1 //===- LazyValueInfo.cpp - Value constraint analysis ----------------------===//
2 //
3 //                     The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This file defines the interface for lazy computation of value constraint
11 // information.
12 //
13 //===----------------------------------------------------------------------===//
14 
15 #define DEBUG_TYPE "lazy-value-info"
16 #include "llvm/Analysis/LazyValueInfo.h"
17 #include "llvm/Analysis/ValueTracking.h"
18 #include "llvm/Constants.h"
19 #include "llvm/Instructions.h"
20 #include "llvm/IntrinsicInst.h"
21 #include "llvm/Analysis/ConstantFolding.h"
22 #include "llvm/Target/TargetData.h"
23 #include "llvm/Support/CFG.h"
24 #include "llvm/Support/ConstantRange.h"
25 #include "llvm/Support/Debug.h"
26 #include "llvm/Support/raw_ostream.h"
27 #include "llvm/Support/ValueHandle.h"
28 #include "llvm/ADT/DenseMap.h"
29 #include "llvm/ADT/DenseSet.h"
30 #include "llvm/ADT/STLExtras.h"
31 #include <map>
32 #include <stack>
33 using namespace llvm;
34 
35 char LazyValueInfo::ID = 0;
36 INITIALIZE_PASS(LazyValueInfo, "lazy-value-info",
37                 "Lazy Value Information Analysis", false, true)
38 
39 namespace llvm {
createLazyValueInfoPass()40   FunctionPass *createLazyValueInfoPass() { return new LazyValueInfo(); }
41 }
42 
43 
44 //===----------------------------------------------------------------------===//
45 //                               LVILatticeVal
46 //===----------------------------------------------------------------------===//
47 
48 /// LVILatticeVal - This is the information tracked by LazyValueInfo for each
49 /// value.
50 ///
51 /// FIXME: This is basically just for bringup, this can be made a lot more rich
52 /// in the future.
53 ///
54 namespace {
55 class LVILatticeVal {
56   enum LatticeValueTy {
57     /// undefined - This Value has no known value yet.
58     undefined,
59 
60     /// constant - This Value has a specific constant value.
61     constant,
62     /// notconstant - This Value is known to not have the specified value.
63     notconstant,
64 
65     /// constantrange - The Value falls within this range.
66     constantrange,
67 
68     /// overdefined - This value is not known to be constant, and we know that
69     /// it has a value.
70     overdefined
71   };
72 
73   /// Val: This stores the current lattice value along with the Constant* for
74   /// the constant if this is a 'constant' or 'notconstant' value.
75   LatticeValueTy Tag;
76   Constant *Val;
77   ConstantRange Range;
78 
79 public:
LVILatticeVal()80   LVILatticeVal() : Tag(undefined), Val(0), Range(1, true) {}
81 
get(Constant * C)82   static LVILatticeVal get(Constant *C) {
83     LVILatticeVal Res;
84     if (!isa<UndefValue>(C))
85       Res.markConstant(C);
86     return Res;
87   }
getNot(Constant * C)88   static LVILatticeVal getNot(Constant *C) {
89     LVILatticeVal Res;
90     if (!isa<UndefValue>(C))
91       Res.markNotConstant(C);
92     return Res;
93   }
getRange(ConstantRange CR)94   static LVILatticeVal getRange(ConstantRange CR) {
95     LVILatticeVal Res;
96     Res.markConstantRange(CR);
97     return Res;
98   }
99 
isUndefined() const100   bool isUndefined() const     { return Tag == undefined; }
isConstant() const101   bool isConstant() const      { return Tag == constant; }
isNotConstant() const102   bool isNotConstant() const   { return Tag == notconstant; }
isConstantRange() const103   bool isConstantRange() const { return Tag == constantrange; }
isOverdefined() const104   bool isOverdefined() const   { return Tag == overdefined; }
105 
getConstant() const106   Constant *getConstant() const {
107     assert(isConstant() && "Cannot get the constant of a non-constant!");
108     return Val;
109   }
110 
getNotConstant() const111   Constant *getNotConstant() const {
112     assert(isNotConstant() && "Cannot get the constant of a non-notconstant!");
113     return Val;
114   }
115 
getConstantRange() const116   ConstantRange getConstantRange() const {
117     assert(isConstantRange() &&
118            "Cannot get the constant-range of a non-constant-range!");
119     return Range;
120   }
121 
122   /// markOverdefined - Return true if this is a change in status.
markOverdefined()123   bool markOverdefined() {
124     if (isOverdefined())
125       return false;
126     Tag = overdefined;
127     return true;
128   }
129 
130   /// markConstant - Return true if this is a change in status.
markConstant(Constant * V)131   bool markConstant(Constant *V) {
132     assert(V && "Marking constant with NULL");
133     if (ConstantInt *CI = dyn_cast<ConstantInt>(V))
134       return markConstantRange(ConstantRange(CI->getValue()));
135     if (isa<UndefValue>(V))
136       return false;
137 
138     assert((!isConstant() || getConstant() == V) &&
139            "Marking constant with different value");
140     assert(isUndefined());
141     Tag = constant;
142     Val = V;
143     return true;
144   }
145 
146   /// markNotConstant - Return true if this is a change in status.
markNotConstant(Constant * V)147   bool markNotConstant(Constant *V) {
148     assert(V && "Marking constant with NULL");
149     if (ConstantInt *CI = dyn_cast<ConstantInt>(V))
150       return markConstantRange(ConstantRange(CI->getValue()+1, CI->getValue()));
151     if (isa<UndefValue>(V))
152       return false;
153 
154     assert((!isConstant() || getConstant() != V) &&
155            "Marking constant !constant with same value");
156     assert((!isNotConstant() || getNotConstant() == V) &&
157            "Marking !constant with different value");
158     assert(isUndefined() || isConstant());
159     Tag = notconstant;
160     Val = V;
161     return true;
162   }
163 
164   /// markConstantRange - Return true if this is a change in status.
