1 //===- InstructionCombining.cpp - Combine multiple instructions -----------===//
2 //
3 //                     The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // InstructionCombining - Combine instructions to form fewer, simple
11 // instructions.  This pass does not modify the CFG.  This pass is where
12 // algebraic simplification happens.
13 //
14 // This pass combines things like:
15 //    %Y = add i32 %X, 1
16 //    %Z = add i32 %Y, 1
17 // into:
18 //    %Z = add i32 %X, 2
19 //
20 // This is a simple worklist driven algorithm.
21 //
22 // This pass guarantees that the following canonicalizations are performed on
23 // the program:
24 //    1. If a binary operator has a constant operand, it is moved to the RHS
25 //    2. Bitwise operators with constant operands are always grouped so that
26 //       shifts are performed first, then or's, then and's, then xor's.
27 //    3. Compare instructions are converted from <,>,<=,>= to ==,!= if possible
28 //    4. All cmp instructions on boolean values are replaced with logical ops
29 //    5. add X, X is represented as (X*2) => (X << 1)
30 //    6. Multiplies with a power-of-two constant argument are transformed into
31 //       shifts.
32 //   ... etc.
33 //
34 //===----------------------------------------------------------------------===//
35 
36 #include "llvm/Transforms/InstCombine/InstCombine.h"
37 #include "InstCombineInternal.h"
38 #include "llvm-c/Initialization.h"
39 #include "llvm/ADT/SmallPtrSet.h"
40 #include "llvm/ADT/Statistic.h"
41 #include "llvm/ADT/StringSwitch.h"
42 #include "llvm/Analysis/AssumptionCache.h"
43 #include "llvm/Analysis/CFG.h"
44 #include "llvm/Analysis/ConstantFolding.h"
45 #include "llvm/Analysis/InstructionSimplify.h"
46 #include "llvm/Analysis/LibCallSemantics.h"
47 #include "llvm/Analysis/LoopInfo.h"
48 #include "llvm/Analysis/MemoryBuiltins.h"
49 #include "llvm/Analysis/TargetLibraryInfo.h"
50 #include "llvm/Analysis/ValueTracking.h"
51 #include "llvm/IR/CFG.h"
52 #include "llvm/IR/DataLayout.h"
53 #include "llvm/IR/Dominators.h"
54 #include "llvm/IR/GetElementPtrTypeIterator.h"
55 #include "llvm/IR/IntrinsicInst.h"
56 #include "llvm/IR/PatternMatch.h"
57 #include "llvm/IR/ValueHandle.h"
58 #include "llvm/Support/CommandLine.h"
59 #include "llvm/Support/Debug.h"
60 #include "llvm/Support/raw_ostream.h"
61 #include "llvm/Transforms/Scalar.h"
62 #include "llvm/Transforms/Utils/Local.h"
63 #include <algorithm>
64 #include <climits>
65 using namespace llvm;
66 using namespace llvm::PatternMatch;
67 
68 #define DEBUG_TYPE "instcombine"
69 
70 STATISTIC(NumCombined , "Number of insts combined");
71 STATISTIC(NumConstProp, "Number of constant folds");
72 STATISTIC(NumDeadInst , "Number of dead inst eliminated");
73 STATISTIC(NumSunkInst , "Number of instructions sunk");
74 STATISTIC(NumExpand,    "Number of expansions");
75 STATISTIC(NumFactor   , "Number of factorizations");
76 STATISTIC(NumReassoc  , "Number of reassociations");
77 
EmitGEPOffset(User * GEP)78 Value *InstCombiner::EmitGEPOffset(User *GEP) {
79   return llvm::EmitGEPOffset(Builder, DL, GEP);
80 }
81 
82 /// ShouldChangeType - Return true if it is desirable to convert a computation
83 /// from 'From' to 'To'.  We don't want to convert from a legal to an illegal
84 /// type for example, or from a smaller to a larger illegal type.
ShouldChangeType(Type * From,Type * To) const85 bool InstCombiner::ShouldChangeType(Type *From, Type *To) const {
86   assert(From->isIntegerTy() && To->isIntegerTy());
87 
88   unsigned FromWidth = From->getPrimitiveSizeInBits();
89   unsigned ToWidth = To->getPrimitiveSizeInBits();
90   bool FromLegal = DL.isLegalInteger(FromWidth);
91   bool ToLegal = DL.isLegalInteger(ToWidth);
92 
93   // If this is a legal integer from type, and the result would be an illegal
94   // type, don't do the transformation.
95   if (FromLegal && !ToLegal)
96     return false;
97 
98   // Otherwise, if both are illegal, do not increase the size of the result. We
99   // do allow things like i160 -> i64, but not i64 -> i160.
100   if (!FromLegal && !ToLegal && ToWidth > FromWidth)
101     return false;
102 
103   return true;
104 }
105 
106 // Return true, if No Signed Wrap should be maintained for I.
107 // The No Signed Wrap flag can be kept if the operation "B (I.getOpcode) C",
108 // where both B and C should be ConstantInts, results in a constant that does
109 // not overflow. This function only handles the Add and Sub opcodes. For
110 // all other opcodes, the function conservatively returns false.
MaintainNoSignedWrap(BinaryOperator & I,Value * B,Value * C)111 static bool MaintainNoSignedWrap(BinaryOperator &I, Value *B, Value *C) {
112   OverflowingBinaryOperator *OBO = dyn_cast<OverflowingBinaryOperator>(&I);
113   if (!OBO || !OBO->hasNoSignedWrap()) {
114     return false;
115   }
116 
117   // We reason about Add and Sub Only.
118   Instruction::BinaryOps Opcode = I.getOpcode();
119   if (Opcode != Instruction::Add &&
120       Opcode != Instruction::Sub) {
121     return false;
122   }
123 
124   ConstantInt *CB = dyn_cast<ConstantInt>(B);
125   ConstantInt *CC = dyn_cast<ConstantInt>(C);
126 
127   if (!CB || !CC) {
128     return false;
129   }
130 
131   const APInt &BVal = CB->getValue();
132   const APInt &CVal = CC->getValue();
133   bool Overflow = false;
134 
135   if (Opcode == Instruction::Add) {
136     BVal.sadd_ov(CVal, Overflow);
137   } else {
138     BVal.ssub_ov(CVal, Overflow);
139   }
140 
141   return !Overflow;
142 }
143 
144 /// Conservatively clears subclassOptionalData after a reassociation or
145 /// commutation. We preserve fast-math flags when applicable as they can be
146 /// preserved.
ClearSubclassDataAfterReassociation(BinaryOperator & I)147 static void ClearSubclassDataAfterReassociation(BinaryOperator &I) {
148   FPMathOperator *FPMO = dyn_cast<FPMathOperator>(&I);
149   if (!FPMO) {
150     I.clearSubclassOptionalData();
151     return;
152   }
153 
154   FastMathFlags FMF = I.getFastMathFlags();
155   I.clearSubclassOptionalData();
156   I.setFastMathFlags(FMF);
157 }
158 
159 /// SimplifyAssociativeOrCommutative - This performs a few simplifications for
160 /// operators which are associative or commutative:
161 //
162 //  Commutative operators:
163 //
164 //  1. Order operands such that they are listed from right (least complex) to
165 //     left (most complex).  This puts constants before unary operators before
166 //     binary operators.
167 //
168 //  Associative operators:
169 //
170 //  2. Transform: "(A op B) op C" ==> "A op (B op C)" if "B op C" simplifies.
171 //  3. Transform: "A op (B op C)" ==> "(A op B) op C" if "A op B" simplifies.
172 //
173 //  Associative and commutative operators:
174 //
175 //  4. Transform: "(A op B) op C" ==> "(C op A) op B" if "C op A" simplifies.
176 //  5. Transform: "A op (B op C)" ==> "B op (C op A)" if "C op A" simplifies.
177 //  6. Transform: "(A op C1) op (B op C2)" ==> "(A op B) op (C1 op C2)"
178 //     if C1 and C2 are constants.
179 //
SimplifyAssociativeOrCommutative(BinaryOperator & I)180 bool InstCombiner::SimplifyAssociativeOrCommutative(BinaryOperator &I) {
181   Instruction::BinaryOps Opcode = I.getOpcode();
182   bool Changed = false;
183 
184   do {
185     // Order operands such that they are listed from right (least complex) to
186     // left (most complex).  This puts constants before unary operators before
187     // binary operators.
188     if (I.isCommutative() && getComplexity(I.getOperand(0)) <
189         getComplexity(I.getOperand(1)))
190       Changed = !I.swapOperands();
191 
192     BinaryOperator *Op0 = dyn_cast<BinaryOperator>(I.getOperand(0));
193     BinaryOperator *Op1 = dyn_cast<BinaryOperator>(I.getOperand(1));
194 
195     if (I.isAssociative()) {
196       // Transform: "(A op B) op C" ==> "A op (B op C)" if "B op C" simplifies.
197       if (Op0 && Op0->getOpcode() == Opcode) {
198         Value *A = Op0->getOperand(0);
199         Value *B = Op0->getOperand(1);
200         Value *C = I.getOperand(1);
201 
202         // Does "B op C" simplify?
203         if (Value *V = SimplifyBinOp(Opcode, B, C, DL)) {
204           // It simplifies to V.  Form "A op V".
205           I.setOperand(0, A);
206           I.setOperand(1, V);
207           // Conservatively clear the optional flags, since they may not be
208           // preserved by the reassociation.
209           if (MaintainNoSignedWrap(I, B, C) &&
210               (!Op0 || (isa<BinaryOperator>(Op0) && Op0->hasNoSignedWrap()))) {
211             // Note: this is only valid because SimplifyBinOp doesn't look at
212             // the operands to Op0.
213             I.clearSubclassOptionalData();
214             I.setHasNoSignedWrap(true);
215           } else {
216             ClearSubclassDataAfterReassociation(I);
217           }
218 
219           Changed = true;
220           ++NumReassoc;
221           continue;
222         }
223       }
224 
225       // Transform: "A op (B op C)" ==> "(A op B) op C" if "A op B" simplifies.
226       if (Op1 && Op1->getOpcode() == Opcode) {
227         Value *A = I.getOperand(0);
228         Value *B = Op1->getOperand(0);
229         Value *C = Op1->getOperand(1);
230 
231         // Does "A op B" simplify?
232         if (Value *V = SimplifyBinOp(Opcode, A, B, DL)) {
233           // It simplifies to V.  Form "V op C".
234           I.setOperand(0, V);
235           I.setOperand(1, C);
236           // Conservatively clear the optional flags, since they may not be
237           // preserved by the reassociation.
238           ClearSubclassDataAfterReassociation(I);
239           Changed = true;
240           ++NumReassoc;
241           continue;
242         }
243       }
244     }
245 
246     if (I.isAssociative() && I.isCommutative()) {
247       // Transform: "(A op B) op C" ==> "(C op A) op B" if "C op A" simplifies.
248       if (Op0 && Op0->getOpcode() == Opcode) {
249         Value *A = Op0->getOperand(0);
250         Value *B = Op0->getOperand(1);
251         Value *C = I.getOperand(1);
252 
253         // Does "C op A" simplify?
254         if (Value *V = SimplifyBinOp(Opcode, C, A, DL)) {
255           // It simplifies to V.  Form "V op B".
256           I.setOperand(0, V);
257           I.setOperand(1, B);
258           // Conservatively clear the optional flags, since they may not be
259           // preserved by the reassociation.
260           ClearSubclassDataAfterReassociation(I);
261           Changed = true;
262           ++NumReassoc;
263           continue;
264         }
265       }
266 
267       // Transform: "A op (B op C)" ==> "B op (C op A)" if "C op A" simplifies.
268       if (Op1 && Op1->getOpcode() == Opcode) {
269         Value *A = I.getOperand(0);
270         Value *B = Op1->getOperand(0);
271         Value *C = Op1->getOperand(1);
272 
273         // Does "C op A" simplify?
274         if (Value *V = SimplifyBinOp(Opcode, C, A, DL)) {
275           // It simplifies to V.  Form "B op V".
276           I.setOperand(0, B);
277           I.setOperand(1, V);
278           // Conservatively clear the optional flags, since they may not be
279           // preserved by the reassociation.
280           ClearSubclassDataAfterReassociation(I);
281           Changed = true;
282           ++NumReassoc;
283           continue;
284         }
285       }
286 
287       // Transform: "(A op C1) op (B op C2)" ==> "(A op B) op (C1 op C2)"
288       // if C1 and C2 are constants.
289       if (Op0 && Op1 &&
290           Op0->getOpcode() == Opcode && Op1->getOpcode() == Opcode &&
291           isa<Constant>(Op0->getOperand(1)) &&
292           isa<Constant>(Op1->getOperand(1)) &&
293           Op0->hasOneUse() && Op1->hasOneUse()) {
294         Value *A = Op0->getOperand(0);
295         Constant *C1 = cast<Constant>(Op0->getOperand(1));
296         Value *B = Op1->getOperand(0);
297         Constant *C2 = cast<Constant>(Op1->getOperand(1));
298 
299         Constant *Folded = ConstantExpr::get(Opcode, C1, C2);
300         BinaryOperator *New = BinaryOperator::Create(Opcode, A, B);
301         if (isa<FPMathOperator>(New)) {
302           FastMathFlags Flags = I.getFastMathFlags();
303           Flags &= Op0->getFastMathFlags();
304           Flags &= Op1->getFastMathFlags();
305           New->setFastMathFlags(Flags);
306         }
307         InsertNewInstWith(New, I);
308         New->takeName(Op1);
309         I.setOperand(0, New);
310         I.setOperand(1, Folded);
311         // Conservatively clear the optional flags, since they may not be
312         // preserved by the reassociation.
313         ClearSubclassDataAfterReassociation(I);
314 
315         Changed = true;
316         continue;
317       }
318     }
319 
320     // No further simplifications.
321     return Changed;
322   } while (1);
323 }
324 
325 /// LeftDistributesOverRight - Whether "X LOp (Y ROp Z)" is always equal to
326 /// "(X LOp Y) ROp (X LOp Z)".
LeftDistributesOverRight(Instruction::BinaryOps LOp,Instruction::BinaryOps ROp)327 static bool LeftDistributesOverRight(Instruction::BinaryOps LOp,
328                                      Instruction::BinaryOps ROp) {
329   switch (LOp) {
330   default:
331     return false;
332 
333   case Instruction::And:
334     // And distributes over Or and Xor.
335     switch (ROp) {
336     default:
337       return false;
338     case Instruction::Or:
339     case Instruction::Xor:
340       return true;
341     }
342 
343   case Instruction::Mul:
344     // Multiplication distributes over addition and subtraction.
345     switch (ROp) {
346     default:
347       return false;
348     case Instruction::Add:
349     case Instruction::Sub:
350       return true;
351     }
352 
353   case Instruction::Or:
354     // Or distributes over And.
355     switch (ROp) {
356     default:
357       return false;
358     case Instruction::And:
359       return true;
360     }
361   }
362 }
363 
364 /// RightDistributesOverLeft - Whether "(X LOp Y) ROp Z" is always equal to
365 /// "(X ROp Z) LOp (Y ROp Z)".
RightDistributesOverLeft(Instruction::BinaryOps LOp,Instruction::BinaryOps ROp)366 static bool RightDistributesOverLeft(Instruction::BinaryOps LOp,
367                                      Instruction::BinaryOps ROp) {
368   if (Instruction::isCommutative(ROp))
369     return LeftDistributesOverRight(ROp, LOp);
370 
371   switch (LOp) {
372   default:
373     return false;
374   // (X >> Z) & (Y >> Z)  -> (X&Y) >> Z  for all shifts.
375   // (X >> Z) | (Y >> Z)  -> (X|Y) >> Z  for all shifts.
376   // (X >> Z) ^ (Y >> Z)  -> (X^Y) >> Z  for all shifts.
377   case Instruction::And:
378   case Instruction::Or:
379   case Instruction::Xor:
380     switch (ROp) {
381     default:
382       return false;
383     case Instruction::Shl:
384     case Instruction::LShr:
385     case Instruction::AShr:
386       return true;
387     }
388   }
389   // TODO: It would be nice to handle division, aka "(X + Y)/Z = X/Z + Y/Z",
390   // but this requires knowing that the addition does not overflow and other
391   // such subtleties.
392   return false;
393 }
394 
395 /// This function returns identity value for given opcode, which can be used to
396 /// factor patterns like (X * 2) + X ==> (X * 2) + (X * 1) ==> X * (2 + 1).
getIdentityValue(Instruction::BinaryOps OpCode,Value * V)397 static Value *getIdentityValue(Instruction::BinaryOps OpCode, Value *V) {
398   if (isa<Constant>(V))
399     return nullptr;
400 
401   if (OpCode == Instruction::Mul)
402     return ConstantInt::get(V->getType(), 1);
403 
404   // TODO: We can handle other cases e.g. Instruction::And, Instruction::Or etc.
405 
406   return nullptr;
407 }
408 
409 /// This function factors binary ops which can be combined using distributive
410 /// laws. This function tries to transform 'Op' based TopLevelOpcode to enable
411 /// factorization e.g for ADD(SHL(X , 2), MUL(X, 5)), When this function called
412 /// with TopLevelOpcode == Instruction::Add and Op = SHL(X, 2), transforms
413 /// SHL(X, 2) to MUL(X, 4) i.e. returns Instruction::Mul with LHS set to 'X' and
414 /// RHS to 4.
415 static Instruction::BinaryOps
getBinOpsForFactorization(Instruction::BinaryOps TopLevelOpcode,BinaryOperator * Op,Value * & LHS,Value * & RHS)416 getBinOpsForFactorization(Instruction::BinaryOps TopLevelOpcode,
417                           BinaryOperator *Op, Value *&LHS, Value *&RHS) {
418   if (!Op)
419     return Instruction::BinaryOpsEnd;
420 
421   LHS = Op->getOperand(0);
422   RHS = Op->getOperand(1);
423 
424   switch (TopLevelOpcode) {
425   default:
426     return Op->getOpcode();
427 
428   case Instruction::Add:
429   case Instruction::Sub:
430     if (Op->getOpcode() == Instruction::Shl) {
431       if (Constant *CST = dyn_cast<Constant>(Op->getOperand(1))) {
432         // The multiplier is really 1 << CST.
