This is an archive of the discontinued LLVM Phabricator instance.

Differential D101176

[SimplifyLibCalls] Transform malloc to calloc with redundant memsets elimination (PR25892)
AbandonedPublic

Authored by yurai007 on Apr 23 2021, 9:15 AM.

Details

Reviewers
xbolva00
spatel
lebedev.ri
fhahn
JudyZhu
nikic
Summary

Before this change LLVM cannot perform any of following transformation:

memset(malloc(x), 0, x) --> calloc(1, x)
memset(calloc(1, x), 0, x) --> calloc(1, x)

However GCC is able to do that: https://godbolt.org/z/Ef94je4KP

Both transformations are connected especially when malloc is followed by more then one memset.
Therefore both transformations can be handled together in same code paths by SimplifyLibCalls.
It's very common to have malloc and memset in different blocks like in addressed PR:
https://bugs.llvm.org/show_bug.cgi?id=25892
This patch detects common pattern (icmp+br) and examine affected basic blocks conservatively looking for
intermediate store-like instructions. The change is loosely based on previous PR-related work:
https://reviews.llvm.org/D93360 and https://reviews.llvm.org/D16337.

TODO: Integrate with DSE.
TODO: Extract tests into NFC part.

Diff Detail

Unit TestsFailed

TimeTest
750 msx64 debian > AddressSanitizer-x86_64-linux-dynamic.TestCases::heap-overflow.cpp
1,500 msx64 debian > AddressSanitizer-x86_64-linux.TestCases::heap-overflow.cpp

Event Timeline

yurai007 created this revision.Apr 23 2021, 9:15 AM
Herald added a subscriber: hiraditya. · View Herald TranscriptApr 23 2021, 9:15 AM
yurai007 requested review of this revision.Apr 23 2021, 9:15 AM
Herald added a project: Restricted Project. · View Herald TranscriptApr 23 2021, 9:15 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
yurai007 edited the summary of this revision. (Show Details)Apr 23 2021, 9:15 AM
yurai007 added inline comments.
llvm/lib/Transforms/Utils/SimplifyLibCalls.cpp
1207

It's lightweight but very conservative approach. Anyway it's good enough to transform many simple cases (take a look at tests to get idea)
and in particular to satisfy PR case. However we could use alias analysis instead simple scan and in consequence transform more complex scenarios with intermediate store-like instructions. I guess it's feasible but also more intrusive way - keep in in mind currently SimplifyLibCalls knows nothing about AA. Anyway I can go in this direction if you are interested.

xbolva00 added a reviewer: nikic.Apr 23 2021, 12:11 PM
Harbormaster completed remote builds in B100596: Diff 340066.Apr 23 2021, 12:30 PM
xbolva00 added a subscriber: efriedma.Apr 27 2021, 6:19 AM

I am still not sure if this is the place for such transformation (just look how many new lines of code are needed...)

cc @fhahn @efriedma @nikic as they are more experienced and may recommend better place for this transformation.

efriedma added a comment.Apr 27 2021, 1:11 PM

I would think this naturally slots into some pass that's already doing the relevant dependence analysis, like DSE or memcpyopt.

yurai007 mentioned this in D100724: [SimplifyLibCalls] Transform printf("%s", str) --> puts(str)/noop..Apr 28 2021, 3:34 AM
yurai007 added a comment.Apr 28 2021, 3:53 AM

@efriedma @xbolva00 : Ok. I can try to integrate this with memcpyopt or DCE. It should simplify scanning stores part. Not sure if it's possible to get rid of rest.
For example we still need to perform malloc/calloc checks (for now memcpyopt knows nothing about allocation functions) and some kind of matching for icmp+br pattern.

yurai007 added a comment.Apr 28 2021, 4:18 AM

I meant *DSE ofc.

efriedma added a comment.May 6 2021, 1:04 PM

some kind of matching for icmp+br pattern.

Do you actually need to check this? The transform is correct either way... although maybe it's a bit dubious to transform malloc->calloc if the memset is rarely executed and/or smaller than the allocation.

DSE currently includes optimizations for memset of calloc.

yurai007 added a comment.May 7 2021, 4:55 AM

Do you actually need to check this? The transform is correct either way... although maybe it's a bit dubious to transform malloc->calloc if the memset is rarely executed and/or smaller than the allocation.

It may be redundant. Patch is inspired by previous work and by GCC solution: https://patchwork.ozlabs.org/project/gcc/patch/alpine.DEB.2.02.1402282337290.27023@stedding.saclay.inria.fr/ .
In both cases they do such matching which doesn't mean yet it's crucial.

DSE currently includes optimizations for memset of calloc.

