void Preparer::expandCallSite(CallSite CS) {
if (!CS.getCalledFunction()) return;
Function *F = CS.getCalledFunction();
if (!F->isVarArg()) return;
vector<Value *> Args;
for (CallSite::arg_iterator ArgI = CS.arg_begin();
ArgI != CS.arg_end(); ArgI++) {
Args.push_back(*ArgI);
}
Args.push_back(ConstantInt::get(
IntegerType::get(CS.getInstruction()->getContext(), 8), 0));
string InstName = "";
if (CS.getInstruction()->getName() != "")
InstName = CS.getInstruction()->getName().str() + ".padded";
if (CallInst *CI = dyn_cast<CallInst>(CS.getInstruction())) {
CallInst *NewCI = CallInst::Create(F, Args, InstName, CI);
NewCI->setAttributes(CI->getAttributes());
CI->replaceAllUsesWith(NewCI);
CI->eraseFromParent();
} else if (InvokeInst *II = dyn_cast<InvokeInst>(CS.getInstruction())) {
InvokeInst *NewII = InvokeInst::Create(F,
II->getNormalDest(), II->getUnwindDest(), Args, InstName, II);
NewII->setAttributes(II->getAttributes());
II->replaceAllUsesWith(NewII);
II->eraseFromParent();
}
}
// getModRefInfo - Check to see if the specified callsite can clobber the
// specified memory object. Since we only look at local properties of this
// function, we really can't say much about this query. We do, however, use
// simple "address taken" analysis on local objects.
//
AliasAnalysis::ModRefResult
BasicAliasAnalysis::getModRefInfo(CallSite CS, Value *P, unsigned Size) {
if (!isa<Constant>(P)) {
const Value *Object = P->getUnderlyingObject();
// If this is a tail call and P points to a stack location, we know that
// the tail call cannot access or modify the local stack.
// We cannot exclude byval arguments here; these belong to the caller of
// the current function not to the current function, and a tail callee
// may reference them.
if (isa<AllocaInst>(Object))
if (CallInst *CI = dyn_cast<CallInst>(CS.getInstruction()))
if (CI->isTailCall())
return NoModRef;
// If the pointer is to a locally allocated object that does not escape,
// then the call can not mod/ref the pointer unless the call takes the
// argument without capturing it.
if (isNonEscapingLocalObject(Object)) {
bool passedAsArg = false;
// TODO: Eventually only check 'nocapture' arguments.
for (CallSite::arg_iterator CI = CS.arg_begin(), CE = CS.arg_end();
CI != CE; ++CI)
if (isa<PointerType>((*CI)->getType()) &&
alias(cast<Value>(CI), ~0U, P, ~0U) != NoAlias)
passedAsArg = true;
if (!passedAsArg)
return NoModRef;
}
}
// The AliasAnalysis base class has some smarts, lets use them.
return AliasAnalysis::getModRefInfo(CS, P, Size);
}
AliasAnalysis::ModRefResult
AliasAnalysis::getModRefInfo(CallSite CS, Value *P, unsigned Size) {
ModRefBehavior MRB = getModRefBehavior(CS);
if (MRB == DoesNotAccessMemory)
return NoModRef;
ModRefResult Mask = ModRef;
if (MRB == OnlyReadsMemory)
Mask = Ref;
else if (MRB == AliasAnalysis::AccessesArguments) {
bool doesAlias = false;
for (CallSite::arg_iterator AI = CS.arg_begin(), AE = CS.arg_end();
AI != AE; ++AI)
if (!isNoAlias(*AI, ~0U, P, Size)) {
doesAlias = true;
break;
}
if (!doesAlias)
return NoModRef;
}
if (!AA) return Mask;
// If P points to a constant memory location, the call definitely could not
// modify the memory location.
if ((Mask & Mod) && AA->pointsToConstantMemory(P))
Mask = ModRefResult(Mask & ~Mod);
return ModRefResult(Mask & AA->getModRefInfo(CS, P, Size));
}
/// \brief Try to simplify a call site.
///
/// Takes a concrete function and callsite and tries to actually simplify it by
/// analyzing the arguments and call itself with instsimplify. Returns true if
/// it has simplified the callsite to some other entity (a constant), making it
/// free.
bool CallAnalyzer::simplifyCallSite(Function *F, CallSite CS) {
// FIXME: Using the instsimplify logic directly for this is inefficient
// because we have to continually rebuild the argument list even when no
// simplifications can be performed. Until that is fixed with remapping
// inside of instsimplify, directly constant fold calls here.
if (!canConstantFoldCallTo(F))
return false;
// Try to re-map the arguments to constants.
SmallVector<Constant *, 4> ConstantArgs;
ConstantArgs.reserve(CS.arg_size());
for (CallSite::arg_iterator I = CS.arg_begin(), E = CS.arg_end();
I != E; ++I) {
Constant *C = dyn_cast<Constant>(*I);
if (!C)
C = dyn_cast_or_null<Constant>(SimplifiedValues.lookup(*I));
if (!C)
return false; // This argument doesn't map to a constant.
ConstantArgs.push_back(C);
}
if (Constant *C = ConstantFoldCall(F, ConstantArgs)) {
SimplifiedValues[CS.getInstruction()] = C;
return true;
}
return false;
}
/// \brief Simplify arguments going into a particular callsite.
///
/// This is important to do each time we add a callsite due to inlining so that
/// constants and other entities which feed into inline cost estimation are
/// properly recognized when analyzing the new callsite. Consider:
/// void outer(int x) {
/// if (x < 42)
/// return inner(42 - x);
/// ...
/// }
/// void inner(int x) {
/// ...
/// }
///
/// The inliner gives calls to 'outer' with a constant argument a bonus because
/// it will delete one side of a branch. But the resulting call to 'inner'
/// will, after inlining, also have a constant operand. We need to do just
/// enough constant folding to expose this for callsite arguments. The rest
/// will be taken care of after the inliner finishes running.
static void simplifyCallSiteArguments(const TargetData *TD, CallSite CS) {
// FIXME: It would be nice to avoid this smallvector if RAUW doesn't
// invalidate operand iterators in any cases.
SmallVector<std::pair<Value *, Value*>, 4> SimplifiedArgs;
for (CallSite::arg_iterator I = CS.arg_begin(), E = CS.arg_end();
I != E; ++I)
if (Instruction *Inst = dyn_cast<Instruction>(*I))
if (Value *SimpleArg = SimplifyInstruction(Inst, TD))
SimplifiedArgs.push_back(std::make_pair(Inst, SimpleArg));
for (unsigned Idx = 0, Size = SimplifiedArgs.size(); Idx != Size; ++Idx)
SimplifiedArgs[Idx].first->replaceAllUsesWith(SimplifiedArgs[Idx].second);
}
/// visitStrdupCall - Handle strdup().
///
void FuncTransform::visitStrdupCall(CallSite CS) {
assert(CS.arg_end()-CS.arg_begin() == 1 && "strdup takes one argument!");
Instruction *I = CS.getInstruction();
assert (getDSNodeHFor(I).getNode() && "strdup has NULL DSNode!\n");
Value *PH = getPoolHandle(I);
Type* Int8Type = Type::getInt8Ty(CS.getInstruction()->getContext());
#if 0
assert (PH && "PH for strdup is null!\n");
#else
if (!PH) {
errs() << "strdup: NoPH\n";
return;
}
#endif
Value *OldPtr = CS.getArgument(0);
static Type *VoidPtrTy = PointerType::getUnqual(Int8Type);
if (OldPtr->getType() != VoidPtrTy)
OldPtr = CastInst::CreatePointerCast(OldPtr, VoidPtrTy, OldPtr->getName(), I);
std::string Name = I->getName(); I->setName("");
Value* Opts[3] = {PH, OldPtr, 0};
Instruction *V = CallInst::Create(PAInfo.PoolStrdup, Opts, Name, I);
Instruction *Casted = V;
if (V->getType() != I->getType())
Casted = CastInst::CreatePointerCast(V, I->getType(), V->getName(), I);
// Update def-use info
I->replaceAllUsesWith(Casted);
// If we are modifying the original function, update the DSGraph.
if (!FI.Clone) {
// V and Casted now point to whatever the original allocation did.
G->getScalarMap().replaceScalar(I, V);
if (V != Casted)
G->getScalarMap()[Casted] = G->getScalarMap()[V];
} else { // Otherwise, update the NewToOldValueMap
UpdateNewToOldValueMap(I, V, V != Casted ? Casted : 0);
}
// If this was an invoke, fix up the CFG.
if (InvokeInst *II = dyn_cast<InvokeInst>(I)) {
BranchInst::Create (II->getNormalDest(), I);
II->getUnwindDest()->removePredecessor(II->getParent(), true);
}
// Remove old allocation instruction.
I->eraseFromParent();
}
static bool isCondRelevantToAnyCallArgument(ICmpInst *Cmp, CallSite CS) {
assert(isa<Constant>(Cmp->getOperand(1)) && "Expected a constant operand.");
Value *Op0 = Cmp->getOperand(0);
unsigned ArgNo = 0;
for (CallSite::arg_iterator I = CS.arg_begin(), E = CS.arg_end(); I != E;
++I, ++ArgNo) {
// Don't consider constant or arguments that are already known non-null.
if (isa<Constant>(*I) || CS.paramHasAttr(ArgNo, Attribute::NonNull))
continue;
if (*I == Op0)
return true;
}
return false;
}
void FuncTransform::visitReallocCall(CallSite CS) {
assert(CS.arg_end()-CS.arg_begin() == 2 && "realloc takes two arguments!");
Instruction *I = CS.getInstruction();
Value *PH = getPoolHandle(I);
Value *OldPtr = CS.getArgument(0);
Value *Size = CS.getArgument(1);
// Don't poolallocate if we have no pool handle
if (PH == 0 || isa<ConstantPointerNull>(PH)) return;
if (Size->getType() != Type::getInt32Ty(CS.getInstruction()->getContext()))
Size = CastInst::CreateIntegerCast(Size, Type::getInt32Ty(CS.getInstruction()->getContext()), false, Size->getName(), I);
static Type *VoidPtrTy = PointerType::getUnqual(Type::getInt8Ty(CS.getInstruction()->getContext()));
if (OldPtr->getType() != VoidPtrTy)
OldPtr = CastInst::CreatePointerCast(OldPtr, VoidPtrTy, OldPtr->getName(), I);
std::string Name = I->getName(); I->setName("");
Value* Opts[3] = {PH, OldPtr, Size};
Instruction *V = CallInst::Create(PAInfo.PoolRealloc, Opts, Name, I);
Instruction *Casted = V;
if (V->getType() != I->getType())
Casted = CastInst::CreatePointerCast(V, I->getType(), V->getName(), I);
// Update def-use info
I->replaceAllUsesWith(Casted);
// If we are modifying the original function, update the DSGraph.
if (!FI.Clone) {
// V and Casted now point to whatever the original allocation did.
G->getScalarMap().replaceScalar(I, V);
if (V != Casted)
G->getScalarMap()[Casted] = G->getScalarMap()[V];
} else { // Otherwise, update the NewToOldValueMap
UpdateNewToOldValueMap(I, V, V != Casted ? Casted : 0);
}
// If this was an invoke, fix up the CFG.
if (InvokeInst *II = dyn_cast<InvokeInst>(I)) {
BranchInst::Create (II->getNormalDest(), I);
II->getUnwindDest()->removePredecessor(II->getParent(), true);
}
// Remove old allocation instruction.
I->eraseFromParent();
}
// Add calls to the registration functions around this call site.
void RegisterVarargCallSites::registerCallSite(Module &M, CallSite &CS) {
// Insert the registration intrinsics.
if (registrationFunc == 0 || unregistrationFunc == 0)
makeRegistrationFunctions(M);
Instruction *inst = CS.getInstruction();
LLVMContext &C = M.getContext();
Type *VoidPtrTy = Type::getInt8PtrTy(C);
Type *Int32Ty = Type::getInt32Ty(C);
// Build the argument vector to vacallregister.
vector<Value *> vaCallRegisterArgs(2);
Value *dest = CS.getCalledValue();
Value *destPtr;
// Get the function pointer casted to i8*.
if (isa<Constant>(dest))
destPtr = ConstantExpr::getPointerCast(cast<Constant>(dest), VoidPtrTy);
else
destPtr = new BitCastInst(dest, VoidPtrTy, "", inst);
vaCallRegisterArgs[0] = destPtr;
vaCallRegisterArgs[1] = ConstantInt::get(Int32Ty, CS.arg_size());
// Register all the pointer arguments to this function call as well.
set<Value *> pointerArguments;
CallSite::arg_iterator arg = CS.arg_begin();
CallSite::arg_iterator end = CS.arg_end();
for (; arg != end; ++arg) {
Value *argval = *arg;
if (isa<PointerType>(argval->getType())) {
if (pointerArguments.find(argval) == pointerArguments.end()) {
pointerArguments.insert(argval);
vaCallRegisterArgs.push_back(argval);
}
}
}
// End the argument list with a NULL parameter.
vaCallRegisterArgs.push_back(
ConstantPointerNull::get(cast<PointerType>(VoidPtrTy))
);
// Add the registration call before the call site.
CallInst::Create(registrationFunc, vaCallRegisterArgs, "", inst);
// Add the unregistration call after the call site.
Instruction *unreg = CallInst::Create(unregistrationFunc);
unreg->insertAfter(inst);
return;
}
void Preparer::expandCallSite(CallSite CS) {
// Skip the callsites that are not calling a va function.
Value *Callee = CS.getCalledValue();
FunctionType *CalleeType = cast<FunctionType>(
cast<PointerType>(Callee->getType())->getElementType());
if (!CalleeType->isVarArg()) {
return;
}
vector<Value *> Args;
for (CallSite::arg_iterator ArgI = CS.arg_begin();
ArgI != CS.arg_end(); ArgI++) {
Args.push_back(*ArgI);
}
Args.push_back(ConstantInt::get(
IntegerType::get(CS.getInstruction()->getContext(), 8), 0));
string InstName = "";
if (CS.getInstruction()->getName() != "")
InstName = CS.getInstruction()->getName().str() + ".padded";
if (CallInst *CI = dyn_cast<CallInst>(CS.getInstruction())) {
CallInst *NewCI = CallInst::Create(Callee, Args, InstName, CI);
NewCI->setAttributes(CI->getAttributes());
CI->replaceAllUsesWith(NewCI);
CI->eraseFromParent();
} else if (InvokeInst *II = dyn_cast<InvokeInst>(CS.getInstruction())) {
InvokeInst *NewII = InvokeInst::Create(Callee,
II->getNormalDest(),
II->getUnwindDest(),
Args,
InstName,
II);
NewII->setAttributes(II->getAttributes());
II->replaceAllUsesWith(NewII);
II->eraseFromParent();
}
}
/// getModRefInfo - Check to see if the specified callsite can clobber the
/// specified memory object. Since we only look at local properties of this
/// function, we really can't say much about this query. We do, however, use
/// simple "address taken" analysis on local objects.
AliasAnalysis::ModRefResult
BasicAliasAnalysis::getModRefInfo(CallSite CS, Value *P, unsigned Size) {
const Value *Object = P->getUnderlyingObject();
// If this is a tail call and P points to a stack location, we know that
// the tail call cannot access or modify the local stack.
// We cannot exclude byval arguments here; these belong to the caller of
// the current function not to the current function, and a tail callee
// may reference them.
if (isa<AllocaInst>(Object))
if (CallInst *CI = dyn_cast<CallInst>(CS.getInstruction()))
if (CI->isTailCall())
return NoModRef;
// If the pointer is to a locally allocated object that does not escape,
// then the call can not mod/ref the pointer unless the call takes the pointer
// as an argument, and itself doesn't capture it.
if (!isa<Constant>(Object) && CS.getInstruction() != Object &&
isNonEscapingLocalObject(Object)) {
bool PassedAsArg = false;
unsigned ArgNo = 0;
for (CallSite::arg_iterator CI = CS.arg_begin(), CE = CS.arg_end();
CI != CE; ++CI, ++ArgNo) {
// Only look at the no-capture pointer arguments.
if (!isa<PointerType>((*CI)->getType()) ||
!CS.paramHasAttr(ArgNo+1, Attribute::NoCapture))
continue;
// If this is a no-capture pointer argument, see if we can tell that it
// is impossible to alias the pointer we're checking. If not, we have to
// assume that the call could touch the pointer, even though it doesn't
// escape.
if (!isNoAlias(cast<Value>(CI), ~0U, P, ~0U)) {
PassedAsArg = true;
break;
}
}
if (!PassedAsArg)
return NoModRef;
}
// Finally, handle specific knowledge of intrinsics.
