         if (BasePtrOffset.ule(AllocSize)) {
2034           return GetElementPtrInst::CreateInBounds(
2035               PtrOp, makeArrayRef(Ops).slice(1), GEP.getName());
2036         }
2037       }
2038     }
2039   }
2040 
2041   return nullptr;
2042 }
2043 
isNeverEqualToUnescapedAlloc(Value * V,const TargetLibraryInfo * TLI,Instruction * AI)2044 static bool isNeverEqualToUnescapedAlloc(Value *V, const TargetLibraryInfo *TLI,
2045                                          Instruction *AI) {
2046   if (isa<ConstantPointerNull>(V))
2047     return true;
2048   if (auto *LI = dyn_cast<LoadInst>(V))
2049     return isa<GlobalVariable>(LI->getPointerOperand());
2050   // Two distinct allocations will never be equal.
2051   // We rely on LookThroughBitCast in isAllocLikeFn being false, since looking
2052   // through bitcasts of V can cause
2053   // the result statement below to be true, even when AI and V (ex:
2054   // i8* ->i32* ->i8* of AI) are the same allocations.
2055   return isAllocLikeFn(V, TLI) && V != AI;
2056 }
2057 
isAllocSiteRemovable(Instruction * AI,SmallVectorImpl<WeakTrackingVH> & Users,const TargetLibraryInfo * TLI)2058 static bool isAllocSiteRemovable(Instruction *AI,
2059                                  SmallVectorImpl<WeakTrackingVH> &Users,
2060                                  const TargetLibraryInfo *TLI) {
2061   SmallVector<Instruction*, 4> Worklist;
2062   Worklist.push_back(AI);
2063 
2064   do {
2065     Instruction *PI = Worklist.pop_back_val();
2066     for (User *U : PI->users()) {
2067       Instruction *I = cast<Instruction>(U);
2068       switch (I->getOpcode()) {
2069       default:
2070         // Give up the moment we see something we can't handle.
2071         return false;
2072 
2073       case Instruction::AddrSpaceCast:
2074       case Instruction::BitCast:
2075       case Instruction::GetElementPtr:
2076         Users.emplace_back(I);
2077         Worklist.push_back(I);
2078         continue;
2079 
2080       case Instruction::ICmp: {
2081         ICmpInst *ICI = cast<ICmpInst>(I);
2082         // We can fold eq/ne comparisons with null to false/true, respectively.
2083         // We also fold comparisons in some conditions provided the alloc has
2084         // not escaped (see isNeverEqualToUnescapedAlloc).
2085         if (!ICI->isEquality())
2086           return false;
2087         unsigned OtherIndex = (ICI->getOperand(0) == PI) ? 1 : 0;
2088         if (!isNeverEqualToUnescapedAlloc(ICI->getOperand(OtherIndex), TLI, AI))
2089           return false;
2090         Users.emplace_back(I);
2091         continue;
2092       }
2093 
2094       case Instruction::Call:
2095         // Ignore no-op and store intrinsics.
2096         if (IntrinsicInst *II = dyn_cast<IntrinsicInst>(I)) {
2097           switch (II->getIntrinsicID()) {
2098           default:
2099             return false;
2100 
2101           case Intrinsic::memmove:
2102           case Intrinsic::memcpy:
2103           case Intrinsic::memset: {
2104             MemIntrinsic *MI = cast<MemIntrinsic>(II);
2105             if (MI->isVolatile() || MI->getRawDest() != PI)
2106               return false;
2107             LLVM_FALLTHROUGH;
2108           }
2109           case Intrinsic::invariant_start:
2110           case Intrinsic::invariant_end:
2111           case Intrinsic::lifetime_start:
2112           case Intrinsic::lifetime_end:
2113           case Intrinsic::objectsize:
2114             Users.emplace_back(I);
2115             continue;
2116           }
2117         }
2118 
2119         if (isFreeCall(I, TLI)) {
2120           Users.emplace_back(I);
2121           continue;
2122         }
2123         return false;
2124 
2125       case Instruction::Store: {
2126         StoreInst *SI = cast<StoreInst>(I);
2127         if (SI->isVolatile() || SI->getPointerOperand() != PI)
2128           return false;
2129         Users.emplace_back(I);
2130         continue;
2131       }
2132       }
2133       llvm_unreachable("missing a return?");
2134     }
2135   } while (!Worklist.empty());
2136   return true;
2137 }
2138 
visitAllocSite(Instruction & MI)2139 Instruction *InstCombiner::visitAllocSite(Instruction &MI) {
2140   // If we have a malloc call which is only used in any amount of comparisons
2141   // to null and free calls, delete the calls and replace the comparisons with
2142   // true or false as appropriate.
2143   SmallVector<WeakTrackingVH, 64> Users;
2144 
2145   // If we are removing an alloca with a dbg.declare, insert dbg.value calls
2146   // before each store.
2147   TinyPtrVector<DbgInfoIntrinsic *> DIIs;
2148   std::unique_ptr<DIBuilder> DIB;
2149   if (isa<AllocaInst>(MI)) {
2150     DIIs = FindDbgAddrUses(&MI);
2151     DIB.reset(new DIBuilder(*MI.getModule(), /*AllowUnresolved=*/false));
2152   }
2153 
2154   if (isAllocSiteRemovable(&MI, Users, &TLI)) {
2155     for (unsigned i = 0, e = Users.size(); i != e; ++i) {
2156       // Lowering all @llvm.objectsize calls first because they may
2157       // use a bitcast/GEP of the alloca we are removing.
2158       if (!Users[i])
2159        continue;
2160 
2161       Instruction *I = cast<Instruction>(&*Users[i]);
2162 
2163       if (IntrinsicInst *II = dyn_cast<IntrinsicInst>(I)) {
2164         if (II->getIntrinsicID() == Intrinsic::objectsize) {
2165           ConstantInt *Result = lowerObjectSizeCall(II, DL, &TLI,
2166                                                     /*MustSucceed=*/true);
2167           replaceInstUsesWith(*I, Result);
2168           eraseInstFromFunction(*I);
2169           Users[i] = nullptr; // Skip examining in the next loop.
2170         }
2171       }
2172     }
2173     for (unsigned i = 0, e = Users.size(); i != e; ++i) {
2174       if (!Users[i])
2175         continue;
2176 
2177       Instruction *I = cast<Instruction>(&*Users[i]);
2178 
2179       if (ICmpInst *C = dyn_cast<ICmpInst>(I)) {
2180         replaceInstUsesWith(*C,
2181                             ConstantInt::get(Type::getInt1Ty(C->getContext()),
2182                                              C->isFalseWhenEqual()));
2183       } else if (isa<BitCastInst>(I) || isa<GetElementPtrInst>(I) ||
2184                  isa<AddrSpaceCastInst>(I)) {
2185         replaceInstUsesWith(*I, UndefValue::get(I->getType()));
2186       } else if (auto *SI = dyn_cast<StoreInst>(I)) {
2187         for (auto *DII : DIIs)
2188           ConvertDebugDeclareToDebugValue(DII, SI, *DIB);
2189       }
2190       eraseInstFromFunction(*I);
2191     }
2192 
2193     if (InvokeInst *II = dyn_cast<InvokeInst>(&MI)) {
2194       // Replace invoke with a NOP intrinsic to maintain the original CFG
2195       Module *M = II->getModule();
2196       Function *F = Intrinsic::getDeclaration(M, Intrinsic::donothing);
2197       InvokeInst::Create(F, II->getNormalDest(), II->getUnwindDest(),
2198                          None, "", II->getParent());
2199     }
2200 
2201     for (auto *DII : DIIs)
2202       eraseInstFromFunction(*DII);
2203 
2204     return eraseInstFromFunction(MI);
2205   }
2206   return nullptr;
2207 }
2208 
2209 /// Move the call to free before a NULL test.
2210 ///
2211 /// Check if this free is accessed after its argument has been test
2212 /// against NULL (property 0).
2213 /// If yes, it is legal to move this call in its predecessor block.
