This is an archive of the discontinued LLVM Phabricator instance.

Differential D47088

Fix aliasing of launder.invariant.group
ClosedPublic

Authored by Prazek on May 18 2018, 3:05 PM.

Details

Reviewers
hfinkel
rsmith
chandlerc
amharc
kuhar
nlopes
xbolva00
Commits
rGd6f7346a4b4b: Fix aliasing of launder.invariant.group
rL333070: Fix aliasing of launder.invariant.group
Summary

Patch for capture tracking broke
bootstrap of clang with -fstict-vtable-pointers
which resulted in debbugging nightmare. It was fixed
https://reviews.llvm.org/D46900 but as it turned
out, there were other parts like inliner (computing of
noalias metadata) that I found after bootstraping with enabled
assertions.

Diff Detail

Event Timeline

Prazek created this revision.May 18 2018, 3:05 PM
Herald added subscribers: hiraditya, eraman, JDevlieghere. · View Herald TranscriptMay 18 2018, 3:05 PM
Prazek added a parent revision: D45320: [MemDep] Fixed handling of invariant.group.May 18 2018, 3:06 PM
kuhar added inline comments.May 18 2018, 3:14 PM
llvm/lib/Analysis/BasicAliasAnalysis.cpp
135

Why was the previous change reverted here?

llvm/test/Transforms/Inline/launder.invariant.group.ll
6

nit: its

Prazek marked an inline comment as done.May 18 2018, 3:27 PM
Prazek added inline comments.
llvm/lib/Analysis/BasicAliasAnalysis.cpp
135

Because it is not needed now, check comment I left on line 1625

1623

We never go to this branch, because O1 and O2 are the same by changing GetUnderlyingObject

kuhar added inline comments.May 18 2018, 3:29 PM
llvm/lib/Analysis/BasicAliasAnalysis.cpp
135

Makes sense, thanks

hfinkel added a comment.May 18 2018, 3:41 PM

Is there some general principle we can outline to describe where these updates are needed?

Prazek marked 4 inline comments as done.EditedMay 18 2018, 3:51 PM
In D47088#1105258, @hfinkel wrote:

Is there some general principle we can outline to describe where these updates are needed?

I am not sure how to do it right since I am not that familiar with this codebase. Maybe we can make function like

// This function can be used only for aliasing properties. You CAN'T use it to replace
// one value with another!
bool getArgumentAliasingToReturnedPointer(Function *F) {
  if (Value *RV = CS.getReturnedArgOperand())
      return RV;
  if (CS.getIntrinsicID() == Intrinsic::launder_invariant_group)
      return CS.getArgOperand(0);

  return nullptr;    
}

And use it in the places that I modified. Unfortunately it will not change CaptureTracking, because it goes top-down instead of bottom-up.

How does it sound to you?

hfinkel added a comment.May 18 2018, 4:27 PM
In D47088#1105280, @Prazek wrote:
In D47088#1105258, @hfinkel wrote:

Is there some general principle we can outline to describe where these updates are needed?

I am not sure how to do it right since I am not that familiar with this codebase. Maybe we can make function like

// This function can be used only for aliasing properties. You CAN'T use it to replace
// one value with another!
bool getArgumentAliasingToReturnedPointer(Function *F) {
  if (Value *RV = CS.getReturnedArgOperand())
      return RV;
  if (CS.getIntrinsicID() == Intrinsic::launder_invariant_group)
      return CS.getArgOperand(0);

  return nullptr;    
}

I think this refactoring makes sense. However...

And use it in the places that I modified.

What I want to know is: how did you decide what had to be modified? Did you just look for every place that handles returned arguments? If you had to describe to someone how to find the places that need modification, how would you do it? (because that's what we need in the comment).

Unfortunately it will not change CaptureTracking, because it goes top-down instead of bottom-up.

How does it sound to you?

Prazek marked an inline comment as done.May 18 2018, 4:39 PM
In D47088#1105338, @hfinkel wrote:

What I want to know is: how did you decide what had to be modified? Did you just look for every place that handles returned arguments? If you had to describe to someone how to find the places that need modification, how would you do it? (because that's what we need in the comment).