IntrinsicInst *II = dyn_cast<IntrinsicInst>(CS.getInstruction());
if (II == 0)
return AliasAnalysis::getModRefInfo(CS, P, Size);
switch (II->getIntrinsicID()) {
default: break;
case Intrinsic::memcpy:
case Intrinsic::memmove: {
unsigned Len = ~0U;
if (ConstantInt *LenCI = dyn_cast<ConstantInt>(II->getOperand(3)))
Len = LenCI->getZExtValue();
Value *Dest = II->getOperand(1);
Value *Src = II->getOperand(2);
if (isNoAlias(Dest, Len, P, Size)) {
if (isNoAlias(Src, Len, P, Size))
return NoModRef;
return Ref;
}
break;
}
case Intrinsic::memset:
// Since memset is 'accesses arguments' only, the AliasAnalysis base class
// will handle it for the variable length case.
if (ConstantInt *LenCI = dyn_cast<ConstantInt>(II->getOperand(3))) {
unsigned Len = LenCI->getZExtValue();
Value *Dest = II->getOperand(1);
if (isNoAlias(Dest, Len, P, Size))
return NoModRef;
}
break;
case Intrinsic::atomic_cmp_swap:
case Intrinsic::atomic_swap:
case Intrinsic::atomic_load_add:
case Intrinsic::atomic_load_sub:
case Intrinsic::atomic_load_and:
case Intrinsic::atomic_load_nand:
case Intrinsic::atomic_load_or:
case Intrinsic::atomic_load_xor:
case Intrinsic::atomic_load_max:
case Intrinsic::atomic_load_min:
case Intrinsic::atomic_load_umax:
case Intrinsic::atomic_load_umin:
if (TD) {
Value *Op1 = II->getOperand(1);
unsigned Op1Size = TD->getTypeStoreSize(Op1->getType());
if (isNoAlias(Op1, Op1Size, P, Size))
return NoModRef;
}
break;
case Intrinsic::lifetime_start:
case Intrinsic::lifetime_end:
case Intrinsic::invariant_start: {
unsigned PtrSize = cast<ConstantInt>(II->getOperand(1))->getZExtValue();
if (isNoAlias(II->getOperand(2), PtrSize, P, Size))
return NoModRef;
break;
}
case Intrinsic::invariant_end: {
unsigned PtrSize = cast<ConstantInt>(II->getOperand(2))->getZExtValue();
if (isNoAlias(II->getOperand(3), PtrSize, P, Size))
return NoModRef;
break;
}
}
// The AliasAnalysis base class has some smarts, lets use them.
return AliasAnalysis::getModRefInfo(CS, P, Size);
}
void Lint::visitCallSite(CallSite CS) {
Instruction &I = *CS.getInstruction();
Value *Callee = CS.getCalledValue();
visitMemoryReference(I, Callee, MemoryLocation::UnknownSize, 0, nullptr,
MemRef::Callee);
if (Function *F = dyn_cast<Function>(findValue(Callee,
/*OffsetOk=*/false))) {
Assert(CS.getCallingConv() == F->getCallingConv(),
"Undefined behavior: Caller and callee calling convention differ",
&I);
FunctionType *FT = F->getFunctionType();
unsigned NumActualArgs = CS.arg_size();
Assert(FT->isVarArg() ? FT->getNumParams() <= NumActualArgs
: FT->getNumParams() == NumActualArgs,
"Undefined behavior: Call argument count mismatches callee "
"argument count",
&I);
Assert(FT->getReturnType() == I.getType(),
"Undefined behavior: Call return type mismatches "
"callee return type",
&I);
// Check argument types (in case the callee was casted) and attributes.
// TODO: Verify that caller and callee attributes are compatible.
Function::arg_iterator PI = F->arg_begin(), PE = F->arg_end();
CallSite::arg_iterator AI = CS.arg_begin(), AE = CS.arg_end();
for (; AI != AE; ++AI) {
Value *Actual = *AI;
if (PI != PE) {
Argument *Formal = &*PI++;
Assert(Formal->getType() == Actual->getType(),
"Undefined behavior: Call argument type mismatches "
"callee parameter type",
&I);
// Check that noalias arguments don't alias other arguments. This is
// not fully precise because we don't know the sizes of the dereferenced
// memory regions.
if (Formal->hasNoAliasAttr() && Actual->getType()->isPointerTy())
for (CallSite::arg_iterator BI = CS.arg_begin(); BI != AE; ++BI)
if (AI != BI && (*BI)->getType()->isPointerTy()) {
AliasResult Result = AA->alias(*AI, *BI);
Assert(Result != MustAlias && Result != PartialAlias,
"Unusual: noalias argument aliases another argument", &I);
}
// Check that an sret argument points to valid memory.
if (Formal->hasStructRetAttr() && Actual->getType()->isPointerTy()) {
Type *Ty =
cast<PointerType>(Formal->getType())->getElementType();
visitMemoryReference(I, Actual, DL->getTypeStoreSize(Ty),
DL->getABITypeAlignment(Ty), Ty,
MemRef::Read | MemRef::Write);
}
}
}
}
if (CS.isCall() && cast<CallInst>(CS.getInstruction())->isTailCall())
for (CallSite::arg_iterator AI = CS.arg_begin(), AE = CS.arg_end();
AI != AE; ++AI) {
Value *Obj = findValue(*AI, /*OffsetOk=*/true);
Assert(!isa<AllocaInst>(Obj),
"Undefined behavior: Call with \"tail\" keyword references "
"alloca",
&I);
}
if (IntrinsicInst *II = dyn_cast<IntrinsicInst>(&I))
switch (II->getIntrinsicID()) {
default: break;
// TODO: Check more intrinsics
case Intrinsic::memcpy: {
MemCpyInst *MCI = cast<MemCpyInst>(&I);
// TODO: If the size is known, use it.
visitMemoryReference(I, MCI->getDest(), MemoryLocation::UnknownSize,
MCI->getAlignment(), nullptr, MemRef::Write);
visitMemoryReference(I, MCI->getSource(), MemoryLocation::UnknownSize,
MCI->getAlignment(), nullptr, MemRef::Read);
// Check that the memcpy arguments don't overlap. The AliasAnalysis API
// isn't expressive enough for what we really want to do. Known partial
// overlap is not distinguished from the case where nothing is known.
uint64_t Size = 0;
if (const ConstantInt *Len =
dyn_cast<ConstantInt>(findValue(MCI->getLength(),
/*OffsetOk=*/false)))
if (Len->getValue().isIntN(32))
Size = Len->getValue().getZExtValue();
Assert(AA->alias(MCI->getSource(), Size, MCI->getDest(), Size) !=
MustAlias,
"Undefined behavior: memcpy source and destination overlap", &I);
break;
}
case Intrinsic::memmove: {
MemMoveInst *MMI = cast<MemMoveInst>(&I);
// TODO: If the size is known, use it.
visitMemoryReference(I, MMI->getDest(), MemoryLocation::UnknownSize,
MMI->getAlignment(), nullptr, MemRef::Write);
visitMemoryReference(I, MMI->getSource(), MemoryLocation::UnknownSize,
MMI->getAlignment(), nullptr, MemRef::Read);
break;
}
case Intrinsic::memset: {
MemSetInst *MSI = cast<MemSetInst>(&I);
// TODO: If the size is known, use it.
visitMemoryReference(I, MSI->getDest(), MemoryLocation::UnknownSize,
MSI->getAlignment(), nullptr, MemRef::Write);
break;
}
case Intrinsic::vastart:
Assert(I.getParent()->getParent()->isVarArg(),
"Undefined behavior: va_start called in a non-varargs function",
&I);
visitMemoryReference(I, CS.getArgument(0), MemoryLocation::UnknownSize, 0,
nullptr, MemRef::Read | MemRef::Write);
break;
case Intrinsic::vacopy:
visitMemoryReference(I, CS.getArgument(0), MemoryLocation::UnknownSize, 0,
nullptr, MemRef::Write);
visitMemoryReference(I, CS.getArgument(1), MemoryLocation::UnknownSize, 0,
nullptr, MemRef::Read);
break;
case Intrinsic::vaend:
visitMemoryReference(I, CS.getArgument(0), MemoryLocation::UnknownSize, 0,
nullptr, MemRef::Read | MemRef::Write);
break;
case Intrinsic::stackrestore:
// Stackrestore doesn't read or write memory, but it sets the
// stack pointer, which the compiler may read from or write to
// at any time, so check it for both readability and writeability.
visitMemoryReference(I, CS.getArgument(0), MemoryLocation::UnknownSize, 0,
nullptr, MemRef::Read | MemRef::Write);
break;
}
}
/// \brief Analyze a call site for potential inlining.
///
/// Returns true if inlining this call is viable, and false if it is not
/// viable. It computes the cost and adjusts the threshold based on numerous
/// factors and heuristics. If this method returns false but the computed cost
/// is below the computed threshold, then inlining was forcibly disabled by
/// some artifact of the routine.
bool CallAnalyzer::analyzeCall(CallSite CS) {
++NumCallsAnalyzed;
// Track whether the post-inlining function would have more than one basic
// block. A single basic block is often intended for inlining. Balloon the
// threshold by 50% until we pass the single-BB phase.
bool SingleBB = true;
int SingleBBBonus = Threshold / 2;
Threshold += SingleBBBonus;
// Perform some tweaks to the cost and threshold based on the direct
// callsite information.
// We want to more aggressively inline vector-dense kernels, so up the
// threshold, and we'll lower it if the % of vector instructions gets too
// low.
assert(NumInstructions == 0);
assert(NumVectorInstructions == 0);
FiftyPercentVectorBonus = Threshold;
TenPercentVectorBonus = Threshold / 2;
// Give out bonuses per argument, as the instructions setting them up will
// be gone after inlining.
for (unsigned I = 0, E = CS.arg_size(); I != E; ++I) {
if (TD && CS.isByValArgument(I)) {
// We approximate the number of loads and stores needed by dividing the
// size of the byval type by the target's pointer size.
PointerType *PTy = cast<PointerType>(CS.getArgument(I)->getType());
unsigned TypeSize = TD->getTypeSizeInBits(PTy->getElementType());
unsigned PointerSize = TD->getPointerSizeInBits();
// Ceiling division.
unsigned NumStores = (TypeSize + PointerSize - 1) / PointerSize;
// If it generates more than 8 stores it is likely to be expanded as an
// inline memcpy so we take that as an upper bound. Otherwise we assume
// one load and one store per word copied.
// FIXME: The maxStoresPerMemcpy setting from the target should be used
// here instead of a magic number of 8, but it's not available via
// DataLayout.
NumStores = std::min(NumStores, 8U);
Cost -= 2 * NumStores * InlineConstants::InstrCost;
} else {
// For non-byval arguments subtract off one instruction per call
// argument.
Cost -= InlineConstants::InstrCost;
}
}
// If there is only one call of the function, and it has internal linkage,
// the cost of inlining it drops dramatically.
bool OnlyOneCallAndLocalLinkage = F.hasLocalLinkage() && F.hasOneUse() &&
&F == CS.getCalledFunction();
if (OnlyOneCallAndLocalLinkage)
Cost += InlineConstants::LastCallToStaticBonus;
// If the instruction after the call, or if the normal destination of the
// invoke is an unreachable instruction, the function is noreturn. As such,
// there is little point in inlining this unless there is literally zero
// cost.
Instruction *Instr = CS.getInstruction();
if (InvokeInst *II = dyn_cast<InvokeInst>(Instr)) {
if (isa<UnreachableInst>(II->getNormalDest()->begin()))
Threshold = 1;
} else if (isa<UnreachableInst>(++BasicBlock::iterator(Instr)))
Threshold = 1;
// If this function uses the coldcc calling convention, prefer not to inline
// it.
if (F.getCallingConv() == CallingConv::Cold)
Cost += InlineConstants::ColdccPenalty;
// Check if we're done. This can happen due to bonuses and penalties.
if (Cost > Threshold)
return false;
if (F.empty())
return true;
Function *Caller = CS.getInstruction()->getParent()->getParent();
// Check if the caller function is recursive itself.
for (Value::use_iterator U = Caller->use_begin(), E = Caller->use_end();
U != E; ++U) {
CallSite Site(cast<Value>(*U));
if (!Site)
continue;
Instruction *I = Site.getInstruction();
if (I->getParent()->getParent() == Caller) {
IsCallerRecursive = true;
break;
}
}
// Track whether we've seen a return instruction. The first return
// instruction is free, as at least one will usually disappear in inlining.
bool HasReturn = false;
// Populate our simplified values by mapping from function arguments to call
// arguments with known important simplifications.
CallSite::arg_iterator CAI = CS.arg_begin();
for (Function::arg_iterator FAI = F.arg_begin(), FAE = F.arg_end();
FAI != FAE; ++FAI, ++CAI) {
assert(CAI != CS.arg_end());
if (Constant *C = dyn_cast<Constant>(CAI))
SimplifiedValues[FAI] = C;
Value *PtrArg = *CAI;
if (ConstantInt *C = stripAndComputeInBoundsConstantOffsets(PtrArg)) {
ConstantOffsetPtrs[FAI] = std::make_pair(PtrArg, C->getValue());
// We can SROA any pointer arguments derived from alloca instructions.
if (isa<AllocaInst>(PtrArg)) {
SROAArgValues[FAI] = PtrArg;
SROAArgCosts[PtrArg] = 0;
}
}
}
NumConstantArgs = SimplifiedValues.size();
NumConstantOffsetPtrArgs = ConstantOffsetPtrs.size();
NumAllocaArgs = SROAArgValues.size();
// The worklist of live basic blocks in the callee *after* inlining. We avoid
// adding basic blocks of the callee which can be proven to be dead for this
// particular call site in order to get more accurate cost estimates. This
// requires a somewhat heavyweight iteration pattern: we need to walk the
// basic blocks in a breadth-first order as we insert live successors. To
// accomplish this, prioritizing for small iterations because we exit after
// crossing our threshold, we use a small-size optimized SetVector.
typedef SetVector<BasicBlock *, SmallVector<BasicBlock *, 16>,
SmallPtrSet<BasicBlock *, 16> > BBSetVector;
BBSetVector BBWorklist;
BBWorklist.insert(&F.getEntryBlock());
// Note that we *must not* cache the size, this loop grows the worklist.
for (unsigned Idx = 0; Idx != BBWorklist.size(); ++Idx) {
// Bail out the moment we cross the threshold. This means we'll under-count
// the cost, but only when undercounting doesn't matter.
if (Cost > (Threshold + VectorBonus))
break;
BasicBlock *BB = BBWorklist[Idx];
if (BB->empty())
continue;
// Handle the terminator cost here where we can track returns and other
// function-wide constructs.
TerminatorInst *TI = BB->getTerminator();
// We never want to inline functions that contain an indirectbr. This is
// incorrect because all the blockaddress's (in static global initializers
// for example) would be referring to the original function, and this
// indirect jump would jump from the inlined copy of the function into the
// original function which is extremely undefined behavior.
// FIXME: This logic isn't really right; we can safely inline functions
// with indirectbr's as long as no other function or global references the
// blockaddress of a block within the current function. And as a QOI issue,
// if someone is using a blockaddress without an indirectbr, and that
// reference somehow ends up in another function or global, we probably
// don't want to inline this function.
if (isa<IndirectBrInst>(TI))
return false;
if (!HasReturn && isa<ReturnInst>(TI))
HasReturn = true;
else
Cost += InlineConstants::InstrCost;
// Analyze the cost of this block. If we blow through the threshold, this
// returns false, and we can bail on out.
if (!analyzeBlock(BB)) {
if (IsRecursiveCall || ExposesReturnsTwice || HasDynamicAlloca)
return false;
// If the caller is a recursive function then we don't want to inline
// functions which allocate a lot of stack space because it would increase
// the caller stack usage dramatically.
if (IsCallerRecursive &&
AllocatedSize > InlineConstants::TotalAllocaSizeRecursiveCaller)
return false;
break;
}
// Add in the live successors by first checking whether we have terminator
// that may be simplified based on the values simplified by this call.
if (BranchInst *BI = dyn_cast<BranchInst>(TI)) {
if (BI->isConditional()) {
Value *Cond = BI->getCondition();
if (ConstantInt *SimpleCond
= dyn_cast_or_null<ConstantInt>(SimplifiedValues.lookup(Cond))) {
BBWorklist.insert(BI->getSuccessor(SimpleCond->isZero() ? 1 : 0));
continue;
}
}
} else if (SwitchInst *SI = dyn_cast<SwitchInst>(TI)) {
Value *Cond = SI->getCondition();
if (ConstantInt *SimpleCond
= dyn_cast_or_null<ConstantInt>(SimplifiedValues.lookup(Cond))) {
BBWorklist.insert(SI->findCaseValue(SimpleCond).getCaseSuccessor());
continue;
}
}
// If we're unable to select a particular successor, just count all of
// them.
for (unsigned TIdx = 0, TSize = TI->getNumSuccessors(); TIdx != TSize;
++TIdx)
BBWorklist.insert(TI->getSuccessor(TIdx));
// If we had any successors at this point, than post-inlining is likely to
// have them as well. Note that we assume any basic blocks which existed
// due to branches or switches which folded above will also fold after
// inlining.
if (SingleBB && TI->getNumSuccessors() > 1) {
// Take off the bonus we applied to the threshold.
