1 Target Independent Opportunities: 2 3 //===---------------------------------------------------------------------===// 4 5 We should recognized various "overflow detection" idioms and translate them into 6 llvm.uadd.with.overflow and similar intrinsics. Here is a multiply idiom: 7 8 unsigned int mul(unsigned int a,unsigned int b) { 9 if ((unsigned long long)a*b>0xffffffff) 10 exit(0); 11 return a*b; 12 } 13 14 The legalization code for mul-with-overflow needs to be made more robust before 15 this can be implemented though. 16 17 //===---------------------------------------------------------------------===// 18 19 Get the C front-end to expand hypot(x,y) -> llvm.sqrt(x*x+y*y) when errno and 20 precision don't matter (ffastmath). Misc/mandel will like this. :) This isn't 21 safe in general, even on darwin. See the libm implementation of hypot for 22 examples (which special case when x/y are exactly zero to get signed zeros etc 23 right). 24 25 //===---------------------------------------------------------------------===// 26 27 On targets with expensive 64-bit multiply, we could LSR this: 28 29 for (i = ...; ++i) { 30 x = 1ULL << i; 31 32 into: 33 long long tmp = 1; 34 for (i = ...; ++i, tmp+=tmp) 35 x = tmp; 36 37 This would be a win on ppc32, but not x86 or ppc64. 38 39 //===---------------------------------------------------------------------===// 40 41 Shrink: (setlt (loadi32 P), 0) -> (setlt (loadi8 Phi), 0) 42 43 //===---------------------------------------------------------------------===// 44 45 Reassociate should turn things like: 46 47 int factorial(int X) { 48 return X*X*X*X*X*X*X*X; 49 } 50 51 into llvm.powi calls, allowing the code generator to produce balanced 52 multiplication trees. 53 54 First, the intrinsic needs to be extended to support integers, and second the 55 code generator needs to be enhanced to lower these to multiplication trees. 56 57 //===---------------------------------------------------------------------===// 58 59 Interesting? testcase for add/shift/mul reassoc: 60 61 int bar(int x, int y) { 62 return x*x*x+y+x*x*x*x*x*y*y*y*y; 63 } 64 int foo(int z, int n) { 65 return bar(z, n) + bar(2*z, 2*n); 66 } 67 68 This is blocked on not handling X*X*X -> powi(X, 3) (see note above). The issue 69 is that we end up getting t = 2*X s = t*t and don't turn this into 4*X*X, 70 which is the same number of multiplies and is canonical, because the 2*X has 71 multiple uses. Here's a simple example: 72 73 define i32 @test15(i32 %X1) { 74 %B = mul i32 %X1, 47 ; X1*47 75 %C = mul i32 %B, %B 76 ret i32 %C 77 } 78 79 80 //===---------------------------------------------------------------------===// 81 82 Reassociate should handle the example in GCC PR16157: 83 84 extern int a0, a1, a2, a3, a4; extern int b0, b1, b2, b3, b4; 85 void f () { /* this can be optimized to four additions... */ 86 b4 = a4 + a3 + a2 + a1 + a0; 87 b3 = a3 + a2 + a1 + a0; 88 b2 = a2 + a1 + a0; 89 b1 = a1 + a0; 90 } 91 92 This requires reassociating to forms of expressions that are already available, 93 something that reassoc doesn't think about yet. 94 95 96 //===---------------------------------------------------------------------===// 97 98 These two functions should generate the same code on big-endian systems: 99 100 int g(int *j,int *l) { return memcmp(j,l,4); } 101 int h(int *j, int *l) { return *j - *l; } 102 103 this could be done in SelectionDAGISel.cpp, along with other special cases, 104 for 1,2,4,8 bytes. 105 106 //===---------------------------------------------------------------------===// 107 108 It would be nice to revert this patch: 109 http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20060213/031986.html 110 111 And teach the dag combiner enough to simplify the code expanded before 112 legalize. It seems plausible that this knowledge would let it simplify other 113 stuff too. 114 115 //===---------------------------------------------------------------------===// 116 117 For vector types, DataLayout.cpp::getTypeInfo() returns alignment that is equal 118 to the type size. It works but can be overly conservative as the alignment of 119 specific vector types are target dependent. 120 121 //===---------------------------------------------------------------------===// 122 123 We should produce an unaligned load from code like this: 124 125 v4sf example(float *P) { 126 return (v4sf){P[0], P[1], P[2], P[3] }; 127 } 128 129 //===---------------------------------------------------------------------===// 130 131 Add support for conditional increments, and other related patterns. Instead 132 of: 133 134 movl 136(%esp), %eax 135 cmpl $0, %eax 136 je LBB16_2 #cond_next 137 LBB16_1: #cond_true 138 incl _foo 139 LBB16_2: #cond_next 140 141 emit: 142 movl _foo, %eax 143 cmpl $1, %edi 144 sbbl $-1, %eax 145 movl %eax, _foo 146 147 //===---------------------------------------------------------------------===// 148 149 Combine: a = sin(x), b = cos(x) into a,b = sincos(x). 150 151 Expand these to calls of sin/cos and stores: 152 double sincos(double x, double *sin, double *cos); 153 float sincosf(float x, float *sin, float *cos); 154 long double sincosl(long double x, long double *sin, long double *cos); 155 156 Doing so could allow SROA of the destination pointers. See also: 157 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=17687 158 159 This is now easily doable with MRVs. We could even make an intrinsic for this 160 if anyone cared enough about sincos. 161 162 //===---------------------------------------------------------------------===// 163 164 quantum_sigma_x in 462.libquantum contains the following loop: 165 166 for(i=0; i<reg->size; i++) 167 { 168 /* Flip the target bit of each basis state */ 169 reg->node[i].state ^= ((MAX_UNSIGNED) 1 << target); 170 } 171 172 Where MAX_UNSIGNED/state is a 64-bit int. On a 32-bit platform it would be just 173 so cool to turn it into something like: 174 175 long long Res = ((MAX_UNSIGNED) 1 << target); 176 if (target < 32) { 177 for(i=0; i<reg->size; i++) 178 reg->node[i].state ^= Res & 0xFFFFFFFFULL; 179 } else { 180 for(i=0; i<reg->size; i++) 181 reg->node[i].state ^= Res & 0xFFFFFFFF00000000ULL 182 } 183 184 ... which would only do one 32-bit XOR per loop iteration instead of two. 185 186 It would also be nice to recognize the reg->size doesn't alias reg->node[i], but 187 this requires TBAA. 188 189 //===---------------------------------------------------------------------===// 190 191 This isn't recognized as bswap by instcombine (yes, it really is bswap): 192 193 unsigned long reverse(unsigned v) { 194 unsigned t; 195 t = v ^ ((v << 16) | (v >> 16)); 196 t &= ~0xff0000; 197 v = (v << 24) | (v >> 8); 198 return v ^ (t >> 8); 199 } 200 201 //===---------------------------------------------------------------------===// 202 203 [LOOP DELETION] 204 205 We don't delete this output free loop, because trip count analysis doesn't 206 realize that it is finite (if it were infinite, it would be undefined). Not 207 having this blocks Loop Idiom from matching strlen and friends. 208 209 void foo(char *C) { 210 int x = 0; 211 while (*C) 212 ++x,++C; 213 } 214 215 //===---------------------------------------------------------------------===// 216 217 [LOOP RECOGNITION] 218 219 These idioms should be recognized as popcount (see PR1488): 220 221 unsigned countbits_slow(unsigned v) { 222 unsigned c; 223 for (c = 0; v; v >>= 1) 224 c += v & 1; 225 return c; 226 } 227 228 unsigned int popcount(unsigned int input) { 229 unsigned int count = 0; 230 for (unsigned int i = 0; i < 4 * 8; i++) 231 count += (input >> i) & i; 232 return count; 233 } 234 235 This should be recognized as CLZ: rdar://8459039 236 237 unsigned clz_a(unsigned a) { 238 int i; 239 for (i=0;i<32;i++) 240 if (a & (1<<(31-i))) 241 return i; 242 return 32; 243 } 244 245 This sort of thing should be added to the loop idiom pass. 246 247 //===---------------------------------------------------------------------===// 248 249 These should turn into single 16-bit (unaligned?) loads on little/big endian 250 processors. 251 252 unsigned short read_16_le(const unsigned char *adr) { 253 return adr[0] | (adr[1] << 8); 254 } 255 unsigned short read_16_be(const unsigned char *adr) { 256 return (adr[0] << 8) | adr[1]; 257 } 258 259 //===---------------------------------------------------------------------===// 260 261 -instcombine should handle this transform: 262 icmp pred (sdiv X / C1 ), C2 263 when X, C1, and C2 are unsigned. Similarly for udiv and signed operands. 264 265 Currently InstCombine avoids this transform but will do it when the signs of 266 the operands and the sign of the divide match. See the FIXME in 267 InstructionCombining.cpp in the visitSetCondInst method after the switch case 268 for Instruction::UDiv (around line 4447) for more details. 269 270 The SingleSource/Benchmarks/Shootout-C++/hash and hash2 tests have examples of 271 this construct. 