Yes, I pretty much checked every place that uses CaptureTracking and looked for special handling of calls or uses of getUnerlyingObject.

hfinkel added a comment.May 18 2018, 5:10 PM
In D47088#1105350, @Prazek wrote:
In D47088#1105338, @hfinkel wrote:

What I want to know is: how did you decide what had to be modified? Did you just look for every place that handles returned arguments? If you had to describe to someone how to find the places that need modification, how would you do it? (because that's what we need in the comment).

Yes, I pretty much checked every place that uses CaptureTracking and looked for special handling of calls or uses of getUnerlyingObject.

Okay.

Prazek updated this revision to Diff 147626.May 18 2018, 5:37 PM

Refactored code to getArgumentAliasingToReturnedPointer and added few comments.
Please check out isKnownNonZero, as I think it could also use getArgumentAliasingToReturnedPointer.

Prazek added a reviewer: nlopes.May 18 2018, 6:24 PM
hfinkel added a comment.May 18 2018, 6:43 PM

Some of these changes are required for correctness, right? For those, please specifically add a comment near those explaining why.

llvm/include/llvm/Analysis/ValueTracking.h
588

Extra whitespace change?

Prazek updated this revision to Diff 147656.May 19 2018, 4:47 AM
Prazek marked an inline comment as done.

Added comments

amharc accepted this revision.May 19 2018, 5:00 AM

Of course, you should wait for an LGTM from someone more competent than me ;)

llvm/lib/Analysis/CaptureTracking.cpp
253

nit: do not capture

This revision is now accepted and ready to land.May 19 2018, 5:00 AM
Prazek updated this revision to Diff 147657.May 19 2018, 5:12 AM
Prazek marked an inline comment as done.
  • Fixed nit
xbolva00 added a subscriber: xbolva00.May 19 2018, 5:30 AM
xbolva00 added inline comments.
llvm/lib/Analysis/ValueTracking.cpp
3388

Why assert here?

Prazek added inline comments.May 19 2018, 5:37 AM
llvm/lib/Analysis/ValueTracking.cpp
3388

It is possible that this funciton would return nullptr if passed null CS,
but such function would be harder to reason about. In this case I assume that caller checked the the instruction is a CallSite, the same way as is done with different functions.

xbolva00 added inline comments.May 19 2018, 5:40 AM
llvm/lib/Analysis/ValueTracking.cpp
3388

Can you add a info message into assert then?
assert (CS && "...");

Prazek updated this revision to Diff 147658.May 19 2018, 5:49 AM
Prazek marked 3 inline comments as done.
  • use getArgumentAliasingToReturnedPointer as it does not change behavior
llvm/lib/Analysis/ValueTracking.cpp
3388

sure, make sense

xbolva00 accepted this revision.May 19 2018, 5:54 AM
hfinkel added inline comments.May 19 2018, 8:29 AM
llvm/lib/Analysis/BasicAliasAnalysis.cpp
435

Please explain here *how* this keeps this in sync. There's no obvious use of CaptureTracking here.

llvm/lib/Analysis/ValueTracking.cpp
3450

Same here. Please explain how this helps to keep tings in sync with CaptureTracking. There's some implicit contract here between these functions that we need to document explicitly.

Prazek marked an inline comment as done.May 19 2018, 3:25 PM
Prazek marked 2 inline comments as done.May 19 2018, 4:03 PM
Prazek added inline comments.
llvm/lib/Analysis/BasicAliasAnalysis.cpp
435

I updated the comment, but I have a new idea how to make it better. I will refactor the list of intrinsic to some other function, to make it always in sync.

Prazek updated this revision to Diff 147685.May 19 2018, 4:33 PM
Prazek marked an inline comment as done.
  • small refactor
llvm/lib/Analysis/ValueTracking.cpp
3399

Note that llvm.strip.invariant.group will be added in this patch
https://reviews.llvm.org/D47103

Prazek added a child revision: D47103: Implement strip.invariant.group.May 19 2018, 4:48 PM
Prazek updated this revision to Diff 147690.May 19 2018, 5:01 PM

fix name

Harbormaster completed remote builds in B18387: Diff 147690.May 19 2018, 5:01 PM
hfinkel added inline comments.May 19 2018, 10:14 PM
llvm/lib/Analysis/BasicAliasAnalysis.cpp
435

That's good, but doesn't explain why keeping these in sync is necessary for correctness. To put it another way, please explain what does wrong if these are not in sync.