Threshold -= SingleBBBonus;
SingleBB = false;
}
}
// If this is a noduplicate call, we can still inline as long as
// inlining this would cause the removal of the caller (so the instruction
// is not actually duplicated, just moved).
if (!OnlyOneCallAndLocalLinkage && ContainsNoDuplicateCall)
return false;
Threshold += VectorBonus;
return Cost < Threshold;
}
/*
* Rewrite the given module according to the ComponentInterfaceTransformer.
*/
bool
TransformComponentWithoutUse(Module& M, ComponentInterfaceTransform& T)
{
assert(T.interface != NULL);
bool modified = false;
for (Module::iterator f = M.begin(), e = M.end(); f != e; ++f) {
for (Function::iterator bb = f->begin(), bbe = f->end(); bb != bbe; ++bb) {
for (BasicBlock::iterator I = bb->begin(), E = bb->end(); I != E; ++I) {
// TODO: Handle the operands
CallSite call;
if (CallInst* ci = dyn_cast<CallInst>(&*I)) {
if (ci->isInlineAsm())
continue;
call = CallSite(ci);
} else if (InvokeInst* ci = dyn_cast<InvokeInst>(&*I)) {
call = CallSite(ci);
} else {
// TODO: We need to find all references, including ones stored in variables
// we'll be conservative and say that if it is stored in a variable then
// we can't optimize it at all
continue;
}
Function* target = call.getCalledFunction();
if (target == NULL || !target->isDeclaration()) {
continue;
}
//iam const CallRewrite* const rw = T.lookupRewrite(target->getNameStr(), call.arg_begin(), call.arg_end());
const CallRewrite* const rw = T.lookupRewrite(target->getName().str(), call.arg_begin(), call.arg_end());
if (rw == NULL) {
// There is no rewrite for this function
continue;
}
// Get/Create the function
Function* newTarget = M.getFunction(rw->function);
if (newTarget == NULL) {
// There isn't a function, we need to construct it
FunctionType* newType = target->getFunctionType();
std::vector<Type*> argTypes;
for (std::vector<unsigned>::const_iterator i = rw->args.begin(), e =
rw->args.end(); i != e; ++i)
argTypes.push_back(newType->getParamType(*i));
ArrayRef<Type*> params(argTypes);
newType = FunctionType::get(target->getReturnType(), params, target->isVarArg());
newTarget = dyn_cast<Function> (M.getOrInsertFunction(rw->function,
newType));
}
assert(newTarget != NULL);
Instruction* newInst = specializeCallSite(I, newTarget, rw->args);
llvm::ReplaceInstWithInst(bb->getInstList(), I, newInst);
modified = true;
}
}
}
return modified;
}
/// DoPromotion - This method actually performs the promotion of the specified
/// arguments, and returns the new function. At this point, we know that it's
/// safe to do so.
CallGraphNode *ArgPromotion::DoPromotion(Function *F,
SmallPtrSet<Argument*, 8> &ArgsToPromote,
SmallPtrSet<Argument*, 8> &ByValArgsToTransform) {
// Start by computing a new prototype for the function, which is the same as
// the old function, but has modified arguments.
const FunctionType *FTy = F->getFunctionType();
std::vector<const Type*> Params;
typedef std::set<IndicesVector> ScalarizeTable;
// ScalarizedElements - If we are promoting a pointer that has elements
// accessed out of it, keep track of which elements are accessed so that we
// can add one argument for each.
//
// Arguments that are directly loaded will have a zero element value here, to
// handle cases where there are both a direct load and GEP accesses.
//
std::map<Argument*, ScalarizeTable> ScalarizedElements;
// OriginalLoads - Keep track of a representative load instruction from the
// original function so that we can tell the alias analysis implementation
// what the new GEP/Load instructions we are inserting look like.
std::map<IndicesVector, LoadInst*> OriginalLoads;
// Attributes - Keep track of the parameter attributes for the arguments
// that we are *not* promoting. For the ones that we do promote, the parameter
// attributes are lost
SmallVector<AttributeWithIndex, 8> AttributesVec;
const AttrListPtr &PAL = F->getAttributes();
// Add any return attributes.
if (Attributes attrs = PAL.getRetAttributes())
AttributesVec.push_back(AttributeWithIndex::get(0, attrs));
// First, determine the new argument list
unsigned ArgIndex = 1;
for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(); I != E;
++I, ++ArgIndex) {
if (ByValArgsToTransform.count(I)) {
// Simple byval argument? Just add all the struct element types.
const Type *AgTy = cast<PointerType>(I->getType())->getElementType();
const StructType *STy = cast<StructType>(AgTy);
for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i)
Params.push_back(STy->getElementType(i));
++NumByValArgsPromoted;
} else if (!ArgsToPromote.count(I)) {
// Unchanged argument
Params.push_back(I->getType());
if (Attributes attrs = PAL.getParamAttributes(ArgIndex))
AttributesVec.push_back(AttributeWithIndex::get(Params.size(), attrs));
} else if (I->use_empty()) {
// Dead argument (which are always marked as promotable)
++NumArgumentsDead;
} else {
// Okay, this is being promoted. This means that the only uses are loads
// or GEPs which are only used by loads
// In this table, we will track which indices are loaded from the argument
// (where direct loads are tracked as no indices).
ScalarizeTable &ArgIndices = ScalarizedElements[I];
for (Value::use_iterator UI = I->use_begin(), E = I->use_end(); UI != E;
++UI) {
Instruction *User = cast<Instruction>(*UI);
assert(isa<LoadInst>(User) || isa<GetElementPtrInst>(User));
IndicesVector Indices;
Indices.reserve(User->getNumOperands() - 1);
// Since loads will only have a single operand, and GEPs only a single
// non-index operand, this will record direct loads without any indices,
// and gep+loads with the GEP indices.
for (User::op_iterator II = User->op_begin() + 1, IE = User->op_end();
II != IE; ++II)
Indices.push_back(cast<ConstantInt>(*II)->getSExtValue());
// GEPs with a single 0 index can be merged with direct loads
if (Indices.size() == 1 && Indices.front() == 0)
Indices.clear();
ArgIndices.insert(Indices);
LoadInst *OrigLoad;
if (LoadInst *L = dyn_cast<LoadInst>(User))
OrigLoad = L;
else
// Take any load, we will use it only to update Alias Analysis
OrigLoad = cast<LoadInst>(User->use_back());
OriginalLoads[Indices] = OrigLoad;
}
// Add a parameter to the function for each element passed in.
for (ScalarizeTable::iterator SI = ArgIndices.begin(),
E = ArgIndices.end(); SI != E; ++SI) {
// not allowed to dereference ->begin() if size() is 0
Params.push_back(GetElementPtrInst::getIndexedType(I->getType(),
SI->begin(),
SI->end()));
assert(Params.back());
}
if (ArgIndices.size() == 1 && ArgIndices.begin()->empty())
++NumArgumentsPromoted;
else
++NumAggregatesPromoted;
}
}
// Add any function attributes.
if (Attributes attrs = PAL.getFnAttributes())
AttributesVec.push_back(AttributeWithIndex::get(~0, attrs));
const Type *RetTy = FTy->getReturnType();
// Work around LLVM bug PR56: the CWriter cannot emit varargs functions which
// have zero fixed arguments.
bool ExtraArgHack = false;
if (Params.empty() && FTy->isVarArg()) {
ExtraArgHack = true;
Params.push_back(Type::getInt32Ty(F->getContext()));
}
// Construct the new function type using the new arguments.
FunctionType *NFTy = FunctionType::get(RetTy, Params, FTy->isVarArg());
// Create the new function body and insert it into the module.
Function *NF = Function::Create(NFTy, F->getLinkage(), F->getName());
NF->copyAttributesFrom(F);
DEBUG(dbgs() << "ARG PROMOTION: Promoting to:" << *NF << "\n"
<< "From: " << *F);
// Recompute the parameter attributes list based on the new arguments for
// the function.
NF->setAttributes(AttrListPtr::get(AttributesVec.begin(),
AttributesVec.end()));
AttributesVec.clear();
F->getParent()->getFunctionList().insert(F, NF);
NF->takeName(F);
// Get the alias analysis information that we need to update to reflect our
// changes.
AliasAnalysis &AA = getAnalysis<AliasAnalysis>();
// Get the callgraph information that we need to update to reflect our
// changes.
CallGraph &CG = getAnalysis<CallGraph>();
// Get a new callgraph node for NF.
CallGraphNode *NF_CGN = CG.getOrInsertFunction(NF);
// Loop over all of the callers of the function, transforming the call sites
// to pass in the loaded pointers.
//
SmallVector<Value*, 16> Args;
while (!F->use_empty()) {
CallSite CS = CallSite::get(F->use_back());
assert(CS.getCalledFunction() == F);
Instruction *Call = CS.getInstruction();
const AttrListPtr &CallPAL = CS.getAttributes();
// Add any return attributes.
if (Attributes attrs = CallPAL.getRetAttributes())
AttributesVec.push_back(AttributeWithIndex::get(0, attrs));
// Loop over the operands, inserting GEP and loads in the caller as
// appropriate.
CallSite::arg_iterator AI = CS.arg_begin();
ArgIndex = 1;
for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end();
I != E; ++I, ++AI, ++ArgIndex)
if (!ArgsToPromote.count(I) && !ByValArgsToTransform.count(I)) {
Args.push_back(*AI); // Unmodified argument
if (Attributes Attrs = CallPAL.getParamAttributes(ArgIndex))
AttributesVec.push_back(AttributeWithIndex::get(Args.size(), Attrs));
} else if (ByValArgsToTransform.count(I)) {
// Emit a GEP and load for each element of the struct.
const Type *AgTy = cast<PointerType>(I->getType())->getElementType();
const StructType *STy = cast<StructType>(AgTy);
Value *Idxs[2] = {
ConstantInt::get(Type::getInt32Ty(F->getContext()), 0), 0 };
for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i) {
Idxs[1] = ConstantInt::get(Type::getInt32Ty(F->getContext()), i);
Value *Idx = GetElementPtrInst::Create(*AI, Idxs, Idxs+2,
(*AI)->getName()+"."+utostr(i),
Call);
// TODO: Tell AA about the new values?
Args.push_back(new LoadInst(Idx, Idx->getName()+".val", Call));
}
} else if (!I->use_empty()) {
// Non-dead argument: insert GEPs and loads as appropriate.
ScalarizeTable &ArgIndices = ScalarizedElements[I];
// Store the Value* version of the indices in here, but declare it now
// for reuse.
std::vector<Value*> Ops;
for (ScalarizeTable::iterator SI = ArgIndices.begin(),
E = ArgIndices.end(); SI != E; ++SI) {
Value *V = *AI;
LoadInst *OrigLoad = OriginalLoads[*SI];
if (!SI->empty()) {
Ops.reserve(SI->size());
const Type *ElTy = V->getType();
for (IndicesVector::const_iterator II = SI->begin(),
IE = SI->end(); II != IE; ++II) {
// Use i32 to index structs, and i64 for others (pointers/arrays).
// This satisfies GEP constraints.
const Type *IdxTy = (ElTy->isStructTy() ?
Type::getInt32Ty(F->getContext()) :
Type::getInt64Ty(F->getContext()));
Ops.push_back(ConstantInt::get(IdxTy, *II));
// Keep track of the type we're currently indexing.
ElTy = cast<CompositeType>(ElTy)->getTypeAtIndex(*II);
}
// And create a GEP to extract those indices.
V = GetElementPtrInst::Create(V, Ops.begin(), Ops.end(),
V->getName()+".idx", Call);
Ops.clear();
AA.copyValue(OrigLoad->getOperand(0), V);
}
// Since we're replacing a load make sure we take the alignment
// of the previous load.
LoadInst *newLoad = new LoadInst(V, V->getName()+".val", Call);
newLoad->setAlignment(OrigLoad->getAlignment());
Args.push_back(newLoad);
AA.copyValue(OrigLoad, Args.back());
}
}
if (ExtraArgHack)
Args.push_back(Constant::getNullValue(Type::getInt32Ty(F->getContext())));
// Push any varargs arguments on the list.
for (; AI != CS.arg_end(); ++AI, ++ArgIndex) {
Args.push_back(*AI);
if (Attributes Attrs = CallPAL.getParamAttributes(ArgIndex))
AttributesVec.push_back(AttributeWithIndex::get(Args.size(), Attrs));
}
// Add any function attributes.
if (Attributes attrs = CallPAL.getFnAttributes())
AttributesVec.push_back(AttributeWithIndex::get(~0, attrs));
Instruction *New;
if (InvokeInst *II = dyn_cast<InvokeInst>(Call)) {
New = InvokeInst::Create(NF, II->getNormalDest(), II->getUnwindDest(),
Args.begin(), Args.end(), "", Call);
cast<InvokeInst>(New)->setCallingConv(CS.getCallingConv());
cast<InvokeInst>(New)->setAttributes(AttrListPtr::get(AttributesVec.begin(),
AttributesVec.end()));
} else {
New = CallInst::Create(NF, Args.begin(), Args.end(), "", Call);
cast<CallInst>(New)->setCallingConv(CS.getCallingConv());
cast<CallInst>(New)->setAttributes(AttrListPtr::get(AttributesVec.begin(),
AttributesVec.end()));
if (cast<CallInst>(Call)->isTailCall())
cast<CallInst>(New)->setTailCall();
}
Args.clear();
AttributesVec.clear();
// Update the alias analysis implementation to know that we are replacing
// the old call with a new one.
AA.replaceWithNewValue(Call, New);
// Update the callgraph to know that the callsite has been transformed.
CallGraphNode *CalleeNode = CG[Call->getParent()->getParent()];
CalleeNode->replaceCallEdge(Call, New, NF_CGN);
if (!Call->use_empty()) {
Call->replaceAllUsesWith(New);
New->takeName(Call);
}
// Finally, remove the old call from the program, reducing the use-count of
// F.
Call->eraseFromParent();
}
// Since we have now created the new function, splice the body of the old
// function right into the new function, leaving the old rotting hulk of the
// function empty.
NF->getBasicBlockList().splice(NF->begin(), F->getBasicBlockList());
// Loop over the argument list, transfering uses of the old arguments over to
// the new arguments, also transfering over the names as well.
//
for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(),
I2 = NF->arg_begin(); I != E; ++I) {
if (!ArgsToPromote.count(I) && !ByValArgsToTransform.count(I)) {
// If this is an unmodified argument, move the name and users over to the
// new version.
I->replaceAllUsesWith(I2);
I2->takeName(I);
AA.replaceWithNewValue(I, I2);
++I2;
continue;
}
if (ByValArgsToTransform.count(I)) {
// In the callee, we create an alloca, and store each of the new incoming
// arguments into the alloca.
Instruction *InsertPt = NF->begin()->begin();
// Just add all the struct element types.
const Type *AgTy = cast<PointerType>(I->getType())->getElementType();
Value *TheAlloca = new AllocaInst(AgTy, 0, "", InsertPt);
const StructType *STy = cast<StructType>(AgTy);
Value *Idxs[2] = {
ConstantInt::get(Type::getInt32Ty(F->getContext()), 0), 0 };
for (unsigned i = 0, e = STy->getNumElements(); i != e; ++i) {
Idxs[1] = ConstantInt::get(Type::getInt32Ty(F->getContext()), i);
Value *Idx =
GetElementPtrInst::Create(TheAlloca, Idxs, Idxs+2,
TheAlloca->getName()+"."+Twine(i),
InsertPt);
I2->setName(I->getName()+"."+Twine(i));
new StoreInst(I2++, Idx, InsertPt);
}
// Anything that used the arg should now use the alloca.
I->replaceAllUsesWith(TheAlloca);
TheAlloca->takeName(I);
AA.replaceWithNewValue(I, TheAlloca);
continue;
}
if (I->use_empty()) {
AA.deleteValue(I);
continue;
}
// Otherwise, if we promoted this argument, then all users are load
// instructions (or GEPs with only load users), and all loads should be
// using the new argument that we added.