272 273 //===---------------------------------------------------------------------===// 274 275 [LOOP OPTIMIZATION] 276 277 SingleSource/Benchmarks/Misc/dt.c shows several interesting optimization 278 opportunities in its double_array_divs_variable function: it needs loop 279 interchange, memory promotion (which LICM already does), vectorization and 280 variable trip count loop unrolling (since it has a constant trip count). ICC 281 apparently produces this very nice code with -ffast-math: 282 283 ..B1.70: # Preds ..B1.70 ..B1.69 284 mulpd %xmm0, %xmm1 #108.2 285 mulpd %xmm0, %xmm1 #108.2 286 mulpd %xmm0, %xmm1 #108.2 287 mulpd %xmm0, %xmm1 #108.2 288 addl $8, %edx # 289 cmpl $131072, %edx #108.2 290 jb ..B1.70 # Prob 99% #108.2 291 292 It would be better to count down to zero, but this is a lot better than what we 293 do. 294 295 //===---------------------------------------------------------------------===// 296 297 Consider: 298 299 typedef unsigned U32; 300 typedef unsigned long long U64; 301 int test (U32 *inst, U64 *regs) { 302 U64 effective_addr2; 303 U32 temp = *inst; 304 int r1 = (temp >> 20) & 0xf; 305 int b2 = (temp >> 16) & 0xf; 306 effective_addr2 = temp & 0xfff; 307 if (b2) effective_addr2 += regs[b2]; 308 b2 = (temp >> 12) & 0xf; 309 if (b2) effective_addr2 += regs[b2]; 310 effective_addr2 &= regs[4]; 311 if ((effective_addr2 & 3) == 0) 312 return 1; 313 return 0; 314 } 315 316 Note that only the low 2 bits of effective_addr2 are used. On 32-bit systems, 317 we don't eliminate the computation of the top half of effective_addr2 because 318 we don't have whole-function selection dags. On x86, this means we use one 319 extra register for the function when effective_addr2 is declared as U64 than 320 when it is declared U32. 321 322 PHI Slicing could be extended to do this. 323 324 //===---------------------------------------------------------------------===// 325 326 Tail call elim should be more aggressive, checking to see if the call is 327 followed by an uncond branch to an exit block. 328 329 ; This testcase is due to tail-duplication not wanting to copy the return 330 ; instruction into the terminating blocks because there was other code 331 ; optimized out of the function after the taildup happened. 332 ; RUN: llvm-as < %s | opt -tailcallelim | llvm-dis | not grep call 333 334 define i32 @t4(i32 %a) { 335 entry: 336 %tmp.1 = and i32 %a, 1 ; <i32> [#uses=1] 337 %tmp.2 = icmp ne i32 %tmp.1, 0 ; <i1> [#uses=1] 338 br i1 %tmp.2, label %then.0, label %else.0 339 340 then.0: ; preds = %entry 341 %tmp.5 = add i32 %a, -1 ; <i32> [#uses=1] 342 %tmp.3 = call i32 @t4( i32 %tmp.5 ) ; <i32> [#uses=1] 343 br label %return 344 345 else.0: ; preds = %entry 346 %tmp.7 = icmp ne i32 %a, 0 ; <i1> [#uses=1] 347 br i1 %tmp.7, label %then.1, label %return 348 349 then.1: ; preds = %else.0 350 %tmp.11 = add i32 %a, -2 ; <i32> [#uses=1] 351 %tmp.9 = call i32 @t4( i32 %tmp.11 ) ; <i32> [#uses=1] 352 br label %return 353 354 return: ; preds = %then.1, %else.0, %then.0 355 %result.0 = phi i32 [ 0, %else.0 ], [ %tmp.3, %then.0 ], 356 [ %tmp.9, %then.1 ] 357 ret i32 %result.0 358 } 359 360 //===---------------------------------------------------------------------===// 361 362 Tail recursion elimination should handle: 363 364 int pow2m1(int n) { 365 if (n == 0) 366 return 0; 367 return 2 * pow2m1 (n - 1) + 1; 368 } 369 370 Also, multiplies can be turned into SHL's, so they should be handled as if 371 they were associative. "return foo() << 1" can be tail recursion eliminated. 372 373 //===---------------------------------------------------------------------===// 374 375 Argument promotion should promote arguments for recursive functions, like 376 this: 377 378 ; RUN: llvm-as < %s | opt -argpromotion | llvm-dis | grep x.val 379 380 define internal i32 @foo(i32* %x) { 381 entry: 382 %tmp = load i32* %x ; <i32> [#uses=0] 383 %tmp.foo = call i32 @foo( i32* %x ) ; <i32> [#uses=1] 384 ret i32 %tmp.foo 385 } 386 387 define i32 @bar(i32* %x) { 388 entry: 389 %tmp3 = call i32 @foo( i32* %x ) ; <i32> [#uses=1] 390 ret i32 %tmp3 391 } 392 393 //===---------------------------------------------------------------------===// 394 395 We should investigate an instruction sinking pass. Consider this silly 396 example in pic mode: 397 398 #include <assert.h> 399 void foo(int x) { 400 assert(x); 401 //... 402 } 403 404 we compile this to: 405 _foo: 406 subl $28, %esp 407 call "L1$pb" 408 "L1$pb": 409 popl %eax 410 cmpl $0, 32(%esp) 411 je LBB1_2 # cond_true 412 LBB1_1: # return 413 # ... 414 addl $28, %esp 415 ret 416 LBB1_2: # cond_true 417 ... 418 419 The PIC base computation (call+popl) is only used on one path through the 420 code, but is currently always computed in the entry block. It would be 421 better to sink the picbase computation down into the block for the 422 assertion, as it is the only one that uses it. This happens for a lot of 423 code with early outs. 424 425 Another example is loads of arguments, which are usually emitted into the 426 entry block on targets like x86. If not used in all paths through a 427 function, they should be sunk into the ones that do. 428 429 In this case, whole-function-isel would also handle this. 430 431 //===---------------------------------------------------------------------===// 432 433 Investigate lowering of sparse switch statements into perfect hash tables: 434 http://burtleburtle.net/bob/hash/perfect.html 435 436 //===---------------------------------------------------------------------===// 437 438 We should turn things like "load+fabs+store" and "load+fneg+store" into the 439 corresponding integer operations. On a yonah, this loop: 440 441 double a[256]; 442 void foo() { 443 int i, b; 444 for (b = 0; b < 10000000; b++) 445 for (i = 0; i < 256; i++) 446 a[i] = -a[i]; 447 } 448 449 is twice as slow as this loop: 450 451 long long a[256]; 452 void foo() { 453 int i, b; 454 for (b = 0; b < 10000000; b++) 455 for (i = 0; i < 256; i++) 456 a[i] ^= (1ULL << 63); 457 } 458 459 and I suspect other processors are similar. On X86 in particular this is a 460 big win because doing this with integers allows the use of read/modify/write 461 instructions. 462 463 //===---------------------------------------------------------------------===// 464 465 DAG Combiner should try to combine small loads into larger loads when 466 profitable. For example, we compile this C++ example: 467 468 struct THotKey { short Key; bool Control; bool Shift; bool Alt; }; 469 extern THotKey m_HotKey; 470 THotKey GetHotKey () { return m_HotKey; } 471 472 into (-m64 -O3 -fno-exceptions -static -fomit-frame-pointer): 473 474 __Z9GetHotKeyv: ## @_Z9GetHotKeyv 475 movq _m_HotKey@GOTPCREL(%rip), %rax 476 movzwl (%rax), %ecx 477 movzbl 2(%rax), %edx 478 shlq $16, %rdx 479 orq %rcx, %rdx 480 movzbl 3(%rax), %ecx 481 shlq $24, %rcx 482 orq %rdx, %rcx 483 movzbl 4(%rax), %eax 484 shlq $32, %rax 485 orq %rcx, %rax 486 ret 487 488 //===---------------------------------------------------------------------===// 489 490 We should add an FRINT node to the DAG to model targets that have legal 491 implementations of ceil/floor/rint. 492 493 //===---------------------------------------------------------------------===// 494 495 Consider: 496 497 int test() { 498 long long input[8] = {1,0,1,0,1,0,1,0}; 499 foo(input); 500 } 501 502 Clang compiles this into: 503 504 call void @llvm.memset.p0i8.i64(i8* %tmp, i8 0, i64 64, i32 16, i1 false) 505 %0 = getelementptr [8 x i64]* %input, i64 0, i64 0 506 store i64 1, i64* %0, align 16 507 %1 = getelementptr [8 x i64]* %input, i64 0, i64 2 508 store i64 1, i64* %1, align 16 509 %2 = getelementptr [8 x i64]* %input, i64 0, i64 4 510 store i64 1, i64* %2, align 16 511 %3 = getelementptr [8 x i64]* %input, i64 0, i64 6 512 store i64 1, i64* %3, align 16 513 514 Which gets codegen'd into: 515 516 pxor %xmm0, %xmm0 517 movaps %xmm0, -16(%rbp) 518 movaps %xmm0, -32(%rbp) 519 movaps %xmm0, -48(%rbp) 520 movaps %xmm0, -64(%rbp) 521 movq $1, -64(%rbp) 522 movq $1, -48(%rbp) 523 movq $1, -32(%rbp) 524 movq $1, -16(%rbp) 525 526 It would be better to have 4 movq's of 0 instead of the movaps's. 527 528 //===---------------------------------------------------------------------===// 529 530 http://llvm.org/PR717: 531 532 The following code should compile into "ret int undef". Instead, LLVM 533 produces "ret int 0": 534 535 int f() { 536 int x = 4; 537 int y; 538 if (x == 3) y = 0; 539 return y; 540 } 541 542 //===---------------------------------------------------------------------===// 543 544 The loop unroller should partially unroll loops (instead of peeling them) 545 when code growth isn't too bad and when an unroll count allows simplification 546 of some code within the loop. One trivial example is: 547 548 #include <stdio.h> 549 int main() { 550 int nRet = 17; 551 int nLoop; 552 for ( nLoop = 0; nLoop < 1000; nLoop++ ) { 553 if ( nLoop & 1 ) 554 nRet += 2; 555 else 556 nRet -= 1; 557 } 558 return nRet; 559 } 560 561 Unrolling by 2 would eliminate the '&1' in both copies, leading to a net 562 reduction in code size. The resultant code would then also be suitable for 563 exit value computation. 564 565 //===---------------------------------------------------------------------===// 566 567 We miss a bunch of rotate opportunities on various targets, including ppc, x86, 568 etc. On X86, we miss a bunch of 'rotate by variable' cases because the rotate 569 matching code in dag combine doesn't look through truncates aggressively 570 enough. Here are some testcases reduces from GCC PR17886: 571 572 unsigned long long f5(unsigned long long x, unsigned long long y) { 573 return (x << 8) | ((y >> 48) & 0xffull); 574 } 575 unsigned long long f6(unsigned long long x, unsigned long long y, int z) { 576 switch(z) { 577 case 1: 578 return (x << 8) | ((y >> 48) & 0xffull); 579 case 2: 580 return (x << 16) | ((y >> 40) & 0xffffull); 581 case 3: 582 return (x << 24) | ((y >> 32) & 0xffffffull); 583 case 4: 584 return (x << 32) | ((y >> 24) & 0xffffffffull); 585 default: 586 return (x << 40) | ((y >> 16) & 0xffffffffffull); 587 } 588 } 589 590 //===---------------------------------------------------------------------===// 591 592 This (and similar related idioms): 593 594 unsigned int foo(unsigned char i) { 595 return i | (i<<8) | (i<<16) | (i<<24); 596 } 597 598 compiles into: 599 600 define i32 @foo(i8 zeroext %i) nounwind readnone ssp noredzone { 601 entry: 602 %conv = zext i8 %i to i32 603 %shl = shl i32 %conv, 8 604 %shl5 = shl i32 %conv, 16 605 %shl9 = shl i32 %conv, 24 606 %or = or i32 %shl9, %conv 607 %or6 = or i32 %or, %shl5 608 %or10 = or i32 %or6, %shl 609 ret i32 %or10 610 } 611 612 it would be better as: 613 614 unsigned int bar(unsigned char i) { 615 unsigned int j=i | (i << 8); 616 return j | (j<<16); 617 } 618 619 aka: 620 621 define i32 @bar(i8 zeroext %i) nounwind readnone ssp noredzone { 622 entry: 623 %conv = zext i8 %i to i32 624 %shl = shl i32 %conv, 8 625 %or = or i32 %shl, %conv 626 %shl5 = shl i32 %or, 16 627 %or6 = or i32 %shl5, %or 628 ret i32 %or6 629 } 630 631 or even i*0x01010101, depending on the speed of the multiplier. The best way to 632 handle this is to canonicalize it to a multiply in IR and have codegen handle 633 lowering multiplies to shifts on cpus where shifts are faster. 