Prazek updated this revision to Diff 148139.May 22 2018, 5:57 PM
  • Add more comments
Prazek marked 2 inline comments as done.May 22 2018, 5:57 PM
hfinkel accepted this revision.May 22 2018, 6:08 PM

LGTM

This is still a bit convoluted, but I think that someone can now figure out what's going on from the comments. They also raise an interesting point of whether we should somehow separate out the capture-only-by-return case from the more-general case (although that's nothing to be addressed here).

Closed by commit rL333070: Fix aliasing of launder.invariant.group (authored by Prazek). · Explain WhyMay 23 2018, 2:20 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
include/
llvm/
Analysis/
16 lines
lib/
Analysis/
19 lines
12 lines
11 lines
29 lines
test/
Analysis/
ValueTracking/
21 lines
Transforms/
Inline/
31 lines

Diff 147690

llvm/include/llvm/Analysis/ValueTracking.h

Show First 20 LinesShow All 270 Lines▼ Show 20 Linesclass Value;
/// it. /// it.
bool getConstantStringInfo(const Value *V, StringRef &Str, bool getConstantStringInfo(const Value *V, StringRef &Str,
uint64_t Offset = 0, bool TrimAtNul = true); uint64_t Offset = 0, bool TrimAtNul = true);
/// If we can compute the length of the string pointed to by the specified /// If we can compute the length of the string pointed to by the specified
/// pointer, return 'len+1'. If we can't, return 0. /// pointer, return 'len+1'. If we can't, return 0.
uint64_t GetStringLength(const Value *V, unsigned CharSize = 8); uint64_t GetStringLength(const Value *V, unsigned CharSize = 8);
/// This function returns call pointer argument that is considered the same by
/// aliasing rules. You CAN'T use it to replace one value with another.
const Value *getArgumentAliasingToReturnedPointer(ImmutableCallSite CS);
inline Value *getArgumentAliasingToReturnedPointer(CallSite CS) {
return const_cast<Value *>(
getArgumentAliasingToReturnedPointer(ImmutableCallSite(CS)));
}
// {launder,strip}.invariant.group returns pointer that aliases its argument,
// and it only captures pointer by returning it.
// These intrinsics are not marked as nocapture, because returning is
// considered as capture. The arguments are not marked as returned neither,
// because it would make it useless.
bool isIntrinsicReturningPointerAliasingArgumentWithoutCapturing(
ImmutableCallSite CS);
/// This method strips off any GEP address adjustments and pointer casts from /// This method strips off any GEP address adjustments and pointer casts from
/// the specified value, returning the original object being addressed. Note /// the specified value, returning the original object being addressed. Note
/// that the returned value has pointer type if the specified value does. If /// that the returned value has pointer type if the specified value does. If
/// the MaxLookup value is non-zero, it limits the number of instructions to /// the MaxLookup value is non-zero, it limits the number of instructions to
/// be stripped off. /// be stripped off.
Value *GetUnderlyingObject(Value *V, const DataLayout &DL, Value *GetUnderlyingObject(Value *V, const DataLayout &DL,
unsigned MaxLookup = 6); unsigned MaxLookup = 6);
inline const Value *GetUnderlyingObject(const Value *V, const DataLayout &DL, inline const Value *GetUnderlyingObject(const Value *V, const DataLayout &DL,
▲ Show 20 LinesShow All 277 Lines▼ Show 20 Linesclass Value;
/// <=s!). The truth table for both is: /// <=s!). The truth table for both is:
/// | T | F (B) /// | T | F (B)
/// T | T | F /// T | T | F
/// F | T | T /// F | T | T
/// (A) /// (A)
Optional<bool> isImpliedCondition(const Value *LHS, const Value *RHS, Optional<bool> isImpliedCondition(const Value *LHS, const Value *RHS,
const DataLayout &DL, bool LHSIsTrue = true, const DataLayout &DL, bool LHSIsTrue = true,
unsigned Depth = 0); unsigned Depth = 0);
} // end namespace llvm } // end namespace llvm
hfinkelUnsubmitted
Done
ReplyInline Actions

Extra whitespace change?