ScalarizeTable &ArgIndices = ScalarizedElements[I];
while (!I->use_empty()) {
if (LoadInst *LI = dyn_cast<LoadInst>(I->use_back())) {
assert(ArgIndices.begin()->empty() &&
"Load element should sort to front!");
I2->setName(I->getName()+".val");
LI->replaceAllUsesWith(I2);
AA.replaceWithNewValue(LI, I2);
LI->eraseFromParent();
DEBUG(dbgs() << "*** Promoted load of argument '" << I->getName()
<< "' in function '" << F->getName() << "'\n");
} else {
GetElementPtrInst *GEP = cast<GetElementPtrInst>(I->use_back());
IndicesVector Operands;
Operands.reserve(GEP->getNumIndices());
for (User::op_iterator II = GEP->idx_begin(), IE = GEP->idx_end();
II != IE; ++II)
Operands.push_back(cast<ConstantInt>(*II)->getSExtValue());
// GEPs with a single 0 index can be merged with direct loads
if (Operands.size() == 1 && Operands.front() == 0)
Operands.clear();
Function::arg_iterator TheArg = I2;
for (ScalarizeTable::iterator It = ArgIndices.begin();
*It != Operands; ++It, ++TheArg) {
assert(It != ArgIndices.end() && "GEP not handled??");
}
std::string NewName = I->getName();
for (unsigned i = 0, e = Operands.size(); i != e; ++i) {
NewName += "." + utostr(Operands[i]);
}
NewName += ".val";
TheArg->setName(NewName);
DEBUG(dbgs() << "*** Promoted agg argument '" << TheArg->getName()
<< "' of function '" << NF->getName() << "'\n");
// All of the uses must be load instructions. Replace them all with
// the argument specified by ArgNo.
while (!GEP->use_empty()) {
LoadInst *L = cast<LoadInst>(GEP->use_back());
L->replaceAllUsesWith(TheArg);
AA.replaceWithNewValue(L, TheArg);
L->eraseFromParent();
}
AA.deleteValue(GEP);
GEP->eraseFromParent();
}
}
// Increment I2 past all of the arguments added for this promoted pointer.
for (unsigned i = 0, e = ArgIndices.size(); i != e; ++i)
++I2;
}
// Notify the alias analysis implementation that we inserted a new argument.
if (ExtraArgHack)
AA.copyValue(Constant::getNullValue(Type::getInt32Ty(F->getContext())),
NF->arg_begin());
// Tell the alias analysis that the old function is about to disappear.
AA.replaceWithNewValue(F, NF);
NF_CGN->stealCalledFunctionsFrom(CG[F]);
// Now that the old function is dead, delete it. If there is a dangling
// reference to the CallgraphNode, just leave the dead function around for
// someone else to nuke.
CallGraphNode *CGN = CG[F];
if (CGN->getNumReferences() == 0)
delete CG.removeFunctionFromModule(CGN);
else
F->setLinkage(Function::ExternalLinkage);
return NF_CGN;
}
// FIXME: This might have been relevant for the old JIT but the MCJIT
// has a completly different implementation so this comment below is
// likely irrelevant and misleading.
//
// For performance purposes we construct the stub in such a way that the
// arguments pointer is passed through the static global variable gTheArgsP in
// this file. This is done so that the stub function prototype trivially matches
// the special cases that the JIT knows how to directly call. If this is not
// done, then the jit will end up generating a nullary stub just to call our
// stub, for every single function call.
Function *ExternalDispatcherImpl::createDispatcher(Function *target,
Instruction *inst,
Module *module) {
if (!resolveSymbol(target->getName()))
return 0;
CallSite cs;
if (inst->getOpcode() == Instruction::Call) {
cs = CallSite(cast<CallInst>(inst));
} else {
cs = CallSite(cast<InvokeInst>(inst));
}
Value **args = new Value *[cs.arg_size()];
std::vector<Type *> nullary;
// MCJIT functions need unique names, or wrong function can be called.
// The module identifier is included because for the MCJIT we need
// unique function names across all `llvm::Modules`s.
std::string fnName =
"dispatcher_" + target->getName().str() + module->getModuleIdentifier();
Function *dispatcher =
Function::Create(FunctionType::get(Type::getVoidTy(ctx), nullary, false),
GlobalVariable::ExternalLinkage, fnName, module);
BasicBlock *dBB = BasicBlock::Create(ctx, "entry", dispatcher);
// Get a Value* for &gTheArgsP, as an i64**.
Instruction *argI64sp = new IntToPtrInst(
ConstantInt::get(Type::getInt64Ty(ctx), (uintptr_t)(void *)&gTheArgsP),
PointerType::getUnqual(PointerType::getUnqual(Type::getInt64Ty(ctx))),
"argsp", dBB);
Instruction *argI64s = new LoadInst(argI64sp, "args", dBB);
// Get the target function type.
FunctionType *FTy = cast<FunctionType>(
cast<PointerType>(target->getType())->getElementType());
// Each argument will be passed by writing it into gTheArgsP[i].
unsigned i = 0, idx = 2;
for (CallSite::arg_iterator ai = cs.arg_begin(), ae = cs.arg_end(); ai != ae;
++ai, ++i) {
// Determine the type the argument will be passed as. This accomodates for
// the corresponding code in Executor.cpp for handling calls to bitcasted
// functions.
Type *argTy =
(i < FTy->getNumParams() ? FTy->getParamType(i) : (*ai)->getType());
Instruction *argI64p = GetElementPtrInst::Create(
KLEE_LLVM_GEP_TYPE(nullptr)
argI64s, ConstantInt::get(Type::getInt32Ty(ctx), idx), "", dBB);
Instruction *argp =
new BitCastInst(argI64p, PointerType::getUnqual(argTy), "", dBB);
args[i] = new LoadInst(argp, "", dBB);
unsigned argSize = argTy->getPrimitiveSizeInBits();
idx += ((!!argSize ? argSize : 64) + 63) / 64;
}
Constant *dispatchTarget = module->getOrInsertFunction(
target->getName(), FTy, target->getAttributes());
Instruction *result = CallInst::Create(
dispatchTarget, llvm::ArrayRef<Value *>(args, args + i), "", dBB);
if (result->getType() != Type::getVoidTy(ctx)) {
Instruction *resp = new BitCastInst(
argI64s, PointerType::getUnqual(result->getType()), "", dBB);
new StoreInst(result, resp, dBB);
}
ReturnInst::Create(ctx, dBB);
delete[] args;
return dispatcher;
}
///
/// Method: visitIntrinsic()
///
/// Description:
/// Generate correct DSNodes for calls to LLVM intrinsic functions.
///
/// Inputs:
/// CS - The CallSite representing the call or invoke to the intrinsic.
/// F - A pointer to the function called by the call site.
///
/// Return value:
/// true - This intrinsic is properly handled by this method.
/// false - This intrinsic is not recognized by DSA.
///
bool GraphBuilder::visitIntrinsic(CallSite CS, Function *F) {
++NumIntrinsicCall;
//
// If this is a debug intrinsic, then don't do any special processing.
//
if (isa<DbgInfoIntrinsic>(CS.getInstruction()))
return true;
switch (F->getIntrinsicID()) {
case Intrinsic::vastart: {
visitVAStartInst(CS);
return true;
}
case Intrinsic::vacopy: {
// Simply merge the two arguments to va_copy.
// This results in loss of precision on the temporaries used to manipulate
// the va_list, and so isn't a big deal. In theory we would build a
// separate graph for this (like the one created in visitVAStartNode)
// and only merge the node containing the variable arguments themselves.
DSNodeHandle destNH = getValueDest(CS.getArgument(0));
DSNodeHandle srcNH = getValueDest(CS.getArgument(1));
destNH.mergeWith(srcNH);
return true;
}
case Intrinsic::stacksave: {
DSNode * Node = createNode();
Node->setAllocaMarker()->setIncompleteMarker()->setUnknownMarker();
Node->foldNodeCompletely();
setDestTo (*(CS.getInstruction()), Node);
return true;
}
case Intrinsic::stackrestore:
getValueDest(CS.getInstruction()).getNode()->setAllocaMarker()
->setIncompleteMarker()
->setUnknownMarker()
->foldNodeCompletely();
return true;
case Intrinsic::vaend:
case Intrinsic::memcpy:
case Intrinsic::memmove: {
// Merge the first & second arguments, and mark the memory read and
// modified.
DSNodeHandle RetNH = getValueDest(*CS.arg_begin());
RetNH.mergeWith(getValueDest(*(CS.arg_begin()+1)));
if (DSNode *N = RetNH.getNode())
N->setModifiedMarker()->setReadMarker();
return true;
}
case Intrinsic::memset:
// Mark the memory modified.
if (DSNode *N = getValueDest(*CS.arg_begin()).getNode())
N->setModifiedMarker();
return true;
case Intrinsic::eh_exception: {
DSNode * Node = createNode();
Node->setIncompleteMarker();
Node->foldNodeCompletely();
setDestTo (*(CS.getInstruction()), Node);
return true;
}
case Intrinsic::eh_selector: {
for (CallSite::arg_iterator I = CS.arg_begin(), E = CS.arg_end();
I != E; ++I) {
if (isa<PointerType>((*I)->getType())) {
DSNodeHandle Ptr = getValueDest(*I);
if(Ptr.getNode()) {
Ptr.getNode()->setReadMarker();
Ptr.getNode()->setIncompleteMarker();
}
}
}
return true;
}
case Intrinsic::eh_typeid_for: {
DSNodeHandle Ptr = getValueDest(*CS.arg_begin());
Ptr.getNode()->setReadMarker();
Ptr.getNode()->setIncompleteMarker();
return true;
}
case Intrinsic::prefetch:
return true;
case Intrinsic::objectsize:
return true;
//
// The return address/frame address aliases with the stack,
// is type-unknown, and should
// have the unknown flag set since we don't know where it goes.
//
case Intrinsic::returnaddress:
case Intrinsic::frameaddress: {
DSNode * Node = createNode();
Node->setAllocaMarker()->setIncompleteMarker()->setUnknownMarker();
Node->foldNodeCompletely();
setDestTo (*(CS.getInstruction()), Node);
return true;
}
// Process lifetime intrinsics
case Intrinsic::lifetime_start:
case Intrinsic::lifetime_end:
case Intrinsic::invariant_start:
case Intrinsic::invariant_end:
return true;
default: {
//ignore pointer free intrinsics
if (!isa<PointerType>(F->getReturnType())) {
bool hasPtr = false;
for (Function::const_arg_iterator I = F->arg_begin(), E = F->arg_end();
I != E && !hasPtr; ++I)
if (isa<PointerType>(I->getType()))
hasPtr = true;
if (!hasPtr)
return true;
}
DEBUG(errs() << "[dsa:local] Unhandled intrinsic: " << F->getName() << "\n");
assert(0 && "Unhandled intrinsic");
return false;
}
}
}
/// AddReadAttrs - Deduce readonly/readnone attributes for the SCC.
bool FunctionAttrs::AddReadAttrs(const CallGraphSCC &SCC) {
SmallPtrSet<Function*, 8> SCCNodes;
// Fill SCCNodes with the elements of the SCC. Used for quickly
// looking up whether a given CallGraphNode is in this SCC.
for (CallGraphSCC::iterator I = SCC.begin(), E = SCC.end(); I != E; ++I)
SCCNodes.insert((*I)->getFunction());
// Check if any of the functions in the SCC read or write memory. If they
// write memory then they can't be marked readnone or readonly.
bool ReadsMemory = false;
for (CallGraphSCC::iterator I = SCC.begin(), E = SCC.end(); I != E; ++I) {
Function *F = (*I)->getFunction();
if (F == 0)
// External node - may write memory. Just give up.
return false;
if (F->doesNotAccessMemory())
// Already perfect!
continue;
// Definitions with weak linkage may be overridden at linktime with
// something that writes memory, so treat them like declarations.
if (F->isDeclaration() || F->mayBeOverridden()) {
if (!F->onlyReadsMemory())
// May write memory. Just give up.
return false;
ReadsMemory = true;
continue;
}
// Scan the function body for instructions that may read or write memory.
for (inst_iterator II = inst_begin(F), E = inst_end(F); II != E; ++II) {
Instruction *I = &*II;
// Some instructions can be ignored even if they read or write memory.
// Detect these now, skipping to the next instruction if one is found.
CallSite CS = CallSite::get(I);
if (CS.getInstruction() && CS.getCalledFunction()) {
// Ignore calls to functions in the same SCC.
if (SCCNodes.count(CS.getCalledFunction()))
continue;
// Ignore intrinsics that only access local memory.
if (unsigned id = CS.getCalledFunction()->getIntrinsicID())
if (AliasAnalysis::getModRefBehavior(id) ==
AliasAnalysis::AccessesArguments) {
// Check that all pointer arguments point to local memory.
for (CallSite::arg_iterator CI = CS.arg_begin(), CE = CS.arg_end();
CI != CE; ++CI) {
Value *Arg = *CI;
if (Arg->getType()->isPointerTy() && !PointsToLocalMemory(Arg))
// Writes memory. Just give up.
return false;
}
// Only reads and writes local memory.
continue;
}
} else if (LoadInst *LI = dyn_cast<LoadInst>(I)) {
// Ignore loads from local memory.
if (PointsToLocalMemory(LI->getPointerOperand()))
continue;
} else if (StoreInst *SI = dyn_cast<StoreInst>(I)) {
// Ignore stores to local memory.
if (PointsToLocalMemory(SI->getPointerOperand()))
continue;
}
// Any remaining instructions need to be taken seriously! Check if they
// read or write memory.
if (I->mayWriteToMemory())
// Writes memory. Just give up.
return false;
if (isMalloc(I))
// malloc claims not to write memory! PR3754.
return false;
// If this instruction may read memory, remember that.
ReadsMemory |= I->mayReadFromMemory();
}
}
// Success! Functions in this SCC do not access memory, or only read memory.
// Give them the appropriate attribute.
bool MadeChange = false;
for (CallGraphSCC::iterator I = SCC.begin(), E = SCC.end(); I != E; ++I) {
Function *F = (*I)->getFunction();
if (F->doesNotAccessMemory())
// Already perfect!
continue;
if (F->onlyReadsMemory() && ReadsMemory)
// No change.
continue;
MadeChange = true;
// Clear out any existing attributes.
F->removeAttribute(~0, Attribute::ReadOnly | Attribute::ReadNone);
// Add in the new attribute.
F->addAttribute(~0, ReadsMemory? Attribute::ReadOnly : Attribute::ReadNone);
if (ReadsMemory)
++NumReadOnly;
else
++NumReadNone;
}
return MadeChange;
}
void RTAssociate::replaceCall(CallSite CS, FuncInfo& FI, DataStructures* DS) {
const Function *CF = CS.getCalledFunction();
Instruction *TheCall = CS.getInstruction();
// If the called function is casted from one function type to another, peer
// into the cast instruction and pull out the actual function being called.
if (ConstantExpr *CE = dyn_cast<ConstantExpr>(CS.getCalledValue()))
if (CE->getOpcode() == Instruction::BitCast &&
isa<Function>(CE->getOperand(0)))
CF = cast<Function>(CE->getOperand(0));
if (isa<InlineAsm>(TheCall->getOperand(0))) {
errs() << "INLINE ASM: ignoring. Hoping that's safe.\n";
return;
}
// Ignore calls to NULL pointers.
if (isa<ConstantPointerNull>(CS.getCalledValue())) {
errs() << "WARNING: Ignoring call using NULL function pointer.\n";
return;
}
// We need to figure out which local pool descriptors correspond to the pool
// descriptor arguments passed into the function call. Calculate a mapping
// from callee DSNodes to caller DSNodes. We construct a partial isomophism
// between the graphs to figure out which pool descriptors need to be passed
// in. The roots of this mapping is found from arguments and return values.
//
DSGraph::NodeMapTy NodeMapping;
Instruction *NewCall;
Value *NewCallee;
std::vector<const DSNode*> ArgNodes;
DSGraph *CalleeGraph; // The callee graph
// For indirect callees, find any callee since all DS graphs have been
// merged.
if (CF) { // Direct calls are nice and simple.
DEBUG(errs() << " Handling direct call: " << *TheCall);
FuncInfo *CFI = getFuncInfo(CF);
if (CFI == 0 || CFI->Clone == 0) // Nothing to transform...
return;
NewCallee = CFI->Clone;
ArgNodes = CFI->ArgNodes;
assert ((DS->hasDSGraph (*CF)) && "Function has no ECGraph!\n");
CalleeGraph = DS->getDSGraph(*CF);
} else {
DEBUG(errs() << " Handling indirect call: " << *TheCall);
// Here we fill in CF with one of the possible called functions. Because we
// merged together all of the arguments to all of the functions in the
// equivalence set, it doesn't really matter which one we pick.
// (If the function was cloned, we have to map the cloned call instruction
// in CS back to the original call instruction.)
Instruction *OrigInst =
cast<Instruction>(FI.getOldValueIfAvailable(CS.getInstruction()));
DSCallGraph::callee_iterator I = DS->getCallGraph().callee_begin(CS);
if (I != DS->getCallGraph().callee_end(CS))
CF = *I;
// If we didn't find the callee in the constructed call graph, try
// checking in the DSNode itself.
// This isn't ideal as it means that this call site didn't have inlining
// happen.
if (!CF) {
DSGraph* dg = DS->getDSGraph(*OrigInst->getParent()->getParent());
DSNode* d = dg->getNodeForValue(OrigInst->getOperand(0)).getNode();
assert (d && "No DSNode!\n");
std::vector<const Function*> g;
d->addFullFunctionList(g);
if (g.size()) {
EquivalenceClasses< const GlobalValue *> & EC = dg->getGlobalECs();
for(std::vector<const Function*>::const_iterator ii = g.begin(), ee = g.end();
!CF && ii != ee; ++ii) {
for (EquivalenceClasses<const GlobalValue *>::member_iterator MI = EC.findLeader(*ii);
MI != EC.member_end(); ++MI) // Loop over members in this set.
if ((CF = dyn_cast<Function>(*MI))) {
break;
}
}
}
}
//
// Do an assert unless we're bugpointing something.
