1 //===- WholeProgramDevirt.cpp - Whole program virtual call optimization ---===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This pass implements whole program optimization of virtual calls in cases
10 // where we know (via !type metadata) that the list of callees is fixed. This
11 // includes the following:
12 // - Single implementation devirtualization: if a virtual call has a single
13 // possible callee, replace all calls with a direct call to that callee.
14 // - Virtual constant propagation: if the virtual function's return type is an
15 // integer <=64 bits and all possible callees are readnone, for each class and
16 // each list of constant arguments: evaluate the function, store the return
17 // value alongside the virtual table, and rewrite each virtual call as a load
18 // from the virtual table.
19 // - Uniform return value optimization: if the conditions for virtual constant
20 // propagation hold and each function returns the same constant value, replace
21 // each virtual call with that constant.
22 // - Unique return value optimization for i1 return values: if the conditions
23 // for virtual constant propagation hold and a single vtable's function
24 // returns 0, or a single vtable's function returns 1, replace each virtual
25 // call with a comparison of the vptr against that vtable's address.
26 //
27 // This pass is intended to be used during the regular and thin LTO pipelines:
28 //
29 // During regular LTO, the pass determines the best optimization for each
30 // virtual call and applies the resolutions directly to virtual calls that are
31 // eligible for virtual call optimization (i.e. calls that use either of the
32 // llvm.assume(llvm.type.test) or llvm.type.checked.load intrinsics).
33 //
34 // During hybrid Regular/ThinLTO, the pass operates in two phases:
35 // - Export phase: this is run during the thin link over a single merged module
36 // that contains all vtables with !type metadata that participate in the link.
37 // The pass computes a resolution for each virtual call and stores it in the
38 // type identifier summary.
39 // - Import phase: this is run during the thin backends over the individual
40 // modules. The pass applies the resolutions previously computed during the
41 // import phase to each eligible virtual call.
42 //
43 // During ThinLTO, the pass operates in two phases:
44 // - Export phase: this is run during the thin link over the index which
45 // contains a summary of all vtables with !type metadata that participate in
46 // the link. It computes a resolution for each virtual call and stores it in
47 // the type identifier summary. Only single implementation devirtualization
48 // is supported.
49 // - Import phase: (same as with hybrid case above).
50 //
51 //===----------------------------------------------------------------------===//
52
53 #include "llvm/Transforms/IPO/WholeProgramDevirt.h"
54 #include "llvm/ADT/ArrayRef.h"
55 #include "llvm/ADT/DenseMap.h"
56 #include "llvm/ADT/DenseMapInfo.h"
57 #include "llvm/ADT/DenseSet.h"
58 #include "llvm/ADT/MapVector.h"
59 #include "llvm/ADT/SmallVector.h"
60 #include "llvm/ADT/Statistic.h"
61 #include "llvm/ADT/Triple.h"
62 #include "llvm/ADT/iterator_range.h"
63 #include "llvm/Analysis/AssumptionCache.h"
64 #include "llvm/Analysis/BasicAliasAnalysis.h"
65 #include "llvm/Analysis/OptimizationRemarkEmitter.h"
66 #include "llvm/Analysis/TypeMetadataUtils.h"
67 #include "llvm/Bitcode/BitcodeReader.h"
68 #include "llvm/Bitcode/BitcodeWriter.h"
69 #include "llvm/IR/Constants.h"
70 #include "llvm/IR/DataLayout.h"
71 #include "llvm/IR/DebugLoc.h"
72 #include "llvm/IR/DerivedTypes.h"
73 #include "llvm/IR/Dominators.h"
74 #include "llvm/IR/Function.h"
75 #include "llvm/IR/GlobalAlias.h"
76 #include "llvm/IR/GlobalVariable.h"
77 #include "llvm/IR/IRBuilder.h"
78 #include "llvm/IR/InstrTypes.h"
79 #include "llvm/IR/Instruction.h"
80 #include "llvm/IR/Instructions.h"
81 #include "llvm/IR/Intrinsics.h"
82 #include "llvm/IR/LLVMContext.h"
83 #include "llvm/IR/MDBuilder.h"
84 #include "llvm/IR/Metadata.h"
85 #include "llvm/IR/Module.h"
86 #include "llvm/IR/ModuleSummaryIndexYAML.h"
87 #include "llvm/InitializePasses.h"
88 #include "llvm/Pass.h"
89 #include "llvm/PassRegistry.h"
90 #include "llvm/Support/Casting.h"
91 #include "llvm/Support/CommandLine.h"
92 #include "llvm/Support/Errc.h"
93 #include "llvm/Support/Error.h"
94 #include "llvm/Support/FileSystem.h"
95 #include "llvm/Support/GlobPattern.h"
96 #include "llvm/Support/MathExtras.h"
97 #include "llvm/Transforms/IPO.h"
98 #include "llvm/Transforms/IPO/FunctionAttrs.h"
99 #include "llvm/Transforms/Utils/BasicBlockUtils.h"
100 #include "llvm/Transforms/Utils/CallPromotionUtils.h"
101 #include "llvm/Transforms/Utils/Evaluator.h"
102 #include <algorithm>
103 #include <cstddef>
104 #include <map>
105 #include <set>
106 #include <string>
107
108 using namespace llvm;
109 using namespace wholeprogramdevirt;
110
111 #define DEBUG_TYPE "wholeprogramdevirt"
112
113 STATISTIC(NumDevirtTargets, "Number of whole program devirtualization targets");
114 STATISTIC(NumSingleImpl, "Number of single implementation devirtualizations");
115 STATISTIC(NumBranchFunnel, "Number of branch funnels");
116 STATISTIC(NumUniformRetVal, "Number of uniform return value optimizations");
117 STATISTIC(NumUniqueRetVal, "Number of unique return value optimizations");
118 STATISTIC(NumVirtConstProp1Bit,
119 "Number of 1 bit virtual constant propagations");
120 STATISTIC(NumVirtConstProp, "Number of virtual constant propagations");
121
122 static cl::opt<PassSummaryAction> ClSummaryAction(
123 "wholeprogramdevirt-summary-action",
124 cl::desc("What to do with the summary when running this pass"),
125 cl::values(clEnumValN(PassSummaryAction::None, "none", "Do nothing"),
126 clEnumValN(PassSummaryAction::Import, "import",
127 "Import typeid resolutions from summary and globals"),
128 clEnumValN(PassSummaryAction::Export, "export",
129 "Export typeid resolutions to summary and globals")),
130 cl::Hidden);
131
132 static cl::opt<std::string> ClReadSummary(
133 "wholeprogramdevirt-read-summary",
134 cl::desc(
135 "Read summary from given bitcode or YAML file before running pass"),
136 cl::Hidden);
137
138 static cl::opt<std::string> ClWriteSummary(
139 "wholeprogramdevirt-write-summary",
140 cl::desc("Write summary to given bitcode or YAML file after running pass. "
141 "Output file format is deduced from extension: *.bc means writing "
142 "bitcode, otherwise YAML"),
143 cl::Hidden);
144
145 static cl::opt<unsigned>
146 ClThreshold("wholeprogramdevirt-branch-funnel-threshold", cl::Hidden,
147 cl::init(10),
148 cl::desc("Maximum number of call targets per "
149 "call site to enable branch funnels"));
150
151 static cl::opt<bool>
152 PrintSummaryDevirt("wholeprogramdevirt-print-index-based", cl::Hidden,
153 cl::desc("Print index-based devirtualization messages"));
154
155 /// Provide a way to force enable whole program visibility in tests.
156 /// This is needed to support legacy tests that don't contain
157 /// !vcall_visibility metadata (the mere presense of type tests
158 /// previously implied hidden visibility).
159 static cl::opt<bool>
160 WholeProgramVisibility("whole-program-visibility", cl::Hidden,
161 cl::desc("Enable whole program visibility"));
162
163 /// Provide a way to force disable whole program for debugging or workarounds,
164 /// when enabled via the linker.
165 static cl::opt<bool> DisableWholeProgramVisibility(
166 "disable-whole-program-visibility", cl::Hidden,
167 cl::desc("Disable whole program visibility (overrides enabling options)"));
168
169 /// Provide way to prevent certain function from being devirtualized
170 static cl::list<std::string>
171 SkipFunctionNames("wholeprogramdevirt-skip",
172 cl::desc("Prevent function(s) from being devirtualized"),
173 cl::Hidden, cl::CommaSeparated);
174
175 /// Mechanism to add runtime checking of devirtualization decisions, optionally
176 /// trapping or falling back to indirect call on any that are not correct.
177 /// Trapping mode is useful for debugging undefined behavior leading to failures
178 /// with WPD. Fallback mode is useful for ensuring safety when whole program
179 /// visibility may be compromised.
180 enum WPDCheckMode { None, Trap, Fallback };
181 static cl::opt<WPDCheckMode> DevirtCheckMode(
182 "wholeprogramdevirt-check", cl::Hidden,
183 cl::desc("Type of checking for incorrect devirtualizations"),
184 cl::values(clEnumValN(WPDCheckMode::None, "none", "No checking"),
185 clEnumValN(WPDCheckMode::Trap, "trap", "Trap when incorrect"),
186 clEnumValN(WPDCheckMode::Fallback, "fallback",
187 "Fallback to indirect when incorrect")));
188
189 namespace {
190 struct PatternList {
191 std::vector<GlobPattern> Patterns;
init__anon1e24568a0111::PatternList192 template <class T> void init(const T &StringList) {
193 for (const auto &S : StringList)
194 if (Expected<GlobPattern> Pat = GlobPattern::create(S))
195 Patterns.push_back(std::move(*Pat));
196 }
match__anon1e24568a0111::PatternList197 bool match(StringRef S) {
198 for (const GlobPattern &P : Patterns)
199 if (P.match(S))
200 return true;
201 return false;
202 }
203 };
204 } // namespace
205
206 // Find the minimum offset that we may store a value of size Size bits at. If
207 // IsAfter is set, look for an offset before the object, otherwise look for an
208 // offset after the object.
209 uint64_t
findLowestOffset(ArrayRef<VirtualCallTarget> Targets,bool IsAfter,uint64_t Size)210 wholeprogramdevirt::findLowestOffset(ArrayRef<VirtualCallTarget> Targets,
211 bool IsAfter, uint64_t Size) {
212 // Find a minimum offset taking into account only vtable sizes.
213 uint64_t MinByte = 0;
214 for (const VirtualCallTarget &Target : Targets) {
215 if (IsAfter)
216 MinByte = std::max(MinByte, Target.minAfterBytes());
217 else
218 MinByte = std::max(MinByte, Target.minBeforeBytes());
219 }
220
221 // Build a vector of arrays of bytes covering, for each target, a slice of the
222 // used region (see AccumBitVector::BytesUsed in
223 // llvm/Transforms/IPO/WholeProgramDevirt.h) starting at MinByte. Effectively,
224 // this aligns the used regions to start at MinByte.
225 //
226 // In this example, A, B and C are vtables, # is a byte already allocated for
227 // a virtual function pointer, AAAA... (etc.) are the used regions for the
228 // vtables and Offset(X) is the value computed for the Offset variable below
229 // for X.
230 //
231 // Offset(A)
232 // | |
233 // |MinByte
234 // A: ################AAAAAAAA|AAAAAAAA
235 // B: ########BBBBBBBBBBBBBBBB|BBBB
236 // C: ########################|CCCCCCCCCCCCCCCC
237 // | Offset(B) |
238 //
239 // This code produces the slices of A, B and C that appear after the divider
240 // at MinByte.
241 std::vector<ArrayRef<uint8_t>> Used;
242 for (const VirtualCallTarget &Target : Targets) {
243 ArrayRef<uint8_t> VTUsed = IsAfter ? Target.TM->Bits->After.BytesUsed
244 : Target.TM->Bits->Before.BytesUsed;
245 uint64_t Offset = IsAfter ? MinByte - Target.minAfterBytes()
246 : MinByte - Target.minBeforeBytes();
247
248 // Disregard used regions that are smaller than Offset. These are
249 // effectively all-free regions that do not need to be checked.
250 if (VTUsed.size() > Offset)
251 Used.push_back(VTUsed.slice(Offset));
252 }
253
254 if (Size == 1) {
255 // Find a free bit in each member of Used.
256 for (unsigned I = 0;; ++I) {
257 uint8_t BitsUsed = 0;
258 for (auto &&B : Used)
259 if (I < B.size())
260 BitsUsed |= B[I];
261 if (BitsUsed != 0xff)
262 return (MinByte + I) * 8 + countTrailingZeros(uint8_t(~BitsUsed));
263 }
264 } else {
265 // Find a free (Size/8) byte region in each member of Used.
266 // FIXME: see if alignment helps.
267 for (unsigned I = 0;; ++I) {
268 for (auto &&B : Used) {
269 unsigned Byte = 0;
270 while ((I + Byte) < B.size() && Byte < (Size / 8)) {
271 if (B[I + Byte])
272 goto NextI;
273 ++Byte;
274 }
275 }
276 return (MinByte + I) * 8;
277 NextI:;
278 }
279 }
280 }
281
setBeforeReturnValues(MutableArrayRef<VirtualCallTarget> Targets,uint64_t AllocBefore,unsigned BitWidth,int64_t & OffsetByte,uint64_t & OffsetBit)282 void wholeprogramdevirt::setBeforeReturnValues(
283 MutableArrayRef<VirtualCallTarget> Targets, uint64_t AllocBefore,
284 unsigned BitWidth, int64_t &OffsetByte, uint64_t &OffsetBit) {
285 if (BitWidth == 1)
286 OffsetByte = -(AllocBefore / 8 + 1);
287 else
288 OffsetByte = -((AllocBefore + 7) / 8 + (BitWidth + 7) / 8);
289 OffsetBit = AllocBefore % 8;
290
291 for (VirtualCallTarget &Target : Targets) {
292 if (BitWidth == 1)
293 Target.setBeforeBit(AllocBefore);
294 else
295 Target.setBeforeBytes(AllocBefore, (BitWidth + 7) / 8);
296 }
297 }
298
setAfterReturnValues(MutableArrayRef<VirtualCallTarget> Targets,uint64_t AllocAfter,unsigned BitWidth,int64_t & OffsetByte,uint64_t & OffsetBit)299 void wholeprogramdevirt::setAfterReturnValues(
300 MutableArrayRef<VirtualCallTarget> Targets, uint64_t AllocAfter,
301 unsigned BitWidth, int64_t &OffsetByte, uint64_t &OffsetBit) {
302 if (BitWidth == 1)
303 OffsetByte = AllocAfter / 8;
304 else
305 OffsetByte = (AllocAfter + 7) / 8;
306 OffsetBit = AllocAfter % 8;
307
308 for (VirtualCallTarget &Target : Targets) {
309 if (BitWidth == 1)
310 Target.setAfterBit(AllocAfter);
311 else
312 Target.setAfterBytes(AllocAfter, (BitWidth + 7) / 8);
313 }
314 }
315
VirtualCallTarget(Function * Fn,const TypeMemberInfo * TM)316 VirtualCallTarget::VirtualCallTarget(Function *Fn, const TypeMemberInfo *TM)
317 : Fn(Fn), TM(TM),
318 IsBigEndian(Fn->getParent()->getDataLayout().isBigEndian()), WasDevirt(false) {}
319
320 namespace {
321
322 // A slot in a set of virtual tables. The TypeID identifies the set of virtual
323 // tables, and the ByteOffset is the offset in bytes from the address point to
324 // the virtual function pointer.