hfinkel: Extra whitespace change?
#endif // LLVM_ANALYSIS_VALUETRACKING_H #endif // LLVM_ANALYSIS_VALUETRACKING_H

llvm/lib/Analysis/BasicAliasAnalysis.cpp

Show First 20 LinesShow All 126 Lines▼ Show 20 Lines if (A->hasByValAttr() || A->hasNoAliasAttr())
return !PointerMayBeCaptured(V, false, /*StoreCaptures=*/true); return !PointerMayBeCaptured(V, false, /*StoreCaptures=*/true);
return false; return false;
} }
/// Returns true if the pointer is one which would have been considered an /// Returns true if the pointer is one which would have been considered an
/// escape by isNonEscapingLocalObject. /// escape by isNonEscapingLocalObject.
static bool isEscapeSource(const Value *V) { static bool isEscapeSource(const Value *V) {
if (auto CS = ImmutableCallSite(V)) { if (ImmutableCallSite(V))
kuharUnsubmitted
Done
ReplyInline Actions

Why was the previous change reverted here?

kuhar: Why was the previous change reverted here?
PrazekAuthorUnsubmitted
Done
ReplyInline Actions

Because it is not needed now, check comment I left on line 1625

Prazek: Because it is not needed now, check comment I left on line 1625
kuharUnsubmitted
Done
ReplyInline Actions

Makes sense, thanks

kuhar: Makes sense, thanks
// launder_invariant_group captures its argument only by returning it,
// so it might not be considered an escape by isNonEscapingLocalObject.
// Note that adding similar special cases for intrinsics in CaptureTracking
// requires handling them here too.
if (CS.getIntrinsicID() == Intrinsic::launder_invariant_group)
return false;
return true; return true;
}
if (isa<Argument>(V)) if (isa<Argument>(V))
return true; return true;
// The load case works because isNonEscapingLocalObject considers all // The load case works because isNonEscapingLocalObject considers all
// stores to be escapes (it passes true for the StoreCaptures argument // stores to be escapes (it passes true for the StoreCaptures argument
// to PointerMayBeCaptured). // to PointerMayBeCaptured).
if (isa<LoadInst>(V)) if (isa<LoadInst>(V))
▲ Show 20 LinesShow All 280 Lines▼ Show 20 Lines do {
if (Op->getOpcode() == Instruction::BitCast || if (Op->getOpcode() == Instruction::BitCast ||
Op->getOpcode() == Instruction::AddrSpaceCast) { Op->getOpcode() == Instruction::AddrSpaceCast) {
V = Op->getOperand(0); V = Op->getOperand(0);
continue; continue;
} }
const GEPOperator *GEPOp = dyn_cast<GEPOperator>(Op); const GEPOperator *GEPOp = dyn_cast<GEPOperator>(Op);
if (!GEPOp) { if (!GEPOp) {
if (auto CS = ImmutableCallSite(V)) if (auto CS = ImmutableCallSite(V)) {
if (const Value *RV = CS.getReturnedArgOperand()) { // Note: getArgumentAliasingToReturnedPointer keeps CaptureTracking in
V = RV; // sync, which is needed for correctness.
hfinkelUnsubmitted
Done
ReplyInline Actions

Please explain here *how* this keeps this in sync. There's no obvious use of CaptureTracking here.

hfinkel: Please explain here *how* this keeps this in sync. There's no obvious use of CaptureTracking…
PrazekAuthorUnsubmitted
Done
ReplyInline Actions

I updated the comment, but I have a new idea how to make it better. I will refactor the list of intrinsic to some other function, to make it always in sync.

Prazek: I updated the comment, but I have a new idea how to make it better. I will refactor the list of…
hfinkelUnsubmitted
Done
ReplyInline Actions

That's good, but doesn't explain why keeping these in sync is necessary for correctness. To put it another way, please explain what does wrong if these are not in sync.