//
// if ((UsingBugpoint) && (!CF)) return;
if (!CF)
errs() << "No Graph for CallSite in "
<< TheCall->getParent()->getParent()->getName().str()
<< " originally "
<< OrigInst->getParent()->getParent()->getName().str()
<< "\n";
assert (CF && "No call graph info");
// Get the common graph for the set of functions this call may invoke.
// if (UsingBugpoint && (!(Graphs.hasDSGraph(*CF)))) return;
assert ((DS->hasDSGraph(*CF)) && "Function has no DSGraph!\n");
CalleeGraph = DS->getDSGraph(*CF);
#ifndef NDEBUG
// Verify that all potential callees at call site have the same DS graph.
DSCallGraph::callee_iterator E = DS->getCallGraph().callee_end(CS);
for (; I != E; ++I)
if (!(*I)->isDeclaration())
assert(CalleeGraph == DS->getDSGraph(**I) &&
"Callees at call site do not have a common graph!");
#endif
// Find the DS nodes for the arguments that need to be added, if any.
FuncInfo *CFI = getFuncInfo(CF);
assert(CFI && "No function info for callee at indirect call?");
ArgNodes = CFI->ArgNodes;
if (ArgNodes.empty())
return; // No arguments to add? Transformation is a noop!
// Cast the function pointer to an appropriate type!
std::vector<Type*> ArgTys(ArgNodes.size(), PoolDescPtrTy);
for (CallSite::arg_iterator I = CS.arg_begin(), E = CS.arg_end();
I != E; ++I)
ArgTys.push_back((*I)->getType());
FunctionType *FTy = FunctionType::get(TheCall->getType(), ArgTys, false);
PointerType *PFTy = PointerType::getUnqual(FTy);
// If there are any pool arguments cast the func ptr to the right type.
NewCallee = CastInst::CreatePointerCast(CS.getCalledValue(), PFTy, "tmp", TheCall);
}
Function::const_arg_iterator FAI = CF->arg_begin(), E = CF->arg_end();
CallSite::arg_iterator AI = CS.arg_begin(), AE = CS.arg_end();
for ( ; FAI != E && AI != AE; ++FAI, ++AI)
if (!isa<Constant>(*AI))
DSGraph::computeNodeMapping(CalleeGraph->getNodeForValue(FAI),
FI.getDSNodeHFor(*AI), NodeMapping, false);
assert(AI == AE && "Varargs calls not handled yet!");
// Map the return value as well...
if (isa<PointerType>(TheCall->getType()))
DSGraph::computeNodeMapping(CalleeGraph->getReturnNodeFor(*CF),
FI.getDSNodeHFor(TheCall), NodeMapping, false);
// Okay, now that we have established our mapping, we can figure out which
// pool descriptors to pass in...
std::vector<Value*> Args;
for (unsigned i = 0, e = ArgNodes.size(); i != e; ++i) {
Value *ArgVal = Constant::getNullValue(PoolDescPtrTy);
if (NodeMapping.count(ArgNodes[i]))
if (DSNode *LocalNode = NodeMapping[ArgNodes[i]].getNode())
if (FI.PoolDescriptors.count(LocalNode))
ArgVal = FI.PoolDescriptors.find(LocalNode)->second;
if (isa<Constant > (ArgVal) && cast<Constant > (ArgVal)->isNullValue())
errs() << "WARNING: NULL POOL ARGUMENTS ARE PASSED IN!\n";
Args.push_back(ArgVal);
}
// Add the rest of the arguments...
Args.insert(Args.end(), CS.arg_begin(), CS.arg_end());
//
// There are circumstances where a function is casted to another type and
// then called (que horible). We need to perform a similar cast if the
// type doesn't match the number of arguments.
//
if (Function * NewFunction = dyn_cast<Function>(NewCallee)) {
FunctionType * NewCalleeType = NewFunction->getFunctionType();
if (NewCalleeType->getNumParams() != Args.size()) {
std::vector<Type *> Types;
Type * FuncTy = FunctionType::get (NewCalleeType->getReturnType(),
Types,
true);
FuncTy = PointerType::getUnqual (FuncTy);
NewCallee = new BitCastInst (NewCallee, FuncTy, "", TheCall);
}
}
std::string Name = TheCall->getName(); TheCall->setName("");
if (InvokeInst *II = dyn_cast<InvokeInst>(TheCall)) {
NewCall = InvokeInst::Create (NewCallee, II->getNormalDest(),
II->getUnwindDest(),
Args, Name, TheCall);
} else {
NewCall = CallInst::Create (NewCallee, Args, Name,
TheCall);
}
TheCall->replaceAllUsesWith(NewCall);
DEBUG(errs() << " Result Call: " << *NewCall);
if (TheCall->getType()->getTypeID() != Type::VoidTyID) {
// If we are modifying the original function, update the DSGraph...
DSGraph::ScalarMapTy &SM = FI.G->getScalarMap();
DSGraph::ScalarMapTy::iterator CII = SM.find(TheCall);
if (CII != SM.end()) {
SM[NewCall] = CII->second;
SM.erase(CII); // Destroy the CallInst
} else if (!FI.NewToOldValueMap.empty()) {
// Otherwise, if this is a clone, update the NewToOldValueMap with the new
// CI return value.
FI.UpdateNewToOldValueMap(TheCall, NewCall);
}
} else if (!FI.NewToOldValueMap.empty()) {
FI.UpdateNewToOldValueMap(TheCall, NewCall);
}
//FIXME: attributes on call?
CallSite(NewCall).setCallingConv(CallSite(TheCall).getCallingConv());
TheCall->eraseFromParent();
}
// RemoveDeadStuffFromFunction - Remove any arguments and return values from F
// that are not in LiveValues. Transform the function and all of the callees of
// the function to not have these arguments and return values.
//
bool DAE::RemoveDeadStuffFromFunction(Function *F) {
// Don't modify fully live functions
if (LiveFunctions.count(F))
return false;
// Start by computing a new prototype for the function, which is the same as
// the old function, but has fewer arguments and a different return type.
const FunctionType *FTy = F->getFunctionType();
std::vector<const Type*> Params;
// Set up to build a new list of parameter attributes.
SmallVector<AttributeWithIndex, 8> AttributesVec;
const AttrListPtr &PAL = F->getAttributes();
// The existing function return attributes.
Attributes RAttrs = PAL.getRetAttributes();
Attributes FnAttrs = PAL.getFnAttributes();
// Find out the new return value.
const Type *RetTy = FTy->getReturnType();
const Type *NRetTy = NULL;
unsigned RetCount = NumRetVals(F);
// -1 means unused, other numbers are the new index
SmallVector<int, 5> NewRetIdxs(RetCount, -1);
std::vector<const Type*> RetTypes;
if (RetTy == Type::getVoidTy(F->getContext())) {
NRetTy = Type::getVoidTy(F->getContext());
} else {
const StructType *STy = dyn_cast<StructType>(RetTy);
if (STy)
// Look at each of the original return values individually.
for (unsigned i = 0; i != RetCount; ++i) {
RetOrArg Ret = CreateRet(F, i);
if (LiveValues.erase(Ret)) {
RetTypes.push_back(STy->getElementType(i));
NewRetIdxs[i] = RetTypes.size() - 1;
} else {
++NumRetValsEliminated;
DEBUG(dbgs() << "DAE - Removing return value " << i << " from "
<< F->getName() << "\n");
}
}
else
// We used to return a single value.
if (LiveValues.erase(CreateRet(F, 0))) {
RetTypes.push_back(RetTy);
NewRetIdxs[0] = 0;
} else {
DEBUG(dbgs() << "DAE - Removing return value from " << F->getName()
<< "\n");
++NumRetValsEliminated;
}
if (RetTypes.size() > 1)
// More than one return type? Return a struct with them. Also, if we used
// to return a struct and didn't change the number of return values,
// return a struct again. This prevents changing {something} into
// something and {} into void.
// Make the new struct packed if we used to return a packed struct
// already.
NRetTy = StructType::get(STy->getContext(), RetTypes, STy->isPacked());
else if (RetTypes.size() == 1)
// One return type? Just a simple value then, but only if we didn't use to
// return a struct with that simple value before.
NRetTy = RetTypes.front();
else if (RetTypes.size() == 0)
// No return types? Make it void, but only if we didn't use to return {}.
NRetTy = Type::getVoidTy(F->getContext());
}
assert(NRetTy && "No new return type found?");
// Remove any incompatible attributes, but only if we removed all return
// values. Otherwise, ensure that we don't have any conflicting attributes
// here. Currently, this should not be possible, but special handling might be
// required when new return value attributes are added.
if (NRetTy == Type::getVoidTy(F->getContext()))
RAttrs &= ~Attribute::typeIncompatible(NRetTy);
else
assert((RAttrs & Attribute::typeIncompatible(NRetTy)) == 0
&& "Return attributes no longer compatible?");
if (RAttrs)
AttributesVec.push_back(AttributeWithIndex::get(0, RAttrs));
// Remember which arguments are still alive.
SmallVector<bool, 10> ArgAlive(FTy->getNumParams(), false);
// Construct the new parameter list from non-dead arguments. Also construct
// a new set of parameter attributes to correspond. Skip the first parameter
// attribute, since that belongs to the return value.
unsigned i = 0;
for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end();
I != E; ++I, ++i) {
RetOrArg Arg = CreateArg(F, i);
if (LiveValues.erase(Arg)) {
Params.push_back(I->getType());
ArgAlive[i] = true;
// Get the original parameter attributes (skipping the first one, that is
// for the return value.
if (Attributes Attrs = PAL.getParamAttributes(i + 1))
AttributesVec.push_back(AttributeWithIndex::get(Params.size(), Attrs));
} else {
++NumArgumentsEliminated;
DEBUG(dbgs() << "DAE - Removing argument " << i << " (" << I->getName()
<< ") from " << F->getName() << "\n");
}
}
if (FnAttrs != Attribute::None)
AttributesVec.push_back(AttributeWithIndex::get(~0, FnAttrs));
// Reconstruct the AttributesList based on the vector we constructed.
AttrListPtr NewPAL = AttrListPtr::get(AttributesVec.begin(), AttributesVec.end());
// Work around LLVM bug PR56: the CWriter cannot emit varargs functions which
// have zero fixed arguments.
//
// Note that we apply this hack for a vararg fuction that does not have any
// arguments anymore, but did have them before (so don't bother fixing
// functions that were already broken wrt CWriter).
bool ExtraArgHack = false;
if (Params.empty() && FTy->isVarArg() && FTy->getNumParams() != 0) {
ExtraArgHack = true;
Params.push_back(Type::getInt32Ty(F->getContext()));
}
// Create the new function type based on the recomputed parameters.
FunctionType *NFTy = FunctionType::get(NRetTy, Params,
FTy->isVarArg());
// No change?
if (NFTy == FTy)
return false;
// Create the new function body and insert it into the module...
Function *NF = Function::Create(NFTy, F->getLinkage());
NF->copyAttributesFrom(F);
NF->setAttributes(NewPAL);
// Insert the new function before the old function, so we won't be processing
// it again.
F->getParent()->getFunctionList().insert(F, NF);
NF->takeName(F);
// Loop over all of the callers of the function, transforming the call sites
// to pass in a smaller number of arguments into the new function.
//
std::vector<Value*> Args;
while (!F->use_empty()) {
CallSite CS = CallSite::get(F->use_back());
Instruction *Call = CS.getInstruction();
AttributesVec.clear();
const AttrListPtr &CallPAL = CS.getAttributes();
// The call return attributes.
Attributes RAttrs = CallPAL.getRetAttributes();
Attributes FnAttrs = CallPAL.getFnAttributes();
// Adjust in case the function was changed to return void.
RAttrs &= ~Attribute::typeIncompatible(NF->getReturnType());
if (RAttrs)
AttributesVec.push_back(AttributeWithIndex::get(0, RAttrs));
// Declare these outside of the loops, so we can reuse them for the second
// loop, which loops the varargs.
CallSite::arg_iterator I = CS.arg_begin();
unsigned i = 0;
// Loop over those operands, corresponding to the normal arguments to the
// original function, and add those that are still alive.
for (unsigned e = FTy->getNumParams(); i != e; ++I, ++i)
if (ArgAlive[i]) {
Args.push_back(*I);
// Get original parameter attributes, but skip return attributes.
if (Attributes Attrs = CallPAL.getParamAttributes(i + 1))
AttributesVec.push_back(AttributeWithIndex::get(Args.size(), Attrs));
}
if (ExtraArgHack)
Args.push_back(UndefValue::get(Type::getInt32Ty(F->getContext())));
// Push any varargs arguments on the list. Don't forget their attributes.
for (CallSite::arg_iterator E = CS.arg_end(); I != E; ++I, ++i) {
Args.push_back(*I);
if (Attributes Attrs = CallPAL.getParamAttributes(i + 1))
AttributesVec.push_back(AttributeWithIndex::get(Args.size(), Attrs));
}
if (FnAttrs != Attribute::None)
AttributesVec.push_back(AttributeWithIndex::get(~0, FnAttrs));
// Reconstruct the AttributesList based on the vector we constructed.
AttrListPtr NewCallPAL = AttrListPtr::get(AttributesVec.begin(),
AttributesVec.end());
Instruction *New;
if (InvokeInst *II = dyn_cast<InvokeInst>(Call)) {
New = InvokeInst::Create(NF, II->getNormalDest(), II->getUnwindDest(),
Args.begin(), Args.end(), "", Call);
cast<InvokeInst>(New)->setCallingConv(CS.getCallingConv());
cast<InvokeInst>(New)->setAttributes(NewCallPAL);
} else {
New = CallInst::Create(NF, Args.begin(), Args.end(), "", Call);
cast<CallInst>(New)->setCallingConv(CS.getCallingConv());
cast<CallInst>(New)->setAttributes(NewCallPAL);
if (cast<CallInst>(Call)->isTailCall())
cast<CallInst>(New)->setTailCall();
}
if (MDNode *N = Call->getDbgMetadata())
New->setDbgMetadata(N);
Args.clear();
if (!Call->use_empty()) {
if (New->getType() == Call->getType()) {
// Return type not changed? Just replace users then.
Call->replaceAllUsesWith(New);
New->takeName(Call);
} else if (New->getType() == Type::getVoidTy(F->getContext())) {
// Our return value has uses, but they will get removed later on.
// Replace by null for now.
Call->replaceAllUsesWith(Constant::getNullValue(Call->getType()));
} else {
assert(RetTy->isStructTy() &&
"Return type changed, but not into a void. The old return type"
" must have been a struct!");
Instruction *InsertPt = Call;
if (InvokeInst *II = dyn_cast<InvokeInst>(Call)) {
BasicBlock::iterator IP = II->getNormalDest()->begin();
while (isa<PHINode>(IP)) ++IP;
InsertPt = IP;
}
// We used to return a struct. Instead of doing smart stuff with all the
// uses of this struct, we will just rebuild it using
// extract/insertvalue chaining and let instcombine clean that up.
//
// Start out building up our return value from undef
Value *RetVal = UndefValue::get(RetTy);
for (unsigned i = 0; i != RetCount; ++i)
if (NewRetIdxs[i] != -1) {
Value *V;
if (RetTypes.size() > 1)
// We are still returning a struct, so extract the value from our
// return value
V = ExtractValueInst::Create(New, NewRetIdxs[i], "newret",
InsertPt);
else
// We are now returning a single element, so just insert that
V = New;
// Insert the value at the old position
RetVal = InsertValueInst::Create(RetVal, V, i, "oldret", InsertPt);
}
// Now, replace all uses of the old call instruction with the return
// struct we built
Call->replaceAllUsesWith(RetVal);
New->takeName(Call);
}
}
// Finally, remove the old call from the program, reducing the use-count of
// F.
Call->eraseFromParent();
}
// Since we have now created the new function, splice the body of the old
// function right into the new function, leaving the old rotting hulk of the
// function empty.
NF->getBasicBlockList().splice(NF->begin(), F->getBasicBlockList());
// Loop over the argument list, transfering uses of the old arguments over to
// the new arguments, also transfering over the names as well.
i = 0;
for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end(),
I2 = NF->arg_begin(); I != E; ++I, ++i)
if (ArgAlive[i]) {
// If this is a live argument, move the name and users over to the new
// version.
I->replaceAllUsesWith(I2);
I2->takeName(I);
++I2;
} else {
// If this argument is dead, replace any uses of it with null constants
// (these are guaranteed to become unused later on).