433         RHS = ConstantExpr::getShl(ConstantInt::get(Op->getType(), 1), CST);
434         return Instruction::Mul;
435       }
436     }
437     return Op->getOpcode();
438   }
439 
440   // TODO: We can add other conversions e.g. shr => div etc.
441 }
442 
443 /// This tries to simplify binary operations by factorizing out common terms
444 /// (e. g. "(A*B)+(A*C)" -> "A*(B+C)").
tryFactorization(InstCombiner::BuilderTy * Builder,const DataLayout & DL,BinaryOperator & I,Instruction::BinaryOps InnerOpcode,Value * A,Value * B,Value * C,Value * D)445 static Value *tryFactorization(InstCombiner::BuilderTy *Builder,
446                                const DataLayout &DL, BinaryOperator &I,
447                                Instruction::BinaryOps InnerOpcode, Value *A,
448                                Value *B, Value *C, Value *D) {
449 
450   // If any of A, B, C, D are null, we can not factor I, return early.
451   // Checking A and C should be enough.
452   if (!A || !C || !B || !D)
453     return nullptr;
454 
455   Value *SimplifiedInst = nullptr;
456   Value *LHS = I.getOperand(0), *RHS = I.getOperand(1);
457   Instruction::BinaryOps TopLevelOpcode = I.getOpcode();
458 
459   // Does "X op' Y" always equal "Y op' X"?
460   bool InnerCommutative = Instruction::isCommutative(InnerOpcode);
461 
462   // Does "X op' (Y op Z)" always equal "(X op' Y) op (X op' Z)"?
463   if (LeftDistributesOverRight(InnerOpcode, TopLevelOpcode))
464     // Does the instruction have the form "(A op' B) op (A op' D)" or, in the
465     // commutative case, "(A op' B) op (C op' A)"?
466     if (A == C || (InnerCommutative && A == D)) {
467       if (A != C)
468         std::swap(C, D);
469       // Consider forming "A op' (B op D)".
470       // If "B op D" simplifies then it can be formed with no cost.
471       Value *V = SimplifyBinOp(TopLevelOpcode, B, D, DL);
472       // If "B op D" doesn't simplify then only go on if both of the existing
473       // operations "A op' B" and "C op' D" will be zapped as no longer used.
474       if (!V && LHS->hasOneUse() && RHS->hasOneUse())
475         V = Builder->CreateBinOp(TopLevelOpcode, B, D, RHS->getName());
476       if (V) {
477         SimplifiedInst = Builder->CreateBinOp(InnerOpcode, A, V);
478       }
479     }
480 
481   // Does "(X op Y) op' Z" always equal "(X op' Z) op (Y op' Z)"?
482   if (!SimplifiedInst && RightDistributesOverLeft(TopLevelOpcode, InnerOpcode))
483     // Does the instruction have the form "(A op' B) op (C op' B)" or, in the
484     // commutative case, "(A op' B) op (B op' D)"?
485     if (B == D || (InnerCommutative && B == C)) {
486       if (B != D)
487         std::swap(C, D);
488       // Consider forming "(A op C) op' B".
489       // If "A op C" simplifies then it can be formed with no cost.
490       Value *V = SimplifyBinOp(TopLevelOpcode, A, C, DL);
491 
492       // If "A op C" doesn't simplify then only go on if both of the existing
493       // operations "A op' B" and "C op' D" will be zapped as no longer used.
494       if (!V && LHS->hasOneUse() && RHS->hasOneUse())
495         V = Builder->CreateBinOp(TopLevelOpcode, A, C, LHS->getName());
496       if (V) {
497         SimplifiedInst = Builder->CreateBinOp(InnerOpcode, V, B);
498       }
499     }
500 
501   if (SimplifiedInst) {
502     ++NumFactor;
503     SimplifiedInst->takeName(&I);
504 
505     // Check if we can add NSW flag to SimplifiedInst. If so, set NSW flag.
506     // TODO: Check for NUW.
507     if (BinaryOperator *BO = dyn_cast<BinaryOperator>(SimplifiedInst)) {
508       if (isa<OverflowingBinaryOperator>(SimplifiedInst)) {
509         bool HasNSW = false;
510         if (isa<OverflowingBinaryOperator>(&I))
511           HasNSW = I.hasNoSignedWrap();
512 
513         if (BinaryOperator *Op0 = dyn_cast<BinaryOperator>(LHS))
514           if (isa<OverflowingBinaryOperator>(Op0))
515             HasNSW &= Op0->hasNoSignedWrap();
516 
517         if (BinaryOperator *Op1 = dyn_cast<BinaryOperator>(RHS))
518           if (isa<OverflowingBinaryOperator>(Op1))
519             HasNSW &= Op1->hasNoSignedWrap();
520         BO->setHasNoSignedWrap(HasNSW);
521       }
522     }
523   }
524   return SimplifiedInst;
525 }
526 
527 /// SimplifyUsingDistributiveLaws - This tries to simplify binary operations
528 /// which some other binary operation distributes over either by factorizing
529 /// out common terms (eg "(A*B)+(A*C)" -> "A*(B+C)") or expanding out if this
530 /// results in simplifications (eg: "A & (B | C) -> (A&B) | (A&C)" if this is
531 /// a win).  Returns the simplified value, or null if it didn't simplify.
SimplifyUsingDistributiveLaws(BinaryOperator & I)532 Value *InstCombiner::SimplifyUsingDistributiveLaws(BinaryOperator &I) {
533   Value *LHS = I.getOperand(0), *RHS = I.getOperand(1);
534   BinaryOperator *Op0 = dyn_cast<BinaryOperator>(LHS);
535   BinaryOperator *Op1 = dyn_cast<BinaryOperator>(RHS);
536 
537   // Factorization.
538   Value *A = nullptr, *B = nullptr, *C = nullptr, *D = nullptr;
539   auto TopLevelOpcode = I.getOpcode();
540   auto LHSOpcode = getBinOpsForFactorization(TopLevelOpcode, Op0, A, B);
541   auto RHSOpcode = getBinOpsForFactorization(TopLevelOpcode, Op1, C, D);
542 
543   // The instruction has the form "(A op' B) op (C op' D)".  Try to factorize
544   // a common term.
545   if (LHSOpcode == RHSOpcode) {
546     if (Value *V = tryFactorization(Builder, DL, I, LHSOpcode, A, B, C, D))
547       return V;
548   }
549 
550   // The instruction has the form "(A op' B) op (C)".  Try to factorize common
551   // term.
552   if (Value *V = tryFactorization(Builder, DL, I, LHSOpcode, A, B, RHS,
553                                   getIdentityValue(LHSOpcode, RHS)))
554     return V;
555 
556   // The instruction has the form "(B) op (C op' D)".  Try to factorize common
557   // term.
558   if (Value *V = tryFactorization(Builder, DL, I, RHSOpcode, LHS,
559                                   getIdentityValue(RHSOpcode, LHS), C, D))
560     return V;
561 
562   // Expansion.
563   if (Op0 && RightDistributesOverLeft(Op0->getOpcode(), TopLevelOpcode)) {
564     // The instruction has the form "(A op' B) op C".  See if expanding it out
565     // to "(A op C) op' (B op C)" results in simplifications.
566     Value *A = Op0->getOperand(0), *B = Op0->getOperand(1), *C = RHS;
567     Instruction::BinaryOps InnerOpcode = Op0->getOpcode(); // op'
568 
569     // Do "A op C" and "B op C" both simplify?
570     if (Value *L = SimplifyBinOp(TopLevelOpcode, A, C, DL))
571       if (Value *R = SimplifyBinOp(TopLevelOpcode, B, C, DL)) {
572         // They do! Return "L op' R".
573         ++NumExpand;
574         // If "L op' R" equals "A op' B" then "L op' R" is just the LHS.
575         if ((L == A && R == B) ||
576             (Instruction::isCommutative(InnerOpcode) && L == B && R == A))
577           return Op0;
578         // Otherwise return "L op' R" if it simplifies.
579         if (Value *V = SimplifyBinOp(InnerOpcode, L, R, DL))
580           return V;
581         // Otherwise, create a new instruction.
582         C = Builder->CreateBinOp(InnerOpcode, L, R);
583         C->takeName(&I);
584         return C;
585       }
586   }
587 
588   if (Op1 && LeftDistributesOverRight(TopLevelOpcode, Op1->getOpcode())) {
589     // The instruction has the form "A op (B op' C)".  See if expanding it out
590     // to "(A op B) op' (A op C)" results in simplifications.
591     Value *A = LHS, *B = Op1->getOperand(0), *C = Op1->getOperand(1);
592     Instruction::BinaryOps InnerOpcode = Op1->getOpcode(); // op'
593 
594     // Do "A op B" and "A op C" both simplify?
595     if (Value *L = SimplifyBinOp(TopLevelOpcode, A, B, DL))
596       if (Value *R = SimplifyBinOp(TopLevelOpcode, A, C, DL)) {
597         // They do! Return "L op' R".
598         ++NumExpand;
599         // If "L op' R" equals "B op' C" then "L op' R" is just the RHS.
600         if ((L == B && R == C) ||
601             (Instruction::isCommutative(InnerOpcode) && L == C && R == B))
602           return Op1;
603         // Otherwise return "L op' R" if it simplifies.
604         if (Value *V = SimplifyBinOp(InnerOpcode, L, R, DL))
605           return V;
606         // Otherwise, create a new instruction.
607         A = Builder->CreateBinOp(InnerOpcode, L, R);
608         A->takeName(&I);
609         return A;
610       }
611   }
612 
613   return nullptr;
614 }
615 
616 // dyn_castNegVal - Given a 'sub' instruction, return the RHS of the instruction
617 // if the LHS is a constant zero (which is the 'negate' form).
618 //
dyn_castNegVal(Value * V) const619 Value *InstCombiner::dyn_castNegVal(Value *V) const {
620   if (BinaryOperator::isNeg(V))
621     return BinaryOperator::getNegArgument(V);
622 
623   // Constants can be considered to be negated values if they can be folded.
624   if (ConstantInt *C = dyn_cast<ConstantInt>(V))
625     return ConstantExpr::getNeg(C);
626 
627   if (ConstantDataVector *C = dyn_cast<ConstantDataVector>(V))
628     if (C->getType()->getElementType()->isIntegerTy())
629       return ConstantExpr::getNeg(C);
630 
631   return nullptr;
632 }
633 
634 // dyn_castFNegVal - Given a 'fsub' instruction, return the RHS of the
635 // instruction if the LHS is a constant negative zero (which is the 'negate'
636 // form).
637 //
dyn_castFNegVal(Value * V,bool IgnoreZeroSign) const638 Value *InstCombiner::dyn_castFNegVal(Value *V, bool IgnoreZeroSign) const {
639   if (BinaryOperator::isFNeg(V, IgnoreZeroSign))
640     return BinaryOperator::getFNegArgument(V);
641 
642   // Constants can be considered to be negated values if they can be folded.
643   if (ConstantFP *C = dyn_cast<ConstantFP>(V))
644     return ConstantExpr::getFNeg(C);
645 
646   if (ConstantDataVector *C = dyn_cast<ConstantDataVector>(V))
647     if (C->getType()->getElementType()->isFloatingPointTy())
648       return ConstantExpr::getFNeg(C);
649 
650   return nullptr;
651 }
652 
FoldOperationIntoSelectOperand(Instruction & I,Value * SO,InstCombiner * IC)653 static Value *FoldOperationIntoSelectOperand(Instruction &I, Value *SO,
654                                              InstCombiner *IC) {
655   if (CastInst *CI = dyn_cast<CastInst>(&I)) {
656     return IC->Builder->CreateCast(CI->getOpcode(), SO, I.getType());
657   }
658 
659   // Figure out if the constant is the left or the right argument.
660   bool ConstIsRHS = isa<Constant>(I.getOperand(1));
661   Constant *ConstOperand = cast<Constant>(I.getOperand(ConstIsRHS));
662 
663   if (Constant *SOC = dyn_cast<Constant>(SO)) {
664     if (ConstIsRHS)
665       return ConstantExpr::get(I.getOpcode(), SOC, ConstOperand);
666     return ConstantExpr::get(I.getOpcode(), ConstOperand, SOC);
667   }
668 
669   Value *Op0 = SO, *Op1 = ConstOperand;
670   if (!ConstIsRHS)
671     std::swap(Op0, Op1);
672 
673   if (BinaryOperator *BO = dyn_cast<BinaryOperator>(&I)) {
674     Value *RI = IC->Builder->CreateBinOp(BO->getOpcode(), Op0, Op1,
675                                     SO->getName()+".op");
676     Instruction *FPInst = dyn_cast<Instruction>(RI);
677     if (FPInst && isa<FPMathOperator>(FPInst))
678       FPInst->copyFastMathFlags(BO);
679     return RI;
680   }
681   if (ICmpInst *CI = dyn_cast<ICmpInst>(&I))
682     return IC->Builder->CreateICmp(CI->getPredicate(), Op0, Op1,
683                                    SO->getName()+".cmp");
684   if (FCmpInst *CI = dyn_cast<FCmpInst>(&I))
685     return IC->Builder->CreateICmp(CI->getPredicate(), Op0, Op1,
686                                    SO->getName()+".cmp");
687   llvm_unreachable("Unknown binary instruction type!");
688 }
689 
690 // FoldOpIntoSelect - Given an instruction with a select as one operand and a
691 // constant as the other operand, try to fold the binary operator into the
692 // select arguments.  This also works for Cast instructions, which obviously do
693 // not have a second operand.
FoldOpIntoSelect(Instruction & Op,SelectInst * SI)694 Instruction *InstCombiner::FoldOpIntoSelect(Instruction &Op, SelectInst *SI) {
695   // Don't modify shared select instructions
696   if (!SI->hasOneUse()) return nullptr;
697   Value *TV = SI->getOperand(1);
698   Value *FV = SI->getOperand(2);
699 
700   if (isa<Constant>(TV) || isa<Constant>(FV)) {
701     // Bool selects with constant operands can be folded to logical ops.
702     if (SI->getType()->isIntegerTy(1)) return nullptr;
703 
704     // If it's a bitcast involving vectors, make sure it has the same number of
705     // elements on both sides.
706     if (BitCastInst *BC = dyn_cast<BitCastInst>(&Op)) {
707       VectorType *DestTy = dyn_cast<VectorType>(BC->getDestTy());
708       VectorType *SrcTy = dyn_cast<VectorType>(BC->getSrcTy());
709 
710       // Verify that either both or neither are vectors.
711       if ((SrcTy == nullptr) != (DestTy == nullptr)) return nullptr;
712       // If vectors, verify that they have the same number of elements.
713       if (SrcTy && SrcTy->getNumElements() != DestTy->getNumElements())
714         return nullptr;
715     }
716 
717     Value *SelectTrueVal = FoldOperationIntoSelectOperand(Op, TV, this);
718     Value *SelectFalseVal = FoldOperationIntoSelectOperand(Op, FV, this);
719 
720     return SelectInst::Create(SI->getCondition(),
721                               SelectTrueVal, SelectFalseVal);
722   }
723   return nullptr;
724 }
725 
726 
727 /// FoldOpIntoPhi - Given a binary operator, cast instruction, or select which
728 /// has a PHI node as operand #0, see if we can fold the instruction into the
729 /// PHI (which is only possible if all operands to the PHI are constants).
730 ///
FoldOpIntoPhi(Instruction & I)731 Instruction *InstCombiner::FoldOpIntoPhi(Instruction &I) {
732   PHINode *PN = cast<PHINode>(I.getOperand(0));
733   unsigned NumPHIValues = PN->getNumIncomingValues();
734   if (NumPHIValues == 0)
735     return nullptr;
736 
737   // We normally only transform phis with a single use.  However, if a PHI has
738   // multiple uses and they are all the same operation, we can fold *all* of the
739   // uses into the PHI.
740   if (!PN->hasOneUse()) {
741     // Walk the use list for the instruction, comparing them to I.
742     for (User *U : PN->users()) {
743       Instruction *UI = cast<Instruction>(U);
744       if (UI != &I && !I.isIdenticalTo(UI))
745         return nullptr;
746     }
747     // Otherwise, we can replace *all* users with the new PHI we form.
748   }
749 
750   // Check to see if all of the operands of the PHI are simple constants
751   // (constantint/constantfp/undef).  If there is one non-constant value,
752   // remember the BB it is in.  If there is more than one or if *it* is a PHI,
753   // bail out.  We don't do arbitrary constant expressions here because moving
754   // their computation can be expensive without a cost model.
755   BasicBlock *NonConstBB = nullptr;
756   for (unsigned i = 0; i != NumPHIValues; ++i) {
757     Value *InVal = PN->getIncomingValue(i);
758     if (isa<Constant>(InVal) && !isa<ConstantExpr>(InVal))
759       continue;
760 
761     if (isa<PHINode>(InVal)) return nullptr;  // Itself a phi.
762     if (NonConstBB) return nullptr;  // More than one non-const value.
763 
764     NonConstBB = PN->getIncomingBlock(i);
765 
766     // If the InVal is an invoke at the end of the pred block, then we can't
767     // insert a computation after it without breaking the edge.
768     if (InvokeInst *II = dyn_cast<InvokeInst>(InVal))
769       if (II->getParent() == NonConstBB)
770         return nullptr;
771 
772     // If the incoming non-constant value is in I's block, we will remove one
773     // instruction, but insert another equivalent one, leading to infinite
774     // instcombine.
775     if (isPotentiallyReachable(I.getParent(), NonConstBB, DT, LI))
776       return nullptr;
777   }
778 
779   // If there is exactly one non-constant value, we can insert a copy of the
780   // operation in that block.  However, if this is a critical edge, we would be
781   // inserting the computation on some other paths (e.g. inside a loop).  Only
782   // do this if the pred block is unconditionally branching into the phi block.
783   if (NonConstBB != nullptr) {
784     BranchInst *BI = dyn_cast<BranchInst>(NonConstBB->getTerminator());
785     if (!BI || !BI->isUnconditional()) return nullptr;
786   }
787 
788   // Okay, we can do the transformation: create the new PHI node.
789   PHINode *NewPN = PHINode::Create(I.getType(), PN->getNumIncomingValues());
790   InsertNewInstBefore(NewPN, *PN);
791   NewPN->takeName(PN);
792 
793   // If we are going to have to insert a new computation, do so right before the
794   // predecessors terminator.
