1 //===- MemCpyOptimizer.cpp - Optimize use of memcpy and friends -----------===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This pass performs various transformations related to eliminating memcpy 11 // calls, or transforming sets of stores into memset's. 12 // 13 //===----------------------------------------------------------------------===// 14 15 #define DEBUG_TYPE "memcpyopt" 16 #include "llvm/Transforms/Scalar.h" 17 #include "llvm/GlobalVariable.h" 18 #include "llvm/IntrinsicInst.h" 19 #include "llvm/Instructions.h" 20 #include "llvm/ADT/SmallVector.h" 21 #include "llvm/ADT/Statistic.h" 22 #include "llvm/Analysis/Dominators.h" 23 #include "llvm/Analysis/AliasAnalysis.h" 24 #include "llvm/Analysis/MemoryDependenceAnalysis.h" 25 #include "llvm/Analysis/ValueTracking.h" 26 #include "llvm/Transforms/Utils/Local.h" 27 #include "llvm/Support/Debug.h" 28 #include "llvm/Support/GetElementPtrTypeIterator.h" 29 #include "llvm/Support/IRBuilder.h" 30 #include "llvm/Support/raw_ostream.h" 31 #include "llvm/Target/TargetData.h" 32 #include "llvm/Target/TargetLibraryInfo.h" 33 #include <list> 34 using namespace llvm; 35 36 STATISTIC(NumMemCpyInstr, "Number of memcpy instructions deleted"); 37 STATISTIC(NumMemSetInfer, "Number of memsets inferred"); 38 STATISTIC(NumMoveToCpy, "Number of memmoves converted to memcpy"); 39 STATISTIC(NumCpyToSet, "Number of memcpys converted to memset"); 40 41 static int64_t GetOffsetFromIndex(const GetElementPtrInst *GEP, unsigned Idx, 42 bool &VariableIdxFound, const TargetData &TD){ 43 // Skip over the first indices. 44 gep_type_iterator GTI = gep_type_begin(GEP); 45 for (unsigned i = 1; i != Idx; ++i, ++GTI) 46 /*skip along*/; 47 48 // Compute the offset implied by the rest of the indices. 49 int64_t Offset = 0; 50 for (unsigned i = Idx, e = GEP->getNumOperands(); i != e; ++i, ++GTI) { 51 ConstantInt *OpC = dyn_cast<ConstantInt>(GEP->getOperand(i)); 52 if (OpC == 0) 53 return VariableIdxFound = true; 54 if (OpC->isZero()) continue; // No offset. 55 56 // Handle struct indices, which add their field offset to the pointer. 57 if (StructType *STy = dyn_cast<StructType>(*GTI)) { 58 Offset += TD.getStructLayout(STy)->getElementOffset(OpC->getZExtValue()); 59 continue; 60 } 61 62 // Otherwise, we have a sequential type like an array or vector. Multiply 63 // the index by the ElementSize. 64 uint64_t Size = TD.getTypeAllocSize(GTI.getIndexedType()); 65 Offset += Size*OpC->getSExtValue(); 66 } 67 68 return Offset; 69 } 70 71 /// IsPointerOffset - Return true if Ptr1 is provably equal to Ptr2 plus a 72 /// constant offset, and return that constant offset. For example, Ptr1 might 73 /// be &A[42], and Ptr2 might be &A[40]. In this case offset would be -8. 74 static bool IsPointerOffset(Value *Ptr1, Value *Ptr2, int64_t &Offset, 75 const TargetData &TD) { 76 Ptr1 = Ptr1->stripPointerCasts(); 77 Ptr2 = Ptr2->stripPointerCasts(); 78 GetElementPtrInst *GEP1 = dyn_cast<GetElementPtrInst>(Ptr1); 79 GetElementPtrInst *GEP2 = dyn_cast<GetElementPtrInst>(Ptr2); 80 81 bool VariableIdxFound = false; 82 83 // If one pointer is a GEP and the other isn't, then see if the GEP is a 84 // constant offset from the base, as in "P" and "gep P, 1". 85 if (GEP1 && GEP2 == 0 && GEP1->getOperand(0)->stripPointerCasts() == Ptr2) { 86 Offset = -GetOffsetFromIndex(GEP1, 1, VariableIdxFound, TD); 87 return !VariableIdxFound; 88 } 89 90 if (GEP2 && GEP1 == 0 && GEP2->getOperand(0)->stripPointerCasts() == Ptr1) { 91 Offset = GetOffsetFromIndex(GEP2, 1, VariableIdxFound, TD); 92 return !VariableIdxFound; 93 } 94 95 // Right now we handle the case when Ptr1/Ptr2 are both GEPs with an identical 96 // base. After that base, they may have some number of common (and 97 // potentially variable) indices. After that they handle some constant 98 // offset, which determines their offset from each other. At this point, we 99 // handle no other case. 100 if (!GEP1 || !GEP2 || GEP1->getOperand(0) != GEP2->getOperand(0)) 101 return false; 102 103 // Skip any common indices and track the GEP types. 104 unsigned Idx = 1; 105 for (; Idx != GEP1->getNumOperands() && Idx != GEP2->getNumOperands(); ++Idx) 106 if (GEP1->getOperand(Idx) != GEP2->getOperand(Idx)) 107 break; 108 109 int64_t Offset1 = GetOffsetFromIndex(GEP1, Idx, VariableIdxFound, TD); 110 int64_t Offset2 = GetOffsetFromIndex(GEP2, Idx, VariableIdxFound, TD); 111 if (VariableIdxFound) return false; 112 113 Offset = Offset2-Offset1; 114 return true; 115 } 116 117 118 /// MemsetRange - Represents a range of memset'd bytes with the ByteVal value. 