This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
llvm/
-
include/llvm/Transforms/IPO/
-
llvm/
-
Transforms/
-
IPO/
-
Attributor.h
-
lib/Transforms/IPO/
-
Transforms/
-
IPO/
3/24
Attributor.cpp
-
test/Transforms/FunctionAttrs/
-
Transforms/
-
FunctionAttrs/
2/15
heap_to_stack.ll

Differential D65408

[Attributor] Heap-To-Stack Conversion
ClosedPublic

Authored by sstefan1 on Jul 29 2019, 10:40 AM.

Download Raw Diff

Details

Reviewers

jdoerfert
uenoku
hfinkel
efriedma

Commits

rG431141c5cc34: [Attributor] Heap-To-Stack Conversion
rL371942: [Attributor] Heap-To-Stack Conversion

Summary

D53362 gives a prototype heap-to-stack conversion pass. With addition of new attributes in the attributor, this can now be revisted and improved. This will place it in the Attributor to make it easier to use new attributes (eg. nofree, nosync, willreturn, etc.) and other attributor features.

I'm starting with some test cases (more will be added along the way). For now they are in FunctionAttrs, as most other attributor tests, but that can be changed.

Diff Detail

Repository

rG LLVM Github Monorepo

Build Status

Buildable 37881
Build 37880: arc lint + arc unit

Event Timeline

sstefan1 created this revision.Jul 29 2019, 10:40 AM

Herald added a project: Restricted Project. · View Herald TranscriptJul 29 2019, 10:40 AM

Herald added a subscriber: llvm-commits. · View Herald Transcript

Harbormaster completed remote builds in B35760: Diff 212196.Jul 29 2019, 10:44 AM

chenge function names

Harbormaster completed remote builds in B35768: Diff 212221.Jul 29 2019, 1:57 PM

Negative tests:
Malloc in loop body
Irreducible cfg

Top-level functions declarations should have attributes to make them as restricted as needed, e.g. sync_func should probably be nofree or renamed to sync_free_func.

llvm/test/Transforms/FunctionAttrs/heap_to_stack.ll
49	What is the difference between Test 2 and 3?

In D65408#1605351, @jdoerfert wrote:

Top-level functions declarations should have attributes to make them as restricted as needed, e.g. sync_func should probably be nofree or renamed to sync_free_func.

Yes. I'll refine them along the way.

In D65408#1605240, @xbolva00 wrote:

Negative tests:
Malloc in loop body
Irreducible cfg

?

Thanks for suggestions. These will also be added. I will probably put some code today, so I can actually test this on something.

llvm/test/Transforms/FunctionAttrs/heap_to_stack.ll
49	Nothing :). I meant to put call to nosync function here. I'll correct this.

sstefan1 updated this revision to Diff 215801.Aug 18 2019, 2:49 PM

Providing an implementation for the conversion. This is few commits behind fromt the latest Attributor, will be rebased.

Herald added a subscriber: hiraditya. · View Herald TranscriptAug 18 2019, 2:49 PM

Harbormaster completed remote builds in B36921: Diff 215801.Aug 18 2019, 2:50 PM

minor fix

Harbormaster completed remote builds in B36922: Diff 215803.Aug 18 2019, 2:53 PM

jdoerfert added inline comments.Aug 19 2019, 11:18 AM

llvm/lib/Transforms/IPO/Attributor.cpp
2819	Not needed, see my comment further below.
2824	Not needed, we can use the InfoCache to look only at calls.
2830	Let's collect all valid h2s candidate malloc calls and then only "materialize" the ones we deem profitable. Knowing a malloc could be converted to the stack is already a nice piece information.
3047	If you want to start with a small patch, just check the function for `willreturn`, `nounwind`, and `nofree`.
3074	I dislike this exploration. We should not need to traverse all paths all the time. (This does not track visited blocks btw. so it is probably an endless loop if there are loops in the function). We should (later) follow the uses of the malloc only. The logic I have in mind is as follows (IMHO much easier than this (=the old logic)): If all (transitive) users of a `malloc` are either `nocapture` uses or `free` uses, we can do heap2stack. In fact, we should probably generalize the capture AA to collect capturing uses instead so we can analyze them later, e.g., here.
llvm/test/Transforms/FunctionAttrs/heap_to_stack.ll
18	I think this is a bug, see below. I'll create a patch to not annotate `free` with `nocapture`.
26	I'd argue, "freeing" a pointer is "capturing" by nature so this combination "nocapture" + "free" cannot exist. If it doesn't, "nocapture" is marked and implies "nofree" on the pointer. Thus, we can actually allocate `%1` on the stack here.

Taking a different approach using nocapture and nofree.

remove llvm_debug

Harbormaster completed remote builds in B37223: Diff 216967.Aug 23 2019, 3:23 PM

Harbormaster completed remote builds in B37224: Diff 216968.

We need tests where stuff is read/written as well.

llvm/lib/Transforms/IPO/Attributor.cpp
2719	Mallocs can become live later so we shouldn't remove them but only ignore them for the moment. In fact, the `checkForAllCallLikeInstructions` call will already filter "currently assumed dead" ones out so you have to invoke it in every update or collect all calls through the InfoCache explicitly in the initialize method.
2724	This is quadratic in the number of malloc calls. If you want to exclude malloc calls from the tests below do: `if (MallocCalls.count(&I)) return true;`
2729	No need to check, just put it in `FreesForMalloc` (though I'm unclear why we need it at the moment)
2773	I was hoping we follow and check uses: UsesCheck = (Instruction &I) { SmallPtrSet<const Use , 8> Visisted; SmallVector<const Use , 8> Worklist; Worklist.append(I.use_begin(), I.use_end()); while (!Worklist.empty()) { const Use U = Worklist.pop_back_val(); if (!Visited.insert(U).second) continue; const auto UserI = U->getUser(); if (isa<LoadInst>(UserI) \|\| isa<StoreInst>(UserI)) continue; if (auto *CB = dyn_cast<CallBase>(UserI)) { // TODO: Check use once we have nofree on call site args. const auto &NoFreeAA = A.getAAFor<AANoFree>(..., IRPosition::call_site(CB)); if (!NoFreeAA.isAssumedNoFree()) return false; // same for nocapture // if both are good, continue. } if (isa<GetElementOperator>(UserI) \|\| isa<BitCastInst>(UserI)) { // Add users to worklist and continue } // unknown user return false; } return true; } MalloCheck = (Instruction &I) { if (!isaMalloc(I)) return true; if (BadMallocs.count(&I)) return true; // assumed h2s malloc I if (UsesCheck(I)) Mallocs.insert(&I); else BadMallocs.insert(&I); return true; } checkForAllCallLikeInstructions(MallocCheck)
2787	Is this "Number of mallocs converted to allocs"?
2792	I doubt it makes sense to have a H2S call site AA. We should probably only allow the function one.
3260	Still use the Whitelist and group it with the other function AAs please
llvm/test/Transforms/FunctionAttrs/heap_to_stack.ll
41	We need a test, `sync_will_return` before `free` which should (later) be OK.
121	This should be h2s as the free is dead and there are no users that are nofree.

addressing comments

Harbormaster completed remote builds in B37323: Diff 217286.Aug 26 2019, 6:05 PM

remove mistake

Harbormaster completed remote builds in B37324: Diff 217287.Aug 26 2019, 6:07 PM

sstefan1 marked an inline comment as done.Aug 26 2019, 6:20 PM

sstefan1 added inline comments.

llvm/lib/Transforms/IPO/Attributor.cpp
2729	The reason for this is if for example a malloc becomes 'bad' then all the frees that use it can be easily disregarded.

Small corrections.

Harbormaster completed remote builds in B37387: Diff 217518.Aug 27 2019, 3:54 PM

xbolva00 removed a reviewer: xbolva00.Aug 30 2019, 8:51 AM

There are some leftover comments but this is almost ready.

llvm/lib/Transforms/IPO/Attributor.cpp
129	I'd enable this by default but for a smaller size, let's say 128?
2652	`AI = new BitCastInst(AI, MallocCall->getType(), "malloc_bc", AI->getNextNode());` might do the trick.
2673	remove the const here then you can avoid the const casts
2719	If no-free is set nocaputre is not checked anymore. We need to check for nofree and nocapture.
2724	If this is not the arg operand we should give up. (we may allow it at the callee position but not in the operand bundle)
llvm/test/Transforms/FunctionAttrs/heap_to_stack.ll
59	outdated comment.
69	maybe elaborate why h2s is still OK.
104	You want branch %6 or you would have a double free (not necessarily a problem for h2s but still).
122	leftover comment.
128	We need this test again with an `nounwind` `@foo` which should allow h2s.

In D65408#1605240, @xbolva00 wrote:

Negative tests:
Malloc in loop body
Irreducible cfg

?

Still missing.

+ support for calloc shouldn’t be very hard to add.

In D65408#1653669, @jdoerfert wrote:

There are some leftover comments but this is almost ready.

I'd like to see tests with https://llvm.org/docs/LangRef.html#llvm-lifetime-start-intrinsic

@xbolva00 I'm sorry this has dragged on a bit.

I will address all the comments, probably tomorrow.

addressing comments

Harbormaster completed remote builds in B37881: Diff 219196.Sep 6 2019, 4:18 PM

small fix

Harbormaster completed remote builds in B37885: Diff 219202.Sep 6 2019, 4:45 PM

fix diff

Harbormaster completed remote builds in B37887: Diff 219204.Sep 6 2019, 4:50 PM

Is this in a state to be reviewed or do you plan to go over it again?

llvm/test/Transforms/FunctionAttrs/heap_to_stack.ll
252	check lines missing.

Can you rebase and remove the artifacts in the diff? I also provided final comments. I think once they are fixed it is fine. Feel free to commit a fixed version.

llvm/lib/Transforms/IPO/Attributor.cpp
2664	Leftover comment and braces around single stmt.
2745	this has to lead to invalidation. use in a operand bundle could free even if the function is nofree. Maybe move the check to the beginning of the `CallBase` conditional.
2765	Allow lifetime.start/end as users here as well. That should unbreak one of the test cases.unbreak
2780	You have to put them into the "Bad" instruction set here. Also, move the "is bad" check to the beginning. There is a test missing for a malloc and a calloc that have to large sizes. (calloc only the multiplication should be too large). We need to check that the multiplication does not overflow. APInt has a method to do overflow checked multiplication.
llvm/test/Transforms/FunctionAttrs/heap_to_stack.ll
2	When we run this with the old PM, what will happen? No h2s? We should do it and make sure it doesn't crash etc.
203	This should be fine. Also a lifetime.end user is fine.