325 struct VTableSlot {
326 Metadata *TypeID;
327 uint64_t ByteOffset;
328 };
329
330 } // end anonymous namespace
331
332 namespace llvm {
333
334 template <> struct DenseMapInfo<VTableSlot> {
getEmptyKeyllvm::DenseMapInfo335 static VTableSlot getEmptyKey() {
336 return {DenseMapInfo<Metadata *>::getEmptyKey(),
337 DenseMapInfo<uint64_t>::getEmptyKey()};
338 }
getTombstoneKeyllvm::DenseMapInfo339 static VTableSlot getTombstoneKey() {
340 return {DenseMapInfo<Metadata *>::getTombstoneKey(),
341 DenseMapInfo<uint64_t>::getTombstoneKey()};
342 }
getHashValuellvm::DenseMapInfo343 static unsigned getHashValue(const VTableSlot &I) {
344 return DenseMapInfo<Metadata *>::getHashValue(I.TypeID) ^
345 DenseMapInfo<uint64_t>::getHashValue(I.ByteOffset);
346 }
isEqualllvm::DenseMapInfo347 static bool isEqual(const VTableSlot &LHS,
348 const VTableSlot &RHS) {
349 return LHS.TypeID == RHS.TypeID && LHS.ByteOffset == RHS.ByteOffset;
350 }
351 };
352
353 template <> struct DenseMapInfo<VTableSlotSummary> {
getEmptyKeyllvm::DenseMapInfo354 static VTableSlotSummary getEmptyKey() {
355 return {DenseMapInfo<StringRef>::getEmptyKey(),
356 DenseMapInfo<uint64_t>::getEmptyKey()};
357 }
getTombstoneKeyllvm::DenseMapInfo358 static VTableSlotSummary getTombstoneKey() {
359 return {DenseMapInfo<StringRef>::getTombstoneKey(),
360 DenseMapInfo<uint64_t>::getTombstoneKey()};
361 }
getHashValuellvm::DenseMapInfo362 static unsigned getHashValue(const VTableSlotSummary &I) {
363 return DenseMapInfo<StringRef>::getHashValue(I.TypeID) ^
364 DenseMapInfo<uint64_t>::getHashValue(I.ByteOffset);
365 }
isEqualllvm::DenseMapInfo366 static bool isEqual(const VTableSlotSummary &LHS,
367 const VTableSlotSummary &RHS) {
368 return LHS.TypeID == RHS.TypeID && LHS.ByteOffset == RHS.ByteOffset;
369 }
370 };
371
372 } // end namespace llvm
373
374 namespace {
375
376 // Returns true if the function must be unreachable based on ValueInfo.
377 //
378 // In particular, identifies a function as unreachable in the following
379 // conditions
380 // 1) All summaries are live.
381 // 2) All function summaries indicate it's unreachable
mustBeUnreachableFunction(ValueInfo TheFnVI)382 bool mustBeUnreachableFunction(ValueInfo TheFnVI) {
383 if ((!TheFnVI) || TheFnVI.getSummaryList().empty()) {
384 // Returns false if ValueInfo is absent, or the summary list is empty
385 // (e.g., function declarations).
386 return false;
387 }
388
389 for (const auto &Summary : TheFnVI.getSummaryList()) {
390 // Conservatively returns false if any non-live functions are seen.
391 // In general either all summaries should be live or all should be dead.
392 if (!Summary->isLive())
393 return false;
394 if (auto *FS = dyn_cast<FunctionSummary>(Summary.get())) {
395 if (!FS->fflags().MustBeUnreachable)
396 return false;
397 }
398 // Do nothing if a non-function has the same GUID (which is rare).
399 // This is correct since non-function summaries are not relevant.
400 }
401 // All function summaries are live and all of them agree that the function is
402 // unreachble.
403 return true;
404 }
405
406 // A virtual call site. VTable is the loaded virtual table pointer, and CS is
407 // the indirect virtual call.
408 struct VirtualCallSite {
409 Value *VTable = nullptr;
410 CallBase &CB;
411
412 // If non-null, this field points to the associated unsafe use count stored in
413 // the DevirtModule::NumUnsafeUsesForTypeTest map below. See the description
414 // of that field for details.
415 unsigned *NumUnsafeUses = nullptr;
416
417 void
emitRemark__anon1e24568a0311::VirtualCallSite418 emitRemark(const StringRef OptName, const StringRef TargetName,
419 function_ref<OptimizationRemarkEmitter &(Function *)> OREGetter) {
420 Function *F = CB.getCaller();
421 DebugLoc DLoc = CB.getDebugLoc();
422 BasicBlock *Block = CB.getParent();
423
424 using namespace ore;
425 OREGetter(F).emit(OptimizationRemark(DEBUG_TYPE, OptName, DLoc, Block)
426 << NV("Optimization", OptName)
427 << ": devirtualized a call to "
428 << NV("FunctionName", TargetName));
429 }
430
replaceAndErase__anon1e24568a0311::VirtualCallSite431 void replaceAndErase(
432 const StringRef OptName, const StringRef TargetName, bool RemarksEnabled,
433 function_ref<OptimizationRemarkEmitter &(Function *)> OREGetter,
434 Value *New) {
435 if (RemarksEnabled)
436 emitRemark(OptName, TargetName, OREGetter);
437 CB.replaceAllUsesWith(New);
438 if (auto *II = dyn_cast<InvokeInst>(&CB)) {
439 BranchInst::Create(II->getNormalDest(), &CB);
440 II->getUnwindDest()->removePredecessor(II->getParent());
441 }
442 CB.eraseFromParent();
443 // This use is no longer unsafe.
444 if (NumUnsafeUses)
445 --*NumUnsafeUses;
446 }
447 };
448
449 // Call site information collected for a specific VTableSlot and possibly a list
450 // of constant integer arguments. The grouping by arguments is handled by the
451 // VTableSlotInfo class.
452 struct CallSiteInfo {
453 /// The set of call sites for this slot. Used during regular LTO and the
454 /// import phase of ThinLTO (as well as the export phase of ThinLTO for any
455 /// call sites that appear in the merged module itself); in each of these
456 /// cases we are directly operating on the call sites at the IR level.
457 std::vector<VirtualCallSite> CallSites;
458
459 /// Whether all call sites represented by this CallSiteInfo, including those
460 /// in summaries, have been devirtualized. This starts off as true because a
461 /// default constructed CallSiteInfo represents no call sites.
462 bool AllCallSitesDevirted = true;
463
464 // These fields are used during the export phase of ThinLTO and reflect
465 // information collected from function summaries.
466
467 /// Whether any function summary contains an llvm.assume(llvm.type.test) for
468 /// this slot.
469 bool SummaryHasTypeTestAssumeUsers = false;
470
471 /// CFI-specific: a vector containing the list of function summaries that use
472 /// the llvm.type.checked.load intrinsic and therefore will require
473 /// resolutions for llvm.type.test in order to implement CFI checks if
474 /// devirtualization was unsuccessful. If devirtualization was successful, the
475 /// pass will clear this vector by calling markDevirt(). If at the end of the
476 /// pass the vector is non-empty, we will need to add a use of llvm.type.test
477 /// to each of the function summaries in the vector.
478 std::vector<FunctionSummary *> SummaryTypeCheckedLoadUsers;
479 std::vector<FunctionSummary *> SummaryTypeTestAssumeUsers;
480
isExported__anon1e24568a0311::CallSiteInfo481 bool isExported() const {
482 return SummaryHasTypeTestAssumeUsers ||
483 !SummaryTypeCheckedLoadUsers.empty();
484 }
485
addSummaryTypeCheckedLoadUser__anon1e24568a0311::CallSiteInfo486 void addSummaryTypeCheckedLoadUser(FunctionSummary *FS) {
487 SummaryTypeCheckedLoadUsers.push_back(FS);
488 AllCallSitesDevirted = false;
489 }
490
addSummaryTypeTestAssumeUser__anon1e24568a0311::CallSiteInfo491 void addSummaryTypeTestAssumeUser(FunctionSummary *FS) {
492 SummaryTypeTestAssumeUsers.push_back(FS);
493 SummaryHasTypeTestAssumeUsers = true;
494 AllCallSitesDevirted = false;
495 }
496
markDevirt__anon1e24568a0311::CallSiteInfo497 void markDevirt() {
498 AllCallSitesDevirted = true;
499
500 // As explained in the comment for SummaryTypeCheckedLoadUsers.
501 SummaryTypeCheckedLoadUsers.clear();
502 }
503 };
504
505 // Call site information collected for a specific VTableSlot.
506 struct VTableSlotInfo {
507 // The set of call sites which do not have all constant integer arguments
508 // (excluding "this").
509 CallSiteInfo CSInfo;
510
511 // The set of call sites with all constant integer arguments (excluding
512 // "this"), grouped by argument list.
513 std::map<std::vector<uint64_t>, CallSiteInfo> ConstCSInfo;
514
515 void addCallSite(Value *VTable, CallBase &CB, unsigned *NumUnsafeUses);
516
517 private:
518 CallSiteInfo &findCallSiteInfo(CallBase &CB);
519 };
520
findCallSiteInfo(CallBase & CB)521 CallSiteInfo &VTableSlotInfo::findCallSiteInfo(CallBase &CB) {
522 std::vector<uint64_t> Args;
523 auto *CBType = dyn_cast<IntegerType>(CB.getType());
524 if (!CBType || CBType->getBitWidth() > 64 || CB.arg_empty())
525 return CSInfo;
526 for (auto &&Arg : drop_begin(CB.args())) {
527 auto *CI = dyn_cast<ConstantInt>(Arg);
528 if (!CI || CI->getBitWidth() > 64)
529 return CSInfo;
530 Args.push_back(CI->getZExtValue());
531 }
532 return ConstCSInfo[Args];
533 }
534
addCallSite(Value * VTable,CallBase & CB,unsigned * NumUnsafeUses)535 void VTableSlotInfo::addCallSite(Value *VTable, CallBase &CB,
536 unsigned *NumUnsafeUses) {
537 auto &CSI = findCallSiteInfo(CB);
538 CSI.AllCallSitesDevirted = false;
539 CSI.CallSites.push_back({VTable, CB, NumUnsafeUses});
540 }
541
542 struct DevirtModule {
543 Module &M;
544 function_ref<AAResults &(Function &)> AARGetter;
545 function_ref<DominatorTree &(Function &)> LookupDomTree;
546
547 ModuleSummaryIndex *ExportSummary;
548 const ModuleSummaryIndex *ImportSummary;
549
550 IntegerType *Int8Ty;
551 PointerType *Int8PtrTy;
552 IntegerType *Int32Ty;
553 IntegerType *Int64Ty;
554 IntegerType *IntPtrTy;
555 /// Sizeless array type, used for imported vtables. This provides a signal
556 /// to analyzers that these imports may alias, as they do for example
557 /// when multiple unique return values occur in the same vtable.
558 ArrayType *Int8Arr0Ty;
559
560 bool RemarksEnabled;
561 function_ref<OptimizationRemarkEmitter &(Function *)> OREGetter;
562
563 MapVector<VTableSlot, VTableSlotInfo> CallSlots;
564
565 // Calls that have already been optimized. We may add a call to multiple
566 // VTableSlotInfos if vtable loads are coalesced and need to make sure not to
567 // optimize a call more than once.
568 SmallPtrSet<CallBase *, 8> OptimizedCalls;
569
570 // This map keeps track of the number of "unsafe" uses of a loaded function
571 // pointer. The key is the associated llvm.type.test intrinsic call generated
572 // by this pass. An unsafe use is one that calls the loaded function pointer
573 // directly. Every time we eliminate an unsafe use (for example, by
574 // devirtualizing it or by applying virtual constant propagation), we
575 // decrement the value stored in this map. If a value reaches zero, we can
576 // eliminate the type check by RAUWing the associated llvm.type.test call with
577 // true.
578 std::map<CallInst *, unsigned> NumUnsafeUsesForTypeTest;
579 PatternList FunctionsToSkip;
580
DevirtModule__anon1e24568a0311::DevirtModule581 DevirtModule(Module &M, function_ref<AAResults &(Function &)> AARGetter,
582 function_ref<OptimizationRemarkEmitter &(Function *)> OREGetter,
583 function_ref<DominatorTree &(Function &)> LookupDomTree,
584 ModuleSummaryIndex *ExportSummary,
585 const ModuleSummaryIndex *ImportSummary)
586 : M(M), AARGetter(AARGetter), LookupDomTree(LookupDomTree),
587 ExportSummary(ExportSummary), ImportSummary(ImportSummary),
588 Int8Ty(Type::getInt8Ty(M.getContext())),
589 Int8PtrTy(Type::getInt8PtrTy(M.getContext())),
590 Int32Ty(Type::getInt32Ty(M.getContext())),
591 Int64Ty(Type::getInt64Ty(M.getContext())),
592 IntPtrTy(M.getDataLayout().getIntPtrType(M.getContext(), 0)),
593 Int8Arr0Ty(ArrayType::get(Type::getInt8Ty(M.getContext()), 0)),
594 RemarksEnabled(areRemarksEnabled()), OREGetter(OREGetter) {
595 assert(!(ExportSummary && ImportSummary));
596 FunctionsToSkip.init(SkipFunctionNames);
597 }
598
599 bool areRemarksEnabled();
600
601 void
602 scanTypeTestUsers(Function *TypeTestFunc,
603 DenseMap<Metadata *, std::set<TypeMemberInfo>> &TypeIdMap);
604 void scanTypeCheckedLoadUsers(Function *TypeCheckedLoadFunc);
605
606 void buildTypeIdentifierMap(
607 std::vector<VTableBits> &Bits,
608 DenseMap<Metadata *, std::set<TypeMemberInfo>> &TypeIdMap);
609
610 bool
611 tryFindVirtualCallTargets(std::vector<VirtualCallTarget> &TargetsForSlot,
612 const std::set<TypeMemberInfo> &TypeMemberInfos,
613 uint64_t ByteOffset,
614 ModuleSummaryIndex *ExportSummary);
615
616 void applySingleImplDevirt(VTableSlotInfo &SlotInfo, Constant *TheFn,
617 bool &IsExported);
618 bool trySingleImplDevirt(ModuleSummaryIndex *ExportSummary,
619 MutableArrayRef<VirtualCallTarget> TargetsForSlot,
620 VTableSlotInfo &SlotInfo,
621 WholeProgramDevirtResolution *Res);
622
623 void applyICallBranchFunnel(VTableSlotInfo &SlotInfo, Constant *JT,
624 bool &IsExported);
625 void tryICallBranchFunnel(MutableArrayRef<VirtualCallTarget> TargetsForSlot,
626 VTableSlotInfo &SlotInfo,
627 WholeProgramDevirtResolution *Res, VTableSlot Slot);
628
629 bool tryEvaluateFunctionsWithArgs(
630 MutableArrayRef<VirtualCallTarget> TargetsForSlot,
631 ArrayRef<uint64_t> Args);
632
633 void applyUniformRetValOpt(CallSiteInfo &CSInfo, StringRef FnName,
634 uint64_t TheRetVal);
635 bool tryUniformRetValOpt(MutableArrayRef<VirtualCallTarget> TargetsForSlot,
636 CallSiteInfo &CSInfo,
637 WholeProgramDevirtResolution::ByArg *Res);
638
639 // Returns the global symbol name that is used to export information about the
640 // given vtable slot and list of arguments.
