1 //===- Evaluator.cpp - LLVM IR evaluator ----------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // Function evaluator for LLVM IR. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "llvm/Transforms/Utils/Evaluator.h" 14 #include "llvm/ADT/DenseMap.h" 15 #include "llvm/ADT/STLExtras.h" 16 #include "llvm/ADT/SmallPtrSet.h" 17 #include "llvm/ADT/SmallVector.h" 18 #include "llvm/Analysis/ConstantFolding.h" 19 #include "llvm/IR/BasicBlock.h" 20 #include "llvm/IR/Constant.h" 21 #include "llvm/IR/Constants.h" 22 #include "llvm/IR/DataLayout.h" 23 #include "llvm/IR/DerivedTypes.h" 24 #include "llvm/IR/Function.h" 25 #include "llvm/IR/GlobalAlias.h" 26 #include "llvm/IR/GlobalValue.h" 27 #include "llvm/IR/GlobalVariable.h" 28 #include "llvm/IR/InstrTypes.h" 29 #include "llvm/IR/Instruction.h" 30 #include "llvm/IR/Instructions.h" 31 #include "llvm/IR/IntrinsicInst.h" 32 #include "llvm/IR/Intrinsics.h" 33 #include "llvm/IR/Operator.h" 34 #include "llvm/IR/Type.h" 35 #include "llvm/IR/User.h" 36 #include "llvm/IR/Value.h" 37 #include "llvm/Support/Casting.h" 38 #include "llvm/Support/Debug.h" 39 #include "llvm/Support/raw_ostream.h" 40 #include <iterator> 41 42 #define DEBUG_TYPE "evaluator" 43 44 using namespace llvm; 45 46 static inline bool 47 isSimpleEnoughValueToCommit(Constant *C, 48 SmallPtrSetImpl<Constant *> &SimpleConstants, 49 const DataLayout &DL); 50 51 /// Return true if the specified constant can be handled by the code generator. 52 /// We don't want to generate something like: 53 /// void *X = &X/42; 54 /// because the code generator doesn't have a relocation that can handle that. 55 /// 56 /// This function should be called if C was not found (but just got inserted) 57 /// in SimpleConstants to avoid having to rescan the same constants all the 58 /// time. 59 static bool 60 isSimpleEnoughValueToCommitHelper(Constant *C, 61 SmallPtrSetImpl<Constant *> &SimpleConstants, 62 const DataLayout &DL) { 63 // Simple global addresses are supported, do not allow dllimport or 64 // thread-local globals. 65 if (auto *GV = dyn_cast<GlobalValue>(C)) 66 return !GV->hasDLLImportStorageClass() && !GV->isThreadLocal(); 67 68 // Simple integer, undef, constant aggregate zero, etc are all supported. 69 if (C->getNumOperands() == 0 || isa<BlockAddress>(C)) 70 return true; 71 72 // Aggregate values are safe if all their elements are. 73 if (isa<ConstantAggregate>(C)) { 74 for (Value *Op : C->operands()) 75 if (!isSimpleEnoughValueToCommit(cast<Constant>(Op), SimpleConstants, DL)) 76 return false; 77 return true; 78 } 79 80 // We don't know exactly what relocations are allowed in constant expressions, 81 // so we allow &global+constantoffset, which is safe and uniformly supported 82 // across targets. 83 ConstantExpr *CE = cast<ConstantExpr>(C); 84 switch (CE->getOpcode()) { 85 case Instruction::BitCast: 86 // Bitcast is fine if the casted value is fine. 87 return isSimpleEnoughValueToCommit(CE->getOperand(0), SimpleConstants, DL); 88 89 case Instruction::IntToPtr: 90 case Instruction::PtrToInt: 91 // int <=> ptr is fine if the int type is the same size as the 92 // pointer type. 93 if (DL.getTypeSizeInBits(CE->getType()) != 94 DL.getTypeSizeInBits(CE->getOperand(0)->getType())) 95 return false; 96 return isSimpleEnoughValueToCommit(CE->getOperand(0), SimpleConstants, DL); 97 98 // GEP is fine if it is simple + constant offset. 