634 635 //===---------------------------------------------------------------------===// 636 637 We do a number of simplifications in simplify libcalls to strength reduce 638 standard library functions, but we don't currently merge them together. For 639 example, it is useful to merge memcpy(a,b,strlen(b)) -> strcpy. This can only 640 be done safely if "b" isn't modified between the strlen and memcpy of course. 641 642 //===---------------------------------------------------------------------===// 643 644 We compile this program: (from GCC PR11680) 645 http://gcc.gnu.org/bugzilla/attachment.cgi?id=4487 646 647 Into code that runs the same speed in fast/slow modes, but both modes run 2x 648 slower than when compile with GCC (either 4.0 or 4.2): 649 650 $ llvm-g++ perf.cpp -O3 -fno-exceptions 651 $ time ./a.out fast 652 1.821u 0.003s 0:01.82 100.0% 0+0k 0+0io 0pf+0w 653 654 $ g++ perf.cpp -O3 -fno-exceptions 655 $ time ./a.out fast 656 0.821u 0.001s 0:00.82 100.0% 0+0k 0+0io 0pf+0w 657 658 It looks like we are making the same inlining decisions, so this may be raw 659 codegen badness or something else (haven't investigated). 660 661 //===---------------------------------------------------------------------===// 662 663 Divisibility by constant can be simplified (according to GCC PR12849) from 664 being a mulhi to being a mul lo (cheaper). Testcase: 665 666 void bar(unsigned n) { 667 if (n % 3 == 0) 668 true(); 669 } 670 671 This is equivalent to the following, where 2863311531 is the multiplicative 672 inverse of 3, and 1431655766 is ((2^32)-1)/3+1: 673 void bar(unsigned n) { 674 if (n * 2863311531U < 1431655766U) 675 true(); 676 } 677 678 The same transformation can work with an even modulo with the addition of a 679 rotate: rotate the result of the multiply to the right by the number of bits 680 which need to be zero for the condition to be true, and shrink the compare RHS 681 by the same amount. Unless the target supports rotates, though, that 682 transformation probably isn't worthwhile. 683 684 The transformation can also easily be made to work with non-zero equality 685 comparisons: just transform, for example, "n % 3 == 1" to "(n-1) % 3 == 0". 686 687 //===---------------------------------------------------------------------===// 688 689 Better mod/ref analysis for scanf would allow us to eliminate the vtable and a 690 bunch of other stuff from this example (see PR1604): 691 692 #include <cstdio> 693 struct test { 694 int val; 695 virtual ~test() {} 696 }; 697 698 int main() { 699 test t; 700 std::scanf("%d", &t.val); 701 std::printf("%d\n", t.val); 702 } 703 704 //===---------------------------------------------------------------------===// 705 706 These functions perform the same computation, but produce different assembly. 707 708 define i8 @select(i8 %x) readnone nounwind { 709 %A = icmp ult i8 %x, 250 710 %B = select i1 %A, i8 0, i8 1 711 ret i8 %B 712 } 713 714 define i8 @addshr(i8 %x) readnone nounwind { 715 %A = zext i8 %x to i9 716 %B = add i9 %A, 6 ;; 256 - 250 == 6 717 %C = lshr i9 %B, 8 718 %D = trunc i9 %C to i8 719 ret i8 %D 720 } 721 722 //===---------------------------------------------------------------------===// 723 724 From gcc bug 24696: 725 int 726 f (unsigned long a, unsigned long b, unsigned long c) 727 { 728 return ((a & (c - 1)) != 0) || ((b & (c - 1)) != 0); 729 } 730 int 731 f (unsigned long a, unsigned long b, unsigned long c) 732 { 733 return ((a & (c - 1)) != 0) | ((b & (c - 1)) != 0); 734 } 735 Both should combine to ((a|b) & (c-1)) != 0. Currently not optimized with 736 "clang -emit-llvm-bc | opt -O3". 737 738 //===---------------------------------------------------------------------===// 739 740 From GCC Bug 20192: 741 #define PMD_MASK (~((1UL << 23) - 1)) 742 void clear_pmd_range(unsigned long start, unsigned long end) 743 { 744 if (!(start & ~PMD_MASK) && !(end & ~PMD_MASK)) 745 f(); 746 } 747 The expression should optimize to something like 748 "!((start|end)&~PMD_MASK). Currently not optimized with "clang 749 -emit-llvm-bc | opt -O3". 750 751 //===---------------------------------------------------------------------===// 752 753 unsigned int f(unsigned int i, unsigned int n) {++i; if (i == n) ++i; return 754 i;} 755 unsigned int f2(unsigned int i, unsigned int n) {++i; i += i == n; return i;} 756 These should combine to the same thing. Currently, the first function 757 produces better code on X86. 758 759 //===---------------------------------------------------------------------===// 760 761 From GCC Bug 15784: 762 #define abs(x) x>0?x:-x 763 int f(int x, int y) 764 { 765 return (abs(x)) >= 0; 766 } 767 This should optimize to x == INT_MIN. (With -fwrapv.) Currently not 768 optimized with "clang -emit-llvm-bc | opt -O3". 769 770 //===---------------------------------------------------------------------===// 771 772 From GCC Bug 14753: 773 void 774 rotate_cst (unsigned int a) 775 { 776 a = (a << 10) | (a >> 22); 777 if (a == 123) 778 bar (); 779 } 780 void 781 minus_cst (unsigned int a) 782 { 783 unsigned int tem; 784 785 tem = 20 - a; 786 if (tem == 5) 787 bar (); 788 } 789 void 790 mask_gt (unsigned int a) 791 { 792 /* This is equivalent to a > 15. */ 793 if ((a & ~7) > 8) 794 bar (); 795 } 796 void 797 rshift_gt (unsigned int a) 798 { 799 /* This is equivalent to a > 23. */ 800 if ((a >> 2) > 5) 801 bar (); 802 } 803 804 All should simplify to a single comparison. All of these are 805 currently not optimized with "clang -emit-llvm-bc | opt 806 -O3". 807 808 //===---------------------------------------------------------------------===// 809 810 From GCC Bug 32605: 811 int c(int* x) {return (char*)x+2 == (char*)x;} 812 Should combine to 0. Currently not optimized with "clang 813 -emit-llvm-bc | opt -O3" (although llc can optimize it). 814 815 //===---------------------------------------------------------------------===// 816 817 int a(unsigned b) {return ((b << 31) | (b << 30)) >> 31;} 818 Should be combined to "((b >> 1) | b) & 1". Currently not optimized 819 with "clang -emit-llvm-bc | opt -O3". 820 821 //===---------------------------------------------------------------------===// 822 823 unsigned a(unsigned x, unsigned y) { return x | (y & 1) | (y & 2);} 824 Should combine to "x | (y & 3)". Currently not optimized with "clang 825 -emit-llvm-bc | opt -O3". 826 827 //===---------------------------------------------------------------------===// 828 829 int a(int a, int b, int c) {return (~a & c) | ((c|a) & b);} 830 Should fold to "(~a & c) | (a & b)". Currently not optimized with 831 "clang -emit-llvm-bc | opt -O3". 832 833 //===---------------------------------------------------------------------===// 834 835 int a(int a,int b) {return (~(a|b))|a;} 836 Should fold to "a|~b". Currently not optimized with "clang 837 -emit-llvm-bc | opt -O3". 838 839 //===---------------------------------------------------------------------===// 840 841 int a(int a, int b) {return (a&&b) || (a&&!b);} 842 Should fold to "a". Currently not optimized with "clang -emit-llvm-bc 843 | opt -O3". 844 845 //===---------------------------------------------------------------------===// 846 847 int a(int a, int b, int c) {return (a&&b) || (!a&&c);} 848 Should fold to "a ? b : c", or at least something sane. Currently not 849 optimized with "clang -emit-llvm-bc | opt -O3". 850 851 //===---------------------------------------------------------------------===// 852 853 int a(int a, int b, int c) {return (a&&b) || (a&&c) || (a&&b&&c);} 854 Should fold to a && (b || c). Currently not optimized with "clang 855 -emit-llvm-bc | opt -O3". 856 857 //===---------------------------------------------------------------------===// 858 859 int a(int x) {return x | ((x & 8) ^ 8);} 860 Should combine to x | 8. Currently not optimized with "clang 861 -emit-llvm-bc | opt -O3". 862 863 //===---------------------------------------------------------------------===// 864 865 int a(int x) {return x ^ ((x & 8) ^ 8);} 866 Should also combine to x | 8. Currently not optimized with "clang 867 -emit-llvm-bc | opt -O3". 868 869 //===---------------------------------------------------------------------===// 870 871 int a(int x) {return ((x | -9) ^ 8) & x;} 872 Should combine to x & -9. Currently not optimized with "clang 873 -emit-llvm-bc | opt -O3". 874 875 //===---------------------------------------------------------------------===// 876 877 unsigned a(unsigned a) {return a * 0x11111111 >> 28 & 1;} 878 Should combine to "a * 0x88888888 >> 31". Currently not optimized 879 with "clang -emit-llvm-bc | opt -O3". 