I->replaceAllUsesWith(Constant::getNullValue(I->getType()));
}
// If we change the return value of the function we must rewrite any return
// instructions. Check this now.
if (F->getReturnType() != NF->getReturnType())
for (Function::iterator BB = NF->begin(), E = NF->end(); BB != E; ++BB)
if (ReturnInst *RI = dyn_cast<ReturnInst>(BB->getTerminator())) {
Value *RetVal;
if (NFTy->getReturnType() == Type::getVoidTy(F->getContext())) {
RetVal = 0;
} else {
assert (RetTy->isStructTy());
// The original return value was a struct, insert
// extractvalue/insertvalue chains to extract only the values we need
// to return and insert them into our new result.
// This does generate messy code, but we'll let it to instcombine to
// clean that up.
Value *OldRet = RI->getOperand(0);
// Start out building up our return value from undef
RetVal = UndefValue::get(NRetTy);
for (unsigned i = 0; i != RetCount; ++i)
if (NewRetIdxs[i] != -1) {
ExtractValueInst *EV = ExtractValueInst::Create(OldRet, i,
"oldret", RI);
if (RetTypes.size() > 1) {
// We're still returning a struct, so reinsert the value into
// our new return value at the new index
RetVal = InsertValueInst::Create(RetVal, EV, NewRetIdxs[i],
"newret", RI);
} else {
// We are now only returning a simple value, so just return the
// extracted value.
RetVal = EV;
}
}
}
// Replace the return instruction with one returning the new return
// value (possibly 0 if we became void).
ReturnInst::Create(F->getContext(), RetVal, RI);
BB->getInstList().erase(RI);
}
// Now that the old function is dead, delete it.
F->eraseFromParent();
return true;
}
/*!
* This method identify which is value sym and which is object sym
*/
void SymbolTableInfo::buildMemModel(llvm::Module& module) {
analysisUtil::increaseStackSize();
prePassSchedule(module);
mod = &module;
maxFieldLimit = maxFieldNumLimit;
// Object #0 is black hole the object that may point to any object
assert(totalSymNum == BlackHole && "Something changed!");
symTyMap.insert(std::make_pair(totalSymNum++, BlackHole));
createBlkOrConstantObj(BlackHole);
// Object #1 always represents the constant
assert(totalSymNum == ConstantObj && "Something changed!");
symTyMap.insert(std::make_pair(totalSymNum++, ConstantObj));
createBlkOrConstantObj(ConstantObj);
// Pointer #2 always represents the pointer points-to black hole.
assert(totalSymNum == BlkPtr && "Something changed!");
symTyMap.insert(std::make_pair(totalSymNum++, BlkPtr));
// Pointer #3 always represents the null pointer.
assert(totalSymNum == NullPtr && "Something changed!");
symTyMap.insert(std::make_pair(totalSymNum, NullPtr));
// Add symbols for all the globals .
for (Module::global_iterator I = module.global_begin(), E =
module.global_end(); I != E; ++I) {
collectSym(&*I);
}
// Add symbols for all the global aliases
for (Module::alias_iterator I = module.alias_begin(), E =
module.alias_end(); I != E; I++) {
collectSym(&*I);
}
// Add symbols for all of the functions and the instructions in them.
for (Module::iterator F = module.begin(), E = module.end(); F != E; ++F) {
collectSym(&*F);
collectRet(&*F);
if (F->getFunctionType()->isVarArg())
collectVararg(&*F);
// Add symbols for all formal parameters.
for (Function::arg_iterator I = F->arg_begin(), E = F->arg_end();
I != E; ++I) {
collectSym(&*I);
}
// collect and create symbols inside the function body
for (inst_iterator II = inst_begin(&*F), E = inst_end(&*F); II != E; ++II) {
const Instruction *inst = &*II;
collectSym(inst);
// initialization for some special instructions
//{@
if (const StoreInst *st = dyn_cast<StoreInst>(inst)) {
collectSym(st->getPointerOperand());
collectSym(st->getValueOperand());
}
else if (const LoadInst *ld = dyn_cast<LoadInst>(inst)) {
collectSym(ld->getPointerOperand());
}
else if (const PHINode *phi = dyn_cast<PHINode>(inst)) {
for (u32_t i = 0; i < phi->getNumIncomingValues(); ++i) {
collectSym(phi->getIncomingValue(i));
}
}
else if (const GetElementPtrInst *gep = dyn_cast<GetElementPtrInst>(
inst)) {
collectSym(gep->getPointerOperand());
}
else if (const SelectInst *sel = dyn_cast<SelectInst>(inst)) {
collectSym(sel->getTrueValue());
collectSym(sel->getFalseValue());
}
else if (const CastInst *cast = dyn_cast<CastInst>(inst)) {
collectSym(cast->getOperand(0));
}
else if (const ReturnInst *ret = dyn_cast<ReturnInst>(inst)) {
if(ret->getReturnValue())
collectSym(ret->getReturnValue());
}
else if (isCallSite(inst) && isInstrinsicDbgInst(inst)==false) {
CallSite cs = analysisUtil::getLLVMCallSite(inst);
callSiteSet.insert(cs);
for (CallSite::arg_iterator it = cs.arg_begin();
it != cs.arg_end(); ++it) {
collectSym(*it);
}
// Calls to inline asm need to be added as well because the callee isn't
// referenced anywhere else.
const Value *Callee = cs.getCalledValue();
collectSym(Callee);
//TODO handle inlineAsm
///if (isa<InlineAsm>(Callee))
}
//@}
}
}
}
/// updateCallSites - Update all sites that call F to use NF.
CallGraphNode *SRETPromotion::updateCallSites(Function *F, Function *NF) {
CallGraph &CG = getAnalysis<CallGraph>();
SmallVector<Value*, 16> Args;
// Attributes - Keep track of the parameter attributes for the arguments.
SmallVector<AttributeWithIndex, 8> ArgAttrsVec;
// Get a new callgraph node for NF.
CallGraphNode *NF_CGN = CG.getOrInsertFunction(NF);
while (!F->use_empty()) {
CallSite CS = CallSite::get(*F->use_begin());
Instruction *Call = CS.getInstruction();
const AttrListPtr &PAL = F->getAttributes();
// Add any return attributes.
if (Attributes attrs = PAL.getRetAttributes())
ArgAttrsVec.push_back(AttributeWithIndex::get(0, attrs));
// Copy arguments, however skip first one.
CallSite::arg_iterator AI = CS.arg_begin(), AE = CS.arg_end();
Value *FirstCArg = *AI;
++AI;
// 0th parameter attribute is reserved for return type.
// 1th parameter attribute is for first 1st sret argument.
unsigned ParamIndex = 2;
while (AI != AE) {
Args.push_back(*AI);
if (Attributes Attrs = PAL.getParamAttributes(ParamIndex))
ArgAttrsVec.push_back(AttributeWithIndex::get(ParamIndex - 1, Attrs));
++ParamIndex;
++AI;
}
// Add any function attributes.
if (Attributes attrs = PAL.getFnAttributes())
ArgAttrsVec.push_back(AttributeWithIndex::get(~0, attrs));
AttrListPtr NewPAL = AttrListPtr::get(ArgAttrsVec.begin(), ArgAttrsVec.end());
// Build new call instruction.
Instruction *New;
if (InvokeInst *II = dyn_cast<InvokeInst>(Call)) {
New = InvokeInst::Create(NF, II->getNormalDest(), II->getUnwindDest(),
Args.begin(), Args.end(), "", Call);
cast<InvokeInst>(New)->setCallingConv(CS.getCallingConv());
cast<InvokeInst>(New)->setAttributes(NewPAL);
} else {
New = CallInst::Create(NF, Args.begin(), Args.end(), "", Call);
cast<CallInst>(New)->setCallingConv(CS.getCallingConv());
cast<CallInst>(New)->setAttributes(NewPAL);
if (cast<CallInst>(Call)->isTailCall())
cast<CallInst>(New)->setTailCall();
}
Args.clear();
ArgAttrsVec.clear();
New->takeName(Call);
// Update the callgraph to know that the callsite has been transformed.
CallGraphNode *CalleeNode = CG[Call->getParent()->getParent()];
CalleeNode->removeCallEdgeFor(Call);
CalleeNode->addCalledFunction(New, NF_CGN);
// Update all users of sret parameter to extract value using extractvalue.
for (Value::use_iterator UI = FirstCArg->use_begin(),
UE = FirstCArg->use_end(); UI != UE; ) {
User *U2 = *UI++;
CallInst *C2 = dyn_cast<CallInst>(U2);
if (C2 && (C2 == Call))
continue;
GetElementPtrInst *UGEP = cast<GetElementPtrInst>(U2);
ConstantInt *Idx = cast<ConstantInt>(UGEP->getOperand(2));
Value *GR = ExtractValueInst::Create(New, Idx->getZExtValue(),
"evi", UGEP);
while(!UGEP->use_empty()) {
// isSafeToUpdateAllCallers has checked that all GEP uses are
// LoadInsts
LoadInst *L = cast<LoadInst>(*UGEP->use_begin());
L->replaceAllUsesWith(GR);
L->eraseFromParent();
}
UGEP->eraseFromParent();
continue;
}
Call->eraseFromParent();
}
return NF_CGN;
}
// InlineFunction - This function inlines the called function into the basic
// block of the caller. This returns false if it is not possible to inline this
// call. The program is still in a well defined state if this occurs though.
//
// Note that this only does one level of inlining. For example, if the
// instruction 'call B' is inlined, and 'B' calls 'C', then the call to 'C' now
// exists in the instruction stream. Similiarly this will inline a recursive
// function by one level.
//
bool llvm::InlineFunction(CallSite CS, CallGraph *CG, const TargetData *TD) {
Instruction *TheCall = CS.getInstruction();
assert(TheCall->getParent() && TheCall->getParent()->getParent() &&
"Instruction not in function!");
const Function *CalledFunc = CS.getCalledFunction();
if (CalledFunc == 0 || // Can't inline external function or indirect
CalledFunc->isDeclaration() || // call, or call to a vararg function!
CalledFunc->getFunctionType()->isVarArg()) return false;
// If the call to the callee is a non-tail call, we must clear the 'tail'
// flags on any calls that we inline.
bool MustClearTailCallFlags =
isa<CallInst>(TheCall) && !cast<CallInst>(TheCall)->isTailCall();
BasicBlock *OrigBB = TheCall->getParent();
Function *Caller = OrigBB->getParent();
// Get an iterator to the last basic block in the function, which will have
// the new function inlined after it.
//
Function::iterator LastBlock = &Caller->back();
// Make sure to capture all of the return instructions from the cloned
// function.
std::vector<ReturnInst*> Returns;
ClonedCodeInfo InlinedFunctionInfo;
Function::iterator FirstNewBlock;
{ // Scope to destroy ValueMap after cloning.
DenseMap<const Value*, Value*> ValueMap;
// Calculate the vector of arguments to pass into the function cloner, which
// matches up the formal to the actual argument values.
assert(std::distance(CalledFunc->arg_begin(), CalledFunc->arg_end()) ==
std::distance(CS.arg_begin(), CS.arg_end()) &&
"No varargs calls can be inlined!");
CallSite::arg_iterator AI = CS.arg_begin();
for (Function::const_arg_iterator I = CalledFunc->arg_begin(),
E = CalledFunc->arg_end(); I != E; ++I, ++AI)
ValueMap[I] = *AI;
// We want the inliner to prune the code as it copies. We would LOVE to
// have no dead or constant instructions leftover after inlining occurs
// (which can happen, e.g., because an argument was constant), but we'll be
// happy with whatever the cloner can do.
CloneAndPruneFunctionInto(Caller, CalledFunc, ValueMap, Returns, ".i",
&InlinedFunctionInfo, TD);
// Remember the first block that is newly cloned over.
FirstNewBlock = LastBlock; ++FirstNewBlock;
// Update the callgraph if requested.
if (CG)
UpdateCallGraphAfterInlining(Caller, CalledFunc, FirstNewBlock, ValueMap,
*CG);
}
// If there are any alloca instructions in the block that used to be the entry
// block for the callee, move them to the entry block of the caller. First
// calculate which instruction they should be inserted before. We insert the
// instructions at the end of the current alloca list.
//
{
BasicBlock::iterator InsertPoint = Caller->begin()->begin();
for (BasicBlock::iterator I = FirstNewBlock->begin(),
E = FirstNewBlock->end(); I != E; )
if (AllocaInst *AI = dyn_cast<AllocaInst>(I++)) {
// If the alloca is now dead, remove it. This often occurs due to code
// specialization.
if (AI->use_empty()) {
AI->eraseFromParent();
continue;
}
if (isa<Constant>(AI->getArraySize())) {
// Scan for the block of allocas that we can move over, and move them
// all at once.
while (isa<AllocaInst>(I) &&
isa<Constant>(cast<AllocaInst>(I)->getArraySize()))
++I;
// Transfer all of the allocas over in a block. Using splice means
// that the instructions aren't removed from the symbol table, then
// reinserted.
Caller->getEntryBlock().getInstList().splice(
InsertPoint,
FirstNewBlock->getInstList(),
AI, I);
}
}
}
// If the inlined code contained dynamic alloca instructions, wrap the inlined
// code with llvm.stacksave/llvm.stackrestore intrinsics.
if (InlinedFunctionInfo.ContainsDynamicAllocas) {
Module *M = Caller->getParent();
const Type *BytePtr = PointerType::get(Type::Int8Ty);
// Get the two intrinsics we care about.
Constant *StackSave, *StackRestore;
StackSave = M->getOrInsertFunction("llvm.stacksave", BytePtr, NULL);
StackRestore = M->getOrInsertFunction("llvm.stackrestore", Type::VoidTy,
BytePtr, NULL);
// If we are preserving the callgraph, add edges to the stacksave/restore
// functions for the calls we insert.
CallGraphNode *StackSaveCGN = 0, *StackRestoreCGN = 0, *CallerNode = 0;
if (CG) {
// We know that StackSave/StackRestore are Function*'s, because they are
// intrinsics which must have the right types.
StackSaveCGN = CG->getOrInsertFunction(cast<Function>(StackSave));
StackRestoreCGN = CG->getOrInsertFunction(cast<Function>(StackRestore));
CallerNode = (*CG)[Caller];
}
// Insert the llvm.stacksave.
CallInst *SavedPtr = new CallInst(StackSave, "savedstack",
FirstNewBlock->begin());
if (CG) CallerNode->addCalledFunction(SavedPtr, StackSaveCGN);
// Insert a call to llvm.stackrestore before any return instructions in the
// inlined function.
for (unsigned i = 0, e = Returns.size(); i != e; ++i) {
CallInst *CI = new CallInst(StackRestore, SavedPtr, "", Returns[i]);
if (CG) CallerNode->addCalledFunction(CI, StackRestoreCGN);
}
// Count the number of StackRestore calls we insert.
unsigned NumStackRestores = Returns.size();
// If we are inlining an invoke instruction, insert restores before each
// unwind. These unwinds will be rewritten into branches later.
if (InlinedFunctionInfo.ContainsUnwinds && isa<InvokeInst>(TheCall)) {
for (Function::iterator BB = FirstNewBlock, E = Caller->end();
BB != E; ++BB)
if (UnwindInst *UI = dyn_cast<UnwindInst>(BB->getTerminator())) {
new CallInst(StackRestore, SavedPtr, "", UI);
++NumStackRestores;
}
}
}
// If we are inlining tail call instruction through a call site that isn't
// marked 'tail', we must remove the tail marker for any calls in the inlined
// code.
if (MustClearTailCallFlags && InlinedFunctionInfo.ContainsCalls) {
for (Function::iterator BB = FirstNewBlock, E = Caller->end();
BB != E; ++BB)
for (BasicBlock::iterator I = BB->begin(), E = BB->end(); I != E; ++I)
if (CallInst *CI = dyn_cast<CallInst>(I))
CI->setTailCall(false);
}
// If we are inlining for an invoke instruction, we must make sure to rewrite
// any inlined 'unwind' instructions into branches to the invoke exception
// destination, and call instructions into invoke instructions.
if (InvokeInst *II = dyn_cast<InvokeInst>(TheCall))
HandleInlinedInvoke(II, FirstNewBlock, InlinedFunctionInfo);
// If we cloned in _exactly one_ basic block, and if that block ends in a
// return instruction, we splice the body of the inlined callee directly into
// the calling basic block.
if (Returns.size() == 1 && std::distance(FirstNewBlock, Caller->end()) == 1) {
// Move all of the instructions right before the call.
OrigBB->getInstList().splice(TheCall, FirstNewBlock->getInstList(),
FirstNewBlock->begin(), FirstNewBlock->end());
// Remove the cloned basic block.
Caller->getBasicBlockList().pop_back();
// If the call site was an invoke instruction, add a branch to the normal
// destination.
if (InvokeInst *II = dyn_cast<InvokeInst>(TheCall))
new BranchInst(II->getNormalDest(), TheCall);
// If the return instruction returned a value, replace uses of the call with
// uses of the returned value.
if (!TheCall->use_empty())
TheCall->replaceAllUsesWith(Returns[0]->getReturnValue());
// Since we are now done with the Call/Invoke, we can delete it.