markConstantRange(const ConstantRange NewR)165   bool markConstantRange(const ConstantRange NewR) {
166     if (isConstantRange()) {
167       if (NewR.isEmptySet())
168         return markOverdefined();
169 
170       bool changed = Range == NewR;
171       Range = NewR;
172       return changed;
173     }
174 
175     assert(isUndefined());
176     if (NewR.isEmptySet())
177       return markOverdefined();
178 
179     Tag = constantrange;
180     Range = NewR;
181     return true;
182   }
183 
184   /// mergeIn - Merge the specified lattice value into this one, updating this
185   /// one and returning true if anything changed.
mergeIn(const LVILatticeVal & RHS)186   bool mergeIn(const LVILatticeVal &RHS) {
187     if (RHS.isUndefined() || isOverdefined()) return false;
188     if (RHS.isOverdefined()) return markOverdefined();
189 
190     if (isUndefined()) {
191       Tag = RHS.Tag;
192       Val = RHS.Val;
193       Range = RHS.Range;
194       return true;
195     }
196 
197     if (isConstant()) {
198       if (RHS.isConstant()) {
199         if (Val == RHS.Val)
200           return false;
201         return markOverdefined();
202       }
203 
204       if (RHS.isNotConstant()) {
205         if (Val == RHS.Val)
206           return markOverdefined();
207 
208         // Unless we can prove that the two Constants are different, we must
209         // move to overdefined.
210         // FIXME: use TargetData for smarter constant folding.
211         if (ConstantInt *Res = dyn_cast<ConstantInt>(
212                 ConstantFoldCompareInstOperands(CmpInst::ICMP_NE,
213                                                 getConstant(),
214                                                 RHS.getNotConstant())))
215           if (Res->isOne())
216             return markNotConstant(RHS.getNotConstant());
217 
218         return markOverdefined();
219       }
220 
221       // RHS is a ConstantRange, LHS is a non-integer Constant.
222 
223       // FIXME: consider the case where RHS is a range [1, 0) and LHS is
224       // a function. The correct result is to pick up RHS.
225 
226       return markOverdefined();
227     }
228 
229     if (isNotConstant()) {
230       if (RHS.isConstant()) {
231         if (Val == RHS.Val)
232           return markOverdefined();
233 
234         // Unless we can prove that the two Constants are different, we must
235         // move to overdefined.
236         // FIXME: use TargetData for smarter constant folding.
237         if (ConstantInt *Res = dyn_cast<ConstantInt>(
238                 ConstantFoldCompareInstOperands(CmpInst::ICMP_NE,
239                                                 getNotConstant(),
240                                                 RHS.getConstant())))
241           if (Res->isOne())
242             return false;
243 
244         return markOverdefined();
245       }
246 
247       if (RHS.isNotConstant()) {
248         if (Val == RHS.Val)
249           return false;
250         return markOverdefined();
251       }
252 
253       return markOverdefined();
254     }
255 
256     assert(isConstantRange() && "New LVILattice type?");
257     if (!RHS.isConstantRange())
258       return markOverdefined();
259 
260     ConstantRange NewR = Range.unionWith(RHS.getConstantRange());
261     if (NewR.isFullSet())
262       return markOverdefined();
263     return markConstantRange(NewR);
264   }
265 };
266 
267 } // end anonymous namespace.
268 
269 namespace llvm {
270 raw_ostream &operator<<(raw_ostream &OS, const LVILatticeVal &Val)
271     LLVM_ATTRIBUTE_USED;
operator <<(raw_ostream & OS,const LVILatticeVal & Val)272 raw_ostream &operator<<(raw_ostream &OS, const LVILatticeVal &Val) {
273   if (Val.isUndefined())
274     return OS << "undefined";
275   if (Val.isOverdefined())
276     return OS << "overdefined";
277 
278   if (Val.isNotConstant())
279     return OS << "notconstant<" << *Val.getNotConstant() << '>';
280   else if (Val.isConstantRange())
281     return OS << "constantrange<" << Val.getConstantRange().getLower() << ", "
282               << Val.getConstantRange().getUpper() << '>';
283   return OS << "constant<" << *Val.getConstant() << '>';
284 }
285 }
286 
287 //===----------------------------------------------------------------------===//
288 //                          LazyValueInfoCache Decl
289 //===----------------------------------------------------------------------===//
290 
291 namespace {
292   /// LVIValueHandle - A callback value handle update the cache when
293   /// values are erased.
294   class LazyValueInfoCache;
295   struct LVIValueHandle : public CallbackVH {
296     LazyValueInfoCache *Parent;
297 
LVIValueHandle__anon7d505c1a0211::LVIValueHandle298     LVIValueHandle(Value *V, LazyValueInfoCache *P)
299       : CallbackVH(V), Parent(P) { }
300 
301     void deleted();
allUsesReplacedWith__anon7d505c1a0211::LVIValueHandle302     void allUsesReplacedWith(Value *V) {
303       deleted();
304     }
305   };
306 }
307 
308 namespace llvm {
309   template<>
310   struct DenseMapInfo<LVIValueHandle> {
311     typedef DenseMapInfo<Value*> PointerInfo;
getEmptyKeyllvm::DenseMapInfo312     static inline LVIValueHandle getEmptyKey() {
313       return LVIValueHandle(PointerInfo::getEmptyKey(),
314                             static_cast<LazyValueInfoCache*>(0));
315     }
getTombstoneKeyllvm::DenseMapInfo316     static inline LVIValueHandle getTombstoneKey() {
317       return LVIValueHandle(PointerInfo::getTombstoneKey(),
318                             static_cast<LazyValueInfoCache*>(0));
319     }
getHashValuellvm::DenseMapInfo320     static unsigned getHashValue(const LVIValueHandle &Val) {
321       return PointerInfo::getHashValue(Val);
322     }
isEqualllvm::DenseMapInfo323     static bool isEqual(const LVIValueHandle &LHS, const LVIValueHandle &RHS) {
324       return LHS == RHS;
325     }
326   };
327 
328   template<>
329   struct DenseMapInfo<std::pair<AssertingVH<BasicBlock>, Value*> > {
330     typedef std::pair<AssertingVH<BasicBlock>, Value*> PairTy;
331     typedef DenseMapInfo<AssertingVH<BasicBlock> > APointerInfo;
332     typedef DenseMapInfo<Value*> BPointerInfo;
getEmptyKeyllvm::DenseMapInfo333     static inline PairTy getEmptyKey() {
334       return std::make_pair(APointerInfo::getEmptyKey(),
335                             BPointerInfo::getEmptyKey());
336     }
getTombstoneKeyllvm::DenseMapInfo337     static inline PairTy getTombstoneKey() {
338       return std::make_pair(APointerInfo::getTombstoneKey(),
339                             BPointerInfo::getTombstoneKey());
340     }
getHashValuellvm::DenseMapInfo341     static unsigned getHashValue( const PairTy &Val) {
342       return APointerInfo::getHashValue(Val.first) ^
343              BPointerInfo::getHashValue(Val.second);
344     }
isEqualllvm::DenseMapInfo345     static bool isEqual(const PairTy &LHS, const PairTy &RHS) {
346       return APointerInfo::isEqual(LHS.first, RHS.first) &&
347              BPointerInfo::isEqual(LHS.second, RHS.second);
348     }
349   };
350 }
351 
352 namespace {
353   /// LazyValueInfoCache - This is the cache kept by LazyValueInfo which
354   /// maintains information about queries across the clients' queries.