795   if (NonConstBB)
796     Builder->SetInsertPoint(NonConstBB->getTerminator());
797 
798   // Next, add all of the operands to the PHI.
799   if (SelectInst *SI = dyn_cast<SelectInst>(&I)) {
800     // We only currently try to fold the condition of a select when it is a phi,
801     // not the true/false values.
802     Value *TrueV = SI->getTrueValue();
803     Value *FalseV = SI->getFalseValue();
804     BasicBlock *PhiTransBB = PN->getParent();
805     for (unsigned i = 0; i != NumPHIValues; ++i) {
806       BasicBlock *ThisBB = PN->getIncomingBlock(i);
807       Value *TrueVInPred = TrueV->DoPHITranslation(PhiTransBB, ThisBB);
808       Value *FalseVInPred = FalseV->DoPHITranslation(PhiTransBB, ThisBB);
809       Value *InV = nullptr;
810       // Beware of ConstantExpr:  it may eventually evaluate to getNullValue,
811       // even if currently isNullValue gives false.
812       Constant *InC = dyn_cast<Constant>(PN->getIncomingValue(i));
813       if (InC && !isa<ConstantExpr>(InC))
814         InV = InC->isNullValue() ? FalseVInPred : TrueVInPred;
815       else
816         InV = Builder->CreateSelect(PN->getIncomingValue(i),
817                                     TrueVInPred, FalseVInPred, "phitmp");
818       NewPN->addIncoming(InV, ThisBB);
819     }
820   } else if (CmpInst *CI = dyn_cast<CmpInst>(&I)) {
821     Constant *C = cast<Constant>(I.getOperand(1));
822     for (unsigned i = 0; i != NumPHIValues; ++i) {
823       Value *InV = nullptr;
824       if (Constant *InC = dyn_cast<Constant>(PN->getIncomingValue(i)))
825         InV = ConstantExpr::getCompare(CI->getPredicate(), InC, C);
826       else if (isa<ICmpInst>(CI))
827         InV = Builder->CreateICmp(CI->getPredicate(), PN->getIncomingValue(i),
828                                   C, "phitmp");
829       else
830         InV = Builder->CreateFCmp(CI->getPredicate(), PN->getIncomingValue(i),
831                                   C, "phitmp");
832       NewPN->addIncoming(InV, PN->getIncomingBlock(i));
833     }
834   } else if (I.getNumOperands() == 2) {
835     Constant *C = cast<Constant>(I.getOperand(1));
836     for (unsigned i = 0; i != NumPHIValues; ++i) {
837       Value *InV = nullptr;
838       if (Constant *InC = dyn_cast<Constant>(PN->getIncomingValue(i)))
839         InV = ConstantExpr::get(I.getOpcode(), InC, C);
840       else
841         InV = Builder->CreateBinOp(cast<BinaryOperator>(I).getOpcode(),
842                                    PN->getIncomingValue(i), C, "phitmp");
843       NewPN->addIncoming(InV, PN->getIncomingBlock(i));
844     }
845   } else {
846     CastInst *CI = cast<CastInst>(&I);
847     Type *RetTy = CI->getType();
848     for (unsigned i = 0; i != NumPHIValues; ++i) {
849       Value *InV;
850       if (Constant *InC = dyn_cast<Constant>(PN->getIncomingValue(i)))
851         InV = ConstantExpr::getCast(CI->getOpcode(), InC, RetTy);
852       else
853         InV = Builder->CreateCast(CI->getOpcode(),
854                                 PN->getIncomingValue(i), I.getType(), "phitmp");
855       NewPN->addIncoming(InV, PN->getIncomingBlock(i));
856     }
857   }
858 
859   for (auto UI = PN->user_begin(), E = PN->user_end(); UI != E;) {
860     Instruction *User = cast<Instruction>(*UI++);
861     if (User == &I) continue;
862     ReplaceInstUsesWith(*User, NewPN);
863     EraseInstFromFunction(*User);
864   }
865   return ReplaceInstUsesWith(I, NewPN);
866 }
867 
868 /// FindElementAtOffset - Given a pointer type and a constant offset, determine
869 /// whether or not there is a sequence of GEP indices into the pointed type that
870 /// will land us at the specified offset.  If so, fill them into NewIndices and
871 /// return the resultant element type, otherwise return null.
FindElementAtOffset(PointerType * PtrTy,int64_t Offset,SmallVectorImpl<Value * > & NewIndices)872 Type *InstCombiner::FindElementAtOffset(PointerType *PtrTy, int64_t Offset,
873                                         SmallVectorImpl<Value *> &NewIndices) {
874   Type *Ty = PtrTy->getElementType();
875   if (!Ty->isSized())
876     return nullptr;
877 
878   // Start with the index over the outer type.  Note that the type size
879   // might be zero (even if the offset isn't zero) if the indexed type
880   // is something like [0 x {int, int}]
881   Type *IntPtrTy = DL.getIntPtrType(PtrTy);
882   int64_t FirstIdx = 0;
883   if (int64_t TySize = DL.getTypeAllocSize(Ty)) {
884     FirstIdx = Offset/TySize;
885     Offset -= FirstIdx*TySize;
886 
887     // Handle hosts where % returns negative instead of values [0..TySize).
888     if (Offset < 0) {
889       --FirstIdx;
890       Offset += TySize;
891       assert(Offset >= 0);
892     }
893     assert((uint64_t)Offset < (uint64_t)TySize && "Out of range offset");
894   }
895 
896   NewIndices.push_back(ConstantInt::get(IntPtrTy, FirstIdx));
897 
898   // Index into the types.  If we fail, set OrigBase to null.
899   while (Offset) {
900     // Indexing into tail padding between struct/array elements.
901     if (uint64_t(Offset * 8) >= DL.getTypeSizeInBits(Ty))
902       return nullptr;
903 
904     if (StructType *STy = dyn_cast<StructType>(Ty)) {
905       const StructLayout *SL = DL.getStructLayout(STy);
906       assert(Offset < (int64_t)SL->getSizeInBytes() &&
907              "Offset must stay within the indexed type");
908 
909       unsigned Elt = SL->getElementContainingOffset(Offset);
910       NewIndices.push_back(ConstantInt::get(Type::getInt32Ty(Ty->getContext()),
911                                             Elt));
912 
913       Offset -= SL->getElementOffset(Elt);
914       Ty = STy->getElementType(Elt);
915     } else if (ArrayType *AT = dyn_cast<ArrayType>(Ty)) {
916       uint64_t EltSize = DL.getTypeAllocSize(AT->getElementType());
917       assert(EltSize && "Cannot index into a zero-sized array");
918       NewIndices.push_back(ConstantInt::get(IntPtrTy,Offset/EltSize));
919       Offset %= EltSize;
920       Ty = AT->getElementType();
921     } else {
922       // Otherwise, we can't index into the middle of this atomic type, bail.
923       return nullptr;
924     }
925   }
926 
927   return Ty;
928 }
929 
shouldMergeGEPs(GEPOperator & GEP,GEPOperator & Src)930 static bool shouldMergeGEPs(GEPOperator &GEP, GEPOperator &Src) {
931   // If this GEP has only 0 indices, it is the same pointer as
932   // Src. If Src is not a trivial GEP too, don't combine
933   // the indices.
934   if (GEP.hasAllZeroIndices() && !Src.hasAllZeroIndices() &&
935       !Src.hasOneUse())
936     return false;
937   return true;
938 }
939 
940 /// Descale - Return a value X such that Val = X * Scale, or null if none.  If
941 /// the multiplication is known not to overflow then NoSignedWrap is set.
Descale(Value * Val,APInt Scale,bool & NoSignedWrap)942 Value *InstCombiner::Descale(Value *Val, APInt Scale, bool &NoSignedWrap) {
943   assert(isa<IntegerType>(Val->getType()) && "Can only descale integers!");
944   assert(cast<IntegerType>(Val->getType())->getBitWidth() ==
945          Scale.getBitWidth() && "Scale not compatible with value!");
946 
947   // If Val is zero or Scale is one then Val = Val * Scale.
948   if (match(Val, m_Zero()) || Scale == 1) {
949     NoSignedWrap = true;
950     return Val;
951   }
952 
953   // If Scale is zero then it does not divide Val.
954   if (Scale.isMinValue())
955     return nullptr;
956 
957   // Look through chains of multiplications, searching for a constant that is
958   // divisible by Scale.  For example, descaling X*(Y*(Z*4)) by a factor of 4
959   // will find the constant factor 4 and produce X*(Y*Z).  Descaling X*(Y*8) by
960   // a factor of 4 will produce X*(Y*2).  The principle of operation is to bore
961   // down from Val:
962   //
963   //     Val = M1 * X          ||   Analysis starts here and works down
964   //      M1 = M2 * Y          ||   Doesn't descend into terms with more
965   //      M2 =  Z * 4          \/   than one use
966   //
967   // Then to modify a term at the bottom:
968   //
969   //     Val = M1 * X
970   //      M1 =  Z * Y          ||   Replaced M2 with Z
971   //
972   // Then to work back up correcting nsw flags.
973 
974   // Op - the term we are currently analyzing.  Starts at Val then drills down.
975   // Replaced with its descaled value before exiting from the drill down loop.
976   Value *Op = Val;
977 
978   // Parent - initially null, but after drilling down notes where Op came from.
979   // In the example above, Parent is (Val, 0) when Op is M1, because M1 is the
980   // 0'th operand of Val.
981   std::pair<Instruction*, unsigned> Parent;
982 
983   // RequireNoSignedWrap - Set if the transform requires a descaling at deeper
984   // levels that doesn't overflow.
985   bool RequireNoSignedWrap = false;
986 
987   // logScale - log base 2 of the scale.  Negative if not a power of 2.
988   int32_t logScale = Scale.exactLogBase2();
989 
990   for (;; Op = Parent.first->getOperand(Parent.second)) { // Drill down
991 
992     if (ConstantInt *CI = dyn_cast<ConstantInt>(Op)) {
993       // If Op is a constant divisible by Scale then descale to the quotient.
994       APInt Quotient(Scale), Remainder(Scale); // Init ensures right bitwidth.
995       APInt::sdivrem(CI->getValue(), Scale, Quotient, Remainder);
996       if (!Remainder.isMinValue())
997         // Not divisible by Scale.
998         return nullptr;
999       // Replace with the quotient in the parent.
1000       Op = ConstantInt::get(CI->getType(), Quotient);
1001       NoSignedWrap = true;
1002       break;
1003     }
1004 
1005     if (BinaryOperator *BO = dyn_cast<BinaryOperator>(Op)) {
1006 
1007       if (BO->getOpcode() == Instruction::Mul) {
1008         // Multiplication.
1009         NoSignedWrap = BO->hasNoSignedWrap();
1010         if (RequireNoSignedWrap && !NoSignedWrap)
1011           return nullptr;
1012 
1013         // There are three cases for multiplication: multiplication by exactly
1014         // the scale, multiplication by a constant different to the scale, and
1015         // multiplication by something else.
1016         Value *LHS = BO->getOperand(0);
1017         Value *RHS = BO->getOperand(1);
1018 
1019         if (ConstantInt *CI = dyn_cast<ConstantInt>(RHS)) {
1020           // Multiplication by a constant.
1021           if (CI->getValue() == Scale) {
1022             // Multiplication by exactly the scale, replace the multiplication
1023             // by its left-hand side in the parent.
1024             Op = LHS;
1025             break;
1026           }
1027 
1028           // Otherwise drill down into the constant.
1029           if (!Op->hasOneUse())
1030             return nullptr;
1031 
1032           Parent = std::make_pair(BO, 1);
1033           continue;
1034         }
1035 
1036         // Multiplication by something else. Drill down into the left-hand side
1037         // since that's where the reassociate pass puts the good stuff.
1038         if (!Op->hasOneUse())
1039           return nullptr;
1040 
1041         Parent = std::make_pair(BO, 0);
1042         continue;
1043       }
1044 
1045       if (logScale > 0 && BO->getOpcode() == Instruction::Shl &&
1046           isa<ConstantInt>(BO->getOperand(1))) {
1047         // Multiplication by a power of 2.
1048         NoSignedWrap = BO->hasNoSignedWrap();
1049         if (RequireNoSignedWrap && !NoSignedWrap)
1050           return nullptr;
1051 
1052         Value *LHS = BO->getOperand(0);
1053         int32_t Amt = cast<ConstantInt>(BO->getOperand(1))->
1054           getLimitedValue(Scale.getBitWidth());
1055         // Op = LHS << Amt.
1056 
1057         if (Amt == logScale) {
1058           // Multiplication by exactly the scale, replace the multiplication
1059           // by its left-hand side in the parent.
1060           Op = LHS;
1061           break;
1062         }
1063         if (Amt < logScale || !Op->hasOneUse())
1064           return nullptr;
1065 
1066         // Multiplication by more than the scale.  Reduce the multiplying amount
1067         // by the scale in the parent.
1068         Parent = std::make_pair(BO, 1);
1069         Op = ConstantInt::get(BO->getType(), Amt - logScale);
1070         break;
1071       }
1072     }
1073 
1074     if (!Op->hasOneUse())
1075       return nullptr;
1076 
1077     if (CastInst *Cast = dyn_cast<CastInst>(Op)) {
1078       if (Cast->getOpcode() == Instruction::SExt) {
1079         // Op is sign-extended from a smaller type, descale in the smaller type.
1080         unsigned SmallSize = Cast->getSrcTy()->getPrimitiveSizeInBits();
1081         APInt SmallScale = Scale.trunc(SmallSize);
1082         // Suppose Op = sext X, and we descale X as Y * SmallScale.  We want to
1083         // descale Op as (sext Y) * Scale.  In order to have
1084         //   sext (Y * SmallScale) = (sext Y) * Scale
1085         // some conditions need to hold however: SmallScale must sign-extend to
1086         // Scale and the multiplication Y * SmallScale should not overflow.
1087         if (SmallScale.sext(Scale.getBitWidth()) != Scale)
1088           // SmallScale does not sign-extend to Scale.
1089           return nullptr;
1090         assert(SmallScale.exactLogBase2() == logScale);
1091         // Require that Y * SmallScale must not overflow.
1092         RequireNoSignedWrap = true;
1093 
1094         // Drill down through the cast.
1095         Parent = std::make_pair(Cast, 0);
1096         Scale = SmallScale;
1097         continue;
1098       }
1099 
1100       if (Cast->getOpcode() == Instruction::Trunc) {
1101         // Op is truncated from a larger type, descale in the larger type.
1102         // Suppose Op = trunc X, and we descale X as Y * sext Scale.  Then
1103         //   trunc (Y * sext Scale) = (trunc Y) * Scale
1104         // always holds.  However (trunc Y) * Scale may overflow even if
1105         // trunc (Y * sext Scale) does not, so nsw flags need to be cleared
1106         // from this point up in the expression (see later).
1107         if (RequireNoSignedWrap)
1108           return nullptr;
1109 
1110         // Drill down through the cast.
1111         unsigned LargeSize = Cast->getSrcTy()->getPrimitiveSizeInBits();
1112         Parent = std::make_pair(Cast, 0);
1113         Scale = Scale.sext(LargeSize);
1114         if (logScale + 1 == (int32_t)Cast->getType()->getPrimitiveSizeInBits())
1115           logScale = -1;
1116         assert(Scale.exactLogBase2() == logScale);
1117         continue;
1118       }
1119     }
1120 
1121     // Unsupported expression, bail out.
1122     return nullptr;
1123   }
1124 
1125   // If Op is zero then Val = Op * Scale.
1126   if (match(Op, m_Zero())) {
1127     NoSignedWrap = true;
1128     return Op;
1129   }
1130 
1131   // We know that we can successfully descale, so from here on we can safely
1132   // modify the IR.  Op holds the descaled version of the deepest term in the
1133   // expression.  NoSignedWrap is 'true' if multiplying Op by Scale is known
1134   // not to overflow.
1135 
1136   if (!Parent.first)
1137     // The expression only had one term.
1138     return Op;
1139 
1140   // Rewrite the parent using the descaled version of its operand.
1141   assert(Parent.first->hasOneUse() && "Drilled down when more than one use!");
1142   assert(Op != Parent.first->getOperand(Parent.second) &&
1143          "Descaling was a no-op?");
1144   Parent.first->setOperand(Parent.second, Op);
1145   Worklist.Add(Parent.first);
1146 
1147   // Now work back up the expression correcting nsw flags.  The logic is based
1148   // on the following observation: if X * Y is known not to overflow as a signed
1149   // multiplication, and Y is replaced by a value Z with smaller absolute value,
1150   // then X * Z will not overflow as a signed multiplication either.  As we work
1151   // our way up, having NoSignedWrap 'true' means that the descaled value at the
1152   // current level has strictly smaller absolute value than the original.
1153   Instruction *Ancestor = Parent.first;
1154   do {
1155     if (BinaryOperator *BO = dyn_cast<BinaryOperator>(Ancestor)) {
1156       // If the multiplication wasn't nsw then we can't say anything about the
1157       // value of the descaled multiplication, and we have to clear nsw flags
1158       // from this point on up.
1159       bool OpNoSignedWrap = BO->hasNoSignedWrap();
1160       NoSignedWrap &= OpNoSignedWrap;
1161       if (NoSignedWrap != OpNoSignedWrap) {
1162         BO->setHasNoSignedWrap(NoSignedWrap);
1163         Worklist.Add(Ancestor);
1164       }
1165     } else if (Ancestor->getOpcode() == Instruction::Trunc) {
1166       // The fact that the descaled input to the trunc has smaller absolute
1167       // value than the original input doesn't tell us anything useful about
1168       // the absolute values of the truncations.
1169       NoSignedWrap = false;
1170     }
1171     assert((Ancestor->getOpcode() != Instruction::SExt || NoSignedWrap) &&
1172            "Failed to keep proper track of nsw flags while drilling down?");
1173 
1174     if (Ancestor == Val)
1175       // Got to the top, all done!
1176       return Val;
1177 
1178     // Move up one level in the expression.
1179     assert(Ancestor->hasOneUse() && "Drilled down when more than one use!");
1180     Ancestor = Ancestor->user_back();
1181   } while (1);
1182 }
1183 
1184 /// \brief Creates node of binary operation with the same attributes as the
1185 /// specified one but with other operands.