119 /// This allows us to analyze stores like: 120 /// store 0 -> P+1 121 /// store 0 -> P+0 122 /// store 0 -> P+3 123 /// store 0 -> P+2 124 /// which sometimes happens with stores to arrays of structs etc. When we see 125 /// the first store, we make a range [1, 2). The second store extends the range 126 /// to [0, 2). The third makes a new range [2, 3). The fourth store joins the 127 /// two ranges into [0, 3) which is memset'able. 128 namespace { 129 struct MemsetRange { 130 // Start/End - A semi range that describes the span that this range covers. 131 // The range is closed at the start and open at the end: [Start, End). 132 int64_t Start, End; 133 134 /// StartPtr - The getelementptr instruction that points to the start of the 135 /// range. 136 Value *StartPtr; 137 138 /// Alignment - The known alignment of the first store. 139 unsigned Alignment; 140 141 /// TheStores - The actual stores that make up this range. 142 SmallVector<Instruction*, 16> TheStores; 143 144 bool isProfitableToUseMemset(const TargetData &TD) const; 145 146 }; 147 } // end anon namespace 148 149 bool MemsetRange::isProfitableToUseMemset(const TargetData &TD) const { 150 // If we found more than 8 stores to merge or 64 bytes, use memset. 151 if (TheStores.size() >= 8 || End-Start >= 64) return true; 152 153 // If there is nothing to merge, don't do anything. 154 if (TheStores.size() < 2) return false; 155 156 // If any of the stores are a memset, then it is always good to extend the 157 // memset. 158 for (unsigned i = 0, e = TheStores.size(); i != e; ++i) 159 if (!isa<StoreInst>(TheStores[i])) 160 return true; 161 162 // Assume that the code generator is capable of merging pairs of stores 163 // together if it wants to. 164 if (TheStores.size() == 2) return false; 165 166 // If we have fewer than 8 stores, it can still be worthwhile to do this. 167 // For example, merging 4 i8 stores into an i32 store is useful almost always. 168 // However, merging 2 32-bit stores isn't useful on a 32-bit architecture (the 169 // memset will be split into 2 32-bit stores anyway) and doing so can 170 // pessimize the llvm optimizer. 171 // 172 // Since we don't have perfect knowledge here, make some assumptions: assume 173 // the maximum GPR width is the same size as the pointer size and assume that 174 // this width can be stored. If so, check to see whether we will end up 175 // actually reducing the number of stores used. 176 unsigned Bytes = unsigned(End-Start); 177 unsigned NumPointerStores = Bytes/TD.getPointerSize(); 178 179 // Assume the remaining bytes if any are done a byte at a time. 180 unsigned NumByteStores = Bytes - NumPointerStores*TD.getPointerSize(); 181 182 // If we will reduce the # stores (according to this heuristic), do the 183 // transformation. This encourages merging 4 x i8 -> i32 and 2 x i16 -> i32 184 // etc. 185 return TheStores.size() > NumPointerStores+NumByteStores; 186 } 187 188 189 namespace { 190 class MemsetRanges { 191 /// Ranges - A sorted list of the memset ranges. We use std::list here 192 /// because each element is relatively large and expensive to copy. 193 std::list<MemsetRange> Ranges; 194 typedef std::list<MemsetRange>::iterator range_iterator; 195 const TargetData &TD; 196 public: 197 MemsetRanges(const TargetData &td) : TD(td) {} 198 199 typedef std::list<MemsetRange>::const_iterator const_iterator; 200 const_iterator begin() const { return Ranges.begin(); } 201 const_iterator end() const { return Ranges.end(); } 202 bool empty() const { return Ranges.empty(); } 203 204 void addInst(int64_t OffsetFromFirst, Instruction *Inst) { 205 if (StoreInst *SI = dyn_cast<StoreInst>(Inst)) 206 addStore(OffsetFromFirst, SI); 207 else 208 addMemSet(OffsetFromFirst, cast<MemSetInst>(Inst)); 209 } 210 211 void addStore(int64_t OffsetFromFirst, StoreInst *SI) { 212 int64_t StoreSize = TD.getTypeStoreSize(SI->getOperand(0)->getType()); 213 214 addRange(OffsetFromFirst, StoreSize, 215 SI->getPointerOperand(), SI->getAlignment(), SI); 216 } 217 218 void addMemSet(int64_t OffsetFromFirst, MemSetInst *MSI) { 219 int64_t Size = cast<ConstantInt>(MSI->getLength())->getZExtValue(); 220 addRange(OffsetFromFirst, Size, MSI->getDest(), MSI->getAlignment(), MSI); 221 } 222 223 void addRange(int64_t Start, int64_t Size, Value *Ptr, 224 unsigned Alignment, Instruction *Inst); 225 226 }; 227 228 } // end anon namespace 229 230 231 /// addRange - Add a new store to the MemsetRanges data structure. This adds a 232 /// new range for the specified store at the specified offset, merging into 233 /// existing ranges as appropriate. 