This revision is now accepted and ready to land.Sep 12 2019, 5:47 PM

sstefan1 marked 3 inline comments as done.Sep 14 2019, 2:21 PM

sstefan1 added inline comments.

llvm/lib/Transforms/IPO/Attributor.cpp
2745	It makes sense to me to move the check to the beginning. use in a operand bundle could free even if the function is nofree I'm not I understand this, though.
2780	Also, move the "is bad" check to the beginning. If you mean in initialize, then I'd say this is a nicer approach.
llvm/test/Transforms/FunctionAttrs/heap_to_stack.ll
2	Yes, no h2s and doesn't crash.

Closed by commit rL371942: [Attributor] Heap-To-Stack Conversion (authored by sstefan). · Explain WhySep 15 2019, 2:46 PM

This revision was automatically updated to reflect the committed changes.

I would prefer to use update_test_checks.py instead of hand written checks.

Quite questionable is “stackification” of mallocs in loops, we should avoid it I think. @efriedma, what do you think?

IsMallocLikeFn returns true for C++ operator new which does throw on an allocation failure.

So probably you stackify:

int *p = new int;
free(p);

It is a stupid code and buggy, but please add it as test case and the following fix:

For now, just check if (isMallocLike && !isOpNewLike).

I think it is worth to add support for c++’s new - delete pairs in the future..

In D65408#1670702, @xbolva00 wrote:

Quite questionable is “stackification” of mallocs in loops, we should avoid it I think. @efriedma, what do you think?

Please can you be more specific?

In D65408#1670703, @xbolva00 wrote:

IsMallocLikeFn returns true for C++ operator new which does throw on an allocation failure.

Likewise, please can you be more specific in your messages? This doesn't actually explain what the problem is.

xbolva00 added inline comments.Sep 15 2019, 3:17 PM

llvm/trunk/lib/Transforms/IPO/Attributor.cpp
3229 ↗	(On Diff #220255)	Check for overflow is missing
3263 ↗	(On Diff #220255)	Builder.CreateMemset

I think the current implementation needs some important fixes to avoid miscompilation/overflow, can you make it off by default, fix issues, and enable it again?

Thanks.

In D65408#1670705, @lebedev.ri wrote:

In D65408#1670702, @xbolva00 wrote:

Quite questionable is “stackification” of mallocs in loops, we should avoid it I think. @efriedma, what do you think?

Please can you be more specific?

Yes :)
Heap to stack idea started some time ago and @efriedma raised some concerns: https://reviews.llvm.org/D47345#1112573.
Imagine

for (int i = 0; i < BIG_NUM; ++i) {

void *p = malloc(128);
....
free(p);

}

for (int i = 0; i < BIG_NUM; ++i) {

void *p = alloca(128);
....

}

Nice stack overflow :)

And yes, we shouldn't do this on irreducible cfgs (also noted by Eli).

In D65408#1670703, @xbolva00 wrote:

IsMallocLikeFn returns true for C++ operator new which does throw on an allocation failure.

Likewise, please can you be more specific in your messages? This doesn't actually explain what the problem is.

%1 = tail call dereferenceable(4) i8* @_Znwm(i64 4)
...some code...
tail call void @free(i8* nonnull %1)

is probably converted to alloca. I have no strong opinion what should be done here, ideally warning! :) Anyway, I would like to see some tests with C++'s new and various combinations (there are many variants of 'new', 'delete').

In D65408#1670708, @xbolva00 wrote:

I think the current implementation needs some important fixes to avoid miscompilation/overflow, can you make it off by default, fix issues, and enable it again?

Thanks.

Attributor is turned if by dedault right now, so h2s is also turned off. I will revisit this again this week and try to address most of the concerns you raised in a new patch.

llvm/trunk/lib/Transforms/IPO/Attributor.cpp
3229 ↗	(On Diff #220255)	If there is an overflow, this will not be executed.

xbolva00 added inline comments.Sep 15 2019, 11:12 PM

llvm/trunk/lib/Transforms/IPO/Attributor.cpp
3229 ↗	(On Diff #220255)	Ok, great

sstefan1 marked an inline comment as done.Sep 15 2019, 11:14 PM

sstefan1 added inline comments.

llvm/trunk/lib/Transforms/IPO/Attributor.cpp
3363 ↗	(On Diff #220255)	This was supposed to be `if(Overflow)`. I'll fix this.

In D65408#1670708, @xbolva00 wrote:

I think the current implementation needs some important fixes to avoid miscompilation/overflow, can you make it off by default, fix issues, and enable it again?

The Attributor is off by default (even though we should now pass LLVM-TS + SPEC2006 tests!!).

In D65408#1670703, @xbolva00 wrote:

IsMallocLikeFn returns true for C++ operator new which does throw on an allocation failure.

In D65408#1670713, @xbolva00 wrote:

[...] is probably converted to alloca. I have no strong opinion what should be done here, ideally warning! :) Anyway, I would like to see some tests with C++'s new and various combinations (there are many variants of 'new', 'delete').

I fail to see the problem in converting a possible throwing new to a non-throwing alloca.
If you think there is one could you please try to explain why that should not be valid?

In D65408#1670703, @xbolva00 wrote:

I think it is worth to add support for c++’s new - delete pairs in the future..

We can add this (the delete part) when we actually use free/delete to reason about h2s validity.

In D65408#1670713, @xbolva00 wrote:

In D65408#1670705, @lebedev.ri wrote:

In D65408#1670702, @xbolva00 wrote:

Quite questionable is “stackification” of mallocs in loops, we should avoid it I think. @efriedma, what do you think?

Heap to stack idea started some time ago and @efriedma raised some concerns: https://reviews.llvm.org/D47345#1112573.

From a pure standard point of view, I would argue the current implementation is not wrong in doing h2s for mallocs in loops.
I do however not intent to turn it on and let people deal with the aftermath. As mentioned by @sstefan1, this is not on by default.
My plan was to get the logic in, add the "must-be-freed"-based logic that @hfinkel used in the original version, and then look into heuristics.
The reason is that the "must-be-freed" actually allows different placement of the alloca and we want to see what is out there wrt. sizes etc.
Does that make sense and does my plan sound OK to you?

llvm/trunk/lib/Transforms/IPO/Attributor.cpp
3363 ↗	(On Diff #220255)	Add a test for this please.

If you think there is one could you please try to explain why that should not be valid?

Ok, now I think it should be okay.

Does that make sense and does my plan sound OK to you?

Ok.

Revision Contents

Path

Size

llvm/

include/

llvm/

Transforms/

IPO/

Attributor.h

19 lines

lib/

Transforms/

IPO/

Attributor.cpp

280 lines

test/

Transforms/

FunctionAttrs/

heap_to_stack.ll

275 lines

Diff 219196

llvm/include/llvm/Transforms/IPO/Attributor.h

Show First 20 Lines • Show All 681 Lines • ▼ Show 20 Lines	struct Attributor {
/// \param TLIGetter helper function to get TargetLibraryInfo Analysis result.		/// \param TLIGetter helper function to get TargetLibraryInfo Analysis result.
///		///
/// Note that abstract attribute instances are generally created even if the		/// Note that abstract attribute instances are generally created even if the
/// IR already contains the information they would deduce. The most important		/// IR already contains the information they would deduce. The most important
/// reason for this is the single interface, the one of the abstract attribute		/// reason for this is the single interface, the one of the abstract attribute
/// instance, which can be queried without the need to look at the IR in		/// instance, which can be queried without the need to look at the IR in
/// various places.		/// various places.
void identifyDefaultAbstractAttributes(		void identifyDefaultAbstractAttributes(
Function &F, std::function<TargetLibraryInfo &(Function &)> &TLIGetter,		Function &F, std::function<TargetLibraryInfo *(Function &)> &TLIGetter,
DenseSet<const char > Whitelist = nullptr);		DenseSet<const char > Whitelist = nullptr);

		/// Record that \p I is deleted after information was manifested.
		void deleteAfterManifest(Instruction &I) { ToBeDeletedInsts.insert(&I); }

		/// Record that \p BB is deleted after information was manifested.
		void deleteAfterManifest(BasicBlock &BB) { ToBeDeletedBlocks.insert(&BB); }

		/// Record that \p F is deleted after information was manifested.
		void deleteAfterManifest(Function &F) { ToBeDeletedFunctions.insert(&F); }

/// Return true if \p AA (or its context instruction) is assumed dead.		/// Return true if \p AA (or its context instruction) is assumed dead.
///		///
/// If \p LivenessAA is not provided it is queried.		/// If \p LivenessAA is not provided it is queried.
bool isAssumedDead(const AbstractAttribute &AA, const AAIsDead *LivenessAA);		bool isAssumedDead(const AbstractAttribute &AA, const AAIsDead *LivenessAA);

/// Check \p Pred on all function call sites.		/// Check \p Pred on all function call sites.
///		///
/// This method will evaluate \p Pred on call sites and return		/// This method will evaluate \p Pred on call sites and return
▲ Show 20 Lines • Show All 74 Lines • ▼ Show 20 Lines	private:
///{		///{
using QueryMapTy =		using QueryMapTy =
DenseMap<AbstractAttribute , SetVector<AbstractAttribute >>;		DenseMap<AbstractAttribute , SetVector<AbstractAttribute >>;
QueryMapTy QueryMap;		QueryMapTy QueryMap;
///}		///}

/// The information cache that holds pre-processed (LLVM-IR) information.		/// The information cache that holds pre-processed (LLVM-IR) information.
InformationCache &InfoCache;		InformationCache &InfoCache;

		/// Functions, blocks, and instructions we delete after manifest is done.
		///
		///{
		SmallPtrSet<Function *, 8> ToBeDeletedFunctions;
		SmallPtrSet<BasicBlock *, 8> ToBeDeletedBlocks;
		SmallPtrSet<Instruction *, 8> ToBeDeletedInsts;
		///}
};		};