hfinkel: That's good, but doesn't explain why keeping these in sync is necessary for correctness. To put…
if (auto *RP = getArgumentAliasingToReturnedPointer(CS)) {
V = RP;
continue; continue;
} }
}
// If it's not a GEP, hand it off to SimplifyInstruction to see if it // If it's not a GEP, hand it off to SimplifyInstruction to see if it
// can come up with something. This matches what GetUnderlyingObject does. // can come up with something. This matches what GetUnderlyingObject does.
if (const Instruction *I = dyn_cast<Instruction>(V)) if (const Instruction *I = dyn_cast<Instruction>(V))
// TODO: Get a DominatorTree and AssumptionCache and use them here // TODO: Get a DominatorTree and AssumptionCache and use them here
// (these are both now available in this function, but this should be // (these are both now available in this function, but this should be
// updated when GetUnderlyingObject is updated). TLI should be // updated when GetUnderlyingObject is updated). TLI should be
// provided also. // provided also.
▲ Show 20 LinesShow All 1,166 Lines▼ Show 20 LinesAliasResult BasicAAResult::aliasCheck(const Value *V1, uint64_t V1Size,
// don't alias any other pointer. // don't alias any other pointer.
if (const ConstantPointerNull *CPN = dyn_cast<ConstantPointerNull>(O1)) if (const ConstantPointerNull *CPN = dyn_cast<ConstantPointerNull>(O1))
if (CPN->getType()->getAddressSpace() == 0) if (CPN->getType()->getAddressSpace() == 0)
return NoAlias; return NoAlias;
if (const ConstantPointerNull *CPN = dyn_cast<ConstantPointerNull>(O2)) if (const ConstantPointerNull *CPN = dyn_cast<ConstantPointerNull>(O2))
if (CPN->getType()->getAddressSpace() == 0) if (CPN->getType()->getAddressSpace() == 0)
return NoAlias; return NoAlias;
if (O1 != O2) { if (O1 != O2) {
PrazekAuthorUnsubmitted
Done
ReplyInline Actions

We never go to this branch, because O1 and O2 are the same by changing GetUnderlyingObject

Prazek: We never go to this branch, because O1 and O2 are the same by changing GetUnderlyingObject
// If V1/V2 point to two different objects, we know that we have no alias. // If V1/V2 point to two different objects, we know that we have no alias.
if (isIdentifiedObject(O1) && isIdentifiedObject(O2)) if (isIdentifiedObject(O1) && isIdentifiedObject(O2))
return NoAlias; return NoAlias;
// Constant pointers can't alias with non-const isIdentifiedObject objects. // Constant pointers can't alias with non-const isIdentifiedObject objects.
if ((isa<Constant>(O1) && isIdentifiedObject(O2) && !isa<Constant>(O2)) || if ((isa<Constant>(O1) && isIdentifiedObject(O2) && !isa<Constant>(O2)) ||
(isa<Constant>(O2) && isIdentifiedObject(O1) && !isa<Constant>(O1))) (isa<Constant>(O2) && isIdentifiedObject(O1) && !isa<Constant>(O1)))
return NoAlias; return NoAlias;
▲ Show 20 LinesShow All 284 LinesShow Last 20 Lines

llvm/lib/Analysis/CaptureTracking.cpp

Show All 16 Lines
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "llvm/Analysis/CaptureTracking.h" #include "llvm/Analysis/CaptureTracking.h"
#include "llvm/ADT/SmallSet.h" #include "llvm/ADT/SmallSet.h"
#include "llvm/ADT/SmallVector.h" #include "llvm/ADT/SmallVector.h"
#include "llvm/Analysis/AliasAnalysis.h" #include "llvm/Analysis/AliasAnalysis.h"
#include "llvm/Analysis/CFG.h" #include "llvm/Analysis/CFG.h"
#include "llvm/Analysis/OrderedBasicBlock.h" #include "llvm/Analysis/OrderedBasicBlock.h"
#include "llvm/Analysis/ValueTracking.h"
#include "llvm/IR/CallSite.h" #include "llvm/IR/CallSite.h"
#include "llvm/IR/Constants.h" #include "llvm/IR/Constants.h"
#include "llvm/IR/Dominators.h" #include "llvm/IR/Dominators.h"
#include "llvm/IR/Instructions.h" #include "llvm/IR/Instructions.h"
#include "llvm/IR/IntrinsicInst.h" #include "llvm/IR/IntrinsicInst.h"
using namespace llvm; using namespace llvm;
▲ Show 20 LinesShow All 209 Lines▼ Show 20 Lines while (!Worklist.empty()) {
case Instruction::Invoke: { case Instruction::Invoke: {
CallSite CS(I); CallSite CS(I);
// Not captured if the callee is readonly, doesn't return a copy through // Not captured if the callee is readonly, doesn't return a copy through
// its return value and doesn't unwind (a readonly function can leak bits // its return value and doesn't unwind (a readonly function can leak bits
// by throwing an exception or not depending on the input value). // by throwing an exception or not depending on the input value).
if (CS.onlyReadsMemory() && CS.doesNotThrow() && I->getType()->isVoidTy()) if (CS.onlyReadsMemory() && CS.doesNotThrow() && I->getType()->isVoidTy())
break; break;
// launder.invariant.group only captures pointer by returning it, // The pointer is not captured if returned pointer is not captured.
// so the pointer wasn't captured if returned pointer is not captured. // NOTE: CaptureTracking users should not assume that only functions
// Note that adding similar special cases for intrinsics requires handling // marked with nocapture do not capture. This means that places like
amharcUnsubmitted
Done
ReplyInline Actions