641 std::string getGlobalName(VTableSlot Slot, ArrayRef<uint64_t> Args,
642 StringRef Name);
643
644 bool shouldExportConstantsAsAbsoluteSymbols();
645
646 // This function is called during the export phase to create a symbol
647 // definition containing information about the given vtable slot and list of
648 // arguments.
649 void exportGlobal(VTableSlot Slot, ArrayRef<uint64_t> Args, StringRef Name,
650 Constant *C);
651 void exportConstant(VTableSlot Slot, ArrayRef<uint64_t> Args, StringRef Name,
652 uint32_t Const, uint32_t &Storage);
653
654 // This function is called during the import phase to create a reference to
655 // the symbol definition created during the export phase.
656 Constant *importGlobal(VTableSlot Slot, ArrayRef<uint64_t> Args,
657 StringRef Name);
658 Constant *importConstant(VTableSlot Slot, ArrayRef<uint64_t> Args,
659 StringRef Name, IntegerType *IntTy,
660 uint32_t Storage);
661
662 Constant *getMemberAddr(const TypeMemberInfo *M);
663
664 void applyUniqueRetValOpt(CallSiteInfo &CSInfo, StringRef FnName, bool IsOne,
665 Constant *UniqueMemberAddr);
666 bool tryUniqueRetValOpt(unsigned BitWidth,
667 MutableArrayRef<VirtualCallTarget> TargetsForSlot,
668 CallSiteInfo &CSInfo,
669 WholeProgramDevirtResolution::ByArg *Res,
670 VTableSlot Slot, ArrayRef<uint64_t> Args);
671
672 void applyVirtualConstProp(CallSiteInfo &CSInfo, StringRef FnName,
673 Constant *Byte, Constant *Bit);
674 bool tryVirtualConstProp(MutableArrayRef<VirtualCallTarget> TargetsForSlot,
675 VTableSlotInfo &SlotInfo,
676 WholeProgramDevirtResolution *Res, VTableSlot Slot);
677
678 void rebuildGlobal(VTableBits &B);
679
680 // Apply the summary resolution for Slot to all virtual calls in SlotInfo.
681 void importResolution(VTableSlot Slot, VTableSlotInfo &SlotInfo);
682
683 // If we were able to eliminate all unsafe uses for a type checked load,
684 // eliminate the associated type tests by replacing them with true.
685 void removeRedundantTypeTests();
686
687 bool run();
688
689 // Look up the corresponding ValueInfo entry of `TheFn` in `ExportSummary`.
690 //
691 // Caller guarantees that `ExportSummary` is not nullptr.
692 static ValueInfo lookUpFunctionValueInfo(Function *TheFn,
693 ModuleSummaryIndex *ExportSummary);
694
695 // Returns true if the function definition must be unreachable.
696 //
697 // Note if this helper function returns true, `F` is guaranteed
698 // to be unreachable; if it returns false, `F` might still
699 // be unreachable but not covered by this helper function.
700 //
701 // Implementation-wise, if function definition is present, IR is analyzed; if
702 // not, look up function flags from ExportSummary as a fallback.
703 static bool mustBeUnreachableFunction(Function *const F,
704 ModuleSummaryIndex *ExportSummary);
705
706 // Lower the module using the action and summary passed as command line
707 // arguments. For testing purposes only.
708 static bool
709 runForTesting(Module &M, function_ref<AAResults &(Function &)> AARGetter,
710 function_ref<OptimizationRemarkEmitter &(Function *)> OREGetter,
711 function_ref<DominatorTree &(Function &)> LookupDomTree);
712 };
713
714 struct DevirtIndex {
715 ModuleSummaryIndex &ExportSummary;
716 // The set in which to record GUIDs exported from their module by
717 // devirtualization, used by client to ensure they are not internalized.
718 std::set<GlobalValue::GUID> &ExportedGUIDs;
719 // A map in which to record the information necessary to locate the WPD
720 // resolution for local targets in case they are exported by cross module
721 // importing.
722 std::map<ValueInfo, std::vector<VTableSlotSummary>> &LocalWPDTargetsMap;
723
724 MapVector<VTableSlotSummary, VTableSlotInfo> CallSlots;
725
726 PatternList FunctionsToSkip;
727
DevirtIndex__anon1e24568a0311::DevirtIndex728 DevirtIndex(
729 ModuleSummaryIndex &ExportSummary,
730 std::set<GlobalValue::GUID> &ExportedGUIDs,
731 std::map<ValueInfo, std::vector<VTableSlotSummary>> &LocalWPDTargetsMap)
732 : ExportSummary(ExportSummary), ExportedGUIDs(ExportedGUIDs),
733 LocalWPDTargetsMap(LocalWPDTargetsMap) {
734 FunctionsToSkip.init(SkipFunctionNames);
735 }
736
737 bool tryFindVirtualCallTargets(std::vector<ValueInfo> &TargetsForSlot,
738 const TypeIdCompatibleVtableInfo TIdInfo,
739 uint64_t ByteOffset);
740
741 bool trySingleImplDevirt(MutableArrayRef<ValueInfo> TargetsForSlot,
742 VTableSlotSummary &SlotSummary,
743 VTableSlotInfo &SlotInfo,
744 WholeProgramDevirtResolution *Res,
745 std::set<ValueInfo> &DevirtTargets);
746
747 void run();
748 };
749 } // end anonymous namespace
750
run(Module & M,ModuleAnalysisManager & AM)751 PreservedAnalyses WholeProgramDevirtPass::run(Module &M,
752 ModuleAnalysisManager &AM) {
753 auto &FAM = AM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager();
754 auto AARGetter = [&](Function &F) -> AAResults & {
755 return FAM.getResult<AAManager>(F);
756 };
757 auto OREGetter = [&](Function *F) -> OptimizationRemarkEmitter & {
758 return FAM.getResult<OptimizationRemarkEmitterAnalysis>(*F);
759 };
760 auto LookupDomTree = [&FAM](Function &F) -> DominatorTree & {
761 return FAM.getResult<DominatorTreeAnalysis>(F);
762 };
763 if (UseCommandLine) {
764 if (DevirtModule::runForTesting(M, AARGetter, OREGetter, LookupDomTree))
765 return PreservedAnalyses::all();
766 return PreservedAnalyses::none();
767 }
768 if (!DevirtModule(M, AARGetter, OREGetter, LookupDomTree, ExportSummary,
769 ImportSummary)
770 .run())
771 return PreservedAnalyses::all();
772 return PreservedAnalyses::none();
773 }
774
775 namespace llvm {
776 // Enable whole program visibility if enabled by client (e.g. linker) or
777 // internal option, and not force disabled.
hasWholeProgramVisibility(bool WholeProgramVisibilityEnabledInLTO)778 bool hasWholeProgramVisibility(bool WholeProgramVisibilityEnabledInLTO) {
779 return (WholeProgramVisibilityEnabledInLTO || WholeProgramVisibility) &&
780 !DisableWholeProgramVisibility;
781 }
782
783 /// If whole program visibility asserted, then upgrade all public vcall
784 /// visibility metadata on vtable definitions to linkage unit visibility in
785 /// Module IR (for regular or hybrid LTO).
updateVCallVisibilityInModule(Module & M,bool WholeProgramVisibilityEnabledInLTO,const DenseSet<GlobalValue::GUID> & DynamicExportSymbols)786 void updateVCallVisibilityInModule(
787 Module &M, bool WholeProgramVisibilityEnabledInLTO,
788 const DenseSet<GlobalValue::GUID> &DynamicExportSymbols) {
789 if (!hasWholeProgramVisibility(WholeProgramVisibilityEnabledInLTO))
790 return;
791 for (GlobalVariable &GV : M.globals()) {
792 // Add linkage unit visibility to any variable with type metadata, which are
793 // the vtable definitions. We won't have an existing vcall_visibility
794 // metadata on vtable definitions with public visibility.
795 if (GV.hasMetadata(LLVMContext::MD_type) &&
796 GV.getVCallVisibility() == GlobalObject::VCallVisibilityPublic &&
797 // Don't upgrade the visibility for symbols exported to the dynamic
798 // linker, as we have no information on their eventual use.
799 !DynamicExportSymbols.count(GV.getGUID()))
800 GV.setVCallVisibilityMetadata(GlobalObject::VCallVisibilityLinkageUnit);
801 }
802 }
803
updatePublicTypeTestCalls(Module & M,bool WholeProgramVisibilityEnabledInLTO)804 void updatePublicTypeTestCalls(Module &M,
805 bool WholeProgramVisibilityEnabledInLTO) {
806 Function *PublicTypeTestFunc =
807 M.getFunction(Intrinsic::getName(Intrinsic::public_type_test));
808 if (!PublicTypeTestFunc)
809 return;
810 if (hasWholeProgramVisibility(WholeProgramVisibilityEnabledInLTO)) {
811 Function *TypeTestFunc =
812 Intrinsic::getDeclaration(&M, Intrinsic::type_test);
813 for (Use &U : make_early_inc_range(PublicTypeTestFunc->uses())) {
814 auto *CI = cast<CallInst>(U.getUser());
815 auto *NewCI = CallInst::Create(
816 TypeTestFunc, {CI->getArgOperand(0), CI->getArgOperand(1)},
817 std::nullopt, "", CI);
818 CI->replaceAllUsesWith(NewCI);
819 CI->eraseFromParent();
820 }
821 } else {
822 auto *True = ConstantInt::getTrue(M.getContext());
823 for (Use &U : make_early_inc_range(PublicTypeTestFunc->uses())) {
824 auto *CI = cast<CallInst>(U.getUser());
825 CI->replaceAllUsesWith(True);
826 CI->eraseFromParent();
827 }
828 }
829 }
830
831 /// If whole program visibility asserted, then upgrade all public vcall
832 /// visibility metadata on vtable definition summaries to linkage unit
833 /// visibility in Module summary index (for ThinLTO).
updateVCallVisibilityInIndex(ModuleSummaryIndex & Index,bool WholeProgramVisibilityEnabledInLTO,const DenseSet<GlobalValue::GUID> & DynamicExportSymbols)834 void updateVCallVisibilityInIndex(
835 ModuleSummaryIndex &Index, bool WholeProgramVisibilityEnabledInLTO,
836 const DenseSet<GlobalValue::GUID> &DynamicExportSymbols) {
837 if (!hasWholeProgramVisibility(WholeProgramVisibilityEnabledInLTO))
838 return;
839 for (auto &P : Index) {
840 // Don't upgrade the visibility for symbols exported to the dynamic
841 // linker, as we have no information on their eventual use.
842 if (DynamicExportSymbols.count(P.first))
843 continue;
844 for (auto &S : P.second.SummaryList) {
845 auto *GVar = dyn_cast<GlobalVarSummary>(S.get());
846 if (!GVar ||
847 GVar->getVCallVisibility() != GlobalObject::VCallVisibilityPublic)
848 continue;
849 GVar->setVCallVisibility(GlobalObject::VCallVisibilityLinkageUnit);
850 }
851 }
852 }
853
runWholeProgramDevirtOnIndex(ModuleSummaryIndex & Summary,std::set<GlobalValue::GUID> & ExportedGUIDs,std::map<ValueInfo,std::vector<VTableSlotSummary>> & LocalWPDTargetsMap)854 void runWholeProgramDevirtOnIndex(
855 ModuleSummaryIndex &Summary, std::set<GlobalValue::GUID> &ExportedGUIDs,
856 std::map<ValueInfo, std::vector<VTableSlotSummary>> &LocalWPDTargetsMap) {
857 DevirtIndex(Summary, ExportedGUIDs, LocalWPDTargetsMap).run();
858 }
859
updateIndexWPDForExports(ModuleSummaryIndex & Summary,function_ref<bool (StringRef,ValueInfo)> isExported,std::map<ValueInfo,std::vector<VTableSlotSummary>> & LocalWPDTargetsMap)860 void updateIndexWPDForExports(
861 ModuleSummaryIndex &Summary,
862 function_ref<bool(StringRef, ValueInfo)> isExported,
863 std::map<ValueInfo, std::vector<VTableSlotSummary>> &LocalWPDTargetsMap) {
864 for (auto &T : LocalWPDTargetsMap) {
865 auto &VI = T.first;
866 // This was enforced earlier during trySingleImplDevirt.
867 assert(VI.getSummaryList().size() == 1 &&
868 "Devirt of local target has more than one copy");
869 auto &S = VI.getSummaryList()[0];
870 if (!isExported(S->modulePath(), VI))
871 continue;
872
873 // It's been exported by a cross module import.
874 for (auto &SlotSummary : T.second) {
875 auto *TIdSum = Summary.getTypeIdSummary(SlotSummary.TypeID);
876 assert(TIdSum);
877 auto WPDRes = TIdSum->WPDRes.find(SlotSummary.ByteOffset);
878 assert(WPDRes != TIdSum->WPDRes.end());
879 WPDRes->second.SingleImplName = ModuleSummaryIndex::getGlobalNameForLocal(
880 WPDRes->second.SingleImplName,
881 Summary.getModuleHash(S->modulePath()));
882 }
883 }
884 }
885
886 } // end namespace llvm
887
checkCombinedSummaryForTesting(ModuleSummaryIndex * Summary)888 static Error checkCombinedSummaryForTesting(ModuleSummaryIndex *Summary) {
889 // Check that summary index contains regular LTO module when performing
890 // export to prevent occasional use of index from pure ThinLTO compilation
891 // (-fno-split-lto-module). This kind of summary index is passed to
892 // DevirtIndex::run, not to DevirtModule::run used by opt/runForTesting.
893 const auto &ModPaths = Summary->modulePaths();
894 if (ClSummaryAction != PassSummaryAction::Import &&
895 ModPaths.find(ModuleSummaryIndex::getRegularLTOModuleName()) ==
896 ModPaths.end())
897 return createStringError(
898 errc::invalid_argument,
899 "combined summary should contain Regular LTO module");
900 return ErrorSuccess();
901 }
902
runForTesting(Module & M,function_ref<AAResults & (Function &)> AARGetter,function_ref<OptimizationRemarkEmitter & (Function *)> OREGetter,function_ref<DominatorTree & (Function &)> LookupDomTree)903 bool DevirtModule::runForTesting(
904 Module &M, function_ref<AAResults &(Function &)> AARGetter,
905 function_ref<OptimizationRemarkEmitter &(Function *)> OREGetter,
906 function_ref<DominatorTree &(Function &)> LookupDomTree) {
907 std::unique_ptr<ModuleSummaryIndex> Summary =
908 std::make_unique<ModuleSummaryIndex>(/*HaveGVs=*/false);
909
910 // Handle the command-line summary arguments. This code is for testing
911 // purposes only, so we handle errors directly.