/// An interface to query the internal state of an abstract attribute.		/// An interface to query the internal state of an abstract attribute.
///		///
/// The abstract state is a minimal interface that allows the Attributor to		/// The abstract state is a minimal interface that allows the Attributor to
/// communicate with the abstract attributes about their internal state without		/// communicate with the abstract attributes about their internal state without
/// enforcing or exposing implementation details, e.g., the (existence of an)		/// enforcing or exposing implementation details, e.g., the (existence of an)
/// underlying lattice.		/// underlying lattice.
▲ Show 20 Lines • Show All 723 Lines • Show Last 20 Lines

llvm/lib/Transforms/IPO/Attributor.cpp

Show First 20 Lines • Show All 116 Lines • ▼ Show 20 Lines

static cl::opt<bool> VerifyAttributor(		static cl::opt<bool> VerifyAttributor(
"attributor-verify", cl::Hidden,		"attributor-verify", cl::Hidden,
cl::desc("Verify the Attributor deduction and "		cl::desc("Verify the Attributor deduction and "
"manifestation of attributes -- may issue false-positive errors"),		"manifestation of attributes -- may issue false-positive errors"),
cl::init(false));		cl::init(false));

static cl::opt<bool> EnableHeapToStack("enable-heap-to-stack-conversion",		static cl::opt<bool> EnableHeapToStack("enable-heap-to-stack-conversion",
cl::init(false), cl::Hidden);		cl::init(true), cl::Hidden);

static cl::opt<int> MaxHeapToStackSize("max-heap-to-stack-size",		static cl::opt<int> MaxHeapToStackSize("max-heap-to-stack-size",
cl::init(1024), cl::Hidden);		cl::init(128), cl::Hidden);

		jdoerfertUnsubmitted Not Done Reply Inline Actions I'd enable this by default but for a smaller size, let's say 128? jdoerfert: I'd enable this by default but for a smaller size, let's say 128?
/// Logic operators for the change status enum class.		/// Logic operators for the change status enum class.
///		///
///{		///{
ChangeStatus llvm::operator\|(ChangeStatus l, ChangeStatus r) {		ChangeStatus llvm::operator\|(ChangeStatus l, ChangeStatus r) {
return l == ChangeStatus::CHANGED ? l : r;		return l == ChangeStatus::CHANGED ? l : r;
}		}
ChangeStatus llvm::operator&(ChangeStatus l, ChangeStatus r) {		ChangeStatus llvm::operator&(ChangeStatus l, ChangeStatus r) {
return l == ChangeStatus::UNCHANGED ? l : r;		return l == ChangeStatus::UNCHANGED ? l : r;
▲ Show 20 Lines • Show All 2,471 Lines • ▼ Show 20 Lines

/// NoCapture attribute deduction for a call site return value.		/// NoCapture attribute deduction for a call site return value.
using AANoCaptureCallSiteReturned = AANoCaptureFloating;		using AANoCaptureCallSiteReturned = AANoCaptureFloating;

/// ----------------------- Heap-To-Stack Conversion ---------------------------		/// ----------------------- Heap-To-Stack Conversion ---------------------------
struct AAHeapToStackImpl : public AAHeapToStack {		struct AAHeapToStackImpl : public AAHeapToStack {
AAHeapToStackImpl(const IRPosition &IRP) : AAHeapToStack(IRP) {}		AAHeapToStackImpl(const IRPosition &IRP) : AAHeapToStack(IRP) {}

void initialize(Attributor &A) override {		const std::string getAsStr() const override {
const Function *F = getAssociatedFunction();		return "[H2S] Mallocs: " + std::to_string(MallocCalls.size());
const auto TLI = A.getInfoCache().getTargetLibraryInfoForFunction(F);

auto MallocCheck = [&](Instruction &I) {
if (isMallocLikeFn(&I, TLI))
if (auto *CSize = dyn_cast<ConstantInt>(I.getOperand(0)))
if (CSize->getValue().sle(MaxHeapToStackSize)) {
MallocCalls.insert(const_cast<Instruction *>(&I));
LLVM_DEBUG(dbgs() << "H2S: Initial malloc call: " << I << "\n");
}
return true;
};

// Get all malloc calls from this function.
A.checkForAllCallLikeInstructions(MallocCheck, *this);

// No malloc calls, there is no work to be done.
if (MallocCalls.empty())
indicatePessimisticFixpoint();
}		}

ChangeStatus manifest(Attributor &A) override {		ChangeStatus manifest(Attributor &A) override {
assert(getState().isValidState() &&		assert(getState().isValidState() &&
"Attempted to manifest an invalid state!");		"Attempted to manifest an invalid state!");

ChangeStatus HasChanged = ChangeStatus::UNCHANGED;		ChangeStatus HasChanged = ChangeStatus::UNCHANGED;
Function *F = getAssociatedFunction();		Function *F = getAssociatedFunction();
		const auto TLI = A.getInfoCache().getTargetLibraryInfoForFunction(F);

for (const Instruction *Malloc : MallocCalls) {		for (Instruction *MallocCall : MallocCalls) {
Instruction MallocCall = const_cast<Instruction >(Malloc);
// This malloc cannot be replaced.		// This malloc cannot be replaced.
if (BadMallocCalls.count(MallocCall))		if (BadMallocCalls.count(MallocCall))
continue;		continue;

for (Instruction *FreeCall : FreesForMalloc[MallocCall]) {		for (Instruction *FreeCall : FreesForMalloc[MallocCall]) {
LLVM_DEBUG(dbgs() << "H2S: Removing free call: " << *FreeCall << "\n");		LLVM_DEBUG(dbgs() << "H2S: Removing free call: " << *FreeCall << "\n");
FreeCall->eraseFromParent();		// FreeCall->eraseFromParent();
		A.deleteAfterManifest(*FreeCall);
HasChanged = ChangeStatus::CHANGED;		HasChanged = ChangeStatus::CHANGED;
}		}

LLVM_DEBUG(dbgs() << "H2S: Removing malloc call: " << *MallocCall		LLVM_DEBUG(dbgs() << "H2S: Removing malloc call: " << *MallocCall
<< "\n");		<< "\n");

unsigned AS = cast<PointerType>(MallocCall->getType())->getAddressSpace();		Constant *Size;
		if (isCallocLikeFn(MallocCall, TLI)) {
		auto *Num = cast<ConstantInt>(MallocCall->getOperand(0));
		auto *SizeT = dyn_cast<ConstantInt>(MallocCall->getOperand(1));
		APInt TotalSize = SizeT->getValue() * Num->getValue();
		Size =
		ConstantInt::get(MallocCall->getOperand(0)->getType(), TotalSize);
		} else {
		Size = cast<ConstantInt>(MallocCall->getOperand(0));
		jdoerfertUnsubmitted Not Done Reply Inline Actions `AI = new BitCastInst(AI, MallocCall->getType(), "malloc_bc", AI->getNextNode());` might do the trick. jdoerfert: `AI = new BitCastInst(AI, MallocCall->getType(), "malloc_bc", AI->getNextNode());` might do…
		}

		unsigned AS =
		cast<PointerType>(MallocCall->getType())->getAddressSpace();
Instruction *AI = new AllocaInst(Type::getInt8Ty(F->getContext()), AS,		Instruction *AI = new AllocaInst(Type::getInt8Ty(F->getContext()), AS,
MallocCall->getOperand(0));		Size, "", MallocCall->getNextNode());
F->begin()->getInstList().insert(F->begin()->begin(), AI);		// F->begin()->getInstList().insert(F->begin()->begin(), AI);

if (AI->getType() != MallocCall->getType()) {		if (AI->getType() != MallocCall->getType()) {
auto *BC = new BitCastInst(AI, MallocCall->getType());		AI = new BitCastInst(AI, MallocCall->getType(), "malloc_bc",
BC->insertAfter(AI);		AI->getNextNode());
AI = BC;
}		}
		jdoerfertUnsubmitted Not Done Reply Inline Actions Leftover comment and braces around single stmt. jdoerfert: Leftover comment and braces around single stmt.

MallocCall->replaceAllUsesWith(AI);		MallocCall->replaceAllUsesWith(AI);

if (auto *II = dyn_cast<InvokeInst>(MallocCall)) {		if (auto *II = dyn_cast<InvokeInst>(MallocCall)) {
auto *NBB = II->getNormalDest();		auto *NBB = II->getNormalDest();
BranchInst::Create(NBB, MallocCall->getParent());		BranchInst::Create(NBB, MallocCall->getParent());
MallocCall->eraseFromParent();		A.deleteAfterManifest(*MallocCall);
} else {		} else {
MallocCall->eraseFromParent();		A.deleteAfterManifest(*MallocCall);
		jdoerfertUnsubmitted Not Done Reply Inline Actions remove the const here then you can avoid the const casts jdoerfert: remove the const here then you can avoid the const casts
		}

		if (isCallocLikeFn(MallocCall, TLI)) {
		auto *BI = new BitCastInst(AI, MallocCall->getType(), "calloc_bc",
		AI->getNextNode());
		Value *Ops[] = {
		BI, ConstantInt::get(F->getContext(), APInt(8, 0, false)), Size,
		ConstantInt::get(Type::getInt1Ty(F->getContext()), false)};

		Type *Tys[] = {BI->getType(), MallocCall->getOperand(0)->getType()};
		Module *M = F->getParent();
		Function *Fn = Intrinsic::getDeclaration(M, Intrinsic::memset, Tys);
		CallInst::Create(Fn, Ops, "", BI->getNextNode());
}		}
HasChanged = ChangeStatus::CHANGED;		HasChanged = ChangeStatus::CHANGED;
}		}

return HasChanged;		return HasChanged;
}		}

/// Collection of all malloc calls in a function.		/// Collection of all malloc calls in a function.
SmallSetVector<const Instruction *, 4> MallocCalls;		SmallSetVector<Instruction *, 4> MallocCalls;

/// Collection of malloc calls that cannot be converted.		/// Collection of malloc calls that cannot be converted.
DenseSet<const Instruction *> BadMallocCalls;		DenseSet<const Instruction *> BadMallocCalls;

/// A map for each malloc call to the set of associated free calls.		/// A map for each malloc call to the set of associated free calls.
DenseMap<Instruction , SmallPtrSet<Instruction , 4>> FreesForMalloc;		DenseMap<Instruction , SmallPtrSet<Instruction , 4>> FreesForMalloc;

ChangeStatus updateImpl(Attributor &A) override;		ChangeStatus updateImpl(Attributor &A) override;
};		};