99 case Instruction::GetElementPtr: 100 for (unsigned i = 1, e = CE->getNumOperands(); i != e; ++i) 101 if (!isa<ConstantInt>(CE->getOperand(i))) 102 return false; 103 return isSimpleEnoughValueToCommit(CE->getOperand(0), SimpleConstants, DL); 104 105 case Instruction::Add: 106 // We allow simple+cst. 107 if (!isa<ConstantInt>(CE->getOperand(1))) 108 return false; 109 return isSimpleEnoughValueToCommit(CE->getOperand(0), SimpleConstants, DL); 110 } 111 return false; 112 } 113 114 static inline bool 115 isSimpleEnoughValueToCommit(Constant *C, 116 SmallPtrSetImpl<Constant *> &SimpleConstants, 117 const DataLayout &DL) { 118 // If we already checked this constant, we win. 119 if (!SimpleConstants.insert(C).second) 120 return true; 121 // Check the constant. 122 return isSimpleEnoughValueToCommitHelper(C, SimpleConstants, DL); 123 } 124 125 /// Return true if this constant is simple enough for us to understand. In 126 /// particular, if it is a cast to anything other than from one pointer type to 127 /// another pointer type, we punt. We basically just support direct accesses to 128 /// globals and GEP's of globals. This should be kept up to date with 129 /// CommitValueTo. 130 static bool isSimpleEnoughPointerToCommit(Constant *C, const DataLayout &DL) { 131 if (GlobalVariable *GV = dyn_cast<GlobalVariable>(C)) 132 // Do not allow weak/*_odr/linkonce linkage or external globals. 133 return GV->hasUniqueInitializer(); 134 135 if (ConstantExpr *CE = dyn_cast<ConstantExpr>(C)) { 136 // Handle a constantexpr gep. 137 if (CE->getOpcode() == Instruction::GetElementPtr && 138 isa<GlobalVariable>(CE->getOperand(0)) && 139 cast<GEPOperator>(CE)->isInBounds()) { 140 GlobalVariable *GV = cast<GlobalVariable>(CE->getOperand(0)); 141 // Do not allow weak/*_odr/linkonce/dllimport/dllexport linkage or 142 // external globals. 143 if (!GV->hasUniqueInitializer()) 144 return false; 145 146 // The first index must be zero. 147 ConstantInt *CI = dyn_cast<ConstantInt>(*std::next(CE->op_begin())); 148 if (!CI || !CI->isZero()) return false; 149 150 // The remaining indices must be compile-time known integers within the 151 // notional bounds of the corresponding static array types. 152 if (!CE->isGEPWithNoNotionalOverIndexing()) 153 return false; 154 155 return ConstantFoldLoadThroughGEPConstantExpr( 156 GV->getInitializer(), CE, 157 cast<GEPOperator>(CE)->getResultElementType(), DL); 158 } else if (CE->getOpcode() == Instruction::BitCast && 159 isa<GlobalVariable>(CE->getOperand(0))) { 160 // A constantexpr bitcast from a pointer to another pointer is a no-op, 161 // and we know how to evaluate it by moving the bitcast from the pointer 162 // operand to the value operand. 163 // Do not allow weak/*_odr/linkonce/dllimport/dllexport linkage or 164 // external globals. 165 return cast<GlobalVariable>(CE->getOperand(0))->hasUniqueInitializer(); 166 } 167 } 168 169 return false; 170 } 171 172 /// Apply \p TryLoad to Ptr. If this returns \p nullptr, introspect the 173 /// pointer's type and walk down through the initial elements to obtain 174 /// additional pointers to try. Returns the first non-null return value from 175 /// \p TryLoad, or \p nullptr if the type can't be introspected further. 176 static Constant * 177 evaluateBitcastFromPtr(Constant *Ptr, const DataLayout &DL, 178 const TargetLibraryInfo *TLI, 179 std::function<Constant *(Constant *)> TryLoad) { 180 Constant *Val; 181 while (!(Val = TryLoad(Ptr))) { 182 // If Ty is a non-opaque struct, we can convert the pointer to the struct 183 // into a pointer to its first member. 