I assume you mean recent: https://reviews.llvm.org/D101391. Yes, it would be good to integrate this change with DSE on top of D101391.

yurai007 edited the summary of this revision. (Show Details)May 7 2021, 4:55 AM
xbolva00 added a subscriber: jdoerfert.May 7 2021, 5:10 AM

Hello, some days ago I was looking at it.

proof of concept code: https://pastebin.com/V8m1v03a

but then I hit same issue as for calloc, you can read about it here: https://reviews.llvm.org/D101440, especially my last comments: https://reviews.llvm.org/D101440#inline-959170

We fails to find def - malloc call, since malloc is marked with inaccessiblememonly. Looks like inaccessiblememonly does not fit well for allocation functions.

Obvious fix is to remove inaccessiblememonly from (m)alloc functions and my POC code should work.. But maybe we could find better solution?

Opinions?

cc @fhahn @nikic @jdoerfert

yurai007 added a comment.May 24 2021, 2:37 AM

Hi, I found time to look into it and put response in original chain: https://reviews.llvm.org/D101440#inline-959170

yurai007 added a comment.May 31 2021, 11:21 AM

Abandoned because of better approach: https://reviews.llvm.org/D103009

yurai007 abandoned this revision.May 31 2021, 11:21 AM
yurai007 mentioned this in D108485: [DSE] Check post-dominance for malloc+memset->calloc transform..Aug 21 2021, 2:56 AM

Revision Contents

PathSize
llvm/
include/
llvm/
Transforms/
Utils/
2 lines
lib/
Transforms/
Utils/
120 lines
test/
Transforms/
InstCombine/
91 lines

Diff 340066

llvm/include/llvm/Transforms/Utils/SimplifyLibCalls.h

Show First 20 LinesShow All 126 Lines▼ Show 20 Linesprivate:
void eraseFromParent(Instruction *I); void eraseFromParent(Instruction *I);
/// Replace an instruction with a value and erase it from its parent. /// Replace an instruction with a value and erase it from its parent.
void substituteInParent(Instruction *I, Value *With) { void substituteInParent(Instruction *I, Value *With) {
replaceAllUsesWith(I, With); replaceAllUsesWith(I, With);
eraseFromParent(I); eraseFromParent(I);
} }
Value *foldMallocMemset(CallInst *Memset, IRBuilderBase &B); Value *foldAllocMemset(CallInst *Memset, IRBuilderBase &B);
public: public:
LibCallSimplifier( LibCallSimplifier(
const DataLayout &DL, const TargetLibraryInfo *TLI, const DataLayout &DL, const TargetLibraryInfo *TLI,
OptimizationRemarkEmitter &ORE, OptimizationRemarkEmitter &ORE,
BlockFrequencyInfo *BFI, ProfileSummaryInfo *PSI, BlockFrequencyInfo *BFI, ProfileSummaryInfo *PSI,
function_ref<void(Instruction *, Value *)> Replacer = function_ref<void(Instruction *, Value *)> Replacer =
&replaceAllUsesWithDefault, &replaceAllUsesWithDefault,
▲ Show 20 LinesShow All 103 LinesShow Last 20 Lines