ChangeStatus AAHeapToStackImpl::updateImpl(Attributor &A) {		ChangeStatus AAHeapToStackImpl::updateImpl(Attributor &A) {
const Function *F = getAssociatedFunction();		const Function *F = getAssociatedFunction();
const auto TLI = A.getInfoCache().getTargetLibraryInfoForFunction(F);		const auto TLI = A.getInfoCache().getTargetLibraryInfoForFunction(F);

auto CallCheck = [&](Instruction &I) {		auto UsesCheck = [&](Instruction &I) {
for (const Instruction *MallocCall : MallocCalls) {		SmallPtrSet<const Use *, 8> Visited;
if (isFreeCall(&I, TLI)) {		SmallVector<const Use *, 8> Worklist;
if (auto *Ptr = dyn_cast<Instruction>(I.getOperand(0)))
if (Ptr == MallocCall) {
FreesForMalloc[const_cast<Instruction *>(MallocCall)].insert(&I);
return true;
}
continue;
}

CallSite CS(&I);		for (Use &U : I.uses())
		Worklist.push_back(&U);
		// Worklist.push_back(const_cast<Use *>(&U));

Function *CalledFunction = CS.getCalledFunction();		while (!Worklist.empty()) {
const IRPosition &IRPos = IRPosition::value(*CalledFunction);		const Use *U = Worklist.pop_back_val();
		jdoerfertUnsubmitted Not Done Reply Inline Actions Mallocs can become live later so we shouldn't remove them but only ignore them for the moment. In fact, the `checkForAllCallLikeInstructions` call will already filter "currently assumed dead" ones out so you have to invoke it in every update or collect all calls through the InfoCache explicitly in the initialize method. jdoerfert: Mallocs can become live later so we shouldn't remove them but only ignore them for the moment.
		jdoerfertUnsubmitted Not Done Reply Inline Actions If no-free is set nocaputre is not checked anymore. We need to check for nofree and nocapture. jdoerfert: If no-free is set nocaputre is not checked anymore. We need to check for nofree and nocapture.
auto NoFreeAA = A.getAAFor<AANoFree>(*this, IRPos);		if (!Visited.insert(U).second)
		continue;

		auto *UserI = U->getUser();

		jdoerfertUnsubmitted Not Done Reply Inline Actions This is quadratic in the number of malloc calls. If you want to exclude malloc calls from the tests below do: `if (MallocCalls.count(&I)) return true;` jdoerfert: This is quadratic in the number of malloc calls. If you want to exclude malloc calls from the…
		jdoerfertUnsubmitted Not Done Reply Inline Actions If this is not the arg operand we should give up. (we may allow it at the callee position but not in the operand bundle) jdoerfert: If this is not the arg operand we should give up. (we may allow it at the callee position but…
for (Argument &Arg : CalledFunction->args()) {		if (isa<LoadInst>(UserI) \|\| isa<StoreInst>(UserI))
if (dyn_cast<Instruction>(&Arg) != MallocCall)
continue;		continue;

BadMallocCalls.insert(MallocCall);		// NOTE: Right now, if a function that has malloc pointer as an argument
const IRPosition &IPos = IRPosition::value(Arg);		// frees memory, we assume that the malloc pointer is freed.
		jdoerfertUnsubmitted Not Done Reply Inline Actions No need to check, just put it in `FreesForMalloc` (though I'm unclear why we need it at the moment) jdoerfert: No need to check, just put it in `FreesForMalloc` (though I'm unclear why we need it at the…
		sstefan1AuthorUnsubmitted Done Reply Inline Actions The reason for this is if for example a malloc becomes 'bad' then all the frees that use it can be easily disregarded. sstefan1: The reason for this is if for example a malloc becomes 'bad' then all the frees that use it can…
auto NoCaptureAA = A.getAAFor<AANoCapture>(*this, IPos);		if (auto *CB = dyn_cast<CallBase>(UserI)) {
		// Record malloc.
		if (isFreeCall(UserI, TLI)) {
		FreesForMalloc[&I].insert(
		cast<Instruction>(const_cast<User *>(UserI)));
		continue;
		}

// If a function does not capture the pointer we are fine.
if(NoCaptureAA.isAssumedNoCapture())
return true;
// If a function does not free memory we are fine		// If a function does not free memory we are fine
// Note: Right now, if a function that has malloc pointer as an argument		const auto &NoFreeAA =
// frees memory, we assume that the malloc pointer is freed.		A.getAAFor<AANoFree>(this, IRPosition::callsite_function(CB));
//
// TODO: Add nofree callsite argument attribute to indicate that pointer		// TODO: Add nofree callsite argument attribute to indicate that pointer
// argument is not freed.		// argument is not freed.
if (NoFreeAA.isAssumedNoFree())		if (!CB->isArgOperand(U))
return true;		continue;
		jdoerfertUnsubmitted Not Done Reply Inline Actions this has to lead to invalidation. use in a operand bundle could free even if the function is nofree. Maybe move the check to the beginning of the `CallBase` conditional. jdoerfert: this has to lead to invalidation. use in a operand bundle could free even if the function is…
		sstefan1AuthorUnsubmitted Done Reply Inline Actions It makes sense to me to move the check to the beginning. use in a operand bundle could free even if the function is nofree I'm not I understand this, though. sstefan1: It makes sense to me to move the check to the beginning. > use in a operand bundle could free…
		unsigned ArgNo = U - CB->arg_begin();
		const auto &NoCaptureAA = A.getAAFor<AANoCapture>(
		this, IRPosition::callsite_argument(CB, ArgNo));

// Remove all Frees that we thought we could remove.		if (!NoCaptureAA.isAssumedNoCapture() \|\| !NoFreeAA.isAssumedNoFree()) {
FreesForMalloc.erase(Malloc);		LLVM_DEBUG(dbgs() << "[H2S] Bad user: " << *UserI << "\n");
BadMallocCalls.insert(MallocCall);
return false;		return false;
}		}
		continue;
		}
		if (isa<GetElementPtrInst>(UserI) \|\| isa<BitCastInst>(UserI)) {
		for (Use &U : UserI->uses())
		Worklist.push_back(&U);
		continue;
		}

		if (isa<PHINode>(UserI))
		continue;

		// Unknown user.
		jdoerfertUnsubmitted Not Done Reply Inline Actions Allow lifetime.start/end as users here as well. That should unbreak one of the test cases.unbreak jdoerfert: Allow lifetime.start/end as users here as well. That should unbreak one of the test cases.
		LLVM_DEBUG(dbgs() << "[H2S] Unknown user: " << *UserI << "\n");
		return false;
}		}
		return true;
		};

		auto MallocCallocCheck = [&](Instruction &I) {
		if (isMallocLikeFn(&I, TLI)) {
		jdoerfertUnsubmitted Not Done Reply Inline Actions I was hoping we follow and check uses: UsesCheck = (Instruction &I) { SmallPtrSet<const Use , 8> Visisted; SmallVector<const Use , 8> Worklist; Worklist.append(I.use_begin(), I.use_end()); while (!Worklist.empty()) { const Use U = Worklist.pop_back_val(); if (!Visited.insert(U).second) continue; const auto UserI = U->getUser(); if (isa<LoadInst>(UserI) \|\| isa<StoreInst>(UserI)) continue; if (auto CB = dyn_cast<CallBase>(UserI)) { // TODO: Check use once we have nofree on call site args. const auto &NoFreeAA = A.getAAFor<AANoFree>(..., IRPosition::call_site(CB)); if (!NoFreeAA.isAssumedNoFree()) return false; // same for nocapture // if both are good, continue. } if (isa<GetElementOperator>(UserI) \|\| isa<BitCastInst>(UserI)) { // Add users to worklist and continue } // unknown user return false; } return true; } MalloCheck = (Instruction &I) { if (!isaMalloc(I)) return true; if (BadMallocs.count(&I)) return true; // assumed h2s malloc I if (UsesCheck(I)) Mallocs.insert(&I); else BadMallocs.insert(&I); return true; } checkForAllCallLikeInstructions(MallocCheck) jdoerfert:* I was hoping we follow and check uses: ``` UsesCheck = (Instruction &I) { SmallPtrSet<const…
		if (auto *Size = dyn_cast<ConstantInt>(I.getOperand(0)))
		if (!Size->getValue().sle(MaxHeapToStackSize))
		return true;
		} else if (isCallocLikeFn(&I, TLI)) {
		if (auto *Num = dyn_cast<ConstantInt>(I.getOperand(0)))
		if (auto *Size = dyn_cast<ConstantInt>(I.getOperand(1)))
		if (!(Size->getValue() * Num->getValue()).sle(MaxHeapToStackSize))
		jdoerfertUnsubmitted Not Done Reply Inline Actions You have to put them into the "Bad" instruction set here. Also, move the "is bad" check to the beginning. There is a test missing for a malloc and a calloc that have to large sizes. (calloc only the multiplication should be too large). We need to check that the multiplication does not overflow. APInt has a method to do overflow checked multiplication. jdoerfert: You have to put them into the "Bad" instruction set here. Also, move the "is bad" check to the…
		sstefan1AuthorUnsubmitted Done Reply Inline Actions Also, move the "is bad" check to the beginning. If you mean in initialize, then I'd say this is a nicer approach. sstefan1: > Also, move the "is bad" check to the beginning. If you mean in initialize, then I'd say this…
		return true;
		} else
		return true;


		if (BadMallocCalls.count(&I))
		return true;
		jdoerfertUnsubmitted Not Done Reply Inline Actions Is this "Number of mallocs converted to allocs"? jdoerfert: Is this "Number of mallocs converted to allocs"?

		if (UsesCheck(I))
		MallocCalls.insert(&I);
		else
		BadMallocCalls.insert(&I);
		jdoerfertUnsubmitted Not Done Reply Inline Actions I doubt it makes sense to have a H2S call site AA. We should probably only allow the function one. jdoerfert: I doubt it makes sense to have a H2S call site AA. We should probably only allow the function…
		return true;
};		};

size_t NumBadMallocs = BadMallocCalls.size();		size_t NumBadMallocs = BadMallocCalls.size();

A.checkForAllCallLikeInstructions(CallCheck, *this);		A.checkForAllCallLikeInstructions(MallocCallocCheck, *this);

if (NumBadMallocs != BadMallocCalls.size())		if (NumBadMallocs != BadMallocCalls.size())
return ChangeStatus::CHANGED;		return ChangeStatus::CHANGED;

return ChangeStatus::UNCHANGED;		return ChangeStatus::UNCHANGED;
}		}

		struct AAHeapToStackFunction final : public AAHeapToStackImpl {
		AAHeapToStackFunction(const IRPosition &IRP) : AAHeapToStackImpl(IRP) {}