184 // FIXME: This could be extended to support arrays as well. 185 Type *Ty = cast<PointerType>(Ptr->getType())->getElementType(); 186 if (!isa<StructType>(Ty) || cast<StructType>(Ty)->isOpaque()) 187 break; 188 189 IntegerType *IdxTy = IntegerType::get(Ty->getContext(), 32); 190 Constant *IdxZero = ConstantInt::get(IdxTy, 0, false); 191 Constant *const IdxList[] = {IdxZero, IdxZero}; 192 193 Ptr = ConstantExpr::getGetElementPtr(Ty, Ptr, IdxList); 194 Ptr = ConstantFoldConstant(Ptr, DL, TLI); 195 } 196 return Val; 197 } 198 199 static Constant *getInitializer(Constant *C) { 200 auto *GV = dyn_cast<GlobalVariable>(C); 201 return GV && GV->hasDefinitiveInitializer() ? GV->getInitializer() : nullptr; 202 } 203 204 /// Return the value that would be computed by a load from P after the stores 205 /// reflected by 'memory' have been performed. If we can't decide, return null. 206 Constant *Evaluator::ComputeLoadResult(Constant *P, Type *Ty) { 207 // If this memory location has been recently stored, use the stored value: it 208 // is the most up-to-date. 209 auto TryFindMemLoc = [this](Constant *Ptr) { 210 return MutatedMemory.lookup(Ptr); 211 }; 212 213 if (Constant *Val = TryFindMemLoc(P)) 214 return Val; 215 216 // Access it. 217 if (GlobalVariable *GV = dyn_cast<GlobalVariable>(P)) { 218 if (GV->hasDefinitiveInitializer()) 219 return GV->getInitializer(); 220 return nullptr; 221 } 222 223 if (ConstantExpr *CE = dyn_cast<ConstantExpr>(P)) { 224 switch (CE->getOpcode()) { 225 // Handle a constantexpr getelementptr. 226 case Instruction::GetElementPtr: 227 if (auto *I = getInitializer(CE->getOperand(0))) 228 return ConstantFoldLoadThroughGEPConstantExpr(I, CE, Ty, DL); 229 break; 230 // Handle a constantexpr bitcast. 231 case Instruction::BitCast: 232 // We're evaluating a load through a pointer that was bitcast to a 233 // different type. See if the "from" pointer has recently been stored. 234 // If it hasn't, we may still be able to find a stored pointer by 235 // introspecting the type. 236 Constant *Val = 237 evaluateBitcastFromPtr(CE->getOperand(0), DL, TLI, TryFindMemLoc); 238 if (!Val) 239 Val = getInitializer(CE->getOperand(0)); 240 if (Val) 241 return ConstantFoldLoadThroughBitcast( 242 Val, P->getType()->getPointerElementType(), DL); 243 break; 244 } 245 } 246 247 return nullptr; // don't know how to evaluate. 248 } 249 250 static Function *getFunction(Constant *C) { 251 if (auto *Fn = dyn_cast<Function>(C)) 252 return Fn; 253 254 if (auto *Alias = dyn_cast<GlobalAlias>(C)) 255 if (auto *Fn = dyn_cast<Function>(Alias->getAliasee())) 256 return Fn; 257 return nullptr; 258 } 259 260 Function * 261 Evaluator::getCalleeWithFormalArgs(CallBase &CB, 262 SmallVectorImpl<Constant *> &Formals) { 263 auto *V = CB.getCalledOperand(); 264 if (auto *Fn = getFunction(getVal(V))) 265 return getFormalParams(CB, Fn, Formals) ? Fn : nullptr; 266 267 auto *CE = dyn_cast<ConstantExpr>(V); 268 if (!CE || CE->getOpcode() != Instruction::BitCast || 269 !getFormalParams(CB, getFunction(CE->getOperand(0)), Formals)) 270 return nullptr; 271 272 return dyn_cast<Function>( 273 ConstantFoldLoadThroughBitcast(CE, CE->getOperand(0)->getType(), DL)); 274 } 275 276 bool Evaluator::getFormalParams(CallBase &CB, Function *F, 277 SmallVectorImpl<Constant *> &Formals) { 278 if (!F) 279 return false; 280 281 auto *FTy = F->getFunctionType(); 282 if (FTy->getNumParams() > CB.arg_size()) { 283 LLVM_DEBUG(dbgs() << "Too few arguments for function.\n"); 284 return false; 285 } 286 287 auto ArgI = CB.arg_begin(); 288 for (Type *PTy : FTy->params()) { 289 auto *ArgC = ConstantFoldLoadThroughBitcast(getVal(*ArgI), PTy, DL); 290 if (!ArgC) { 291 LLVM_DEBUG(dbgs() << "Can not convert function argument.