880 881 //===---------------------------------------------------------------------===// 882 883 unsigned a(char* x) {if ((*x & 32) == 0) return b();} 884 There's an unnecessary zext in the generated code with "clang 885 -emit-llvm-bc | opt -O3". 886 887 //===---------------------------------------------------------------------===// 888 889 unsigned a(unsigned long long x) {return 40 * (x >> 1);} 890 Should combine to "20 * (((unsigned)x) & -2)". Currently not 891 optimized with "clang -emit-llvm-bc | opt -O3". 892 893 //===---------------------------------------------------------------------===// 894 895 int g(int x) { return (x - 10) < 0; } 896 Should combine to "x <= 9" (the sub has nsw). Currently not 897 optimized with "clang -emit-llvm-bc | opt -O3". 898 899 //===---------------------------------------------------------------------===// 900 901 int g(int x) { return (x + 10) < 0; } 902 Should combine to "x < -10" (the add has nsw). Currently not 903 optimized with "clang -emit-llvm-bc | opt -O3". 904 905 //===---------------------------------------------------------------------===// 906 907 int f(int i, int j) { return i < j + 1; } 908 int g(int i, int j) { return j > i - 1; } 909 Should combine to "i <= j" (the add/sub has nsw). Currently not 910 optimized with "clang -emit-llvm-bc | opt -O3". 911 912 //===---------------------------------------------------------------------===// 913 914 unsigned f(unsigned x) { return ((x & 7) + 1) & 15; } 915 The & 15 part should be optimized away, it doesn't change the result. Currently 916 not optimized with "clang -emit-llvm-bc | opt -O3". 917 918 //===---------------------------------------------------------------------===// 919 920 This was noticed in the entryblock for grokdeclarator in 403.gcc: 921 922 %tmp = icmp eq i32 %decl_context, 4 923 %decl_context_addr.0 = select i1 %tmp, i32 3, i32 %decl_context 924 %tmp1 = icmp eq i32 %decl_context_addr.0, 1 925 %decl_context_addr.1 = select i1 %tmp1, i32 0, i32 %decl_context_addr.0 926 927 tmp1 should be simplified to something like: 928 (!tmp || decl_context == 1) 929 930 This allows recursive simplifications, tmp1 is used all over the place in 931 the function, e.g. by: 932 933 %tmp23 = icmp eq i32 %decl_context_addr.1, 0 ; <i1> [#uses=1] 934 %tmp24 = xor i1 %tmp1, true ; <i1> [#uses=1] 935 %or.cond8 = and i1 %tmp23, %tmp24 ; <i1> [#uses=1] 936 937 later. 938 939 //===---------------------------------------------------------------------===// 940 941 [STORE SINKING] 942 943 Store sinking: This code: 944 945 void f (int n, int *cond, int *res) { 946 int i; 947 *res = 0; 948 for (i = 0; i < n; i++) 949 if (*cond) 950 *res ^= 234; /* (*) */ 951 } 952 953 On this function GVN hoists the fully redundant value of *res, but nothing 954 moves the store out. This gives us this code: 955 956 bb: ; preds = %bb2, %entry 957 %.rle = phi i32 [ 0, %entry ], [ %.rle6, %bb2 ] 958 %i.05 = phi i32 [ 0, %entry ], [ %indvar.next, %bb2 ] 959 %1 = load i32* %cond, align 4 960 %2 = icmp eq i32 %1, 0 961 br i1 %2, label %bb2, label %bb1 962 963 bb1: ; preds = %bb 964 %3 = xor i32 %.rle, 234 965 store i32 %3, i32* %res, align 4 966 br label %bb2 967 968 bb2: ; preds = %bb, %bb1 969 %.rle6 = phi i32 [ %3, %bb1 ], [ %.rle, %bb ] 970 %indvar.next = add i32 %i.05, 1 971 %exitcond = icmp eq i32 %indvar.next, %n 972 br i1 %exitcond, label %return, label %bb 973 974 DSE should sink partially dead stores to get the store out of the loop. 975 976 Here's another partial dead case: 977 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12395 978 979 //===---------------------------------------------------------------------===// 980 981 Scalar PRE hoists the mul in the common block up to the else: 982 983 int test (int a, int b, int c, int g) { 984 int d, e; 985 if (a) 986 d = b * c; 987 else 988 d = b - c; 989 e = b * c + g; 990 return d + e; 991 } 992 993 It would be better to do the mul once to reduce codesize above the if. 994 This is GCC PR38204. 995 996 997 //===---------------------------------------------------------------------===// 998 This simple function from 179.art: 999 1000 int winner, numf2s; 1001 struct { double y; int reset; } *Y; 1002 1003 void find_match() { 1004 int i; 1005 winner = 0; 1006 for (i=0;i<numf2s;i++) 1007 if (Y[i].y > Y[winner].y) 1008 winner =i; 1009 } 1010 1011 Compiles into (with clang TBAA): 1012 1013 for.body: ; preds = %for.inc, %bb.nph 1014 %indvar = phi i64 [ 0, %bb.nph ], [ %indvar.next, %for.inc ] 1015 %i.01718 = phi i32 [ 0, %bb.nph ], [ %i.01719, %for.inc ] 1016 %tmp4 = getelementptr inbounds %struct.anon* %tmp3, i64 %indvar, i32 0 1017 %tmp5 = load double* %tmp4, align 8, !tbaa !4 1018 %idxprom7 = sext i32 %i.01718 to i64 1019 %tmp10 = getelementptr inbounds %struct.anon* %tmp3, i64 %idxprom7, i32 0 1020 %tmp11 = load double* %tmp10, align 8, !tbaa !4 1021 %cmp12 = fcmp ogt double %tmp5, %tmp11 1022 br i1 %cmp12, label %if.then, label %for.inc 1023 1024 if.then: ; preds = %for.body 1025 %i.017 = trunc i64 %indvar to i32 1026 br label %for.inc 1027 1028 for.inc: ; preds = %for.body, %if.then 1029 %i.01719 = phi i32 [ %i.01718, %for.body ], [ %i.017, %if.then ] 1030 %indvar.next = add i64 %indvar, 1 1031 %exitcond = icmp eq i64 %indvar.next, %tmp22 1032 br i1 %exitcond, label %for.cond.for.end_crit_edge, label %for.body 1033 1034 1035 It is good that we hoisted the reloads of numf2's, and Y out of the loop and 1036 sunk the store to winner out. 1037 1038 However, this is awful on several levels: the conditional truncate in the loop 1039 (-indvars at fault? why can't we completely promote the IV to i64?). 1040 1041 Beyond that, we have a partially redundant load in the loop: if "winner" (aka 1042 %i.01718) isn't updated, we reload Y[winner].y the next time through the loop. 1043 Similarly, the addressing that feeds it (including the sext) is redundant. In 1044 the end we get this generated assembly: 1045 1046 LBB0_2: ## %for.body 1047 ## =>This Inner Loop Header: Depth=1 1048 movsd (%rdi), %xmm0 1049 movslq %edx, %r8 1050 shlq $4, %r8 1051 ucomisd (%rcx,%r8), %xmm0 1052 jbe LBB0_4 1053 movl %esi, %edx 1054 LBB0_4: ## %for.inc 1055 addq $16, %rdi 1056 incq %rsi 1057 cmpq %rsi, %rax 1058 jne LBB0_2 1059 1060 All things considered this isn't too bad, but we shouldn't need the movslq or 1061 the shlq instruction, or the load folded into ucomisd every time through the 1062 loop. 1063 1064 On an x86-specific topic, if the loop can't be restructure, the movl should be a 1065 cmov. 1066 1067 //===---------------------------------------------------------------------===// 1068 1069 [STORE SINKING] 1070 1071 GCC PR37810 is an interesting case where we should sink load/store reload 1072 into the if block and outside the loop, so we don't reload/store it on the 1073 non-call path. 1074 1075 for () { 1076 *P += 1; 1077 if () 1078 call(); 1079 else 1080 ... 1081 -> 1082 tmp = *P 1083 for () { 1084 tmp += 1; 1085 if () { 1086 *P = tmp; 1087 call(); 1088 tmp = *P; 1089 } else ... 1090 } 1091 *P = tmp; 1092 1093 We now hoist the reload after the call (Transforms/GVN/lpre-call-wrap.ll), but 1094 we don't sink the store. We need partially dead store sinking. 1095 1096 //===---------------------------------------------------------------------===// 1097 1098 [LOAD PRE CRIT EDGE SPLITTING] 1099 1100 GCC PR37166: Sinking of loads prevents SROA'ing the "g" struct on the stack 1101 leading to excess stack traffic. This could be handled by GVN with some crazy 1102 symbolic phi translation. The code we get looks like (g is on the stack): 1103 1104 bb2: ; preds = %bb1 1105 .. 1106 %9 = getelementptr %struct.f* %g, i32 0, i32 0 1107 store i32 %8, i32* %9, align bel %bb3 1108 1109 bb3: ; preds = %bb1, %bb2, %bb 1110 %c_addr.0 = phi %struct.f* [ %g, %bb2 ], [ %c, %bb ], [ %c, %bb1 ] 1111 %b_addr.0 = phi %struct.f* [ %b, %bb2 ], [ %g, %bb ], [ %b, %bb1 ] 1112 %10 = getelementptr %struct.f* %c_addr.0, i32 0, i32 0 1113 %11 = load i32* %10, align 4 1114 1115 %11 is partially redundant, an in BB2 it should have the value %8. 1116 1117 GCC PR33344 and PR35287 are similar cases. 1118 1119 1120 //===---------------------------------------------------------------------===// 1121 1122 [LOAD PRE] 1123 1124 There are many load PRE testcases in testsuite/gcc.dg/tree-ssa/loadpre* in the 1125 GCC testsuite, ones we don't get yet are (checked through loadpre25): 1126 1127 [CRIT EDGE BREAKING] 1128 predcom-4.c 1129 1130 [PRE OF READONLY CALL] 1131 loadpre5.c 1132 1133 [TURN SELECT INTO BRANCH] 1134 loadpre14.c loadpre15.c 1135 1136 actually a conditional increment: loadpre18.c loadpre19.c 1137 1138 //===---------------------------------------------------------------------===// 1139 1140 [LOAD PRE / STORE SINKING / SPEC HACK] 1141 1142 This is a chunk of code from 456.hmmer: 1143 1144 int f(int M, int *mc, int *mpp, int *tpmm, int *ip, int *tpim, int *dpp, 1145 int *tpdm, int xmb, int *bp, int *ms) { 1146 int k, sc; 1147 for (k = 1; k <= M; k++) { 1148 mc[k] = mpp[k-1] + tpmm[k-1]; 1149 if ((sc = ip[k-1] + tpim[k-1]) > mc[k]) mc[k] = sc; 1150 if ((sc = dpp[k-1] + tpdm[k-1]) > mc[k]) mc[k] = sc; 1151 if ((sc = xmb + bp[k]) > mc[k]) mc[k] = sc; 1152 mc[k] += ms[k]; 1153 } 1154 } 1155 1156 It is very profitable for this benchmark to turn the conditional stores to mc[k] 1157 into a conditional move (select instr in IR) and allow the final store to do the 1158 store. See GCC PR27313 for more details. Note that this is valid to xform even 1159 with the new C++ memory model, since mc[k] is previously loaded and later 1160 stored. 