CreateBinOpAsGiven(BinaryOperator & Inst,Value * LHS,Value * RHS,InstCombiner::BuilderTy * B)1186 static Value *CreateBinOpAsGiven(BinaryOperator &Inst, Value *LHS, Value *RHS,
1187                                  InstCombiner::BuilderTy *B) {
1188   Value *BORes = B->CreateBinOp(Inst.getOpcode(), LHS, RHS);
1189   if (BinaryOperator *NewBO = dyn_cast<BinaryOperator>(BORes)) {
1190     if (isa<OverflowingBinaryOperator>(NewBO)) {
1191       NewBO->setHasNoSignedWrap(Inst.hasNoSignedWrap());
1192       NewBO->setHasNoUnsignedWrap(Inst.hasNoUnsignedWrap());
1193     }
1194     if (isa<PossiblyExactOperator>(NewBO))
1195       NewBO->setIsExact(Inst.isExact());
1196   }
1197   return BORes;
1198 }
1199 
1200 /// \brief Makes transformation of binary operation specific for vector types.
1201 /// \param Inst Binary operator to transform.
1202 /// \return Pointer to node that must replace the original binary operator, or
1203 ///         null pointer if no transformation was made.
SimplifyVectorOp(BinaryOperator & Inst)1204 Value *InstCombiner::SimplifyVectorOp(BinaryOperator &Inst) {
1205   if (!Inst.getType()->isVectorTy()) return nullptr;
1206 
1207   // It may not be safe to reorder shuffles and things like div, urem, etc.
1208   // because we may trap when executing those ops on unknown vector elements.
1209   // See PR20059.
1210   if (!isSafeToSpeculativelyExecute(&Inst))
1211     return nullptr;
1212 
1213   unsigned VWidth = cast<VectorType>(Inst.getType())->getNumElements();
1214   Value *LHS = Inst.getOperand(0), *RHS = Inst.getOperand(1);
1215   assert(cast<VectorType>(LHS->getType())->getNumElements() == VWidth);
1216   assert(cast<VectorType>(RHS->getType())->getNumElements() == VWidth);
1217 
1218   // If both arguments of binary operation are shuffles, which use the same
1219   // mask and shuffle within a single vector, it is worthwhile to move the
1220   // shuffle after binary operation:
1221   //   Op(shuffle(v1, m), shuffle(v2, m)) -> shuffle(Op(v1, v2), m)
1222   if (isa<ShuffleVectorInst>(LHS) && isa<ShuffleVectorInst>(RHS)) {
1223     ShuffleVectorInst *LShuf = cast<ShuffleVectorInst>(LHS);
1224     ShuffleVectorInst *RShuf = cast<ShuffleVectorInst>(RHS);
1225     if (isa<UndefValue>(LShuf->getOperand(1)) &&
1226         isa<UndefValue>(RShuf->getOperand(1)) &&
1227         LShuf->getOperand(0)->getType() == RShuf->getOperand(0)->getType() &&
1228         LShuf->getMask() == RShuf->getMask()) {
1229       Value *NewBO = CreateBinOpAsGiven(Inst, LShuf->getOperand(0),
1230           RShuf->getOperand(0), Builder);
1231       Value *Res = Builder->CreateShuffleVector(NewBO,
1232           UndefValue::get(NewBO->getType()), LShuf->getMask());
1233       return Res;
1234     }
1235   }
1236 
1237   // If one argument is a shuffle within one vector, the other is a constant,
1238   // try moving the shuffle after the binary operation.
1239   ShuffleVectorInst *Shuffle = nullptr;
1240   Constant *C1 = nullptr;
1241   if (isa<ShuffleVectorInst>(LHS)) Shuffle = cast<ShuffleVectorInst>(LHS);
1242   if (isa<ShuffleVectorInst>(RHS)) Shuffle = cast<ShuffleVectorInst>(RHS);
1243   if (isa<Constant>(LHS)) C1 = cast<Constant>(LHS);
1244   if (isa<Constant>(RHS)) C1 = cast<Constant>(RHS);
1245   if (Shuffle && C1 &&
1246       (isa<ConstantVector>(C1) || isa<ConstantDataVector>(C1)) &&
1247       isa<UndefValue>(Shuffle->getOperand(1)) &&
1248       Shuffle->getType() == Shuffle->getOperand(0)->getType()) {
1249     SmallVector<int, 16> ShMask = Shuffle->getShuffleMask();
1250     // Find constant C2 that has property:
1251     //   shuffle(C2, ShMask) = C1
1252     // If such constant does not exist (example: ShMask=<0,0> and C1=<1,2>)
1253     // reorder is not possible.
1254     SmallVector<Constant*, 16> C2M(VWidth,
1255                                UndefValue::get(C1->getType()->getScalarType()));
1256     bool MayChange = true;
1257     for (unsigned I = 0; I < VWidth; ++I) {
1258       if (ShMask[I] >= 0) {
1259         assert(ShMask[I] < (int)VWidth);
1260         if (!isa<UndefValue>(C2M[ShMask[I]])) {
1261           MayChange = false;
1262           break;
1263         }
1264         C2M[ShMask[I]] = C1->getAggregateElement(I);
1265       }
1266     }
1267     if (MayChange) {
1268       Constant *C2 = ConstantVector::get(C2M);
1269       Value *NewLHS, *NewRHS;
1270       if (isa<Constant>(LHS)) {
1271         NewLHS = C2;
1272         NewRHS = Shuffle->getOperand(0);
1273       } else {
1274         NewLHS = Shuffle->getOperand(0);
1275         NewRHS = C2;
1276       }
1277       Value *NewBO = CreateBinOpAsGiven(Inst, NewLHS, NewRHS, Builder);
1278       Value *Res = Builder->CreateShuffleVector(NewBO,
1279           UndefValue::get(Inst.getType()), Shuffle->getMask());
1280       return Res;
1281     }
1282   }
1283 
1284   return nullptr;
1285 }
1286 
visitGetElementPtrInst(GetElementPtrInst & GEP)1287 Instruction *InstCombiner::visitGetElementPtrInst(GetElementPtrInst &GEP) {
1288   SmallVector<Value*, 8> Ops(GEP.op_begin(), GEP.op_end());
1289 
1290   if (Value *V = SimplifyGEPInst(Ops, DL, TLI, DT, AC))
1291     return ReplaceInstUsesWith(GEP, V);
1292 
1293   Value *PtrOp = GEP.getOperand(0);
1294 
1295   // Eliminate unneeded casts for indices, and replace indices which displace
1296   // by multiples of a zero size type with zero.
1297   bool MadeChange = false;
1298   Type *IntPtrTy = DL.getIntPtrType(GEP.getPointerOperandType());
1299 
1300   gep_type_iterator GTI = gep_type_begin(GEP);
1301   for (User::op_iterator I = GEP.op_begin() + 1, E = GEP.op_end(); I != E;
1302        ++I, ++GTI) {
1303     // Skip indices into struct types.
1304     SequentialType *SeqTy = dyn_cast<SequentialType>(*GTI);
1305     if (!SeqTy)
1306       continue;
1307 
1308     // If the element type has zero size then any index over it is equivalent
1309     // to an index of zero, so replace it with zero if it is not zero already.
1310     if (SeqTy->getElementType()->isSized() &&
1311         DL.getTypeAllocSize(SeqTy->getElementType()) == 0)
1312       if (!isa<Constant>(*I) || !cast<Constant>(*I)->isNullValue()) {
1313         *I = Constant::getNullValue(IntPtrTy);
1314         MadeChange = true;
1315       }
1316 
1317     Type *IndexTy = (*I)->getType();
1318     if (IndexTy != IntPtrTy) {
1319       // If we are using a wider index than needed for this platform, shrink
1320       // it to what we need.  If narrower, sign-extend it to what we need.
1321       // This explicit cast can make subsequent optimizations more obvious.
1322       *I = Builder->CreateIntCast(*I, IntPtrTy, true);
1323       MadeChange = true;
1324     }
1325   }
1326   if (MadeChange)
1327     return &GEP;
1328 
1329   // Check to see if the inputs to the PHI node are getelementptr instructions.
1330   if (PHINode *PN = dyn_cast<PHINode>(PtrOp)) {
1331     GetElementPtrInst *Op1 = dyn_cast<GetElementPtrInst>(PN->getOperand(0));
1332     if (!Op1)
1333       return nullptr;
1334 
1335     // Don't fold a GEP into itself through a PHI node. This can only happen
1336     // through the back-edge of a loop. Folding a GEP into itself means that
1337     // the value of the previous iteration needs to be stored in the meantime,
1338     // thus requiring an additional register variable to be live, but not
1339     // actually achieving anything (the GEP still needs to be executed once per
1340     // loop iteration).
1341     if (Op1 == &GEP)
1342       return nullptr;
1343 
1344     signed DI = -1;
1345 
1346     for (auto I = PN->op_begin()+1, E = PN->op_end(); I !=E; ++I) {
1347       GetElementPtrInst *Op2 = dyn_cast<GetElementPtrInst>(*I);
1348       if (!Op2 || Op1->getNumOperands() != Op2->getNumOperands())
1349         return nullptr;
1350 
1351       // As for Op1 above, don't try to fold a GEP into itself.
1352       if (Op2 == &GEP)
1353         return nullptr;
1354 
1355       // Keep track of the type as we walk the GEP.
1356       Type *CurTy = Op1->getOperand(0)->getType()->getScalarType();
1357 
1358       for (unsigned J = 0, F = Op1->getNumOperands(); J != F; ++J) {
1359         if (Op1->getOperand(J)->getType() != Op2->getOperand(J)->getType())
1360           return nullptr;
1361 
1362         if (Op1->getOperand(J) != Op2->getOperand(J)) {
1363           if (DI == -1) {
1364             // We have not seen any differences yet in the GEPs feeding the
1365             // PHI yet, so we record this one if it is allowed to be a
1366             // variable.
1367 
1368             // The first two arguments can vary for any GEP, the rest have to be
1369             // static for struct slots
1370             if (J > 1 && CurTy->isStructTy())
1371               return nullptr;
1372 
1373             DI = J;
1374           } else {
1375             // The GEP is different by more than one input. While this could be
1376             // extended to support GEPs that vary by more than one variable it
1377             // doesn't make sense since it greatly increases the complexity and
1378             // would result in an R+R+R addressing mode which no backend
1379             // directly supports and would need to be broken into several
1380             // simpler instructions anyway.
1381             return nullptr;
1382           }
1383         }
1384 
1385         // Sink down a layer of the type for the next iteration.
1386         if (J > 0) {
1387           if (CompositeType *CT = dyn_cast<CompositeType>(CurTy)) {
1388             CurTy = CT->getTypeAtIndex(Op1->getOperand(J));
1389           } else {
1390             CurTy = nullptr;
1391           }
1392         }
1393       }
1394     }
1395 
1396     GetElementPtrInst *NewGEP = cast<GetElementPtrInst>(Op1->clone());
1397 
1398     if (DI == -1) {
1399       // All the GEPs feeding the PHI are identical. Clone one down into our
1400       // BB so that it can be merged with the current GEP.
1401       GEP.getParent()->getInstList().insert(
1402           GEP.getParent()->getFirstInsertionPt(), NewGEP);
1403     } else {
1404       // All the GEPs feeding the PHI differ at a single offset. Clone a GEP
1405       // into the current block so it can be merged, and create a new PHI to
1406       // set that index.
1407       Instruction *InsertPt = Builder->GetInsertPoint();
1408       Builder->SetInsertPoint(PN);
1409       PHINode *NewPN = Builder->CreatePHI(Op1->getOperand(DI)->getType(),
1410                                           PN->getNumOperands());
1411       Builder->SetInsertPoint(InsertPt);
1412 
1413       for (auto &I : PN->operands())
1414         NewPN->addIncoming(cast<GEPOperator>(I)->getOperand(DI),
1415                            PN->getIncomingBlock(I));
1416 
1417       NewGEP->setOperand(DI, NewPN);
1418       GEP.getParent()->getInstList().insert(
1419           GEP.getParent()->getFirstInsertionPt(), NewGEP);
1420       NewGEP->setOperand(DI, NewPN);
1421     }
1422 
1423     GEP.setOperand(0, NewGEP);
1424     PtrOp = NewGEP;
1425   }
1426 
1427   // Combine Indices - If the source pointer to this getelementptr instruction
1428   // is a getelementptr instruction, combine the indices of the two
1429   // getelementptr instructions into a single instruction.
1430   //
1431   if (GEPOperator *Src = dyn_cast<GEPOperator>(PtrOp)) {
1432     if (!shouldMergeGEPs(*cast<GEPOperator>(&GEP), *Src))
1433       return nullptr;
1434 
1435     // Note that if our source is a gep chain itself then we wait for that
1436     // chain to be resolved before we perform this transformation.  This
1437     // avoids us creating a TON of code in some cases.
1438     if (GEPOperator *SrcGEP =
1439           dyn_cast<GEPOperator>(Src->getOperand(0)))
1440       if (SrcGEP->getNumOperands() == 2 && shouldMergeGEPs(*Src, *SrcGEP))
1441         return nullptr;   // Wait until our source is folded to completion.
1442 
1443     SmallVector<Value*, 8> Indices;
1444 
1445     // Find out whether the last index in the source GEP is a sequential idx.
1446     bool EndsWithSequential = false;
1447     for (gep_type_iterator I = gep_type_begin(*Src), E = gep_type_end(*Src);
1448          I != E; ++I)
1449       EndsWithSequential = !(*I)->isStructTy();
1450 
1451     // Can we combine the two pointer arithmetics offsets?
1452     if (EndsWithSequential) {
1453       // Replace: gep (gep %P, long B), long A, ...
1454       // With:    T = long A+B; gep %P, T, ...
1455       //
1456       Value *Sum;
1457       Value *SO1 = Src->getOperand(Src->getNumOperands()-1);
1458       Value *GO1 = GEP.getOperand(1);
1459       if (SO1 == Constant::getNullValue(SO1->getType())) {
1460         Sum = GO1;
1461       } else if (GO1 == Constant::getNullValue(GO1->getType())) {
1462         Sum = SO1;
1463       } else {
1464         // If they aren't the same type, then the input hasn't been processed
1465         // by the loop above yet (which canonicalizes sequential index types to
1466         // intptr_t).  Just avoid transforming this until the input has been
1467         // normalized.
1468         if (SO1->getType() != GO1->getType())
1469           return nullptr;
1470         Sum = Builder->CreateAdd(SO1, GO1, PtrOp->getName()+".sum");
1471       }
1472 
1473       // Update the GEP in place if possible.
1474       if (Src->getNumOperands() == 2) {
1475         GEP.setOperand(0, Src->getOperand(0));
1476         GEP.setOperand(1, Sum);
1477         return &GEP;
1478       }
1479       Indices.append(Src->op_begin()+1, Src->op_end()-1);
1480       Indices.push_back(Sum);
1481       Indices.append(GEP.op_begin()+2, GEP.op_end());
1482     } else if (isa<Constant>(*GEP.idx_begin()) &&
1483                cast<Constant>(*GEP.idx_begin())->isNullValue() &&
1484                Src->getNumOperands() != 1) {
1485       // Otherwise we can do the fold if the first index of the GEP is a zero
1486       Indices.append(Src->op_begin()+1, Src->op_end());
1487       Indices.append(GEP.idx_begin()+1, GEP.idx_end());
1488     }
1489 
1490     if (!Indices.empty())
1491       return GEP.isInBounds() && Src->isInBounds()
1492                  ? GetElementPtrInst::CreateInBounds(
1493                        Src->getSourceElementType(), Src->getOperand(0), Indices,
1494                        GEP.getName())
1495                  : GetElementPtrInst::Create(Src->getSourceElementType(),
1496                                              Src->getOperand(0), Indices,
1497                                              GEP.getName());
1498   }
1499 
1500   if (GEP.getNumIndices() == 1) {
1501     unsigned AS = GEP.getPointerAddressSpace();
1502     if (GEP.getOperand(1)->getType()->getScalarSizeInBits() ==
1503         DL.getPointerSizeInBits(AS)) {
1504       Type *PtrTy = GEP.getPointerOperandType();
1505       Type *Ty = PtrTy->getPointerElementType();
1506       uint64_t TyAllocSize = DL.getTypeAllocSize(Ty);
1507 
1508       bool Matched = false;
1509       uint64_t C;
1510       Value *V = nullptr;
1511       if (TyAllocSize == 1) {
1512         V = GEP.getOperand(1);
1513         Matched = true;
1514       } else if (match(GEP.getOperand(1),
1515                        m_AShr(m_Value(V), m_ConstantInt(C)))) {
1516         if (TyAllocSize == 1ULL << C)
1517           Matched = true;
1518       } else if (match(GEP.getOperand(1),
1519                        m_SDiv(m_Value(V), m_ConstantInt(C)))) {
1520         if (TyAllocSize == C)
1521           Matched = true;
1522       }
1523 
1524       if (Matched) {
1525         // Canonicalize (gep i8* X, -(ptrtoint Y))
1526         // to (inttoptr (sub (ptrtoint X), (ptrtoint Y)))
1527         // The GEP pattern is emitted by the SCEV expander for certain kinds of
1528         // pointer arithmetic.
1529         if (match(V, m_Neg(m_PtrToInt(m_Value())))) {
1530           Operator *Index = cast<Operator>(V);
1531           Value *PtrToInt = Builder->CreatePtrToInt(PtrOp, Index->getType());
1532           Value *NewSub = Builder->CreateSub(PtrToInt, Index->getOperand(1));
1533           return CastInst::Create(Instruction::IntToPtr, NewSub, GEP.getType());
1534         }
1535         // Canonicalize (gep i8* X, (ptrtoint Y)-(ptrtoint X))
1536         // to (bitcast Y)
1537         Value *Y;
1538         if (match(V, m_Sub(m_PtrToInt(m_Value(Y)),
1539                            m_PtrToInt(m_Specific(GEP.getOperand(0)))))) {
1540           return CastInst::CreatePointerBitCastOrAddrSpaceCast(Y,
1541                                                                GEP.getType());
1542         }
1543       }
1544     }
1545   }
1546 
1547   // Handle gep(bitcast x) and gep(gep x, 0, 0, 0).