2214 ///
2215 /// The move is performed only if the block containing the call to free
2216 /// will be removed, i.e.:
2217 /// 1. it has only one predecessor P, and P has two successors
2218 /// 2. it contains the call and an unconditional branch
2219 /// 3. its successor is the same as its predecessor's successor
2220 ///
2221 /// The profitability is out-of concern here and this function should
2222 /// be called only if the caller knows this transformation would be
2223 /// profitable (e.g., for code size).
2224 static Instruction *
tryToMoveFreeBeforeNullTest(CallInst & FI)2225 tryToMoveFreeBeforeNullTest(CallInst &FI) {
2226   Value *Op = FI.getArgOperand(0);
2227   BasicBlock *FreeInstrBB = FI.getParent();
2228   BasicBlock *PredBB = FreeInstrBB->getSinglePredecessor();
2229 
2230   // Validate part of constraint #1: Only one predecessor
2231   // FIXME: We can extend the number of predecessor, but in that case, we
2232   //        would duplicate the call to free in each predecessor and it may
2233   //        not be profitable even for code size.
2234   if (!PredBB)
2235     return nullptr;
2236 
2237   // Validate constraint #2: Does this block contains only the call to
2238   //                         free and an unconditional branch?
2239   // FIXME: We could check if we can speculate everything in the
2240   //        predecessor block
2241   if (FreeInstrBB->size() != 2)
2242     return nullptr;
2243   BasicBlock *SuccBB;
2244   if (!match(FreeInstrBB->getTerminator(), m_UnconditionalBr(SuccBB)))
2245     return nullptr;
2246 
2247   // Validate the rest of constraint #1 by matching on the pred branch.
2248   TerminatorInst *TI = PredBB->getTerminator();
2249   BasicBlock *TrueBB, *FalseBB;
2250   ICmpInst::Predicate Pred;
2251   if (!match(TI, m_Br(m_ICmp(Pred, m_Specific(Op), m_Zero()), TrueBB, FalseBB)))
2252     return nullptr;
2253   if (Pred != ICmpInst::ICMP_EQ && Pred != ICmpInst::ICMP_NE)
2254     return nullptr;
2255 
2256   // Validate constraint #3: Ensure the null case just falls through.
2257   if (SuccBB != (Pred == ICmpInst::ICMP_EQ ? TrueBB : FalseBB))
2258     return nullptr;
2259   assert(FreeInstrBB == (Pred == ICmpInst::ICMP_EQ ? FalseBB : TrueBB) &&
2260          "Broken CFG: missing edge from predecessor to successor");
2261 
2262   FI.moveBefore(TI);
2263   return &FI;
2264 }
2265 
visitFree(CallInst & FI)2266 Instruction *InstCombiner::visitFree(CallInst &FI) {
2267   Value *Op = FI.getArgOperand(0);
2268 
2269   // free undef -> unreachable.
2270   if (isa<UndefValue>(Op)) {
2271     // Insert a new store to null because we cannot modify the CFG here.
2272     Builder.CreateStore(ConstantInt::getTrue(FI.getContext()),
2273                         UndefValue::get(Type::getInt1PtrTy(FI.getContext())));
2274     return eraseInstFromFunction(FI);
2275   }
2276 
2277   // If we have 'free null' delete the instruction.  This can happen in stl code
2278   // when lots of inlining happens.
2279   if (isa<ConstantPointerNull>(Op))
2280     return eraseInstFromFunction(FI);
2281 
2282   // If we optimize for code size, try to move the call to free before the null
2283   // test so that simplify cfg can remove the empty block and dead code
2284   // elimination the branch. I.e., helps to turn something like:
2285   // if (foo) free(foo);
2286   // into
2287   // free(foo);
2288   if (MinimizeSize)
2289     if (Instruction *I = tryToMoveFreeBeforeNullTest(FI))
2290       return I;
2291 
2292   return nullptr;
2293 }
2294 
visitReturnInst(ReturnInst & RI)2295 Instruction *InstCombiner::visitReturnInst(ReturnInst &RI) {
2296   if (RI.getNumOperands() == 0) // ret void
2297     return nullptr;
2298 
2299   Value *ResultOp = RI.getOperand(0);
2300   Type *VTy = ResultOp->getType();
2301   if (!VTy->isIntegerTy())
2302     return nullptr;
2303 
2304   // There might be assume intrinsics dominating this return that completely
2305   // determine the value. If so, constant fold it.
2306   KnownBits Known = computeKnownBits(ResultOp, 0, &RI);
2307   if (Known.isConstant())
2308     RI.setOperand(0, Constant::getIntegerValue(VTy, Known.getConstant()));
2309 
2310   return nullptr;
2311 }
2312 
visitBranchInst(BranchInst & BI)2313 Instruction *InstCombiner::visitBranchInst(BranchInst &BI) {
2314   // Change br (not X), label True, label False to: br X, label False, True
2315   Value *X = nullptr;
2316   BasicBlock *TrueDest;
2317   BasicBlock *FalseDest;
2318   if (match(&BI, m_Br(m_Not(m_Value(X)), TrueDest, FalseDest)) &&
2319       !isa<Constant>(X)) {
2320     // Swap Destinations and condition...
2321     BI.setCondition(X);
2322     BI.swapSuccessors();
2323     return &BI;
2324   }
2325 
2326   // If the condition is irrelevant, remove the use so that other
2327   // transforms on the condition become more effective.
2328   if (BI.isConditional() && !isa<ConstantInt>(BI.getCondition()) &&
2329       BI.getSuccessor(0) == BI.getSuccessor(1)) {
2330     BI.setCondition(ConstantInt::getFalse(BI.getCondition()->getType()));
2331     return &BI;
2332   }
2333 
2334   // Canonicalize, for example, icmp_ne -> icmp_eq or fcmp_one -> fcmp_oeq.
2335   CmpInst::Predicate Pred;
2336   if (match(&BI, m_Br(m_OneUse(m_Cmp(Pred, m_Value(), m_Value())), TrueDest,
2337                       FalseDest)) &&
2338       !isCanonicalPredicate(Pred)) {
2339     // Swap destinations and condition.
2340     CmpInst *Cond = cast<CmpInst>(BI.getCondition());
2341     Cond->setPredicate(CmpInst::getInversePredicate(Pred));
2342     BI.swapSuccessors();
2343     Worklist.Add(Cond);
2344     return &BI;
2345   }
2346 
2347   return nullptr;
2348 }
2349 
visitSwitchInst(SwitchInst & SI)2350 Instruction *InstCombiner::visitSwitchInst(SwitchInst &SI) {
2351   Value *Cond = SI.getCondition();
2352   Value *Op0;
2353   ConstantInt *AddRHS;
2354   if (match(Cond, m_Add(m_Value(Op0), m_ConstantInt(AddRHS)))) {
2355     // Change 'switch (X+4) case 1:' into 'switch (X) case -3'.
2356     for (auto Case : SI.cases()) {
2357       Constant *NewCase = ConstantExpr::getSub(Case.getCaseValue(), AddRHS);
2358       assert(isa<ConstantInt>(NewCase) &&
2359              "Result of expression should be constant");
2360       Case.setValue(cast<ConstantInt>(NewCase));
2361     }
2362     SI.setCondition(Op0);
2363     return &SI;
2364   }
2365 
2366   KnownBits Known = computeKnownBits(Cond, 0, &SI);
2367   unsigned LeadingKnownZeros = Known.countMinLeadingZeros();
2368   unsigned LeadingKnownOnes = Known.countMinLeadingOnes();
2369 
2370   // Compute the number of leading bits we can ignore.
2371   // TODO: A better way to determine this would use ComputeNumSignBits().
2372   for (auto &C : SI.cases()) {
2373     LeadingKnownZeros = std::min(
2374         LeadingKnownZeros, C.getCaseValue()->getValue().countLeadingZeros());
2375     LeadingKnownOnes = std::min(
2376         LeadingKnownOnes, C.getCaseValue()->getValue().countLeadingOnes());
2377   }
2378 
2379   unsigned NewWidth = Known.getBitWidth() - std::max(LeadingKnownZeros, LeadingKnownOnes);
2380 
2381   // Shrink the condition operand if the new type is smaller than the old type.
