//====- X86FlagsCopyLowering.cpp - Lowers COPY nodes of EFLAGS ------------===// // // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // See https://llvm.org/LICENSE.txt for license information. // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // //===----------------------------------------------------------------------===// /// \file /// /// Lowers COPY nodes of EFLAGS by directly extracting and preserving individual /// flag bits. /// /// We have to do this by carefully analyzing and rewriting the usage of the /// copied EFLAGS register because there is no general way to rematerialize the /// entire EFLAGS register safely and efficiently. Using `popf` both forces /// dynamic stack adjustment and can create correctness issues due to IF, TF, /// and other non-status flags being overwritten. Using sequences involving /// SAHF don't work on all x86 processors and are often quite slow compared to /// directly testing a single status preserved in its own GPR. /// //===----------------------------------------------------------------------===// #include "X86.h" #include "X86InstrBuilder.h" #include "X86InstrInfo.h" #include "X86Subtarget.h" #include "llvm/ADT/ArrayRef.h" #include "llvm/ADT/DenseMap.h" #include "llvm/ADT/PostOrderIterator.h" #include "llvm/ADT/STLExtras.h" #include "llvm/ADT/ScopeExit.h" #include "llvm/ADT/SmallPtrSet.h" #include "llvm/ADT/SmallSet.h" #include "llvm/ADT/SmallVector.h" #include "llvm/ADT/SparseBitVector.h" #include "llvm/ADT/Statistic.h" #include "llvm/CodeGen/MachineBasicBlock.h" #include "llvm/CodeGen/MachineConstantPool.h" #include "llvm/CodeGen/MachineDominators.h" #include "llvm/CodeGen/MachineFunction.h" #include "llvm/CodeGen/MachineFunctionPass.h" #include "llvm/CodeGen/MachineInstr.h" #include "llvm/CodeGen/MachineInstrBuilder.h" #include "llvm/CodeGen/MachineModuleInfo.h" #include "llvm/CodeGen/MachineOperand.h" #include "llvm/CodeGen/MachineRegisterInfo.h" #include "llvm/CodeGen/MachineSSAUpdater.h" #include "llvm/CodeGen/TargetInstrInfo.h" #include "llvm/CodeGen/TargetRegisterInfo.h" #include "llvm/CodeGen/TargetSchedule.h" #include "llvm/CodeGen/TargetSubtargetInfo.h" #include "llvm/IR/DebugLoc.h" #include "llvm/MC/MCSchedule.h" #include "llvm/Pass.h" #include "llvm/Support/CommandLine.h" #include "llvm/Support/Debug.h" #include "llvm/Support/raw_ostream.h" #include #include #include #include using namespace llvm; #define PASS_KEY "x86-flags-copy-lowering" #define DEBUG_TYPE PASS_KEY STATISTIC(NumCopiesEliminated, "Number of copies of EFLAGS eliminated"); STATISTIC(NumSetCCsInserted, "Number of setCC instructions inserted"); STATISTIC(NumTestsInserted, "Number of test instructions inserted"); STATISTIC(NumAddsInserted, "Number of adds instructions inserted"); namespace { // Convenient array type for storing registers associated with each condition. using CondRegArray = std::array; class X86FlagsCopyLoweringPass : public MachineFunctionPass { public: X86FlagsCopyLoweringPass() : MachineFunctionPass(ID) { } StringRef getPassName() const override { return "X86 EFLAGS copy lowering"; } bool runOnMachineFunction(MachineFunction &MF) override; void getAnalysisUsage(AnalysisUsage &AU) const override; /// Pass identification, replacement for typeid. static char ID; private: MachineRegisterInfo *MRI = nullptr; const X86Subtarget *Subtarget = nullptr; const X86InstrInfo *TII = nullptr; const TargetRegisterInfo *TRI = nullptr; const TargetRegisterClass *PromoteRC = nullptr; MachineDominatorTree *MDT = nullptr; CondRegArray collectCondsInRegs(MachineBasicBlock &MBB, MachineBasicBlock::iterator CopyDefI); Register promoteCondToReg(MachineBasicBlock &MBB, MachineBasicBlock::iterator