\n"); 292 return false; 293 } 294 Formals.push_back(ArgC); 295 ++ArgI; 296 } 297 return true; 298 } 299 300 /// If call expression contains bitcast then we may need to cast 301 /// evaluated return value to a type of the call expression. 302 Constant *Evaluator::castCallResultIfNeeded(Value *CallExpr, Constant *RV) { 303 ConstantExpr *CE = dyn_cast<ConstantExpr>(CallExpr); 304 if (!RV || !CE || CE->getOpcode() != Instruction::BitCast) 305 return RV; 306 307 if (auto *FT = 308 dyn_cast<FunctionType>(CE->getType()->getPointerElementType())) { 309 RV = ConstantFoldLoadThroughBitcast(RV, FT->getReturnType(), DL); 310 if (!RV) 311 LLVM_DEBUG(dbgs() << "Failed to fold bitcast call expr\n"); 312 } 313 return RV; 314 } 315 316 /// Evaluate all instructions in block BB, returning true if successful, false 317 /// if we can't evaluate it. NewBB returns the next BB that control flows into, 318 /// or null upon return. StrippedPointerCastsForAliasAnalysis is set to true if 319 /// we looked through pointer casts to evaluate something. 320 bool Evaluator::EvaluateBlock(BasicBlock::iterator CurInst, BasicBlock *&NextBB, 321 bool &StrippedPointerCastsForAliasAnalysis) { 322 // This is the main evaluation loop. 323 while (true) { 324 Constant *InstResult = nullptr; 325 326 LLVM_DEBUG(dbgs() << "Evaluating Instruction: " << *CurInst << "\n"); 327 328 if (StoreInst *SI = dyn_cast<StoreInst>(CurInst)) { 329 if (!SI->isSimple()) { 330 LLVM_DEBUG(dbgs() << "Store is not simple! Can not evaluate.\n"); 331 return false; // no volatile/atomic accesses. 332 } 333 Constant *Ptr = getVal(SI->getOperand(1)); 334 Constant *FoldedPtr = ConstantFoldConstant(Ptr, DL, TLI); 335 if (Ptr != FoldedPtr) { 336 LLVM_DEBUG(dbgs() << "Folding constant ptr expression: " << *Ptr); 337 Ptr = FoldedPtr; 338 LLVM_DEBUG(dbgs() << "; To: " << *Ptr << "\n"); 339 } 340 // Conservatively, avoid aggregate types. This is because we don't 341 // want to worry about them partially overlapping other stores. 342 if (!SI->getValueOperand()->getType()->isSingleValueType() || 343 !isSimpleEnoughPointerToCommit(Ptr, DL)) { 344 // If this is too complex for us to commit, reject it. 345 LLVM_DEBUG( 346 dbgs() << "Pointer is too complex for us to evaluate store."); 347 return false; 348 } 349 350 Constant *Val = getVal(SI->getOperand(0)); 351 352 // If this might be too difficult for the backend to handle (e.g. the addr 353 // of one global variable divided by another) then we can't commit it. 354 if (!isSimpleEnoughValueToCommit(Val, SimpleConstants, DL)) { 355 LLVM_DEBUG(dbgs() << "Store value is too complex to evaluate store. " 356 << *Val << "\n"); 357 return false; 358 } 359 360 if (ConstantExpr *CE = dyn_cast<ConstantExpr>(Ptr)) { 361 if (CE->getOpcode() == Instruction::BitCast) { 362 LLVM_DEBUG(dbgs() 363 << "Attempting to resolve bitcast on constant ptr.\n"); 364 // If we're evaluating a store through a bitcast, then we need 365 // to pull the bitcast off the pointer type and push it onto the 366 // stored value. In order to push the bitcast onto the stored value, 367 // a bitcast from the pointer's element type to Val's type must be 368 // legal. If it's not, we can try introspecting the type to find a 369 // legal conversion. 370 371 auto TryCastValTy = [&](Constant *P) -> Constant * { 372 // The conversion is illegal if the store is wider than the 373 // pointee proposed by `evaluateBitcastFromPtr`, since that would 374 // drop stores to other struct elements when the caller attempts to 375 // look through a struct's 0th element. 