TheCall->getParent()->getInstList().erase(TheCall);
// Since we are now done with the return instruction, delete it also.
Returns[0]->getParent()->getInstList().erase(Returns[0]);
// We are now done with the inlining.
return true;
}
// Otherwise, we have the normal case, of more than one block to inline or
// multiple return sites.
// We want to clone the entire callee function into the hole between the
// "starter" and "ender" blocks. How we accomplish this depends on whether
// this is an invoke instruction or a call instruction.
BasicBlock *AfterCallBB;
if (InvokeInst *II = dyn_cast<InvokeInst>(TheCall)) {
// Add an unconditional branch to make this look like the CallInst case...
BranchInst *NewBr = new BranchInst(II->getNormalDest(), TheCall);
// Split the basic block. This guarantees that no PHI nodes will have to be
// updated due to new incoming edges, and make the invoke case more
// symmetric to the call case.
AfterCallBB = OrigBB->splitBasicBlock(NewBr,
CalledFunc->getName()+".exit");
} else { // It's a call
// If this is a call instruction, we need to split the basic block that
// the call lives in.
//
AfterCallBB = OrigBB->splitBasicBlock(TheCall,
CalledFunc->getName()+".exit");
}
// Change the branch that used to go to AfterCallBB to branch to the first
// basic block of the inlined function.
//
TerminatorInst *Br = OrigBB->getTerminator();
assert(Br && Br->getOpcode() == Instruction::Br &&
"splitBasicBlock broken!");
Br->setOperand(0, FirstNewBlock);
// Now that the function is correct, make it a little bit nicer. In
// particular, move the basic blocks inserted from the end of the function
// into the space made by splitting the source basic block.
//
Caller->getBasicBlockList().splice(AfterCallBB, Caller->getBasicBlockList(),
FirstNewBlock, Caller->end());
// Handle all of the return instructions that we just cloned in, and eliminate
// any users of the original call/invoke instruction.
if (Returns.size() > 1) {
// The PHI node should go at the front of the new basic block to merge all
// possible incoming values.
//
PHINode *PHI = 0;
if (!TheCall->use_empty()) {
PHI = new PHINode(CalledFunc->getReturnType(),
TheCall->getName(), AfterCallBB->begin());
// Anything that used the result of the function call should now use the
// PHI node as their operand.
//
TheCall->replaceAllUsesWith(PHI);
}
// Loop over all of the return instructions, turning them into unconditional
// branches to the merge point now, and adding entries to the PHI node as
// appropriate.
for (unsigned i = 0, e = Returns.size(); i != e; ++i) {
ReturnInst *RI = Returns[i];
if (PHI) {
assert(RI->getReturnValue() && "Ret should have value!");
assert(RI->getReturnValue()->getType() == PHI->getType() &&
"Ret value not consistent in function!");
PHI->addIncoming(RI->getReturnValue(), RI->getParent());
}
// Add a branch to the merge point where the PHI node lives if it exists.
new BranchInst(AfterCallBB, RI);
// Delete the return instruction now
RI->getParent()->getInstList().erase(RI);
}
} else if (!Returns.empty()) {
// Otherwise, if there is exactly one return value, just replace anything
// using the return value of the call with the computed value.
if (!TheCall->use_empty())
TheCall->replaceAllUsesWith(Returns[0]->getReturnValue());
// Splice the code from the return block into the block that it will return
// to, which contains the code that was after the call.
BasicBlock *ReturnBB = Returns[0]->getParent();
AfterCallBB->getInstList().splice(AfterCallBB->begin(),
ReturnBB->getInstList());
// Update PHI nodes that use the ReturnBB to use the AfterCallBB.
ReturnBB->replaceAllUsesWith(AfterCallBB);
// Delete the return instruction now and empty ReturnBB now.
Returns[0]->eraseFromParent();
ReturnBB->eraseFromParent();
} else if (!TheCall->use_empty()) {
// No returns, but something is using the return value of the call. Just
// nuke the result.
TheCall->replaceAllUsesWith(UndefValue::get(TheCall->getType()));
}
// Since we are now done with the Call/Invoke, we can delete it.
TheCall->eraseFromParent();
// We should always be able to fold the entry block of the function into the
// single predecessor of the block...
assert(cast<BranchInst>(Br)->isUnconditional() && "splitBasicBlock broken!");
BasicBlock *CalleeEntry = cast<BranchInst>(Br)->getSuccessor(0);
// Splice the code entry block into calling block, right before the
// unconditional branch.
OrigBB->getInstList().splice(Br, CalleeEntry->getInstList());
CalleeEntry->replaceAllUsesWith(OrigBB); // Update PHI nodes
// Remove the unconditional branch.
OrigBB->getInstList().erase(Br);
// Now we can remove the CalleeEntry block, which is now empty.
Caller->getBasicBlockList().erase(CalleeEntry);
return true;
}
//
// Method: visitCallocCall()
//
// Description:
// Transform a call to calloc() to use a pool-allocation version of calloc.
// We do this because pool_calloc() must check for a NULL return value before
// zeroing out the memory.
//
void
FuncTransform::visitCallocCall (CallSite CS) {
//
// Ensure that the calloc call has the correct number of arugments.
//
assert(CS.arg_end()-CS.arg_begin() == 2 && "calloc takes two arguments!");
//
// Ensure that the new instruction has the same name as the old one. This is
// done by removing the name of the old instruction.
//
Instruction * I = CS.getInstruction();
std::string Name = I->getName(); I->setName("");
Type* Int32Type = Type::getInt32Ty(CS.getInstruction()->getContext());
// FIXME: Ensure that we use 32/64-bit object length sizes consistently
// FIXME: Introduce 'ObjectAllocationSize' variable
// or similar instead of repeatedly using same expression
Value *V1 = CS.getArgument(0);
Value *V2 = CS.getArgument(1);
V1 = CastInst::CreateIntegerCast(V1, Int32Type, false, V1->getName(), I);
V2 = CastInst::CreateIntegerCast(V2, Int32Type, false, V2->getName(), I);
// Get the pool handle--
// Do not change the instruction into a poolalloc() call unless we have a
// real pool descriptor
Value *PH = getPoolHandle(CS.getInstruction());
if (PH == 0 || isa<ConstantPointerNull>(PH))
return;
//
// Create call to poolcalloc, and record the use of the pool
//
Value* Opts[3] = {PH, V1, V2};
Instruction *V = CallInst::Create(PAInfo.PoolCalloc, Opts, Name, I);
AddPoolUse(*V, PH, PoolUses);
// Cast to the appropriate type if necessary
// FIXME: Make use of "castTo" utility function
Instruction *Casted = V;
if (V->getType() != I->getType())
Casted = CastInst::CreatePointerCast(V, I->getType(), V->getName(), I);
// Update def-use info
I->replaceAllUsesWith(Casted);
// If we are modifying the original function, update the DSGraph.
if (!FI.Clone) {
// V and Casted now point to whatever the original allocation did.
G->getScalarMap().replaceScalar(I, V);
if (V != Casted)
G->getScalarMap()[Casted] = G->getScalarMap()[V];
} else { // Otherwise, update the NewToOldValueMap
UpdateNewToOldValueMap(I, V, V != Casted ? Casted : 0);
}
// If this was an invoke, fix up the CFG.
if (InvokeInst *II = dyn_cast<InvokeInst>(I)) {
// FIXME: Assert out since we potentially don't handle "invoke" correctly
BranchInst::Create (II->getNormalDest(), I);
II->getUnwindDest()->removePredecessor(II->getParent(), true);
}
// Remove old allocation instruction.
I->eraseFromParent();
return;
}
// getInlineCost - The heuristic used to determine if we should inline the
// function call or not.
//
InlineCost InlineCostAnalyzer::getInlineCost(CallSite CS,
SmallPtrSet<const Function *, 16> &NeverInline) {
Instruction *TheCall = CS.getInstruction();
Function *Callee = CS.getCalledFunction();
Function *Caller = TheCall->getParent()->getParent();
// Don't inline functions which can be redefined at link-time to mean
// something else.
if (Callee->mayBeOverridden() ||
// Don't inline functions marked noinline.
Callee->hasFnAttr(Attribute::NoInline) || NeverInline.count(Callee))
return llvm::InlineCost::getNever();
// InlineCost - This value measures how good of an inline candidate this call
// site is to inline. A lower inline cost make is more likely for the call to
// be inlined. This value may go negative.
//
int InlineCost = 0;
// If there is only one call of the function, and it has internal linkage,
// make it almost guaranteed to be inlined.
//
if (Callee->hasLocalLinkage() && Callee->hasOneUse())
InlineCost -= 15000;
// If this function uses the coldcc calling convention, prefer not to inline
// it.
if (Callee->getCallingConv() == CallingConv::Cold)
InlineCost += 2000;
// If the instruction after the call, or if the normal destination of the
// invoke is an unreachable instruction, the function is noreturn. As such,
// there is little point in inlining this.
if (InvokeInst *II = dyn_cast<InvokeInst>(TheCall)) {
if (isa<UnreachableInst>(II->getNormalDest()->begin()))
InlineCost += 10000;
} else if (isa<UnreachableInst>(++BasicBlock::iterator(TheCall)))
InlineCost += 10000;
// Get information about the callee...
FunctionInfo &CalleeFI = CachedFunctionInfo[Callee];
// If we haven't calculated this information yet, do so now.
if (CalleeFI.NumBlocks == 0)
CalleeFI.analyzeFunction(Callee);
// If we should never inline this, return a huge cost.
if (CalleeFI.NeverInline)
return InlineCost::getNever();
// FIXME: It would be nice to kill off CalleeFI.NeverInline. Then we
// could move this up and avoid computing the FunctionInfo for
// things we are going to just return always inline for. This
// requires handling setjmp somewhere else, however.
if (!Callee->isDeclaration() && Callee->hasFnAttr(Attribute::AlwaysInline))
return InlineCost::getAlways();
if (CalleeFI.usesDynamicAlloca) {
// Get infomation about the caller...
FunctionInfo &CallerFI = CachedFunctionInfo[Caller];
// If we haven't calculated this information yet, do so now.
if (CallerFI.NumBlocks == 0)
CallerFI.analyzeFunction(Caller);
// Don't inline a callee with dynamic alloca into a caller without them.
// Functions containing dynamic alloca's are inefficient in various ways;
// don't create more inefficiency.
if (!CallerFI.usesDynamicAlloca)
return InlineCost::getNever();
}
// Add to the inline quality for properties that make the call valuable to
// inline. This includes factors that indicate that the result of inlining
// the function will be optimizable. Currently this just looks at arguments
// passed into the function.
//
unsigned ArgNo = 0;
for (CallSite::arg_iterator I = CS.arg_begin(), E = CS.arg_end();
I != E; ++I, ++ArgNo) {
// Each argument passed in has a cost at both the caller and the callee
// sides. This favors functions that take many arguments over functions
// that take few arguments.
InlineCost -= 20;
// If this is a function being passed in, it is very likely that we will be
// able to turn an indirect function call into a direct function call.
if (isa<Function>(I))
InlineCost -= 100;
// If an alloca is passed in, inlining this function is likely to allow
// significant future optimization possibilities (like scalar promotion, and
// scalarization), so encourage the inlining of the function.
//
else if (isa<AllocaInst>(I)) {
if (ArgNo < CalleeFI.ArgumentWeights.size())
InlineCost -= CalleeFI.ArgumentWeights[ArgNo].AllocaWeight;
// If this is a constant being passed into the function, use the argument
// weights calculated for the callee to determine how much will be folded
// away with this information.
} else if (isa<Constant>(I)) {
if (ArgNo < CalleeFI.ArgumentWeights.size())
InlineCost -= CalleeFI.ArgumentWeights[ArgNo].ConstantWeight;
}
}
// Now that we have considered all of the factors that make the call site more
// likely to be inlined, look at factors that make us not want to inline it.
// Don't inline into something too big, which would make it bigger.
//
InlineCost += Caller->size()/15;
// Look at the size of the callee. Each instruction counts as 5.
InlineCost += CalleeFI.NumInsts*5;
return llvm::InlineCost::get(InlineCost);
}
void Lint::visitCallSite(CallSite CS) {
Instruction &I = *CS.getInstruction();
Value *Callee = CS.getCalledValue();
// TODO: Check function alignment?
visitMemoryReference(I, Callee, 0, 0);
if (Function *F = dyn_cast<Function>(Callee->stripPointerCasts())) {
Assert1(CS.getCallingConv() == F->getCallingConv(),
"Undefined behavior: Caller and callee calling convention differ",
&I);
const FunctionType *FT = F->getFunctionType();
unsigned NumActualArgs = unsigned(CS.arg_end()-CS.arg_begin());
Assert1(FT->isVarArg() ?
FT->getNumParams() <= NumActualArgs :
FT->getNumParams() == NumActualArgs,
"Undefined behavior: Call argument count mismatches callee "
"argument count", &I);
// TODO: Check argument types (in case the callee was casted)
// TODO: Check ABI-significant attributes.
// TODO: Check noalias attribute.
// TODO: Check sret attribute.
}
// TODO: Check the "tail" keyword constraints.
if (IntrinsicInst *II = dyn_cast<IntrinsicInst>(&I))
switch (II->getIntrinsicID()) {
default: break;
// TODO: Check more intrinsics
case Intrinsic::memcpy: {
MemCpyInst *MCI = cast<MemCpyInst>(&I);
visitMemoryReference(I, MCI->getSource(), MCI->getAlignment(), 0);
visitMemoryReference(I, MCI->getDest(), MCI->getAlignment(), 0);
// Check that the memcpy arguments don't overlap. The AliasAnalysis API
// isn't expressive enough for what we really want to do. Known partial
// overlap is not distinguished from the case where nothing is known.
unsigned Size = 0;
if (const ConstantInt *Len =
dyn_cast<ConstantInt>(MCI->getLength()->stripPointerCasts()))
if (Len->getValue().isIntN(32))
Size = Len->getValue().getZExtValue();
Assert1(AA->alias(MCI->getSource(), Size, MCI->getDest(), Size) !=
AliasAnalysis::MustAlias,
"Undefined behavior: memcpy source and destination overlap", &I);
break;
}
case Intrinsic::memmove: {
MemMoveInst *MMI = cast<MemMoveInst>(&I);
visitMemoryReference(I, MMI->getSource(), MMI->getAlignment(), 0);
visitMemoryReference(I, MMI->getDest(), MMI->getAlignment(), 0);
break;
}
case Intrinsic::memset: {
MemSetInst *MSI = cast<MemSetInst>(&I);
visitMemoryReference(I, MSI->getDest(), MSI->getAlignment(), 0);
break;
}
case Intrinsic::vastart:
Assert1(I.getParent()->getParent()->isVarArg(),
"Undefined behavior: va_start called in a non-varargs function",
&I);
visitMemoryReference(I, CS.getArgument(0), 0, 0);
break;
case Intrinsic::vacopy:
visitMemoryReference(I, CS.getArgument(0), 0, 0);
visitMemoryReference(I, CS.getArgument(1), 0, 0);
break;
case Intrinsic::vaend:
visitMemoryReference(I, CS.getArgument(0), 0, 0);
break;
case Intrinsic::stackrestore:
visitMemoryReference(I, CS.getArgument(0), 0, 0);
break;
}
}
//
// Method: visitCallSite()
//
// Description:
// This method transforms a call site. A call site may either be a call
// instruction or an invoke instruction.
//
// Inputs:
// CS - The call site representing the instruction that should be transformed.
//
void FuncTransform::visitCallSite(CallSite& CS) {
const Function *CF = CS.getCalledFunction();
Instruction *TheCall = CS.getInstruction();
bool thread_creation_point = false;
//
// Get the value that is called at this call site. Strip away any pointer
// casts that do not change the representation of the data (i.e., are
// lossless casts).
//
Value * CalledValue = CS.getCalledValue()->stripPointerCasts();
//
// The CallSite::getCalledFunction() method is not guaranteed to strip off
// pointer casts. If no called function was found, manually strip pointer
// casts off of the called value and see if we get a function. If so, this
// is a direct call, and we want to update CF accordingly.
//
if (!CF) CF = dyn_cast<Function>(CalledValue);
//
// Do not change any inline assembly code.
//
if (isa<InlineAsm>(TheCall->getOperand(0))) {
errs() << "INLINE ASM: ignoring. Hoping that's safe.\n";
return;
}
//
// Ignore calls to NULL pointers or undefined values.
