This is an archive of the discontinued LLVM Phabricator instance.

Differential D101103

[InstSimplify] Treat invariant group insts as bitcasts for load operands
ClosedPublic

Authored by aeubanks on Apr 22 2021, 1:14 PM.

Details

Reviewers
rnk
pcc
nikic
lebedev.ri
Prazek
Commits
rG9aa1428174ae: [InstSimplify] Treat invariant group insts as bitcasts for load operands
rG26044c6a54de: [InstSimplify] Treat invariant group insts as bitcasts for load operands
Summary

We can look through invariant group intrinsics for the purposes of
simplifying the result of a load.

Since intrinsics can't be constants, but we also don't want to
completely rewrite load constant folding, we convert the load operand to
a constant. For GEPs and bitcasts we just treat them as constants. For
invariant group intrinsics, we treat them as a bitcast.

Diff Detail

Event Timeline

aeubanks created this revision.Apr 22 2021, 1:14 PM
Herald added subscribers: hiraditya, Prazek. · View Herald TranscriptApr 22 2021, 1:14 PM
aeubanks requested review of this revision.Apr 22 2021, 1:14 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 22 2021, 1:14 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
aeubanks mentioned this in D100923: [ConstFold] Constant fold load through invariant group intrinsics.Apr 22 2021, 1:16 PM
Harbormaster completed remote builds in B100367: Diff 339765.Apr 22 2021, 3:23 PM
rnk added a reviewer: lebedev.ri.Apr 26 2021, 6:44 PM
rnk added a comment.Apr 26 2021, 6:47 PM

I added @lebedev.ri as a reviewer, since Roman has done significant work on instcombine/instsimplify.

llvm/lib/Analysis/InstructionSimplify.cpp
5831

We already discarded constants above, so these don't have to be operators, they could be Instructions, BitCastInst, etc.

rnk mentioned this in D101100: [ConstFold] Simplify a load's GEP operand through local aliases.Apr 26 2021, 6:49 PM
lebedev.ri added a comment.Apr 27 2021, 12:56 AM

I think the recursion is unfortunate there. How about something like

static Constant *ConstructLoadOperandConstant(Value *Op) {
  SmallVector<Value*, 16> Worklist;
  
  OpStack.emplace_back(Op);
  for(int I = 0; I != OpStack.size(); ++I) {
    Value* Op = OpStack.back();
    
    if (isa<Constant>(Op))
      break; // YAY!

    if (auto *BC = dyn_cast<BitCastOperator>(Op))
      OpStack.emplace_back(BC->getOperand(0)); // Recurse.

    if (auto *GEP = dyn_cast<GEPOperator>(Op)) {
      if (all_of(ArrayRef<Value*>(GEP->operands()).drop_front(),
          [](Value*Op) { return isa<Constant>(Op); }))
        OpStack.emplace_back(GEP->getOperand(0)); // Recurse.
    }

    if (auto *II = dyn_cast<IntrinsicInst>(Op)) {
      if (II->getIntrinsicID() == Intrinsic::strip_invariant_group ||
          II->getIntrinsicID() == Intrinsic::launder_invariant_group)
        OpStack.emplace_back(II->getOperand(0)); // Recurse.
    }
    
    return nullptr; // Can't look past this instruction. Give up.
  }
  
  // Alright! Reconstruct this chain as constant expressions.
  Constant* NewOp = cast<Constant>(Worklist.pop_back_val());
  while(!OpStack.empty()) {
    Value* Op = OpStack.pop_back_val();

    if (isa<BitCastOperator>(Op))
      NewOp = ConstantExpr::getBitCast(NewOp, Op->getType());

    if (auto *GEP = dyn_cast<GEPOperator>(Op)) {
      SmallVector<Constant *> Idxs;
      Idxs.reserve(GEP->getNumOperands() - 1);
      for (unsigned I = 1, E = GEP->getNumOperands(); I != E; ++I)
        Idxs.push_back(cast<Constant>(GEP->getOperand(I));
      return ConstantExpr::getGetElementPtr(GEP->getSourceElementType(), NewOp,
                                            Idxs, GEP->isInBounds(),
                                            GEP->getInRangeIndex());
    }

    if (auto *II = dyn_cast<IntrinsicInst>(Op)) {
      if (II->getIntrinsicID() == Intrinsic::strip_invariant_group ||
          II->getIntrinsicID() == Intrinsic::launder_invariant_group)
        NewOp = ConstantExpr::getBitCast(NewOp, Op->getType());  
    }
    
    llvm_unreachable("Instruction handled in first loop but not here?");
  }
}
  
return NewOp;
llvm/lib/Analysis/InstructionSimplify.cpp
5827

Given load from \p Op, see if we can peel off certain pointer adjustments,
that are no-op for the purpose of the performing the load,
in the hope of eventually discovering that we are
actually loading from a constant.