376 Type *NewTy = cast<PointerType>(P->getType())->getElementType(); 377 Type *STy = Val->getType(); 378 if (DL.getTypeSizeInBits(NewTy) < DL.getTypeSizeInBits(STy)) 379 return nullptr; 380 381 if (Constant *FV = ConstantFoldLoadThroughBitcast(Val, NewTy, DL)) { 382 Ptr = P; 383 return FV; 384 } 385 return nullptr; 386 }; 387 388 Constant *NewVal = 389 evaluateBitcastFromPtr(CE->getOperand(0), DL, TLI, TryCastValTy); 390 if (!NewVal) { 391 LLVM_DEBUG(dbgs() << "Failed to bitcast constant ptr, can not " 392 "evaluate.\n"); 393 return false; 394 } 395 396 Val = NewVal; 397 LLVM_DEBUG(dbgs() << "Evaluated bitcast: " << *Val << "\n"); 398 } 399 } 400 401 MutatedMemory[Ptr] = Val; 402 } else if (BinaryOperator *BO = dyn_cast<BinaryOperator>(CurInst)) { 403 InstResult = ConstantExpr::get(BO->getOpcode(), 404 getVal(BO->getOperand(0)), 405 getVal(BO->getOperand(1))); 406 LLVM_DEBUG(dbgs() << "Found a BinaryOperator! Simplifying: " 407 << *InstResult << "\n"); 408 } else if (CmpInst *CI = dyn_cast<CmpInst>(CurInst)) { 409 InstResult = ConstantExpr::getCompare(CI->getPredicate(), 410 getVal(CI->getOperand(0)), 411 getVal(CI->getOperand(1))); 412 LLVM_DEBUG(dbgs() << "Found a CmpInst! Simplifying: " << *InstResult 413 << "\n"); 414 } else if (CastInst *CI = dyn_cast<CastInst>(CurInst)) { 415 InstResult = ConstantExpr::getCast(CI->getOpcode(), 416 getVal(CI->getOperand(0)), 417 CI->getType()); 418 LLVM_DEBUG(dbgs() << "Found a Cast! Simplifying: " << *InstResult 419 << "\n"); 420 } else if (SelectInst *SI = dyn_cast<SelectInst>(CurInst)) { 421 InstResult = ConstantExpr::getSelect(getVal(SI->getOperand(0)), 422 getVal(SI->getOperand(1)), 423 getVal(SI->getOperand(2))); 424 LLVM_DEBUG(dbgs() << "Found a Select! Simplifying: " << *InstResult 425 << "\n"); 426 } else if (auto *EVI = dyn_cast<ExtractValueInst>(CurInst)) { 427 InstResult = ConstantExpr::getExtractValue( 428 getVal(EVI->getAggregateOperand()), EVI->getIndices()); 429 LLVM_DEBUG(dbgs() << "Found an ExtractValueInst! Simplifying: " 430 << *InstResult << "\n"); 431 } else if (auto *IVI = dyn_cast<InsertValueInst>(CurInst)) { 432 InstResult = ConstantExpr::getInsertValue( 433 getVal(IVI->getAggregateOperand()), 434 getVal(IVI->getInsertedValueOperand()), IVI->getIndices()); 435 LLVM_DEBUG(dbgs() << "Found an InsertValueInst! Simplifying: " 436 << *InstResult << "\n"); 437 } else if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(CurInst)) { 438 Constant *P = getVal(GEP->getOperand(0)); 439 SmallVector<Constant*, 8> GEPOps; 440 for (Use &Op : llvm::drop_begin(GEP->operands())) 441 GEPOps.push_back(getVal(Op)); 442 InstResult = 443 ConstantExpr::getGetElementPtr(GEP->getSourceElementType(), P, GEPOps, 444 cast<GEPOperator>(GEP)->isInBounds()); 445 LLVM_DEBUG(dbgs() << "Found a GEP! Simplifying: " << *InstResult << "\n"); 446 } else if (LoadInst *LI = dyn_cast<LoadInst>(CurInst)) { 447 if (!LI->isSimple()) { 448 LLVM_DEBUG( 449 dbgs() << "Found a Load! Not a simple load, can not evaluate.\n"); 450 return false; // no volatile/atomic accesses. 451 } 452 453 Constant *Ptr = getVal(LI->getOperand(0)); 454 Constant *FoldedPtr = ConstantFoldConstant(Ptr, DL, TLI); 455 if (Ptr != FoldedPtr) { 456 Ptr = FoldedPtr; 457 LLVM_DEBUG(dbgs() << "Found a constant pointer expression, constant " 458 "folding: " 459 << *Ptr << "\n"); 460 } 461 InstResult = ComputeLoadResult(Ptr, LI->getType()); 462 if (!InstResult) { 463 LLVM_DEBUG( 464 dbgs() << "Failed to compute load result. Can not evaluate load." 465 "\n"); 466 return false; // Could not evaluate load. 467 } 468 469 LLVM_DEBUG(dbgs() << "Evaluated load: " << *InstResult << "\n"); 470 } else if (AllocaInst *AI = dyn_cast<AllocaInst>(CurInst)) { 471 if (AI->isArrayAllocation()) { 472 LLVM_DEBUG(dbgs() << "Found an array alloca. Can not evaluate.