llvm/lib/Transforms/Utils/SimplifyLibCalls.cpp

Show First 20 LinesShow All 1,149 Lines▼ Show 20 LinesValue *LibCallSimplifier::optimizeMemMove(CallInst *CI, IRBuilderBase &B) {
CallInst *NewCI = B.CreateMemMove(CI->getArgOperand(0), Align(1), CallInst *NewCI = B.CreateMemMove(CI->getArgOperand(0), Align(1),
CI->getArgOperand(1), Align(1), Size); CI->getArgOperand(1), Align(1), Size);
NewCI->setAttributes(CI->getAttributes()); NewCI->setAttributes(CI->getAttributes());
NewCI->removeAttributes(AttributeList::ReturnIndex, NewCI->removeAttributes(AttributeList::ReturnIndex,
AttributeFuncs::typeIncompatible(NewCI->getType())); AttributeFuncs::typeIncompatible(NewCI->getType()));
return CI->getArgOperand(0); return CI->getArgOperand(0);
} }
/// Fold memset[_chk](malloc(n), 0, n) --> calloc(1, n). /// Fold memset(malloc(n), 0, n) --> calloc(1, n).
Value *LibCallSimplifier::foldMallocMemset(CallInst *Memset, IRBuilderBase &B) { /// Fold memset(calloc(n, m), 0, k) --> calloc(n, m).
Value *LibCallSimplifier::foldAllocMemset(CallInst *Memset, IRBuilderBase &B) {
if (!isa<IntrinsicInst>(Memset))
return nullptr;
if (auto *MemSetInstr = dyn_cast_or_null<MemSetInst>(Memset)) {
if (MemSetInstr->getVolatileCst() ==
ConstantInt::getTrue(Memset->getContext()))
return nullptr;
if (MemSetInstr->getRawDest()->getType()->getPointerAddressSpace() != 0)
return nullptr;
}
// This has to be a memset of zeros (bzero). // This has to be a memset of zeros (bzero).
auto *FillValue = dyn_cast<ConstantInt>(Memset->getArgOperand(1)); auto *FillValue = dyn_cast<ConstantInt>(Memset->getArgOperand(1));
if (!FillValue || FillValue->getZExtValue() != 0) if (!FillValue || FillValue->getZExtValue() != 0)
return nullptr; return nullptr;
// TODO: We should handle the case where the malloc has more than one use. auto canRemoveMemsetAfterAllocCall = [](CallInst *Alloc, CallInst *Memset) {
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for variable 'canRemoveMemsetAfterAllocCall' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for variable 'canRemoveMemsetAfterAllocCall'…
// This is necessary to optimize common patterns such as when the result of if (Alloc->hasOneUse())
// the malloc is checked against null or when a memset intrinsic is used in return true;
// place of a memset library call. BasicBlock *AllocBB = Alloc->getParent(), *MemsetBB = Memset->getParent();
auto *Malloc = dyn_cast<CallInst>(Memset->getArgOperand(0)); // If alloc call and memset are in different blocks then
if (!Malloc || !Malloc->hasOneUse()) // make sure AllocBB ends matching to following sequence:
// %cmp = icmp _ %call, null
// br %cmp, _, memsetBB
if (AllocBB != MemsetBB) {
if (MemsetBB->getSinglePredecessor() != AllocBB)
return false;
Value *Op = Memset->getArgOperand(0);
Instruction *TI = AllocBB->getTerminator();
ICmpInst::Predicate Pred;
BasicBlock *TrueBB, *FalseBB;
if (!match(TI,
m_Br(m_ICmp(Pred,
m_CombineOr(m_Specific(Op),
m_Specific(Op->stripPointerCasts())),
m_Zero()),
TrueBB, FalseBB)))
return false;
if (Pred != ICmpInst::ICMP_EQ && Pred != ICmpInst::ICMP_NE)
return false;
if (MemsetBB != (Pred == ICmpInst::ICMP_EQ ? FalseBB : TrueBB))
return false;
}
// Conservatively search for writes to make sure alloc'd memory is not used
// before memset. We don't perform any sophisticated alias analysis here.
// Check AllocBB starting from alloc successor.
for (BasicBlock::iterator Scan = ++(Alloc->getIterator()),
yurai007AuthorUnsubmitted
Done
ReplyInline Actions

It's lightweight but very conservative approach. Anyway it's good enough to transform many simple cases (take a look at tests to get idea)
and in particular to satisfy PR case. However we could use alias analysis instead simple scan and in consequence transform more complex scenarios with intermediate store-like instructions. I guess it's feasible but also more intrusive way - keep in in mind currently SimplifyLibCalls knows nothing about AA. Anyway I can go in this direction if you are interested.