912 if (!ClReadSummary.empty()) {
913 ExitOnError ExitOnErr("-wholeprogramdevirt-read-summary: " + ClReadSummary +
914 ": ");
915 auto ReadSummaryFile =
916 ExitOnErr(errorOrToExpected(MemoryBuffer::getFile(ClReadSummary)));
917 if (Expected<std::unique_ptr<ModuleSummaryIndex>> SummaryOrErr =
918 getModuleSummaryIndex(*ReadSummaryFile)) {
919 Summary = std::move(*SummaryOrErr);
920 ExitOnErr(checkCombinedSummaryForTesting(Summary.get()));
921 } else {
922 // Try YAML if we've failed with bitcode.
923 consumeError(SummaryOrErr.takeError());
924 yaml::Input In(ReadSummaryFile->getBuffer());
925 In >> *Summary;
926 ExitOnErr(errorCodeToError(In.error()));
927 }
928 }
929
930 bool Changed =
931 DevirtModule(M, AARGetter, OREGetter, LookupDomTree,
932 ClSummaryAction == PassSummaryAction::Export ? Summary.get()
933 : nullptr,
934 ClSummaryAction == PassSummaryAction::Import ? Summary.get()
935 : nullptr)
936 .run();
937
938 if (!ClWriteSummary.empty()) {
939 ExitOnError ExitOnErr(
940 "-wholeprogramdevirt-write-summary: " + ClWriteSummary + ": ");
941 std::error_code EC;
942 if (StringRef(ClWriteSummary).endswith(".bc")) {
943 raw_fd_ostream OS(ClWriteSummary, EC, sys::fs::OF_None);
944 ExitOnErr(errorCodeToError(EC));
945 writeIndexToFile(*Summary, OS);
946 } else {
947 raw_fd_ostream OS(ClWriteSummary, EC, sys::fs::OF_TextWithCRLF);
948 ExitOnErr(errorCodeToError(EC));
949 yaml::Output Out(OS);
950 Out << *Summary;
951 }
952 }
953
954 return Changed;
955 }
956
buildTypeIdentifierMap(std::vector<VTableBits> & Bits,DenseMap<Metadata *,std::set<TypeMemberInfo>> & TypeIdMap)957 void DevirtModule::buildTypeIdentifierMap(
958 std::vector<VTableBits> &Bits,
959 DenseMap<Metadata *, std::set<TypeMemberInfo>> &TypeIdMap) {
960 DenseMap<GlobalVariable *, VTableBits *> GVToBits;
961 Bits.reserve(M.getGlobalList().size());
962 SmallVector<MDNode *, 2> Types;
963 for (GlobalVariable &GV : M.globals()) {
964 Types.clear();
965 GV.getMetadata(LLVMContext::MD_type, Types);
966 if (GV.isDeclaration() || Types.empty())
967 continue;
968
969 VTableBits *&BitsPtr = GVToBits[&GV];
970 if (!BitsPtr) {
971 Bits.emplace_back();
972 Bits.back().GV = &GV;
973 Bits.back().ObjectSize =
974 M.getDataLayout().getTypeAllocSize(GV.getInitializer()->getType());
975 BitsPtr = &Bits.back();
976 }
977
978 for (MDNode *Type : Types) {
979 auto TypeID = Type->getOperand(1).get();
980
981 uint64_t Offset =
982 cast<ConstantInt>(
983 cast<ConstantAsMetadata>(Type->getOperand(0))->getValue())
984 ->getZExtValue();
985
986 TypeIdMap[TypeID].insert({BitsPtr, Offset});
987 }
988 }
989 }
990
tryFindVirtualCallTargets(std::vector<VirtualCallTarget> & TargetsForSlot,const std::set<TypeMemberInfo> & TypeMemberInfos,uint64_t ByteOffset,ModuleSummaryIndex * ExportSummary)991 bool DevirtModule::tryFindVirtualCallTargets(
992 std::vector<VirtualCallTarget> &TargetsForSlot,
993 const std::set<TypeMemberInfo> &TypeMemberInfos, uint64_t ByteOffset,
994 ModuleSummaryIndex *ExportSummary) {
995 for (const TypeMemberInfo &TM : TypeMemberInfos) {
996 if (!TM.Bits->GV->isConstant())
997 return false;
998
999 // We cannot perform whole program devirtualization analysis on a vtable
1000 // with public LTO visibility.
1001 if (TM.Bits->GV->getVCallVisibility() ==
1002 GlobalObject::VCallVisibilityPublic)
1003 return false;
1004
1005 Constant *Ptr = getPointerAtOffset(TM.Bits->GV->getInitializer(),
1006 TM.Offset + ByteOffset, M);
1007 if (!Ptr)
1008 return false;
1009
1010 auto Fn = dyn_cast<Function>(Ptr->stripPointerCasts());
1011 if (!Fn)
1012 return false;
1013
1014 if (FunctionsToSkip.match(Fn->getName()))
1015 return false;
1016
1017 // We can disregard __cxa_pure_virtual as a possible call target, as
1018 // calls to pure virtuals are UB.
1019 if (Fn->getName() == "__cxa_pure_virtual")
1020 continue;
1021
1022 // We can disregard unreachable functions as possible call targets, as
1023 // unreachable functions shouldn't be called.
1024 if (mustBeUnreachableFunction(Fn, ExportSummary))
1025 continue;
1026
1027 TargetsForSlot.push_back({Fn, &TM});
1028 }
1029
1030 // Give up if we couldn't find any targets.
1031 return !TargetsForSlot.empty();
1032 }
1033
tryFindVirtualCallTargets(std::vector<ValueInfo> & TargetsForSlot,const TypeIdCompatibleVtableInfo TIdInfo,uint64_t ByteOffset)1034 bool DevirtIndex::tryFindVirtualCallTargets(
1035 std::vector<ValueInfo> &TargetsForSlot, const TypeIdCompatibleVtableInfo TIdInfo,
1036 uint64_t ByteOffset) {
1037 for (const TypeIdOffsetVtableInfo &P : TIdInfo) {
1038 // Find a representative copy of the vtable initializer.
1039 // We can have multiple available_externally, linkonce_odr and weak_odr
1040 // vtable initializers. We can also have multiple external vtable
1041 // initializers in the case of comdats, which we cannot check here.
1042 // The linker should give an error in this case.
1043 //
1044 // Also, handle the case of same-named local Vtables with the same path
1045 // and therefore the same GUID. This can happen if there isn't enough
1046 // distinguishing path when compiling the source file. In that case we
1047 // conservatively return false early.
1048 const GlobalVarSummary *VS = nullptr;
1049 bool LocalFound = false;
1050 for (const auto &S : P.VTableVI.getSummaryList()) {
1051 if (GlobalValue::isLocalLinkage(S->linkage())) {
1052 if (LocalFound)
1053 return false;
1054 LocalFound = true;
1055 }
1056 auto *CurVS = cast<GlobalVarSummary>(S->getBaseObject());
1057 if (!CurVS->vTableFuncs().empty() ||
1058 // Previously clang did not attach the necessary type metadata to
1059 // available_externally vtables, in which case there would not
1060 // be any vtable functions listed in the summary and we need
1061 // to treat this case conservatively (in case the bitcode is old).
1062 // However, we will also not have any vtable functions in the
1063 // case of a pure virtual base class. In that case we do want
1064 // to set VS to avoid treating it conservatively.
1065 !GlobalValue::isAvailableExternallyLinkage(S->linkage())) {
1066 VS = CurVS;
1067 // We cannot perform whole program devirtualization analysis on a vtable
1068 // with public LTO visibility.
1069 if (VS->getVCallVisibility() == GlobalObject::VCallVisibilityPublic)
1070 return false;
1071 }
1072 }
1073 // There will be no VS if all copies are available_externally having no
1074 // type metadata. In that case we can't safely perform WPD.
1075 if (!VS)
1076 return false;
1077 if (!VS->isLive())
1078 continue;
1079 for (auto VTP : VS->vTableFuncs()) {
1080 if (VTP.VTableOffset != P.AddressPointOffset + ByteOffset)
1081 continue;
1082
1083 if (mustBeUnreachableFunction(VTP.FuncVI))
1084 continue;
1085
1086 TargetsForSlot.push_back(VTP.FuncVI);
1087 }
1088 }
1089
1090 // Give up if we couldn't find any targets.
1091 return !TargetsForSlot.empty();
1092 }
1093
applySingleImplDevirt(VTableSlotInfo & SlotInfo,Constant * TheFn,bool & IsExported)1094 void DevirtModule::applySingleImplDevirt(VTableSlotInfo &SlotInfo,
1095 Constant *TheFn, bool &IsExported) {
1096 // Don't devirtualize function if we're told to skip it
1097 // in -wholeprogramdevirt-skip.
1098 if (FunctionsToSkip.match(TheFn->stripPointerCasts()->getName()))
1099 return;
1100 auto Apply = [&](CallSiteInfo &CSInfo) {
1101 for (auto &&VCallSite : CSInfo.CallSites) {
1102 if (!OptimizedCalls.insert(&VCallSite.CB).second)
1103 continue;
1104
1105 if (RemarksEnabled)
1106 VCallSite.emitRemark("single-impl",
1107 TheFn->stripPointerCasts()->getName(), OREGetter);
1108 NumSingleImpl++;
1109 auto &CB = VCallSite.CB;
1110 assert(!CB.getCalledFunction() && "devirtualizing direct call?");
1111 IRBuilder<> Builder(&CB);
1112 Value *Callee =
1113 Builder.CreateBitCast(TheFn, CB.getCalledOperand()->getType());
1114
1115 // If trap checking is enabled, add support to compare the virtual
1116 // function pointer to the devirtualized target. In case of a mismatch,
1117 // perform a debug trap.
1118 if (DevirtCheckMode == WPDCheckMode::Trap) {
1119 auto *Cond = Builder.CreateICmpNE(CB.getCalledOperand(), Callee);
1120 Instruction *ThenTerm =
1121 SplitBlockAndInsertIfThen(Cond, &CB, /*Unreachable=*/false);
1122 Builder.SetInsertPoint(ThenTerm);
1123 Function *TrapFn = Intrinsic::getDeclaration(&M, Intrinsic::debugtrap);
1124 auto *CallTrap = Builder.CreateCall(TrapFn);
1125 CallTrap->setDebugLoc(CB.getDebugLoc());
1126 }
1127
1128 // If fallback checking is enabled, add support to compare the virtual
1129 // function pointer to the devirtualized target. In case of a mismatch,
1130 // fall back to indirect call.
1131 if (DevirtCheckMode == WPDCheckMode::Fallback) {
1132 MDNode *Weights =
1133 MDBuilder(M.getContext()).createBranchWeights((1U << 20) - 1, 1);
1134 // Version the indirect call site. If the called value is equal to the
1135 // given callee, 'NewInst' will be executed, otherwise the original call
1136 // site will be executed.
1137 CallBase &NewInst = versionCallSite(CB, Callee, Weights);
1138 NewInst.setCalledOperand(Callee);
1139 // Since the new call site is direct, we must clear metadata that
1140 // is only appropriate for indirect calls. This includes !prof and
1141 // !callees metadata.
1142 NewInst.setMetadata(LLVMContext::MD_prof, nullptr);
1143 NewInst.setMetadata(LLVMContext::MD_callees, nullptr);
1144 // Additionally, we should remove them from the fallback indirect call,
1145 // so that we don't attempt to perform indirect call promotion later.
1146 CB.setMetadata(LLVMContext::MD_prof, nullptr);
1147 CB.setMetadata(LLVMContext::MD_callees, nullptr);
1148 }
1149
1150 // In either trapping or non-checking mode, devirtualize original call.
1151 else {
1152 // Devirtualize unconditionally.
1153 CB.setCalledOperand(Callee);
1154 // Since the call site is now direct, we must clear metadata that
1155 // is only appropriate for indirect calls. This includes !prof and
1156 // !callees metadata.
1157 CB.setMetadata(LLVMContext::MD_prof, nullptr);
1158 CB.setMetadata(LLVMContext::MD_callees, nullptr);
1159 }
1160
1161 // This use is no longer unsafe.
1162 if (VCallSite.NumUnsafeUses)
1163 --*VCallSite.NumUnsafeUses;
1164 }
1165 if (CSInfo.isExported())
1166 IsExported = true;
1167 CSInfo.markDevirt();
1168 };
1169 Apply(SlotInfo.CSInfo);
1170 for (auto &P : SlotInfo.ConstCSInfo)
1171 Apply(P.second);
1172 }
1173
AddCalls(VTableSlotInfo & SlotInfo,const ValueInfo & Callee)1174 static bool AddCalls(VTableSlotInfo &SlotInfo, const ValueInfo &Callee) {
1175 // We can't add calls if we haven't seen a definition
1176 if (Callee.getSummaryList().empty())
1177 return false;
1178
1179 // Insert calls into the summary index so that the devirtualized targets
1180 // are eligible for import.
1181 // FIXME: Annotate type tests with hotness. For now, mark these as hot
1182 // to better ensure we have the opportunity to inline them.
1183 bool IsExported = false;
1184 auto &S = Callee.getSummaryList()[0];
1185 CalleeInfo CI(CalleeInfo::HotnessType::Hot, /* RelBF = */ 0);
1186 auto AddCalls = [&](CallSiteInfo &CSInfo) {
1187 for (auto *FS : CSInfo.SummaryTypeCheckedLoadUsers) {
1188 FS->addCall({Callee, CI});
1189 IsExported |= S->modulePath() != FS->modulePath();
1190 }
1191 for (auto *FS : CSInfo.SummaryTypeTestAssumeUsers) {
1192 FS->addCall({Callee, CI});
1193 IsExported |= S->modulePath() != FS->modulePath();
1194 }
1195 };
1196 AddCalls(SlotInfo.CSInfo);
1197 for (auto &P : SlotInfo.ConstCSInfo)
1198 AddCalls(P.second);
1199 return IsExported;
1200 }
1201
trySingleImplDevirt(ModuleSummaryIndex * ExportSummary,MutableArrayRef<VirtualCallTarget> TargetsForSlot,VTableSlotInfo & SlotInfo,WholeProgramDevirtResolution * Res)1202 bool DevirtModule::trySingleImplDevirt(
1203 ModuleSummaryIndex *ExportSummary,
1204 MutableArrayRef<VirtualCallTarget> TargetsForSlot, VTableSlotInfo &SlotInfo,
1205 WholeProgramDevirtResolution *Res) {
1206 // See if the program contains a single implementation of this virtual
1207 // function.
1208 Function *TheFn = TargetsForSlot[0].Fn;
1209 for (auto &&Target : TargetsForSlot)
1210 if (TheFn != Target.Fn)
1211 return false;
1212
1213 // If so, update each call site to call that implementation directly.