\n"); 473 return false; // Cannot handle array allocs. 474 } 475 Type *Ty = AI->getAllocatedType(); 476 AllocaTmps.push_back(std::make_unique<GlobalVariable>( 477 Ty, false, GlobalValue::InternalLinkage, UndefValue::get(Ty), 478 AI->getName(), /*TLMode=*/GlobalValue::NotThreadLocal, 479 AI->getType()->getPointerAddressSpace())); 480 InstResult = AllocaTmps.back().get(); 481 LLVM_DEBUG(dbgs() << "Found an alloca. Result: " << *InstResult << "\n"); 482 } else if (isa<CallInst>(CurInst) || isa<InvokeInst>(CurInst)) { 483 CallBase &CB = *cast<CallBase>(&*CurInst); 484 485 // Debug info can safely be ignored here. 486 if (isa<DbgInfoIntrinsic>(CB)) { 487 LLVM_DEBUG(dbgs() << "Ignoring debug info.\n"); 488 ++CurInst; 489 continue; 490 } 491 492 // Cannot handle inline asm. 493 if (CB.isInlineAsm()) { 494 LLVM_DEBUG(dbgs() << "Found inline asm, can not evaluate.\n"); 495 return false; 496 } 497 498 if (IntrinsicInst *II = dyn_cast<IntrinsicInst>(&CB)) { 499 if (MemSetInst *MSI = dyn_cast<MemSetInst>(II)) { 500 if (MSI->isVolatile()) { 501 LLVM_DEBUG(dbgs() << "Can not optimize a volatile memset " 502 << "intrinsic.\n"); 503 return false; 504 } 505 Constant *Ptr = getVal(MSI->getDest()); 506 Constant *Val = getVal(MSI->getValue()); 507 Constant *DestVal = 508 ComputeLoadResult(getVal(Ptr), MSI->getValue()->getType()); 509 if (Val->isNullValue() && DestVal && DestVal->isNullValue()) { 510 // This memset is a no-op. 511 LLVM_DEBUG(dbgs() << "Ignoring no-op memset.\n"); 512 ++CurInst; 513 continue; 514 } 515 } 516 517 if (II->isLifetimeStartOrEnd()) { 518 LLVM_DEBUG(dbgs() << "Ignoring lifetime intrinsic.\n"); 519 ++CurInst; 520 continue; 521 } 522 523 if (II->getIntrinsicID() == Intrinsic::invariant_start) { 524 // We don't insert an entry into Values, as it doesn't have a 525 // meaningful return value. 526 if (!II->use_empty()) { 527 LLVM_DEBUG(dbgs() 528 << "Found unused invariant_start. Can't evaluate.\n"); 529 return false; 530 } 531 ConstantInt *Size = cast<ConstantInt>(II->getArgOperand(0)); 532 Value *PtrArg = getVal(II->getArgOperand(1)); 533 Value *Ptr = PtrArg->stripPointerCasts(); 534 if (GlobalVariable *GV = dyn_cast<GlobalVariable>(Ptr)) { 535 Type *ElemTy = GV->getValueType(); 536 if (!Size->isMinusOne() && 537 Size->getValue().getLimitedValue() >= 538 DL.getTypeStoreSize(ElemTy)) { 539 Invariants.insert(GV); 540 LLVM_DEBUG(dbgs() << "Found a global var that is an invariant: " 541 << *GV << "\n"); 542 } else { 543 LLVM_DEBUG(dbgs() 544 << "Found a global var, but can not treat it as an " 545 "invariant.\n"); 546 } 547 } 548 // Continue even if we do nothing. 549 ++CurInst; 550 continue; 551 } else if (II->getIntrinsicID() == Intrinsic::assume) { 552 LLVM_DEBUG(dbgs() << "Skipping assume intrinsic.\n"); 553 ++CurInst; 554 continue; 555 } else if (II->getIntrinsicID() == Intrinsic::sideeffect) { 556 LLVM_DEBUG(dbgs() << "Skipping sideeffect intrinsic.\n"); 557 ++CurInst; 558 continue; 559 } else if (II->getIntrinsicID() == Intrinsic::pseudoprobe) { 560 LLVM_DEBUG(dbgs() << "Skipping pseudoprobe intrinsic.\n"); 561 ++CurInst; 562 continue; 563 } else { 564 Value *Stripped = CurInst->stripPointerCastsForAliasAnalysis(); 565 // Only attempt to getVal() if we've actually managed to strip 566 // anything away, or else we'll call getVal() on the current 567 // instruction. 