yurai007: It's lightweight but very conservative approach. Anyway it's good enough to transform many…
End = AllocBB->end();
Scan != End; ++Scan) {
if (&*Scan == Memset)
break;
if (Scan->mayWriteToMemory())
return false;
}
// Check MemsetBB ending at memset.
if (AllocBB != MemsetBB)
for (BasicBlock::iterator Scan = MemsetBB->begin(),
End = Memset->getIterator();
Scan != End; ++Scan) {
if (Scan->mayWriteToMemory())
return false;
}
return true;
};
auto *Alloc = dyn_cast<CallInst>(Memset->getArgOperand(0));
if (!Alloc)
return nullptr; return nullptr;
// Is the inner call really malloc()? Function *InnerCallee = Alloc->getCalledFunction();
Function *InnerCallee = Malloc->getCalledFunction();
if (!InnerCallee) if (!InnerCallee)
return nullptr; return nullptr;
LibFunc Func; LibFunc Func;
// Is the inner call really malloc() or calloc()?
if (!TLI->getLibFunc(*InnerCallee, Func) || !TLI->has(Func) || if (!TLI->getLibFunc(*InnerCallee, Func) || !TLI->has(Func) ||
Func != LibFunc_malloc) (Func != LibFunc_malloc && Func != LibFunc_calloc))
return nullptr; return nullptr;
// The memset must cover the same number of bytes that are malloc'd. // The memset must cover the same number of bytes that are malloc'd.
if (Memset->getArgOperand(2) != Malloc->getArgOperand(0)) if (Func == LibFunc_malloc &&
(Memset->getArgOperand(2) != Alloc->getArgOperand(0)))
return nullptr;
// We should handle the case where the malloc/calloc has more than one use.
// This is necessary to optimize common patterns such as when the result of
// the malloc/calloc is checked against null or when a memset intrinsic is
// used in place of a memset library call.
if (!canRemoveMemsetAfterAllocCall(Alloc, Memset))
return nullptr; return nullptr;
// Replace the malloc with a calloc. We need the data layout to know what the // Memset is redundant. Replace it with existing calloc.
// actual size of a 'size_t' parameter is. if (Func == LibFunc_calloc)
B.SetInsertPoint(Malloc->getParent(), ++Malloc->getIterator()); return Memset->getArgOperand(0);
const DataLayout &DL = Malloc->getModule()->getDataLayout(); // Memset is redundant and malloc can be replaced with calloc.
// We need the data layout to know what the actual size of a 'size_t'
// parameter is.
B.SetInsertPoint(Alloc->getParent(), ++Alloc->getIterator());
const DataLayout &DL = Alloc->getModule()->getDataLayout();
IntegerType *SizeType = DL.getIntPtrType(B.GetInsertBlock()->getContext()); IntegerType *SizeType = DL.getIntPtrType(B.GetInsertBlock()->getContext());
if (Value *Calloc = emitCalloc(ConstantInt::get(SizeType, 1), if (Value *Calloc =
Malloc->getArgOperand(0), emitCalloc(ConstantInt::get(SizeType, 1), Alloc->getArgOperand(0),
Malloc->getAttributes(), B, *TLI)) { Alloc->getAttributes(), B, *TLI)) {
substituteInParent(Malloc, Calloc); substituteInParent(Alloc, Calloc);
return Calloc; return Calloc;
} }
return nullptr; return nullptr;
} }
Value *LibCallSimplifier::optimizeMemSet(CallInst *CI, IRBuilderBase &B) { Value *LibCallSimplifier::optimizeMemSet(CallInst *CI, IRBuilderBase &B) {
Value *Size = CI->getArgOperand(2); Value *Size = CI->getArgOperand(2);
annotateNonNullAndDereferenceable(CI, 0, Size, DL); annotateNonNullAndDereferenceable(CI, 0, Size, DL);
if (auto *Calloc = foldAllocMemset(CI, B))
return Calloc;