1214 if (RemarksEnabled || AreStatisticsEnabled())
1215 TargetsForSlot[0].WasDevirt = true;
1216
1217 bool IsExported = false;
1218 applySingleImplDevirt(SlotInfo, TheFn, IsExported);
1219 if (!IsExported)
1220 return false;
1221
1222 // If the only implementation has local linkage, we must promote to external
1223 // to make it visible to thin LTO objects. We can only get here during the
1224 // ThinLTO export phase.
1225 if (TheFn->hasLocalLinkage()) {
1226 std::string NewName = (TheFn->getName() + ".llvm.merged").str();
1227
1228 // Since we are renaming the function, any comdats with the same name must
1229 // also be renamed. This is required when targeting COFF, as the comdat name
1230 // must match one of the names of the symbols in the comdat.
1231 if (Comdat *C = TheFn->getComdat()) {
1232 if (C->getName() == TheFn->getName()) {
1233 Comdat *NewC = M.getOrInsertComdat(NewName);
1234 NewC->setSelectionKind(C->getSelectionKind());
1235 for (GlobalObject &GO : M.global_objects())
1236 if (GO.getComdat() == C)
1237 GO.setComdat(NewC);
1238 }
1239 }
1240
1241 TheFn->setLinkage(GlobalValue::ExternalLinkage);
1242 TheFn->setVisibility(GlobalValue::HiddenVisibility);
1243 TheFn->setName(NewName);
1244 }
1245 if (ValueInfo TheFnVI = ExportSummary->getValueInfo(TheFn->getGUID()))
1246 // Any needed promotion of 'TheFn' has already been done during
1247 // LTO unit split, so we can ignore return value of AddCalls.
1248 AddCalls(SlotInfo, TheFnVI);
1249
1250 Res->TheKind = WholeProgramDevirtResolution::SingleImpl;
1251 Res->SingleImplName = std::string(TheFn->getName());
1252
1253 return true;
1254 }
1255
trySingleImplDevirt(MutableArrayRef<ValueInfo> TargetsForSlot,VTableSlotSummary & SlotSummary,VTableSlotInfo & SlotInfo,WholeProgramDevirtResolution * Res,std::set<ValueInfo> & DevirtTargets)1256 bool DevirtIndex::trySingleImplDevirt(MutableArrayRef<ValueInfo> TargetsForSlot,
1257 VTableSlotSummary &SlotSummary,
1258 VTableSlotInfo &SlotInfo,
1259 WholeProgramDevirtResolution *Res,
1260 std::set<ValueInfo> &DevirtTargets) {
1261 // See if the program contains a single implementation of this virtual
1262 // function.
1263 auto TheFn = TargetsForSlot[0];
1264 for (auto &&Target : TargetsForSlot)
1265 if (TheFn != Target)
1266 return false;
1267
1268 // Don't devirtualize if we don't have target definition.
1269 auto Size = TheFn.getSummaryList().size();
1270 if (!Size)
1271 return false;
1272
1273 // Don't devirtualize function if we're told to skip it
1274 // in -wholeprogramdevirt-skip.
1275 if (FunctionsToSkip.match(TheFn.name()))
1276 return false;
1277
1278 // If the summary list contains multiple summaries where at least one is
1279 // a local, give up, as we won't know which (possibly promoted) name to use.
1280 for (const auto &S : TheFn.getSummaryList())
1281 if (GlobalValue::isLocalLinkage(S->linkage()) && Size > 1)
1282 return false;
1283
1284 // Collect functions devirtualized at least for one call site for stats.
1285 if (PrintSummaryDevirt || AreStatisticsEnabled())
1286 DevirtTargets.insert(TheFn);
1287
1288 auto &S = TheFn.getSummaryList()[0];
1289 bool IsExported = AddCalls(SlotInfo, TheFn);
1290 if (IsExported)
1291 ExportedGUIDs.insert(TheFn.getGUID());
1292
1293 // Record in summary for use in devirtualization during the ThinLTO import
1294 // step.
1295 Res->TheKind = WholeProgramDevirtResolution::SingleImpl;
1296 if (GlobalValue::isLocalLinkage(S->linkage())) {
1297 if (IsExported)
1298 // If target is a local function and we are exporting it by
1299 // devirtualizing a call in another module, we need to record the
1300 // promoted name.
1301 Res->SingleImplName = ModuleSummaryIndex::getGlobalNameForLocal(
1302 TheFn.name(), ExportSummary.getModuleHash(S->modulePath()));
1303 else {
1304 LocalWPDTargetsMap[TheFn].push_back(SlotSummary);
1305 Res->SingleImplName = std::string(TheFn.name());
1306 }
1307 } else
1308 Res->SingleImplName = std::string(TheFn.name());
1309
1310 // Name will be empty if this thin link driven off of serialized combined
1311 // index (e.g. llvm-lto). However, WPD is not supported/invoked for the
1312 // legacy LTO API anyway.
1313 assert(!Res->SingleImplName.empty());
1314
1315 return true;
1316 }
1317
tryICallBranchFunnel(MutableArrayRef<VirtualCallTarget> TargetsForSlot,VTableSlotInfo & SlotInfo,WholeProgramDevirtResolution * Res,VTableSlot Slot)1318 void DevirtModule::tryICallBranchFunnel(
1319 MutableArrayRef<VirtualCallTarget> TargetsForSlot, VTableSlotInfo &SlotInfo,
1320 WholeProgramDevirtResolution *Res, VTableSlot Slot) {
1321 Triple T(M.getTargetTriple());
1322 if (T.getArch() != Triple::x86_64)
1323 return;
1324
1325 if (TargetsForSlot.size() > ClThreshold)
1326 return;
1327
1328 bool HasNonDevirt = !SlotInfo.CSInfo.AllCallSitesDevirted;
1329 if (!HasNonDevirt)
1330 for (auto &P : SlotInfo.ConstCSInfo)
1331 if (!P.second.AllCallSitesDevirted) {
1332 HasNonDevirt = true;
1333 break;
1334 }
1335
1336 if (!HasNonDevirt)
1337 return;
1338
1339 FunctionType *FT =
1340 FunctionType::get(Type::getVoidTy(M.getContext()), {Int8PtrTy}, true);
1341 Function *JT;
1342 if (isa<MDString>(Slot.TypeID)) {
1343 JT = Function::Create(FT, Function::ExternalLinkage,
1344 M.getDataLayout().getProgramAddressSpace(),
1345 getGlobalName(Slot, {}, "branch_funnel"), &M);
1346 JT->setVisibility(GlobalValue::HiddenVisibility);
1347 } else {
1348 JT = Function::Create(FT, Function::InternalLinkage,
1349 M.getDataLayout().getProgramAddressSpace(),
1350 "branch_funnel", &M);
1351 }
1352 JT->addParamAttr(0, Attribute::Nest);
1353
1354 std::vector<Value *> JTArgs;
1355 JTArgs.push_back(JT->arg_begin());
1356 for (auto &T : TargetsForSlot) {
1357 JTArgs.push_back(getMemberAddr(T.TM));
1358 JTArgs.push_back(T.Fn);
1359 }
1360
1361 BasicBlock *BB = BasicBlock::Create(M.getContext(), "", JT, nullptr);
1362 Function *Intr =
1363 Intrinsic::getDeclaration(&M, llvm::Intrinsic::icall_branch_funnel, {});
1364
1365 auto *CI = CallInst::Create(Intr, JTArgs, "", BB);
1366 CI->setTailCallKind(CallInst::TCK_MustTail);
1367 ReturnInst::Create(M.getContext(), nullptr, BB);
1368
1369 bool IsExported = false;
1370 applyICallBranchFunnel(SlotInfo, JT, IsExported);
1371 if (IsExported)
1372 Res->TheKind = WholeProgramDevirtResolution::BranchFunnel;
1373 }
1374
applyICallBranchFunnel(VTableSlotInfo & SlotInfo,Constant * JT,bool & IsExported)1375 void DevirtModule::applyICallBranchFunnel(VTableSlotInfo &SlotInfo,
1376 Constant *JT, bool &IsExported) {
1377 auto Apply = [&](CallSiteInfo &CSInfo) {
1378 if (CSInfo.isExported())
1379 IsExported = true;
1380 if (CSInfo.AllCallSitesDevirted)
1381 return;
1382 for (auto &&VCallSite : CSInfo.CallSites) {
1383 CallBase &CB = VCallSite.CB;
1384
1385 // Jump tables are only profitable if the retpoline mitigation is enabled.
1386 Attribute FSAttr = CB.getCaller()->getFnAttribute("target-features");
1387 if (!FSAttr.isValid() ||
1388 !FSAttr.getValueAsString().contains("+retpoline"))
1389 continue;
1390
1391 NumBranchFunnel++;
1392 if (RemarksEnabled)
1393 VCallSite.emitRemark("branch-funnel",
1394 JT->stripPointerCasts()->getName(), OREGetter);
1395
1396 // Pass the address of the vtable in the nest register, which is r10 on
1397 // x86_64.
1398 std::vector<Type *> NewArgs;
1399 NewArgs.push_back(Int8PtrTy);
1400 append_range(NewArgs, CB.getFunctionType()->params());
1401 FunctionType *NewFT =
1402 FunctionType::get(CB.getFunctionType()->getReturnType(), NewArgs,
1403 CB.getFunctionType()->isVarArg());
1404 PointerType *NewFTPtr = PointerType::getUnqual(NewFT);
1405
1406 IRBuilder<> IRB(&CB);
1407 std::vector<Value *> Args;
1408 Args.push_back(IRB.CreateBitCast(VCallSite.VTable, Int8PtrTy));
1409 llvm::append_range(Args, CB.args());
1410
1411 CallBase *NewCS = nullptr;
1412 if (isa<CallInst>(CB))
1413 NewCS = IRB.CreateCall(NewFT, IRB.CreateBitCast(JT, NewFTPtr), Args);
1414 else
1415 NewCS = IRB.CreateInvoke(NewFT, IRB.CreateBitCast(JT, NewFTPtr),
1416 cast<InvokeInst>(CB).getNormalDest(),
1417 cast<InvokeInst>(CB).getUnwindDest(), Args);
1418 NewCS->setCallingConv(CB.getCallingConv());
1419
1420 AttributeList Attrs = CB.getAttributes();
1421 std::vector<AttributeSet> NewArgAttrs;
1422 NewArgAttrs.push_back(AttributeSet::get(
1423 M.getContext(), ArrayRef<Attribute>{Attribute::get(
1424 M.getContext(), Attribute::Nest)}));
1425 for (unsigned I = 0; I + 2 < Attrs.getNumAttrSets(); ++I)
1426 NewArgAttrs.push_back(Attrs.getParamAttrs(I));
1427 NewCS->setAttributes(
1428 AttributeList::get(M.getContext(), Attrs.getFnAttrs(),
1429 Attrs.getRetAttrs(), NewArgAttrs));
1430
1431 CB.replaceAllUsesWith(NewCS);
1432 CB.eraseFromParent();
1433
1434 // This use is no longer unsafe.
1435 if (VCallSite.NumUnsafeUses)
1436 --*VCallSite.NumUnsafeUses;
1437 }
1438 // Don't mark as devirtualized because there may be callers compiled without
1439 // retpoline mitigation, which would mean that they are lowered to
1440 // llvm.type.test and therefore require an llvm.type.test resolution for the
1441 // type identifier.
1442 };
1443 Apply(SlotInfo.CSInfo);
1444 for (auto &P : SlotInfo.ConstCSInfo)
1445 Apply(P.second);
1446 }
1447
tryEvaluateFunctionsWithArgs(MutableArrayRef<VirtualCallTarget> TargetsForSlot,ArrayRef<uint64_t> Args)1448 bool DevirtModule::tryEvaluateFunctionsWithArgs(
1449 MutableArrayRef<VirtualCallTarget> TargetsForSlot,
1450 ArrayRef<uint64_t> Args) {
1451 // Evaluate each function and store the result in each target's RetVal
1452 // field.
1453 for (VirtualCallTarget &Target : TargetsForSlot) {
1454 if (Target.Fn->arg_size() != Args.size() + 1)
1455 return false;
1456
1457 Evaluator Eval(M.getDataLayout(), nullptr);
1458 SmallVector<Constant *, 2> EvalArgs;
1459 EvalArgs.push_back(
1460 Constant::getNullValue(Target.Fn->getFunctionType()->getParamType(0)));
1461 for (unsigned I = 0; I != Args.size(); ++I) {
1462 auto *ArgTy = dyn_cast<IntegerType>(
1463 Target.Fn->getFunctionType()->getParamType(I + 1));
1464 if (!ArgTy)
1465 return false;
1466 EvalArgs.push_back(ConstantInt::get(ArgTy, Args[I]));
1467 }
1468
1469 Constant *RetVal;
1470 if (!Eval.EvaluateFunction(Target.Fn, RetVal, EvalArgs) ||
1471 !isa<ConstantInt>(RetVal))
1472 return false;
1473 Target.RetVal = cast<ConstantInt>(RetVal)->getZExtValue();
1474 }
1475 return true;
1476 }
1477
applyUniformRetValOpt(CallSiteInfo & CSInfo,StringRef FnName,uint64_t TheRetVal)1478 void DevirtModule::applyUniformRetValOpt(CallSiteInfo &CSInfo, StringRef FnName,
1479 uint64_t TheRetVal) {
1480 for (auto Call : CSInfo.CallSites) {
1481 if (!OptimizedCalls.insert(&Call.CB).second)
1482 continue;
1483 NumUniformRetVal++;
1484 Call.replaceAndErase(
1485 "uniform-ret-val", FnName, RemarksEnabled, OREGetter,
1486 ConstantInt::get(cast<IntegerType>(Call.CB.getType()), TheRetVal));
1487 }
1488 CSInfo.markDevirt();
1489 }
1490
tryUniformRetValOpt(MutableArrayRef<VirtualCallTarget> TargetsForSlot,CallSiteInfo & CSInfo,WholeProgramDevirtResolution::ByArg * Res)1491 bool DevirtModule::tryUniformRetValOpt(
1492 MutableArrayRef<VirtualCallTarget> TargetsForSlot, CallSiteInfo &CSInfo,
1493 WholeProgramDevirtResolution::ByArg *Res) {
1494 // Uniform return value optimization. If all functions return the same
1495 // constant, replace all calls with that constant.