nit: do not capture

amharc: nit: do not capture
// them in 'isEscapeSource' in BasicAA. // GetUnderlyingObject in ValueTracking or DecomposeGEPExpression
if (CS.getIntrinsicID() == Intrinsic::launder_invariant_group) { // in BasicAA also need to know about this property.
if (isIntrinsicReturningPointerAliasingArgumentWithoutCapturing(CS)) {
AddUses(I); AddUses(I);
break; break;
} }
// Volatile operations effectively capture the memory location that they // Volatile operations effectively capture the memory location that they
// load and store to. // load and store to.
if (auto *MI = dyn_cast<MemIntrinsic>(I)) if (auto *MI = dyn_cast<MemIntrinsic>(I))
if (MI->isVolatile()) if (MI->isVolatile())
▲ Show 20 LinesShow All 100 LinesShow Last 20 Lines

llvm/lib/Analysis/Loads.cpp

Show First 20 LinesShow All 101 Lines▼ Show 20 Linesstatic bool isDereferenceableAndAlignedPointer(
if (const GCRelocateInst *RelocateInst = dyn_cast<GCRelocateInst>(V)) if (const GCRelocateInst *RelocateInst = dyn_cast<GCRelocateInst>(V))
return isDereferenceableAndAlignedPointer( return isDereferenceableAndAlignedPointer(
RelocateInst->getDerivedPtr(), Align, Size, DL, CtxI, DT, Visited); RelocateInst->getDerivedPtr(), Align, Size, DL, CtxI, DT, Visited);
if (const AddrSpaceCastInst *ASC = dyn_cast<AddrSpaceCastInst>(V)) if (const AddrSpaceCastInst *ASC = dyn_cast<AddrSpaceCastInst>(V))
return isDereferenceableAndAlignedPointer(ASC->getOperand(0), Align, Size, return isDereferenceableAndAlignedPointer(ASC->getOperand(0), Align, Size,
DL, CtxI, DT, Visited); DL, CtxI, DT, Visited);
if (auto CS = ImmutableCallSite(V)) { if (auto CS = ImmutableCallSite(V))
if (const Value *RV = CS.getReturnedArgOperand()) if (auto *RP = getArgumentAliasingToReturnedPointer(CS))
return isDereferenceableAndAlignedPointer(RV, Align, Size, DL, CtxI, DT, return isDereferenceableAndAlignedPointer(RP, Align, Size, DL, CtxI, DT,
Visited); Visited);
if (CS.getIntrinsicID() == Intrinsic::launder_invariant_group)
return isDereferenceableAndAlignedPointer(CS->getOperand(0), Align, Size,
DL, CtxI, DT, Visited);
}
// If we don't know, assume the worst. // If we don't know, assume the worst.
return false; return false;
} }
bool llvm::isDereferenceableAndAlignedPointer(const Value *V, unsigned Align, bool llvm::isDereferenceableAndAlignedPointer(const Value *V, unsigned Align,
const APInt &Size, const APInt &Size,
const DataLayout &DL, const DataLayout &DL,
const Instruction *CtxI, const Instruction *CtxI,
▲ Show 20 LinesShow All 319 LinesShow Last 20 Lines