355   class LazyValueInfoCache {
356     /// ValueCacheEntryTy - This is all of the cached block information for
357     /// exactly one Value*.  The entries are sorted by the BasicBlock* of the
358     /// entries, allowing us to do a lookup with a binary search.
359     typedef std::map<AssertingVH<BasicBlock>, LVILatticeVal> ValueCacheEntryTy;
360 
361     /// ValueCache - This is all of the cached information for all values,
362     /// mapped from Value* to key information.
363     DenseMap<LVIValueHandle, ValueCacheEntryTy> ValueCache;
364 
365     /// OverDefinedCache - This tracks, on a per-block basis, the set of
366     /// values that are over-defined at the end of that block.  This is required
367     /// for cache updating.
368     typedef std::pair<AssertingVH<BasicBlock>, Value*> OverDefinedPairTy;
369     DenseSet<OverDefinedPairTy> OverDefinedCache;
370 
371     /// BlockValueStack - This stack holds the state of the value solver
372     /// during a query.  It basically emulates the callstack of the naive
373     /// recursive value lookup process.
374     std::stack<std::pair<BasicBlock*, Value*> > BlockValueStack;
375 
376     friend struct LVIValueHandle;
377 
378     /// OverDefinedCacheUpdater - A helper object that ensures that the
379     /// OverDefinedCache is updated whenever solveBlockValue returns.
380     struct OverDefinedCacheUpdater {
381       LazyValueInfoCache *Parent;
382       Value *Val;
383       BasicBlock *BB;
384       LVILatticeVal &BBLV;
385 
OverDefinedCacheUpdater__anon7d505c1a0311::LazyValueInfoCache::OverDefinedCacheUpdater386       OverDefinedCacheUpdater(Value *V, BasicBlock *B, LVILatticeVal &LV,
387                        LazyValueInfoCache *P)
388         : Parent(P), Val(V), BB(B), BBLV(LV) { }
389 
markResult__anon7d505c1a0311::LazyValueInfoCache::OverDefinedCacheUpdater390       bool markResult(bool changed) {
391         if (changed && BBLV.isOverdefined())
392           Parent->OverDefinedCache.insert(std::make_pair(BB, Val));
393         return changed;
394       }
395     };
396 
397 
398 
399     LVILatticeVal getBlockValue(Value *Val, BasicBlock *BB);
400     bool getEdgeValue(Value *V, BasicBlock *F, BasicBlock *T,
401                       LVILatticeVal &Result);
402     bool hasBlockValue(Value *Val, BasicBlock *BB);
403 
404     // These methods process one work item and may add more. A false value
405     // returned means that the work item was not completely processed and must
406     // be revisited after going through the new items.
407     bool solveBlockValue(Value *Val, BasicBlock *BB);
408     bool solveBlockValueNonLocal(LVILatticeVal &BBLV,
409                                  Value *Val, BasicBlock *BB);
410     bool solveBlockValuePHINode(LVILatticeVal &BBLV,
411                                 PHINode *PN, BasicBlock *BB);
412     bool solveBlockValueConstantRange(LVILatticeVal &BBLV,
413                                       Instruction *BBI, BasicBlock *BB);
414 
415     void solve();
416 
lookup(Value * V)417     ValueCacheEntryTy &lookup(Value *V) {
418       return ValueCache[LVIValueHandle(V, this)];
419     }
420 
421   public:
422     /// getValueInBlock - This is the query interface to determine the lattice
423     /// value for the specified Value* at the end of the specified block.
424     LVILatticeVal getValueInBlock(Value *V, BasicBlock *BB);
425 
426     /// getValueOnEdge - This is the query interface to determine the lattice
427     /// value for the specified Value* that is true on the specified edge.
428     LVILatticeVal getValueOnEdge(Value *V, BasicBlock *FromBB,BasicBlock *ToBB);
429 
430     /// threadEdge - This is the update interface to inform the cache that an
431     /// edge from PredBB to OldSucc has been threaded to be from PredBB to
432     /// NewSucc.
433     void threadEdge(BasicBlock *PredBB,BasicBlock *OldSucc,BasicBlock *NewSucc);
434 
435     /// eraseBlock - This is part of the update interface to inform the cache
436     /// that a block has been deleted.
437     void eraseBlock(BasicBlock *BB);
438 
439     /// clear - Empty the cache.
clear()440     void clear() {
441       ValueCache.clear();
442       OverDefinedCache.clear();
443     }
444   };
445 } // end anonymous namespace
446 
deleted()447 void LVIValueHandle::deleted() {
448   typedef std::pair<AssertingVH<BasicBlock>, Value*> OverDefinedPairTy;
449 
450   SmallVector<OverDefinedPairTy, 4> ToErase;
451   for (DenseSet<OverDefinedPairTy>::iterator
452        I = Parent->OverDefinedCache.begin(),
453        E = Parent->OverDefinedCache.end();
454        I != E; ++I) {
455     if (I->second == getValPtr())
456       ToErase.push_back(*I);
457   }
458 
459   for (SmallVector<OverDefinedPairTy, 4>::iterator I = ToErase.begin(),
460        E = ToErase.end(); I != E; ++I)
461     Parent->OverDefinedCache.erase(*I);
462 
463   // This erasure deallocates *this, so it MUST happen after we're done
464   // using any and all members of *this.