2382   // This may produce a non-standard type for the switch, but that's ok because
2383   // the backend should extend back to a legal type for the target.
2384   if (NewWidth > 0 && NewWidth < Known.getBitWidth()) {
2385     IntegerType *Ty = IntegerType::get(SI.getContext(), NewWidth);
2386     Builder.SetInsertPoint(&SI);
2387     Value *NewCond = Builder.CreateTrunc(Cond, Ty, "trunc");
2388     SI.setCondition(NewCond);
2389 
2390     for (auto Case : SI.cases()) {
2391       APInt TruncatedCase = Case.getCaseValue()->getValue().trunc(NewWidth);
2392       Case.setValue(ConstantInt::get(SI.getContext(), TruncatedCase));
2393     }
2394     return &SI;
2395   }
2396 
2397   return nullptr;
2398 }
2399 
visitExtractValueInst(ExtractValueInst & EV)2400 Instruction *InstCombiner::visitExtractValueInst(ExtractValueInst &EV) {
2401   Value *Agg = EV.getAggregateOperand();
2402 
2403   if (!EV.hasIndices())
2404     return replaceInstUsesWith(EV, Agg);
2405 
2406   if (Value *V = SimplifyExtractValueInst(Agg, EV.getIndices(),
2407                                           SQ.getWithInstruction(&EV)))
2408     return replaceInstUsesWith(EV, V);
2409 
2410   if (InsertValueInst *IV = dyn_cast<InsertValueInst>(Agg)) {
2411     // We're extracting from an insertvalue instruction, compare the indices
2412     const unsigned *exti, *exte, *insi, *inse;
2413     for (exti = EV.idx_begin(), insi = IV->idx_begin(),
2414          exte = EV.idx_end(), inse = IV->idx_end();
2415          exti != exte && insi != inse;
2416          ++exti, ++insi) {
2417       if (*insi != *exti)
2418         // The insert and extract both reference distinctly different elements.
2419         // This means the extract is not influenced by the insert, and we can
2420         // replace the aggregate operand of the extract with the aggregate
2421         // operand of the insert. i.e., replace
2422         // %I = insertvalue { i32, { i32 } } %A, { i32 } { i32 42 }, 1
2423         // %E = extractvalue { i32, { i32 } } %I, 0
2424         // with
2425         // %E = extractvalue { i32, { i32 } } %A, 0
2426         return ExtractValueInst::Create(IV->getAggregateOperand(),
2427                                         EV.getIndices());
2428     }
2429     if (exti == exte && insi == inse)
2430       // Both iterators are at the end: Index lists are identical. Replace
2431       // %B = insertvalue { i32, { i32 } } %A, i32 42, 1, 0
2432       // %C = extractvalue { i32, { i32 } } %B, 1, 0
2433       // with "i32 42"
2434       return replaceInstUsesWith(EV, IV->getInsertedValueOperand());
2435     if (exti == exte) {
2436       // The extract list is a prefix of the insert list. i.e. replace
2437       // %I = insertvalue { i32, { i32 } } %A, i32 42, 1, 0
2438       // %E = extractvalue { i32, { i32 } } %I, 1
2439       // with
2440       // %X = extractvalue { i32, { i32 } } %A, 1
2441       // %E = insertvalue { i32 } %X, i32 42, 0
2442       // by switching the order of the insert and extract (though the
2443       // insertvalue should be left in, since it may have other uses).
2444       Value *NewEV = Builder.CreateExtractValue(IV->getAggregateOperand(),
2445                                                 EV.getIndices());
2446       return InsertValueInst::Create(NewEV, IV->getInsertedValueOperand(),
2447                                      makeArrayRef(insi, inse));
2448     }
2449     if (insi == inse)
2450       // The insert list is a prefix of the extract list
2451       // We can simply remove the common indices from the extract and make it
2452       // operate on the inserted value instead of the insertvalue result.
2453       // i.e., replace
2454       // %I = insertvalue { i32, { i32 } } %A, { i32 } { i32 42 }, 1
2455       // %E = extractvalue { i32, { i32 } } %I, 1, 0
2456       // with
2457       // %E extractvalue { i32 } { i32 42 }, 0
2458       return ExtractValueInst::Create(IV->getInsertedValueOperand(),
2459                                       makeArrayRef(exti, exte));
2460   }
2461   if (IntrinsicInst *II = dyn_cast<IntrinsicInst>(Agg)) {
2462     // We're extracting from an intrinsic, see if we're the only user, which
2463     // allows us to simplify multiple result intrinsics to simpler things that
2464     // just get one value.
2465     if (II->hasOneUse()) {
2466       // Check if we're grabbing the overflow bit or the result of a 'with
2467       // overflow' intrinsic.  If it's the latter we can remove the intrinsic
2468       // and replace it with a traditional binary instruction.
2469       switch (II->getIntrinsicID()) {
2470       case Intrinsic::uadd_with_overflow:
2471       case Intrinsic::sadd_with_overflow:
2472         if (*EV.idx_begin() == 0) {  // Normal result.
2473           Value *LHS = II->getArgOperand(0), *RHS = II->getArgOperand(1);
2474           replaceInstUsesWith(*II, UndefValue::get(II->getType()));
2475           eraseInstFromFunction(*II);
2476           return BinaryOperator::CreateAdd(LHS, RHS);
2477         }
2478 
2479         // If the normal result of the add is dead, and the RHS is a constant,
2480         // we can transform this into a range comparison.
2481         // overflow = uadd a, -4  -->  overflow = icmp ugt a, 3
2482         if (II->getIntrinsicID() == Intrinsic::uadd_with_overflow)
2483           if (ConstantInt *CI = dyn_cast<ConstantInt>(II->getArgOperand(1)))
2484             return new ICmpInst(ICmpInst::ICMP_UGT, II->getArgOperand(0),
2485                                 ConstantExpr::getNot(CI));
2486         break;
2487       case Intrinsic::usub_with_overflow:
2488       case Intrinsic::ssub_with_overflow:
2489         if (*EV.idx_begin() == 0) {  // Normal result.
2490           Value *LHS = II->getArgOperand(0), *RHS = II->getArgOperand(1);
2491           replaceInstUsesWith(*II, UndefValue::get(II->getType()));
2492           eraseInstFromFunction(*II);
2493           return BinaryOperator::CreateSub(LHS, RHS);
2494         }
2495         break;
2496       case Intrinsic::umul_with_overflow:
2497       case Intrinsic::smul_with_overflow:
2498         if (*EV.idx_begin() == 0) {  // Normal result.
2499           Value *LHS = II->getArgOperand(0), *RHS = II->getArgOperand(1);
2500           replaceInstUsesWith(*II, UndefValue::get(II->getType()));
2501           eraseInstFromFunction(*II);
2502           return BinaryOperator::CreateMul(LHS, RHS);
2503         }
2504         break;
2505       default:
2506         break;
2507       }
2508     }
2509   }
2510   if (LoadInst *L = dyn_cast<LoadInst>(Agg))
2511     // If the (non-volatile) load only has one use, we can rewrite this to a
2512     // load from a GEP. This reduces the size of the load. If a load is used
2513     // only by extractvalue instructions then this either must have been
2514     // optimized before, or it is a struct with padding, in which case we
2515     // don't want to do the transformation as it loses padding knowledge.
2516     if (L->isSimple() && L->hasOneUse()) {
2517       // extractvalue has integer indices, getelementptr has Value*s. Convert.
2518       SmallVector<Value*, 4> Indices;
2519       // Prefix an i32 0 since we need the first element.
2520       Indices.push_back(Builder.getInt32(0));
2521       for (ExtractValueInst::idx_iterator I = EV.idx_begin(), E = EV.idx_end();
2522             I != E; ++I)
2523         Indices.push_back(Builder.getInt32(*I));
2524 
2525       // We need to insert these at the location of the old load, not at that of
2526       // the extractvalue.
2527       Builder.SetInsertPoint(L);
2528       Value *GEP = Builder.CreateInBoundsGEP(L->getType(),
2529                                              L->getPointerOperand(), Indices);
2530       Instruction *NL = Builder.CreateLoad(GEP);
2531       // Whatever aliasing information we had for the orignal load must also
2532       // hold for the smaller load, so propagate the annotations.