		/// See AbstractAttribute::trackStatistics()
		void trackStatistics() const override {
		STATS_DECL(MallocCalls, Function,
		"Number of MallocCalls converted to allocas");
		BUILD_STAT_NAME(MallocCalls, Function) += MallocCalls.size();
		}
		};

/// ----------------------------------------------------------------------------		/// ----------------------------------------------------------------------------
/// Attributor		/// Attributor
/// ----------------------------------------------------------------------------		/// ----------------------------------------------------------------------------
		jdoerfertUnsubmitted Not Done Reply Inline Actions Not needed, see my comment further below. jdoerfert: Not needed, see my comment further below.

bool Attributor::isAssumedDead(const AbstractAttribute &AA,		bool Attributor::isAssumedDead(const AbstractAttribute &AA,
const AAIsDead *LivenessAA) {		const AAIsDead *LivenessAA) {
const Instruction *CtxI = AA.getIRPosition().getCtxI();		const Instruction *CtxI = AA.getIRPosition().getCtxI();
if (!CtxI)		if (!CtxI)
		jdoerfertUnsubmitted Not Done Reply Inline Actions Not needed, we can use the InfoCache to look only at calls. jdoerfert: Not needed, we can use the InfoCache to look only at calls.
return false;		return false;

if (!LivenessAA)		if (!LivenessAA)
LivenessAA =		LivenessAA =
&getAAFor<AAIsDead>(AA, IRPosition::function(*CtxI->getFunction()));		&getAAFor<AAIsDead>(AA, IRPosition::function(*CtxI->getFunction()));

		jdoerfertUnsubmitted Not Done Reply Inline Actions Let's collect all valid h2s candidate malloc calls and then only "materialize" the ones we deem profitable. Knowing a malloc could be converted to the stack is already a nice piece information. jdoerfert: Let's collect all valid h2s candidate malloc calls and then only "materialize" the ones we deem…
// Don't check liveness for AAIsDead.		// Don't check liveness for AAIsDead.
if (&AA == LivenessAA)		if (&AA == LivenessAA)
return false;		return false;

if (!LivenessAA->isAssumedDead(CtxI))		if (!LivenessAA->isAssumedDead(CtxI))
return false;		return false;

// TODO: Do not track dependences automatically but add it here as only a		// TODO: Do not track dependences automatically but add it here as only a
▲ Show 20 Lines • Show All 200 Lines • ▼ Show 20 Lines	do {
Worklist.insert(AllAbstractAttributes.begin() + NumAAs,		Worklist.insert(AllAbstractAttributes.begin() + NumAAs,
AllAbstractAttributes.end());		AllAbstractAttributes.end());

} while (!Worklist.empty() && ++IterationCounter < MaxFixpointIterations);		} while (!Worklist.empty() && ++IterationCounter < MaxFixpointIterations);

size_t NumFinalAAs = AllAbstractAttributes.size();		size_t NumFinalAAs = AllAbstractAttributes.size();

LLVM_DEBUG(dbgs() << "\n[Attributor] Fixpoint iteration done after: "		LLVM_DEBUG(dbgs() << "\n[Attributor] Fixpoint iteration done after: "
<< IterationCounter << "/" << MaxFixpointIterations		<< IterationCounter << "/" << MaxFixpointIterations
		jdoerfertUnsubmitted Not Done Reply Inline Actions If you want to start with a small patch, just check the function for `willreturn`, `nounwind`, and `nofree`. jdoerfert: If you want to start with a small patch, just check the function for `willreturn`, `nounwind`…
<< " iterations\n");		<< " iterations\n");

bool FinishedAtFixpoint = Worklist.empty();		bool FinishedAtFixpoint = Worklist.empty();

// Reset abstract arguments not settled in a sound fixpoint by now. This		// Reset abstract arguments not settled in a sound fixpoint by now. This
// happens when we stopped the fixpoint iteration early. Note that only the		// happens when we stopped the fixpoint iteration early. Note that only the
// ones marked as "changed" and the ones transitively depending on them		// ones marked as "changed" and the ones transitively depending on them
// need to be reverted to a pessimistic state. Others might not be in a		// need to be reverted to a pessimistic state. Others might not be in a
Show All 10 Lines	if (!State.isAtFixpoint()) {

NumAttributesTimedOut++;		NumAttributesTimedOut++;
}		}

auto &QuerriedAAs = QueryMap[ChangedAA];		auto &QuerriedAAs = QueryMap[ChangedAA];
ChangedAAs.append(QuerriedAAs.begin(), QuerriedAAs.end());		ChangedAAs.append(QuerriedAAs.begin(), QuerriedAAs.end());
}		}

LLVM_DEBUG({		LLVM_DEBUG({
		jdoerfertUnsubmitted Not Done Reply Inline Actions I dislike this exploration. We should not need to traverse all paths all the time. (This does not track visited blocks btw. so it is probably an endless loop if there are loops in the function). We should (later) follow the uses of the malloc only. The logic I have in mind is as follows (IMHO much easier than this (=the old logic)): If all (transitive) users of a `malloc` are either `nocapture` uses or `free` uses, we can do heap2stack. In fact, we should probably generalize the capture AA to collect capturing uses instead so we can analyze them later, e.g., here. jdoerfert: I dislike this exploration. We should not need to traverse all paths all the time. (This does…
if (!Visited.empty())		if (!Visited.empty())
dbgs() << "\n[Attributor] Finalized " << Visited.size()		dbgs() << "\n[Attributor] Finalized " << Visited.size()
<< " abstract attributes.\n";		<< " abstract attributes.\n";
});		});

unsigned NumManifested = 0;		unsigned NumManifested = 0;
unsigned NumAtFixpoint = 0;		unsigned NumAtFixpoint = 0;
ChangeStatus ManifestChange = ChangeStatus::UNCHANGED;		ChangeStatus ManifestChange = ChangeStatus::UNCHANGED;
▲ Show 20 Lines • Show All 51 Lines • ▼ Show 20 Lines	ChangeStatus Attributor::run() {

NumAttributesManifested += NumManifested;		NumAttributesManifested += NumManifested;
NumAttributesValidFixpoint += NumAtFixpoint;		NumAttributesValidFixpoint += NumAtFixpoint;

(void)NumFinalAAs;		(void)NumFinalAAs;
assert(		assert(
NumFinalAAs == AllAbstractAttributes.size() &&		NumFinalAAs == AllAbstractAttributes.size() &&
"Expected the final number of abstract attributes to remain unchanged!");		"Expected the final number of abstract attributes to remain unchanged!");

		// Delete stuff at the end to avoid invalid references and a nice order.
		LLVM_DEBUG(dbgs() << "\n[Attributor] Delete " << ToBeDeletedFunctions.size()
		<< " functions and " << ToBeDeletedBlocks.size()
		<< " blocks and " << ToBeDeletedInsts.size()
		<< " instructions\n");

		for (Instruction *I : ToBeDeletedInsts) {
		if (I->hasNUsesOrMore(1))
		I->replaceAllUsesWith(UndefValue::get(I->getType()));
		I->eraseFromParent();
		}
		for (BasicBlock *BB : ToBeDeletedBlocks) {
		// TODO: Check if we need to replace users (PHIs, indirect branches?)
		BB->eraseFromParent();
		}
		for (Function *Fn : ToBeDeletedFunctions) {
		Fn->replaceAllUsesWith(UndefValue::get(Fn->getType()));
		Fn->eraseFromParent();
		}

return ManifestChange;		return ManifestChange;
}		}

/// Helper function that checks if an abstract attribute of type \p AAType		/// Helper function that checks if an abstract attribute of type \p AAType
/// should be created for IR position \p IRP and if so creates and registers it		/// should be created for IR position \p IRP and if so creates and registers it
/// with the Attributor \p A.		/// with the Attributor \p A.
///		///
/// This method will look at the provided whitelist. If one is given and the		/// This method will look at the provided whitelist. If one is given and the
/// kind \p AAType::ID is not contained, no abstract attribute is created.		/// kind \p AAType::ID is not contained, no abstract attribute is created.
///		///
/// \returns The created abstract argument, or nullptr if none was created.		/// \returns The created abstract argument, or nullptr if none was created.
template <typename AAType>		template <typename AAType>
static const AAType *checkAndRegisterAA(const IRPosition &IRP, Attributor &A,		static const AAType *checkAndRegisterAA(const IRPosition &IRP, Attributor &A,
DenseSet<const char > Whitelist) {		DenseSet<const char > Whitelist) {
if (Whitelist && !Whitelist->count(&AAType::ID))		if (Whitelist && !Whitelist->count(&AAType::ID))
return nullptr;		return nullptr;

return &A.registerAA<AAType>(*new AAType(IRP));		return &A.registerAA<AAType>(*new AAType(IRP));
}		}

void Attributor::identifyDefaultAbstractAttributes(		void Attributor::identifyDefaultAbstractAttributes(
Function &F, DenseSet<const char > Whitelist) {		Function &F, std::function<TargetLibraryInfo *(Function &)> &TLIGetter,
		DenseSet<const char > Whitelist) {

		if (EnableHeapToStack)
		InfoCache.FuncTLIMap[&F] = TLIGetter(F);

IRPosition FPos = IRPosition::function(F);		IRPosition FPos = IRPosition::function(F);

// Check for dead BasicBlocks in every function.		// Check for dead BasicBlocks in every function.
// We need dead instruction detection because we do not want to deal with		// We need dead instruction detection because we do not want to deal with
// broken IR in which SSA rules do not apply.		// broken IR in which SSA rules do not apply.
checkAndRegisterAA<AAIsDeadFunction>(FPos, this, / Whitelist */ nullptr);		checkAndRegisterAA<AAIsDeadFunction>(FPos, this, / Whitelist */ nullptr);

// Every function might be "will-return".
checkAndRegisterAA<AAWillReturnFunction>(FPos, *this, Whitelist);		checkAndRegisterAA<AAWillReturnFunction>(FPos, *this, Whitelist);
		// Every function might be "will-return".