465   Parent->ValueCache.erase(*this);
466 }
467 
eraseBlock(BasicBlock * BB)468 void LazyValueInfoCache::eraseBlock(BasicBlock *BB) {
469   SmallVector<OverDefinedPairTy, 4> ToErase;
470   for (DenseSet<OverDefinedPairTy>::iterator  I = OverDefinedCache.begin(),
471        E = OverDefinedCache.end(); I != E; ++I) {
472     if (I->first == BB)
473       ToErase.push_back(*I);
474   }
475 
476   for (SmallVector<OverDefinedPairTy, 4>::iterator I = ToErase.begin(),
477        E = ToErase.end(); I != E; ++I)
478     OverDefinedCache.erase(*I);
479 
480   for (DenseMap<LVIValueHandle, ValueCacheEntryTy>::iterator
481        I = ValueCache.begin(), E = ValueCache.end(); I != E; ++I)
482     I->second.erase(BB);
483 }
484 
solve()485 void LazyValueInfoCache::solve() {
486   while (!BlockValueStack.empty()) {
487     std::pair<BasicBlock*, Value*> &e = BlockValueStack.top();
488     if (solveBlockValue(e.second, e.first))
489       BlockValueStack.pop();
490   }
491 }
492 
hasBlockValue(Value * Val,BasicBlock * BB)493 bool LazyValueInfoCache::hasBlockValue(Value *Val, BasicBlock *BB) {
494   // If already a constant, there is nothing to compute.
495   if (isa<Constant>(Val))
496     return true;
497 
498   LVIValueHandle ValHandle(Val, this);
499   if (!ValueCache.count(ValHandle)) return false;
500   return ValueCache[ValHandle].count(BB);
501 }
502 
getBlockValue(Value * Val,BasicBlock * BB)503 LVILatticeVal LazyValueInfoCache::getBlockValue(Value *Val, BasicBlock *BB) {
504   // If already a constant, there is nothing to compute.
505   if (Constant *VC = dyn_cast<Constant>(Val))
506     return LVILatticeVal::get(VC);
507 
508   return lookup(Val)[BB];
509 }
510 
solveBlockValue(Value * Val,BasicBlock * BB)511 bool LazyValueInfoCache::solveBlockValue(Value *Val, BasicBlock *BB) {
512   if (isa<Constant>(Val))
513     return true;
514 
515   ValueCacheEntryTy &Cache = lookup(Val);
516   LVILatticeVal &BBLV = Cache[BB];
517 
518   // OverDefinedCacheUpdater is a helper object that will update
519   // the OverDefinedCache for us when this method exits.  Make sure to
520   // call markResult on it as we exist, passing a bool to indicate if the
521   // cache needs updating, i.e. if we have solve a new value or not.
522   OverDefinedCacheUpdater ODCacheUpdater(Val, BB, BBLV, this);
523 
524   // If we've already computed this block's value, return it.
525   if (!BBLV.isUndefined()) {
526     DEBUG(dbgs() << "  reuse BB '" << BB->getName() << "' val=" << BBLV <<'\n');
527 
528     // Since we're reusing a cached value here, we don't need to update the
529     // OverDefinedCahce.  The cache will have been properly updated
530     // whenever the cached value was inserted.
531     ODCacheUpdater.markResult(false);
532     return true;
533   }
534 
535   // Otherwise, this is the first time we're seeing this block.  Reset the
536   // lattice value to overdefined, so that cycles will terminate and be
537   // conservatively correct.
538   BBLV.markOverdefined();
539 
540   Instruction *BBI = dyn_cast<Instruction>(Val);
541   if (BBI == 0 || BBI->getParent() != BB) {
542     return ODCacheUpdater.markResult(solveBlockValueNonLocal(BBLV, Val, BB));
543   }
544 
545   if (PHINode *PN = dyn_cast<PHINode>(BBI)) {
546     return ODCacheUpdater.markResult(solveBlockValuePHINode(BBLV, PN, BB));
547   }
548 
549   if (AllocaInst *AI = dyn_cast<AllocaInst>(BBI)) {
550     BBLV = LVILatticeVal::getNot(ConstantPointerNull::get(AI->getType()));
551     return ODCacheUpdater.markResult(true);
552   }
553 
554   // We can only analyze the definitions of certain classes of instructions
555   // (integral binops and casts at the moment), so bail if this isn't one.
556   LVILatticeVal Result;
557   if ((!isa<BinaryOperator>(BBI) && !isa<CastInst>(BBI)) ||
558      !BBI->getType()->isIntegerTy()) {
559     DEBUG(dbgs() << " compute BB '" << BB->getName()
560                  << "' - overdefined because inst def found.\n");
561     BBLV.markOverdefined();
562     return ODCacheUpdater.markResult(true);
563   }
564 
565   // FIXME: We're currently limited to binops with a constant RHS.  This should
566   // be improved.