234 /// 235 /// Do a linear search of the ranges to see if this can be joined and/or to 236 /// find the insertion point in the list. We keep the ranges sorted for 237 /// simplicity here. This is a linear search of a linked list, which is ugly, 238 /// however the number of ranges is limited, so this won't get crazy slow. 239 void MemsetRanges::addRange(int64_t Start, int64_t Size, Value *Ptr, 240 unsigned Alignment, Instruction *Inst) { 241 int64_t End = Start+Size; 242 range_iterator I = Ranges.begin(), E = Ranges.end(); 243 244 while (I != E && Start > I->End) 245 ++I; 246 247 // We now know that I == E, in which case we didn't find anything to merge 248 // with, or that Start <= I->End. If End < I->Start or I == E, then we need 249 // to insert a new range. Handle this now. 250 if (I == E || End < I->Start) { 251 MemsetRange &R = *Ranges.insert(I, MemsetRange()); 252 R.Start = Start; 253 R.End = End; 254 R.StartPtr = Ptr; 255 R.Alignment = Alignment; 256 R.TheStores.push_back(Inst); 257 return; 258 } 259 260 // This store overlaps with I, add it. 261 I->TheStores.push_back(Inst); 262 263 // At this point, we may have an interval that completely contains our store. 264 // If so, just add it to the interval and return. 265 if (I->Start <= Start && I->End >= End) 266 return; 267 268 // Now we know that Start <= I->End and End >= I->Start so the range overlaps 269 // but is not entirely contained within the range. 270 271 // See if the range extends the start of the range. In this case, it couldn't 272 // possibly cause it to join the prior range, because otherwise we would have 273 // stopped on *it*. 274 if (Start < I->Start) { 275 I->Start = Start; 276 I->StartPtr = Ptr; 277 I->Alignment = Alignment; 278 } 279 280 // Now we know that Start <= I->End and Start >= I->Start (so the startpoint 281 // is in or right at the end of I), and that End >= I->Start. Extend I out to 282 // End. 283 if (End > I->End) { 284 I->End = End; 285 range_iterator NextI = I; 286 while (++NextI != E && End >= NextI->Start) { 287 // Merge the range in. 288 I->TheStores.append(NextI->TheStores.begin(), NextI->TheStores.end()); 289 if (NextI->End > I->End) 290 I->End = NextI->End; 291 Ranges.erase(NextI); 292 NextI = I; 293 } 294 } 295 } 296 297 //===----------------------------------------------------------------------===// 298 // MemCpyOpt Pass 299 //===----------------------------------------------------------------------===// 300 301 namespace { 302 class MemCpyOpt : public FunctionPass { 303 MemoryDependenceAnalysis *MD; 304 TargetLibraryInfo *TLI; 305 const TargetData *TD; 306 public: 307 static char ID; // Pass identification, replacement for typeid 308 MemCpyOpt() : FunctionPass(ID) { 309 initializeMemCpyOptPass(*PassRegistry::getPassRegistry()); 310 MD = 0; 311 TLI = 0; 312 TD = 0; 313 } 314 315 bool runOnFunction(Function &F); 316 317 private: 318 // This transformation requires dominator postdominator info 319 virtual void getAnalysisUsage(AnalysisUsage &AU) const { 320 AU.setPreservesCFG(); 321 AU.addRequired<DominatorTree>(); 322 AU.addRequired<MemoryDependenceAnalysis>(); 323 AU.addRequired<AliasAnalysis>(); 324 AU.addRequired<TargetLibraryInfo>(); 325 AU.addPreserved<AliasAnalysis>(); 326 AU.addPreserved<MemoryDependenceAnalysis>(); 327 } 328 329 // Helper fuctions 330 bool processStore(StoreInst *SI, BasicBlock::iterator &BBI); 331 bool processMemSet(MemSetInst *SI, BasicBlock::iterator &BBI); 332 bool processMemCpy(MemCpyInst *M); 333 bool processMemMove(MemMoveInst *M); 334 bool performCallSlotOptzn(Instruction *cpy, Value *cpyDst, Value *cpySrc, 335 uint64_t cpyLen, CallInst *C); 336 bool processMemCpyMemCpyDependence(MemCpyInst *M, MemCpyInst *MDep, 337 uint64_t MSize); 338 bool processByValArgument(CallSite CS, unsigned ArgNo); 339 Instruction *tryMergingIntoMemset(Instruction *I, Value *StartPtr, 340 Value *ByteVal); 341 342 bool iterateOnFunction(Function &F); 343 }; 344 345 char MemCpyOpt::ID = 0; 346 } 347 348 // createMemCpyOptPass - The public interface to this file... 349 FunctionPass *llvm::createMemCpyOptPass() { return new MemCpyOpt(); } 350 351 INITIALIZE_PASS_BEGIN(MemCpyOpt, "memcpyopt", "MemCpy Optimization", 352 false, false) 353 INITIALIZE_PASS_DEPENDENCY(DominatorTree) 354 INITIALIZE_PASS_DEPENDENCY(MemoryDependenceAnalysis) 355 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfo) 356 INITIALIZE_AG_DEPENDENCY(AliasAnalysis) 357 INITIALIZE_PASS_END(MemCpyOpt, "memcpyopt", "MemCpy Optimization", 358 false, false) 359 360 /// tryMergingIntoMemset - When scanning forward over instructions, we look for 361 /// some other patterns to fold away. In particular, this looks for stores to 362 /// neighboring locations of memory. If it sees enough consecutive ones, it 363 /// attempts to merge them together into a memcpy/memset. 