// Every function can be nounwind.		// Every function can be nounwind.
checkAndRegisterAA<AANoUnwindFunction>(FPos, *this, Whitelist);		checkAndRegisterAA<AANoUnwindFunction>(FPos, *this, Whitelist);

// Every function might be marked "nosync"		// Every function might be marked "nosync"
checkAndRegisterAA<AANoSyncFunction>(FPos, *this, Whitelist);		checkAndRegisterAA<AANoSyncFunction>(FPos, *this, Whitelist);

// Every function might be "no-free".		// Every function might be "no-free".
checkAndRegisterAA<AANoFreeFunction>(FPos, *this, Whitelist);		checkAndRegisterAA<AANoFreeFunction>(FPos, *this, Whitelist);

// Every function might be "no-return".		// Every function might be "no-return".
checkAndRegisterAA<AANoReturnFunction>(FPos, *this, Whitelist);		checkAndRegisterAA<AANoReturnFunction>(FPos, *this, Whitelist);

		// Every function might be applicable for Heap-To-Stack conversion.
		if (EnableHeapToStack)
		checkAndRegisterAA<AAHeapToStackFunction>(FPos, *this, Whitelist);

// Return attributes are only appropriate if the return type is non void.		// Return attributes are only appropriate if the return type is non void.
Type *ReturnType = F.getReturnType();		Type *ReturnType = F.getReturnType();
if (!ReturnType->isVoidTy()) {		if (!ReturnType->isVoidTy()) {
// Argument attribute "returned" --- Create only one per function even		// Argument attribute "returned" --- Create only one per function even
// though it is an argument attribute.		// though it is an argument attribute.
checkAndRegisterAA<AAReturnedValuesFunction>(FPos, *this, Whitelist);		checkAndRegisterAA<AAReturnedValuesFunction>(FPos, *this, Whitelist);

if (ReturnType->isPointerTy()) {		if (ReturnType->isPointerTy()) {
Show All 18 Lines	for (Argument &Arg : F.args()) {
if (Arg.getType()->isPointerTy()) {		if (Arg.getType()->isPointerTy()) {
IRPosition ArgPos = IRPosition::argument(Arg);		IRPosition ArgPos = IRPosition::argument(Arg);
// Every argument with pointer type might be marked nonnull.		// Every argument with pointer type might be marked nonnull.
checkAndRegisterAA<AANonNullArgument>(ArgPos, *this, Whitelist);		checkAndRegisterAA<AANonNullArgument>(ArgPos, *this, Whitelist);

// Every argument with pointer type might be marked dereferenceable.		// Every argument with pointer type might be marked dereferenceable.
checkAndRegisterAA<AADereferenceableArgument>(ArgPos, *this, Whitelist);		checkAndRegisterAA<AADereferenceableArgument>(ArgPos, *this, Whitelist);

// Every argument with pointer type might be marked align.
checkAndRegisterAA<AAAlignArgument>(ArgPos, *this, Whitelist);

// Every argument with pointer type might be marked nocapture.		// Every argument with pointer type might be marked nocapture.
checkAndRegisterAA<AANoCaptureArgument>(ArgPos, *this, Whitelist);		checkAndRegisterAA<AANoCaptureArgument>(ArgPos, *this, Whitelist);

		// Every argument with pointer type might be marked align.
		checkAndRegisterAA<AAAlignArgument>(ArgPos, *this, Whitelist);
}		}
}		}

// Walk all instructions to find more attribute opportunities and also		// Walk all instructions to find more attribute opportunities and also
// interesting instructions that might be queried by abstract attributes		// interesting instructions that might be queried by abstract attributes
// during their initialization or update.		// during their initialization or update.
		jdoerfertUnsubmitted Not Done Reply Inline Actions Still use the Whitelist and group it with the other function AAs please jdoerfert: Still use the Whitelist and group it with the other function AAs please
auto &ReadOrWriteInsts = InfoCache.FuncRWInstsMap[&F];		auto &ReadOrWriteInsts = InfoCache.FuncRWInstsMap[&F];
auto &InstOpcodeMap = InfoCache.FuncInstOpcodeMap[&F];		auto &InstOpcodeMap = InfoCache.FuncInstOpcodeMap[&F];

for (Instruction &I : instructions(&F)) {		for (Instruction &I : instructions(&F)) {
bool IsInterestingOpcode = false;		bool IsInterestingOpcode = false;

// To allow easy access to all instructions in a function with a given		// To allow easy access to all instructions in a function with a given
// opcode we store them in the InfoCache. As not all opcodes are interesting		// opcode we store them in the InfoCache. As not all opcodes are interesting
▲ Show 20 Lines • Show All 96 Lines • ▼ Show 20 Lines	OS << "[P: " << getIRPosition() << "][" << getAsStr() << "][S: " << getState()
<< "]";		<< "]";
}		}
///}		///}

/// ----------------------------------------------------------------------------		/// ----------------------------------------------------------------------------
/// Pass (Manager) Boilerplate		/// Pass (Manager) Boilerplate
/// ----------------------------------------------------------------------------		/// ----------------------------------------------------------------------------

static bool runAttributorOnModule(Module &M) {		static bool runAttributorOnModule(
		Module &M, std::function<TargetLibraryInfo *(Function &)> &TLIGetter) {
if (DisableAttributor)		if (DisableAttributor)
return false;		return false;

LLVM_DEBUG(dbgs() << "[Attributor] Run on module with " << M.size()		LLVM_DEBUG(dbgs() << "[Attributor] Run on module with " << M.size()
<< " functions.\n");		<< " functions.\n");

// Create an Attributor and initially empty information cache that is filled		// Create an Attributor and initially empty information cache that is filled
// while we identify default attribute opportunities.		// while we identify default attribute opportunities.
Show All 17 Lines	for (Function &F : M) {
if (F.hasFnAttribute(Attribute::Naked) \|\|		if (F.hasFnAttribute(Attribute::Naked) \|\|
F.hasFnAttribute(Attribute::OptimizeNone))		F.hasFnAttribute(Attribute::OptimizeNone))
continue;		continue;

NumFnWithExactDefinition++;		NumFnWithExactDefinition++;

// Populate the Attributor with abstract attribute opportunities in the		// Populate the Attributor with abstract attribute opportunities in the
// function and the information cache with IR information.		// function and the information cache with IR information.
A.identifyDefaultAbstractAttributes(F);		A.identifyDefaultAbstractAttributes(F, TLIGetter);
}		}

return A.run() == ChangeStatus::CHANGED;		return A.run() == ChangeStatus::CHANGED;
}		}

PreservedAnalyses AttributorPass::run(Module &M, ModuleAnalysisManager &AM) {		PreservedAnalyses AttributorPass::run(Module &M, ModuleAnalysisManager &AM) {
if (runAttributorOnModule(M)) {		auto &FAM = AM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager();

		std::function<TargetLibraryInfo *(Function &)> TLIGetter =
		[&](Function &F) -> TargetLibraryInfo * {
		return &FAM.getResult<TargetLibraryAnalysis>(F);
		};

		if (runAttributorOnModule(M, TLIGetter)) {
// FIXME: Think about passes we will preserve and add them here.		// FIXME: Think about passes we will preserve and add them here.
return PreservedAnalyses::none();		return PreservedAnalyses::none();
}		}
return PreservedAnalyses::all();		return PreservedAnalyses::all();
}		}

namespace {		namespace {

struct AttributorLegacyPass : public ModulePass {		struct AttributorLegacyPass : public ModulePass {
static char ID;		static char ID;

AttributorLegacyPass() : ModulePass(ID) {		AttributorLegacyPass() : ModulePass(ID) {
initializeAttributorLegacyPassPass(*PassRegistry::getPassRegistry());		initializeAttributorLegacyPassPass(*PassRegistry::getPassRegistry());
}		}

bool runOnModule(Module &M) override {		bool runOnModule(Module &M) override {
if (skipModule(M))		if (skipModule(M))
return false;		return false;
return runAttributorOnModule(M);		std::function<TargetLibraryInfo *(Function &)> TLIGetter =
		[&](Function &F) -> TargetLibraryInfo * { return nullptr; };

		return runAttributorOnModule(M, TLIGetter);
}		}

void getAnalysisUsage(AnalysisUsage &AU) const override {		void getAnalysisUsage(AnalysisUsage &AU) const override {
// FIXME: Think about passes we will preserve and add them here.		// FIXME: Think about passes we will preserve and add them here.
		// ModulePass::getAnalysisUsage(AU);
		AU.addRequired<TargetLibraryInfoWrapperPass>();
AU.setPreservesCFG();		AU.setPreservesCFG();
}		}
};		};

} // end anonymous namespace		} // end anonymous namespace

Pass *llvm::createAttributorLegacyPass() { return new AttributorLegacyPass(); }		Pass *llvm::createAttributorLegacyPass() { return new AttributorLegacyPass(); }

char AttributorLegacyPass::ID = 0;		char AttributorLegacyPass::ID = 0;

const char AAReturnedValues::ID = 0;		const char AAReturnedValues::ID = 0;
const char AANoUnwind::ID = 0;		const char AANoUnwind::ID = 0;
const char AANoSync::ID = 0;		const char AANoSync::ID = 0;
const char AANoFree::ID = 0;		const char AANoFree::ID = 0;
const char AANonNull::ID = 0;		const char AANonNull::ID = 0;
const char AANoRecurse::ID = 0;		const char AANoRecurse::ID = 0;
const char AAWillReturn::ID = 0;		const char AAWillReturn::ID = 0;
const char AANoAlias::ID = 0;		const char AANoAlias::ID = 0;
const char AANoReturn::ID = 0;		const char AANoReturn::ID = 0;
const char AAIsDead::ID = 0;		const char AAIsDead::ID = 0;
const char AADereferenceable::ID = 0;		const char AADereferenceable::ID = 0;
const char AAAlign::ID = 0;		const char AAAlign::ID = 0;
const char AANoCapture::ID = 0;		const char AANoCapture::ID = 0;
		const char AAHeapToStack::ID = 0;

// Macro magic to create the static generator function for attributes that		// Macro magic to create the static generator function for attributes that
// follow the naming scheme.		// follow the naming scheme.