1161 1162 //===---------------------------------------------------------------------===// 1163 1164 [SCALAR PRE] 1165 There are many PRE testcases in testsuite/gcc.dg/tree-ssa/ssa-pre-*.c in the 1166 GCC testsuite. 1167 1168 //===---------------------------------------------------------------------===// 1169 1170 There are some interesting cases in testsuite/gcc.dg/tree-ssa/pred-comm* in the 1171 GCC testsuite. For example, we get the first example in predcom-1.c, but 1172 miss the second one: 1173 1174 unsigned fib[1000]; 1175 unsigned avg[1000]; 1176 1177 __attribute__ ((noinline)) 1178 void count_averages(int n) { 1179 int i; 1180 for (i = 1; i < n; i++) 1181 avg[i] = (((unsigned long) fib[i - 1] + fib[i] + fib[i + 1]) / 3) & 0xffff; 1182 } 1183 1184 which compiles into two loads instead of one in the loop. 1185 1186 predcom-2.c is the same as predcom-1.c 1187 1188 predcom-3.c is very similar but needs loads feeding each other instead of 1189 store->load. 1190 1191 1192 //===---------------------------------------------------------------------===// 1193 1194 [ALIAS ANALYSIS] 1195 1196 Type based alias analysis: 1197 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14705 1198 1199 We should do better analysis of posix_memalign. At the least it should 1200 no-capture its pointer argument, at best, we should know that the out-value 1201 result doesn't point to anything (like malloc). One example of this is in 1202 SingleSource/Benchmarks/Misc/dt.c 1203 1204 //===---------------------------------------------------------------------===// 1205 1206 Interesting missed case because of control flow flattening (should be 2 loads): 1207 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26629 1208 With: llvm-gcc t2.c -S -o - -O0 -emit-llvm | llvm-as | 1209 opt -mem2reg -gvn -instcombine | llvm-dis 1210 we miss it because we need 1) CRIT EDGE 2) MULTIPLE DIFFERENT 1211 VALS PRODUCED BY ONE BLOCK OVER DIFFERENT PATHS 1212 1213 //===---------------------------------------------------------------------===// 1214 1215 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=19633 1216 We could eliminate the branch condition here, loading from null is undefined: 1217 1218 struct S { int w, x, y, z; }; 1219 struct T { int r; struct S s; }; 1220 void bar (struct S, int); 1221 void foo (int a, struct T b) 1222 { 1223 struct S *c = 0; 1224 if (a) 1225 c = &b.s; 1226 bar (*c, a); 1227 } 1228 1229 //===---------------------------------------------------------------------===// 1230 1231 simplifylibcalls should do several optimizations for strspn/strcspn: 1232 1233 strcspn(x, "a") -> inlined loop for up to 3 letters (similarly for strspn): 1234 1235 size_t __strcspn_c3 (__const char *__s, int __reject1, int __reject2, 1236 int __reject3) { 1237 register size_t __result = 0; 1238 while (__s[__result] != '\0' && __s[__result] != __reject1 && 1239 __s[__result] != __reject2 && __s[__result] != __reject3) 1240 ++__result; 1241 return __result; 1242 } 1243 1244 This should turn into a switch on the character. See PR3253 for some notes on 1245 codegen. 1246 1247 456.hmmer apparently uses strcspn and strspn a lot. 471.omnetpp uses strspn. 1248 1249 //===---------------------------------------------------------------------===// 1250 1251 simplifylibcalls should turn these snprintf idioms into memcpy (GCC PR47917) 1252 1253 char buf1[6], buf2[6], buf3[4], buf4[4]; 1254 int i; 1255 1256 int foo (void) { 1257 int ret = snprintf (buf1, sizeof buf1, "abcde"); 1258 ret += snprintf (buf2, sizeof buf2, "abcdef") * 16; 1259 ret += snprintf (buf3, sizeof buf3, "%s", i++ < 6 ? "abc" : "def") * 256; 1260 ret += snprintf (buf4, sizeof buf4, "%s", i++ > 10 ? "abcde" : "defgh")*4096; 1261 return ret; 1262 } 1263 1264 //===---------------------------------------------------------------------===// 1265 1266 "gas" uses this idiom: 1267 else if (strchr ("+-/*%|&^:[]()~", *intel_parser.op_string)) 1268 .. 1269 else if (strchr ("<>", *intel_parser.op_string) 1270 1271 Those should be turned into a switch. SimplifyLibCalls only gets the second 1272 case. 1273 1274 //===---------------------------------------------------------------------===// 1275 1276 252.eon contains this interesting code: 1277 1278 %3072 = getelementptr [100 x i8]* %tempString, i32 0, i32 0 1279 %3073 = call i8* @strcpy(i8* %3072, i8* %3071) nounwind 1280 %strlen = call i32 @strlen(i8* %3072) ; uses = 1 1281 %endptr = getelementptr [100 x i8]* %tempString, i32 0, i32 %strlen 1282 call void @llvm.memcpy.i32(i8* %endptr, 1283 i8* getelementptr ([5 x i8]* @"\01LC42", i32 0, i32 0), i32 5, i32 1) 1284 %3074 = call i32 @strlen(i8* %endptr) nounwind readonly 1285 1286 This is interesting for a couple reasons. First, in this: 1287 1288 The memcpy+strlen strlen can be replaced with: 1289 1290 %3074 = call i32 @strlen([5 x i8]* @"\01LC42") nounwind readonly 1291 1292 Because the destination was just copied into the specified memory buffer. This, 1293 in turn, can be constant folded to "4". 1294 1295 In other code, it contains: 1296 1297 %endptr6978 = bitcast i8* %endptr69 to i32* 1298 store i32 7107374, i32* %endptr6978, align 1 1299 %3167 = call i32 @strlen(i8* %endptr69) nounwind readonly 1300 1301 Which could also be constant folded. Whatever is producing this should probably 1302 be fixed to leave this as a memcpy from a string. 1303 1304 Further, eon also has an interesting partially redundant strlen call: 1305 1306 bb8: ; preds = %_ZN18eonImageCalculatorC1Ev.exit 1307 %682 = getelementptr i8** %argv, i32 6 ; <i8**> [#uses=2] 1308 %683 = load i8** %682, align 4 ; <i8*> [#uses=4] 1309 %684 = load i8* %683, align 1 ; <i8> [#uses=1] 1310 %685 = icmp eq i8 %684, 0 ; <i1> [#uses=1] 1311 br i1 %685, label %bb10, label %bb9 1312 1313 bb9: ; preds = %bb8 1314 %686 = call i32 @strlen(i8* %683) nounwind readonly 1315 %687 = icmp ugt i32 %686, 254 ; <i1> [#uses=1] 1316 br i1 %687, label %bb10, label %bb11 1317 1318 bb10: ; preds = %bb9, %bb8 1319 %688 = call i32 @strlen(i8* %683) nounwind readonly 1320 1321 This could be eliminated by doing the strlen once in bb8, saving code size and 1322 improving perf on the bb8->9->10 path. 1323 1324 //===---------------------------------------------------------------------===// 1325 1326 I see an interesting fully redundant call to strlen left in 186.crafty:InputMove 1327 which looks like: 1328 %movetext11 = getelementptr [128 x i8]* %movetext, i32 0, i32 0 1329 1330 1331 bb62: ; preds = %bb55, %bb53 1332 %promote.0 = phi i32 [ %169, %bb55 ], [ 0, %bb53 ] 1333 %171 = call i32 @strlen(i8* %movetext11) nounwind readonly align 1 1334 %172 = add i32 %171, -1 ; <i32> [#uses=1] 1335 %173 = getelementptr [128 x i8]* %movetext, i32 0, i32 %172 1336 1337 ... no stores ... 1338 br i1 %or.cond, label %bb65, label %bb72 1339 1340 bb65: ; preds = %bb62 1341 store i8 0, i8* %173, align 1 1342 br label %bb72 1343 1344 bb72: ; preds = %bb65, %bb62 1345 %trank.1 = phi i32 [ %176, %bb65 ], [ -1, %bb62 ] 1346 %177 = call i32 @strlen(i8* %movetext11) nounwind readonly align 1 1347 1348 Note that on the bb62->bb72 path, that the %177 strlen call is partially 1349 redundant with the %171 call. At worst, we could shove the %177 strlen call 1350 up into the bb65 block moving it out of the bb62->bb72 path. However, note 1351 that bb65 stores to the string, zeroing out the last byte. This means that on 1352 that path the value of %177 is actually just %171-1. A sub is cheaper than a 1353 strlen! 1354 1355 This pattern repeats several times, basically doing: 1356 1357 A = strlen(P); 1358 P[A-1] = 0; 1359 B = strlen(P); 1360 where it is "obvious" that B = A-1. 1361 1362 //===---------------------------------------------------------------------===// 1363 1364 186.crafty has this interesting pattern with the "out.4543" variable: 1365 1366 call void @llvm.memcpy.i32( 1367 i8* getelementptr ([10 x i8]* @out.4543, i32 0, i32 0), 1368 i8* getelementptr ([7 x i8]* @"\01LC28700", i32 0, i32 0), i32 7, i32 1) 1369 %101 = call@printf(i8* ... @out.4543, i32 0, i32 0)) nounwind 1370 1371 It is basically doing: 1372 1373 memcpy(globalarray, "string"); 1374 printf(..., globalarray); 1375 1376 Anyway, by knowing that printf just reads the memory and forward substituting 1377 the string directly into the printf, this eliminates reads from globalarray. 1378 Since this pattern occurs frequently in crafty (due to the "DisplayTime" and 1379 other similar functions) there are many stores to "out". Once all the printfs 1380 stop using "out", all that is left is the memcpy's into it. This should allow 1381 globalopt to remove the "stored only" global. 1382 1383 //===---------------------------------------------------------------------===// 1384 1385 This code: 1386 1387 define inreg i32 @foo(i8* inreg %p) nounwind { 1388 %tmp0 = load i8* %p 1389 %tmp1 = ashr i8 %tmp0, 5 1390 %tmp2 = sext i8 %tmp1 to i32 1391 ret i32 %tmp2 1392 } 1393 1394 could be dagcombine'd to a sign-extending load with a shift. 1395 For example, on x86 this currently gets this: 1396 1397 movb (%eax), %al 1398 sarb $5, %al 1399 movsbl %al, %eax 1400 1401 while it could get this: 1402 1403 movsbl (%eax), %eax 1404 sarl $5, %eax 1405 1406 //===---------------------------------------------------------------------===// 1407 1408 GCC PR31029: 1409 1410 int test(int x) { return 1-x == x; } // --> return false 1411 int test2(int x) { return 2-x == x; } // --> return x == 1 ? 1412 1413 Always foldable for odd constants, what is the rule for even? 1414 1415 //===---------------------------------------------------------------------===// 1416 1417 PR 3381: GEP to field of size 0 inside a struct could be turned into GEP 1418 for next field in struct (which is at same address). 