364 Instruction *MemCpyOpt::tryMergingIntoMemset(Instruction *StartInst, 365 Value *StartPtr, Value *ByteVal) { 366 if (TD == 0) return 0; 367 368 // Okay, so we now have a single store that can be splatable. Scan to find 369 // all subsequent stores of the same value to offset from the same pointer. 370 // Join these together into ranges, so we can decide whether contiguous blocks 371 // are stored. 372 MemsetRanges Ranges(*TD); 373 374 BasicBlock::iterator BI = StartInst; 375 for (++BI; !isa<TerminatorInst>(BI); ++BI) { 376 if (!isa<StoreInst>(BI) && !isa<MemSetInst>(BI)) { 377 // If the instruction is readnone, ignore it, otherwise bail out. We 378 // don't even allow readonly here because we don't want something like: 379 // A[1] = 2; strlen(A); A[2] = 2; -> memcpy(A, ...); strlen(A). 380 if (BI->mayWriteToMemory() || BI->mayReadFromMemory()) 381 break; 382 continue; 383 } 384 385 if (StoreInst *NextStore = dyn_cast<StoreInst>(BI)) { 386 // If this is a store, see if we can merge it in. 387 if (NextStore->isVolatile()) break; 388 389 // Check to see if this stored value is of the same byte-splattable value. 390 if (ByteVal != isBytewiseValue(NextStore->getOperand(0))) 391 break; 392 393 // Check to see if this store is to a constant offset from the start ptr. 394 int64_t Offset; 395 if (!IsPointerOffset(StartPtr, NextStore->getPointerOperand(), 396 Offset, *TD)) 397 break; 398 399 Ranges.addStore(Offset, NextStore); 400 } else { 401 MemSetInst *MSI = cast<MemSetInst>(BI); 402 403 if (MSI->isVolatile() || ByteVal != MSI->getValue() || 404 !isa<ConstantInt>(MSI->getLength())) 405 break; 406 407 // Check to see if this store is to a constant offset from the start ptr. 408 int64_t Offset; 409 if (!IsPointerOffset(StartPtr, MSI->getDest(), Offset, *TD)) 410 break; 411 412 Ranges.addMemSet(Offset, MSI); 413 } 414 } 415 416 // If we have no ranges, then we just had a single store with nothing that 417 // could be merged in. This is a very common case of course. 418 if (Ranges.empty()) 419 return 0; 420 421 // If we had at least one store that could be merged in, add the starting 422 // store as well. We try to avoid this unless there is at least something 423 // interesting as a small compile-time optimization. 424 Ranges.addInst(0, StartInst); 425 426 // If we create any memsets, we put it right before the first instruction that 427 // isn't part of the memset block. This ensure that the memset is dominated 428 // by any addressing instruction needed by the start of the block. 429 IRBuilder<> Builder(BI); 430 431 // Now that we have full information about ranges, loop over the ranges and 432 // emit memset's for anything big enough to be worthwhile. 433 Instruction *AMemSet = 0; 434 for (MemsetRanges::const_iterator I = Ranges.begin(), E = Ranges.end(); 435 I != E; ++I) { 436 const MemsetRange &Range = *I; 437 438 if (Range.TheStores.size() == 1) continue; 439 440 // If it is profitable to lower this range to memset, do so now. 441 if (!Range.isProfitableToUseMemset(*TD)) 442 continue; 443 444 // Otherwise, we do want to transform this! Create a new memset. 445 // Get the starting pointer of the block. 446 StartPtr = Range.StartPtr; 447 448 // Determine alignment 449 unsigned Alignment = Range.Alignment; 450 if (Alignment == 0) { 451 Type *EltType = 452 cast<PointerType>(StartPtr->getType())->getElementType(); 453 Alignment = TD->getABITypeAlignment(EltType); 454 } 455 456 AMemSet = 457 Builder.CreateMemSet(StartPtr, ByteVal, Range.End-Range.Start, Alignment); 458 459 DEBUG(dbgs() << "Replace stores:\n"; 460 for (unsigned i = 0, e = Range.TheStores.size(); i != e; ++i) 461 dbgs() << *Range.TheStores[i] << '\n'; 462 dbgs() << "With: " << *AMemSet << '\n'); 463 464 if (!Range.TheStores.empty()) 465 AMemSet->setDebugLoc(Range.TheStores[0]->getDebugLoc()); 466 467 // Zap all the stores. 468 for (SmallVector<Instruction*, 16>::const_iterator 469 SI = Range.TheStores.begin(), 470 SE = Range.TheStores.end(); SI != SE; ++SI) { 471 MD->removeInstruction(*SI); 472 (*SI)->eraseFromParent(); 473 } 474 ++NumMemSetInfer; 475 } 476 477 return AMemSet; 478 } 479 480 481 bool MemCpyOpt::processStore(StoreInst *SI, BasicBlock::iterator &BBI) { 482 if (SI->isVolatile()) return false; 483 484 if (TD == 0) return false; 485 486 // Detect cases where we're performing call slot forwarding, but 487 // happen to be using a load-store pair to implement it, rather than 488 // a memcpy. 