//
if ((isa<ConstantPointerNull>(CalledValue)) ||
(isa<UndefValue>(CalledValue))) {
errs() << "WARNING: Ignoring call using NULL/Undef function pointer.\n";
return;
}
// If this function is one of the memory manipulating functions built into
// libc, emulate it with pool calls as appropriate.
if (CF && CF->isDeclaration()) {
std::string Name = CF->getName();
if (Name == "free" || Name == "cfree") {
visitFreeCall(CS);
return;
} else if (Name == "malloc") {
visitMallocCall(CS);
return;
} else if (Name == "calloc") {
visitCallocCall(CS);
return;
} else if (Name == "realloc") {
visitReallocCall(CS);
return;
} else if (Name == "memalign" || Name == "posix_memalign") {
visitMemAlignCall(CS);
return;
} else if (Name == "strdup") {
visitStrdupCall(CS);
return;
} else if (Name == "valloc") {
errs() << "VALLOC USED BUT NOT HANDLED!\n";
abort();
} else if (unsigned PoolArgc = PAInfo.getNumInitialPoolArguments(Name)) {
visitRuntimeCheck(CS, PoolArgc);
return;
} else if (Name == "pthread_create") {
thread_creation_point = true;
//
// Get DSNode representing the DSNode of the function pointer Value of
// the pthread_create call
//
DSNode* thread_callee_node = G->getNodeForValue(CS.getArgument(2)).getNode();
if (!thread_callee_node) {
assert(0 && "apparently you need this code");
FuncInfo *CFI = PAInfo.getFuncInfo(*CF);
thread_callee_node = G->getNodeForValue(CFI->MapValueToOriginal(CS.getArgument(2))).getNode();
}
// Fill in CF with the name of one of the functions in thread_callee_node
CF = const_cast<Function*>(dyn_cast<Function>(*thread_callee_node->globals_begin()));
}
}
//
// We need to figure out which local pool descriptors correspond to the pool
// descriptor arguments passed into the function call. Calculate a mapping
// from callee DSNodes to caller DSNodes. We construct a partial isomophism
// between the graphs to figure out which pool descriptors need to be passed
// in. The roots of this mapping is found from arguments and return values.
//
DataStructures& Graphs = PAInfo.getGraphs();
DSGraph::NodeMapTy NodeMapping;
Instruction *NewCall;
Value *NewCallee;
std::vector<const DSNode*> ArgNodes;
DSGraph *CalleeGraph; // The callee graph
// For indirect callees, find any callee since all DS graphs have been
// merged.
if (CF) { // Direct calls are nice and simple.
DEBUG(errs() << " Handling direct call: " << *TheCall << "\n");
//
// Do not try to add pool handles to the function if it:
// a) Already calls a cloned function; or
// b) Calls a function which was never cloned.
//
// For such a call, just replace any arguments that take original functions
// with their cloned function poiner values.
//
FuncInfo *CFI = PAInfo.getFuncInfo(*CF);
if (CFI == 0 || CFI->Clone == 0) { // Nothing to transform...
visitInstruction(*TheCall);
return;
}
//
// Oh, dear. We must add pool descriptors to this direct call.
//
NewCallee = CFI->Clone;
ArgNodes = CFI->ArgNodes;
assert ((Graphs.hasDSGraph (*CF)) && "Function has no ECGraph!\n");
CalleeGraph = Graphs.getDSGraph(*CF);
} else {
DEBUG(errs() << " Handling indirect call: " << *TheCall << "\n");
DSGraph *G = Graphs.getGlobalsGraph();
DSGraph::ScalarMapTy& SM = G->getScalarMap();
// Here we fill in CF with one of the possible called functions. Because we
// merged together all of the arguments to all of the functions in the
// equivalence set, it doesn't really matter which one we pick.
// (If the function was cloned, we have to map the cloned call instruction
// in CS back to the original call instruction.)
Instruction *OrigInst =
cast<Instruction>(getOldValueIfAvailable(CS.getInstruction()));
//
// Attempt to get one of the function targets of this indirect call site by
// looking at the call graph constructed by the points-to analysis. Be
// sure to use the original call site from the original function; the
// points-to analysis has no information on the clones we've created.
//
// Also, look for the target that has the greatest number of arguments that
// have associated DSNodes. This ensures that we pass the maximum number
// of pools possible and prevents us from eliding a pool because we're
// examining a target that doesn't need it.
//
const DSCallGraph & callGraph = Graphs.getCallGraph();
DSCallGraph::callee_iterator I = callGraph.callee_begin(OrigInst);
for (; I != callGraph.callee_end(OrigInst); ++I) {
for(DSCallGraph::scc_iterator sccii = callGraph.scc_begin(*I),
sccee = callGraph.scc_end(*I); sccii != sccee; ++sccii){
if(SM.find(SM.getLeaderForGlobal(*sccii)) == SM.end())
continue;
//
// Get the information for this function. Since this is coming from
// DSA, it should be an original function.
//
// This call site calls a function, that is not defined in this module
if (!(Graphs.hasDSGraph(**sccii))) return;
// For all other cases Func Info must exist.
PAInfo.getFuncInfo(**sccii);
//
// If this target takes more DSNodes than the last one we found, then
// make *this* target our canonical target.
//
CF = *sccii;
break;
}
}
if(!CF){
const Function *F1 = OrigInst->getParent()->getParent();
F1 = callGraph.sccLeader(&*F1);
for(DSCallGraph::scc_iterator sccii = callGraph.scc_begin(F1),
sccee = callGraph.scc_end(F1); sccii != sccee; ++sccii){
if(SM.find(SM.getLeaderForGlobal(*sccii)) == SM.end())
continue;
//
// Get the information for this function. Since this is coming from DSA,
// it should be an original function.
//
// This call site calls a function, that is not defined in this module
if (!(Graphs.hasDSGraph(**sccii))) return;
// For all other cases Func Info must exist.
PAInfo.getFuncInfo(**sccii);
//
// If this target takes more DSNodes than the last one we found, then
// make *this* target our canonical target.
//
CF = *sccii;
}
}
// Assuming the call graph is always correct. And if the call graph reports,
// no callees, we can assume that it is right.
//
// If we didn't find the callee in the constructed call graph, try
// checking in the DSNode itself.
// This isn't ideal as it means that this call site didn't have inlining
// happen.
//
//
// If we still haven't been able to find a target function of the call site
// to transform, do nothing.
//
// One may be tempted to think that we should always have at least one
// target, but this is not true. There are perfectly acceptable (but
// strange) programs for which no function targets exist. Function
// pointers loaded from undef values, for example, will have no targets.
//
if (!CF) return;
//
// It's possible that this program has indirect call targets that are
// not defined in this module. Do not transformation for such functions.
//
if (!(Graphs.hasDSGraph(*CF))) return;
//
// Get the common graph for the set of functions this call may invoke.
//
assert ((Graphs.hasDSGraph(*CF)) && "Function has no DSGraph!\n");
CalleeGraph = Graphs.getDSGraph(*CF);
#ifndef NDEBUG
// Verify that all potential callees at call site have the same DS graph.
DSCallGraph::callee_iterator E = Graphs.getCallGraph().callee_end(OrigInst);
for (; I != E; ++I) {
const Function * F = *I;
assert (F);
if (!(F)->isDeclaration())
assert(CalleeGraph == Graphs.getDSGraph(**I) &&
"Callees at call site do not have a common graph!");
}
#endif
// Find the DS nodes for the arguments that need to be added, if any.
FuncInfo *CFI = PAInfo.getFuncInfo(*CF);
assert(CFI && "No function info for callee at indirect call?");
ArgNodes = CFI->ArgNodes;
if (ArgNodes.empty())
return; // No arguments to add? Transformation is a noop!
// Cast the function pointer to an appropriate type!
std::vector<Type*> ArgTys(ArgNodes.size(),
PoolAllocate::PoolDescPtrTy);
for (CallSite::arg_iterator I = CS.arg_begin(), E = CS.arg_end();
I != E; ++I)
ArgTys.push_back((*I)->getType());
FunctionType *FTy = FunctionType::get(TheCall->getType(), ArgTys, false);
PointerType *PFTy = PointerType::getUnqual(FTy);
// If there are any pool arguments cast the func ptr to the right type.
NewCallee = CastInst::CreatePointerCast(CS.getCalledValue(), PFTy, "tmp", TheCall);
}
//
// FIXME: Why do we disable strict checking when calling the
// DSGraph::computeNodeMapping() method?
//
Function::const_arg_iterator FAI = CF->arg_begin(), E = CF->arg_end();
CallSite::arg_iterator AI = CS.arg_begin() + (thread_creation_point ? 3 : 0);
CallSite::arg_iterator AE = CS.arg_end();
for ( ; FAI != E && AI != AE; ++FAI, ++AI)
if (!isa<Constant>(*AI)) {
DSGraph::computeNodeMapping(CalleeGraph->getNodeForValue(FAI),
getDSNodeHFor(*AI), NodeMapping, false);
}
//assert(AI == AE && "Varargs calls not handled yet!");
// Map the return value as well...
if (isa<PointerType>(TheCall->getType()))
DSGraph::computeNodeMapping(CalleeGraph->getReturnNodeFor(*CF),
getDSNodeHFor(TheCall), NodeMapping, false);
// This code seems redundant (and crashes occasionally)
// There is no reason to map globals here, since they are not passed as
// arguments
// // Map the nodes that are pointed to by globals.
// DSScalarMap &CalleeSM = CalleeGraph->getScalarMap();
// for (DSScalarMap::global_iterator GI = G.getScalarMap().global_begin(),
// E = G.getScalarMap().global_end(); GI != E; ++GI)
// if (CalleeSM.count(*GI))
// DSGraph::computeNodeMapping(CalleeGraph->getNodeForValue(*GI),
// getDSNodeHFor(*GI),
// NodeMapping, false);
//
// Okay, now that we have established our mapping, we can figure out which
// pool descriptors to pass in...
//
// Note:
// There used to be code here that would create a new pool before the
// function call and destroy it after the function call. This could would
// get triggered if bounds checking was disbled or the DSNode for the
// argument was an array value.
//
// I believe that code was incorrect; an argument may have a NULL pool handle
// (i.e., no pool handle) because the pool allocation heuristic used simply
// decided not to assign that value a pool. The argument may alias data
// that should not be freed after the function call is complete, so calling
// pooldestroy() after the call would free data, causing dangling pointer
// dereference errors.
//
std::vector<Value*> Args;
for (unsigned i = 0, e = ArgNodes.size(); i != e; ++i) {
Value *ArgVal = Constant::getNullValue(PoolAllocate::PoolDescPtrTy);
if (NodeMapping.count(ArgNodes[i])) {
if (DSNode *LocalNode = NodeMapping[ArgNodes[i]].getNode())
if (FI.PoolDescriptors.count(LocalNode))
ArgVal = FI.PoolDescriptors.find(LocalNode)->second;
}
Args.push_back(ArgVal);
}
// Add the rest of the arguments unless we're a thread creation point, in which case we only need the pools
if(!thread_creation_point)
Args.insert(Args.end(), CS.arg_begin(), CS.arg_end());
//
// There are circumstances where a function is casted to another type and
// then called (que horible). We need to perform a similar cast if the
// type doesn't match the number of arguments.
//
if (Function * NewFunction = dyn_cast<Function>(NewCallee)) {
FunctionType * NewCalleeType = NewFunction->getFunctionType();
if (NewCalleeType->getNumParams() != Args.size()) {
std::vector<Type *> Types;
Type * FuncTy = FunctionType::get (NewCalleeType->getReturnType(),
Types,
true);
FuncTy = PointerType::getUnqual (FuncTy);
NewCallee = new BitCastInst (NewCallee, FuncTy, "", TheCall);
}
}
std::string Name = TheCall->getName(); TheCall->setName("");
if(thread_creation_point) {
Module *M = CS.getInstruction()->getParent()->getParent()->getParent();
Value* pthread_replacement = M->getFunction("poolalloc_pthread_create");
std::vector<Value*> thread_args;
//Push back original thread arguments through the callee
thread_args.push_back(CS.getArgument(0));
thread_args.push_back(CS.getArgument(1));
thread_args.push_back(CS.getArgument(2));
//Push back the integer argument saying how many uses there are
thread_args.push_back(Constant::getIntegerValue(llvm::Type::getInt32Ty(M->getContext()),APInt(32,Args.size())));
thread_args.insert(thread_args.end(),Args.begin(),Args.end());
thread_args.push_back(CS.getArgument(3));
//Make the thread creation call
NewCall = CallInst::Create(pthread_replacement,
thread_args,
Name,TheCall);
}
else if (InvokeInst *II = dyn_cast<InvokeInst>(TheCall)) {
NewCall = InvokeInst::Create (NewCallee, II->getNormalDest(),
II->getUnwindDest(),
Args, Name, TheCall);
} else {
NewCall = CallInst::Create (NewCallee, Args, Name,
TheCall);
}
// Add all of the uses of the pool descriptor
for (unsigned i = 0, e = ArgNodes.size(); i != e; ++i)
AddPoolUse(*NewCall, Args[i], PoolUses);
TheCall->replaceAllUsesWith(NewCall);
DEBUG(errs() << " Result Call: " << *NewCall << "\n");
if (!TheCall->getType()->isVoidTy()) {
// If we are modifying the original function, update the DSGraph...
DSGraph::ScalarMapTy &SM = G->getScalarMap();
DSGraph::ScalarMapTy::iterator CII = SM.find(TheCall);
if (CII != SM.end()) {
SM[NewCall] = CII->second;
SM.erase(CII); // Destroy the CallInst
} else if (!FI.NewToOldValueMap.empty()) {
// Otherwise, if this is a clone, update the NewToOldValueMap with the new
// CI return value.
UpdateNewToOldValueMap(TheCall, NewCall);
}
} else if (!FI.NewToOldValueMap.empty()) {
UpdateNewToOldValueMap(TheCall, NewCall);
}
//
// Copy over the calling convention and attributes of the original call
// instruction to the new call instruction.
//
CallSite(NewCall).setCallingConv(CallSite(TheCall).getCallingConv());
TheCall->eraseFromParent();
visitInstruction(*NewCall);
}
void GraphBuilder::visitCallSite(CallSite CS) {
//
// Get the called value. Strip off any casts which are lossless.
//
Value *Callee = CS.getCalledValue()->stripPointerCasts();
// Special case handling of certain libc allocation functions here.
if (Function *F = dyn_cast<Function>(Callee))
if (F->isIntrinsic() && visitIntrinsic(CS, F))
return;
//Can't do much about inline asm (yet!)
if (isa<InlineAsm> (Callee)) {
++NumAsmCall;
DSNodeHandle RetVal;
Instruction *I = CS.getInstruction();
if (isa<PointerType > (I->getType()))
RetVal = getValueDest(I);
// Calculate the arguments vector...
for (CallSite::arg_iterator I = CS.arg_begin(), E = CS.arg_end(); I != E; ++I)
if (isa<PointerType > ((*I)->getType()))
RetVal.mergeWith(getValueDest(*I));
if (!RetVal.isNull())
RetVal.getNode()->foldNodeCompletely();
return;
}
// Set up the return value...
DSNodeHandle RetVal;
Instruction *I = CS.getInstruction();
if (isa<PointerType>(I->getType()))
RetVal = getValueDest(I);
DSNode *CalleeNode = 0;
if (!isa<Function>(Callee)) {
CalleeNode = getValueDest(Callee).getNode();
if (CalleeNode == 0) {
DEBUG(errs() << "WARNING: Program is calling through a null pointer?\n" << *I);
return; // Calling a null pointer?
}
}
// NOTE: This code is identical to 'DSGraph::getDSCallSiteForCallSite',
// the reason it's duplicated is because this calls getValueDest instead
// of getNodeForValue to get the DSNodes for the arguments. Since we're in
// local it's possible that we need to create a DSNode for the argument, as
// opposed to getNodeForValue which simply retrieves the existing node.
//Get the FunctionType for the called function
const FunctionType *CalleeFuncType = DSCallSite::FunctionTypeOfCallSite(CS);
int NumFixedArgs = CalleeFuncType->getNumParams();
// Sanity check--this really, really shouldn't happen
if (!CalleeFuncType->isVarArg())
assert(CS.arg_size() == static_cast<unsigned>(NumFixedArgs) &&
"Too many arguments/incorrect function signature!");
std::vector<DSNodeHandle> Args;
Args.reserve(CS.arg_end()-CS.arg_begin());
DSNodeHandle VarArgNH;
// Calculate the arguments vector...
// Add all fixed pointer arguments, then merge the rest together
for (CallSite::arg_iterator I = CS.arg_begin(), E = CS.arg_end();
I != E; ++I)
if (isa<PointerType>((*I)->getType())) {
DSNodeHandle ArgNode = getValueDest(*I);
if (I - CS.arg_begin() < NumFixedArgs) {
Args.push_back(ArgNode);
} else {
VarArgNH.mergeWith(ArgNode);
}
}
// Add a new function call entry...
if (CalleeNode) {
++NumIndirectCall;
G.getFunctionCalls().push_back(DSCallSite(CS, RetVal, VarArgNH, CalleeNode,
Args));
} else {
++NumDirectCall;
G.getFunctionCalls().push_back(DSCallSite(CS, RetVal, VarArgNH,
cast<Function>(Callee),
Args));
}
}