2533       AAMDNodes Nodes;
2534       L->getAAMetadata(Nodes);
2535       NL->setAAMetadata(Nodes);
2536       // Returning the load directly will cause the main loop to insert it in
2537       // the wrong spot, so use replaceInstUsesWith().
2538       return replaceInstUsesWith(EV, NL);
2539     }
2540   // We could simplify extracts from other values. Note that nested extracts may
2541   // already be simplified implicitly by the above: extract (extract (insert) )
2542   // will be translated into extract ( insert ( extract ) ) first and then just
2543   // the value inserted, if appropriate. Similarly for extracts from single-use
2544   // loads: extract (extract (load)) will be translated to extract (load (gep))
2545   // and if again single-use then via load (gep (gep)) to load (gep).
2546   // However, double extracts from e.g. function arguments or return values
2547   // aren't handled yet.
2548   return nullptr;
2549 }
2550 
2551 /// Return 'true' if the given typeinfo will match anything.
isCatchAll(EHPersonality Personality,Constant * TypeInfo)2552 static bool isCatchAll(EHPersonality Personality, Constant *TypeInfo) {
2553   switch (Personality) {
2554   case EHPersonality::GNU_C:
2555   case EHPersonality::GNU_C_SjLj:
2556   case EHPersonality::Rust:
2557     // The GCC C EH and Rust personality only exists to support cleanups, so
2558     // it's not clear what the semantics of catch clauses are.
2559     return false;
2560   case EHPersonality::Unknown:
2561     return false;
2562   case EHPersonality::GNU_Ada:
2563     // While __gnat_all_others_value will match any Ada exception, it doesn't
2564     // match foreign exceptions (or didn't, before gcc-4.7).
2565     return false;
2566   case EHPersonality::GNU_CXX:
2567   case EHPersonality::GNU_CXX_SjLj:
2568   case EHPersonality::GNU_ObjC:
2569   case EHPersonality::MSVC_X86SEH:
2570   case EHPersonality::MSVC_Win64SEH:
2571   case EHPersonality::MSVC_CXX:
2572   case EHPersonality::CoreCLR:
2573   case EHPersonality::Wasm_CXX:
2574     return TypeInfo->isNullValue();
2575   }
2576   llvm_unreachable("invalid enum");
2577 }
2578 
shorter_filter(const Value * LHS,const Value * RHS)2579 static bool shorter_filter(const Value *LHS, const Value *RHS) {
2580   return
2581     cast<ArrayType>(LHS->getType())->getNumElements()
2582   <
2583     cast<ArrayType>(RHS->getType())->getNumElements();
2584 }
2585 
visitLandingPadInst(LandingPadInst & LI)2586 Instruction *InstCombiner::visitLandingPadInst(LandingPadInst &LI) {
2587   // The logic here should be correct for any real-world personality function.
2588   // However if that turns out not to be true, the offending logic can always
2589   // be conditioned on the personality function, like the catch-all logic is.
2590   EHPersonality Personality =
2591       classifyEHPersonality(LI.getParent()->getParent()->getPersonalityFn());
2592 
2593   // Simplify the list of clauses, eg by removing repeated catch clauses
2594   // (these are often created by inlining).
2595   bool MakeNewInstruction = false; // If true, recreate using the following:
2596   SmallVector<Constant *, 16> NewClauses; // - Clauses for the new instruction;
2597   bool CleanupFlag = LI.isCleanup();   // - The new instruction is a cleanup.
2598 
2599   SmallPtrSet<Value *, 16> AlreadyCaught; // Typeinfos known caught already.
2600   for (unsigned i = 0, e = LI.getNumClauses(); i != e; ++i) {
2601     bool isLastClause = i + 1 == e;
2602     if (LI.isCatch(i)) {
2603       // A catch clause.
2604       Constant *CatchClause = LI.getClause(i);
2605       Constant *TypeInfo = CatchClause->stripPointerCasts();
2606 
2607       // If we already saw this clause, there is no point in having a second
2608       // copy of it.
2609       if (AlreadyCaught.insert(TypeInfo).second) {
2610         // This catch clause was not already seen.
2611         NewClauses.push_back(CatchClause);
2612       } else {
2613         // Repeated catch clause - drop the redundant copy.
2614         MakeNewInstruction = true;
2615       }
2616 
2617       // If this is a catch-all then there is no point in keeping any following
2618       // clauses or marking the landingpad as having a cleanup.
2619       if (isCatchAll(Personality, TypeInfo)) {
2620         if (!isLastClause)
2621           MakeNewInstruction = true;
2622         CleanupFlag = false;
2623         break;
2624       }
2625     } else {
2626       // A filter clause.  If any of the filter elements were already caught
2627       // then they can be dropped from the filter.  It is tempting to try to
2628       // exploit the filter further by saying that any typeinfo that does not
2629       // occur in the filter can't be caught later (and thus can be dropped).
2630       // However this would be wrong, since typeinfos can match without being
2631       // equal (for example if one represents a C++ class, and the other some
2632       // class derived from it).
2633       assert(LI.isFilter(i) && "Unsupported landingpad clause!");
2634       Constant *FilterClause = LI.getClause(i);
2635       ArrayType *FilterType = cast<ArrayType>(FilterClause->getType());
2636       unsigned NumTypeInfos = FilterType->getNumElements();
2637 
2638       // An empty filter catches everything, so there is no point in keeping any
2639       // following clauses or marking the landingpad as having a cleanup.  By
2640       // dealing with this case here the following code is made a bit simpler.
2641       if (!NumTypeInfos) {
2642         NewClauses.push_back(FilterClause);
2643         if (!isLastClause)
2644           MakeNewInstruction = true;
2645         CleanupFlag = false;
2646         break;
2647       }
2648 
2649       bool MakeNewFilter = false; // If true, make a new filter.
2650       SmallVector<Constant *, 16> NewFilterElts; // New elements.
2651       if (isa<ConstantAggregateZero>(FilterClause)) {
2652         // Not an empty filter - it contains at least one null typeinfo.
2653         assert(NumTypeInfos > 0 && "Should have handled empty filter already!");
2654         Constant *TypeInfo =
2655           Constant::getNullValue(FilterType->getElementType());
2656         // If this typeinfo is a catch-all then the filter can never match.
2657         if (isCatchAll(Personality, TypeInfo)) {
2658           // Throw the filter away.
2659           MakeNewInstruction = true;
2660           continue;
2661         }
2662 
2663         // There is no point in having multiple copies of this typeinfo, so
2664         // discard all but the first copy if there is more than one.
2665         NewFilterElts.push_back(TypeInfo);
2666         if (NumTypeInfos > 1)
2667           MakeNewFilter = true;
2668       } else {
2669         ConstantArray *Filter = cast<ConstantArray>(FilterClause);
2670         SmallPtrSet<Value *, 16> SeenInFilter; // For uniquing the elements.
2671         NewFilterElts.reserve(NumTypeInfos);
2672 
2673         // Remove any filter elements that were already caught or that already
2674         // occurred in the filter.  While there, see if any of the elements are
2675         // catch-alls.  If so, the filter can be discarded.
2676         bool SawCatchAll = false;
2677         for (unsigned j = 0; j != NumTypeInfos; ++j) {
2678           Constant *Elt = Filter->getOperand(j);
2679           Constant *TypeInfo = Elt->stripPointerCasts();
2680           if (isCatchAll(Personality, TypeInfo)) {
2681             // This element is a catch-all.  Bail out, noting this fact.
2682             SawCatchAll = true;
2683             break;
2684           }
2685 
2686           // Even if we've seen a type in a catch clause, we don't want to
2687           // remove it from the filter.  An unexpected type handler may be
2688           // set up for a call site which throws an exception of the same
2689           // type caught.  In order for the exception thrown by the unexpected
2690           // handler to propagate correctly, the filter must be correctly
2691           // described for the call site.