1419 1420 For example: store of float into { {{}}, float } could be turned into a store to 1421 the float directly. 1422 1423 //===---------------------------------------------------------------------===// 1424 1425 The arg promotion pass should make use of nocapture to make its alias analysis 1426 stuff much more precise. 1427 1428 //===---------------------------------------------------------------------===// 1429 1430 The following functions should be optimized to use a select instead of a 1431 branch (from gcc PR40072): 1432 1433 char char_int(int m) {if(m>7) return 0; return m;} 1434 int int_char(char m) {if(m>7) return 0; return m;} 1435 1436 //===---------------------------------------------------------------------===// 1437 1438 int func(int a, int b) { if (a & 0x80) b |= 0x80; else b &= ~0x80; return b; } 1439 1440 Generates this: 1441 1442 define i32 @func(i32 %a, i32 %b) nounwind readnone ssp { 1443 entry: 1444 %0 = and i32 %a, 128 ; <i32> [#uses=1] 1445 %1 = icmp eq i32 %0, 0 ; <i1> [#uses=1] 1446 %2 = or i32 %b, 128 ; <i32> [#uses=1] 1447 %3 = and i32 %b, -129 ; <i32> [#uses=1] 1448 %b_addr.0 = select i1 %1, i32 %3, i32 %2 ; <i32> [#uses=1] 1449 ret i32 %b_addr.0 1450 } 1451 1452 However, it's functionally equivalent to: 1453 1454 b = (b & ~0x80) | (a & 0x80); 1455 1456 Which generates this: 1457 1458 define i32 @func(i32 %a, i32 %b) nounwind readnone ssp { 1459 entry: 1460 %0 = and i32 %b, -129 ; <i32> [#uses=1] 1461 %1 = and i32 %a, 128 ; <i32> [#uses=1] 1462 %2 = or i32 %0, %1 ; <i32> [#uses=1] 1463 ret i32 %2 1464 } 1465 1466 This can be generalized for other forms: 1467 1468 b = (b & ~0x80) | (a & 0x40) << 1; 1469 1470 //===---------------------------------------------------------------------===// 1471 1472 These two functions produce different code. They shouldn't: 1473 1474 #include <stdint.h> 1475 1476 uint8_t p1(uint8_t b, uint8_t a) { 1477 b = (b & ~0xc0) | (a & 0xc0); 1478 return (b); 1479 } 1480 1481 uint8_t p2(uint8_t b, uint8_t a) { 1482 b = (b & ~0x40) | (a & 0x40); 1483 b = (b & ~0x80) | (a & 0x80); 1484 return (b); 1485 } 1486 1487 define zeroext i8 @p1(i8 zeroext %b, i8 zeroext %a) nounwind readnone ssp { 1488 entry: 1489 %0 = and i8 %b, 63 ; <i8> [#uses=1] 1490 %1 = and i8 %a, -64 ; <i8> [#uses=1] 1491 %2 = or i8 %1, %0 ; <i8> [#uses=1] 1492 ret i8 %2 1493 } 1494 1495 define zeroext i8 @p2(i8 zeroext %b, i8 zeroext %a) nounwind readnone ssp { 1496 entry: 1497 %0 = and i8 %b, 63 ; <i8> [#uses=1] 1498 %.masked = and i8 %a, 64 ; <i8> [#uses=1] 1499 %1 = and i8 %a, -128 ; <i8> [#uses=1] 1500 %2 = or i8 %1, %0 ; <i8> [#uses=1] 1501 %3 = or i8 %2, %.masked ; <i8> [#uses=1] 1502 ret i8 %3 1503 } 1504 1505 //===---------------------------------------------------------------------===// 1506 1507 IPSCCP does not currently propagate argument dependent constants through 1508 functions where it does not not all of the callers. This includes functions 1509 with normal external linkage as well as templates, C99 inline functions etc. 1510 Specifically, it does nothing to: 1511 1512 define i32 @test(i32 %x, i32 %y, i32 %z) nounwind { 1513 entry: 1514 %0 = add nsw i32 %y, %z 1515 %1 = mul i32 %0, %x 1516 %2 = mul i32 %y, %z 1517 %3 = add nsw i32 %1, %2 1518 ret i32 %3 1519 } 1520 1521 define i32 @test2() nounwind { 1522 entry: 1523 %0 = call i32 @test(i32 1, i32 2, i32 4) nounwind 1524 ret i32 %0 1525 } 1526 1527 It would be interesting extend IPSCCP to be able to handle simple cases like 1528 this, where all of the arguments to a call are constant. Because IPSCCP runs 1529 before inlining, trivial templates and inline functions are not yet inlined. 1530 The results for a function + set of constant arguments should be memoized in a 1531 map. 1532 1533 //===---------------------------------------------------------------------===// 1534 1535 The libcall constant folding stuff should be moved out of SimplifyLibcalls into 1536 libanalysis' constantfolding logic. This would allow IPSCCP to be able to 1537 handle simple things like this: 1538 1539 static int foo(const char *X) { return strlen(X); } 1540 int bar() { return foo("abcd"); } 1541 1542 //===---------------------------------------------------------------------===// 1543 1544 functionattrs doesn't know much about memcpy/memset. This function should be 1545 marked readnone rather than readonly, since it only twiddles local memory, but 1546 functionattrs doesn't handle memset/memcpy/memmove aggressively: 1547 1548 struct X { int *p; int *q; }; 1549 int foo() { 1550 int i = 0, j = 1; 1551 struct X x, y; 1552 int **p; 1553 y.p = &i; 1554 x.q = &j; 1555 p = __builtin_memcpy (&x, &y, sizeof (int *)); 1556 return **p; 1557 } 1558 1559 This can be seen at: 1560 $ clang t.c -S -o - -mkernel -O0 -emit-llvm | opt -functionattrs -S 1561 1562 1563 //===---------------------------------------------------------------------===// 1564 1565 Missed instcombine transformation: 1566 define i1 @a(i32 %x) nounwind readnone { 1567 entry: 1568 %cmp = icmp eq i32 %x, 30 1569 %sub = add i32 %x, -30 1570 %cmp2 = icmp ugt i32 %sub, 9 1571 %or = or i1 %cmp, %cmp2 1572 ret i1 %or 1573 } 1574 This should be optimized to a single compare. Testcase derived from gcc. 1575 1576 //===---------------------------------------------------------------------===// 1577 1578 Missed instcombine or reassociate transformation: 1579 int a(int a, int b) { return (a==12)&(b>47)&(b<58); } 1580 1581 The sgt and slt should be combined into a single comparison. Testcase derived 1582 from gcc. 1583 1584 //===---------------------------------------------------------------------===// 1585 1586 Missed instcombine transformation: 1587 1588 %382 = srem i32 %tmp14.i, 64 ; [#uses=1] 1589 %383 = zext i32 %382 to i64 ; [#uses=1] 1590 %384 = shl i64 %381, %383 ; [#uses=1] 1591 %385 = icmp slt i32 %tmp14.i, 64 ; [#uses=1] 1592 1593 The srem can be transformed to an and because if %tmp14.i is negative, the 1594 shift is undefined. Testcase derived from 403.gcc. 1595 1596 //===---------------------------------------------------------------------===// 1597 1598 This is a range comparison on a divided result (from 403.gcc): 1599 1600 %1337 = sdiv i32 %1336, 8 ; [#uses=1] 1601 %.off.i208 = add i32 %1336, 7 ; [#uses=1] 1602 %1338 = icmp ult i32 %.off.i208, 15 ; [#uses=1] 1603 1604 We already catch this (removing the sdiv) if there isn't an add, we should 1605 handle the 'add' as well. This is a common idiom with it's builtin_alloca code. 1606 C testcase: 1607 1608 int a(int x) { return (unsigned)(x/16+7) < 15; } 1609 1610 Another similar case involves truncations on 64-bit targets: 1611 1612 %361 = sdiv i64 %.046, 8 ; [#uses=1] 1613 %362 = trunc i64 %361 to i32 ; [#uses=2] 1614 ... 1615 %367 = icmp eq i32 %362, 0 ; [#uses=1] 1616 1617 //===---------------------------------------------------------------------===// 1618 1619 Missed instcombine/dagcombine transformation: 1620 define void @lshift_lt(i8 zeroext %a) nounwind { 1621 entry: 1622 %conv = zext i8 %a to i32 1623 %shl = shl i32 %conv, 3 1624 %cmp = icmp ult i32 %shl, 33 1625 br i1 %cmp, label %if.then, label %if.end 1626 1627 if.then: 1628 tail call void @bar() nounwind 1629 ret void 1630 1631 if.end: 1632 ret void 1633 } 1634 declare void @bar() nounwind 1635 1636 The shift should be eliminated. Testcase derived from gcc. 1637 1638 //===---------------------------------------------------------------------===// 1639 1640 These compile into different code, one gets recognized as a switch and the 1641 other doesn't due to phase ordering issues (PR6212): 1642 1643 int test1(int mainType, int subType) { 1644 if (mainType == 7) 1645 subType = 4; 1646 else if (mainType == 9) 1647 subType = 6; 1648 else if (mainType == 11) 1649 subType = 9; 1650 return subType; 1651 } 1652 1653 int test2(int mainType, int subType) { 1654 if (mainType == 7) 1655 subType = 4; 1656 if (mainType == 9) 1657 subType = 6; 1658 if (mainType == 11) 1659 subType = 9; 1660 return subType; 1661 } 1662 1663 //===---------------------------------------------------------------------===// 1664 1665 The following test case (from PR6576): 1666 1667 define i32 @mul(i32 %a, i32 %b) nounwind readnone { 1668 entry: 1669 %cond1 = icmp eq i32 %b, 0 ; <i1> [#uses=1] 1670 br i1 %cond1, label %exit, label %bb.nph 1671 bb.nph: ; preds = %entry 1672 %tmp = mul i32 %b, %a ; <i32> [#uses=1] 1673 ret i32 %tmp 1674 exit: ; preds = %entry 1675 ret i32 0 1676 } 1677 1678 could be reduced to: 1679 1680 define i32 @mul(i32 %a, i32 %b) nounwind readnone { 1681 entry: 1682 %tmp = mul i32 %b, %a 1683 ret i32 %tmp 1684 } 1685 1686 //===---------------------------------------------------------------------===// 1687 1688 We should use DSE + llvm.lifetime.end to delete dead vtable pointer updates. 1689 See GCC PR34949 1690 1691 Another interesting case is that something related could be used for variables 1692 that go const after their ctor has finished. In these cases, globalopt (which 1693 can statically run the constructor) could mark the global const (so it gets put 1694 in the readonly section). A testcase would be: 1695 1696 #include <complex> 1697 using namespace std; 1698 const complex<char> should_be_in_rodata (42,-42); 1699 complex<char> should_be_in_data (42,-42); 1700 complex<char> should_be_in_bss; 1701 1702 Where we currently evaluate the ctors but the globals don't become const because 1703 the optimizer doesn't know they "become const" after the ctor is done. See 1704 GCC PR4131 for more examples. 