llvm/lib/Analysis/ValueTracking.cpp

Show First 20 LinesShow All 1,950 Lines▼ Show 20 Lines if (V->getType()->isPointerTy()) {
// A Load tagged with nonnull metadata is never null. // A Load tagged with nonnull metadata is never null.
if (const LoadInst *LI = dyn_cast<LoadInst>(V)) if (const LoadInst *LI = dyn_cast<LoadInst>(V))
if (LI->getMetadata(LLVMContext::MD_nonnull)) if (LI->getMetadata(LLVMContext::MD_nonnull))
return true; return true;
if (auto CS = ImmutableCallSite(V)) { if (auto CS = ImmutableCallSite(V)) {
if (CS.isReturnNonNull()) if (CS.isReturnNonNull())
return true; return true;
if (CS.getIntrinsicID() == Intrinsic::ID::launder_invariant_group) if (const auto *RP = getArgumentAliasingToReturnedPointer(CS))
return isKnownNonZero(CS->getOperand(0), Depth + 1, Q); return isKnownNonZero(RP, Depth + 1, Q);
} }
} }
// The remaining tests are all recursive, so bail out if we hit the limit. // The remaining tests are all recursive, so bail out if we hit the limit.
if (Depth++ >= MaxDepth) if (Depth++ >= MaxDepth)
return false; return false;
// Check for recursive pointer simplifications. // Check for recursive pointer simplifications.
▲ Show 20 LinesShow All 1,410 Lines▼ Show 20 Linesuint64_t llvm::GetStringLength(const Value *V, unsigned CharSize) {
SmallPtrSet<const PHINode*, 32> PHIs; SmallPtrSet<const PHINode*, 32> PHIs;
uint64_t Len = GetStringLengthH(V, PHIs, CharSize); uint64_t Len = GetStringLengthH(V, PHIs, CharSize);
// If Len is ~0ULL, we had an infinite phi cycle: this is dead code, so return // If Len is ~0ULL, we had an infinite phi cycle: this is dead code, so return
// an empty string as a length. // an empty string as a length.
return Len == ~0ULL ? 1 : Len; return Len == ~0ULL ? 1 : Len;
} }
const Value *llvm::getArgumentAliasingToReturnedPointer(ImmutableCallSite CS) {
assert(CS &&
xbolva00Unsubmitted
Done
ReplyInline Actions

Why assert here?

xbolva00: Why assert here?
PrazekAuthorUnsubmitted
Done
ReplyInline Actions

It is possible that this funciton would return nullptr if passed null CS,
but such function would be harder to reason about. In this case I assume that caller checked the the instruction is a CallSite, the same way as is done with different functions.

Prazek: It is possible that this funciton would return nullptr if passed null CS, but such function…
xbolva00Unsubmitted
Done
ReplyInline Actions

Can you add a info message into assert then?
assert (CS && "...");

xbolva00: Can you add a info message into assert then? assert (CS && "...");
PrazekAuthorUnsubmitted
Done
ReplyInline Actions

sure, make sense

Prazek: sure, make sense
"getArgumentAliasingToReturnedPointer only works on nonnull CallSite");
if (const Value *RV = CS.getReturnedArgOperand())
return RV;
// This can be used only as a aliasing property.
if (isIntrinsicReturningPointerAliasingArgumentWithoutCapturing(CS))
return CS.getArgOperand(0);
return nullptr;
}
bool llvm::isIntrinsicReturningPointerAliasingArgumentWithoutCapturing(
ImmutableCallSite CS) {
PrazekAuthorUnsubmitted
Not Done
ReplyInline Actions

Note that llvm.strip.invariant.group will be added in this patch
https://reviews.llvm.org/D47103

Prazek: Note that llvm.strip.invariant.group will be added in this patch https://reviews.llvm.org/D47103
return CS.getIntrinsicID() == Intrinsic::launder_invariant_group;
}
/// \p PN defines a loop-variant pointer to an object. Check if the /// \p PN defines a loop-variant pointer to an object. Check if the
/// previous iteration of the loop was referring to the same object as \p PN. /// previous iteration of the loop was referring to the same object as \p PN.
static bool isSameUnderlyingObjectInLoop(const PHINode *PN, static bool isSameUnderlyingObjectInLoop(const PHINode *PN,
const LoopInfo *LI) { const LoopInfo *LI) {
// Find the loop-defined value. // Find the loop-defined value.
Loop *L = LI->getLoopFor(PN->getParent()); Loop *L = LI->getLoopFor(PN->getParent());
if (PN->getNumIncomingValues() != 2) if (PN->getNumIncomingValues() != 2)
return true; return true;
Show All 29 Lines for (unsigned Count = 0; MaxLookup == 0 || Count < MaxLookup; ++Count) {
} else if (GlobalAlias *GA = dyn_cast<GlobalAlias>(V)) { } else if (GlobalAlias *GA = dyn_cast<GlobalAlias>(V)) {
if (GA->isInterposable()) if (GA->isInterposable())
return V; return V;
V = GA->getAliasee(); V = GA->getAliasee();
} else if (isa<AllocaInst>(V)) { } else if (isa<AllocaInst>(V)) {
// An alloca can't be further simplified. // An alloca can't be further simplified.
return V; return V;
} else { } else {
if (auto CS = CallSite(V)) if (auto CS = CallSite(V)) {
if (Value *RV = CS.getReturnedArgOperand()) { // Note: getArgumentAliasingToReturnedPointer keeps CaptureTracking in
V = RV; // sync, which is needed for correctness.
hfinkelUnsubmitted
Done
ReplyInline Actions