1548   Value *StrippedPtr = PtrOp->stripPointerCasts();
1549   PointerType *StrippedPtrTy = dyn_cast<PointerType>(StrippedPtr->getType());
1550 
1551   // We do not handle pointer-vector geps here.
1552   if (!StrippedPtrTy)
1553     return nullptr;
1554 
1555   if (StrippedPtr != PtrOp) {
1556     bool HasZeroPointerIndex = false;
1557     if (ConstantInt *C = dyn_cast<ConstantInt>(GEP.getOperand(1)))
1558       HasZeroPointerIndex = C->isZero();
1559 
1560     // Transform: GEP (bitcast [10 x i8]* X to [0 x i8]*), i32 0, ...
1561     // into     : GEP [10 x i8]* X, i32 0, ...
1562     //
1563     // Likewise, transform: GEP (bitcast i8* X to [0 x i8]*), i32 0, ...
1564     //           into     : GEP i8* X, ...
1565     //
1566     // This occurs when the program declares an array extern like "int X[];"
1567     if (HasZeroPointerIndex) {
1568       PointerType *CPTy = cast<PointerType>(PtrOp->getType());
1569       if (ArrayType *CATy =
1570           dyn_cast<ArrayType>(CPTy->getElementType())) {
1571         // GEP (bitcast i8* X to [0 x i8]*), i32 0, ... ?
1572         if (CATy->getElementType() == StrippedPtrTy->getElementType()) {
1573           // -> GEP i8* X, ...
1574           SmallVector<Value*, 8> Idx(GEP.idx_begin()+1, GEP.idx_end());
1575           GetElementPtrInst *Res = GetElementPtrInst::Create(
1576               StrippedPtrTy->getElementType(), StrippedPtr, Idx, GEP.getName());
1577           Res->setIsInBounds(GEP.isInBounds());
1578           if (StrippedPtrTy->getAddressSpace() == GEP.getAddressSpace())
1579             return Res;
1580           // Insert Res, and create an addrspacecast.
1581           // e.g.,
1582           // GEP (addrspacecast i8 addrspace(1)* X to [0 x i8]*), i32 0, ...
1583           // ->
1584           // %0 = GEP i8 addrspace(1)* X, ...
1585           // addrspacecast i8 addrspace(1)* %0 to i8*
1586           return new AddrSpaceCastInst(Builder->Insert(Res), GEP.getType());
1587         }
1588 
1589         if (ArrayType *XATy =
1590               dyn_cast<ArrayType>(StrippedPtrTy->getElementType())){
1591           // GEP (bitcast [10 x i8]* X to [0 x i8]*), i32 0, ... ?
1592           if (CATy->getElementType() == XATy->getElementType()) {
1593             // -> GEP [10 x i8]* X, i32 0, ...
1594             // At this point, we know that the cast source type is a pointer
1595             // to an array of the same type as the destination pointer
1596             // array.  Because the array type is never stepped over (there
1597             // is a leading zero) we can fold the cast into this GEP.
1598             if (StrippedPtrTy->getAddressSpace() == GEP.getAddressSpace()) {
1599               GEP.setOperand(0, StrippedPtr);
1600               return &GEP;
1601             }
1602             // Cannot replace the base pointer directly because StrippedPtr's
1603             // address space is different. Instead, create a new GEP followed by
1604             // an addrspacecast.
1605             // e.g.,
1606             // GEP (addrspacecast [10 x i8] addrspace(1)* X to [0 x i8]*),
1607             //   i32 0, ...
1608             // ->
1609             // %0 = GEP [10 x i8] addrspace(1)* X, ...
1610             // addrspacecast i8 addrspace(1)* %0 to i8*
1611             SmallVector<Value*, 8> Idx(GEP.idx_begin(), GEP.idx_end());
1612             Value *NewGEP = GEP.isInBounds()
1613                                 ? Builder->CreateInBoundsGEP(
1614                                       nullptr, StrippedPtr, Idx, GEP.getName())
1615                                 : Builder->CreateGEP(nullptr, StrippedPtr, Idx,
1616                                                      GEP.getName());
1617             return new AddrSpaceCastInst(NewGEP, GEP.getType());
1618           }
1619         }
1620       }
1621     } else if (GEP.getNumOperands() == 2) {
1622       // Transform things like:
1623       // %t = getelementptr i32* bitcast ([2 x i32]* %str to i32*), i32 %V
1624       // into:  %t1 = getelementptr [2 x i32]* %str, i32 0, i32 %V; bitcast
1625       Type *SrcElTy = StrippedPtrTy->getElementType();
1626       Type *ResElTy = PtrOp->getType()->getPointerElementType();
1627       if (SrcElTy->isArrayTy() &&
1628           DL.getTypeAllocSize(SrcElTy->getArrayElementType()) ==
1629               DL.getTypeAllocSize(ResElTy)) {
1630         Type *IdxType = DL.getIntPtrType(GEP.getType());
1631         Value *Idx[2] = { Constant::getNullValue(IdxType), GEP.getOperand(1) };
1632         Value *NewGEP =
1633             GEP.isInBounds()
1634                 ? Builder->CreateInBoundsGEP(nullptr, StrippedPtr, Idx,
1635                                              GEP.getName())
1636                 : Builder->CreateGEP(nullptr, StrippedPtr, Idx, GEP.getName());
1637 
1638         // V and GEP are both pointer types --> BitCast
1639         return CastInst::CreatePointerBitCastOrAddrSpaceCast(NewGEP,
1640                                                              GEP.getType());
1641       }
1642 
1643       // Transform things like:
1644       // %V = mul i64 %N, 4
1645       // %t = getelementptr i8* bitcast (i32* %arr to i8*), i32 %V
1646       // into:  %t1 = getelementptr i32* %arr, i32 %N; bitcast
1647       if (ResElTy->isSized() && SrcElTy->isSized()) {
1648         // Check that changing the type amounts to dividing the index by a scale
1649         // factor.
1650         uint64_t ResSize = DL.getTypeAllocSize(ResElTy);
1651         uint64_t SrcSize = DL.getTypeAllocSize(SrcElTy);
1652         if (ResSize && SrcSize % ResSize == 0) {
1653           Value *Idx = GEP.getOperand(1);
1654           unsigned BitWidth = Idx->getType()->getPrimitiveSizeInBits();
1655           uint64_t Scale = SrcSize / ResSize;
1656 
1657           // Earlier transforms ensure that the index has type IntPtrType, which
1658           // considerably simplifies the logic by eliminating implicit casts.
1659           assert(Idx->getType() == DL.getIntPtrType(GEP.getType()) &&
1660                  "Index not cast to pointer width?");
1661 
1662           bool NSW;
1663           if (Value *NewIdx = Descale(Idx, APInt(BitWidth, Scale), NSW)) {
1664             // Successfully decomposed Idx as NewIdx * Scale, form a new GEP.
1665             // If the multiplication NewIdx * Scale may overflow then the new
1666             // GEP may not be "inbounds".
1667             Value *NewGEP =
1668                 GEP.isInBounds() && NSW
1669                     ? Builder->CreateInBoundsGEP(nullptr, StrippedPtr, NewIdx,
1670                                                  GEP.getName())
1671                     : Builder->CreateGEP(nullptr, StrippedPtr, NewIdx,
1672                                          GEP.getName());
1673 
1674             // The NewGEP must be pointer typed, so must the old one -> BitCast
1675             return CastInst::CreatePointerBitCastOrAddrSpaceCast(NewGEP,
1676                                                                  GEP.getType());
1677           }
1678         }
1679       }
1680 
1681       // Similarly, transform things like:
1682       // getelementptr i8* bitcast ([100 x double]* X to i8*), i32 %tmp
1683       //   (where tmp = 8*tmp2) into:
1684       // getelementptr [100 x double]* %arr, i32 0, i32 %tmp2; bitcast
1685       if (ResElTy->isSized() && SrcElTy->isSized() && SrcElTy->isArrayTy()) {
1686         // Check that changing to the array element type amounts to dividing the
1687         // index by a scale factor.
1688         uint64_t ResSize = DL.getTypeAllocSize(ResElTy);
1689         uint64_t ArrayEltSize =
1690             DL.getTypeAllocSize(SrcElTy->getArrayElementType());
1691         if (ResSize && ArrayEltSize % ResSize == 0) {
1692           Value *Idx = GEP.getOperand(1);
1693           unsigned BitWidth = Idx->getType()->getPrimitiveSizeInBits();
1694           uint64_t Scale = ArrayEltSize / ResSize;
1695 
1696           // Earlier transforms ensure that the index has type IntPtrType, which
1697           // considerably simplifies the logic by eliminating implicit casts.
1698           assert(Idx->getType() == DL.getIntPtrType(GEP.getType()) &&
1699                  "Index not cast to pointer width?");
1700 
1701           bool NSW;
1702           if (Value *NewIdx = Descale(Idx, APInt(BitWidth, Scale), NSW)) {
1703             // Successfully decomposed Idx as NewIdx * Scale, form a new GEP.
1704             // If the multiplication NewIdx * Scale may overflow then the new
1705             // GEP may not be "inbounds".
1706             Value *Off[2] = {
1707                 Constant::getNullValue(DL.getIntPtrType(GEP.getType())),
1708                 NewIdx};
1709 
1710             Value *NewGEP = GEP.isInBounds() && NSW
1711                                 ? Builder->CreateInBoundsGEP(
1712                                       SrcElTy, StrippedPtr, Off, GEP.getName())
1713                                 : Builder->CreateGEP(SrcElTy, StrippedPtr, Off,
1714                                                      GEP.getName());
1715             // The NewGEP must be pointer typed, so must the old one -> BitCast
1716             return CastInst::CreatePointerBitCastOrAddrSpaceCast(NewGEP,
1717                                                                  GEP.getType());
1718           }
1719         }
1720       }
1721     }
1722   }
1723 
1724   // addrspacecast between types is canonicalized as a bitcast, then an
1725   // addrspacecast. To take advantage of the below bitcast + struct GEP, look
1726   // through the addrspacecast.
1727   if (AddrSpaceCastInst *ASC = dyn_cast<AddrSpaceCastInst>(PtrOp)) {
1728     //   X = bitcast A addrspace(1)* to B addrspace(1)*
1729     //   Y = addrspacecast A addrspace(1)* to B addrspace(2)*
1730     //   Z = gep Y, <...constant indices...>
1731     // Into an addrspacecasted GEP of the struct.
1732     if (BitCastInst *BC = dyn_cast<BitCastInst>(ASC->getOperand(0)))
1733       PtrOp = BC;
1734   }
1735 
1736   /// See if we can simplify:
1737   ///   X = bitcast A* to B*
1738   ///   Y = gep X, <...constant indices...>
1739   /// into a gep of the original struct.  This is important for SROA and alias
1740   /// analysis of unions.  If "A" is also a bitcast, wait for A/X to be merged.
1741   if (BitCastInst *BCI = dyn_cast<BitCastInst>(PtrOp)) {
1742     Value *Operand = BCI->getOperand(0);
1743     PointerType *OpType = cast<PointerType>(Operand->getType());
1744     unsigned OffsetBits = DL.getPointerTypeSizeInBits(GEP.getType());
1745     APInt Offset(OffsetBits, 0);
1746     if (!isa<BitCastInst>(Operand) &&
1747         GEP.accumulateConstantOffset(DL, Offset)) {
1748 
1749       // If this GEP instruction doesn't move the pointer, just replace the GEP
1750       // with a bitcast of the real input to the dest type.
1751       if (!Offset) {
1752         // If the bitcast is of an allocation, and the allocation will be
1753         // converted to match the type of the cast, don't touch this.
1754         if (isa<AllocaInst>(Operand) || isAllocationFn(Operand, TLI)) {
1755           // See if the bitcast simplifies, if so, don't nuke this GEP yet.
1756           if (Instruction *I = visitBitCast(*BCI)) {
1757             if (I != BCI) {
1758               I->takeName(BCI);
1759               BCI->getParent()->getInstList().insert(BCI, I);
1760               ReplaceInstUsesWith(*BCI, I);
1761             }
1762             return &GEP;
1763           }
1764         }
1765 
1766         if (Operand->getType()->getPointerAddressSpace() != GEP.getAddressSpace())
1767           return new AddrSpaceCastInst(Operand, GEP.getType());
1768         return new BitCastInst(Operand, GEP.getType());
1769       }
1770 
1771       // Otherwise, if the offset is non-zero, we need to find out if there is a
1772       // field at Offset in 'A's type.  If so, we can pull the cast through the
1773       // GEP.
1774       SmallVector<Value*, 8> NewIndices;
1775       if (FindElementAtOffset(OpType, Offset.getSExtValue(), NewIndices)) {
1776         Value *NGEP =
1777             GEP.isInBounds()
1778                 ? Builder->CreateInBoundsGEP(nullptr, Operand, NewIndices)
1779                 : Builder->CreateGEP(nullptr, Operand, NewIndices);
1780 
1781         if (NGEP->getType() == GEP.getType())
1782           return ReplaceInstUsesWith(GEP, NGEP);
1783         NGEP->takeName(&GEP);
1784 
1785         if (NGEP->getType()->getPointerAddressSpace() != GEP.getAddressSpace())
1786           return new AddrSpaceCastInst(NGEP, GEP.getType());
1787         return new BitCastInst(NGEP, GEP.getType());
1788       }
1789     }
1790   }
1791 
1792   return nullptr;
1793 }
1794 
1795 static bool
isAllocSiteRemovable(Instruction * AI,SmallVectorImpl<WeakVH> & Users,const TargetLibraryInfo * TLI)1796 isAllocSiteRemovable(Instruction *AI, SmallVectorImpl<WeakVH> &Users,
1797                      const TargetLibraryInfo *TLI) {
1798   SmallVector<Instruction*, 4> Worklist;
1799   Worklist.push_back(AI);
1800 
1801   do {
1802     Instruction *PI = Worklist.pop_back_val();
1803     for (User *U : PI->users()) {
1804       Instruction *I = cast<Instruction>(U);
1805       switch (I->getOpcode()) {
1806       default:
1807         // Give up the moment we see something we can't handle.
1808         return false;
1809 
1810       case Instruction::BitCast:
1811       case Instruction::GetElementPtr:
1812         Users.push_back(I);
1813         Worklist.push_back(I);
1814         continue;
1815 
1816       case Instruction::ICmp: {
1817         ICmpInst *ICI = cast<ICmpInst>(I);
1818         // We can fold eq/ne comparisons with null to false/true, respectively.
1819         if (!ICI->isEquality() || !isa<ConstantPointerNull>(ICI->getOperand(1)))
1820           return false;
1821         Users.push_back(I);
1822         continue;
1823       }
1824 
1825       case Instruction::Call:
1826         // Ignore no-op and store intrinsics.
1827         if (IntrinsicInst *II = dyn_cast<IntrinsicInst>(I)) {
1828           switch (II->getIntrinsicID()) {
1829           default:
1830             return false;
1831 
1832           case Intrinsic::memmove:
1833           case Intrinsic::memcpy:
1834           case Intrinsic::memset: {
1835             MemIntrinsic *MI = cast<MemIntrinsic>(II);
1836             if (MI->isVolatile() || MI->getRawDest() != PI)
1837               return false;
1838           }
1839           // fall through
1840           case Intrinsic::dbg_declare:
1841           case Intrinsic::dbg_value:
1842           case Intrinsic::invariant_start:
1843           case Intrinsic::invariant_end:
1844           case Intrinsic::lifetime_start:
1845           case Intrinsic::lifetime_end:
1846           case Intrinsic::objectsize:
1847             Users.push_back(I);
1848             continue;
1849           }
1850         }
1851 
1852         if (isFreeCall(I, TLI)) {
1853           Users.push_back(I);
1854           continue;
1855         }
1856         return false;
1857 
1858       case Instruction::Store: {
1859         StoreInst *SI = cast<StoreInst>(I);
1860         if (SI->isVolatile() || SI->getPointerOperand() != PI)
1861           return false;
1862         Users.push_back(I);
1863         continue;
1864       }
1865       }
1866       llvm_unreachable("missing a return?");
1867     }
1868   } while (!Worklist.empty());
1869   return true;
1870 }
1871 
visitAllocSite(Instruction & MI)1872 Instruction *InstCombiner::visitAllocSite(Instruction &MI) {
1873   // If we have a malloc call which is only used in any amount of comparisons
1874   // to null and free calls, delete the calls and replace the comparisons with
1875   // true or false as appropriate.
1876   SmallVector<WeakVH, 64> Users;
1877   if (isAllocSiteRemovable(&MI, Users, TLI)) {
1878     for (unsigned i = 0, e = Users.size(); i != e; ++i) {
1879       Instruction *I = cast_or_null<Instruction>(&*Users[i]);
1880       if (!I) continue;
1881 
1882       if (ICmpInst *C = dyn_cast<ICmpInst>(I)) {
1883         ReplaceInstUsesWith(*C,
1884                             ConstantInt::get(Type::getInt1Ty(C->getContext()),
1885                                              C->isFalseWhenEqual()));
1886       } else if (isa<BitCastInst>(I) || isa<GetElementPtrInst>(I)) {
1887         ReplaceInstUsesWith(*I, UndefValue::get(I->getType()));
1888       } else if (IntrinsicInst *II = dyn_cast<IntrinsicInst>(I)) {
1889         if (II->getIntrinsicID() == Intrinsic::objectsize) {
1890           ConstantInt *CI = cast<ConstantInt>(II->getArgOperand(1));
1891           uint64_t DontKnow = CI->isZero() ? -1ULL : 0;
1892           ReplaceInstUsesWith(*I, ConstantInt::get(I->getType(), DontKnow));
1893         }
1894       }
1895       EraseInstFromFunction(*I);
1896     }
1897 
1898     if (InvokeInst *II = dyn_cast<InvokeInst>(&MI)) {
1899       // Replace invoke with a NOP intrinsic to maintain the original CFG
1900       Module *M = II->getParent()->getParent()->getParent();
1901       Function *F = Intrinsic::getDeclaration(M, Intrinsic::donothing);
1902       InvokeInst::Create(F, II->getNormalDest(), II->getUnwindDest(),
1903                          None, "", II->getParent());
1904     }
1905     return EraseInstFromFunction(MI);
1906   }
1907   return nullptr;
1908 }
1909 
1910 /// \brief Move the call to free before a NULL test.