5865–5866

As per D33619. and the default of the switch in SimplifyInstruction(),
we'll no longer call ConstantFoldInstruction(), but just the ConstantFoldLoadFromConstPtr().
Will we loose anything important because of that?

I would guess that iff we actually want to change that, perhaps it should be done afterwards,
and this should just continue to use ConstantFoldInstruction()?

llvm/test/Transforms/InstSimplify/invariant.group-load.ll
2

I'd like to see a bit more tests.
For example, this really needs negative tests.
What should happen if the @A isn't a constant?
One test with some pattern we can't handle would be good (non-constant gep indexes e.g.)

Prazek added a reviewer: Prazek.Apr 27 2021, 1:36 AM
Prazek added a comment.Apr 27 2021, 1:47 AM
In D101103#2718848, @lebedev.ri wrote:

I think the recursion is unfortunate there. How about something like

static Constant *ConstructLoadOperandConstant(Value *Op) {
  SmallVector<Value*, 16> Worklist;
  
  OpStack.emplace_back(Op);
  for(int I = 0; I != OpStack.size(); ++I) {
    Value* Op = OpStack.back();
    
    if (isa<Constant>(Op))
      break; // YAY!

    if (auto *BC = dyn_cast<BitCastOperator>(Op))
      OpStack.emplace_back(BC->getOperand(0)); // Recurse.

    if (auto *GEP = dyn_cast<GEPOperator>(Op)) {
      if (all_of(ArrayRef<Value*>(GEP->operands()).drop_front(),
          [](Value*Op) { return isa<Constant>(Op); }))
        OpStack.emplace_back(GEP->getOperand(0)); // Recurse.
    }

    if (auto *II = dyn_cast<IntrinsicInst>(Op)) {
      if (II->getIntrinsicID() == Intrinsic::strip_invariant_group ||
          II->getIntrinsicID() == Intrinsic::launder_invariant_group)
        OpStack.emplace_back(II->getOperand(0)); // Recurse.
    }
    
    return nullptr; // Can't look past this instruction. Give up.
  }
  
  // Alright! Reconstruct this chain as constant expressions.
  Constant* NewOp = cast<Constant>(Worklist.pop_back_val());
  while(!OpStack.empty()) {
    Value* Op = OpStack.pop_back_val();

    if (isa<BitCastOperator>(Op))
      NewOp = ConstantExpr::getBitCast(NewOp, Op->getType());

    if (auto *GEP = dyn_cast<GEPOperator>(Op)) {
      SmallVector<Constant *> Idxs;
      Idxs.reserve(GEP->getNumOperands() - 1);
      for (unsigned I = 1, E = GEP->getNumOperands(); I != E; ++I)
        Idxs.push_back(cast<Constant>(GEP->getOperand(I));
      return ConstantExpr::getGetElementPtr(GEP->getSourceElementType(), NewOp,
                                            Idxs, GEP->isInBounds(),
                                            GEP->getInRangeIndex());
    }

    if (auto *II = dyn_cast<IntrinsicInst>(Op)) {
      if (II->getIntrinsicID() == Intrinsic::strip_invariant_group ||
          II->getIntrinsicID() == Intrinsic::launder_invariant_group)
        NewOp = ConstantExpr::getBitCast(NewOp, Op->getType());  
    }
    
    llvm_unreachable("Instruction handled in first loop but not here?");
  }
}
  
return NewOp;

Also if you want to traverse bitcasts and invariant.group intrinsics, you could perhaps use `stripPointerCastsAndOffsets<PSK_ForAliasAnalysis>`

llvm/test/Transforms/InstSimplify/invariant.group-load.ll
13

Could you add similar test for launder.invariant.group as well?

Prazek added a comment.Apr 27 2021, 1:48 AM

Out of curiosity: have you seen this pattern happening in the wild with -fstrict-vtable-pointers?

aeubanks added a comment.Apr 27 2021, 10:24 AM
In D101103#2718965, @Prazek wrote:

Out of curiosity: have you seen this pattern happening in the wild with -fstrict-vtable-pointers?