if (isa<IntrinsicInst>(CI)) if (isa<IntrinsicInst>(CI))
return nullptr; return nullptr;
if (auto *Calloc = foldMallocMemset(CI, B))
return Calloc;
// memset(p, v, n) -> llvm.memset(align 1 p, v, n) // memset(p, v, n) -> llvm.memset(align 1 p, v, n)
Value *Val = B.CreateIntCast(CI->getArgOperand(1), B.getInt8Ty(), false); Value *Val = B.CreateIntCast(CI->getArgOperand(1), B.getInt8Ty(), false);
CallInst *NewCI = B.CreateMemSet(CI->getArgOperand(0), Val, Size, Align(1)); CallInst *NewCI = B.CreateMemSet(CI->getArgOperand(0), Val, Size, Align(1));
NewCI->setAttributes(CI->getAttributes()); NewCI->setAttributes(CI->getAttributes());
NewCI->removeAttributes(AttributeList::ReturnIndex, NewCI->removeAttributes(AttributeList::ReturnIndex,
AttributeFuncs::typeIncompatible(NewCI->getType())); AttributeFuncs::typeIncompatible(NewCI->getType()));
return CI->getArgOperand(0); return CI->getArgOperand(0);
} }
▲ Show 20 LinesShow All 1,828 Lines▼ Show 20 Lines if (IntrinsicInst *II = dyn_cast<IntrinsicInst>(CI)) {
case Intrinsic::exp2: case Intrinsic::exp2:
return optimizeExp2(CI, Builder); return optimizeExp2(CI, Builder);
case Intrinsic::log: case Intrinsic::log:
case Intrinsic::log2: case Intrinsic::log2:
case Intrinsic::log10: case Intrinsic::log10:
return optimizeLog(CI, Builder); return optimizeLog(CI, Builder);
case Intrinsic::sqrt: case Intrinsic::sqrt:
return optimizeSqrt(CI, Builder); return optimizeSqrt(CI, Builder);
// TODO: Use foldMallocMemset() with memset intrinsic. // TODO: Use foldAllocMemset() with memset intrinsic.
case Intrinsic::memset: case Intrinsic::memset:
return optimizeMemSet(CI, Builder); return optimizeMemSet(CI, Builder);
case Intrinsic::memcpy: case Intrinsic::memcpy:
return optimizeMemCpy(CI, Builder); return optimizeMemCpy(CI, Builder);
case Intrinsic::memmove: case Intrinsic::memmove:
return optimizeMemMove(CI, Builder); return optimizeMemMove(CI, Builder);
default: default:
return nullptr; return nullptr;
▲ Show 20 LinesShow All 206 Lines▼ Show 20 Lines NewCI->removeAttributes(AttributeList::ReturnIndex,
AttributeFuncs::typeIncompatible(NewCI->getType())); AttributeFuncs::typeIncompatible(NewCI->getType()));
return CI->getArgOperand(0); return CI->getArgOperand(0);
} }
return nullptr; return nullptr;
} }
Value *FortifiedLibCallSimplifier::optimizeMemSetChk(CallInst *CI, Value *FortifiedLibCallSimplifier::optimizeMemSetChk(CallInst *CI,
IRBuilderBase &B) { IRBuilderBase &B) {
// TODO: Try foldMallocMemset() here. // TODO: Try foldAllocMemset() here.
if (isFortifiedCallFoldable(CI, 3, 2)) { if (isFortifiedCallFoldable(CI, 3, 2)) {
Value *Val = B.CreateIntCast(CI->getArgOperand(1), B.getInt8Ty(), false); Value *Val = B.CreateIntCast(CI->getArgOperand(1), B.getInt8Ty(), false);
CallInst *NewCI = B.CreateMemSet(CI->getArgOperand(0), Val, CallInst *NewCI = B.CreateMemSet(CI->getArgOperand(0), Val,
CI->getArgOperand(2), Align(1)); CI->getArgOperand(2), Align(1));
NewCI->setAttributes(CI->getAttributes()); NewCI->setAttributes(CI->getAttributes());
NewCI->removeAttributes(AttributeList::ReturnIndex, NewCI->removeAttributes(AttributeList::ReturnIndex,
AttributeFuncs::typeIncompatible(NewCI->getType())); AttributeFuncs::typeIncompatible(NewCI->getType()));
▲ Show 20 LinesShow All 251 LinesShow Last 20 Lines