1496 uint64_t TheRetVal = TargetsForSlot[0].RetVal;
1497 for (const VirtualCallTarget &Target : TargetsForSlot)
1498 if (Target.RetVal != TheRetVal)
1499 return false;
1500
1501 if (CSInfo.isExported()) {
1502 Res->TheKind = WholeProgramDevirtResolution::ByArg::UniformRetVal;
1503 Res->Info = TheRetVal;
1504 }
1505
1506 applyUniformRetValOpt(CSInfo, TargetsForSlot[0].Fn->getName(), TheRetVal);
1507 if (RemarksEnabled || AreStatisticsEnabled())
1508 for (auto &&Target : TargetsForSlot)
1509 Target.WasDevirt = true;
1510 return true;
1511 }
1512
getGlobalName(VTableSlot Slot,ArrayRef<uint64_t> Args,StringRef Name)1513 std::string DevirtModule::getGlobalName(VTableSlot Slot,
1514 ArrayRef<uint64_t> Args,
1515 StringRef Name) {
1516 std::string FullName = "__typeid_";
1517 raw_string_ostream OS(FullName);
1518 OS << cast<MDString>(Slot.TypeID)->getString() << '_' << Slot.ByteOffset;
1519 for (uint64_t Arg : Args)
1520 OS << '_' << Arg;
1521 OS << '_' << Name;
1522 return OS.str();
1523 }
1524
shouldExportConstantsAsAbsoluteSymbols()1525 bool DevirtModule::shouldExportConstantsAsAbsoluteSymbols() {
1526 Triple T(M.getTargetTriple());
1527 return T.isX86() && T.getObjectFormat() == Triple::ELF;
1528 }
1529
exportGlobal(VTableSlot Slot,ArrayRef<uint64_t> Args,StringRef Name,Constant * C)1530 void DevirtModule::exportGlobal(VTableSlot Slot, ArrayRef<uint64_t> Args,
1531 StringRef Name, Constant *C) {
1532 GlobalAlias *GA = GlobalAlias::create(Int8Ty, 0, GlobalValue::ExternalLinkage,
1533 getGlobalName(Slot, Args, Name), C, &M);
1534 GA->setVisibility(GlobalValue::HiddenVisibility);
1535 }
1536
exportConstant(VTableSlot Slot,ArrayRef<uint64_t> Args,StringRef Name,uint32_t Const,uint32_t & Storage)1537 void DevirtModule::exportConstant(VTableSlot Slot, ArrayRef<uint64_t> Args,
1538 StringRef Name, uint32_t Const,
1539 uint32_t &Storage) {
1540 if (shouldExportConstantsAsAbsoluteSymbols()) {
1541 exportGlobal(
1542 Slot, Args, Name,
1543 ConstantExpr::getIntToPtr(ConstantInt::get(Int32Ty, Const), Int8PtrTy));
1544 return;
1545 }
1546
1547 Storage = Const;
1548 }
1549
importGlobal(VTableSlot Slot,ArrayRef<uint64_t> Args,StringRef Name)1550 Constant *DevirtModule::importGlobal(VTableSlot Slot, ArrayRef<uint64_t> Args,
1551 StringRef Name) {
1552 Constant *C =
1553 M.getOrInsertGlobal(getGlobalName(Slot, Args, Name), Int8Arr0Ty);
1554 auto *GV = dyn_cast<GlobalVariable>(C);
1555 if (GV)
1556 GV->setVisibility(GlobalValue::HiddenVisibility);
1557 return C;
1558 }
1559
importConstant(VTableSlot Slot,ArrayRef<uint64_t> Args,StringRef Name,IntegerType * IntTy,uint32_t Storage)1560 Constant *DevirtModule::importConstant(VTableSlot Slot, ArrayRef<uint64_t> Args,
1561 StringRef Name, IntegerType *IntTy,
1562 uint32_t Storage) {
1563 if (!shouldExportConstantsAsAbsoluteSymbols())
1564 return ConstantInt::get(IntTy, Storage);
1565
1566 Constant *C = importGlobal(Slot, Args, Name);
1567 auto *GV = cast<GlobalVariable>(C->stripPointerCasts());
1568 C = ConstantExpr::getPtrToInt(C, IntTy);
1569
1570 // We only need to set metadata if the global is newly created, in which
1571 // case it would not have hidden visibility.
1572 if (GV->hasMetadata(LLVMContext::MD_absolute_symbol))
1573 return C;
1574
1575 auto SetAbsRange = [&](uint64_t Min, uint64_t Max) {
1576 auto *MinC = ConstantAsMetadata::get(ConstantInt::get(IntPtrTy, Min));
1577 auto *MaxC = ConstantAsMetadata::get(ConstantInt::get(IntPtrTy, Max));
1578 GV->setMetadata(LLVMContext::MD_absolute_symbol,
1579 MDNode::get(M.getContext(), {MinC, MaxC}));
1580 };
1581 unsigned AbsWidth = IntTy->getBitWidth();
1582 if (AbsWidth == IntPtrTy->getBitWidth())
1583 SetAbsRange(~0ull, ~0ull); // Full set.
1584 else
1585 SetAbsRange(0, 1ull << AbsWidth);
1586 return C;
1587 }
1588
applyUniqueRetValOpt(CallSiteInfo & CSInfo,StringRef FnName,bool IsOne,Constant * UniqueMemberAddr)1589 void DevirtModule::applyUniqueRetValOpt(CallSiteInfo &CSInfo, StringRef FnName,
1590 bool IsOne,
1591 Constant *UniqueMemberAddr) {
1592 for (auto &&Call : CSInfo.CallSites) {
1593 if (!OptimizedCalls.insert(&Call.CB).second)
1594 continue;
1595 IRBuilder<> B(&Call.CB);
1596 Value *Cmp =
1597 B.CreateICmp(IsOne ? ICmpInst::ICMP_EQ : ICmpInst::ICMP_NE, Call.VTable,
1598 B.CreateBitCast(UniqueMemberAddr, Call.VTable->getType()));
1599 Cmp = B.CreateZExt(Cmp, Call.CB.getType());
1600 NumUniqueRetVal++;
1601 Call.replaceAndErase("unique-ret-val", FnName, RemarksEnabled, OREGetter,
1602 Cmp);
1603 }
1604 CSInfo.markDevirt();
1605 }
1606
getMemberAddr(const TypeMemberInfo * M)1607 Constant *DevirtModule::getMemberAddr(const TypeMemberInfo *M) {
1608 Constant *C = ConstantExpr::getBitCast(M->Bits->GV, Int8PtrTy);
1609 return ConstantExpr::getGetElementPtr(Int8Ty, C,
1610 ConstantInt::get(Int64Ty, M->Offset));
1611 }
1612
tryUniqueRetValOpt(unsigned BitWidth,MutableArrayRef<VirtualCallTarget> TargetsForSlot,CallSiteInfo & CSInfo,WholeProgramDevirtResolution::ByArg * Res,VTableSlot Slot,ArrayRef<uint64_t> Args)1613 bool DevirtModule::tryUniqueRetValOpt(
1614 unsigned BitWidth, MutableArrayRef<VirtualCallTarget> TargetsForSlot,
1615 CallSiteInfo &CSInfo, WholeProgramDevirtResolution::ByArg *Res,
1616 VTableSlot Slot, ArrayRef<uint64_t> Args) {
1617 // IsOne controls whether we look for a 0 or a 1.
1618 auto tryUniqueRetValOptFor = [&](bool IsOne) {
1619 const TypeMemberInfo *UniqueMember = nullptr;
1620 for (const VirtualCallTarget &Target : TargetsForSlot) {
1621 if (Target.RetVal == (IsOne ? 1 : 0)) {
1622 if (UniqueMember)
1623 return false;
1624 UniqueMember = Target.TM;
1625 }
1626 }
1627
1628 // We should have found a unique member or bailed out by now. We already
1629 // checked for a uniform return value in tryUniformRetValOpt.
1630 assert(UniqueMember);
1631
1632 Constant *UniqueMemberAddr = getMemberAddr(UniqueMember);
1633 if (CSInfo.isExported()) {
1634 Res->TheKind = WholeProgramDevirtResolution::ByArg::UniqueRetVal;
1635 Res->Info = IsOne;
1636
1637 exportGlobal(Slot, Args, "unique_member", UniqueMemberAddr);
1638 }
1639
1640 // Replace each call with the comparison.
1641 applyUniqueRetValOpt(CSInfo, TargetsForSlot[0].Fn->getName(), IsOne,
1642 UniqueMemberAddr);
1643
1644 // Update devirtualization statistics for targets.
1645 if (RemarksEnabled || AreStatisticsEnabled())
1646 for (auto &&Target : TargetsForSlot)
1647 Target.WasDevirt = true;
1648
1649 return true;
1650 };
1651
1652 if (BitWidth == 1) {
1653 if (tryUniqueRetValOptFor(true))
1654 return true;
1655 if (tryUniqueRetValOptFor(false))
1656 return true;
1657 }
1658 return false;
1659 }
1660
applyVirtualConstProp(CallSiteInfo & CSInfo,StringRef FnName,Constant * Byte,Constant * Bit)1661 void DevirtModule::applyVirtualConstProp(CallSiteInfo &CSInfo, StringRef FnName,
1662 Constant *Byte, Constant *Bit) {
1663 for (auto Call : CSInfo.CallSites) {
1664 if (!OptimizedCalls.insert(&Call.CB).second)
1665 continue;
1666 auto *RetType = cast<IntegerType>(Call.CB.getType());
1667 IRBuilder<> B(&Call.CB);
1668 Value *Addr =
1669 B.CreateGEP(Int8Ty, B.CreateBitCast(Call.VTable, Int8PtrTy), Byte);
1670 if (RetType->getBitWidth() == 1) {
1671 Value *Bits = B.CreateLoad(Int8Ty, Addr);
1672 Value *BitsAndBit = B.CreateAnd(Bits, Bit);
1673 auto IsBitSet = B.CreateICmpNE(BitsAndBit, ConstantInt::get(Int8Ty, 0));
1674 NumVirtConstProp1Bit++;
1675 Call.replaceAndErase("virtual-const-prop-1-bit", FnName, RemarksEnabled,
1676 OREGetter, IsBitSet);
1677 } else {
1678 Value *ValAddr = B.CreateBitCast(Addr, RetType->getPointerTo());
1679 Value *Val = B.CreateLoad(RetType, ValAddr);
1680 NumVirtConstProp++;
1681 Call.replaceAndErase("virtual-const-prop", FnName, RemarksEnabled,
1682 OREGetter, Val);
1683 }
1684 }
1685 CSInfo.markDevirt();
1686 }
1687
tryVirtualConstProp(MutableArrayRef<VirtualCallTarget> TargetsForSlot,VTableSlotInfo & SlotInfo,WholeProgramDevirtResolution * Res,VTableSlot Slot)1688 bool DevirtModule::tryVirtualConstProp(
1689 MutableArrayRef<VirtualCallTarget> TargetsForSlot, VTableSlotInfo &SlotInfo,
1690 WholeProgramDevirtResolution *Res, VTableSlot Slot) {
1691 // This only works if the function returns an integer.
1692 auto RetType = dyn_cast<IntegerType>(TargetsForSlot[0].Fn->getReturnType());
1693 if (!RetType)
1694 return false;
1695 unsigned BitWidth = RetType->getBitWidth();
1696 if (BitWidth > 64)
1697 return false;
1698
1699 // Make sure that each function is defined, does not access memory, takes at
1700 // least one argument, does not use its first argument (which we assume is
1701 // 'this'), and has the same return type.
1702 //
1703 // Note that we test whether this copy of the function is readnone, rather
1704 // than testing function attributes, which must hold for any copy of the
1705 // function, even a less optimized version substituted at link time. This is
1706 // sound because the virtual constant propagation optimizations effectively
1707 // inline all implementations of the virtual function into each call site,
1708 // rather than using function attributes to perform local optimization.
1709 for (VirtualCallTarget &Target : TargetsForSlot) {
1710 if (Target.Fn->isDeclaration() ||
1711 !computeFunctionBodyMemoryAccess(*Target.Fn, AARGetter(*Target.Fn))
1712 .doesNotAccessMemory() ||
1713 Target.Fn->arg_empty() || !Target.Fn->arg_begin()->use_empty() ||
1714 Target.Fn->getReturnType() != RetType)
1715 return false;
1716 }
1717
1718 for (auto &&CSByConstantArg : SlotInfo.ConstCSInfo) {
1719 if (!tryEvaluateFunctionsWithArgs(TargetsForSlot, CSByConstantArg.first))
1720 continue;
1721
1722 WholeProgramDevirtResolution::ByArg *ResByArg = nullptr;
1723 if (Res)
1724 ResByArg = &Res->ResByArg[CSByConstantArg.first];
1725
1726 if (tryUniformRetValOpt(TargetsForSlot, CSByConstantArg.second, ResByArg))
1727 continue;
1728
1729 if (tryUniqueRetValOpt(BitWidth, TargetsForSlot, CSByConstantArg.second,
1730 ResByArg, Slot, CSByConstantArg.first))
1731 continue;
1732
1733 // Find an allocation offset in bits in all vtables associated with the
1734 // type.
1735 uint64_t AllocBefore =
1736 findLowestOffset(TargetsForSlot, /*IsAfter=*/false, BitWidth);
1737 uint64_t AllocAfter =
1738 findLowestOffset(TargetsForSlot, /*IsAfter=*/true, BitWidth);
1739
1740 // Calculate the total amount of padding needed to store a value at both
1741 // ends of the object.
1742 uint64_t TotalPaddingBefore = 0, TotalPaddingAfter = 0;
1743 for (auto &&Target : TargetsForSlot) {
1744 TotalPaddingBefore += std::max<int64_t>(
1745 (AllocBefore + 7) / 8 - Target.allocatedBeforeBytes() - 1, 0);
1746 TotalPaddingAfter += std::max<int64_t>(
1747 (AllocAfter + 7) / 8 - Target.allocatedAfterBytes() - 1, 0);
1748 }
1749
1750 // If the amount of padding is too large, give up.
1751 // FIXME: do something smarter here.
1752 if (std::min(TotalPaddingBefore, TotalPaddingAfter) > 128)
1753 continue;
1754
1755 // Calculate the offset to the value as a (possibly negative) byte offset
1756 // and (if applicable) a bit offset, and store the values in the targets.
1757 int64_t OffsetByte;
1758 uint64_t OffsetBit;
1759 if (TotalPaddingBefore <= TotalPaddingAfter)
1760 setBeforeReturnValues(TargetsForSlot, AllocBefore, BitWidth, OffsetByte,
1761 OffsetBit);
1762 else
1763 setAfterReturnValues(TargetsForSlot, AllocAfter, BitWidth, OffsetByte,
1764 OffsetBit);
1765
1766 if (RemarksEnabled || AreStatisticsEnabled())
1767 for (auto &&Target : TargetsForSlot)
1768 Target.WasDevirt = true;
1769
1770
1771 if (CSByConstantArg.second.isExported()) {
1772 ResByArg->TheKind = WholeProgramDevirtResolution::ByArg::VirtualConstProp;
1773 exportConstant(Slot, CSByConstantArg.first, "byte", OffsetByte,
1774 ResByArg->Byte);
1775 exportConstant(Slot, CSByConstantArg.first, "bit", 1ULL << OffsetBit,
1776 ResByArg->Bit);
1777 }
1778
1779 // Rewrite each call to a load from OffsetByte/OffsetBit.