1911 ///
1912 /// Check if this free is accessed after its argument has been test
1913 /// against NULL (property 0).
1914 /// If yes, it is legal to move this call in its predecessor block.
1915 ///
1916 /// The move is performed only if the block containing the call to free
1917 /// will be removed, i.e.:
1918 /// 1. it has only one predecessor P, and P has two successors
1919 /// 2. it contains the call and an unconditional branch
1920 /// 3. its successor is the same as its predecessor's successor
1921 ///
1922 /// The profitability is out-of concern here and this function should
1923 /// be called only if the caller knows this transformation would be
1924 /// profitable (e.g., for code size).
1925 static Instruction *
tryToMoveFreeBeforeNullTest(CallInst & FI)1926 tryToMoveFreeBeforeNullTest(CallInst &FI) {
1927   Value *Op = FI.getArgOperand(0);
1928   BasicBlock *FreeInstrBB = FI.getParent();
1929   BasicBlock *PredBB = FreeInstrBB->getSinglePredecessor();
1930 
1931   // Validate part of constraint #1: Only one predecessor
1932   // FIXME: We can extend the number of predecessor, but in that case, we
1933   //        would duplicate the call to free in each predecessor and it may
1934   //        not be profitable even for code size.
1935   if (!PredBB)
1936     return nullptr;
1937 
1938   // Validate constraint #2: Does this block contains only the call to
1939   //                         free and an unconditional branch?
1940   // FIXME: We could check if we can speculate everything in the
1941   //        predecessor block
1942   if (FreeInstrBB->size() != 2)
1943     return nullptr;
1944   BasicBlock *SuccBB;
1945   if (!match(FreeInstrBB->getTerminator(), m_UnconditionalBr(SuccBB)))
1946     return nullptr;
1947 
1948   // Validate the rest of constraint #1 by matching on the pred branch.
1949   TerminatorInst *TI = PredBB->getTerminator();
1950   BasicBlock *TrueBB, *FalseBB;
1951   ICmpInst::Predicate Pred;
1952   if (!match(TI, m_Br(m_ICmp(Pred, m_Specific(Op), m_Zero()), TrueBB, FalseBB)))
1953     return nullptr;
1954   if (Pred != ICmpInst::ICMP_EQ && Pred != ICmpInst::ICMP_NE)
1955     return nullptr;
1956 
1957   // Validate constraint #3: Ensure the null case just falls through.
1958   if (SuccBB != (Pred == ICmpInst::ICMP_EQ ? TrueBB : FalseBB))
1959     return nullptr;
1960   assert(FreeInstrBB == (Pred == ICmpInst::ICMP_EQ ? FalseBB : TrueBB) &&
1961          "Broken CFG: missing edge from predecessor to successor");
1962 
1963   FI.moveBefore(TI);
1964   return &FI;
1965 }
1966 
1967 
visitFree(CallInst & FI)1968 Instruction *InstCombiner::visitFree(CallInst &FI) {
1969   Value *Op = FI.getArgOperand(0);
1970 
1971   // free undef -> unreachable.
1972   if (isa<UndefValue>(Op)) {
1973     // Insert a new store to null because we cannot modify the CFG here.
1974     Builder->CreateStore(ConstantInt::getTrue(FI.getContext()),
1975                          UndefValue::get(Type::getInt1PtrTy(FI.getContext())));
1976     return EraseInstFromFunction(FI);
1977   }
1978 
1979   // If we have 'free null' delete the instruction.  This can happen in stl code
1980   // when lots of inlining happens.
1981   if (isa<ConstantPointerNull>(Op))
1982     return EraseInstFromFunction(FI);
1983 
1984   // If we optimize for code size, try to move the call to free before the null
1985   // test so that simplify cfg can remove the empty block and dead code
1986   // elimination the branch. I.e., helps to turn something like:
1987   // if (foo) free(foo);
1988   // into
1989   // free(foo);
1990   if (MinimizeSize)
1991     if (Instruction *I = tryToMoveFreeBeforeNullTest(FI))
1992       return I;
1993 
1994   return nullptr;
1995 }
1996 
visitReturnInst(ReturnInst & RI)1997 Instruction *InstCombiner::visitReturnInst(ReturnInst &RI) {
1998   if (RI.getNumOperands() == 0) // ret void
1999     return nullptr;
2000 
2001   Value *ResultOp = RI.getOperand(0);
2002   Type *VTy = ResultOp->getType();
2003   if (!VTy->isIntegerTy())
2004     return nullptr;
2005 
2006   // There might be assume intrinsics dominating this return that completely
2007   // determine the value. If so, constant fold it.
2008   unsigned BitWidth = VTy->getPrimitiveSizeInBits();
2009   APInt KnownZero(BitWidth, 0), KnownOne(BitWidth, 0);
2010   computeKnownBits(ResultOp, KnownZero, KnownOne, 0, &RI);
2011   if ((KnownZero|KnownOne).isAllOnesValue())
2012     RI.setOperand(0, Constant::getIntegerValue(VTy, KnownOne));
2013 
2014   return nullptr;
2015 }
2016 
visitBranchInst(BranchInst & BI)2017 Instruction *InstCombiner::visitBranchInst(BranchInst &BI) {
2018   // Change br (not X), label True, label False to: br X, label False, True
2019   Value *X = nullptr;
2020   BasicBlock *TrueDest;
2021   BasicBlock *FalseDest;
2022   if (match(&BI, m_Br(m_Not(m_Value(X)), TrueDest, FalseDest)) &&
2023       !isa<Constant>(X)) {
2024     // Swap Destinations and condition...
2025     BI.setCondition(X);
2026     BI.swapSuccessors();
2027     return &BI;
2028   }
2029 
2030   // If the condition is irrelevant, remove the use so that other
2031   // transforms on the condition become more effective.
2032   if (BI.isConditional() &&
2033       BI.getSuccessor(0) == BI.getSuccessor(1) &&
2034       !isa<UndefValue>(BI.getCondition())) {
2035     BI.setCondition(UndefValue::get(BI.getCondition()->getType()));
2036     return &BI;
2037   }
2038 
2039   // Canonicalize fcmp_one -> fcmp_oeq
2040   FCmpInst::Predicate FPred; Value *Y;
2041   if (match(&BI, m_Br(m_FCmp(FPred, m_Value(X), m_Value(Y)),
2042                              TrueDest, FalseDest)) &&
2043       BI.getCondition()->hasOneUse())
2044     if (FPred == FCmpInst::FCMP_ONE || FPred == FCmpInst::FCMP_OLE ||
2045         FPred == FCmpInst::FCMP_OGE) {
2046       FCmpInst *Cond = cast<FCmpInst>(BI.getCondition());
2047       Cond->setPredicate(FCmpInst::getInversePredicate(FPred));
2048 
2049       // Swap Destinations and condition.
2050       BI.swapSuccessors();
2051       Worklist.Add(Cond);
2052       return &BI;
2053     }
2054 
2055   // Canonicalize icmp_ne -> icmp_eq
2056   ICmpInst::Predicate IPred;
2057   if (match(&BI, m_Br(m_ICmp(IPred, m_Value(X), m_Value(Y)),
2058                       TrueDest, FalseDest)) &&
2059       BI.getCondition()->hasOneUse())
2060     if (IPred == ICmpInst::ICMP_NE  || IPred == ICmpInst::ICMP_ULE ||
2061         IPred == ICmpInst::ICMP_SLE || IPred == ICmpInst::ICMP_UGE ||
2062         IPred == ICmpInst::ICMP_SGE) {
2063       ICmpInst *Cond = cast<ICmpInst>(BI.getCondition());
2064       Cond->setPredicate(ICmpInst::getInversePredicate(IPred));
2065       // Swap Destinations and condition.
2066       BI.swapSuccessors();
2067       Worklist.Add(Cond);
2068       return &BI;
2069     }
2070 
2071   return nullptr;
2072 }
2073 
visitSwitchInst(SwitchInst & SI)2074 Instruction *InstCombiner::visitSwitchInst(SwitchInst &SI) {
2075   Value *Cond = SI.getCondition();
2076   unsigned BitWidth = cast<IntegerType>(Cond->getType())->getBitWidth();
2077   APInt KnownZero(BitWidth, 0), KnownOne(BitWidth, 0);
2078   computeKnownBits(Cond, KnownZero, KnownOne, 0, &SI);
2079   unsigned LeadingKnownZeros = KnownZero.countLeadingOnes();
2080   unsigned LeadingKnownOnes = KnownOne.countLeadingOnes();
2081 
2082   // Compute the number of leading bits we can ignore.
2083   for (auto &C : SI.cases()) {
2084     LeadingKnownZeros = std::min(
2085         LeadingKnownZeros, C.getCaseValue()->getValue().countLeadingZeros());
2086     LeadingKnownOnes = std::min(
2087         LeadingKnownOnes, C.getCaseValue()->getValue().countLeadingOnes());
2088   }
2089 
2090   unsigned NewWidth = BitWidth - std::max(LeadingKnownZeros, LeadingKnownOnes);
2091 
2092   // Truncate the condition operand if the new type is equal to or larger than
2093   // the largest legal integer type. We need to be conservative here since
2094   // x86 generates redundant zero-extenstion instructions if the operand is
2095   // truncated to i8 or i16.
2096   bool TruncCond = false;
2097   if (NewWidth > 0 && BitWidth > NewWidth &&
2098       NewWidth >= DL.getLargestLegalIntTypeSize()) {
2099     TruncCond = true;
2100     IntegerType *Ty = IntegerType::get(SI.getContext(), NewWidth);
2101     Builder->SetInsertPoint(&SI);
2102     Value *NewCond = Builder->CreateTrunc(SI.getCondition(), Ty, "trunc");
2103     SI.setCondition(NewCond);
2104 
2105     for (auto &C : SI.cases())
2106       static_cast<SwitchInst::CaseIt *>(&C)->setValue(ConstantInt::get(
2107           SI.getContext(), C.getCaseValue()->getValue().trunc(NewWidth)));
2108   }
2109 
2110   if (Instruction *I = dyn_cast<Instruction>(Cond)) {
2111     if (I->getOpcode() == Instruction::Add)
2112       if (ConstantInt *AddRHS = dyn_cast<ConstantInt>(I->getOperand(1))) {
2113         // change 'switch (X+4) case 1:' into 'switch (X) case -3'
2114         // Skip the first item since that's the default case.
2115         for (SwitchInst::CaseIt i = SI.case_begin(), e = SI.case_end();
2116              i != e; ++i) {
2117           ConstantInt* CaseVal = i.getCaseValue();
2118           Constant *LHS = CaseVal;
2119           if (TruncCond)
2120             LHS = LeadingKnownZeros
2121                       ? ConstantExpr::getZExt(CaseVal, Cond->getType())
2122                       : ConstantExpr::getSExt(CaseVal, Cond->getType());
2123           Constant* NewCaseVal = ConstantExpr::getSub(LHS, AddRHS);
2124           assert(isa<ConstantInt>(NewCaseVal) &&
2125                  "Result of expression should be constant");
2126           i.setValue(cast<ConstantInt>(NewCaseVal));
2127         }
2128         SI.setCondition(I->getOperand(0));
2129         Worklist.Add(I);
2130         return &SI;
2131       }
2132   }
2133 
2134   return TruncCond ? &SI : nullptr;
2135 }
2136 
visitExtractValueInst(ExtractValueInst & EV)2137 Instruction *InstCombiner::visitExtractValueInst(ExtractValueInst &EV) {
2138   Value *Agg = EV.getAggregateOperand();
2139 
2140   if (!EV.hasIndices())
2141     return ReplaceInstUsesWith(EV, Agg);
2142 
2143   if (Constant *C = dyn_cast<Constant>(Agg)) {
2144     if (Constant *C2 = C->getAggregateElement(*EV.idx_begin())) {
2145       if (EV.getNumIndices() == 0)
2146         return ReplaceInstUsesWith(EV, C2);
2147       // Extract the remaining indices out of the constant indexed by the
2148       // first index
2149       return ExtractValueInst::Create(C2, EV.getIndices().slice(1));
2150     }
2151     return nullptr; // Can't handle other constants
2152   }
2153 
2154   if (InsertValueInst *IV = dyn_cast<InsertValueInst>(Agg)) {
2155     // We're extracting from an insertvalue instruction, compare the indices
2156     const unsigned *exti, *exte, *insi, *inse;
2157     for (exti = EV.idx_begin(), insi = IV->idx_begin(),
2158          exte = EV.idx_end(), inse = IV->idx_end();
2159          exti != exte && insi != inse;
2160          ++exti, ++insi) {
2161       if (*insi != *exti)
2162         // The insert and extract both reference distinctly different elements.
2163         // This means the extract is not influenced by the insert, and we can
2164         // replace the aggregate operand of the extract with the aggregate
2165         // operand of the insert. i.e., replace
2166         // %I = insertvalue { i32, { i32 } } %A, { i32 } { i32 42 }, 1
2167         // %E = extractvalue { i32, { i32 } } %I, 0
2168         // with
2169         // %E = extractvalue { i32, { i32 } } %A, 0
2170         return ExtractValueInst::Create(IV->getAggregateOperand(),
2171                                         EV.getIndices());
2172     }
2173     if (exti == exte && insi == inse)
2174       // Both iterators are at the end: Index lists are identical. Replace
2175       // %B = insertvalue { i32, { i32 } } %A, i32 42, 1, 0
2176       // %C = extractvalue { i32, { i32 } } %B, 1, 0
2177       // with "i32 42"
2178       return ReplaceInstUsesWith(EV, IV->getInsertedValueOperand());
2179     if (exti == exte) {
2180       // The extract list is a prefix of the insert list. i.e. replace
2181       // %I = insertvalue { i32, { i32 } } %A, i32 42, 1, 0
2182       // %E = extractvalue { i32, { i32 } } %I, 1
2183       // with
2184       // %X = extractvalue { i32, { i32 } } %A, 1
2185       // %E = insertvalue { i32 } %X, i32 42, 0
2186       // by switching the order of the insert and extract (though the
2187       // insertvalue should be left in, since it may have other uses).
2188       Value *NewEV = Builder->CreateExtractValue(IV->getAggregateOperand(),
2189                                                  EV.getIndices());
2190       return InsertValueInst::Create(NewEV, IV->getInsertedValueOperand(),
2191                                      makeArrayRef(insi, inse));
2192     }
2193     if (insi == inse)
2194       // The insert list is a prefix of the extract list
2195       // We can simply remove the common indices from the extract and make it
2196       // operate on the inserted value instead of the insertvalue result.
2197       // i.e., replace
2198       // %I = insertvalue { i32, { i32 } } %A, { i32 } { i32 42 }, 1
2199       // %E = extractvalue { i32, { i32 } } %I, 1, 0
2200       // with
2201       // %E extractvalue { i32 } { i32 42 }, 0
2202       return ExtractValueInst::Create(IV->getInsertedValueOperand(),
2203                                       makeArrayRef(exti, exte));
2204   }
2205   if (IntrinsicInst *II = dyn_cast<IntrinsicInst>(Agg)) {
2206     // We're extracting from an intrinsic, see if we're the only user, which
2207     // allows us to simplify multiple result intrinsics to simpler things that
2208     // just get one value.
2209     if (II->hasOneUse()) {
2210       // Check if we're grabbing the overflow bit or the result of a 'with
2211       // overflow' intrinsic.  If it's the latter we can remove the intrinsic
2212       // and replace it with a traditional binary instruction.
2213       switch (II->getIntrinsicID()) {
2214       case Intrinsic::uadd_with_overflow:
2215       case Intrinsic::sadd_with_overflow:
2216         if (*EV.idx_begin() == 0) {  // Normal result.
2217           Value *LHS = II->getArgOperand(0), *RHS = II->getArgOperand(1);
2218           ReplaceInstUsesWith(*II, UndefValue::get(II->getType()));
2219           EraseInstFromFunction(*II);
2220           return BinaryOperator::CreateAdd(LHS, RHS);
2221         }
2222 
2223         // If the normal result of the add is dead, and the RHS is a constant,
2224         // we can transform this into a range comparison.
2225         // overflow = uadd a, -4  -->  overflow = icmp ugt a, 3
2226         if (II->getIntrinsicID() == Intrinsic::uadd_with_overflow)
2227           if (ConstantInt *CI = dyn_cast<ConstantInt>(II->getArgOperand(1)))
2228             return new ICmpInst(ICmpInst::ICMP_UGT, II->getArgOperand(0),
2229                                 ConstantExpr::getNot(CI));
2230         break;
2231       case Intrinsic::usub_with_overflow:
2232       case Intrinsic::ssub_with_overflow:
2233         if (*EV.idx_begin() == 0) {  // Normal result.
2234           Value *LHS = II->getArgOperand(0), *RHS = II->getArgOperand(1);
2235           ReplaceInstUsesWith(*II, UndefValue::get(II->getType()));
2236           EraseInstFromFunction(*II);
2237           return BinaryOperator::CreateSub(LHS, RHS);
2238         }
2239         break;
2240       case Intrinsic::umul_with_overflow:
2241       case Intrinsic::smul_with_overflow:
2242         if (*EV.idx_begin() == 0) {  // Normal result.
2243           Value *LHS = II->getArgOperand(0), *RHS = II->getArgOperand(1);
2244           ReplaceInstUsesWith(*II, UndefValue::get(II->getType()));
2245           EraseInstFromFunction(*II);
2246           return BinaryOperator::CreateMul(LHS, RHS);
2247         }
2248         break;
2249       default:
2250         break;
2251       }
2252     }
2253   }
2254   if (LoadInst *L = dyn_cast<LoadInst>(Agg))
2255     // If the (non-volatile) load only has one use, we can rewrite this to a
2256     // load from a GEP. This reduces the size of the load.
2257     // FIXME: If a load is used only by extractvalue instructions then this
2258     //        could be done regardless of having multiple uses.
2259     if (L->isSimple() && L->hasOneUse()) {
2260       // extractvalue has integer indices, getelementptr has Value*s. Convert.
2261       SmallVector<Value*, 4> Indices;
2262       // Prefix an i32 0 since we need the first element.
2263       Indices.push_back(Builder->getInt32(0));
2264       for (ExtractValueInst::idx_iterator I = EV.idx_begin(), E = EV.idx_end();
2265             I != E; ++I)
2266         Indices.push_back(Builder->getInt32(*I));
2267 
2268       // We need to insert these at the location of the old load, not at that of
2269       // the extractvalue.