1705 1706 //===---------------------------------------------------------------------===// 1707 1708 In this code: 1709 1710 long foo(long x) { 1711 return x > 1 ? x : 1; 1712 } 1713 1714 LLVM emits a comparison with 1 instead of 0. 0 would be equivalent 1715 and cheaper on most targets. 1716 1717 LLVM prefers comparisons with zero over non-zero in general, but in this 1718 case it choses instead to keep the max operation obvious. 1719 1720 //===---------------------------------------------------------------------===// 1721 1722 define void @a(i32 %x) nounwind { 1723 entry: 1724 switch i32 %x, label %if.end [ 1725 i32 0, label %if.then 1726 i32 1, label %if.then 1727 i32 2, label %if.then 1728 i32 3, label %if.then 1729 i32 5, label %if.then 1730 ] 1731 if.then: 1732 tail call void @foo() nounwind 1733 ret void 1734 if.end: 1735 ret void 1736 } 1737 declare void @foo() 1738 1739 Generated code on x86-64 (other platforms give similar results): 1740 a: 1741 cmpl $5, %edi 1742 ja LBB2_2 1743 cmpl $4, %edi 1744 jne LBB2_3 1745 .LBB0_2: 1746 ret 1747 .LBB0_3: 1748 jmp foo # TAILCALL 1749 1750 If we wanted to be really clever, we could simplify the whole thing to 1751 something like the following, which eliminates a branch: 1752 xorl $1, %edi 1753 cmpl $4, %edi 1754 ja .LBB0_2 1755 ret 1756 .LBB0_2: 1757 jmp foo # TAILCALL 1758 1759 //===---------------------------------------------------------------------===// 1760 1761 We compile this: 1762 1763 int foo(int a) { return (a & (~15)) / 16; } 1764 1765 Into: 1766 1767 define i32 @foo(i32 %a) nounwind readnone ssp { 1768 entry: 1769 %and = and i32 %a, -16 1770 %div = sdiv i32 %and, 16 1771 ret i32 %div 1772 } 1773 1774 but this code (X & -A)/A is X >> log2(A) when A is a power of 2, so this case 1775 should be instcombined into just "a >> 4". 1776 1777 We do get this at the codegen level, so something knows about it, but 1778 instcombine should catch it earlier: 1779 1780 _foo: ## @foo 1781 ## BB#0: ## %entry 1782 movl %edi, %eax 1783 sarl $4, %eax 1784 ret 1785 1786 //===---------------------------------------------------------------------===// 1787 1788 This code (from GCC PR28685): 1789 1790 int test(int a, int b) { 1791 int lt = a < b; 1792 int eq = a == b; 1793 if (lt) 1794 return 1; 1795 return eq; 1796 } 1797 1798 Is compiled to: 1799 1800 define i32 @test(i32 %a, i32 %b) nounwind readnone ssp { 1801 entry: 1802 %cmp = icmp slt i32 %a, %b 1803 br i1 %cmp, label %return, label %if.end 1804 1805 if.end: ; preds = %entry 1806 %cmp5 = icmp eq i32 %a, %b 1807 %conv6 = zext i1 %cmp5 to i32 1808 ret i32 %conv6 1809 1810 return: ; preds = %entry 1811 ret i32 1 1812 } 1813 1814 it could be: 1815 1816 define i32 @test__(i32 %a, i32 %b) nounwind readnone ssp { 1817 entry: 1818 %0 = icmp sle i32 %a, %b 1819 %retval = zext i1 %0 to i32 1820 ret i32 %retval 1821 } 1822 1823 //===---------------------------------------------------------------------===// 1824 1825 This code can be seen in viterbi: 1826 1827 %64 = call noalias i8* @malloc(i64 %62) nounwind 1828 ... 1829 %67 = call i64 @llvm.objectsize.i64(i8* %64, i1 false) nounwind 1830 %68 = call i8* @__memset_chk(i8* %64, i32 0, i64 %62, i64 %67) nounwind 1831 1832 llvm.objectsize.i64 should be taught about malloc/calloc, allowing it to 1833 fold to %62. This is a security win (overflows of malloc will get caught) 1834 and also a performance win by exposing more memsets to the optimizer. 1835 1836 This occurs several times in viterbi. 1837 1838 Note that this would change the semantics of @llvm.objectsize which by its 1839 current definition always folds to a constant. We also should make sure that 1840 we remove checking in code like 1841 1842 char *p = malloc(strlen(s)+1); 1843 __strcpy_chk(p, s, __builtin_objectsize(p, 0)); 1844 1845 //===---------------------------------------------------------------------===// 1846 1847 clang -O3 currently compiles this code 1848 1849 int g(unsigned int a) { 1850 unsigned int c[100]; 1851 c[10] = a; 1852 c[11] = a; 1853 unsigned int b = c[10] + c[11]; 1854 if(b > a*2) a = 4; 1855 else a = 8; 1856 return a + 7; 1857 } 1858 1859 into 1860 1861 define i32 @g(i32 a) nounwind readnone { 1862 %add = shl i32 %a, 1 1863 %mul = shl i32 %a, 1 1864 %cmp = icmp ugt i32 %add, %mul 1865 %a.addr.0 = select i1 %cmp, i32 11, i32 15 1866 ret i32 %a.addr.0 1867 } 1868 1869 The icmp should fold to false. This CSE opportunity is only available 1870 after GVN and InstCombine have run. 1871 1872 //===---------------------------------------------------------------------===// 1873 1874 memcpyopt should turn this: 1875 1876 define i8* @test10(i32 %x) { 1877 %alloc = call noalias i8* @malloc(i32 %x) nounwind 1878 call void @llvm.memset.p0i8.i32(i8* %alloc, i8 0, i32 %x, i32 1, i1 false) 1879 ret i8* %alloc 1880 } 1881 1882 into a call to calloc. We should make sure that we analyze calloc as 1883 aggressively as malloc though. 1884 1885 //===---------------------------------------------------------------------===// 1886 1887 clang -O3 doesn't optimize this: 1888 1889 void f1(int* begin, int* end) { 1890 std::fill(begin, end, 0); 1891 } 1892 1893 into a memset. This is PR8942. 1894 1895 //===---------------------------------------------------------------------===// 1896 1897 clang -O3 -fno-exceptions currently compiles this code: 1898 1899 void f(int N) { 1900 std::vector<int> v(N); 1901 1902 extern void sink(void*); sink(&v); 1903 } 1904 1905 into 1906 1907 define void @_Z1fi(i32 %N) nounwind { 1908 entry: 1909 %v2 = alloca [3 x i32*], align 8 1910 %v2.sub = getelementptr inbounds [3 x i32*]* %v2, i64 0, i64 0 1911 %tmpcast = bitcast [3 x i32*]* %v2 to %"class.std::vector"* 1912 %conv = sext i32 %N to i64 1913 store i32* null, i32** %v2.sub, align 8, !tbaa !0 1914 %tmp3.i.i.i.i.i = getelementptr inbounds [3 x i32*]* %v2, i64 0, i64 1 1915 store i32* null, i32** %tmp3.i.i.i.i.i, align 8, !tbaa !0 1916 %tmp4.i.i.i.i.i = getelementptr inbounds [3 x i32*]* %v2, i64 0, i64 2 1917 store i32* null, i32** %tmp4.i.i.i.i.i, align 8, !tbaa !0 1918 %cmp.i.i.i.i = icmp eq i32 %N, 0 1919 br i1 %cmp.i.i.i.i, label %_ZNSt12_Vector_baseIiSaIiEEC2EmRKS0_.exit.thread.i.i, label %cond.true.i.i.i.i 1920 1921 _ZNSt12_Vector_baseIiSaIiEEC2EmRKS0_.exit.thread.i.i: ; preds = %entry 1922 store i32* null, i32** %v2.sub, align 8, !tbaa !0 1923 store i32* null, i32** %tmp3.i.i.i.i.i, align 8, !tbaa !0 1924 %add.ptr.i5.i.i = getelementptr inbounds i32* null, i64 %conv 1925 store i32* %add.ptr.i5.i.i, i32** %tmp4.i.i.i.i.i, align 8, !tbaa !0 1926 br label %_ZNSt6vectorIiSaIiEEC1EmRKiRKS0_.exit 1927 1928 cond.true.i.i.i.i: ; preds = %entry 1929 %cmp.i.i.i.i.i = icmp slt i32 %N, 0 1930 br i1 %cmp.i.i.i.i.i, label %if.then.i.i.i.i.i, label %_ZNSt12_Vector_baseIiSaIiEEC2EmRKS0_.exit.i.i 1931 1932 if.then.i.i.i.i.i: ; preds = %cond.true.i.i.i.i 1933 call void @_ZSt17__throw_bad_allocv() noreturn nounwind 1934 unreachable 1935 1936 _ZNSt12_Vector_baseIiSaIiEEC2EmRKS0_.exit.i.i: ; preds = %cond.true.i.i.i.i 1937 %mul.i.i.i.i.i = shl i64 %conv, 2 1938 %call3.i.i.i.i.i = call noalias i8* @_Znwm(i64 %mul.i.i.i.i.i) nounwind 1939 %0 = bitcast i8* %call3.i.i.i.i.i to i32* 1940 store i32* %0, i32** %v2.sub, align 8, !tbaa !0 1941 store i32* %0, i32** %tmp3.i.i.i.i.i, align 8, !tbaa !0 1942 %add.ptr.i.i.i = getelementptr inbounds i32* %0, i64 %conv 1943 store i32* %add.ptr.i.i.i, i32** %tmp4.i.i.i.i.i, align 8, !tbaa !0 1944 call void @llvm.memset.p0i8.i64(i8* %call3.i.i.i.i.i, i8 0, i64 %mul.i.i.i.i.i, i32 4, i1 false) 1945 br label %_ZNSt6vectorIiSaIiEEC1EmRKiRKS0_.exit 1946 1947 This is just the handling the construction of the vector. Most surprising here 1948 is the fact that all three null stores in %entry are dead (because we do no 1949 cross-block DSE). 1950 1951 Also surprising is that %conv isn't simplified to 0 in %....exit.thread.i.i. 1952 This is a because the client of LazyValueInfo doesn't simplify all instruction 1953 operands, just selected ones. 1954 1955 //===---------------------------------------------------------------------===// 1956 1957 clang -O3 -fno-exceptions currently compiles this code: 1958 1959 void f(char* a, int n) { 1960 __builtin_memset(a, 0, n); 1961 for (int i = 0; i < n; ++i) 1962 a[i] = 0; 1963 } 1964 1965 into: 1966 1967 define void @_Z1fPci(i8* nocapture %a, i32 %n) nounwind { 1968 entry: 1969 %conv = sext i32 %n to i64 1970 tail call void @llvm.memset.p0i8.i64(i8* %a, i8 0, i64 %conv, i32 1, i1 false) 1971 %cmp8 = icmp sgt i32 %n, 0 1972 br i1 %cmp8, label %for.body.lr.ph, label %for.end 1973 1974 for.body.lr.ph: ; preds = %entry 1975 %tmp10 = add i32 %n, -1 1976 %tmp11 = zext i32 %tmp10 to i64 1977 %tmp12 = add i64 %tmp11, 1 1978 call void @llvm.memset.p0i8.i64(i8* %a, i8 0, i64 %tmp12, i32 1, i1 false) 1979 ret void 1980 1981 for.end: ; preds = %entry 1982 ret void 1983 } 1984 1985 This shouldn't need the ((zext (%n - 1)) + 1) game, and it should ideally fold 1986 the two memset's together. 1987 1988 The issue with the addition only occurs in 64-bit mode, and appears to be at 1989 least partially caused by Scalar Evolution not keeping its cache updated: it 1990 returns the "wrong" result immediately after indvars runs, but figures out the 1991 expected result if it is run from scratch on IR resulting from running indvars. 1992 1993 //===---------------------------------------------------------------------===// 1994 1995 clang -O3 -fno-exceptions currently compiles this code: 1996 1997 struct S { 1998 unsigned short m1, m2; 1999 unsigned char m3, m4; 2000 }; 2001 2002 void f(int N) { 2003 std::vector<S> v(N); 2004 extern void sink(void*); sink(&v); 2005 } 2006 2007 into poor code for zero-initializing 'v' when N is >0. The problem is that 2008 S is only 6 bytes, but each element is 8 byte-aligned. We generate a loop and 2009 4 stores on each iteration. If the struct were 8 bytes, this gets turned into 2010 a memset. 