2692           //
2693           // Example:
2694           //
2695           // void unexpected() { throw 1;}
2696           // void foo() throw (int) {
2697           //   std::set_unexpected(unexpected);
2698           //   try {
2699           //     throw 2.0;
2700           //   } catch (int i) {}
2701           // }
2702 
2703           // There is no point in having multiple copies of the same typeinfo in
2704           // a filter, so only add it if we didn't already.
2705           if (SeenInFilter.insert(TypeInfo).second)
2706             NewFilterElts.push_back(cast<Constant>(Elt));
2707         }
2708         // A filter containing a catch-all cannot match anything by definition.
2709         if (SawCatchAll) {
2710           // Throw the filter away.
2711           MakeNewInstruction = true;
2712           continue;
2713         }
2714 
2715         // If we dropped something from the filter, make a new one.
2716         if (NewFilterElts.size() < NumTypeInfos)
2717           MakeNewFilter = true;
2718       }
2719       if (MakeNewFilter) {
2720         FilterType = ArrayType::get(FilterType->getElementType(),
2721                                     NewFilterElts.size());
2722         FilterClause = ConstantArray::get(FilterType, NewFilterElts);
2723         MakeNewInstruction = true;
2724       }
2725 
2726       NewClauses.push_back(FilterClause);
2727 
2728       // If the new filter is empty then it will catch everything so there is
2729       // no point in keeping any following clauses or marking the landingpad
2730       // as having a cleanup.  The case of the original filter being empty was
2731       // already handled above.
2732       if (MakeNewFilter && !NewFilterElts.size()) {
2733         assert(MakeNewInstruction && "New filter but not a new instruction!");
2734         CleanupFlag = false;
2735         break;
2736       }
2737     }
2738   }
2739 
2740   // If several filters occur in a row then reorder them so that the shortest
2741   // filters come first (those with the smallest number of elements).  This is
2742   // advantageous because shorter filters are more likely to match, speeding up
2743   // unwinding, but mostly because it increases the effectiveness of the other
2744   // filter optimizations below.
2745   for (unsigned i = 0, e = NewClauses.size(); i + 1 < e; ) {
2746     unsigned j;
2747     // Find the maximal 'j' s.t. the range [i, j) consists entirely of filters.
2748     for (j = i; j != e; ++j)
2749       if (!isa<ArrayType>(NewClauses[j]->getType()))
2750         break;
2751 
2752     // Check whether the filters are already sorted by length.  We need to know
2753     // if sorting them is actually going to do anything so that we only make a
2754     // new landingpad instruction if it does.
2755     for (unsigned k = i; k + 1 < j; ++k)
2756       if (shorter_filter(NewClauses[k+1], NewClauses[k])) {
2757         // Not sorted, so sort the filters now.  Doing an unstable sort would be
2758         // correct too but reordering filters pointlessly might confuse users.
2759         std::stable_sort(NewClauses.begin() + i, NewClauses.begin() + j,
2760                          shorter_filter);
2761         MakeNewInstruction = true;
2762         break;
2763       }
2764 
2765     // Look for the next batch of filters.
2766     i = j + 1;
2767   }
2768 
2769   // If typeinfos matched if and only if equal, then the elements of a filter L
2770   // that occurs later than a filter F could be replaced by the intersection of
2771   // the elements of F and L.  In reality two typeinfos can match without being
2772   // equal (for example if one represents a C++ class, and the other some class
2773   // derived from it) so it would be wrong to perform this transform in general.
2774   // However the transform is correct and useful if F is a subset of L.  In that
2775   // case L can be replaced by F, and thus removed altogether since repeating a
2776   // filter is pointless.  So here we look at all pairs of filters F and L where
2777   // L follows F in the list of clauses, and remove L if every element of F is
2778   // an element of L.  This can occur when inlining C++ functions with exception
2779   // specifications.
2780   for (unsigned i = 0; i + 1 < NewClauses.size(); ++i) {
2781     // Examine each filter in turn.
2782     Value *Filter = NewClauses[i];
2783     ArrayType *FTy = dyn_cast<ArrayType>(Filter->getType());
2784     if (!FTy)
2785       // Not a filter - skip it.
2786       continue;
2787     unsigned FElts = FTy->getNumElements();
2788     // Examine each filter following this one.  Doing this backwards means that
2789     // we don't have to worry about filters disappearing under us when removed.
2790     for (unsigned j = NewClauses.size() - 1; j != i; --j) {
2791       Value *LFilter = NewClauses[j];
2792       ArrayType *LTy = dyn_cast<ArrayType>(LFilter->getType());
2793       if (!LTy)
2794         // Not a filter - skip it.
2795         continue;
2796       // If Filter is a subset of LFilter, i.e. every element of Filter is also
2797       // an element of LFilter, then discard LFilter.
2798       SmallVectorImpl<Constant *>::iterator J = NewClauses.begin() + j;
2799       // If Filter is empty then it is a subset of LFilter.
2800       if (!FElts) {
2801         // Discard LFilter.
2802         NewClauses.erase(J);
2803         MakeNewInstruction = true;
2804         // Move on to the next filter.
2805         continue;
2806       }
2807       unsigned LElts = LTy->getNumElements();
2808       // If Filter is longer than LFilter then it cannot be a subset of it.
2809       if (FElts > LElts)
2810         // Move on to the next filter.
2811         continue;
2812       // At this point we know that LFilter has at least one element.
2813       if (isa<ConstantAggregateZero>(LFilter)) { // LFilter only contains zeros.
2814         // Filter is a subset of LFilter iff Filter contains only zeros (as we
2815         // already know that Filter is not longer than LFilter).
2816         if (isa<ConstantAggregateZero>(Filter)) {
2817           assert(FElts <= LElts && "Should have handled this case earlier!");
2818           // Discard LFilter.
2819           NewClauses.erase(J);
2820           MakeNewInstruction = true;
2821         }
2822         // Move on to the next filter.
2823         continue;
2824       }
2825       ConstantArray *LArray = cast<ConstantArray>(LFilter);
2826       if (isa<ConstantAggregateZero>(Filter)) { // Filter only contains zeros.
2827         // Since Filter is non-empty and contains only zeros, it is a subset of
2828         // LFilter iff LFilter contains a zero.
2829         assert(FElts > 0 && "Should have eliminated the empty filter earlier!");
2830         for (unsigned l = 0; l != LElts; ++l)
2831           if (LArray->getOperand(l)->isNullValue()) {
2832             // LFilter contains a zero - discard it.
2833             NewClauses.erase(J);
2834             MakeNewInstruction = true;
2835             break;
2836           }
2837         // Move on to the next filter.
2838         continue;
2839       }
2840       // At this point we know that both filters are ConstantArrays.  Loop over
2841       // operands to see whether every element of Filter is also an element of
2842       // LFilter.  Since filters tend to be short this is probably faster than
2843       // using a method that scales nicely.
2844       ConstantArray *FArray = cast<ConstantArray>(Filter);
2845       bool AllFound = true;
2846       for (unsigned f = 0; f != FElts; ++f) {
2847         Value *FTypeInfo = FArray->getOperand(f)->stripPointerCasts();
2848         AllFound = false;
2849         for (unsigned l = 0; l != LElts; ++l) {
2850           Value *LTypeInfo = LArray->getOperand(l)->stripPointerCasts();
2851           if (LTypeInfo == FTypeInfo) {
2852             AllFound = true;
2853             break;
2854           }
2855         }
2856         if (!AllFound)
2857           break;
2858       }
2859       if (AllFound) {
2860         // Discard LFilter.
2861         NewClauses.erase(J);
2862         MakeNewInstruction = true;
2863       }
2864       // Move on to the next filter.
2865     }
2866   }
2867 
2868   // If we changed any of the clauses, replace the old landingpad instruction
2869   // with a new one.
2870   if (MakeNewInstruction) {
2871     LandingPadInst *NLI = LandingPadInst::Create(LI.getType(),
2872                                                  NewClauses.size());
2873     for (unsigned i = 0, e = NewClauses.size(); i != e; ++i)
2874       NLI->addClause(NewClauses[i]);
2875     // A landing pad with no clauses must have the cleanup flag set.  It is
2876     // theoretically possible, though highly unlikely, that we eliminated all
2877     // clauses.  If so, force the cleanup flag to true.