567   BinaryOperator *BO = dyn_cast<BinaryOperator>(BBI);
568   if (BO && !isa<ConstantInt>(BO->getOperand(1))) {
569     DEBUG(dbgs() << " compute BB '" << BB->getName()
570                  << "' - overdefined because inst def found.\n");
571 
572     BBLV.markOverdefined();
573     return ODCacheUpdater.markResult(true);
574   }
575 
576   return ODCacheUpdater.markResult(solveBlockValueConstantRange(BBLV, BBI, BB));
577 }
578 
InstructionDereferencesPointer(Instruction * I,Value * Ptr)579 static bool InstructionDereferencesPointer(Instruction *I, Value *Ptr) {
580   if (LoadInst *L = dyn_cast<LoadInst>(I)) {
581     return L->getPointerAddressSpace() == 0 &&
582         GetUnderlyingObject(L->getPointerOperand()) ==
583         GetUnderlyingObject(Ptr);
584   }
585   if (StoreInst *S = dyn_cast<StoreInst>(I)) {
586     return S->getPointerAddressSpace() == 0 &&
587         GetUnderlyingObject(S->getPointerOperand()) ==
588         GetUnderlyingObject(Ptr);
589   }
590   if (MemIntrinsic *MI = dyn_cast<MemIntrinsic>(I)) {
591     if (MI->isVolatile()) return false;
592 
593     // FIXME: check whether it has a valuerange that excludes zero?
594     ConstantInt *Len = dyn_cast<ConstantInt>(MI->getLength());
595     if (!Len || Len->isZero()) return false;
596 
597     if (MI->getDestAddressSpace() == 0)
598       if (MI->getRawDest() == Ptr || MI->getDest() == Ptr)
599         return true;
600     if (MemTransferInst *MTI = dyn_cast<MemTransferInst>(MI))
601       if (MTI->getSourceAddressSpace() == 0)
602         if (MTI->getRawSource() == Ptr || MTI->getSource() == Ptr)
603           return true;
604   }
605   return false;
606 }
607 
solveBlockValueNonLocal(LVILatticeVal & BBLV,Value * Val,BasicBlock * BB)608 bool LazyValueInfoCache::solveBlockValueNonLocal(LVILatticeVal &BBLV,
609                                                  Value *Val, BasicBlock *BB) {
610   LVILatticeVal Result;  // Start Undefined.
611 
612   // If this is a pointer, and there's a load from that pointer in this BB,
613   // then we know that the pointer can't be NULL.
614   bool NotNull = false;
615   if (Val->getType()->isPointerTy()) {
616     if (isa<AllocaInst>(Val)) {
617       NotNull = true;
618     } else {
619       for (BasicBlock::iterator BI = BB->begin(), BE = BB->end();BI != BE;++BI){
620         if (InstructionDereferencesPointer(BI, Val)) {
621           NotNull = true;
622           break;
623         }
624       }
625     }
626   }
627 
628   // If this is the entry block, we must be asking about an argument.  The
629   // value is overdefined.
630   if (BB == &BB->getParent()->getEntryBlock()) {
631     assert(isa<Argument>(Val) && "Unknown live-in to the entry block");
632     if (NotNull) {
633       PointerType *PTy = cast<PointerType>(Val->getType());
634       Result = LVILatticeVal::getNot(ConstantPointerNull::get(PTy));
635     } else {
636       Result.markOverdefined();
637     }
638     BBLV = Result;
639     return true;
640   }
641 
642   // Loop over all of our predecessors, merging what we know from them into
643   // result.
644   bool EdgesMissing = false;
645   for (pred_iterator PI = pred_begin(BB), E = pred_end(BB); PI != E; ++PI) {
646     LVILatticeVal EdgeResult;
647     EdgesMissing |= !getEdgeValue(Val, *PI, BB, EdgeResult);
648     if (EdgesMissing)
649       continue;
650 
651     Result.mergeIn(EdgeResult);
652 
653     // If we hit overdefined, exit early.  The BlockVals entry is already set
654     // to overdefined.
655     if (Result.isOverdefined()) {
656       DEBUG(dbgs() << " compute BB '" << BB->getName()
657             << "' - overdefined because of pred.\n");
658       // If we previously determined that this is a pointer that can't be null
659       // then return that rather than giving up entirely.
660       if (NotNull) {
661         PointerType *PTy = cast<PointerType>(Val->getType());
662         Result = LVILatticeVal::getNot(ConstantPointerNull::get(PTy));
663       }
664 
665       BBLV = Result;
666       return true;
667     }
668   }
669   if (EdgesMissing)
670     return false;
671 
672   // Return the merged value, which is more precise than 'overdefined'.
673   assert(!Result.isOverdefined());
674   BBLV = Result;
675   return true;
676 }
677 
solveBlockValuePHINode(LVILatticeVal & BBLV,PHINode * PN,BasicBlock * BB)678 bool LazyValueInfoCache::solveBlockValuePHINode(LVILatticeVal &BBLV,
679                                                 PHINode *PN, BasicBlock *BB) {
680   LVILatticeVal Result;  // Start Undefined.
681 
682   // Loop over all of our predecessors, merging what we know from them into
683   // result.
684   bool EdgesMissing = false;
685   for (unsigned i = 0, e = PN->getNumIncomingValues(); i != e; ++i) {
686     BasicBlock *PhiBB = PN->getIncomingBlock(i);
687     Value *PhiVal = PN->getIncomingValue(i);
688     LVILatticeVal EdgeResult;
689     EdgesMissing |= !getEdgeValue(PhiVal, PhiBB, BB, EdgeResult);
690     if (EdgesMissing)
691       continue;
692 
693     Result.mergeIn(EdgeResult);
694 
695     // If we hit overdefined, exit early.  The BlockVals entry is already set
696     // to overdefined.
697     if (Result.isOverdefined()) {
698       DEBUG(dbgs() << " compute BB '" << BB->getName()
699             << "' - overdefined because of pred.\n");
700 
701       BBLV = Result;
702       return true;
703     }
704   }
705   if (EdgesMissing)
706     return false;
707 
708   // Return the merged value, which is more precise than 'overdefined'.
709   assert(!Result.isOverdefined() && "Possible PHI in entry block?");
710   BBLV = Result;
711   return true;
712 }
713 
solveBlockValueConstantRange(LVILatticeVal & BBLV,Instruction * BBI,BasicBlock * BB)714 bool LazyValueInfoCache::solveBlockValueConstantRange(LVILatticeVal &BBLV,
715                                                       Instruction *BBI,
716                                                       BasicBlock *BB) {
717   // Figure out the range of the LHS.  If that fails, bail.