Yes, it was causing a major size regression in one specific file (with rtti). I've managed to reduce it down to

struct A {
  int i;
  virtual void f();
  A(): i(4) {}
};

const A g;

int foo() {
  const A* a = &g;
  return a->i;
}

$ ./build/rel/bin/clang++ /tmp/a.cc -o - -S -emit-llvm -O2 -fstrict-vtable-pointers

%struct.A = type <{ i32 (...)**, i32, [4 x i8] }>

@_ZL1g = internal constant %struct.A <{ i32 (...)** bitcast (i8** getelementptr inbounds ({ [3 x i8*] }, { [3 x i8*] }* @_ZTV1A, i32 0, inrange i32 0, i32 2) to i32 (...)**), i32 4, [4 x i8] zeroinitializer }>, align 8
@_ZTV1A = external dso_local unnamed_addr constant { [3 x i8*] }, align 8
@llvm.global_ctors = appending global [0 x { i32, void ()*, i8* }] zeroinitializer

; Function Attrs: nofree nosync nounwind readnone uwtable willreturn mustprogress
define dso_local i32 @_Z8hahahahav() local_unnamed_addr #0 {
entry:
  %0 = tail call i8* @llvm.strip.invariant.group.p0i8(i8* bitcast (%struct.A* @_ZL1g to i8*))
  %i = getelementptr inbounds i8, i8* %0, i64 8
  %1 = bitcast i8* %i to i32*
  %2 = load i32, i32* %1, align 8, !tbaa !6
  ret i32 %2
}

$ ./build/rel/bin/clang++ /tmp/a.cc -o - -S -emit-llvm -O2

; Function Attrs: nofree norecurse nosync nounwind readnone uwtable willreturn mustprogress
define dso_local i32 @_Z8hahahahav() local_unnamed_addr #0 {
entry:
  ret i32 4
}
aeubanks added a comment.Apr 27 2021, 5:51 PM

looks like the strip is coming from CodeGenFunction::EmitLValueForField():

if (auto *ClassDef = dyn_cast<CXXRecordDecl>(rec)) {
  if (CGM.getCodeGenOpts().StrictVTablePointers &&
      ClassDef->isDynamicClass()) {
    // Getting to any field of dynamic object requires stripping dynamic
    // information provided by invariant.group.  This is because accessing
    // fields may leak the real address of dynamic object, which could result
    // in miscompilation when leaked pointer would be compared.
    auto *stripped = Builder.CreateStripInvariantGroup(addr.getPointer());
    addr = Address(stripped, addr.getAlignment());
  }
}

is this actually true?

Prazek added a comment.EditedApr 28 2021, 2:51 AM
In D101103#2721429, @aeubanks wrote:

looks like the strip is coming from CodeGenFunction::EmitLValueForField():

if (auto *ClassDef = dyn_cast<CXXRecordDecl>(rec)) {
  if (CGM.getCodeGenOpts().StrictVTablePointers &&
      ClassDef->isDynamicClass()) {
    // Getting to any field of dynamic object requires stripping dynamic
    // information provided by invariant.group.  This is because accessing
    // fields may leak the real address of dynamic object, which could result
    // in miscompilation when leaked pointer would be compared.
    auto *stripped = Builder.CreateStripInvariantGroup(addr.getPointer());
    addr = Address(stripped, addr.getAlignment());
  }
}

is this actually true?

It is essentially more complex case of leaking the value of the pointer through comparison (documented in the docs)

struct A {

virtual void foo();
int field;

};

struct B {
  void foo() override;
};

external A* clobber(A* a) {
  return new(a) B;
}

void bar(A *a) {
  int* addr =  &a->field;
  A* new_a = clobber(a);
  if (addr == &new_a->field) {
    new_a->foo();
  }
}

Here if you don't strip "virtual information" from the pointer before getting the address of the field, the compiler will be able to figure out that the address
of a and new_a is the same in the branch, which would result in RAUW of new_a for a, resulting in incorrect devirtualization.

Prazek added a comment.Apr 28 2021, 3:00 AM
In D101103#2720276, @aeubanks wrote:
In D101103#2718965, @Prazek wrote:

Out of curiosity: have you seen this pattern happening in the wild with -fstrict-vtable-pointers?