#define SWITCH_PK_INV(CLASS, PK, POS_NAME) \		#define SWITCH_PK_INV(CLASS, PK, POS_NAME) \
case IRPosition::PK: \		case IRPosition::PK: \
llvm_unreachable("Cannot create " #CLASS " for a " POS_NAME " position!");		llvm_unreachable("Cannot create " #CLASS " for a " POS_NAME " position!");

#define SWITCH_PK_CREATE(CLASS, IRP, PK, SUFFIX) \		#define SWITCH_PK_CREATE(CLASS, IRP, PK, SUFFIX) \
case IRPosition::PK: \		case IRPosition::PK: \
AA = new CLASS##SUFFIX(IRP); \		AA = new CLASS##SUFFIX(IRP); \
break;		break;

#define CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION(CLASS) \		#define CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION(CLASS) \
CLASS &CLASS::createForPosition(const IRPosition &IRP, Attributor &A) { \		CLASS &CLASS::createForPosition(const IRPosition &IRP, Attributor &A) { \
CLASS *AA = nullptr; \		CLASS *AA = nullptr; \
switch (IRP.getPositionKind()) { \		switch (IRP.getPositionKind()) { \
SWITCH_PK_INV(CLASS, IRP_INVALID, "invalid") \		SWITCH_PK_INV(CLASS, IRP_INVALID, "invalid") \
SWITCH_PK_INV(CLASS, IRP_FLOAT, "floating") \
SWITCH_PK_INV(CLASS, IRP_ARGUMENT, "argument") \		SWITCH_PK_INV(CLASS, IRP_ARGUMENT, "argument") \
		SWITCH_PK_INV(CLASS, IRP_FLOAT, "floating") \
SWITCH_PK_INV(CLASS, IRP_RETURNED, "returned") \		SWITCH_PK_INV(CLASS, IRP_RETURNED, "returned") \
SWITCH_PK_INV(CLASS, IRP_CALL_SITE_RETURNED, "call site returned") \		SWITCH_PK_INV(CLASS, IRP_CALL_SITE_RETURNED, "call site returned") \
SWITCH_PK_INV(CLASS, IRP_CALL_SITE_ARGUMENT, "call site argument") \		SWITCH_PK_INV(CLASS, IRP_CALL_SITE_ARGUMENT, "call site argument") \
SWITCH_PK_CREATE(CLASS, IRP, IRP_FUNCTION, Function) \		SWITCH_PK_CREATE(CLASS, IRP, IRP_FUNCTION, Function) \
SWITCH_PK_CREATE(CLASS, IRP, IRP_CALL_SITE, CallSite) \		SWITCH_PK_CREATE(CLASS, IRP, IRP_CALL_SITE, CallSite) \
} \		} \
AA->initialize(A); \		AA->initialize(A); \
return *AA; \		return *AA; \
}		}

		#define CREATE_FUNCTION_ONLY_ABSTRACT_ATTRIBUTE_FOR_POSITION(CLASS) \
		CLASS &CLASS::createForPosition(const IRPosition &IRP, Attributor &A) { \
		CLASS *AA = nullptr; \
		switch (IRP.getPositionKind()) { \
		SWITCH_PK_INV(CLASS, IRP_INVALID, "invalid") \
		SWITCH_PK_INV(CLASS, IRP_ARGUMENT, "argument") \
		SWITCH_PK_INV(CLASS, IRP_FLOAT, "floating") \
		SWITCH_PK_INV(CLASS, IRP_RETURNED, "returned") \
		SWITCH_PK_INV(CLASS, IRP_CALL_SITE_RETURNED, "call site returned") \
		SWITCH_PK_INV(CLASS, IRP_CALL_SITE_ARGUMENT, "call site argument") \
		SWITCH_PK_INV(CLASS, IRP_CALL_SITE, "call site") \
		SWITCH_PK_CREATE(CLASS, IRP, IRP_FUNCTION, Function) \
		} \
		AA->initialize(A); \
		return *AA; \
		}

#define CREATE_VALUE_ABSTRACT_ATTRIBUTE_FOR_POSITION(CLASS) \		#define CREATE_VALUE_ABSTRACT_ATTRIBUTE_FOR_POSITION(CLASS) \
CLASS &CLASS::createForPosition(const IRPosition &IRP, Attributor &A) { \		CLASS &CLASS::createForPosition(const IRPosition &IRP, Attributor &A) { \
CLASS *AA = nullptr; \		CLASS *AA = nullptr; \
switch (IRP.getPositionKind()) { \		switch (IRP.getPositionKind()) { \
SWITCH_PK_INV(CLASS, IRP_INVALID, "invalid") \		SWITCH_PK_INV(CLASS, IRP_INVALID, "invalid") \
SWITCH_PK_INV(CLASS, IRP_FUNCTION, "function") \		SWITCH_PK_INV(CLASS, IRP_FUNCTION, "function") \
SWITCH_PK_INV(CLASS, IRP_CALL_SITE, "call site") \		SWITCH_PK_INV(CLASS, IRP_CALL_SITE, "call site") \
SWITCH_PK_CREATE(CLASS, IRP, IRP_FLOAT, Floating) \		SWITCH_PK_CREATE(CLASS, IRP, IRP_FLOAT, Floating) \
Show All 10 Lines
CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION(AANoSync)		CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION(AANoSync)
CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION(AANoFree)		CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION(AANoFree)
CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION(AANoRecurse)		CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION(AANoRecurse)
CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION(AAWillReturn)		CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION(AAWillReturn)
CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION(AANoReturn)		CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION(AANoReturn)
CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION(AAIsDead)		CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION(AAIsDead)
CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION(AAReturnedValues)		CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION(AAReturnedValues)

		CREATE_FUNCTION_ONLY_ABSTRACT_ATTRIBUTE_FOR_POSITION(AAHeapToStack)

CREATE_VALUE_ABSTRACT_ATTRIBUTE_FOR_POSITION(AANonNull)		CREATE_VALUE_ABSTRACT_ATTRIBUTE_FOR_POSITION(AANonNull)
CREATE_VALUE_ABSTRACT_ATTRIBUTE_FOR_POSITION(AANoAlias)		CREATE_VALUE_ABSTRACT_ATTRIBUTE_FOR_POSITION(AANoAlias)
CREATE_VALUE_ABSTRACT_ATTRIBUTE_FOR_POSITION(AADereferenceable)		CREATE_VALUE_ABSTRACT_ATTRIBUTE_FOR_POSITION(AADereferenceable)
CREATE_VALUE_ABSTRACT_ATTRIBUTE_FOR_POSITION(AAAlign)		CREATE_VALUE_ABSTRACT_ATTRIBUTE_FOR_POSITION(AAAlign)
CREATE_VALUE_ABSTRACT_ATTRIBUTE_FOR_POSITION(AANoCapture)		CREATE_VALUE_ABSTRACT_ATTRIBUTE_FOR_POSITION(AANoCapture)

#undef CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION		#undef CREATE_FUNCTION_ABSTRACT_ATTRIBUTE_FOR_POSITION
#undef CREATE_VALUE_ABSTRACT_ATTRIBUTE_FOR_POSITION		#undef CREATE_VALUE_ABSTRACT_ATTRIBUTE_FOR_POSITION
#undef SWITCH_PK_CREATE		#undef SWITCH_PK_CREATE
#undef SWITCH_PK_INV		#undef SWITCH_PK_INV

INITIALIZE_PASS_BEGIN(AttributorLegacyPass, "attributor",		INITIALIZE_PASS_BEGIN(AttributorLegacyPass, "attributor",
"Deduce and propagate attributes", false, false)		"Deduce and propagate attributes", false, false)
		INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass)
INITIALIZE_PASS_END(AttributorLegacyPass, "attributor",		INITIALIZE_PASS_END(AttributorLegacyPass, "attributor",
"Deduce and propagate attributes", false, false)		"Deduce and propagate attributes", false, false)

llvm/test/Transforms/FunctionAttrs/heap_to_stack.ll

This file was added.

				; RUN: opt -passes=attributor --attributor-disable=false -enable-heap-to-stack-conversion=true -S < %s \| FileCheck %s

				jdoerfertUnsubmitted Not Done Reply Inline Actions When we run this with the old PM, what will happen? No h2s? We should do it and make sure it doesn't crash etc. jdoerfert: When we run this with the old PM, what will happen? No h2s? We should do it and make sure it…
				sstefan1AuthorUnsubmitted Done Reply Inline Actions Yes, no h2s and doesn't crash. sstefan1: Yes, no h2s and doesn't crash.
				declare noalias i8* @malloc(i64)

				declare void @nocapture_func_frees_pointer(i8* nocapture)

				declare void @func_throws(...)

				declare void @sync_func(i8* %p)

				declare void @sync_will_return(i8* %p) willreturn

				declare void @no_sync_func(i8* nocapture %p) nofree nosync willreturn

				declare void @nofree_func(i8* nocapture %p) nofree nosync willreturn

				declare void @foo(i32* %p)

				jdoerfertUnsubmitted Not Done Reply Inline Actions I think this is a bug, see below. I'll create a patch to not annotate `free` with `nocapture`. jdoerfert: I think this is a bug, see below. I'll create a patch to not annotate `free` with…
				declare void @foo_nounw(i32* %p) nounwind nofree

				declare i32 @no_return_call() noreturn

				declare void @free(i8* nocapture)

				declare void @llvm.lifetime.start.p0i8(i64, i8* nocapture) nounwind

				jdoerfertUnsubmitted Not Done Reply Inline Actions I'd argue, "freeing" a pointer is "capturing" by nature so this combination "nocapture" + "free" cannot exist. If it doesn't, "nocapture" is marked and implies "nofree" on the pointer. Thus, we can actually allocate `%1` on the stack here. jdoerfert: I'd argue, "freeing" a pointer is "capturing" by nature so this combination "nocapture" +…
				; TEST 1 - negative, pointer freed in another function.

				define void @test1() {
				%1 = tail call noalias i8* @malloc(i64 4)
				; CHECK: @malloc(i64 4)
				; CHECK-NEXT: @nocapture_func_frees_pointer(i8* nocapture %1)
				tail call void @nocapture_func_frees_pointer(i8* %1)
				tail call void (...) @func_throws()
				tail call void @free(i8* %1)
				ret void
				}

				; TEST 2 - negative, call to a sync function.