1780 Constant *ByteConst = ConstantInt::get(Int32Ty, OffsetByte);
1781 Constant *BitConst = ConstantInt::get(Int8Ty, 1ULL << OffsetBit);
1782 applyVirtualConstProp(CSByConstantArg.second,
1783 TargetsForSlot[0].Fn->getName(), ByteConst, BitConst);
1784 }
1785 return true;
1786 }
1787
rebuildGlobal(VTableBits & B)1788 void DevirtModule::rebuildGlobal(VTableBits &B) {
1789 if (B.Before.Bytes.empty() && B.After.Bytes.empty())
1790 return;
1791
1792 // Align the before byte array to the global's minimum alignment so that we
1793 // don't break any alignment requirements on the global.
1794 Align Alignment = M.getDataLayout().getValueOrABITypeAlignment(
1795 B.GV->getAlign(), B.GV->getValueType());
1796 B.Before.Bytes.resize(alignTo(B.Before.Bytes.size(), Alignment));
1797
1798 // Before was stored in reverse order; flip it now.
1799 for (size_t I = 0, Size = B.Before.Bytes.size(); I != Size / 2; ++I)
1800 std::swap(B.Before.Bytes[I], B.Before.Bytes[Size - 1 - I]);
1801
1802 // Build an anonymous global containing the before bytes, followed by the
1803 // original initializer, followed by the after bytes.
1804 auto NewInit = ConstantStruct::getAnon(
1805 {ConstantDataArray::get(M.getContext(), B.Before.Bytes),
1806 B.GV->getInitializer(),
1807 ConstantDataArray::get(M.getContext(), B.After.Bytes)});
1808 auto NewGV =
1809 new GlobalVariable(M, NewInit->getType(), B.GV->isConstant(),
1810 GlobalVariable::PrivateLinkage, NewInit, "", B.GV);
1811 NewGV->setSection(B.GV->getSection());
1812 NewGV->setComdat(B.GV->getComdat());
1813 NewGV->setAlignment(B.GV->getAlign());
1814
1815 // Copy the original vtable's metadata to the anonymous global, adjusting
1816 // offsets as required.
1817 NewGV->copyMetadata(B.GV, B.Before.Bytes.size());
1818
1819 // Build an alias named after the original global, pointing at the second
1820 // element (the original initializer).
1821 auto Alias = GlobalAlias::create(
1822 B.GV->getInitializer()->getType(), 0, B.GV->getLinkage(), "",
1823 ConstantExpr::getGetElementPtr(
1824 NewInit->getType(), NewGV,
1825 ArrayRef<Constant *>{ConstantInt::get(Int32Ty, 0),
1826 ConstantInt::get(Int32Ty, 1)}),
1827 &M);
1828 Alias->setVisibility(B.GV->getVisibility());
1829 Alias->takeName(B.GV);
1830
1831 B.GV->replaceAllUsesWith(Alias);
1832 B.GV->eraseFromParent();
1833 }
1834
areRemarksEnabled()1835 bool DevirtModule::areRemarksEnabled() {
1836 const auto &FL = M.getFunctionList();
1837 for (const Function &Fn : FL) {
1838 if (Fn.empty())
1839 continue;
1840 auto DI = OptimizationRemark(DEBUG_TYPE, "", DebugLoc(), &Fn.front());
1841 return DI.isEnabled();
1842 }
1843 return false;
1844 }
1845
scanTypeTestUsers(Function * TypeTestFunc,DenseMap<Metadata *,std::set<TypeMemberInfo>> & TypeIdMap)1846 void DevirtModule::scanTypeTestUsers(
1847 Function *TypeTestFunc,
1848 DenseMap<Metadata *, std::set<TypeMemberInfo>> &TypeIdMap) {
1849 // Find all virtual calls via a virtual table pointer %p under an assumption
1850 // of the form llvm.assume(llvm.type.test(%p, %md)). This indicates that %p
1851 // points to a member of the type identifier %md. Group calls by (type ID,
1852 // offset) pair (effectively the identity of the virtual function) and store
1853 // to CallSlots.
1854 for (Use &U : llvm::make_early_inc_range(TypeTestFunc->uses())) {
1855 auto *CI = dyn_cast<CallInst>(U.getUser());
1856 if (!CI)
1857 continue;
1858
1859 // Search for virtual calls based on %p and add them to DevirtCalls.
1860 SmallVector<DevirtCallSite, 1> DevirtCalls;
1861 SmallVector<CallInst *, 1> Assumes;
1862 auto &DT = LookupDomTree(*CI->getFunction());
1863 findDevirtualizableCallsForTypeTest(DevirtCalls, Assumes, CI, DT);
1864
1865 Metadata *TypeId =
1866 cast<MetadataAsValue>(CI->getArgOperand(1))->getMetadata();
1867 // If we found any, add them to CallSlots.
1868 if (!Assumes.empty()) {
1869 Value *Ptr = CI->getArgOperand(0)->stripPointerCasts();
1870 for (DevirtCallSite Call : DevirtCalls)
1871 CallSlots[{TypeId, Call.Offset}].addCallSite(Ptr, Call.CB, nullptr);
1872 }
1873
1874 auto RemoveTypeTestAssumes = [&]() {
1875 // We no longer need the assumes or the type test.
1876 for (auto *Assume : Assumes)
1877 Assume->eraseFromParent();
1878 // We can't use RecursivelyDeleteTriviallyDeadInstructions here because we
1879 // may use the vtable argument later.
1880 if (CI->use_empty())
1881 CI->eraseFromParent();
1882 };
1883
1884 // At this point we could remove all type test assume sequences, as they
1885 // were originally inserted for WPD. However, we can keep these in the
1886 // code stream for later analysis (e.g. to help drive more efficient ICP
1887 // sequences). They will eventually be removed by a second LowerTypeTests
1888 // invocation that cleans them up. In order to do this correctly, the first
1889 // LowerTypeTests invocation needs to know that they have "Unknown" type
1890 // test resolution, so that they aren't treated as Unsat and lowered to
1891 // False, which will break any uses on assumes. Below we remove any type
1892 // test assumes that will not be treated as Unknown by LTT.
1893
1894 // The type test assumes will be treated by LTT as Unsat if the type id is
1895 // not used on a global (in which case it has no entry in the TypeIdMap).
1896 if (!TypeIdMap.count(TypeId))
1897 RemoveTypeTestAssumes();
1898
1899 // For ThinLTO importing, we need to remove the type test assumes if this is
1900 // an MDString type id without a corresponding TypeIdSummary. Any
1901 // non-MDString type ids are ignored and treated as Unknown by LTT, so their
1902 // type test assumes can be kept. If the MDString type id is missing a
1903 // TypeIdSummary (e.g. because there was no use on a vcall, preventing the
1904 // exporting phase of WPD from analyzing it), then it would be treated as
1905 // Unsat by LTT and we need to remove its type test assumes here. If not
1906 // used on a vcall we don't need them for later optimization use in any
1907 // case.
1908 else if (ImportSummary && isa<MDString>(TypeId)) {
1909 const TypeIdSummary *TidSummary =
1910 ImportSummary->getTypeIdSummary(cast<MDString>(TypeId)->getString());
1911 if (!TidSummary)
1912 RemoveTypeTestAssumes();
1913 else
1914 // If one was created it should not be Unsat, because if we reached here
1915 // the type id was used on a global.
1916 assert(TidSummary->TTRes.TheKind != TypeTestResolution::Unsat);
1917 }
1918 }
1919 }
1920
scanTypeCheckedLoadUsers(Function * TypeCheckedLoadFunc)1921 void DevirtModule::scanTypeCheckedLoadUsers(Function *TypeCheckedLoadFunc) {
1922 Function *TypeTestFunc = Intrinsic::getDeclaration(&M, Intrinsic::type_test);
1923
1924 for (Use &U : llvm::make_early_inc_range(TypeCheckedLoadFunc->uses())) {
1925 auto *CI = dyn_cast<CallInst>(U.getUser());
1926 if (!CI)
1927 continue;
1928
1929 Value *Ptr = CI->getArgOperand(0);
1930 Value *Offset = CI->getArgOperand(1);
1931 Value *TypeIdValue = CI->getArgOperand(2);
1932 Metadata *TypeId = cast<MetadataAsValue>(TypeIdValue)->getMetadata();
1933
1934 SmallVector<DevirtCallSite, 1> DevirtCalls;
1935 SmallVector<Instruction *, 1> LoadedPtrs;
1936 SmallVector<Instruction *, 1> Preds;
1937 bool HasNonCallUses = false;
1938 auto &DT = LookupDomTree(*CI->getFunction());
1939 findDevirtualizableCallsForTypeCheckedLoad(DevirtCalls, LoadedPtrs, Preds,
1940 HasNonCallUses, CI, DT);
1941
1942 // Start by generating "pessimistic" code that explicitly loads the function
1943 // pointer from the vtable and performs the type check. If possible, we will
1944 // eliminate the load and the type check later.
1945
1946 // If possible, only generate the load at the point where it is used.
1947 // This helps avoid unnecessary spills.
1948 IRBuilder<> LoadB(
1949 (LoadedPtrs.size() == 1 && !HasNonCallUses) ? LoadedPtrs[0] : CI);
1950 Value *GEP = LoadB.CreateGEP(Int8Ty, Ptr, Offset);
1951 Value *GEPPtr = LoadB.CreateBitCast(GEP, PointerType::getUnqual(Int8PtrTy));
1952 Value *LoadedValue = LoadB.CreateLoad(Int8PtrTy, GEPPtr);
1953
1954 for (Instruction *LoadedPtr : LoadedPtrs) {
1955 LoadedPtr->replaceAllUsesWith(LoadedValue);
1956 LoadedPtr->eraseFromParent();
1957 }
1958
1959 // Likewise for the type test.
1960 IRBuilder<> CallB((Preds.size() == 1 && !HasNonCallUses) ? Preds[0] : CI);
1961 CallInst *TypeTestCall = CallB.CreateCall(TypeTestFunc, {Ptr, TypeIdValue});
1962
1963 for (Instruction *Pred : Preds) {
1964 Pred->replaceAllUsesWith(TypeTestCall);
1965 Pred->eraseFromParent();
1966 }
1967
1968 // We have already erased any extractvalue instructions that refer to the
1969 // intrinsic call, but the intrinsic may have other non-extractvalue uses
1970 // (although this is unlikely). In that case, explicitly build a pair and
1971 // RAUW it.
1972 if (!CI->use_empty()) {
1973 Value *Pair = PoisonValue::get(CI->getType());
1974 IRBuilder<> B(CI);
1975 Pair = B.CreateInsertValue(Pair, LoadedValue, {0});
1976 Pair = B.CreateInsertValue(Pair, TypeTestCall, {1});
1977 CI->replaceAllUsesWith(Pair);
1978 }
1979
1980 // The number of unsafe uses is initially the number of uses.
1981 auto &NumUnsafeUses = NumUnsafeUsesForTypeTest[TypeTestCall];
1982 NumUnsafeUses = DevirtCalls.size();
1983
1984 // If the function pointer has a non-call user, we cannot eliminate the type
1985 // check, as one of those users may eventually call the pointer. Increment
1986 // the unsafe use count to make sure it cannot reach zero.
1987 if (HasNonCallUses)
1988 ++NumUnsafeUses;
1989 for (DevirtCallSite Call : DevirtCalls) {
1990 CallSlots[{TypeId, Call.Offset}].addCallSite(Ptr, Call.CB,
1991 &NumUnsafeUses);
1992 }
1993
1994 CI->eraseFromParent();
1995 }
1996 }
1997
importResolution(VTableSlot Slot,VTableSlotInfo & SlotInfo)1998 void DevirtModule::importResolution(VTableSlot Slot, VTableSlotInfo &SlotInfo) {
1999 auto *TypeId = dyn_cast<MDString>(Slot.TypeID);
2000 if (!TypeId)
2001 return;
2002 const TypeIdSummary *TidSummary =
2003 ImportSummary->getTypeIdSummary(TypeId->getString());
2004 if (!TidSummary)
2005 return;
2006 auto ResI = TidSummary->WPDRes.find(Slot.ByteOffset);
2007 if (ResI == TidSummary->WPDRes.end())
2008 return;
2009 const WholeProgramDevirtResolution &Res = ResI->second;
2010
2011 if (Res.TheKind == WholeProgramDevirtResolution::SingleImpl) {
2012 assert(!Res.SingleImplName.empty());
2013 // The type of the function in the declaration is irrelevant because every
2014 // call site will cast it to the correct type.
2015 Constant *SingleImpl =
2016 cast<Constant>(M.getOrInsertFunction(Res.SingleImplName,
2017 Type::getVoidTy(M.getContext()))
2018 .getCallee());
2019
2020 // This is the import phase so we should not be exporting anything.
2021 bool IsExported = false;
2022 applySingleImplDevirt(SlotInfo, SingleImpl, IsExported);
2023 assert(!IsExported);
2024 }
2025
2026 for (auto &CSByConstantArg : SlotInfo.ConstCSInfo) {
2027 auto I = Res.ResByArg.find(CSByConstantArg.first);
2028 if (I == Res.ResByArg.end())
2029 continue;
2030 auto &ResByArg = I->second;
2031 // FIXME: We should figure out what to do about the "function name" argument
2032 // to the apply* functions, as the function names are unavailable during the
2033 // importing phase. For now we just pass the empty string. This does not
2034 // impact correctness because the function names are just used for remarks.
2035 switch (ResByArg.TheKind) {
2036 case WholeProgramDevirtResolution::ByArg::UniformRetVal:
2037 applyUniformRetValOpt(CSByConstantArg.second, "", ResByArg.Info);
2038 break;
2039 case WholeProgramDevirtResolution::ByArg::UniqueRetVal: {
2040 Constant *UniqueMemberAddr =
2041 importGlobal(Slot, CSByConstantArg.first, "unique_member");
2042 applyUniqueRetValOpt(CSByConstantArg.second, "", ResByArg.Info,
2043 UniqueMemberAddr);
2044 break;
2045 }
2046 case WholeProgramDevirtResolution::ByArg::VirtualConstProp: {
2047 Constant *Byte = importConstant(Slot, CSByConstantArg.first, "byte",
2048 Int32Ty, ResByArg.Byte);
2049 Constant *Bit = importConstant(Slot, CSByConstantArg.first, "bit", Int8Ty,
2050 ResByArg.Bit);
2051 applyVirtualConstProp(CSByConstantArg.second, "", Byte, Bit);
2052 break;
2053 }
2054 default:
2055 break;
2056 }
2057 }
2058
2059 if (Res.TheKind == WholeProgramDevirtResolution::BranchFunnel) {
2060 // The type of the function is irrelevant, because it's bitcast at calls
2061 // anyhow.