Yes, it was causing a major size regression in one specific file (with rtti). I've managed to reduce it down to

struct A {
  int i;
  virtual void f();
  A(): i(4) {}
};

const A g;

int foo() {
  const A* a = &g;
  return a->i;
}

$ ./build/rel/bin/clang++ /tmp/a.cc -o - -S -emit-llvm -O2 -fstrict-vtable-pointers

%struct.A = type <{ i32 (...)**, i32, [4 x i8] }>

@_ZL1g = internal constant %struct.A <{ i32 (...)** bitcast (i8** getelementptr inbounds ({ [3 x i8*] }, { [3 x i8*] }* @_ZTV1A, i32 0, inrange i32 0, i32 2) to i32 (...)**), i32 4, [4 x i8] zeroinitializer }>, align 8
@_ZTV1A = external dso_local unnamed_addr constant { [3 x i8*] }, align 8
@llvm.global_ctors = appending global [0 x { i32, void ()*, i8* }] zeroinitializer

; Function Attrs: nofree nosync nounwind readnone uwtable willreturn mustprogress
define dso_local i32 @_Z8hahahahav() local_unnamed_addr #0 {
entry:
  %0 = tail call i8* @llvm.strip.invariant.group.p0i8(i8* bitcast (%struct.A* @_ZL1g to i8*))
  %i = getelementptr inbounds i8, i8* %0, i64 8
  %1 = bitcast i8* %i to i32*
  %2 = load i32, i32* %1, align 8, !tbaa !6
  ret i32 %2
}

$ ./build/rel/bin/clang++ /tmp/a.cc -o - -S -emit-llvm -O2

; Function Attrs: nofree norecurse nosync nounwind readnone uwtable willreturn mustprogress
define dso_local i32 @_Z8hahahahav() local_unnamed_addr #0 {
entry:
  ret i32 4
}

Nice finding!

aeubanks updated this revision to Diff 345276.May 13 2021, 1:53 PM

rebase
add more tests
make operand constant construction not recursive
skip if load operand was initially constant

Harbormaster completed remote builds in B104379: Diff 345276.May 13 2021, 3:53 PM
Prazek added inline comments.May 17 2021, 6:30 AM
llvm/lib/Analysis/InstructionSimplify.cpp
5843–5846

nit: personally I would reverse the logic:

if (II->getIntrinsicID() == Intrinsic::strip_invariant_group &&
    II->getIntrinsicID() == Intrinsic::launder_invariant_group)
  Worklist.push_back(II->getOperand(0));
else
  return nullptr;

I think it is more canonical and easier to read.
I guess also then you could simplify the assert you have later on to share some code (e.g. isInvariantGroupIntrinsic function)

aeubanks updated this revision to Diff 345923.May 17 2021, 10:16 AM

use isLaunderOrStripInvariantGroup(), I forgot I had already made that

Harbormaster completed remote builds in B104857: Diff 345923.May 17 2021, 11:21 AM
aeubanks added a comment.Jun 1 2021, 9:12 AM

ping

lebedev.ri accepted this revision.Jun 1 2021, 9:16 AM

LGTM

llvm/test/Transforms/InstSimplify/invariant.group-load.ll
1

Please precommit these tests.

This revision is now accepted and ready to land.Jun 1 2021, 9:16 AM
aeubanks mentioned this in rG3aa943070cc1: [test] Precommit test for D101103.Jun 1 2021, 4:31 PM
aeubanks updated this revision to Diff 349130.Jun 1 2021, 4:33 PM

rebase after precommitted test

This revision was landed with ongoing or failed builds.Jun 1 2021, 4:33 PM
Closed by commit rG26044c6a54de: [InstSimplify] Treat invariant group insts as bitcasts for load operands (authored by aeubanks). · Explain Why
This revision was automatically updated to reflect the committed changes.
aeubanks added a commit: rG26044c6a54de: [InstSimplify] Treat invariant group insts as bitcasts for load operands.
Harbormaster completed remote builds in B107150: Diff 349130.Jun 1 2021, 5:31 PM
clin1 added a subscriber: clin1.Jun 9 2021, 11:42 AM

Hi @aeubanks, we turned up a corner case where jump threading is creating a self-referential GEP:

%tmp27 = getelementptr inbounds i8, i8* %tmp27, i64 1

Surprisingly, this is allowed in unreachable code:
https://lists.llvm.org/pipermail/llvm-dev/2012-October/054719.html

The self reference causes InstSimplify to hang when it's called from JT.
Test case "reduced.ll" attached. Would you mind checking it out? Thank you!