489 if (LoadInst *LI = dyn_cast<LoadInst>(SI->getOperand(0))) { 490 if (!LI->isVolatile() && LI->hasOneUse() && 491 LI->getParent() == SI->getParent()) { 492 MemDepResult ldep = MD->getDependency(LI); 493 CallInst *C = 0; 494 if (ldep.isClobber() && !isa<MemCpyInst>(ldep.getInst())) 495 C = dyn_cast<CallInst>(ldep.getInst()); 496 497 if (C) { 498 // Check that nothing touches the dest of the "copy" between 499 // the call and the store. 500 AliasAnalysis &AA = getAnalysis<AliasAnalysis>(); 501 AliasAnalysis::Location StoreLoc = AA.getLocation(SI); 502 for (BasicBlock::iterator I = --BasicBlock::iterator(SI), 503 E = C; I != E; --I) { 504 if (AA.getModRefInfo(&*I, StoreLoc) != AliasAnalysis::NoModRef) { 505 C = 0; 506 break; 507 } 508 } 509 } 510 511 if (C) { 512 bool changed = performCallSlotOptzn(LI, 513 SI->getPointerOperand()->stripPointerCasts(), 514 LI->getPointerOperand()->stripPointerCasts(), 515 TD->getTypeStoreSize(SI->getOperand(0)->getType()), C); 516 if (changed) { 517 MD->removeInstruction(SI); 518 SI->eraseFromParent(); 519 MD->removeInstruction(LI); 520 LI->eraseFromParent(); 521 ++NumMemCpyInstr; 522 return true; 523 } 524 } 525 } 526 } 527 528 // There are two cases that are interesting for this code to handle: memcpy 529 // and memset. Right now we only handle memset. 530 531 // Ensure that the value being stored is something that can be memset'able a 532 // byte at a time like "0" or "-1" or any width, as well as things like 533 // 0xA0A0A0A0 and 0.0. 534 if (Value *ByteVal = isBytewiseValue(SI->getOperand(0))) 535 if (Instruction *I = tryMergingIntoMemset(SI, SI->getPointerOperand(), 536 ByteVal)) { 537 BBI = I; // Don't invalidate iterator. 538 return true; 539 } 540 541 return false; 542 } 543 544 bool MemCpyOpt::processMemSet(MemSetInst *MSI, BasicBlock::iterator &BBI) { 545 // See if there is another memset or store neighboring this memset which 546 // allows us to widen out the memset to do a single larger store. 547 if (isa<ConstantInt>(MSI->getLength()) && !MSI->isVolatile()) 548 if (Instruction *I = tryMergingIntoMemset(MSI, MSI->getDest(), 549 MSI->getValue())) { 550 BBI = I; // Don't invalidate iterator. 551 return true; 552 } 553 return false; 554 } 555 556 557 /// performCallSlotOptzn - takes a memcpy and a call that it depends on, 558 /// and checks for the possibility of a call slot optimization by having 559 /// the call write its result directly into the destination of the memcpy. 560 bool MemCpyOpt::performCallSlotOptzn(Instruction *cpy, 561 Value *cpyDest, Value *cpySrc, 562 uint64_t cpyLen, CallInst *C) { 563 // The general transformation to keep in mind is 564 // 565 // call @func(..., src, ...) 566 // memcpy(dest, src, ...) 567 // 568 // -> 569 // 570 // memcpy(dest, src, ...) 571 // call @func(..., dest, ...) 572 // 573 // Since moving the memcpy is technically awkward, we additionally check that 574 // src only holds uninitialized values at the moment of the call, meaning that 575 // the memcpy can be discarded rather than moved. 576 577 // Deliberately get the source and destination with bitcasts stripped away, 578 // because we'll need to do type comparisons based on the underlying type. 579 CallSite CS(C); 580 581 // Require that src be an alloca. This simplifies the reasoning considerably. 582 AllocaInst *srcAlloca = dyn_cast<AllocaInst>(cpySrc); 583 if (!srcAlloca) 584 return false; 585 586 // Check that all of src is copied to dest. 587 if (TD == 0) return false; 588 589 ConstantInt *srcArraySize = dyn_cast<ConstantInt>(srcAlloca->getArraySize()); 590 if (!srcArraySize) 591 return false; 592 593 uint64_t srcSize = TD->getTypeAllocSize(srcAlloca->getAllocatedType()) * 594 srcArraySize->getZExtValue(); 595 596 if (cpyLen < srcSize) 597 return false; 598 599 // Check that accessing the first srcSize bytes of dest will not cause a 600 // trap. Otherwise the transform is invalid since it might cause a trap 601 // to occur earlier than it otherwise would. 602 if (AllocaInst *A = dyn_cast<AllocaInst>(cpyDest)) { 603 // The destination is an alloca. Check it is larger than srcSize. 604 ConstantInt *destArraySize = dyn_cast<ConstantInt>(A->getArraySize()); 605 if (!destArraySize) 606 return false; 607 608 uint64_t destSize = TD->getTypeAllocSize(A->getAllocatedType()) * 609 destArraySize->getZExtValue(); 610 611 if (destSize < srcSize) 612 return false; 613 } else if (Argument *A = dyn_cast<Argument>(cpyDest)) { 614 // If the destination is an sret parameter then only accesses that are 615 // outside of the returned struct type can trap. 616 if (!A->hasStructRetAttr()) 617 return false; 618 619 Type *StructTy = cast<PointerType>(A->getType())->getElementType(); 620 uint64_t destSize = TD->getTypeAllocSize(StructTy); 621 622 if (destSize < srcSize) 623 return false; 624 } else { 625 return false; 626 } 627 628 // Check that src is not accessed except via the call and the memcpy. This 629 // guarantees that it holds only undefined values when passed in (so the final 630 // memcpy can be dropped), that it is not read or written between the call and 631 // the memcpy, and that writing beyond the end of it is undefined. 