2011 2012 In order to handle this we have to: 2013 A) Teach clang to generate metadata for memsets of structs that have holes in 2014 them. 2015 B) Teach clang to use such a memset for zero init of this struct (since it has 2016 a hole), instead of doing elementwise zeroing. 2017 2018 //===---------------------------------------------------------------------===// 2019 2020 clang -O3 currently compiles this code: 2021 2022 extern const int magic; 2023 double f() { return 0.0 * magic; } 2024 2025 into 2026 2027 @magic = external constant i32 2028 2029 define double @_Z1fv() nounwind readnone { 2030 entry: 2031 %tmp = load i32* @magic, align 4, !tbaa !0 2032 %conv = sitofp i32 %tmp to double 2033 %mul = fmul double %conv, 0.000000e+00 2034 ret double %mul 2035 } 2036 2037 We should be able to fold away this fmul to 0.0. More generally, fmul(x,0.0) 2038 can be folded to 0.0 if we can prove that the LHS is not -0.0, not a NaN, and 2039 not an INF. The CannotBeNegativeZero predicate in value tracking should be 2040 extended to support general "fpclassify" operations that can return 2041 yes/no/unknown for each of these predicates. 2042 2043 In this predicate, we know that uitofp is trivially never NaN or -0.0, and 2044 we know that it isn't +/-Inf if the floating point type has enough exponent bits 2045 to represent the largest integer value as < inf. 2046 2047 //===---------------------------------------------------------------------===// 2048 2049 When optimizing a transformation that can change the sign of 0.0 (such as the 2050 0.0*val -> 0.0 transformation above), it might be provable that the sign of the 2051 expression doesn't matter. For example, by the above rules, we can't transform 2052 fmul(sitofp(x), 0.0) into 0.0, because x might be -1 and the result of the 2053 expression is defined to be -0.0. 2054 2055 If we look at the uses of the fmul for example, we might be able to prove that 2056 all uses don't care about the sign of zero. For example, if we have: 2057 2058 fadd(fmul(sitofp(x), 0.0), 2.0) 2059 2060 Since we know that x+2.0 doesn't care about the sign of any zeros in X, we can 2061 transform the fmul to 0.0, and then the fadd to 2.0. 2062 2063 //===---------------------------------------------------------------------===// 2064 2065 We should enhance memcpy/memcpy/memset to allow a metadata node on them 2066 indicating that some bytes of the transfer are undefined. This is useful for 2067 frontends like clang when lowering struct copies, when some elements of the 2068 struct are undefined. Consider something like this: 2069 2070 struct x { 2071 char a; 2072 int b[4]; 2073 }; 2074 void foo(struct x*P); 2075 struct x testfunc() { 2076 struct x V1, V2; 2077 foo(&V1); 2078 V2 = V1; 2079 2080 return V2; 2081 } 2082 2083 We currently compile this to: 2084 $ clang t.c -S -o - -O0 -emit-llvm | opt -scalarrepl -S 2085 2086 2087 %struct.x = type { i8, [4 x i32] } 2088 2089 define void @testfunc(%struct.x* sret %agg.result) nounwind ssp { 2090 entry: 2091 %V1 = alloca %struct.x, align 4 2092 call void @foo(%struct.x* %V1) 2093 %tmp1 = bitcast %struct.x* %V1 to i8* 2094 %0 = bitcast %struct.x* %V1 to i160* 2095 %srcval1 = load i160* %0, align 4 2096 %tmp2 = bitcast %struct.x* %agg.result to i8* 2097 %1 = bitcast %struct.x* %agg.result to i160* 2098 store i160 %srcval1, i160* %1, align 4 2099 ret void 2100 } 2101 2102 This happens because SRoA sees that the temp alloca has is being memcpy'd into 2103 and out of and it has holes and it has to be conservative. If we knew about the 2104 holes, then this could be much much better. 2105 2106 Having information about these holes would also improve memcpy (etc) lowering at 2107 llc time when it gets inlined, because we can use smaller transfers. This also 2108 avoids partial register stalls in some important cases. 2109 2110 //===---------------------------------------------------------------------===// 2111 2112 We don't fold (icmp (add) (add)) unless the two adds only have a single use. 2113 There are a lot of cases that we're refusing to fold in (e.g.) 256.bzip2, for 2114 example: 2115 2116 %indvar.next90 = add i64 %indvar89, 1 ;; Has 2 uses 2117 %tmp96 = add i64 %tmp95, 1 ;; Has 1 use 2118 %exitcond97 = icmp eq i64 %indvar.next90, %tmp96 2119 2120 We don't fold this because we don't want to introduce an overlapped live range 2121 of the ivar. However if we can make this more aggressive without causing 2122 performance issues in two ways: 2123 2124 1. If *either* the LHS or RHS has a single use, we can definitely do the 2125 transformation. In the overlapping liverange case we're trading one register 2126 use for one fewer operation, which is a reasonable trade. Before doing this 2127 we should verify that the llc output actually shrinks for some benchmarks. 2128 2. If both ops have multiple uses, we can still fold it if the operations are 2129 both sinkable to *after* the icmp (e.g. in a subsequent block) which doesn't 2130 increase register pressure. 2131 2132 There are a ton of icmp's we aren't simplifying because of the reg pressure 2133 concern. Care is warranted here though because many of these are induction 2134 variables and other cases that matter a lot to performance, like the above. 2135 Here's a blob of code that you can drop into the bottom of visitICmp to see some 2136 missed cases: 2137 2138 { Value *A, *B, *C, *D; 2139 if (match(Op0, m_Add(m_Value(A), m_Value(B))) && 2140 match(Op1, m_Add(m_Value(C), m_Value(D))) && 2141 (A == C || A == D || B == C || B == D)) { 2142 errs() << "OP0 = " << *Op0 << " U=" << Op0->getNumUses() << "\n"; 2143 errs() << "OP1 = " << *Op1 << " U=" << Op1->getNumUses() << "\n"; 2144 errs() << "CMP = " << I << "\n\n"; 2145 } 2146 } 2147 2148 //===---------------------------------------------------------------------===// 2149 2150 define i1 @test1(i32 %x) nounwind { 2151 %and = and i32 %x, 3 2152 %cmp = icmp ult i32 %and, 2 2153 ret i1 %cmp 2154 } 2155 2156 Can be folded to (x & 2) == 0. 2157 2158 define i1 @test2(i32 %x) nounwind { 2159 %and = and i32 %x, 3 2160 %cmp = icmp ugt i32 %and, 1 2161 ret i1 %cmp 2162 } 2163 2164 Can be folded to (x & 2) != 0. 2165 2166 SimplifyDemandedBits shrinks the "and" constant to 2 but instcombine misses the 2167 icmp transform. 2168 2169 //===---------------------------------------------------------------------===// 2170 2171 This code: 2172 2173 typedef struct { 2174 int f1:1; 2175 int f2:1; 2176 int f3:1; 2177 int f4:29; 2178 } t1; 2179 2180 typedef struct { 2181 int f1:1; 2182 int f2:1; 2183 int f3:30; 2184 } t2; 2185 2186 t1 s1; 2187 t2 s2; 2188 2189 void func1(void) 2190 { 2191 s1.f1 = s2.f1; 2192 s1.f2 = s2.f2; 2193 } 2194 2195 Compiles into this IR (on x86-64 at least): 2196 2197 %struct.t1 = type { i8, [3 x i8] } 2198 @s2 = global %struct.t1 zeroinitializer, align 4 2199 @s1 = global %struct.t1 zeroinitializer, align 4 2200 define void @func1() nounwind ssp noredzone { 2201 entry: 2202 %0 = load i32* bitcast (%struct.t1* @s2 to i32*), align 4 2203 %bf.val.sext5 = and i32 %0, 1 2204 %1 = load i32* bitcast (%struct.t1* @s1 to i32*), align 4 2205 %2 = and i32 %1, -4 2206 %3 = or i32 %2, %bf.val.sext5 2207 %bf.val.sext26 = and i32 %0, 2 2208 %4 = or i32 %3, %bf.val.sext26 2209 store i32 %4, i32* bitcast (%struct.t1* @s1 to i32*), align 4 2210 ret void 2211 } 2212 2213 The two or/and's should be merged into one each. 2214 2215 //===---------------------------------------------------------------------===// 2216 2217 Machine level code hoisting can be useful in some cases. For example, PR9408 2218 is about: 2219 2220 typedef union { 2221 void (*f1)(int); 2222 void (*f2)(long); 2223 } funcs; 2224 2225 void foo(funcs f, int which) { 2226 int a = 5; 2227 if (which) { 2228 f.f1(a); 2229 } else { 2230 f.f2(a); 2231 } 2232 } 2233 2234 which we compile to: 2235 2236 foo: # @foo 2237 # BB#0: # %entry 2238 pushq %rbp 2239 movq %rsp, %rbp 2240 testl %esi, %esi 2241 movq %rdi, %rax 2242 je .LBB0_2 2243 # BB#1: # %if.then 2244 movl $5, %edi 2245 callq *%rax 2246 popq %rbp 2247 ret 2248 .LBB0_2: # %if.else 2249 movl $5, %edi 2250 callq *%rax 2251 popq %rbp 2252 ret 2253 2254 Note that bb1 and bb2 are the same. This doesn't happen at the IR level 2255 because one call is passing an i32 and the other is passing an i64. 2256 2257 //===---------------------------------------------------------------------===// 2258 2259 I see this sort of pattern in 176.gcc in a few places (e.g. the start of 2260 store_bit_field). The rem should be replaced with a multiply and subtract: 2261 2262 %3 = sdiv i32 %A, %B 2263 %4 = srem i32 %A, %B 2264 2265 Similarly for udiv/urem. Note that this shouldn't be done on X86 or ARM, 2266 which can do this in a single operation (instruction or libcall). It is 2267 probably best to do this in the code generator. 2268 2269 //===---------------------------------------------------------------------===// 2270 2271 unsigned foo(unsigned x, unsigned y) { return (x & y) == 0 || x == 0; } 2272 should fold to (x & y) == 0. 2273 2274 //===---------------------------------------------------------------------===// 2275 2276 unsigned foo(unsigned x, unsigned y) { return x > y && x != 0; } 2277 should fold to x > y. 2278 2279 //===---------------------------------------------------------------------===// 2280