reduced.ll4 KBDownload

lebedev.ri added a comment.Jun 9 2021, 11:51 AM
In D101103#2808706, @clin1 wrote:

Hi @aeubanks, we turned up a corner case where jump threading is creating a self-referential GEP:

%tmp27 = getelementptr inbounds i8, i8* %tmp27, i64 1

Surprisingly, this is allowed in unreachable code:
https://lists.llvm.org/pipermail/llvm-dev/2012-October/054719.html

The self reference causes InstSimplify to hang when it's called from JT.
Test case "reduced.ll" attached. Would you mind checking it out? Thank you!

reduced.ll4 KBDownload

The fix should lie in jumpthreading - it should not deal with unreachable blocks.

aeubanks added a reverting change: rG222cce3828a5: Revert "[InstSimplify] Treat invariant group insts as bitcasts for load….Jun 9 2021, 11:55 AM
abhinavgaba added a subscriber: abhinavgaba.Jun 9 2021, 11:56 AM
nikic added a comment.Jun 9 2021, 1:08 PM

While it may make sense to address this in JumpThreading in addition, I believe InstSimplify is intended to be robust against unreachable code. As InstSimplify can thread over phis, I don't think it's even possible for a caller to reliably prevent unreachable code from reaching InstSimplify.

lebedev.ri added inline comments.Jun 10 2021, 2:09 AM
llvm/lib/Analysis/InstructionSimplify.cpp
5830–5831

Then i guess you want to add a SmallPtrSet<Value*> Visited; outside of the loop
insert into it in the beginning of the loop, and if insertion fails - return nullptr;.

aeubanks reopened this revision.Jun 11 2021, 11:49 AM
This revision is now accepted and ready to land.Jun 11 2021, 11:49 AM
aeubanks updated this revision to Diff 351520.Jun 11 2021, 11:49 AM

check for self referential values

Harbormaster completed remote builds in B108866: Diff 351520.Jun 11 2021, 12:28 PM
This revision was landed with ongoing or failed builds.Jun 15 2021, 12:59 PM
Closed by commit rG9aa1428174ae: [InstSimplify] Treat invariant group insts as bitcasts for load operands (authored by aeubanks). · Explain Why
This revision was automatically updated to reflect the committed changes.
aeubanks added a commit: rG9aa1428174ae: [InstSimplify] Treat invariant group insts as bitcasts for load operands.

Revision Contents

PathSize
llvm/
lib/
Analysis/
76 lines
test/
Transforms/
InstSimplify/
51 lines
12 lines

Diff 352224

llvm/lib/Analysis/InstructionSimplify.cpp

Show All 12 Lines
// ("and i32 %x, %x" -> "%x"). All operands are assumed to have already been // ("and i32 %x, %x" -> "%x"). All operands are assumed to have already been
// simplified: This is usually true and assuming it simplifies the logic (if // simplified: This is usually true and assuming it simplifies the logic (if
// they have not been simplified then results are correct but maybe suboptimal). // they have not been simplified then results are correct but maybe suboptimal).
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "llvm/Analysis/InstructionSimplify.h" #include "llvm/Analysis/InstructionSimplify.h"
#include "llvm/ADT/SetVector.h" #include "llvm/ADT/SetVector.h"
#include "llvm/ADT/SmallPtrSet.h"
#include "llvm/ADT/Statistic.h" #include "llvm/ADT/Statistic.h"
#include "llvm/Analysis/AliasAnalysis.h" #include "llvm/Analysis/AliasAnalysis.h"
#include "llvm/Analysis/AssumptionCache.h" #include "llvm/Analysis/AssumptionCache.h"
#include "llvm/Analysis/CaptureTracking.h" #include "llvm/Analysis/CaptureTracking.h"
#include "llvm/Analysis/CmpInstAnalysis.h" #include "llvm/Analysis/CmpInstAnalysis.h"
#include "llvm/Analysis/ConstantFolding.h" #include "llvm/Analysis/ConstantFolding.h"
#include "llvm/Analysis/LoopAnalysisManager.h" #include "llvm/Analysis/LoopAnalysisManager.h"
#include "llvm/Analysis/MemoryBuiltins.h" #include "llvm/Analysis/MemoryBuiltins.h"
▲ Show 20 LinesShow All 5,789 Lines▼ Show 20 Linesstatic Value *SimplifyFreezeInst(Value *Op0, const SimplifyQuery &Q) {
// We have room for improvement. // We have room for improvement.
return nullptr; return nullptr;
} }
Value *llvm::SimplifyFreezeInst(Value *Op0, const SimplifyQuery &Q) { Value *llvm::SimplifyFreezeInst(Value *Op0, const SimplifyQuery &Q) {
return ::SimplifyFreezeInst(Op0, Q); return ::SimplifyFreezeInst(Op0, Q);
} }
static Constant *ConstructLoadOperandConstant(Value *Op) {
lebedev.riUnsubmitted
Not Done
ReplyInline Actions