2878     if (NewClauses.empty())
2879       CleanupFlag = true;
2880     NLI->setCleanup(CleanupFlag);
2881     return NLI;
2882   }
2883 
2884   // Even if none of the clauses changed, we may nonetheless have understood
2885   // that the cleanup flag is pointless.  Clear it if so.
2886   if (LI.isCleanup() != CleanupFlag) {
2887     assert(!CleanupFlag && "Adding a cleanup, not removing one?!");
2888     LI.setCleanup(CleanupFlag);
2889     return &LI;
2890   }
2891 
2892   return nullptr;
2893 }
2894 
2895 /// Try to move the specified instruction from its current block into the
2896 /// beginning of DestBlock, which can only happen if it's safe to move the
2897 /// instruction past all of the instructions between it and the end of its
2898 /// block.
TryToSinkInstruction(Instruction * I,BasicBlock * DestBlock)2899 static bool TryToSinkInstruction(Instruction *I, BasicBlock *DestBlock) {
2900   assert(I->hasOneUse() && "Invariants didn't hold!");
2901   BasicBlock *SrcBlock = I->getParent();
2902 
2903   // Cannot move control-flow-involving, volatile loads, vaarg, etc.
2904   if (isa<PHINode>(I) || I->isEHPad() || I->mayHaveSideEffects() ||
2905       isa<TerminatorInst>(I))
2906     return false;
2907 
2908   // Do not sink alloca instructions out of the entry block.
2909   if (isa<AllocaInst>(I) && I->getParent() ==
2910         &DestBlock->getParent()->getEntryBlock())
2911     return false;
2912 
2913   // Do not sink into catchswitch blocks.
2914   if (isa<CatchSwitchInst>(DestBlock->getTerminator()))
2915     return false;
2916 
2917   // Do not sink convergent call instructions.
2918   if (auto *CI = dyn_cast<CallInst>(I)) {
2919     if (CI->isConvergent())
2920       return false;
2921   }
2922   // We can only sink load instructions if there is nothing between the load and
2923   // the end of block that could change the value.
2924   if (I->mayReadFromMemory()) {
2925     for (BasicBlock::iterator Scan = I->getIterator(),
2926                               E = I->getParent()->end();
2927          Scan != E; ++Scan)
2928       if (Scan->mayWriteToMemory())
2929         return false;
2930   }
2931   BasicBlock::iterator InsertPos = DestBlock->getFirstInsertionPt();
2932   I->moveBefore(&*InsertPos);
2933   ++NumSunkInst;
2934 
2935   // Also sink all related debug uses from the source basic block. Otherwise we
2936   // get debug use before the def.
2937   SmallVector<DbgInfoIntrinsic *, 1> DbgUsers;
2938   findDbgUsers(DbgUsers, I);
2939   for (auto *DII : DbgUsers) {
2940     if (DII->getParent() == SrcBlock) {
2941       DII->moveBefore(&*InsertPos);
2942       LLVM_DEBUG(dbgs() << "SINK: " << *DII << '\n');
2943     }
2944   }
2945   return true;
2946 }
2947 
run()2948 bool InstCombiner::run() {
2949   while (!Worklist.isEmpty()) {
2950     Instruction *I = Worklist.RemoveOne();
2951     if (I == nullptr) continue;  // skip null values.
2952 
2953     // Check to see if we can DCE the instruction.
2954     if (isInstructionTriviallyDead(I, &TLI)) {
2955       LLVM_DEBUG(dbgs() << "IC: DCE: " << *I << '\n');
2956       eraseInstFromFunction(*I);
2957       ++NumDeadInst;
2958       MadeIRChange = true;
2959       continue;
2960     }
2961 
2962     if (!DebugCounter::shouldExecute(VisitCounter))
2963       continue;
2964 
2965     // Instruction isn't dead, see if we can constant propagate it.
2966     if (!I->use_empty() &&
2967         (I->getNumOperands() == 0 || isa<Constant>(I->getOperand(0)))) {
2968       if (Constant *C = ConstantFoldInstruction(I, DL, &TLI)) {
2969         LLVM_DEBUG(dbgs() << "IC: ConstFold to: " << *C << " from: " << *I
2970                           << '\n');
2971 
2972         // Add operands to the worklist.
2973         replaceInstUsesWith(*I, C);
2974         ++NumConstProp;
2975         if (isInstructionTriviallyDead(I, &TLI))
2976           eraseInstFromFunction(*I);
2977         MadeIRChange = true;
2978         continue;
2979       }
2980     }
2981 
2982     // In general, it is possible for computeKnownBits to determine all bits in
2983     // a value even when the operands are not all constants.
2984     Type *Ty = I->getType();
2985     if (ExpensiveCombines && !I->use_empty() && Ty->isIntOrIntVectorTy()) {
2986       KnownBits Known = computeKnownBits(I, /*Depth*/0, I);
2987       if (Known.isConstant()) {
2988         Constant *C = ConstantInt::get(Ty, Known.getConstant());
2989         LLVM_DEBUG(dbgs() << "IC: ConstFold (all bits known) to: " << *C
2990                           << " from: " << *I << '\n');
2991 
2992         // Add operands to the worklist.
2993         replaceInstUsesWith(*I, C);
2994         ++NumConstProp;
2995         if (isInstructionTriviallyDead(I, &TLI))
2996           eraseInstFromFunction(*I);
2997         MadeIRChange = true;
2998         continue;
2999       }
3000     }
3001 
3002     // See if we can trivially sink this instruction to a successor basic block.
3003     if (I->hasOneUse()) {
3004       BasicBlock *BB = I->getParent();
3005       Instruction *UserInst = cast<Instruction>(*I->user_begin());
3006       BasicBlock *UserParent;
3007 
3008       // Get the block the use occurs in.
3009       if (PHINode *PN = dyn_cast<PHINode>(UserInst))
3010         UserParent = PN->getIncomingBlock(*I->use_begin());
3011       else
3012         UserParent = UserInst->getParent();
3013 
3014       if (UserParent != BB) {
3015         bool UserIsSuccessor = false;
3016         // See if the user is one of our successors.
3017         for (succ_iterator SI = succ_begin(BB), E = succ_end(BB); SI != E; ++SI)
3018           if (*SI == UserParent) {
3019             UserIsSuccessor = true;
3020             break;
3021           }
3022 
3023         // If the user is one of our immediate successors, and if that successor
3024         // only has us as a predecessors (we'd have to split the critical edge
3025         // otherwise), we can keep going.
3026         if (UserIsSuccessor && UserParent->getUniquePredecessor()) {
3027           // Okay, the CFG is simple enough, try to sink this instruction.
3028           if (TryToSinkInstruction(I, UserParent)) {
3029             LLVM_DEBUG(dbgs() << "IC: Sink: " << *I << '\n');
3030             MadeIRChange = true;
3031             // We'll add uses of the sunk instruction below, but since sinking
3032             // can expose opportunities for it's *operands* add them to the
3033             // worklist
3034             for (Use &U : I->operands())
3035               if (Instruction *OpI = dyn_cast<Instruction>(U.get()))
3036                 Worklist.Add(OpI);
3037           }
3038         }
3039       }
3040     }
3041 
3042     // Now that we have an instruction, try combining it to simplify it.
3043     Builder.SetInsertPoint(I);
3044     Builder.SetCurrentDebugLocation(I->getDebugLoc());
3045 
3046 #ifndef NDEBUG
3047     std::string OrigI;
3048 #endif
3049     LLVM_DEBUG(raw_string_ostream SS(OrigI); I->print(SS); OrigI = SS.str(););
3050     LLVM_DEBUG(dbgs() << "IC: Visiting: " << OrigI << '\n');
3051 
3052     if (Instruction *Result = visit(*I)) {
3053       ++NumCombined;
3054       // Should we replace the old instruction with a new one?
3055       if (Result != I) {
3056         LLVM_DEBUG(dbgs() << "IC: Old = " << *I << '\n'
3057                           << "    New = " << *Result << '\n');
3058 
3059         if (I->getDebugLoc())
3060           Result->setDebugLoc(I->getDebugLoc());
3061         // Everything uses the new instruction now.