718   if (!hasBlockValue(BBI->getOperand(0), BB)) {
719     BlockValueStack.push(std::make_pair(BB, BBI->getOperand(0)));
720     return false;
721   }
722 
723   LVILatticeVal LHSVal = getBlockValue(BBI->getOperand(0), BB);
724   if (!LHSVal.isConstantRange()) {
725     BBLV.markOverdefined();
726     return true;
727   }
728 
729   ConstantRange LHSRange = LHSVal.getConstantRange();
730   ConstantRange RHSRange(1);
731   IntegerType *ResultTy = cast<IntegerType>(BBI->getType());
732   if (isa<BinaryOperator>(BBI)) {
733     if (ConstantInt *RHS = dyn_cast<ConstantInt>(BBI->getOperand(1))) {
734       RHSRange = ConstantRange(RHS->getValue());
735     } else {
736       BBLV.markOverdefined();
737       return true;
738     }
739   }
740 
741   // NOTE: We're currently limited by the set of operations that ConstantRange
742   // can evaluate symbolically.  Enhancing that set will allows us to analyze
743   // more definitions.
744   LVILatticeVal Result;
745   switch (BBI->getOpcode()) {
746   case Instruction::Add:
747     Result.markConstantRange(LHSRange.add(RHSRange));
748     break;
749   case Instruction::Sub:
750     Result.markConstantRange(LHSRange.sub(RHSRange));
751     break;
752   case Instruction::Mul:
753     Result.markConstantRange(LHSRange.multiply(RHSRange));
754     break;
755   case Instruction::UDiv:
756     Result.markConstantRange(LHSRange.udiv(RHSRange));
757     break;
758   case Instruction::Shl:
759     Result.markConstantRange(LHSRange.shl(RHSRange));
760     break;
761   case Instruction::LShr:
762     Result.markConstantRange(LHSRange.lshr(RHSRange));
763     break;
764   case Instruction::Trunc:
765     Result.markConstantRange(LHSRange.truncate(ResultTy->getBitWidth()));
766     break;
767   case Instruction::SExt:
768     Result.markConstantRange(LHSRange.signExtend(ResultTy->getBitWidth()));
769     break;
770   case Instruction::ZExt:
771     Result.markConstantRange(LHSRange.zeroExtend(ResultTy->getBitWidth()));
772     break;
773   case Instruction::BitCast:
774     Result.markConstantRange(LHSRange);
775     break;
776   case Instruction::And:
777     Result.markConstantRange(LHSRange.binaryAnd(RHSRange));
778     break;
779   case Instruction::Or:
780     Result.markConstantRange(LHSRange.binaryOr(RHSRange));
781     break;
782 
783   // Unhandled instructions are overdefined.
784   default:
785     DEBUG(dbgs() << " compute BB '" << BB->getName()
786                  << "' - overdefined because inst def found.\n");
787     Result.markOverdefined();
788     break;
789   }
790 
791   BBLV = Result;
792   return true;
793 }
794 
795 /// getEdgeValue - This method attempts to infer more complex
getEdgeValue(Value * Val,BasicBlock * BBFrom,BasicBlock * BBTo,LVILatticeVal & Result)796 bool LazyValueInfoCache::getEdgeValue(Value *Val, BasicBlock *BBFrom,
797                                       BasicBlock *BBTo, LVILatticeVal &Result) {
798   // If already a constant, there is nothing to compute.
799   if (Constant *VC = dyn_cast<Constant>(Val)) {
800     Result = LVILatticeVal::get(VC);
801     return true;
802   }
803 
804   // TODO: Handle more complex conditionals.  If (v == 0 || v2 < 1) is false, we
805   // know that v != 0.
806   if (BranchInst *BI = dyn_cast<BranchInst>(BBFrom->getTerminator())) {
807     // If this is a conditional branch and only one successor goes to BBTo, then
808     // we maybe able to infer something from the condition.
809     if (BI->isConditional() &&
810         BI->getSuccessor(0) != BI->getSuccessor(1)) {
811       bool isTrueDest = BI->getSuccessor(0) == BBTo;
812       assert(BI->getSuccessor(!isTrueDest) == BBTo &&
813              "BBTo isn't a successor of BBFrom");
814 
815       // If V is the condition of the branch itself, then we know exactly what
816       // it is.
817       if (BI->getCondition() == Val) {
818         Result = LVILatticeVal::get(ConstantInt::get(
819                               Type::getInt1Ty(Val->getContext()), isTrueDest));
820         return true;
821       }
822 
823       // If the condition of the branch is an equality comparison, we may be
824       // able to infer the value.
825       ICmpInst *ICI = dyn_cast<ICmpInst>(BI->getCondition());
826       if (ICI && ICI->getOperand(0) == Val &&
827           isa<Constant>(ICI->getOperand(1))) {
828         if (ICI->isEquality()) {
829           // We know that V has the RHS constant if this is a true SETEQ or
830           // false SETNE.
831           if (isTrueDest == (ICI->getPredicate() == ICmpInst::ICMP_EQ))
832             Result = LVILatticeVal::get(cast<Constant>(ICI->getOperand(1)));
833           else
834             Result = LVILatticeVal::getNot(cast<Constant>(ICI->getOperand(1)));
835           return true;
836         }
837 
838         if (ConstantInt *CI = dyn_cast<ConstantInt>(ICI->getOperand(1))) {
839           // Calculate the range of values that would satisfy the comparison.
840           ConstantRange CmpRange(CI->getValue(), CI->getValue()+1);
841           ConstantRange TrueValues =
842             ConstantRange::makeICmpRegion(ICI->getPredicate(), CmpRange);
843 
844           // If we're interested in the false dest, invert the condition.
845           if (!isTrueDest) TrueValues = TrueValues.inverse();
846 
847           // Figure out the possible values of the query BEFORE this branch.
848           if (!hasBlockValue(Val, BBFrom)) {
849             BlockValueStack.push(std::make_pair(BBFrom, Val));
850             return false;
851           }
852 
853           LVILatticeVal InBlock = getBlockValue(Val, BBFrom);
854           if (!InBlock.isConstantRange()) {
855             Result = LVILatticeVal::getRange(TrueValues);
856             return true;
857           }
858 
859           // Find all potential values that satisfy both the input and output
860           // conditions.