632 SmallVector<User*, 8> srcUseList(srcAlloca->use_begin(), 633 srcAlloca->use_end()); 634 while (!srcUseList.empty()) { 635 User *UI = srcUseList.pop_back_val(); 636 637 if (isa<BitCastInst>(UI)) { 638 for (User::use_iterator I = UI->use_begin(), E = UI->use_end(); 639 I != E; ++I) 640 srcUseList.push_back(*I); 641 } else if (GetElementPtrInst *G = dyn_cast<GetElementPtrInst>(UI)) { 642 if (G->hasAllZeroIndices()) 643 for (User::use_iterator I = UI->use_begin(), E = UI->use_end(); 644 I != E; ++I) 645 srcUseList.push_back(*I); 646 else 647 return false; 648 } else if (UI != C && UI != cpy) { 649 return false; 650 } 651 } 652 653 // Since we're changing the parameter to the callsite, we need to make sure 654 // that what would be the new parameter dominates the callsite. 655 DominatorTree &DT = getAnalysis<DominatorTree>(); 656 if (Instruction *cpyDestInst = dyn_cast<Instruction>(cpyDest)) 657 if (!DT.dominates(cpyDestInst, C)) 658 return false; 659 660 // In addition to knowing that the call does not access src in some 661 // unexpected manner, for example via a global, which we deduce from 662 // the use analysis, we also need to know that it does not sneakily 663 // access dest. We rely on AA to figure this out for us. 664 AliasAnalysis &AA = getAnalysis<AliasAnalysis>(); 665 if (AA.getModRefInfo(C, cpyDest, srcSize) != AliasAnalysis::NoModRef) 666 return false; 667 668 // All the checks have passed, so do the transformation. 669 bool changedArgument = false; 670 for (unsigned i = 0; i < CS.arg_size(); ++i) 671 if (CS.getArgument(i)->stripPointerCasts() == cpySrc) { 672 if (cpySrc->getType() != cpyDest->getType()) 673 cpyDest = CastInst::CreatePointerCast(cpyDest, cpySrc->getType(), 674 cpyDest->getName(), C); 675 changedArgument = true; 676 if (CS.getArgument(i)->getType() == cpyDest->getType()) 677 CS.setArgument(i, cpyDest); 678 else 679 CS.setArgument(i, CastInst::CreatePointerCast(cpyDest, 680 CS.getArgument(i)->getType(), cpyDest->getName(), C)); 681 } 682 683 if (!changedArgument) 684 return false; 685 686 // Drop any cached information about the call, because we may have changed 687 // its dependence information by changing its parameter. 688 MD->removeInstruction(C); 689 690 // Remove the memcpy. 691 MD->removeInstruction(cpy); 692 ++NumMemCpyInstr; 693 694 return true; 695 } 696 697 /// processMemCpyMemCpyDependence - We've found that the (upward scanning) 698 /// memory dependence of memcpy 'M' is the memcpy 'MDep'. Try to simplify M to 699 /// copy from MDep's input if we can. MSize is the size of M's copy. 700 /// 701 bool MemCpyOpt::processMemCpyMemCpyDependence(MemCpyInst *M, MemCpyInst *MDep, 702 uint64_t MSize) { 703 // We can only transforms memcpy's where the dest of one is the source of the 704 // other. 705 if (M->getSource() != MDep->getDest() || MDep->isVolatile()) 706 return false; 707 708 // If dep instruction is reading from our current input, then it is a noop 709 // transfer and substituting the input won't change this instruction. Just 710 // ignore the input and let someone else zap MDep. This handles cases like: 711 // memcpy(a <- a) 712 // memcpy(b <- a) 713 if (M->getSource() == MDep->getSource()) 714 return false; 715 716 // Second, the length of the memcpy's must be the same, or the preceding one 717 // must be larger than the following one. 718 ConstantInt *MDepLen = dyn_cast<ConstantInt>(MDep->getLength()); 719 ConstantInt *MLen = dyn_cast<ConstantInt>(M->getLength()); 720 if (!MDepLen || !MLen || MDepLen->getZExtValue() < MLen->getZExtValue()) 721 return false; 722 723 AliasAnalysis &AA = getAnalysis<AliasAnalysis>(); 724 725 // Verify that the copied-from memory doesn't change in between the two 726 // transfers. For example, in: 727 // memcpy(a <- b) 728 // *b = 42; 729 // memcpy(c <- a) 730 // It would be invalid to transform the second memcpy into memcpy(c <- b). 731 // 732 // TODO: If the code between M and MDep is transparent to the destination "c", 733 // then we could still perform the xform by moving M up to the first memcpy. 734 // 735 // NOTE: This is conservative, it will stop on any read from the source loc, 736 // not just the defining memcpy. 