3062         I->replaceAllUsesWith(Result);
3063 
3064         // Move the name to the new instruction first.
3065         Result->takeName(I);
3066 
3067         // Push the new instruction and any users onto the worklist.
3068         Worklist.AddUsersToWorkList(*Result);
3069         Worklist.Add(Result);
3070 
3071         // Insert the new instruction into the basic block...
3072         BasicBlock *InstParent = I->getParent();
3073         BasicBlock::iterator InsertPos = I->getIterator();
3074 
3075         // If we replace a PHI with something that isn't a PHI, fix up the
3076         // insertion point.
3077         if (!isa<PHINode>(Result) && isa<PHINode>(InsertPos))
3078           InsertPos = InstParent->getFirstInsertionPt();
3079 
3080         InstParent->getInstList().insert(InsertPos, Result);
3081 
3082         eraseInstFromFunction(*I);
3083       } else {
3084         LLVM_DEBUG(dbgs() << "IC: Mod = " << OrigI << '\n'
3085                           << "    New = " << *I << '\n');
3086 
3087         // If the instruction was modified, it's possible that it is now dead.
3088         // if so, remove it.
3089         if (isInstructionTriviallyDead(I, &TLI)) {
3090           eraseInstFromFunction(*I);
3091         } else {
3092           Worklist.AddUsersToWorkList(*I);
3093           Worklist.Add(I);
3094         }
3095       }
3096       MadeIRChange = true;
3097     }
3098   }
3099 
3100   Worklist.Zap();
3101   return MadeIRChange;
3102 }
3103 
3104 /// Walk the function in depth-first order, adding all reachable code to the
3105 /// worklist.
3106 ///
3107 /// This has a couple of tricks to make the code faster and more powerful.  In
3108 /// particular, we constant fold and DCE instructions as we go, to avoid adding
3109 /// them to the worklist (this significantly speeds up instcombine on code where
3110 /// many instructions are dead or constant).  Additionally, if we find a branch
3111 /// whose condition is a known constant, we only visit the reachable successors.
AddReachableCodeToWorklist(BasicBlock * BB,const DataLayout & DL,SmallPtrSetImpl<BasicBlock * > & Visited,InstCombineWorklist & ICWorklist,const TargetLibraryInfo * TLI)3112 static bool AddReachableCodeToWorklist(BasicBlock *BB, const DataLayout &DL,
3113                                        SmallPtrSetImpl<BasicBlock *> &Visited,
3114                                        InstCombineWorklist &ICWorklist,
3115                                        const TargetLibraryInfo *TLI) {
3116   bool MadeIRChange = false;
3117   SmallVector<BasicBlock*, 256> Worklist;
3118   Worklist.push_back(BB);
3119 
3120   SmallVector<Instruction*, 128> InstrsForInstCombineWorklist;
3121   DenseMap<Constant *, Constant *> FoldedConstants;
3122 
3123   do {
3124     BB = Worklist.pop_back_val();
3125 
3126     // We have now visited this block!  If we've already been here, ignore it.
3127     if (!Visited.insert(BB).second)
3128       continue;
3129 
3130     for (BasicBlock::iterator BBI = BB->begin(), E = BB->end(); BBI != E; ) {
3131       Instruction *Inst = &*BBI++;
3132 
3133       // DCE instruction if trivially dead.
3134       if (isInstructionTriviallyDead(Inst, TLI)) {
3135         ++NumDeadInst;
3136         LLVM_DEBUG(dbgs() << "IC: DCE: " << *Inst << '\n');
3137         salvageDebugInfo(*Inst);
3138         Inst->eraseFromParent();
3139         MadeIRChange = true;
3140         continue;
3141       }
3142 
3143       // ConstantProp instruction if trivially constant.
3144       if (!Inst->use_empty() &&
3145           (Inst->getNumOperands() == 0 || isa<Constant>(Inst->getOperand(0))))
3146         if (Constant *C = ConstantFoldInstruction(Inst, DL, TLI)) {
3147           LLVM_DEBUG(dbgs() << "IC: ConstFold to: " << *C << " from: " << *Inst
3148                             << '\n');
3149           Inst->replaceAllUsesWith(C);
3150           ++NumConstProp;
3151           if (isInstructionTriviallyDead(Inst, TLI))
3152             Inst->eraseFromParent();
3153           MadeIRChange = true;
3154           continue;
3155         }
3156 
3157       // See if we can constant fold its operands.
3158       for (Use &U : Inst->operands()) {
3159         if (!isa<ConstantVector>(U) && !isa<ConstantExpr>(U))
3160           continue;
3161 
3162         auto *C = cast<Constant>(U);
3163         Constant *&FoldRes = FoldedConstants[C];
3164         if (!FoldRes)
3165           FoldRes = ConstantFoldConstant(C, DL, TLI);
3166         if (!FoldRes)
3167           FoldRes = C;
3168 
3169         if (FoldRes != C) {
3170           LLVM_DEBUG(dbgs() << "IC: ConstFold operand of: " << *Inst
3171                             << "\n    Old = " << *C
3172                             << "\n    New = " << *FoldRes << '\n');
3173           U = FoldRes;
3174           MadeIRChange = true;
3175         }
3176       }
3177 
3178       // Skip processing debug intrinsics in InstCombine. Processing these call instructions
3179       // consumes non-trivial amount of time and provides no value for the optimization.
3180       if (!isa<DbgInfoIntrinsic>(Inst))
3181         InstrsForInstCombineWorklist.push_back(Inst);
3182     }
3183 
3184     // Recursively visit successors.  If this is a branch or switch on a
3185     // constant, only visit the reachable successor.
3186     TerminatorInst *TI = BB->getTerminator();
3187     if (BranchInst *BI = dyn_cast<BranchInst>(TI)) {
3188       if (BI->isConditional() && isa<ConstantInt>(BI->getCondition())) {
3189         bool CondVal = cast<ConstantInt>(BI->getCondition())->getZExtValue();
3190         BasicBlock *ReachableBB = BI->getSuccessor(!CondVal);
3191         Worklist.push_back(ReachableBB);
3192         continue;
3193       }
3194     } else if (SwitchInst *SI = dyn_cast<SwitchInst>(TI)) {
3195       if (ConstantInt *Cond = dyn_cast<ConstantInt>(SI->getCondition())) {
3196         Worklist.push_back(SI->findCaseValue(Cond)->getCaseSuccessor());
3197         continue;
3198       }
3199     }
3200 
3201     for (BasicBlock *SuccBB : TI->successors())
3202       Worklist.push_back(SuccBB);
3203   } while (!Worklist.empty());
3204 
3205   // Once we've found all of the instructions to add to instcombine's worklist,
3206   // add them in reverse order.  This way instcombine will visit from the top
3207   // of the function down.  This jives well with the way that it adds all uses
3208   // of instructions to the worklist after doing a transformation, thus avoiding
3209   // some N^2 behavior in pathological cases.
3210   ICWorklist.AddInitialGroup(InstrsForInstCombineWorklist);
3211 
3212   return MadeIRChange;
3213 }
3214 
3215 /// Populate the IC worklist from a function, and prune any dead basic
3216 /// blocks discovered in the process.
3217 ///
3218 /// This also does basic constant propagation and other forward fixing to make
3219 /// the combiner itself run much faster.
prepareICWorklistFromFunction(Function & F,const DataLayout & DL,TargetLibraryInfo * TLI,InstCombineWorklist & ICWorklist)3220 static bool prepareICWorklistFromFunction(Function &F, const DataLayout &DL,
3221                                           TargetLibraryInfo *TLI,
3222                                           InstCombineWorklist &ICWorklist) {
3223   bool MadeIRChange = false;
3224 
3225   // Do a depth-first traversal of the function, populate the worklist with
3226   // the reachable instructions.  Ignore blocks that are not reachable.  Keep
3227   // track of which blocks we visit.