568 if (Stripped != &*CurInst) { 569 InstResult = getVal(Stripped); 570 } 571 if (InstResult) { 572 LLVM_DEBUG(dbgs() 573 << "Stripped pointer casts for alias analysis for " 574 "intrinsic call.\n"); 575 StrippedPointerCastsForAliasAnalysis = true; 576 InstResult = ConstantExpr::getBitCast(InstResult, II->getType()); 577 } else { 578 LLVM_DEBUG(dbgs() << "Unknown intrinsic. Cannot evaluate.\n"); 579 return false; 580 } 581 } 582 } 583 584 if (!InstResult) { 585 // Resolve function pointers. 586 SmallVector<Constant *, 8> Formals; 587 Function *Callee = getCalleeWithFormalArgs(CB, Formals); 588 if (!Callee || Callee->isInterposable()) { 589 LLVM_DEBUG(dbgs() << "Can not resolve function pointer.\n"); 590 return false; // Cannot resolve. 591 } 592 593 if (Callee->isDeclaration()) { 594 // If this is a function we can constant fold, do it. 595 if (Constant *C = ConstantFoldCall(&CB, Callee, Formals, TLI)) { 596 InstResult = castCallResultIfNeeded(CB.getCalledOperand(), C); 597 if (!InstResult) 598 return false; 599 LLVM_DEBUG(dbgs() << "Constant folded function call. Result: " 600 << *InstResult << "\n"); 601 } else { 602 LLVM_DEBUG(dbgs() << "Can not constant fold function call.\n"); 603 return false; 604 } 605 } else { 606 if (Callee->getFunctionType()->isVarArg()) { 607 LLVM_DEBUG(dbgs() 608 << "Can not constant fold vararg function call.\n"); 609 return false; 610 } 611 612 Constant *RetVal = nullptr; 613 // Execute the call, if successful, use the return value. 614 ValueStack.emplace_back(); 615 if (!EvaluateFunction(Callee, RetVal, Formals)) { 616 LLVM_DEBUG(dbgs() << "Failed to evaluate function.\n"); 617 return false; 618 } 619 ValueStack.pop_back(); 620 InstResult = castCallResultIfNeeded(CB.getCalledOperand(), RetVal); 621 if (RetVal && !InstResult) 622 return false; 623 624 if (InstResult) { 625 LLVM_DEBUG(dbgs() << "Successfully evaluated function. Result: " 626 << *InstResult << "\n\n"); 627 } else { 628 LLVM_DEBUG(dbgs() 629 << "Successfully evaluated function. Result: 0\n\n"); 630 } 631 } 632 } 633 } else if (CurInst->isTerminator()) { 634 LLVM_DEBUG(dbgs() << "Found a terminator instruction.\n"); 635 636 if (BranchInst *BI = dyn_cast<BranchInst>(CurInst)) { 637 if (BI->isUnconditional()) { 638 NextBB = BI->getSuccessor(0); 639 } else { 640 ConstantInt *Cond = 641 dyn_cast<ConstantInt>(getVal(BI->getCondition())); 642 if (!Cond) return false; // Cannot determine. 643 644 NextBB = BI->getSuccessor(!Cond->getZExtValue()); 645 } 646 } else if (SwitchInst *SI = dyn_cast<SwitchInst>(CurInst)) { 647 ConstantInt *Val = 648 dyn_cast<ConstantInt>(getVal(SI->getCondition())); 649 if (!Val) return false; // Cannot determine. 650 NextBB = SI->findCaseValue(Val)->getCaseSuccessor(); 651 } else if (IndirectBrInst *IBI = dyn_cast<IndirectBrInst>(CurInst)) { 652 Value *Val = getVal(IBI->getAddress())->stripPointerCasts(); 653 if (BlockAddress *BA = dyn_cast<BlockAddress>(Val)) 654 NextBB = BA->getBasicBlock(); 655 else 656 return false; // Cannot determine. 657 } else if (isa<ReturnInst>(CurInst)) { 658 NextBB = nullptr; 659 } else { 660 // invoke, unwind, resume, unreachable. 661 LLVM_DEBUG(dbgs() << "Can not handle terminator."); 662 return false; // Cannot handle this terminator. 663 } 664 665 // We succeeded at evaluating this block! 666 LLVM_DEBUG(dbgs() << "Successfully evaluated block.\n"); 667 return true; 668 } else { 669 // Did not know how to evaluate this! 670 LLVM_DEBUG( 671 dbgs() << "Failed to evaluate block due to unhandled instruction." 