llvm/test/Transforms/InstCombine/memset-1.ll

; NOTE: Assertions have been autogenerated by utils/update_test_checks.py ; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
; Test that the memset library call simplifier works correctly. ; Test that the memset library call simplifier works correctly.
; ;
; RUN: opt < %s -instcombine -S | FileCheck %s ; RUN: opt < %s -instcombine -S | FileCheck %s
target datalayout = "e-p:32:32:32-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:32:64-f32:32:32-f64:32:64-v64:64:64-v128:128:128-a0:0:64-f80:128:128" target datalayout = "e-p:32:32:32-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:32:64-f32:32:32-f64:32:64-v64:64:64-v128:128:128-a0:0:64-f80:128:128"
declare i8* @memset(i8*, i32, i32) declare i8* @memset(i8*, i32, i32)
declare void @llvm.memset.p0i8.i32(i8* nocapture writeonly, i8, i32, i32, i1) declare void @llvm.memset.p0i8.i32(i8* nocapture writeonly, i8, i32, i32, i1)
declare noalias i8* @malloc(i32) #1 declare noalias i8* @malloc(i32) #1
declare noalias i8* @calloc(i32, i32) #1
; Check memset(mem1, val, size) -> llvm.memset(mem1, val, size, 1). ; Check memset(mem1, val, size) -> llvm.memset(mem1, val, size, 1).
define i8* @test_simplify1(i8* %mem, i32 %val, i32 %size) { define i8* @test_simplify1(i8* %mem, i32 %val, i32 %size) {
; CHECK-LABEL: @test_simplify1( ; CHECK-LABEL: @test_simplify1(
; CHECK-NEXT: [[TMP1:%.*]] = trunc i32 [[VAL:%.*]] to i8 ; CHECK-NEXT: [[TMP1:%.*]] = trunc i32 [[VAL:%.*]] to i8
; CHECK-NEXT: call void @llvm.memset.p0i8.i32(i8* align 1 [[MEM:%.*]], i8 [[TMP1]], i32 [[SIZE:%.*]], i1 false) ; CHECK-NEXT: call void @llvm.memset.p0i8.i32(i8* align 1 [[MEM:%.*]], i8 [[TMP1]], i32 [[SIZE:%.*]], i1 false)
; CHECK-NEXT: ret i8* [[MEM]] ; CHECK-NEXT: ret i8* [[MEM]]
; ;
%ret = call i8* @memset(i8* %mem, i32 %val, i32 %size) %ret = call i8* @memset(i8* %mem, i32 %val, i32 %size)
ret i8* %ret ret i8* %ret
} }
define i8* @pr25892_lite(i32 %size) #0 { define i8* @pr25892_lite(i32 %size) #0 {
; CHECK-LABEL: @pr25892_lite( ; CHECK-LABEL: @pr25892_lite(
; CHECK-NEXT: [[CALLOC:%.*]] = call i8* @calloc(i32 1, i32 [[SIZE:%.*]]) ; CHECK-NEXT: [[CALLOC:%.*]] = call i8* @calloc(i32 1, i32 [[SIZE:%.*]])
; CHECK-NEXT: ret i8* [[CALLOC]] ; CHECK-NEXT: ret i8* [[CALLOC]]
; ;
%call1 = call i8* @malloc(i32 %size) #1 %call1 = call i8* @malloc(i32 %size) #1
%call2 = call i8* @memset(i8* %call1, i32 0, i32 %size) #1 %call2 = call i8* @memset(i8* %call1, i32 0, i32 %size) #1
ret i8* %call2 ret i8* %call2
} }
; FIXME: A memset intrinsic should be handled similarly to a memset() libcall. ; A memset intrinsic is handled similarly to a memset() libcall.
define i8* @malloc_and_memset_intrinsic(i32 %n) #0 { define i8* @pr25892_lite2(i32 %n) #0 {
; CHECK-LABEL: @malloc_and_memset_intrinsic( ; CHECK-LABEL: @pr25892_lite2(
; CHECK-NEXT: [[CALL:%.*]] = call i8* @malloc(i32 [[N:%.*]]) ; CHECK-NEXT: [[CALL:%.*]] = call i8* @calloc(i32 1, i32 [[N:%.*]])
; CHECK-NEXT: call void @llvm.memset.p0i8.i32(i8* align 1 [[CALL]], i8 0, i32 [[N]], i1 false)
; CHECK-NEXT: ret i8* [[CALL]] ; CHECK-NEXT: ret i8* [[CALL]]
; ;
%call = call i8* @malloc(i32 %n) %call = call i8* @malloc(i32 %n)
call void @llvm.memset.p0i8.i32(i8* %call, i8 0, i32 %n, i32 1, i1 false) call void @llvm.memset.p0i8.i32(i8* %call, i8 0, i32 %n, i32 1, i1 false)
ret i8* %call ret i8* %call
} }
; This should not create a calloc and should not crash the compiler. ; This should not create a calloc and should not crash the compiler.
define i8* @notmalloc_memset(i32 %size, i8*(i32)* %notmalloc) { define i8* @notmalloc_memset(i32 %size, i8*(i32)* %notmalloc) {
; CHECK-LABEL: @notmalloc_memset( ; CHECK-LABEL: @notmalloc_memset(