861           ConstantRange PossibleValues =
862             TrueValues.intersectWith(InBlock.getConstantRange());
863 
864           Result = LVILatticeVal::getRange(PossibleValues);
865           return true;
866         }
867       }
868     }
869   }
870 
871   // If the edge was formed by a switch on the value, then we may know exactly
872   // what it is.
873   if (SwitchInst *SI = dyn_cast<SwitchInst>(BBFrom->getTerminator())) {
874     if (SI->getCondition() == Val) {
875       // We don't know anything in the default case.
876       if (SI->getDefaultDest() == BBTo) {
877         Result.markOverdefined();
878         return true;
879       }
880 
881       // We only know something if there is exactly one value that goes from
882       // BBFrom to BBTo.
883       unsigned NumEdges = 0;
884       ConstantInt *EdgeVal = 0;
885       for (unsigned i = 1, e = SI->getNumSuccessors(); i != e; ++i) {
886         if (SI->getSuccessor(i) != BBTo) continue;
887         if (NumEdges++) break;
888         EdgeVal = SI->getCaseValue(i);
889       }
890       assert(EdgeVal && "Missing successor?");
891       if (NumEdges == 1) {
892         Result = LVILatticeVal::get(EdgeVal);
893         return true;
894       }
895     }
896   }
897 
898   // Otherwise see if the value is known in the block.
899   if (hasBlockValue(Val, BBFrom)) {
900     Result = getBlockValue(Val, BBFrom);
901     return true;
902   }
903   BlockValueStack.push(std::make_pair(BBFrom, Val));
904   return false;
905 }
906 
getValueInBlock(Value * V,BasicBlock * BB)907 LVILatticeVal LazyValueInfoCache::getValueInBlock(Value *V, BasicBlock *BB) {
908   DEBUG(dbgs() << "LVI Getting block end value " << *V << " at '"
909         << BB->getName() << "'\n");
910 
911   BlockValueStack.push(std::make_pair(BB, V));
912   solve();
913   LVILatticeVal Result = getBlockValue(V, BB);
914 
915   DEBUG(dbgs() << "  Result = " << Result << "\n");
916   return Result;
917 }
918 
919 LVILatticeVal LazyValueInfoCache::
getValueOnEdge(Value * V,BasicBlock * FromBB,BasicBlock * ToBB)920 getValueOnEdge(Value *V, BasicBlock *FromBB, BasicBlock *ToBB) {
921   DEBUG(dbgs() << "LVI Getting edge value " << *V << " from '"
922         << FromBB->getName() << "' to '" << ToBB->getName() << "'\n");
923 
924   LVILatticeVal Result;
925   if (!getEdgeValue(V, FromBB, ToBB, Result)) {
926     solve();
927     bool WasFastQuery = getEdgeValue(V, FromBB, ToBB, Result);
928     (void)WasFastQuery;
929     assert(WasFastQuery && "More work to do after problem solved?");
930   }
931 
932   DEBUG(dbgs() << "  Result = " << Result << "\n");
933   return Result;
934 }
935 
threadEdge(BasicBlock * PredBB,BasicBlock * OldSucc,BasicBlock * NewSucc)936 void LazyValueInfoCache::threadEdge(BasicBlock *PredBB, BasicBlock *OldSucc,
937                                     BasicBlock *NewSucc) {
938   // When an edge in the graph has been threaded, values that we could not
939   // determine a value for before (i.e. were marked overdefined) may be possible
940   // to solve now.  We do NOT try to proactively update these values.  Instead,
941   // we clear their entries from the cache, and allow lazy updating to recompute
942   // them when needed.
943 
944   // The updating process is fairly simple: we need to dropped cached info
945   // for all values that were marked overdefined in OldSucc, and for those same
946   // values in any successor of OldSucc (except NewSucc) in which they were
947   // also marked overdefined.
948   std::vector<BasicBlock*> worklist;
949   worklist.push_back(OldSucc);
950 
951   DenseSet<Value*> ClearSet;
952   for (DenseSet<OverDefinedPairTy>::iterator I = OverDefinedCache.begin(),
953        E = OverDefinedCache.end(); I != E; ++I) {
954     if (I->first == OldSucc)
955       ClearSet.insert(I->second);
956   }
957 
958   // Use a worklist to perform a depth-first search of OldSucc's successors.
959   // NOTE: We do not need a visited list since any blocks we have already
960   // visited will have had their overdefined markers cleared already, and we
961   // thus won't loop to their successors.
962   while (!worklist.empty()) {
963     BasicBlock *ToUpdate = worklist.back();
964     worklist.pop_back();
965 
966     // Skip blocks only accessible through NewSucc.
967     if (ToUpdate == NewSucc) continue;
968 
969     bool changed = false;
970     for (DenseSet<Value*>::iterator I = ClearSet.begin(), E = ClearSet.end();
971          I != E; ++I) {
972       // If a value was marked overdefined in OldSucc, and is here too...
973       DenseSet<OverDefinedPairTy>::iterator OI =
974         OverDefinedCache.find(std::make_pair(ToUpdate, *I));
975       if (OI == OverDefinedCache.end()) continue;
976 
977       // Remove it from the caches.
978       ValueCacheEntryTy &Entry = ValueCache[LVIValueHandle(*I, this)];
979       ValueCacheEntryTy::iterator CI = Entry.find(ToUpdate);
980 
981       assert(CI != Entry.end() && "Couldn't find entry to update?");
982       Entry.erase(CI);
983       OverDefinedCache.erase(OI);
984 
985       // If we removed anything, then we potentially need to update
986       // blocks successors too.