Given load from \p Op, see if we can peel off certain pointer adjustments,
that are no-op for the purpose of the performing the load,
in the hope of eventually discovering that we are
actually loading from a constant.

lebedev.ri: Given load from \p Op, see if we can peel off certain pointer adjustments, that are no-op for…
SmallVector<Value *, 4> Worklist;
// Invalid IR in unreachable code may contain self-referential values. Don't infinitely loop.
SmallPtrSet<Value *, 4> Visited;
Worklist.push_back(Op);
rnkUnsubmitted
Not Done
ReplyInline Actions

We already discarded constants above, so these don't have to be operators, they could be Instructions, BitCastInst, etc.

rnk: We already discarded constants above, so these don't have to be operators, they could be…
lebedev.riUnsubmitted
Not Done
ReplyInline Actions

Then i guess you want to add a SmallPtrSet<Value*> Visited; outside of the loop
insert into it in the beginning of the loop, and if insertion fails - return nullptr;.

lebedev.ri: Then i guess you want to add a `SmallPtrSet<Value*> Visited;` outside of the loop insert into…
while (true) {
Value *CurOp = Worklist.back();
if (!Visited.insert(CurOp).second)
return nullptr;
if (isa<Constant>(CurOp))
break;
if (auto *BC = dyn_cast<BitCastOperator>(CurOp)) {
Worklist.push_back(BC->getOperand(0));
} else if (auto *GEP = dyn_cast<GEPOperator>(CurOp)) {
for (unsigned I = 1; I != GEP->getNumOperands(); ++I) {
if (!isa<Constant>(GEP->getOperand(I)))
return nullptr;
}
Worklist.push_back(GEP->getOperand(0));
} else if (auto *II = dyn_cast<IntrinsicInst>(CurOp)) {
PrazekUnsubmitted
Not Done
ReplyInline Actions

nit: personally I would reverse the logic:

if (II->getIntrinsicID() == Intrinsic::strip_invariant_group &&
    II->getIntrinsicID() == Intrinsic::launder_invariant_group)
  Worklist.push_back(II->getOperand(0));
else
  return nullptr;

I think it is more canonical and easier to read.
I guess also then you could simplify the assert you have later on to share some code (e.g. isInvariantGroupIntrinsic function)

Prazek: nit: personally I would reverse the logic: if (II->getIntrinsicID() == Intrinsic…
if (II->isLaunderOrStripInvariantGroup())
Worklist.push_back(II->getOperand(0));
else
return nullptr;
} else {
return nullptr;
}
}
Constant *NewOp = cast<Constant>(Worklist.pop_back_val());
while (!Worklist.empty()) {
Value *CurOp = Worklist.pop_back_val();
if (isa<BitCastOperator>(CurOp)) {
NewOp = ConstantExpr::getBitCast(NewOp, CurOp->getType());
} else if (auto *GEP = dyn_cast<GEPOperator>(CurOp)) {
SmallVector<Constant *> Idxs;
Idxs.reserve(GEP->getNumOperands() - 1);
for (unsigned I = 1, E = GEP->getNumOperands(); I != E; ++I) {
Idxs.push_back(cast<Constant>(GEP->getOperand(I)));
}
lebedev.riUnsubmitted
Not Done
ReplyInline Actions

As per D33619. and the default of the switch in SimplifyInstruction(),
we'll no longer call ConstantFoldInstruction(), but just the ConstantFoldLoadFromConstPtr().
Will we loose anything important because of that?