; CHECK-NEXT: [[CALL1:%.*]] = call i8* [[NOTMALLOC:%.*]](i32 [[SIZE:%.*]]) [[ATTR0:#.*]] ; CHECK-NEXT: [[CALL1:%.*]] = call i8* [[NOTMALLOC:%.*]](i32 [[SIZE:%.*]]) [[ATTR0:#.*]]
; CHECK-NEXT: call void @llvm.memset.p0i8.i32(i8* align 1 [[CALL1]], i8 0, i32 [[SIZE]], i1 false) [[ATTR0]] ; CHECK-NEXT: call void @llvm.memset.p0i8.i32(i8* align 1 [[CALL1]], i8 0, i32 [[SIZE]], i1 false) [[ATTR0]]
; CHECK-NEXT: ret i8* [[CALL1]] ; CHECK-NEXT: ret i8* [[CALL1]]
; ;
%call1 = call i8* %notmalloc(i32 %size) #1 %call1 = call i8* %notmalloc(i32 %size) #1
%call2 = call i8* @memset(i8* %call1, i32 0, i32 %size) #1 %call2 = call i8* @memset(i8* %call1, i32 0, i32 %size) #1
ret i8* %call2 ret i8* %call2
} }
; FIXME: memset(malloc(x), 0, x) -> calloc(1, x) ; memset(malloc(x), 0, x) -> calloc(1, x)
; This doesn't fire currently because the malloc has more than one use.
define float* @pr25892(i32 %size) #0 { define float* @pr25892(i32 %size) #0 {
; CHECK-LABEL: @pr25892( ; CHECK-LABEL: @pr25892(
; CHECK-NEXT: entry: ; CHECK-NEXT: entry:
; CHECK-NEXT: [[CALL:%.*]] = call i8* @calloc(i32 1, i32 [[SIZE:%.*]])
; CHECK-NEXT: [[CMP:%.*]] = icmp eq i8* [[CALL]], null
; CHECK-NEXT: br i1 [[CMP]], label [[CLEANUP:%.*]], label [[IF_END:%.*]]
; CHECK: if.end:
; CHECK-NEXT: [[BC:%.*]] = bitcast i8* [[CALL]] to float*
; CHECK-NEXT: br label [[CLEANUP]]
; CHECK: cleanup:
; CHECK-NEXT: [[RETVAL_0:%.*]] = phi float* [ [[BC]], [[IF_END]] ], [ null, [[ENTRY:%.*]] ]
; CHECK-NEXT: ret float* [[RETVAL_0]]
;
entry:
%call = tail call i8* @malloc(i32 %size) #1
%cmp = icmp eq i8* %call, null
br i1 %cmp, label %cleanup, label %if.end
if.end:
%bc = bitcast i8* %call to float*
%call2 = tail call i8* @memset(i8* nonnull %call, i32 0, i32 %size) #1
br label %cleanup
cleanup:
%retval.0 = phi float* [ %bc, %if.end ], [ null, %entry ]
ret float* %retval.0
}
declare void @clobber_memory(float*)
; Don't perform PR25892 optimization when clobbering
define float* @pr25892_with_clobbering(i32 %size) #0 {
; CHECK-LABEL: @pr25892_with_clobbering(
; CHECK-NEXT: entry:
; CHECK-NEXT: [[CALL:%.*]] = tail call i8* @malloc(i32 [[SIZE:%.*]]) [[ATTR0]] ; CHECK-NEXT: [[CALL:%.*]] = tail call i8* @malloc(i32 [[SIZE:%.*]]) [[ATTR0]]
; CHECK-NEXT: [[CMP:%.*]] = icmp eq i8* [[CALL]], null ; CHECK-NEXT: [[CMP:%.*]] = icmp eq i8* [[CALL]], null
; CHECK-NEXT: br i1 [[CMP]], label [[CLEANUP:%.*]], label [[IF_END:%.*]] ; CHECK-NEXT: br i1 [[CMP]], label [[CLEANUP:%.*]], label [[IF_END:%.*]]
; CHECK: if.end: ; CHECK: if.end:
; CHECK-NEXT: [[BC:%.*]] = bitcast i8* [[CALL]] to float* ; CHECK-NEXT: [[BC:%.*]] = bitcast i8* [[CALL]] to float*
; CHECK-NEXT: tail call void @clobber_memory(float* nonnull [[BC]])
; CHECK-NEXT: call void @llvm.memset.p0i8.i32(i8* nonnull align 1 [[CALL]], i8 0, i32 [[SIZE]], i1 false) [[ATTR0]] ; CHECK-NEXT: call void @llvm.memset.p0i8.i32(i8* nonnull align 1 [[CALL]], i8 0, i32 [[SIZE]], i1 false) [[ATTR0]]
; CHECK-NEXT: br label [[CLEANUP]] ; CHECK-NEXT: br label [[CLEANUP]]
; CHECK: cleanup: ; CHECK: cleanup:
; CHECK-NEXT: [[RETVAL_0:%.*]] = phi float* [ [[BC]], [[IF_END]] ], [ null, [[ENTRY:%.*]] ] ; CHECK-NEXT: [[RETVAL_0:%.*]] = phi float* [ [[BC]], [[IF_END]] ], [ null, [[ENTRY:%.*]] ]
; CHECK-NEXT: ret float* [[RETVAL_0]] ; CHECK-NEXT: ret float* [[RETVAL_0]]
; ;
entry: entry:
%call = tail call i8* @malloc(i32 %size) #1 %call = tail call i8* @malloc(i32 %size) #1
%cmp = icmp eq i8* %call, null %cmp = icmp eq i8* %call, null
br i1 %cmp, label %cleanup, label %if.end br i1 %cmp, label %cleanup, label %if.end
if.end: if.end:
%bc = bitcast i8* %call to float* %bc = bitcast i8* %call to float*
tail call void @clobber_memory(float* %bc)
%call2 = tail call i8* @memset(i8* nonnull %call, i32 0, i32 %size) #1 %call2 = tail call i8* @memset(i8* nonnull %call, i32 0, i32 %size) #1
br label %cleanup br label %cleanup
cleanup: cleanup:
%retval.0 = phi float* [ %bc, %if.end ], [ null, %entry ] %retval.0 = phi float* [ %bc, %if.end ], [ null, %entry ]
ret float* %retval.0 ret float* %retval.0
} }
; If there's a calloc transform, the store must also be eliminated. ; If there's a calloc transform, the store must also be eliminated.
define i8* @buffer_is_modified_then_memset(i32 %size) { define i8* @buffer_is_modified_then_memset(i32 %size) {
; CHECK-LABEL: @buffer_is_modified_then_memset( ; CHECK-LABEL: @buffer_is_modified_then_memset(
; CHECK-NEXT: [[PTR:%.*]] = tail call i8* @malloc(i32 [[SIZE:%.*]]) [[ATTR0]] ; CHECK-NEXT: [[PTR:%.*]] = tail call i8* @malloc(i32 [[SIZE:%.*]]) [[ATTR0]]
; CHECK-NEXT: store i8 1, i8* [[PTR]], align 1 ; CHECK-NEXT: store i8 1, i8* [[PTR]], align 1
; CHECK-NEXT: call void @llvm.memset.p0i8.i32(i8* nonnull align 1 [[PTR]], i8 0, i32 [[SIZE]], i1 false) [[ATTR0]] ; CHECK-NEXT: call void @llvm.memset.p0i8.i32(i8* nonnull align 1 [[PTR]], i8 0, i32 [[SIZE]], i1 false) [[ATTR0]]
; CHECK-NEXT: ret i8* [[PTR]] ; CHECK-NEXT: ret i8* [[PTR]]
; ;
%ptr = tail call i8* @malloc(i32 %size) #1 %ptr = tail call i8* @malloc(i32 %size) #1
store i8 1, i8* %ptr ;; fdata[0] = 1; store i8 1, i8* %ptr ;; fdata[0] = 1;
%memset = tail call i8* @memset(i8* nonnull %ptr, i32 0, i32 %size) #1 %memset = tail call i8* @memset(i8* nonnull %ptr, i32 0, i32 %size) #1
ret i8* %memset ret i8* %memset
} }
; memset(calloc(n, m), 0, n * m) --> calloc(n, m)
define i8* @test_remove_memset1() {
; CHECK-LABEL: @test_remove_memset1(
; CHECK-NEXT: [[PTR:%.*]] = call dereferenceable_or_null(24) i8* @calloc(i32 1, i32 24)
; CHECK-NEXT: ret i8* [[PTR]]
;
%1 = call i8* @calloc(i32 1, i32 24) #1
%2 = call i8* @memset(i8* nonnull %1, i32 0, i32 24)
ret i8* %2
}
; memset(calloc(n, m), 0, k) --> calloc(n, m)
define i8* @test_remove_memset2() {
; CHECK-LABEL: @test_remove_memset2(
; CHECK-NEXT: [[PTR:%.*]] = call dereferenceable_or_null(32) i8* @calloc(i32 8, i32 4)
; CHECK-NEXT: ret i8* [[PTR]]
%1 = alloca float*, align 8
%2 = call i8* @calloc(i32 8, i32 4) #1
%3 = bitcast i8* %2 to float*
store float* %3, float** %1, align 8
%4 = load float*, float** %1, align 8
%5 = bitcast float* %4 to i8*
%6 = call i8* @memset(i8* nonnull %5, i32 0, i32 24)
ret i8* %6
}
; 1. memset(malloc(x), 0, x) -> calloc(1, x)
; 2. memset(calloc(1, x), 0, x) --> calloc(1, x)
define i8* @test_remove_memsets_and_emit_calloc() {
; CHECK-LABEL: @test_remove_memsets_and_emit_calloc(
; CHECK-NEXT: [[PTR:%.*]] = call dereferenceable_or_null(42) i8* @calloc(i32 1, i32 42)
; CHECK-NEXT: ret i8* [[PTR]]
%1 = alloca i8*, align 8
%2 = call i8* @malloc(i32 42) #1
store i8* %2, i8** %1, align 8
%3 = load i8*, i8** %1, align 8
%m1 = call i8* @memset(i8* nonnull %3, i32 0, i32 42)
%4 = load i8*, i8** %1, align 8
%m2 = call i8* @memset(i8* nonnull %4, i32 0, i32 42)
%5 = load i8*, i8** %1, align 8
ret i8* %5
}
define i8* @memset_size_select(i1 %b, i8* %ptr) { define i8* @memset_size_select(i1 %b, i8* %ptr) {
; CHECK-LABEL: @memset_size_select( ; CHECK-LABEL: @memset_size_select(
; CHECK-NEXT: [[SIZE:%.*]] = select i1 [[B:%.*]], i32 10, i32 50 ; CHECK-NEXT: [[SIZE:%.*]] = select i1 [[B:%.*]], i32 10, i32 50
; CHECK-NEXT: call void @llvm.memset.p0i8.i32(i8* noundef nonnull align 1 dereferenceable(10) [[PTR:%.*]], i8 0, i32 [[SIZE]], i1 false) [[ATTR0]] ; CHECK-NEXT: call void @llvm.memset.p0i8.i32(i8* noundef nonnull align 1 dereferenceable(10) [[PTR:%.*]], i8 0, i32 [[SIZE]], i1 false) [[ATTR0]]
; CHECK-NEXT: ret i8* [[PTR]] ; CHECK-NEXT: ret i8* [[PTR]]
; ;
%size = select i1 %b, i32 10, i32 50 %size = select i1 %b, i32 10, i32 50
%memset = tail call i8* @memset(i8* nonnull %ptr, i32 0, i32 %size) #1 %memset = tail call i8* @memset(i8* nonnull %ptr, i32 0, i32 %size) #1
▲ Show 20 LinesShow All 102 LinesShow Last 20 Lines