987       changed = true;
988     }
989 
990     if (!changed) continue;
991 
992     worklist.insert(worklist.end(), succ_begin(ToUpdate), succ_end(ToUpdate));
993   }
994 }
995 
996 //===----------------------------------------------------------------------===//
997 //                            LazyValueInfo Impl
998 //===----------------------------------------------------------------------===//
999 
1000 /// getCache - This lazily constructs the LazyValueInfoCache.
getCache(void * & PImpl)1001 static LazyValueInfoCache &getCache(void *&PImpl) {
1002   if (!PImpl)
1003     PImpl = new LazyValueInfoCache();
1004   return *static_cast<LazyValueInfoCache*>(PImpl);
1005 }
1006 
runOnFunction(Function & F)1007 bool LazyValueInfo::runOnFunction(Function &F) {
1008   if (PImpl)
1009     getCache(PImpl).clear();
1010 
1011   TD = getAnalysisIfAvailable<TargetData>();
1012   // Fully lazy.
1013   return false;
1014 }
1015 
releaseMemory()1016 void LazyValueInfo::releaseMemory() {
1017   // If the cache was allocated, free it.
1018   if (PImpl) {
1019     delete &getCache(PImpl);
1020     PImpl = 0;
1021   }
1022 }
1023 
getConstant(Value * V,BasicBlock * BB)1024 Constant *LazyValueInfo::getConstant(Value *V, BasicBlock *BB) {
1025   LVILatticeVal Result = getCache(PImpl).getValueInBlock(V, BB);
1026 
1027   if (Result.isConstant())
1028     return Result.getConstant();
1029   if (Result.isConstantRange()) {
1030     ConstantRange CR = Result.getConstantRange();
1031     if (const APInt *SingleVal = CR.getSingleElement())
1032       return ConstantInt::get(V->getContext(), *SingleVal);
1033   }
1034   return 0;
1035 }
1036 
1037 /// getConstantOnEdge - Determine whether the specified value is known to be a
1038 /// constant on the specified edge.  Return null if not.
getConstantOnEdge(Value * V,BasicBlock * FromBB,BasicBlock * ToBB)1039 Constant *LazyValueInfo::getConstantOnEdge(Value *V, BasicBlock *FromBB,
1040                                            BasicBlock *ToBB) {
1041   LVILatticeVal Result = getCache(PImpl).getValueOnEdge(V, FromBB, ToBB);
1042 
1043   if (Result.isConstant())
1044     return Result.getConstant();
1045   if (Result.isConstantRange()) {
1046     ConstantRange CR = Result.getConstantRange();
1047     if (const APInt *SingleVal = CR.getSingleElement())
1048       return ConstantInt::get(V->getContext(), *SingleVal);
1049   }
1050   return 0;
1051 }
1052 
1053 /// getPredicateOnEdge - Determine whether the specified value comparison
1054 /// with a constant is known to be true or false on the specified CFG edge.
1055 /// Pred is a CmpInst predicate.
1056 LazyValueInfo::Tristate
getPredicateOnEdge(unsigned Pred,Value * V,Constant * C,BasicBlock * FromBB,BasicBlock * ToBB)1057 LazyValueInfo::getPredicateOnEdge(unsigned Pred, Value *V, Constant *C,
1058                                   BasicBlock *FromBB, BasicBlock *ToBB) {
1059   LVILatticeVal Result = getCache(PImpl).getValueOnEdge(V, FromBB, ToBB);
1060 
1061   // If we know the value is a constant, evaluate the conditional.
1062   Constant *Res = 0;
1063   if (Result.isConstant()) {
1064     Res = ConstantFoldCompareInstOperands(Pred, Result.getConstant(), C, TD);
1065     if (ConstantInt *ResCI = dyn_cast<ConstantInt>(Res))
1066       return ResCI->isZero() ? False : True;
1067     return Unknown;
1068   }
1069 
1070   if (Result.isConstantRange()) {
1071     ConstantInt *CI = dyn_cast<ConstantInt>(C);
1072     if (!CI) return Unknown;
1073 
1074     ConstantRange CR = Result.getConstantRange();
1075     if (Pred == ICmpInst::ICMP_EQ) {
1076       if (!CR.contains(CI->getValue()))
1077         return False;
1078 
1079       if (CR.isSingleElement() && CR.contains(CI->getValue()))
1080         return True;
1081     } else if (Pred == ICmpInst::ICMP_NE) {
1082       if (!CR.contains(CI->getValue()))
1083         return True;
1084 
1085       if (CR.isSingleElement() && CR.contains(CI->getValue()))
1086         return False;
1087     }
1088 
1089     // Handle more complex predicates.
1090     ConstantRange TrueValues =
1091         ICmpInst::makeConstantRange((ICmpInst::Predicate)Pred, CI->getValue());
1092     if (TrueValues.contains(CR))
1093       return True;
1094     if (TrueValues.inverse().contains(CR))
1095       return False;
1096     return Unknown;
1097   }
1098 
1099   if (Result.isNotConstant()) {
1100     // If this is an equality comparison, we can try to fold it knowing that
1101     // "V != C1".
1102     if (Pred == ICmpInst::ICMP_EQ) {
1103       // !C1 == C -> false iff C1 == C.
1104       Res = ConstantFoldCompareInstOperands(ICmpInst::ICMP_NE,
1105                                             Result.getNotConstant(), C, TD);
1106       if (Res->isNullValue())
1107         return False;
1108     } else if (Pred == ICmpInst::ICMP_NE) {
1109       // !C1 != C -> true iff C1 == C.
1110       Res = ConstantFoldCompareInstOperands(ICmpInst::ICMP_NE,
1111                                             Result.getNotConstant(), C, TD);
1112       if (Res->isNullValue())
1113         return True;
1114     }
1115     return Unknown;
1116   }
1117 
1118   return Unknown;
1119 }
1120 
threadEdge(BasicBlock * PredBB,BasicBlock * OldSucc,BasicBlock * NewSucc)1121 void LazyValueInfo::threadEdge(BasicBlock *PredBB, BasicBlock *OldSucc,
1122                                BasicBlock *NewSucc) {
1123   if (PImpl) getCache(PImpl).threadEdge(PredBB, OldSucc, NewSucc);
1124 }
1125 
eraseBlock(BasicBlock * BB)1126 void LazyValueInfo::eraseBlock(BasicBlock *BB) {
1127   if (PImpl) getCache(PImpl).eraseBlock(BB);
1128 }
1129