I would guess that iff we actually want to change that, perhaps it should be done afterwards,
and this should just continue to use ConstantFoldInstruction()?

lebedev.ri: As per D33619. and the default of the switch in `SimplifyInstruction()`, we'll no longer call…
NewOp = ConstantExpr::getGetElementPtr(GEP->getSourceElementType(), NewOp,
Idxs, GEP->isInBounds(),
GEP->getInRangeIndex());
} else {
assert(isa<IntrinsicInst>(CurOp) &&
cast<IntrinsicInst>(CurOp)->isLaunderOrStripInvariantGroup() &&
"expected invariant group intrinsic");
NewOp = ConstantExpr::getBitCast(NewOp, CurOp->getType());
}
}
return NewOp;
}
static Value *SimplifyLoadInst(LoadInst *LI, const SimplifyQuery &Q) {
if (LI->isVolatile())
return nullptr;
if (auto *C = ConstantFoldInstruction(LI, Q.DL))
return C;
// The following only catches more cases than ConstantFoldInstruction() if the
// load operand wasn't a constant. Specifically, invariant.group intrinsics.
if (isa<Constant>(LI->getPointerOperand()))
return nullptr;
if (auto *C = dyn_cast_or_null<Constant>(
ConstructLoadOperandConstant(LI->getPointerOperand())))
return ConstantFoldLoadFromConstPtr(C, LI->getType(), Q.DL);
return nullptr;
}
/// See if we can compute a simplified version of this instruction. /// See if we can compute a simplified version of this instruction.
/// If not, this returns null. /// If not, this returns null.
Value *llvm::SimplifyInstruction(Instruction *I, const SimplifyQuery &SQ, Value *llvm::SimplifyInstruction(Instruction *I, const SimplifyQuery &SQ,
OptimizationRemarkEmitter *ORE) { OptimizationRemarkEmitter *ORE) {
const SimplifyQuery Q = SQ.CxtI ? SQ : SQ.getWithInstruction(I); const SimplifyQuery Q = SQ.CxtI ? SQ : SQ.getWithInstruction(I);
Value *Result; Value *Result;
▲ Show 20 LinesShow All 140 Lines▼ Show 20 Lines
#undef HANDLE_CAST_INST #undef HANDLE_CAST_INST
Result = Result =
SimplifyCastInst(I->getOpcode(), I->getOperand(0), I->getType(), Q); SimplifyCastInst(I->getOpcode(), I->getOperand(0), I->getType(), Q);
break; break;
case Instruction::Alloca: case Instruction::Alloca:
// No simplifications for Alloca and it can't be constant folded. // No simplifications for Alloca and it can't be constant folded.
Result = nullptr; Result = nullptr;
break; break;
case Instruction::Load:
Result = SimplifyLoadInst(cast<LoadInst>(I), Q);
break;
} }
/// If called on unreachable code, the above logic may report that the /// If called on unreachable code, the above logic may report that the
/// instruction simplified to itself. Make life easier for users by /// instruction simplified to itself. Make life easier for users by
/// detecting that case here, returning a safe value instead. /// detecting that case here, returning a safe value instead.
return Result == I ? UndefValue::get(I->getType()) : Result; return Result == I ? UndefValue::get(I->getType()) : Result;
} }
▲ Show 20 LinesShow All 109 LinesShow Last 20 Lines

llvm/test/Transforms/InstSimplify/invalid-load-operand-infinite-loop.ll

  • This file was added.
; RUN: opt -passes=jump-threading -S < %s | FileCheck %s
; CHECK: @main
%struct.wobble = type { i8 }
define i32 @main() local_unnamed_addr personality i8* undef {
bb12:
br i1 false, label %bb13, label %bb28
bb13: ; preds = %bb12
br label %bb14
bb14: ; preds = %bb26, %bb13
%tmp15 = phi i8* [ %tmp27, %bb26 ], [ undef, %bb13 ]
%tmp16 = icmp slt i32 5, undef
%tmp17 = select i1 false, i1 true, i1 %tmp16
br label %bb18
bb18: ; preds = %bb14
br i1 %tmp17, label %bb19, label %bb21
bb19: ; preds = %bb18
%tmp20 = or i32 undef, 4
br label %bb21
bb21: ; preds = %bb19, %bb18
%tmp22 = load i8, i8* %tmp15, align 1
br label %bb23
bb23: ; preds = %bb21
br i1 %tmp17, label %bb24, label %bb25
bb24: ; preds = %bb23
br label %bb25
bb25: ; preds = %bb24, %bb23
invoke void undef(%struct.wobble* undef, i32 0, i32 undef, i8 %tmp22)
to label %bb26 unwind label %bb33
bb26: ; preds = %bb25
%tmp27 = getelementptr inbounds i8, i8* %tmp15, i64 1
br label %bb14
bb28: ; preds = %bb12
unreachable
bb33: ; preds = %bb25
%tmp34 = landingpad { i8*, i32 }
cleanup
unreachable
}

llvm/test/Transforms/InstSimplify/invariant.group-load.ll

; NOTE: Assertions have been autogenerated by utils/update_test_checks.py ; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
lebedev.riUnsubmitted
Not Done
ReplyInline Actions