Same here. Please explain how this helps to keep tings in sync with CaptureTracking. There's some implicit contract here between these functions that we need to document explicitly.

hfinkel: Same here. Please explain how this helps to keep tings in sync with CaptureTracking. There's…
if (auto *RP = getArgumentAliasingToReturnedPointer(CS)) {
V = RP;
continue; continue;
} }
}
// See if InstructionSimplify knows any relevant tricks. // See if InstructionSimplify knows any relevant tricks.
if (Instruction *I = dyn_cast<Instruction>(V)) if (Instruction *I = dyn_cast<Instruction>(V))
// TODO: Acquire a DominatorTree and AssumptionCache and use them. // TODO: Acquire a DominatorTree and AssumptionCache and use them.
if (Value *Simplified = SimplifyInstruction(I, {DL, I})) { if (Value *Simplified = SimplifyInstruction(I, {DL, I})) {
V = Simplified; V = Simplified;
continue; continue;
} }
▲ Show 20 LinesShow All 1,603 LinesShow Last 20 Lines

llvm/test/Analysis/ValueTracking/known-nonnull-at.ll

Show First 20 LinesShow All 92 Lines▼ Show 20 Linescont:
ret i1 %null_check ret i1 %null_check
exc: exc:
%lp = landingpad { i8*, i32 } %lp = landingpad { i8*, i32 }
filter [0 x i8*] zeroinitializer filter [0 x i8*] zeroinitializer
unreachable unreachable
} }
declare i8* @returningPtr(i8* returned %p)
define i1 @nonnullReturnTest(i8* nonnull %x) {
; CHECK-LABEL: @nonnullReturnTest(
; CHECK-NEXT: %x2 = call i8* @returningPtr(i8* %x)
; CHECK-NEXT: ret i1 false
%x2 = call i8* @returningPtr(i8* %x)
%null_check = icmp eq i8* %x2, null
ret i1 %null_check
}
define i1 @unknownReturnTest(i8* %x) {
; CHECK-LABEL: @unknownReturnTest(
; CHECK-NEXT: %x2 = call i8* @returningPtr(i8* %x)
; CHECK-NEXT: %null_check = icmp eq i8* %x2, null
; CHECK-NEXT: ret i1 %null_check
%x2 = call i8* @returningPtr(i8* %x)
%null_check = icmp eq i8* %x2, null
ret i1 %null_check
}

llvm/test/Transforms/Inline/launder.invariant.group.ll

  • This file was added.
; RUN: opt -S -inline < %s | FileCheck %s
; RUN: opt -S -O3 < %s | FileCheck %s
; This test checks if value returned from the launder is considered aliasing
; with its argument. Due to bug caused by handling launder in capture tracking
; sometimes it would be considered noalias.
kuharUnsubmitted
Done
ReplyInline Actions

nit: its

kuhar: nit: its
%struct.A = type <{ i32 (...)**, i32, [4 x i8] }>
; CHECK: define i32 @bar(%struct.A* noalias
define i32 @bar(%struct.A* noalias) {
; CHECK-NOT: noalias
%2 = bitcast %struct.A* %0 to i8*
%3 = call i8* @llvm.launder.invariant.group.p0i8(i8* %2)
%4 = getelementptr inbounds i8, i8* %3, i64 8
%5 = bitcast i8* %4 to i32*
store i32 42, i32* %5, align 8
%6 = getelementptr inbounds %struct.A, %struct.A* %0, i64 0, i32 1
%7 = load i32, i32* %6, align 8
ret i32 %7
}
; CHECK-LABEL: define i32 @foo(%struct.A* noalias
define i32 @foo(%struct.A* noalias) {
; CHECK-NOT: call i32 @bar(
; CHECK-NOT: noalias
%2 = tail call i32 @bar(%struct.A* %0)
ret i32 %2
}
declare i8* @llvm.launder.invariant.group.p0i8(i8*)