2062 Constant *JT = cast<Constant>(
2063 M.getOrInsertFunction(getGlobalName(Slot, {}, "branch_funnel"),
2064 Type::getVoidTy(M.getContext()))
2065 .getCallee());
2066 bool IsExported = false;
2067 applyICallBranchFunnel(SlotInfo, JT, IsExported);
2068 assert(!IsExported);
2069 }
2070 }
2071
removeRedundantTypeTests()2072 void DevirtModule::removeRedundantTypeTests() {
2073 auto True = ConstantInt::getTrue(M.getContext());
2074 for (auto &&U : NumUnsafeUsesForTypeTest) {
2075 if (U.second == 0) {
2076 U.first->replaceAllUsesWith(True);
2077 U.first->eraseFromParent();
2078 }
2079 }
2080 }
2081
2082 ValueInfo
lookUpFunctionValueInfo(Function * TheFn,ModuleSummaryIndex * ExportSummary)2083 DevirtModule::lookUpFunctionValueInfo(Function *TheFn,
2084 ModuleSummaryIndex *ExportSummary) {
2085 assert((ExportSummary != nullptr) &&
2086 "Caller guarantees ExportSummary is not nullptr");
2087
2088 const auto TheFnGUID = TheFn->getGUID();
2089 const auto TheFnGUIDWithExportedName = GlobalValue::getGUID(TheFn->getName());
2090 // Look up ValueInfo with the GUID in the current linkage.
2091 ValueInfo TheFnVI = ExportSummary->getValueInfo(TheFnGUID);
2092 // If no entry is found and GUID is different from GUID computed using
2093 // exported name, look up ValueInfo with the exported name unconditionally.
2094 // This is a fallback.
2095 //
2096 // The reason to have a fallback:
2097 // 1. LTO could enable global value internalization via
2098 // `enable-lto-internalization`.
2099 // 2. The GUID in ExportedSummary is computed using exported name.
2100 if ((!TheFnVI) && (TheFnGUID != TheFnGUIDWithExportedName)) {
2101 TheFnVI = ExportSummary->getValueInfo(TheFnGUIDWithExportedName);
2102 }
2103 return TheFnVI;
2104 }
2105
mustBeUnreachableFunction(Function * const F,ModuleSummaryIndex * ExportSummary)2106 bool DevirtModule::mustBeUnreachableFunction(
2107 Function *const F, ModuleSummaryIndex *ExportSummary) {
2108 // First, learn unreachability by analyzing function IR.
2109 if (!F->isDeclaration()) {
2110 // A function must be unreachable if its entry block ends with an
2111 // 'unreachable'.
2112 return isa<UnreachableInst>(F->getEntryBlock().getTerminator());
2113 }
2114 // Learn unreachability from ExportSummary if ExportSummary is present.
2115 return ExportSummary &&
2116 ::mustBeUnreachableFunction(
2117 DevirtModule::lookUpFunctionValueInfo(F, ExportSummary));
2118 }
2119
run()2120 bool DevirtModule::run() {
2121 // If only some of the modules were split, we cannot correctly perform
2122 // this transformation. We already checked for the presense of type tests
2123 // with partially split modules during the thin link, and would have emitted
2124 // an error if any were found, so here we can simply return.
2125 if ((ExportSummary && ExportSummary->partiallySplitLTOUnits()) ||
2126 (ImportSummary && ImportSummary->partiallySplitLTOUnits()))
2127 return false;
2128
2129 Function *TypeTestFunc =
2130 M.getFunction(Intrinsic::getName(Intrinsic::type_test));
2131 Function *TypeCheckedLoadFunc =
2132 M.getFunction(Intrinsic::getName(Intrinsic::type_checked_load));
2133 Function *AssumeFunc = M.getFunction(Intrinsic::getName(Intrinsic::assume));
2134
2135 // Normally if there are no users of the devirtualization intrinsics in the
2136 // module, this pass has nothing to do. But if we are exporting, we also need
2137 // to handle any users that appear only in the function summaries.
2138 if (!ExportSummary &&
2139 (!TypeTestFunc || TypeTestFunc->use_empty() || !AssumeFunc ||
2140 AssumeFunc->use_empty()) &&
2141 (!TypeCheckedLoadFunc || TypeCheckedLoadFunc->use_empty()))
2142 return false;
2143
2144 // Rebuild type metadata into a map for easy lookup.
2145 std::vector<VTableBits> Bits;
2146 DenseMap<Metadata *, std::set<TypeMemberInfo>> TypeIdMap;
2147 buildTypeIdentifierMap(Bits, TypeIdMap);
2148
2149 if (TypeTestFunc && AssumeFunc)
2150 scanTypeTestUsers(TypeTestFunc, TypeIdMap);
2151
2152 if (TypeCheckedLoadFunc)
2153 scanTypeCheckedLoadUsers(TypeCheckedLoadFunc);
2154
2155 if (ImportSummary) {
2156 for (auto &S : CallSlots)
2157 importResolution(S.first, S.second);
2158
2159 removeRedundantTypeTests();
2160
2161 // We have lowered or deleted the type intrinsics, so we will no longer have
2162 // enough information to reason about the liveness of virtual function
2163 // pointers in GlobalDCE.
2164 for (GlobalVariable &GV : M.globals())
2165 GV.eraseMetadata(LLVMContext::MD_vcall_visibility);
2166
2167 // The rest of the code is only necessary when exporting or during regular
2168 // LTO, so we are done.
2169 return true;
2170 }
2171
2172 if (TypeIdMap.empty())
2173 return true;
2174
2175 // Collect information from summary about which calls to try to devirtualize.
2176 if (ExportSummary) {
2177 DenseMap<GlobalValue::GUID, TinyPtrVector<Metadata *>> MetadataByGUID;
2178 for (auto &P : TypeIdMap) {
2179 if (auto *TypeId = dyn_cast<MDString>(P.first))
2180 MetadataByGUID[GlobalValue::getGUID(TypeId->getString())].push_back(
2181 TypeId);
2182 }
2183
2184 for (auto &P : *ExportSummary) {
2185 for (auto &S : P.second.SummaryList) {
2186 auto *FS = dyn_cast<FunctionSummary>(S.get());
2187 if (!FS)
2188 continue;
2189 // FIXME: Only add live functions.
2190 for (FunctionSummary::VFuncId VF : FS->type_test_assume_vcalls()) {
2191 for (Metadata *MD : MetadataByGUID[VF.GUID]) {
2192 CallSlots[{MD, VF.Offset}].CSInfo.addSummaryTypeTestAssumeUser(FS);
2193 }
2194 }
2195 for (FunctionSummary::VFuncId VF : FS->type_checked_load_vcalls()) {
2196 for (Metadata *MD : MetadataByGUID[VF.GUID]) {
2197 CallSlots[{MD, VF.Offset}].CSInfo.addSummaryTypeCheckedLoadUser(FS);
2198 }
2199 }
2200 for (const FunctionSummary::ConstVCall &VC :
2201 FS->type_test_assume_const_vcalls()) {
2202 for (Metadata *MD : MetadataByGUID[VC.VFunc.GUID]) {
2203 CallSlots[{MD, VC.VFunc.Offset}]
2204 .ConstCSInfo[VC.Args]
2205 .addSummaryTypeTestAssumeUser(FS);
2206 }
2207 }
2208 for (const FunctionSummary::ConstVCall &VC :
2209 FS->type_checked_load_const_vcalls()) {
2210 for (Metadata *MD : MetadataByGUID[VC.VFunc.GUID]) {
2211 CallSlots[{MD, VC.VFunc.Offset}]
2212 .ConstCSInfo[VC.Args]
2213 .addSummaryTypeCheckedLoadUser(FS);
2214 }
2215 }
2216 }
2217 }
2218 }
2219
2220 // For each (type, offset) pair:
2221 bool DidVirtualConstProp = false;
2222 std::map<std::string, Function*> DevirtTargets;
2223 for (auto &S : CallSlots) {
2224 // Search each of the members of the type identifier for the virtual
2225 // function implementation at offset S.first.ByteOffset, and add to
2226 // TargetsForSlot.
2227 std::vector<VirtualCallTarget> TargetsForSlot;
2228 WholeProgramDevirtResolution *Res = nullptr;
2229 const std::set<TypeMemberInfo> &TypeMemberInfos = TypeIdMap[S.first.TypeID];
2230 if (ExportSummary && isa<MDString>(S.first.TypeID) &&
2231 TypeMemberInfos.size())
2232 // For any type id used on a global's type metadata, create the type id
2233 // summary resolution regardless of whether we can devirtualize, so that
2234 // lower type tests knows the type id is not Unsat. If it was not used on
2235 // a global's type metadata, the TypeIdMap entry set will be empty, and
2236 // we don't want to create an entry (with the default Unknown type
2237 // resolution), which can prevent detection of the Unsat.
2238 Res = &ExportSummary
2239 ->getOrInsertTypeIdSummary(
2240 cast<MDString>(S.first.TypeID)->getString())
2241 .WPDRes[S.first.ByteOffset];
2242 if (tryFindVirtualCallTargets(TargetsForSlot, TypeMemberInfos,
2243 S.first.ByteOffset, ExportSummary)) {
2244
2245 if (!trySingleImplDevirt(ExportSummary, TargetsForSlot, S.second, Res)) {
2246 DidVirtualConstProp |=
2247 tryVirtualConstProp(TargetsForSlot, S.second, Res, S.first);
2248
2249 tryICallBranchFunnel(TargetsForSlot, S.second, Res, S.first);
2250 }
2251
2252 // Collect functions devirtualized at least for one call site for stats.
2253 if (RemarksEnabled || AreStatisticsEnabled())
2254 for (const auto &T : TargetsForSlot)
2255 if (T.WasDevirt)
2256 DevirtTargets[std::string(T.Fn->getName())] = T.Fn;
2257 }
2258
2259 // CFI-specific: if we are exporting and any llvm.type.checked.load
2260 // intrinsics were *not* devirtualized, we need to add the resulting
2261 // llvm.type.test intrinsics to the function summaries so that the
2262 // LowerTypeTests pass will export them.
2263 if (ExportSummary && isa<MDString>(S.first.TypeID)) {
2264 auto GUID =
2265 GlobalValue::getGUID(cast<MDString>(S.first.TypeID)->getString());
2266 for (auto *FS : S.second.CSInfo.SummaryTypeCheckedLoadUsers)
2267 FS->addTypeTest(GUID);
2268 for (auto &CCS : S.second.ConstCSInfo)
2269 for (auto *FS : CCS.second.SummaryTypeCheckedLoadUsers)
2270 FS->addTypeTest(GUID);
2271 }
2272 }
2273
2274 if (RemarksEnabled) {
2275 // Generate remarks for each devirtualized function.
2276 for (const auto &DT : DevirtTargets) {
2277 Function *F = DT.second;
2278
2279 using namespace ore;
2280 OREGetter(F).emit(OptimizationRemark(DEBUG_TYPE, "Devirtualized", F)
2281 << "devirtualized "
2282 << NV("FunctionName", DT.first));
2283 }
2284 }
2285
2286 NumDevirtTargets += DevirtTargets.size();
2287
2288 removeRedundantTypeTests();
2289
2290 // Rebuild each global we touched as part of virtual constant propagation to
2291 // include the before and after bytes.
2292 if (DidVirtualConstProp)
2293 for (VTableBits &B : Bits)
2294 rebuildGlobal(B);
2295
2296 // We have lowered or deleted the type intrinsics, so we will no longer have
2297 // enough information to reason about the liveness of virtual function
2298 // pointers in GlobalDCE.
2299 for (GlobalVariable &GV : M.globals())
2300 GV.eraseMetadata(LLVMContext::MD_vcall_visibility);
2301
2302 return true;
2303 }
2304
run()2305 void DevirtIndex::run() {
2306 if (ExportSummary.typeIdCompatibleVtableMap().empty())
2307 return;
2308
2309 DenseMap<GlobalValue::GUID, std::vector<StringRef>> NameByGUID;
2310 for (const auto &P : ExportSummary.typeIdCompatibleVtableMap()) {
2311 NameByGUID[GlobalValue::getGUID(P.first)].push_back(P.first);
2312 // Create the type id summary resolution regardlness of whether we can
2313 // devirtualize, so that lower type tests knows the type id is used on
2314 // a global and not Unsat. We do this here rather than in the loop over the
2315 // CallSlots, since that handling will only see type tests that directly
2316 // feed assumes, and we would miss any that aren't currently handled by WPD
2317 // (such as type tests that feed assumes via phis).
2318 ExportSummary.getOrInsertTypeIdSummary(P.first);
2319 }
2320
2321 // Collect information from summary about which calls to try to devirtualize.
2322 for (auto &P : ExportSummary) {
2323 for (auto &S : P.second.SummaryList) {
2324 auto *FS = dyn_cast<FunctionSummary>(S.get());
2325 if (!FS)
2326 continue;
2327 // FIXME: Only add live functions.
2328 for (FunctionSummary::VFuncId VF : FS->type_test_assume_vcalls()) {
2329 for (StringRef Name : NameByGUID[VF.GUID]) {
2330 CallSlots[{Name, VF.Offset}].CSInfo.addSummaryTypeTestAssumeUser(FS);
2331 }
2332 }
2333 for (FunctionSummary::VFuncId VF : FS->type_checked_load_vcalls()) {
2334 for (StringRef Name : NameByGUID[VF.GUID]) {
2335 CallSlots[{Name, VF.Offset}].CSInfo.addSummaryTypeCheckedLoadUser(FS);
2336 }
2337 }
2338 for (const FunctionSummary::ConstVCall &VC :
2339 FS->type_test_assume_const_vcalls()) {
2340 for (StringRef Name : NameByGUID[VC.VFunc.GUID]) {
2341 CallSlots[{Name, VC.VFunc.Offset}]
2342 .ConstCSInfo[VC.Args]
2343 .addSummaryTypeTestAssumeUser(FS);
2344 }
2345 }
2346 for (const FunctionSummary::ConstVCall &VC :
2347 FS->type_checked_load_const_vcalls()) {
2348 for (StringRef Name : NameByGUID[VC.VFunc.GUID]) {
2349 CallSlots[{Name, VC.VFunc.Offset}]
2350 .ConstCSInfo[VC.Args]
2351 .addSummaryTypeCheckedLoadUser(FS);
2352 }
2353 }
2354 }
2355 }
2356
2357 std::set<ValueInfo> DevirtTargets;
2358 // For each (type, offset) pair:
2359 for (auto &S : CallSlots) {
2360 // Search each of the members of the type identifier for the virtual
2361 // function implementation at offset S.first.ByteOffset, and add to
2362 // TargetsForSlot.
2363 std::vector<ValueInfo> TargetsForSlot;
2364 auto TidSummary = ExportSummary.getTypeIdCompatibleVtableSummary(S.first.TypeID);
2365 assert(TidSummary);
2366 // The type id summary would have been created while building the NameByGUID
2367 // map earlier.
2368 WholeProgramDevirtResolution *Res =
2369 &ExportSummary.getTypeIdSummary(S.first.TypeID)
2370 ->WPDRes[S.first.ByteOffset];
2371 if (tryFindVirtualCallTargets(TargetsForSlot, *TidSummary,
2372 S.first.ByteOffset)) {
2373
2374 if (!trySingleImplDevirt(TargetsForSlot, S.first, S.second, Res,
2375 DevirtTargets))
2376 continue;
2377 }
2378 }
2379
2380 // Optionally have the thin link print message for each devirtualized
2381 // function.
2382 if (PrintSummaryDevirt)
2383 for (const auto &DT : DevirtTargets)
2384 errs() << "Devirtualized call to " << DT << "\n";
2385
2386 NumDevirtTargets += DevirtTargets.size();
2387 }
2388