737 MemDepResult SourceDep = 738 MD->getPointerDependencyFrom(AA.getLocationForSource(MDep), 739 false, M, M->getParent()); 740 if (!SourceDep.isClobber() || SourceDep.getInst() != MDep) 741 return false; 742 743 // If the dest of the second might alias the source of the first, then the 744 // source and dest might overlap. We still want to eliminate the intermediate 745 // value, but we have to generate a memmove instead of memcpy. 746 bool UseMemMove = false; 747 if (!AA.isNoAlias(AA.getLocationForDest(M), AA.getLocationForSource(MDep))) 748 UseMemMove = true; 749 750 // If all checks passed, then we can transform M. 751 752 // Make sure to use the lesser of the alignment of the source and the dest 753 // since we're changing where we're reading from, but don't want to increase 754 // the alignment past what can be read from or written to. 755 // TODO: Is this worth it if we're creating a less aligned memcpy? For 756 // example we could be moving from movaps -> movq on x86. 757 unsigned Align = std::min(MDep->getAlignment(), M->getAlignment()); 758 759 IRBuilder<> Builder(M); 760 if (UseMemMove) 761 Builder.CreateMemMove(M->getRawDest(), MDep->getRawSource(), M->getLength(), 762 Align, M->isVolatile()); 763 else 764 Builder.CreateMemCpy(M->getRawDest(), MDep->getRawSource(), M->getLength(), 765 Align, M->isVolatile()); 766 767 // Remove the instruction we're replacing. 768 MD->removeInstruction(M); 769 M->eraseFromParent(); 770 ++NumMemCpyInstr; 771 return true; 772 } 773 774 775 /// processMemCpy - perform simplification of memcpy's. If we have memcpy A 776 /// which copies X to Y, and memcpy B which copies Y to Z, then we can rewrite 777 /// B to be a memcpy from X to Z (or potentially a memmove, depending on 778 /// circumstances). This allows later passes to remove the first memcpy 779 /// altogether. 780 bool MemCpyOpt::processMemCpy(MemCpyInst *M) { 781 // We can only optimize statically-sized memcpy's that are non-volatile. 782 ConstantInt *CopySize = dyn_cast<ConstantInt>(M->getLength()); 783 if (CopySize == 0 || M->isVolatile()) return false; 784 785 // If the source and destination of the memcpy are the same, then zap it. 786 if (M->getSource() == M->getDest()) { 787 MD->removeInstruction(M); 788 M->eraseFromParent(); 789 return false; 790 } 791 792 // If copying from a constant, try to turn the memcpy into a memset. 793 if (GlobalVariable *GV = dyn_cast<GlobalVariable>(M->getSource())) 794 if (GV->isConstant() && GV->hasDefinitiveInitializer()) 795 if (Value *ByteVal = isBytewiseValue(GV->getInitializer())) { 796 IRBuilder<> Builder(M); 797 Builder.CreateMemSet(M->getRawDest(), ByteVal, CopySize, 798 M->getAlignment(), false); 799 MD->removeInstruction(M); 800 M->eraseFromParent(); 801 ++NumCpyToSet; 802 return true; 803 } 804 805 // The are two possible optimizations we can do for memcpy: 806 // a) memcpy-memcpy xform which exposes redundance for DSE. 807 // b) call-memcpy xform for return slot optimization. 808 MemDepResult DepInfo = MD->getDependency(M); 809 if (!DepInfo.isClobber()) 810 return false; 811 812 if (MemCpyInst *MDep = dyn_cast<MemCpyInst>(DepInfo.getInst())) 813 return processMemCpyMemCpyDependence(M, MDep, CopySize->getZExtValue()); 814 815 if (CallInst *C = dyn_cast<CallInst>(DepInfo.getInst())) { 816 if (performCallSlotOptzn(M, M->getDest(), M->getSource(), 817 CopySize->getZExtValue(), C)) { 818 MD->removeInstruction(M); 819 M->eraseFromParent(); 820 return true; 821 } 822 } 823 824 return false; 825 } 826 827 /// processMemMove - Transforms memmove calls to memcpy calls when the src/dst 828 /// are guaranteed not to alias. 829 bool MemCpyOpt::processMemMove(MemMoveInst *M) { 830 AliasAnalysis &AA = getAnalysis<AliasAnalysis>(); 831 832 if (!TLI->has(LibFunc::memmove)) 833 return false; 834 835 // See if the pointers alias. 836 if (!AA.isNoAlias(AA.getLocationForDest(M), AA.getLocationForSource(M))) 837 return false; 838 839 DEBUG(dbgs() << "MemCpyOpt: Optimizing memmove -> memcpy: " << *M << "\n"); 840 841 // If not, then we know we can transform this. 842 Module *Mod = M->getParent()->getParent()->getParent(); 843 Type *ArgTys[3] = { M->getRawDest()->getType(), 844 M->getRawSource()->getType(), 845 M->getLength()->getType() }; 846 M->setCalledFunction(Intrinsic::getDeclaration(Mod, Intrinsic::memcpy, 847 ArgTys)); 848 849 // MemDep may have over conservative information about this instruction, just 850 // conservatively flush it from the cache. 851 MD->removeInstruction(M); 852 853 ++NumMoveToCpy; 854 return true; 855 } 856 857 /// processByValArgument - This is called on every byval argument in call sites. 858 bool MemCpyOpt::processByValArgument(CallSite CS, unsigned ArgNo) { 859 if (TD == 0) return false; 860 861 // Find out what feeds this byval argument. 