3228   SmallPtrSet<BasicBlock *, 32> Visited;
3229   MadeIRChange |=
3230       AddReachableCodeToWorklist(&F.front(), DL, Visited, ICWorklist, TLI);
3231 
3232   // Do a quick scan over the function.  If we find any blocks that are
3233   // unreachable, remove any instructions inside of them.  This prevents
3234   // the instcombine code from having to deal with some bad special cases.
3235   for (BasicBlock &BB : F) {
3236     if (Visited.count(&BB))
3237       continue;
3238 
3239     unsigned NumDeadInstInBB = removeAllNonTerminatorAndEHPadInstructions(&BB);
3240     MadeIRChange |= NumDeadInstInBB > 0;
3241     NumDeadInst += NumDeadInstInBB;
3242   }
3243 
3244   return MadeIRChange;
3245 }
3246 
combineInstructionsOverFunction(Function & F,InstCombineWorklist & Worklist,AliasAnalysis * AA,AssumptionCache & AC,TargetLibraryInfo & TLI,DominatorTree & DT,OptimizationRemarkEmitter & ORE,bool ExpensiveCombines=true,LoopInfo * LI=nullptr)3247 static bool combineInstructionsOverFunction(
3248     Function &F, InstCombineWorklist &Worklist, AliasAnalysis *AA,
3249     AssumptionCache &AC, TargetLibraryInfo &TLI, DominatorTree &DT,
3250     OptimizationRemarkEmitter &ORE, bool ExpensiveCombines = true,
3251     LoopInfo *LI = nullptr) {
3252   auto &DL = F.getParent()->getDataLayout();
3253   ExpensiveCombines |= EnableExpensiveCombines;
3254 
3255   /// Builder - This is an IRBuilder that automatically inserts new
3256   /// instructions into the worklist when they are created.
3257   IRBuilder<TargetFolder, IRBuilderCallbackInserter> Builder(
3258       F.getContext(), TargetFolder(DL),
3259       IRBuilderCallbackInserter([&Worklist, &AC](Instruction *I) {
3260         Worklist.Add(I);
3261         if (match(I, m_Intrinsic<Intrinsic::assume>()))
3262           AC.registerAssumption(cast<CallInst>(I));
3263       }));
3264 
3265   // Lower dbg.declare intrinsics otherwise their value may be clobbered
3266   // by instcombiner.
3267   bool MadeIRChange = false;
3268   if (ShouldLowerDbgDeclare)
3269     MadeIRChange = LowerDbgDeclare(F);
3270 
3271   // Iterate while there is work to do.
3272   int Iteration = 0;
3273   while (true) {
3274     ++Iteration;
3275     LLVM_DEBUG(dbgs() << "\n\nINSTCOMBINE ITERATION #" << Iteration << " on "
3276                       << F.getName() << "\n");
3277 
3278     MadeIRChange |= prepareICWorklistFromFunction(F, DL, &TLI, Worklist);
3279 
3280     InstCombiner IC(Worklist, Builder, F.optForMinSize(), ExpensiveCombines, AA,
3281                     AC, TLI, DT, ORE, DL, LI);
3282     IC.MaxArraySizeForCombine = MaxArraySize;
3283 
3284     if (!IC.run())
3285       break;
3286   }
3287 
3288   return MadeIRChange || Iteration > 1;
3289 }
3290 
run(Function & F,FunctionAnalysisManager & AM)3291 PreservedAnalyses InstCombinePass::run(Function &F,
3292                                        FunctionAnalysisManager &AM) {
3293   auto &AC = AM.getResult<AssumptionAnalysis>(F);
3294   auto &DT = AM.getResult<DominatorTreeAnalysis>(F);
3295   auto &TLI = AM.getResult<TargetLibraryAnalysis>(F);
3296   auto &ORE = AM.getResult<OptimizationRemarkEmitterAnalysis>(F);
3297 
3298   auto *LI = AM.getCachedResult<LoopAnalysis>(F);
3299 
3300   auto *AA = &AM.getResult<AAManager>(F);
3301   if (!combineInstructionsOverFunction(F, Worklist, AA, AC, TLI, DT, ORE,
3302                                        ExpensiveCombines, LI))
3303     // No changes, all analyses are preserved.
3304     return PreservedAnalyses::all();
3305 
3306   // Mark all the analyses that instcombine updates as preserved.
3307   PreservedAnalyses PA;
3308   PA.preserveSet<CFGAnalyses>();
3309   PA.preserve<AAManager>();
3310   PA.preserve<BasicAA>();
3311   PA.preserve<GlobalsAA>();
3312   return PA;
3313 }
3314 
getAnalysisUsage(AnalysisUsage & AU) const3315 void InstructionCombiningPass::getAnalysisUsage(AnalysisUsage &AU) const {
3316   AU.setPreservesCFG();
3317   AU.addRequired<AAResultsWrapperPass>();
3318   AU.addRequired<AssumptionCacheTracker>();
3319   AU.addRequired<TargetLibraryInfoWrapperPass>();
3320   AU.addRequired<DominatorTreeWrapperPass>();
3321   AU.addRequired<OptimizationRemarkEmitterWrapperPass>();
3322   AU.addPreserved<DominatorTreeWrapperPass>();
3323   AU.addPreserved<AAResultsWrapperPass>();
3324   AU.addPreserved<BasicAAWrapperPass>();
3325   AU.addPreserved<GlobalsAAWrapperPass>();
3326 }
3327 
runOnFunction(Function & F)3328 bool InstructionCombiningPass::runOnFunction(Function &F) {
3329   if (skipFunction(F))
3330     return false;
3331 
3332   // Required analyses.
3333   auto AA = &getAnalysis<AAResultsWrapperPass>().getAAResults();
3334   auto &AC = getAnalysis<AssumptionCacheTracker>().getAssumptionCache(F);
3335   auto &TLI = getAnalysis<TargetLibraryInfoWrapperPass>().getTLI();
3336   auto &DT = getAnalysis<DominatorTreeWrapperPass>().getDomTree();
3337   auto &ORE = getAnalysis<OptimizationRemarkEmitterWrapperPass>().getORE();
3338 
3339   // Optional analyses.
3340   auto *LIWP = getAnalysisIfAvailable<LoopInfoWrapperPass>();
3341   auto *LI = LIWP ? &LIWP->getLoopInfo() : nullptr;
3342 
3343   return combineInstructionsOverFunction(F, Worklist, AA, AC, TLI, DT, ORE,
3344                                          ExpensiveCombines, LI);
3345 }
3346 
3347 char InstructionCombiningPass::ID = 0;
3348 
3349 INITIALIZE_PASS_BEGIN(InstructionCombiningPass, "instcombine",
3350                       "Combine redundant instructions", false, false)
INITIALIZE_PASS_DEPENDENCY(AssumptionCacheTracker)3351 INITIALIZE_PASS_DEPENDENCY(AssumptionCacheTracker)
3352 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass)
3353 INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)
3354 INITIALIZE_PASS_DEPENDENCY(AAResultsWrapperPass)
3355 INITIALIZE_PASS_DEPENDENCY(GlobalsAAWrapperPass)
3356 INITIALIZE_PASS_DEPENDENCY(OptimizationRemarkEmitterWrapperPass)
3357 INITIALIZE_PASS_END(InstructionCombiningPass, "instcombine",
3358                     "Combine redundant instructions", false, false)
3359 
3360 // Initialization Routines
3361 void llvm::initializeInstCombine(PassRegistry &Registry) {
3362   initializeInstructionCombiningPassPass(Registry);
3363 }
3364 
LLVMInitializeInstCombine(LLVMPassRegistryRef R)3365 void LLVMInitializeInstCombine(LLVMPassRegistryRef R) {
3366   initializeInstructionCombiningPassPass(*unwrap(R));
3367 }
3368 
createInstructionCombiningPass(bool ExpensiveCombines)3369 FunctionPass *llvm::createInstructionCombiningPass(bool ExpensiveCombines) {
3370   return new InstructionCombiningPass(ExpensiveCombines);
3371 }
3372 
LLVMAddInstructionCombiningPass(LLVMPassManagerRef PM)3373 void LLVMAddInstructionCombiningPass(LLVMPassManagerRef PM) {
3374   unwrap(PM)->add(createInstructionCombiningPass());
3375 }
3376