2270       Builder->SetInsertPoint(L->getParent(), L);
2271       Value *GEP = Builder->CreateInBoundsGEP(L->getType(),
2272                                               L->getPointerOperand(), Indices);
2273       // Returning the load directly will cause the main loop to insert it in
2274       // the wrong spot, so use ReplaceInstUsesWith().
2275       return ReplaceInstUsesWith(EV, Builder->CreateLoad(GEP));
2276     }
2277   // We could simplify extracts from other values. Note that nested extracts may
2278   // already be simplified implicitly by the above: extract (extract (insert) )
2279   // will be translated into extract ( insert ( extract ) ) first and then just
2280   // the value inserted, if appropriate. Similarly for extracts from single-use
2281   // loads: extract (extract (load)) will be translated to extract (load (gep))
2282   // and if again single-use then via load (gep (gep)) to load (gep).
2283   // However, double extracts from e.g. function arguments or return values
2284   // aren't handled yet.
2285   return nullptr;
2286 }
2287 
2288 /// isCatchAll - Return 'true' if the given typeinfo will match anything.
isCatchAll(EHPersonality Personality,Constant * TypeInfo)2289 static bool isCatchAll(EHPersonality Personality, Constant *TypeInfo) {
2290   switch (Personality) {
2291   case EHPersonality::GNU_C:
2292     // The GCC C EH personality only exists to support cleanups, so it's not
2293     // clear what the semantics of catch clauses are.
2294     return false;
2295   case EHPersonality::Unknown:
2296     return false;
2297   case EHPersonality::GNU_Ada:
2298     // While __gnat_all_others_value will match any Ada exception, it doesn't
2299     // match foreign exceptions (or didn't, before gcc-4.7).
2300     return false;
2301   case EHPersonality::GNU_CXX:
2302   case EHPersonality::GNU_ObjC:
2303   case EHPersonality::MSVC_X86SEH:
2304   case EHPersonality::MSVC_Win64SEH:
2305   case EHPersonality::MSVC_CXX:
2306     return TypeInfo->isNullValue();
2307   }
2308   llvm_unreachable("invalid enum");
2309 }
2310 
shorter_filter(const Value * LHS,const Value * RHS)2311 static bool shorter_filter(const Value *LHS, const Value *RHS) {
2312   return
2313     cast<ArrayType>(LHS->getType())->getNumElements()
2314   <
2315     cast<ArrayType>(RHS->getType())->getNumElements();
2316 }
2317 
visitLandingPadInst(LandingPadInst & LI)2318 Instruction *InstCombiner::visitLandingPadInst(LandingPadInst &LI) {
2319   // The logic here should be correct for any real-world personality function.
2320   // However if that turns out not to be true, the offending logic can always
2321   // be conditioned on the personality function, like the catch-all logic is.
2322   EHPersonality Personality = classifyEHPersonality(LI.getPersonalityFn());
2323 
2324   // Simplify the list of clauses, eg by removing repeated catch clauses
2325   // (these are often created by inlining).
2326   bool MakeNewInstruction = false; // If true, recreate using the following:
2327   SmallVector<Constant *, 16> NewClauses; // - Clauses for the new instruction;
2328   bool CleanupFlag = LI.isCleanup();   // - The new instruction is a cleanup.
2329 
2330   SmallPtrSet<Value *, 16> AlreadyCaught; // Typeinfos known caught already.
2331   for (unsigned i = 0, e = LI.getNumClauses(); i != e; ++i) {
2332     bool isLastClause = i + 1 == e;
2333     if (LI.isCatch(i)) {
2334       // A catch clause.
2335       Constant *CatchClause = LI.getClause(i);
2336       Constant *TypeInfo = CatchClause->stripPointerCasts();
2337 
2338       // If we already saw this clause, there is no point in having a second
2339       // copy of it.
2340       if (AlreadyCaught.insert(TypeInfo).second) {
2341         // This catch clause was not already seen.
2342         NewClauses.push_back(CatchClause);
2343       } else {
2344         // Repeated catch clause - drop the redundant copy.
2345         MakeNewInstruction = true;
2346       }
2347 
2348       // If this is a catch-all then there is no point in keeping any following
2349       // clauses or marking the landingpad as having a cleanup.
2350       if (isCatchAll(Personality, TypeInfo)) {
2351         if (!isLastClause)
2352           MakeNewInstruction = true;
2353         CleanupFlag = false;
2354         break;
2355       }
2356     } else {
2357       // A filter clause.  If any of the filter elements were already caught
2358       // then they can be dropped from the filter.  It is tempting to try to
2359       // exploit the filter further by saying that any typeinfo that does not
2360       // occur in the filter can't be caught later (and thus can be dropped).
2361       // However this would be wrong, since typeinfos can match without being
2362       // equal (for example if one represents a C++ class, and the other some
2363       // class derived from it).
2364       assert(LI.isFilter(i) && "Unsupported landingpad clause!");
2365       Constant *FilterClause = LI.getClause(i);
2366       ArrayType *FilterType = cast<ArrayType>(FilterClause->getType());
2367       unsigned NumTypeInfos = FilterType->getNumElements();
2368 
2369       // An empty filter catches everything, so there is no point in keeping any
2370       // following clauses or marking the landingpad as having a cleanup.  By
2371       // dealing with this case here the following code is made a bit simpler.
2372       if (!NumTypeInfos) {
2373         NewClauses.push_back(FilterClause);
2374         if (!isLastClause)
2375           MakeNewInstruction = true;
2376         CleanupFlag = false;
2377         break;
2378       }
2379 
2380       bool MakeNewFilter = false; // If true, make a new filter.
2381       SmallVector<Constant *, 16> NewFilterElts; // New elements.
2382       if (isa<ConstantAggregateZero>(FilterClause)) {
2383         // Not an empty filter - it contains at least one null typeinfo.
2384         assert(NumTypeInfos > 0 && "Should have handled empty filter already!");
2385         Constant *TypeInfo =
2386           Constant::getNullValue(FilterType->getElementType());
2387         // If this typeinfo is a catch-all then the filter can never match.
2388         if (isCatchAll(Personality, TypeInfo)) {
2389           // Throw the filter away.
2390           MakeNewInstruction = true;
2391           continue;
2392         }
2393 
2394         // There is no point in having multiple copies of this typeinfo, so
2395         // discard all but the first copy if there is more than one.
2396         NewFilterElts.push_back(TypeInfo);
2397         if (NumTypeInfos > 1)
2398           MakeNewFilter = true;
2399       } else {
2400         ConstantArray *Filter = cast<ConstantArray>(FilterClause);
2401         SmallPtrSet<Value *, 16> SeenInFilter; // For uniquing the elements.
2402         NewFilterElts.reserve(NumTypeInfos);
2403 
2404         // Remove any filter elements that were already caught or that already
2405         // occurred in the filter.  While there, see if any of the elements are
2406         // catch-alls.  If so, the filter can be discarded.
2407         bool SawCatchAll = false;
2408         for (unsigned j = 0; j != NumTypeInfos; ++j) {
2409           Constant *Elt = Filter->getOperand(j);
2410           Constant *TypeInfo = Elt->stripPointerCasts();
2411           if (isCatchAll(Personality, TypeInfo)) {
2412             // This element is a catch-all.  Bail out, noting this fact.
2413             SawCatchAll = true;
2414             break;
2415           }
2416           if (AlreadyCaught.count(TypeInfo))
2417             // Already caught by an earlier clause, so having it in the filter
2418             // is pointless.
2419             continue;
2420           // There is no point in having multiple copies of the same typeinfo in
2421           // a filter, so only add it if we didn't already.
2422           if (SeenInFilter.insert(TypeInfo).second)
2423             NewFilterElts.push_back(cast<Constant>(Elt));
2424         }
2425         // A filter containing a catch-all cannot match anything by definition.
2426         if (SawCatchAll) {
2427           // Throw the filter away.
2428           MakeNewInstruction = true;
2429           continue;
2430         }
2431 
2432         // If we dropped something from the filter, make a new one.
2433         if (NewFilterElts.size() < NumTypeInfos)
2434           MakeNewFilter = true;
2435       }
2436       if (MakeNewFilter) {
2437         FilterType = ArrayType::get(FilterType->getElementType(),
2438                                     NewFilterElts.size());
2439         FilterClause = ConstantArray::get(FilterType, NewFilterElts);
2440         MakeNewInstruction = true;
2441       }
2442 
2443       NewClauses.push_back(FilterClause);
2444 
2445       // If the new filter is empty then it will catch everything so there is
2446       // no point in keeping any following clauses or marking the landingpad
2447       // as having a cleanup.  The case of the original filter being empty was
2448       // already handled above.
2449       if (MakeNewFilter && !NewFilterElts.size()) {
2450         assert(MakeNewInstruction && "New filter but not a new instruction!");
2451         CleanupFlag = false;
2452         break;
2453       }
2454     }
2455   }
2456 
2457   // If several filters occur in a row then reorder them so that the shortest
2458   // filters come first (those with the smallest number of elements).  This is
2459   // advantageous because shorter filters are more likely to match, speeding up
2460   // unwinding, but mostly because it increases the effectiveness of the other
2461   // filter optimizations below.
2462   for (unsigned i = 0, e = NewClauses.size(); i + 1 < e; ) {
2463     unsigned j;
2464     // Find the maximal 'j' s.t. the range [i, j) consists entirely of filters.
2465     for (j = i; j != e; ++j)
2466       if (!isa<ArrayType>(NewClauses[j]->getType()))
2467         break;
2468 
2469     // Check whether the filters are already sorted by length.  We need to know
2470     // if sorting them is actually going to do anything so that we only make a
2471     // new landingpad instruction if it does.
2472     for (unsigned k = i; k + 1 < j; ++k)
2473       if (shorter_filter(NewClauses[k+1], NewClauses[k])) {
2474         // Not sorted, so sort the filters now.  Doing an unstable sort would be
2475         // correct too but reordering filters pointlessly might confuse users.
2476         std::stable_sort(NewClauses.begin() + i, NewClauses.begin() + j,
2477                          shorter_filter);
2478         MakeNewInstruction = true;
2479         break;
2480       }
2481 
2482     // Look for the next batch of filters.
2483     i = j + 1;
2484   }
2485 
2486   // If typeinfos matched if and only if equal, then the elements of a filter L
2487   // that occurs later than a filter F could be replaced by the intersection of
2488   // the elements of F and L.  In reality two typeinfos can match without being
2489   // equal (for example if one represents a C++ class, and the other some class
2490   // derived from it) so it would be wrong to perform this transform in general.
2491   // However the transform is correct and useful if F is a subset of L.  In that
2492   // case L can be replaced by F, and thus removed altogether since repeating a
2493   // filter is pointless.  So here we look at all pairs of filters F and L where
2494   // L follows F in the list of clauses, and remove L if every element of F is
2495   // an element of L.  This can occur when inlining C++ functions with exception
2496   // specifications.
2497   for (unsigned i = 0; i + 1 < NewClauses.size(); ++i) {
2498     // Examine each filter in turn.
2499     Value *Filter = NewClauses[i];
2500     ArrayType *FTy = dyn_cast<ArrayType>(Filter->getType());
2501     if (!FTy)
2502       // Not a filter - skip it.
2503       continue;
2504     unsigned FElts = FTy->getNumElements();
2505     // Examine each filter following this one.  Doing this backwards means that
2506     // we don't have to worry about filters disappearing under us when removed.
2507     for (unsigned j = NewClauses.size() - 1; j != i; --j) {
2508       Value *LFilter = NewClauses[j];
2509       ArrayType *LTy = dyn_cast<ArrayType>(LFilter->getType());
2510       if (!LTy)
2511         // Not a filter - skip it.
2512         continue;
2513       // If Filter is a subset of LFilter, i.e. every element of Filter is also
2514       // an element of LFilter, then discard LFilter.
2515       SmallVectorImpl<Constant *>::iterator J = NewClauses.begin() + j;
2516       // If Filter is empty then it is a subset of LFilter.
2517       if (!FElts) {
2518         // Discard LFilter.
2519         NewClauses.erase(J);
2520         MakeNewInstruction = true;
2521         // Move on to the next filter.
2522         continue;
2523       }
2524       unsigned LElts = LTy->getNumElements();
2525       // If Filter is longer than LFilter then it cannot be a subset of it.
2526       if (FElts > LElts)
2527         // Move on to the next filter.
2528         continue;
2529       // At this point we know that LFilter has at least one element.
2530       if (isa<ConstantAggregateZero>(LFilter)) { // LFilter only contains zeros.
2531         // Filter is a subset of LFilter iff Filter contains only zeros (as we
2532         // already know that Filter is not longer than LFilter).
2533         if (isa<ConstantAggregateZero>(Filter)) {
2534           assert(FElts <= LElts && "Should have handled this case earlier!");
2535           // Discard LFilter.
2536           NewClauses.erase(J);
2537           MakeNewInstruction = true;
2538         }
2539         // Move on to the next filter.
2540         continue;
2541       }
2542       ConstantArray *LArray = cast<ConstantArray>(LFilter);
2543       if (isa<ConstantAggregateZero>(Filter)) { // Filter only contains zeros.
2544         // Since Filter is non-empty and contains only zeros, it is a subset of
2545         // LFilter iff LFilter contains a zero.
2546         assert(FElts > 0 && "Should have eliminated the empty filter earlier!");
2547         for (unsigned l = 0; l != LElts; ++l)
2548           if (LArray->getOperand(l)->isNullValue()) {
2549             // LFilter contains a zero - discard it.
2550             NewClauses.erase(J);
2551             MakeNewInstruction = true;
2552             break;
2553           }
2554         // Move on to the next filter.
2555         continue;
2556       }
2557       // At this point we know that both filters are ConstantArrays.  Loop over
2558       // operands to see whether every element of Filter is also an element of
2559       // LFilter.  Since filters tend to be short this is probably faster than
2560       // using a method that scales nicely.
2561       ConstantArray *FArray = cast<ConstantArray>(Filter);
2562       bool AllFound = true;
2563       for (unsigned f = 0; f != FElts; ++f) {
2564         Value *FTypeInfo = FArray->getOperand(f)->stripPointerCasts();
2565         AllFound = false;
2566         for (unsigned l = 0; l != LElts; ++l) {
2567           Value *LTypeInfo = LArray->getOperand(l)->stripPointerCasts();
2568           if (LTypeInfo == FTypeInfo) {
2569             AllFound = true;
2570             break;
2571           }
2572         }
2573         if (!AllFound)
2574           break;
2575       }
2576       if (AllFound) {
2577         // Discard LFilter.
2578         NewClauses.erase(J);
2579         MakeNewInstruction = true;
2580       }
2581       // Move on to the next filter.
2582     }
2583   }
2584 
2585   // If we changed any of the clauses, replace the old landingpad instruction
2586   // with a new one.
2587   if (MakeNewInstruction) {
2588     LandingPadInst *NLI = LandingPadInst::Create(LI.getType(),
2589                                                  LI.getPersonalityFn(),
2590                                                  NewClauses.size());
2591     for (unsigned i = 0, e = NewClauses.size(); i != e; ++i)
2592       NLI->addClause(NewClauses[i]);
2593     // A landing pad with no clauses must have the cleanup flag set.  It is
2594     // theoretically possible, though highly unlikely, that we eliminated all
2595     // clauses.  If so, force the cleanup flag to true.
2596     if (NewClauses.empty())
2597       CleanupFlag = true;
2598     NLI->setCleanup(CleanupFlag);
2599     return NLI;
2600   }
2601 
2602   // Even if none of the clauses changed, we may nonetheless have understood
2603   // that the cleanup flag is pointless.  Clear it if so.
2604   if (LI.isCleanup() != CleanupFlag) {
2605     assert(!CleanupFlag && "Adding a cleanup, not removing one?!");
2606     LI.setCleanup(CleanupFlag);
2607     return &LI;
2608   }
2609 
2610   return nullptr;
2611 }
2612 
2613 /// TryToSinkInstruction - Try to move the specified instruction from its
2614 /// current block into the beginning of DestBlock, which can only happen if it's
2615 /// safe to move the instruction past all of the instructions between it and the
2616 /// end of its block.
TryToSinkInstruction(Instruction * I,BasicBlock * DestBlock)2617 static bool TryToSinkInstruction(Instruction *I, BasicBlock *DestBlock) {
2618   assert(I->hasOneUse() && "Invariants didn't hold!");
2619 
2620   // Cannot move control-flow-involving, volatile loads, vaarg, etc.
2621   if (isa<PHINode>(I) || isa<LandingPadInst>(I) || I->mayHaveSideEffects() ||
2622       isa<TerminatorInst>(I))
2623     return false;
2624 
2625   // Do not sink alloca instructions out of the entry block.
2626   if (isa<AllocaInst>(I) && I->getParent() ==
2627         &DestBlock->getParent()->getEntryBlock())
2628     return false;
2629 
2630   // We can only sink load instructions if there is nothing between the load and
2631   // the end of block that could change the value.
2632   if (I->mayReadFromMemory()) {
2633     for (BasicBlock::iterator Scan = I, E = I->getParent()->end();
2634          Scan != E; ++Scan)
2635       if (Scan->mayWriteToMemory())
2636         return false;
2637   }
2638 
2639   BasicBlock::iterator InsertPos = DestBlock->getFirstInsertionPt();
2640   I->moveBefore(InsertPos);
2641   ++NumSunkInst;
2642   return true;
2643 }
2644 
run()2645 bool InstCombiner::run() {
2646   while (!Worklist.isEmpty()) {
2647     Instruction *I = Worklist.RemoveOne();
2648     if (I == nullptr) continue;  // skip null values.
2649 
2650     // Check to see if we can DCE the instruction.
2651     if (isInstructionTriviallyDead(I, TLI)) {
2652       DEBUG(dbgs() << "IC: DCE: " << *I << '\n');
2653       EraseInstFromFunction(*I);
2654       ++NumDeadInst;
2655       MadeIRChange = true;
2656       continue;
2657     }
2658 
2659     // Instruction isn't dead, see if we can constant propagate it.