672 "\n"); 673 return false; 674 } 675 676 if (!CurInst->use_empty()) { 677 InstResult = ConstantFoldConstant(InstResult, DL, TLI); 678 setVal(&*CurInst, InstResult); 679 } 680 681 // If we just processed an invoke, we finished evaluating the block. 682 if (InvokeInst *II = dyn_cast<InvokeInst>(CurInst)) { 683 NextBB = II->getNormalDest(); 684 LLVM_DEBUG(dbgs() << "Found an invoke instruction. Finished Block.\n\n"); 685 return true; 686 } 687 688 // Advance program counter. 689 ++CurInst; 690 } 691 } 692 693 /// Evaluate a call to function F, returning true if successful, false if we 694 /// can't evaluate it. ActualArgs contains the formal arguments for the 695 /// function. 696 bool Evaluator::EvaluateFunction(Function *F, Constant *&RetVal, 697 const SmallVectorImpl<Constant*> &ActualArgs) { 698 // Check to see if this function is already executing (recursion). If so, 699 // bail out. TODO: we might want to accept limited recursion. 700 if (is_contained(CallStack, F)) 701 return false; 702 703 CallStack.push_back(F); 704 705 // Initialize arguments to the incoming values specified. 706 unsigned ArgNo = 0; 707 for (Function::arg_iterator AI = F->arg_begin(), E = F->arg_end(); AI != E; 708 ++AI, ++ArgNo) 709 setVal(&*AI, ActualArgs[ArgNo]); 710 711 // ExecutedBlocks - We only handle non-looping, non-recursive code. As such, 712 // we can only evaluate any one basic block at most once. This set keeps 713 // track of what we have executed so we can detect recursive cases etc. 714 SmallPtrSet<BasicBlock*, 32> ExecutedBlocks; 715 716 // CurBB - The current basic block we're evaluating. 717 BasicBlock *CurBB = &F->front(); 718 719 BasicBlock::iterator CurInst = CurBB->begin(); 720 721 while (true) { 722 BasicBlock *NextBB = nullptr; // Initialized to avoid compiler warnings. 723 LLVM_DEBUG(dbgs() << "Trying to evaluate BB: " << *CurBB << "\n"); 724 725 bool StrippedPointerCastsForAliasAnalysis = false; 726 727 if (!EvaluateBlock(CurInst, NextBB, StrippedPointerCastsForAliasAnalysis)) 728 return false; 729 730 if (!NextBB) { 731 // Successfully running until there's no next block means that we found 732 // the return. Fill it the return value and pop the call stack. 733 ReturnInst *RI = cast<ReturnInst>(CurBB->getTerminator()); 734 if (RI->getNumOperands()) { 735 // The Evaluator can look through pointer casts as long as alias 736 // analysis holds because it's just a simple interpreter and doesn't 737 // skip memory accesses due to invariant group metadata, but we can't 738 // let users of Evaluator use a value that's been gleaned looking 739 // through stripping pointer casts. 740 if (StrippedPointerCastsForAliasAnalysis && 741 !RI->getReturnValue()->getType()->isVoidTy()) { 742 return false; 743 } 744 RetVal = getVal(RI->getOperand(0)); 745 } 746 CallStack.pop_back(); 747 return true; 748 } 749 750 // Okay, we succeeded in evaluating this control flow. See if we have 751 // executed the new block before. If so, we have a looping function, 752 // which we cannot evaluate in reasonable time. 753 if (!ExecutedBlocks.insert(NextBB).second) 754 return false; // looped! 755 756 // Okay, we have never been in this block before. Check to see if there 757 // are any PHI nodes. If so, evaluate them with information about where 758 // we came from. 759 PHINode *PN = nullptr; 760 for (CurInst = NextBB->begin(); 761 (PN = dyn_cast<PHINode>(CurInst)); ++CurInst) 762 setVal(PN, getVal(PN->getIncomingValueForBlock(CurBB))); 763 764 // Advance to the next block. 765 CurBB = NextBB; 766 } 767 } 768