862 Value *ByValArg = CS.getArgument(ArgNo); 863 Type *ByValTy =cast<PointerType>(ByValArg->getType())->getElementType(); 864 uint64_t ByValSize = TD->getTypeAllocSize(ByValTy); 865 MemDepResult DepInfo = 866 MD->getPointerDependencyFrom(AliasAnalysis::Location(ByValArg, ByValSize), 867 true, CS.getInstruction(), 868 CS.getInstruction()->getParent()); 869 if (!DepInfo.isClobber()) 870 return false; 871 872 // If the byval argument isn't fed by a memcpy, ignore it. If it is fed by 873 // a memcpy, see if we can byval from the source of the memcpy instead of the 874 // result. 875 MemCpyInst *MDep = dyn_cast<MemCpyInst>(DepInfo.getInst()); 876 if (MDep == 0 || MDep->isVolatile() || 877 ByValArg->stripPointerCasts() != MDep->getDest()) 878 return false; 879 880 // The length of the memcpy must be larger or equal to the size of the byval. 881 ConstantInt *C1 = dyn_cast<ConstantInt>(MDep->getLength()); 882 if (C1 == 0 || C1->getValue().getZExtValue() < ByValSize) 883 return false; 884 885 // Get the alignment of the byval. If the call doesn't specify the alignment, 886 // then it is some target specific value that we can't know. 887 unsigned ByValAlign = CS.getParamAlignment(ArgNo+1); 888 if (ByValAlign == 0) return false; 889 890 // If it is greater than the memcpy, then we check to see if we can force the 891 // source of the memcpy to the alignment we need. If we fail, we bail out. 892 if (MDep->getAlignment() < ByValAlign && 893 getOrEnforceKnownAlignment(MDep->getSource(),ByValAlign, TD) < ByValAlign) 894 return false; 895 896 // Verify that the copied-from memory doesn't change in between the memcpy and 897 // the byval call. 898 // memcpy(a <- b) 899 // *b = 42; 900 // foo(*a) 901 // It would be invalid to transform the second memcpy into foo(*b). 902 // 903 // NOTE: This is conservative, it will stop on any read from the source loc, 904 // not just the defining memcpy. 905 MemDepResult SourceDep = 906 MD->getPointerDependencyFrom(AliasAnalysis::getLocationForSource(MDep), 907 false, CS.getInstruction(), MDep->getParent()); 908 if (!SourceDep.isClobber() || SourceDep.getInst() != MDep) 909 return false; 910 911 Value *TmpCast = MDep->getSource(); 912 if (MDep->getSource()->getType() != ByValArg->getType()) 913 TmpCast = new BitCastInst(MDep->getSource(), ByValArg->getType(), 914 "tmpcast", CS.getInstruction()); 915 916 DEBUG(dbgs() << "MemCpyOpt: Forwarding memcpy to byval:\n" 917 << " " << *MDep << "\n" 918 << " " << *CS.getInstruction() << "\n"); 919 920 // Otherwise we're good! Update the byval argument. 921 CS.setArgument(ArgNo, TmpCast); 922 ++NumMemCpyInstr; 923 return true; 924 } 925 926 /// iterateOnFunction - Executes one iteration of MemCpyOpt. 927 bool MemCpyOpt::iterateOnFunction(Function &F) { 928 bool MadeChange = false; 929 930 // Walk all instruction in the function. 931 for (Function::iterator BB = F.begin(), BBE = F.end(); BB != BBE; ++BB) { 932 for (BasicBlock::iterator BI = BB->begin(), BE = BB->end(); BI != BE;) { 933 // Avoid invalidating the iterator. 934 Instruction *I = BI++; 935 936 bool RepeatInstruction = false; 937 938 if (StoreInst *SI = dyn_cast<StoreInst>(I)) 939 MadeChange |= processStore(SI, BI); 940 else if (MemSetInst *M = dyn_cast<MemSetInst>(I)) 941 RepeatInstruction = processMemSet(M, BI); 942 else if (MemCpyInst *M = dyn_cast<MemCpyInst>(I)) 943 RepeatInstruction = processMemCpy(M); 944 else if (MemMoveInst *M = dyn_cast<MemMoveInst>(I)) 945 RepeatInstruction = processMemMove(M); 946 else if (CallSite CS = (Value*)I) { 947 for (unsigned i = 0, e = CS.arg_size(); i != e; ++i) 948 if (CS.paramHasAttr(i+1, Attribute::ByVal)) 949 MadeChange |= processByValArgument(CS, i); 950 } 951 952 // Reprocess the instruction if desired. 953 if (RepeatInstruction) { 954 if (BI != BB->begin()) --BI; 955 MadeChange = true; 956 } 957 } 958 } 959 960 return MadeChange; 961 } 962 963 // MemCpyOpt::runOnFunction - This is the main transformation entry point for a 964 // function. 965 // 966 bool MemCpyOpt::runOnFunction(Function &F) { 967 bool MadeChange = false; 968 MD = &getAnalysis<MemoryDependenceAnalysis>(); 969 TD = getAnalysisIfAvailable<TargetData>(); 970 TLI = &getAnalysis<TargetLibraryInfo>(); 971 972 // If we don't have at least memset and memcpy, there is little point of doing 973 // anything here. These are required by a freestanding implementation, so if 974 // even they are disabled, there is no point in trying hard. 975 if (!TLI->has(LibFunc::memset) || !TLI->has(LibFunc::memcpy)) 976 return false; 977 978 while (1) { 979 if (!iterateOnFunction(F)) 980 break; 981 MadeChange = true; 982 } 983 984 MD = 0; 985 return MadeChange; 986 } 987