2660     if (!I->use_empty() && isa<Constant>(I->getOperand(0))) {
2661       if (Constant *C = ConstantFoldInstruction(I, DL, TLI)) {
2662         DEBUG(dbgs() << "IC: ConstFold to: " << *C << " from: " << *I << '\n');
2663 
2664         // Add operands to the worklist.
2665         ReplaceInstUsesWith(*I, C);
2666         ++NumConstProp;
2667         EraseInstFromFunction(*I);
2668         MadeIRChange = true;
2669         continue;
2670       }
2671     }
2672 
2673     // See if we can trivially sink this instruction to a successor basic block.
2674     if (I->hasOneUse()) {
2675       BasicBlock *BB = I->getParent();
2676       Instruction *UserInst = cast<Instruction>(*I->user_begin());
2677       BasicBlock *UserParent;
2678 
2679       // Get the block the use occurs in.
2680       if (PHINode *PN = dyn_cast<PHINode>(UserInst))
2681         UserParent = PN->getIncomingBlock(*I->use_begin());
2682       else
2683         UserParent = UserInst->getParent();
2684 
2685       if (UserParent != BB) {
2686         bool UserIsSuccessor = false;
2687         // See if the user is one of our successors.
2688         for (succ_iterator SI = succ_begin(BB), E = succ_end(BB); SI != E; ++SI)
2689           if (*SI == UserParent) {
2690             UserIsSuccessor = true;
2691             break;
2692           }
2693 
2694         // If the user is one of our immediate successors, and if that successor
2695         // only has us as a predecessors (we'd have to split the critical edge
2696         // otherwise), we can keep going.
2697         if (UserIsSuccessor && UserParent->getSinglePredecessor()) {
2698           // Okay, the CFG is simple enough, try to sink this instruction.
2699           if (TryToSinkInstruction(I, UserParent)) {
2700             MadeIRChange = true;
2701             // We'll add uses of the sunk instruction below, but since sinking
2702             // can expose opportunities for it's *operands* add them to the
2703             // worklist
2704             for (Use &U : I->operands())
2705               if (Instruction *OpI = dyn_cast<Instruction>(U.get()))
2706                 Worklist.Add(OpI);
2707           }
2708         }
2709       }
2710     }
2711 
2712     // Now that we have an instruction, try combining it to simplify it.
2713     Builder->SetInsertPoint(I->getParent(), I);
2714     Builder->SetCurrentDebugLocation(I->getDebugLoc());
2715 
2716 #ifndef NDEBUG
2717     std::string OrigI;
2718 #endif
2719     DEBUG(raw_string_ostream SS(OrigI); I->print(SS); OrigI = SS.str(););
2720     DEBUG(dbgs() << "IC: Visiting: " << OrigI << '\n');
2721 
2722     if (Instruction *Result = visit(*I)) {
2723       ++NumCombined;
2724       // Should we replace the old instruction with a new one?
2725       if (Result != I) {
2726         DEBUG(dbgs() << "IC: Old = " << *I << '\n'
2727                      << "    New = " << *Result << '\n');
2728 
2729         if (I->getDebugLoc())
2730           Result->setDebugLoc(I->getDebugLoc());
2731         // Everything uses the new instruction now.
2732         I->replaceAllUsesWith(Result);
2733 
2734         // Move the name to the new instruction first.
2735         Result->takeName(I);
2736 
2737         // Push the new instruction and any users onto the worklist.
2738         Worklist.Add(Result);
2739         Worklist.AddUsersToWorkList(*Result);
2740 
2741         // Insert the new instruction into the basic block...
2742         BasicBlock *InstParent = I->getParent();
2743         BasicBlock::iterator InsertPos = I;
2744 
2745         // If we replace a PHI with something that isn't a PHI, fix up the
2746         // insertion point.
2747         if (!isa<PHINode>(Result) && isa<PHINode>(InsertPos))
2748           InsertPos = InstParent->getFirstInsertionPt();
2749 
2750         InstParent->getInstList().insert(InsertPos, Result);
2751 
2752         EraseInstFromFunction(*I);
2753       } else {
2754 #ifndef NDEBUG
2755         DEBUG(dbgs() << "IC: Mod = " << OrigI << '\n'
2756                      << "    New = " << *I << '\n');
2757 #endif
2758 
2759         // If the instruction was modified, it's possible that it is now dead.
2760         // if so, remove it.
2761         if (isInstructionTriviallyDead(I, TLI)) {
2762           EraseInstFromFunction(*I);
2763         } else {
2764           Worklist.Add(I);
2765           Worklist.AddUsersToWorkList(*I);
2766         }
2767       }
2768       MadeIRChange = true;
2769     }
2770   }
2771 
2772   Worklist.Zap();
2773   return MadeIRChange;
2774 }
2775 
2776 /// AddReachableCodeToWorklist - Walk the function in depth-first order, adding
2777 /// all reachable code to the worklist.
2778 ///
2779 /// This has a couple of tricks to make the code faster and more powerful.  In
2780 /// particular, we constant fold and DCE instructions as we go, to avoid adding
2781 /// them to the worklist (this significantly speeds up instcombine on code where
2782 /// many instructions are dead or constant).  Additionally, if we find a branch
2783 /// whose condition is a known constant, we only visit the reachable successors.
2784 ///
AddReachableCodeToWorklist(BasicBlock * BB,const DataLayout & DL,SmallPtrSetImpl<BasicBlock * > & Visited,InstCombineWorklist & ICWorklist,const TargetLibraryInfo * TLI)2785 static bool AddReachableCodeToWorklist(BasicBlock *BB, const DataLayout &DL,
2786                                        SmallPtrSetImpl<BasicBlock *> &Visited,
2787                                        InstCombineWorklist &ICWorklist,
2788                                        const TargetLibraryInfo *TLI) {
2789   bool MadeIRChange = false;
2790   SmallVector<BasicBlock*, 256> Worklist;
2791   Worklist.push_back(BB);
2792 
2793   SmallVector<Instruction*, 128> InstrsForInstCombineWorklist;
2794   DenseMap<ConstantExpr*, Constant*> FoldedConstants;
2795 
2796   do {
2797     BB = Worklist.pop_back_val();
2798 
2799     // We have now visited this block!  If we've already been here, ignore it.
2800     if (!Visited.insert(BB).second)
2801       continue;
2802 
2803     for (BasicBlock::iterator BBI = BB->begin(), E = BB->end(); BBI != E; ) {
2804       Instruction *Inst = BBI++;
2805 
2806       // DCE instruction if trivially dead.
2807       if (isInstructionTriviallyDead(Inst, TLI)) {
2808         ++NumDeadInst;
2809         DEBUG(dbgs() << "IC: DCE: " << *Inst << '\n');
2810         Inst->eraseFromParent();
2811         continue;
2812       }
2813 
2814       // ConstantProp instruction if trivially constant.
2815       if (!Inst->use_empty() && isa<Constant>(Inst->getOperand(0)))
2816         if (Constant *C = ConstantFoldInstruction(Inst, DL, TLI)) {
2817           DEBUG(dbgs() << "IC: ConstFold to: " << *C << " from: "
2818                        << *Inst << '\n');
2819           Inst->replaceAllUsesWith(C);
2820           ++NumConstProp;
2821           Inst->eraseFromParent();
2822           continue;
2823         }
2824 
2825       // See if we can constant fold its operands.
2826       for (User::op_iterator i = Inst->op_begin(), e = Inst->op_end(); i != e;
2827            ++i) {
2828         ConstantExpr *CE = dyn_cast<ConstantExpr>(i);
2829         if (CE == nullptr)
2830           continue;
2831 
2832         Constant *&FoldRes = FoldedConstants[CE];
2833         if (!FoldRes)
2834           FoldRes = ConstantFoldConstantExpression(CE, DL, TLI);
2835         if (!FoldRes)
2836           FoldRes = CE;
2837 
2838         if (FoldRes != CE) {
2839           *i = FoldRes;
2840           MadeIRChange = true;
2841         }
2842       }
2843 
2844       InstrsForInstCombineWorklist.push_back(Inst);
2845     }
2846 
2847     // Recursively visit successors.  If this is a branch or switch on a
2848     // constant, only visit the reachable successor.
2849     TerminatorInst *TI = BB->getTerminator();
2850     if (BranchInst *BI = dyn_cast<BranchInst>(TI)) {
2851       if (BI->isConditional() && isa<ConstantInt>(BI->getCondition())) {
2852         bool CondVal = cast<ConstantInt>(BI->getCondition())->getZExtValue();
2853         BasicBlock *ReachableBB = BI->getSuccessor(!CondVal);
2854         Worklist.push_back(ReachableBB);
2855         continue;
2856       }
2857     } else if (SwitchInst *SI = dyn_cast<SwitchInst>(TI)) {
2858       if (ConstantInt *Cond = dyn_cast<ConstantInt>(SI->getCondition())) {
2859         // See if this is an explicit destination.
2860         for (SwitchInst::CaseIt i = SI->case_begin(), e = SI->case_end();
2861              i != e; ++i)
2862           if (i.getCaseValue() == Cond) {
2863             BasicBlock *ReachableBB = i.getCaseSuccessor();
2864             Worklist.push_back(ReachableBB);
2865             continue;
2866           }
2867 
2868         // Otherwise it is the default destination.
2869         Worklist.push_back(SI->getDefaultDest());
2870         continue;
2871       }
2872     }
2873 
2874     for (unsigned i = 0, e = TI->getNumSuccessors(); i != e; ++i)
2875       Worklist.push_back(TI->getSuccessor(i));
2876   } while (!Worklist.empty());
2877 
2878   // Once we've found all of the instructions to add to instcombine's worklist,
2879   // add them in reverse order.  This way instcombine will visit from the top
2880   // of the function down.  This jives well with the way that it adds all uses
2881   // of instructions to the worklist after doing a transformation, thus avoiding
2882   // some N^2 behavior in pathological cases.
2883   ICWorklist.AddInitialGroup(&InstrsForInstCombineWorklist[0],
2884                              InstrsForInstCombineWorklist.size());
2885 
2886   return MadeIRChange;
2887 }
2888 
2889 /// \brief Populate the IC worklist from a function, and prune any dead basic
2890 /// blocks discovered in the process.
2891 ///
2892 /// This also does basic constant propagation and other forward fixing to make
2893 /// the combiner itself run much faster.
prepareICWorklistFromFunction(Function & F,const DataLayout & DL,TargetLibraryInfo * TLI,InstCombineWorklist & ICWorklist)2894 static bool prepareICWorklistFromFunction(Function &F, const DataLayout &DL,
2895                                           TargetLibraryInfo *TLI,
2896                                           InstCombineWorklist &ICWorklist) {
2897   bool MadeIRChange = false;
2898 
2899   // Do a depth-first traversal of the function, populate the worklist with
2900   // the reachable instructions.  Ignore blocks that are not reachable.  Keep
2901   // track of which blocks we visit.
2902   SmallPtrSet<BasicBlock *, 64> Visited;
2903   MadeIRChange |=
2904       AddReachableCodeToWorklist(F.begin(), DL, Visited, ICWorklist, TLI);
2905 
2906   // Do a quick scan over the function.  If we find any blocks that are
2907   // unreachable, remove any instructions inside of them.  This prevents
2908   // the instcombine code from having to deal with some bad special cases.
2909   for (Function::iterator BB = F.begin(), E = F.end(); BB != E; ++BB) {
2910     if (Visited.count(BB))
2911       continue;
2912 
2913     // Delete the instructions backwards, as it has a reduced likelihood of
2914     // having to update as many def-use and use-def chains.
2915     Instruction *EndInst = BB->getTerminator(); // Last not to be deleted.
2916     while (EndInst != BB->begin()) {
2917       // Delete the next to last instruction.
2918       BasicBlock::iterator I = EndInst;
2919       Instruction *Inst = --I;
2920       if (!Inst->use_empty())
2921         Inst->replaceAllUsesWith(UndefValue::get(Inst->getType()));
2922       if (isa<LandingPadInst>(Inst)) {
2923         EndInst = Inst;
2924         continue;
2925       }
2926       if (!isa<DbgInfoIntrinsic>(Inst)) {
2927         ++NumDeadInst;
2928         MadeIRChange = true;
2929       }
2930       Inst->eraseFromParent();
2931     }
2932   }
2933 
2934   return MadeIRChange;
2935 }
2936 
2937 static bool
combineInstructionsOverFunction(Function & F,InstCombineWorklist & Worklist,AssumptionCache & AC,TargetLibraryInfo & TLI,DominatorTree & DT,LoopInfo * LI=nullptr)2938 combineInstructionsOverFunction(Function &F, InstCombineWorklist &Worklist,
2939                                 AssumptionCache &AC, TargetLibraryInfo &TLI,
2940                                 DominatorTree &DT, LoopInfo *LI = nullptr) {
2941   // Minimizing size?
2942   bool MinimizeSize = F.hasFnAttribute(Attribute::MinSize);
2943   auto &DL = F.getParent()->getDataLayout();
2944 
2945   /// Builder - This is an IRBuilder that automatically inserts new
2946   /// instructions into the worklist when they are created.
2947   IRBuilder<true, TargetFolder, InstCombineIRInserter> Builder(
2948       F.getContext(), TargetFolder(DL), InstCombineIRInserter(Worklist, &AC));
2949 
2950   // Lower dbg.declare intrinsics otherwise their value may be clobbered
2951   // by instcombiner.
2952   bool DbgDeclaresChanged = LowerDbgDeclare(F);
2953 
2954   // Iterate while there is work to do.
2955   int Iteration = 0;
2956   for (;;) {
2957     ++Iteration;
2958     DEBUG(dbgs() << "\n\nINSTCOMBINE ITERATION #" << Iteration << " on "
2959                  << F.getName() << "\n");
2960 
2961     bool Changed = false;
2962     if (prepareICWorklistFromFunction(F, DL, &TLI, Worklist))
2963       Changed = true;
2964 
2965     InstCombiner IC(Worklist, &Builder, MinimizeSize, &AC, &TLI, &DT, DL, LI);
2966     if (IC.run())
2967       Changed = true;
2968 
2969     if (!Changed)
2970       break;
2971   }
2972 
2973   return DbgDeclaresChanged || Iteration > 1;
2974 }
2975 
run(Function & F,AnalysisManager<Function> * AM)2976 PreservedAnalyses InstCombinePass::run(Function &F,
2977                                        AnalysisManager<Function> *AM) {
2978   auto &AC = AM->getResult<AssumptionAnalysis>(F);
2979   auto &DT = AM->getResult<DominatorTreeAnalysis>(F);
2980   auto &TLI = AM->getResult<TargetLibraryAnalysis>(F);
2981 
2982   auto *LI = AM->getCachedResult<LoopAnalysis>(F);
2983 
2984   if (!combineInstructionsOverFunction(F, Worklist, AC, TLI, DT, LI))
2985     // No changes, all analyses are preserved.
2986     return PreservedAnalyses::all();
2987 
2988   // Mark all the analyses that instcombine updates as preserved.
2989   // FIXME: Need a way to preserve CFG analyses here!
2990   PreservedAnalyses PA;
2991   PA.preserve<DominatorTreeAnalysis>();
2992   return PA;
2993 }
2994 
2995 namespace {
2996 /// \brief The legacy pass manager's instcombine pass.
2997 ///
2998 /// This is a basic whole-function wrapper around the instcombine utility. It
2999 /// will try to combine all instructions in the function.
3000 class InstructionCombiningPass : public FunctionPass {
3001   InstCombineWorklist Worklist;
3002 
3003 public:
3004   static char ID; // Pass identification, replacement for typeid
3005 
InstructionCombiningPass()3006   InstructionCombiningPass() : FunctionPass(ID) {
3007     initializeInstructionCombiningPassPass(*PassRegistry::getPassRegistry());
3008   }
3009 
3010   void getAnalysisUsage(AnalysisUsage &AU) const override;
3011   bool runOnFunction(Function &F) override;
3012 };
3013 }
3014 
getAnalysisUsage(AnalysisUsage & AU) const3015 void InstructionCombiningPass::getAnalysisUsage(AnalysisUsage &AU) const {
3016   AU.setPreservesCFG();
3017   AU.addRequired<AssumptionCacheTracker>();
3018   AU.addRequired<TargetLibraryInfoWrapperPass>();
3019   AU.addRequired<DominatorTreeWrapperPass>();
3020   AU.addPreserved<DominatorTreeWrapperPass>();
3021 }
3022 
runOnFunction(Function & F)3023 bool InstructionCombiningPass::runOnFunction(Function &F) {
3024   if (skipOptnoneFunction(F))
3025     return false;
3026 
3027   // Required analyses.
3028   auto &AC = getAnalysis<AssumptionCacheTracker>().getAssumptionCache(F);
3029   auto &TLI = getAnalysis<TargetLibraryInfoWrapperPass>().getTLI();
3030   auto &DT = getAnalysis<DominatorTreeWrapperPass>().getDomTree();
3031 
3032   // Optional analyses.
3033   auto *LIWP = getAnalysisIfAvailable<LoopInfoWrapperPass>();
3034   auto *LI = LIWP ? &LIWP->getLoopInfo() : nullptr;
3035 
3036   return combineInstructionsOverFunction(F, Worklist, AC, TLI, DT, LI);
3037 }
3038 
3039 char InstructionCombiningPass::ID = 0;
3040 INITIALIZE_PASS_BEGIN(InstructionCombiningPass, "instcombine",
3041                       "Combine redundant instructions", false, false)
INITIALIZE_PASS_DEPENDENCY(AssumptionCacheTracker)3042 INITIALIZE_PASS_DEPENDENCY(AssumptionCacheTracker)
3043 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass)
3044 INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)
3045 INITIALIZE_PASS_END(InstructionCombiningPass, "instcombine",
3046                     "Combine redundant instructions", false, false)
3047 
3048 // Initialization Routines
3049 void llvm::initializeInstCombine(PassRegistry &Registry) {
3050   initializeInstructionCombiningPassPass(Registry);
3051 }
3052 
LLVMInitializeInstCombine(LLVMPassRegistryRef R)3053 void LLVMInitializeInstCombine(LLVMPassRegistryRef R) {
3054   initializeInstructionCombiningPassPass(*unwrap(R));
3055 }
3056 
createInstructionCombiningPass()3057 FunctionPass *llvm::createInstructionCombiningPass() {
3058   return new InstructionCombiningPass();
3059 }
3060