Please precommit these tests.

lebedev.ri: Please precommit these tests.
; RUN: opt -passes=instsimplify -S < %s | FileCheck %s ; RUN: opt -passes=instsimplify -S < %s | FileCheck %s
lebedev.riUnsubmitted
Not Done
ReplyInline Actions

I'd like to see a bit more tests.
For example, this really needs negative tests.
What should happen if the @A isn't a constant?
One test with some pattern we can't handle would be good (non-constant gep indexes e.g.)

lebedev.ri: I'd like to see a bit more tests. For example, this really needs negative tests. What should…
@A = linkonce_odr hidden constant { i64, i64 } { i64 2, i64 3 } @A = linkonce_odr hidden constant { i64, i64 } { i64 2, i64 3 }
@B = linkonce_odr hidden global { i64, i64 } { i64 2, i64 3 } @B = linkonce_odr hidden global { i64, i64 } { i64 2, i64 3 }
declare i8* @llvm.strip.invariant.group.p0i8(i8* %p) declare i8* @llvm.strip.invariant.group.p0i8(i8* %p)
declare i8* @llvm.launder.invariant.group.p0i8(i8* %p) declare i8* @llvm.launder.invariant.group.p0i8(i8* %p)
define i64 @f() { define i64 @f() {
; CHECK-LABEL: @f( ; CHECK-LABEL: @f(
; CHECK-NEXT: [[A:%.*]] = call i8* @llvm.strip.invariant.group.p0i8(i8* bitcast ({ i64, i64 }* @A to i8*)) ; CHECK-NEXT: ret i64 3
; CHECK-NEXT: [[B:%.*]] = getelementptr i8, i8* [[A]], i32 8
; CHECK-NEXT: [[C:%.*]] = bitcast i8* [[B]] to i64*
; CHECK-NEXT: [[D:%.*]] = load i64, i64* [[C]], align 4
; CHECK-NEXT: ret i64 [[D]]
; ;
PrazekUnsubmitted
Not Done
ReplyInline Actions

Could you add similar test for launder.invariant.group as well?

Prazek: Could you add similar test for launder.invariant.group as well?
%p = bitcast { i64, i64 }* @A to i8* %p = bitcast { i64, i64 }* @A to i8*
%a = call i8* @llvm.strip.invariant.group.p0i8(i8* %p) %a = call i8* @llvm.strip.invariant.group.p0i8(i8* %p)
%b = getelementptr i8, i8* %a, i32 8 %b = getelementptr i8, i8* %a, i32 8
%c = bitcast i8* %b to i64* %c = bitcast i8* %b to i64*
%d = load i64, i64* %c %d = load i64, i64* %c
ret i64 %d ret i64 %d
} }
define i64 @g() { define i64 @g() {
; CHECK-LABEL: @g( ; CHECK-LABEL: @g(
; CHECK-NEXT: [[A:%.*]] = call i8* @llvm.launder.invariant.group.p0i8(i8* bitcast ({ i64, i64 }* @A to i8*)) ; CHECK-NEXT: ret i64 3
; CHECK-NEXT: [[B:%.*]] = getelementptr i8, i8* [[A]], i32 8
; CHECK-NEXT: [[C:%.*]] = bitcast i8* [[B]] to i64*
; CHECK-NEXT: [[D:%.*]] = load i64, i64* [[C]], align 4
; CHECK-NEXT: ret i64 [[D]]
; ;
%p = bitcast { i64, i64 }* @A to i8* %p = bitcast { i64, i64 }* @A to i8*
%a = call i8* @llvm.launder.invariant.group.p0i8(i8* %p) %a = call i8* @llvm.launder.invariant.group.p0i8(i8* %p)
%b = getelementptr i8, i8* %a, i32 8 %b = getelementptr i8, i8* %a, i32 8
%c = bitcast i8* %b to i64* %c = bitcast i8* %b to i64*
%d = load i64, i64* %c %d = load i64, i64* %c
ret i64 %d ret i64 %d
} }
▲ Show 20 LinesShow All 48 LinesShow Last 20 Lines