				define void @test2() {
				jdoerfertUnsubmitted Not Done Reply Inline Actions We need a test, `sync_will_return` before `free` which should (later) be OK. jdoerfert: We need a test, `sync_will_return` before `free` which should (later) be OK.
				%1 = tail call noalias i8* @malloc(i64 4)
				; CHECK: @malloc(i64 4)
				; CHECK-NEXT: @sync_func(i8* %1)
				tail call void @sync_func(i8* %1)
				tail call void @free(i8* %1)
				ret void
				}

				jdoerfertUnsubmitted Not Done Reply Inline Actions What is the difference between Test 2 and 3? jdoerfert: What is the difference between Test 2 and 3?
				sstefan1AuthorUnsubmitted Done Reply Inline Actions Nothing :). I meant to put call to nosync function here. I'll correct this. sstefan1: Nothing :). I meant to put call to nosync function here. I'll correct this.
				; TEST 3 - 1 malloc, 1 free

				define void @test3() {
				%1 = tail call noalias i8* @malloc(i64 4)
				; CHECK: %1 = alloca i8, i64 4
				; CHECK-NEXT: @no_sync_func(i8* nocapture %1)
				tail call void @no_sync_func(i8* %1)
				; CHECK-NOT: @free(i8* %1)
				tail call void @free(i8* %1)
				ret void
				jdoerfertUnsubmitted Not Done Reply Inline Actions outdated comment. jdoerfert: outdated comment.
				}

				declare noalias i8* @calloc(i64, i64)

				define void @test0() {
				%1 = tail call noalias i8* @calloc(i64 2, i64 4)
				; CHECK: %1 = alloca i8, i64 8
				; CHECK-NEXT: %calloc_bc = bitcast i8* %1 to i8*
				; CHECK-NEXT: call void @llvm.memset.p0i8.i64(i8* %calloc_bc, i8 0, i64 8, i1 false)
				; CHECK-NEXT: @no_sync_func(i8* nocapture %1)
				jdoerfertUnsubmitted Not Done Reply Inline Actions maybe elaborate why h2s is still OK. jdoerfert: maybe elaborate why h2s is still OK.
				tail call void @no_sync_func(i8* %1)
				; CHECK-NOT: @free(i8* %1)
				tail call void @free(i8* %1)
				ret void
				}

				; TEST 4
				define void @test4() {
				%1 = tail call noalias i8* @malloc(i64 4)
				; CHECK: %1 = alloca i8, i64 4
				; CHECK-NEXT: @nofree_func(i8* nocapture %1)
				tail call void @nofree_func(i8* %1)
				ret void
				}

				; TEST 5 - not all exit paths have a call to free, but all uses of malloc
				; are in nofree functions and are not captured

				define void @test5(i32) {
				%2 = tail call noalias i8* @malloc(i64 4)
				; CHECK: %2 = alloca i8, i64 4
				; CHECK-NEXT: icmp eq i32 %0, 0
				%3 = icmp eq i32 %0, 0
				br i1 %3, label %5, label %4

				4: ; preds = %1
				tail call void @nofree_func(i8* %2)
				br label %6

				5: ; preds = %1
				tail call void @free(i8* %2)
				; CHECK-NOT: @free(i8* %2)
				br label %6

				6: ; preds = %5, %4
				jdoerfertUnsubmitted Not Done Reply Inline Actions You want branch %6 or you would have a double free (not necessarily a problem for h2s but still). jdoerfert: You want branch %6 or you would have a double free (not necessarily a problem for h2s but…
				ret void
				}

				; TEST 6 - all exit paths have a call to free

				define void @test6(i32) {
				%2 = tail call noalias i8* @malloc(i64 4)
				; CHECK: %2 = alloca i8, i64 4
				; CHECK-NEXT: icmp eq i32 %0, 0
				%3 = icmp eq i32 %0, 0
				br i1 %3, label %5, label %4

				4: ; preds = %1
				tail call void @nofree_func(i8* %2)
				tail call void @free(i8* %2)
				; CHECK-NOT: @free(i8* %2)
				br label %6
				jdoerfertUnsubmitted Not Done Reply Inline Actions This should be h2s as the free is dead and there are no users that are nofree. jdoerfert: This should be h2s as the free is dead and there are no users that are nofree.

				jdoerfertUnsubmitted Not Done Reply Inline Actions leftover comment. jdoerfert: leftover comment.
				5: ; preds = %1
				tail call void @free(i8* %2)
				; CHECK-NOT: @free(i8* %2)
				br label %6

				6: ; preds = %5, %4
				jdoerfertUnsubmitted Not Done Reply Inline Actions We need this test again with an `nounwind` `@foo` which should allow h2s. jdoerfert: We need this test again with an `nounwind` `@foo` which should allow h2s.
				ret void
				}

				; TEST 7 - free is dead.

				define void @test7() {
				%1 = tail call noalias i8* @malloc(i64 4)
				; CHECK: alloca i8, i64 4
				; CHECK-NEXT: tail call i32 @no_return_call()
				tail call i32 @no_return_call()
				; CHECK-NOT: @free(i8* %1)
				tail call void @free(i8* %1)
				ret void
				}

				; TEST 8 - Negative: bitcast pointer used in capture function

				define void @test8() {
				%1 = tail call noalias i8* @malloc(i64 4)
				; CHECK: %1 = tail call noalias i8* @malloc(i64 4)
				; CHECK-NEXT: @no_sync_func(i8* nocapture %1)
				tail call void @no_sync_func(i8* %1)
				%2 = bitcast i8* %1 to i32*
				store i32 10, i32* %2
				%3 = load i32, i32* %2
				tail call void @foo(i32* %2)
				; CHECK: @free(i8* %1)
				tail call void @free(i8* %1)
				ret void
				}

				; TEST 9 - FIXME: malloc should be converted.
				define void @test9() {
				%1 = tail call noalias i8* @malloc(i64 4)
				; CHECK: %1 = tail call noalias i8* @malloc(i64 4)
				; CHECK-NEXT: @no_sync_func(i8* nocapture %1)
				tail call void @no_sync_func(i8* %1)
				%2 = bitcast i8* %1 to i32*
				store i32 10, i32* %2
				%3 = load i32, i32* %2
				tail call void @foo_nounw(i32* %2)
				; CHECK: @free(i8* %1)
				tail call void @free(i8* %1)
				ret void
				}

				; TEST 10 - 1 malloc, 1 free

				define i32 @test10() {
				%1 = tail call noalias i8* @malloc(i64 4)
				; CHECK: %1 = alloca i8, i64 4
				; CHECK-NEXT: @no_sync_func(i8* nocapture %1)
				tail call void @no_sync_func(i8* %1)
				%2 = bitcast i8* %1 to i32*
				store i32 10, i32* %2
				%3 = load i32, i32* %2
				; CHECK-NOT: @free(i8* %1)
				tail call void @free(i8* %1)
				ret i32 %3
				}

				define i32 @test_lifetime() {
				%1 = tail call noalias i8* @malloc(i64 4)
				; CHECK: %1 = tail call noalias i8* @malloc(i64 4)
				; CHECK-NEXT: @no_sync_func(i8* nocapture %1)
				tail call void @no_sync_func(i8* %1)
				call void @llvm.lifetime.start.p0i8(i64 4, i8* %1)
				%2 = bitcast i8* %1 to i32*
				store i32 10, i32* %2
				%3 = load i32, i32* %2
				; CHECK: @free(i8* %1)
				tail call void @free(i8* %1)
				ret i32 %3
				}

				jdoerfertUnsubmitted Not Done Reply Inline Actions This should be fine. Also a lifetime.end user is fine. jdoerfert: This should be fine. Also a lifetime.end user is fine.
				; TEST 11
				; FIXME: should be ok

				define void @test11() {
				%1 = tail call noalias i8* @malloc(i64 4)
				; CHECK: @malloc(i64 4)
				; CHECK-NEXT: @sync_will_return(i8* %1)
				tail call void @sync_will_return(i8* %1)
				tail call void @free(i8* %1)
				ret void
				}

				; TEST 12
				define i32 @irreducible_cfg(i32 %0) {
				; CHECK: alloca i8, i64 4
				; CHECK-NEXT: %3 = bitcast
				%2 = tail call noalias i8* @malloc(i64 4)
				%3 = bitcast i8* %2 to i32*
				store i32 10, i32* %3, align 4
				%4 = icmp eq i32 %0, 1
				br i1 %4, label %8, label %5

				5: ; preds = %1
				%6 = getelementptr inbounds i8, i8* %2, i64 -4
				%7 = bitcast i8* %6 to i32*
				br label %13

				8: ; preds = %1, %13
				%9 = phi i32 [ %15, %13 ], [ 10, %1 ]
				%10 = phi i32* [ %14, %13 ], [ %3, %1 ]
				%11 = getelementptr inbounds i32, i32* %10, i64 -1
				%12 = icmp eq i32 %9, 0
				br i1 %12, label %16, label %13

				13: ; preds = %5, %8
				%14 = phi i32* [ %7, %5 ], [ %11, %8 ]
				%15 = load i32, i32* %14, align 4
				br label %8

				16: ; preds = %8
				%17 = bitcast i32* %11 to i8*
				; CHECK-NOT: @free
				tail call void @free(i8* %17)
				%18 = load i32, i32* %11, align 4
				ret i32 %18
				}

				define i32 @malloc_in_loop(i32 %0) #0 {
				%2 = alloca i32, align 4
				jdoerfertUnsubmitted Not Done Reply Inline Actions check lines missing. jdoerfert: check lines missing.
				%3 = alloca i32*, align 8
				store i32 %0, i32* %2, align 4
				br label %4

				4: ; preds = %8, %1
				%5 = load i32, i32* %2, align 4
				%6 = add nsw i32 %5, -1
				store i32 %6, i32* %2, align 4
				%7 = icmp sgt i32 %6, 0
				br i1 %7, label %8, label %11

				8: ; preds = %4
				%9 = call noalias i8* @malloc(i64 4) #2
				%10 = bitcast i8* %9 to i32*
				store i32* %10, i32** %3, align 8
				br label %4

				11: ; preds = %4
				%12 = load i32, i32* %3, align 8
				%13 = bitcast i32* %12 to i8*
				call void @free(i8* %13) #2
				ret i32 5
				}

This is an archive of the discontinued LLVM Phabricator instance.

[Attributor] Heap-To-Stack ConversionClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 219196

llvm/include/llvm/Transforms/IPO/Attributor.h

llvm/lib/Transforms/IPO/Attributor.cpp

llvm/test/Transforms/FunctionAttrs/heap_to_stack.ll

[Attributor] Heap-To-Stack Conversion
ClosedPublic