TestPos, const DebugLoc &TestLoc, X86::CondCode Cond); std::pair getCondOrInverseInReg( MachineBasicBlock &TestMBB, MachineBasicBlock::iterator TestPos, const DebugLoc &TestLoc, X86::CondCode Cond, CondRegArray &CondRegs); void insertTest(MachineBasicBlock &MBB, MachineBasicBlock::iterator Pos, const DebugLoc &Loc, unsigned Reg); void rewriteArithmetic(MachineBasicBlock &TestMBB, MachineBasicBlock::iterator TestPos, const DebugLoc &TestLoc, MachineInstr &MI, MachineOperand &FlagUse, CondRegArray &CondRegs); void rewriteCMov(MachineBasicBlock &TestMBB, MachineBasicBlock::iterator TestPos, const DebugLoc &TestLoc, MachineInstr &CMovI, MachineOperand &FlagUse, CondRegArray &CondRegs); void rewriteFCMov(MachineBasicBlock &TestMBB, MachineBasicBlock::iterator TestPos, const DebugLoc &TestLoc, MachineInstr &CMovI, MachineOperand &FlagUse, CondRegArray &CondRegs); void rewriteCondJmp(MachineBasicBlock &TestMBB, MachineBasicBlock::iterator TestPos, const DebugLoc &TestLoc, MachineInstr &JmpI, CondRegArray &CondRegs); void rewriteCopy(MachineInstr &MI, MachineOperand &FlagUse, MachineInstr &CopyDefI); void rewriteSetCC(MachineBasicBlock &TestMBB, MachineBasicBlock::iterator TestPos, const DebugLoc &TestLoc, MachineInstr &SetCCI, MachineOperand &FlagUse, CondRegArray &CondRegs); }; } // end anonymous namespace INITIALIZE_PASS_BEGIN(X86FlagsCopyLoweringPass, DEBUG_TYPE, "X86 EFLAGS copy lowering", false, false) INITIALIZE_PASS_END(X86FlagsCopyLoweringPass, DEBUG_TYPE, "X86 EFLAGS copy lowering", false, false) FunctionPass *llvm::createX86FlagsCopyLoweringPass() { return new X86FlagsCopyLoweringPass(); } char X86FlagsCopyLoweringPass::ID = 0; void X86FlagsCopyLoweringPass::getAnalysisUsage(AnalysisUsage &AU) const { AU.addRequired(); MachineFunctionPass::getAnalysisUsage(AU); } namespace { /// An enumeration of the arithmetic instruction mnemonics which have /// interesting flag semantics. /// /// We can map instruction opcodes into these mnemonics to make it easy to /// dispatch with specific functionality. enum class FlagArithMnemonic { ADC, ADCX, ADOX, RCL, RCR, SBB, SETB, }; } // namespace static FlagArithMnemonic getMnemonicFromOpcode(unsigned Opcode) { switch (Opcode) { default: report_fatal_error("No support for lowering a copy into EFLAGS when used " "by this instruction!"); #define LLVM_EXPAND_INSTR_SIZES(MNEMONIC, SUFFIX) \ case X86::MNEMONIC##8##SUFFIX: \ case X86::MNEMONIC##16##SUFFIX: \ case X86::MNEMONIC##32##SUFFIX: \ case X86::MNEMONIC##64##SUFFIX: #define LLVM_EXPAND_ADC_SBB_INSTR(MNEMONIC) \ LLVM_EXPAND_INSTR_SIZES(MNEMONIC, rr) \ LLVM_EXPAND_INSTR_SIZES(MNEMONIC, rr_REV) \ LLVM_EXPAND_INSTR_SIZES(MNEMONIC, rm) \ LLVM_EXPAND_INSTR_SIZES(MNEMONIC, mr) \ case X86::MNEMONIC##8ri: \ case X86::MNEMONIC##16ri8: \ case X86::MNEMONIC##32ri8: \ case X86::MNEMONIC##64ri8: \ case X86::MNEMONIC##16ri: \ case X86::MNEMONIC##32ri: \ case X86::MNEMONIC##64ri32: \ case X86::MNEMONIC##8mi: \ case X86::MNEMONIC##16mi8: \ case X86::MNEMONIC##32mi8: \ case X86::MNEMONIC##64mi8: \ case X86::MNEMONIC##16mi: \ case X86::MNEMONIC##32mi: \ case X86::MNEMONIC##64mi32: \ case X86::MNEMONIC##8i8: \ case X86::MNEMONIC##16i16: \ case X86::MNEMONIC##32i32: \ case X86::MNEMONIC##64i32: LLVM_EXPAND_ADC_SBB_INSTR(ADC) return FlagArithMnemonic::ADC; LLVM_EXPAND_ADC_SBB_INSTR(SBB) return FlagArithMnemonic::SBB; #undef LLVM_EXPAND_ADC_SBB_INSTR LLVM_EXPAND_INSTR_SIZES(RCL, rCL) LLVM_EXPAND_INSTR_SIZES(RCL, r1) LLVM_EXPAND_INSTR_SIZES(RCL, ri) return FlagArithMnemonic::RCL; LLVM_EXPAND_INSTR_SIZES(RCR, rCL) LLVM_EXPAND_INSTR_SIZES(RCR, r1) LLVM_EXPAND_INSTR_SIZES(RCR, ri) return FlagArithMnemonic::RCR; #undef LLVM_EXPAND_INSTR_SIZES case X86::ADCX32rr: case X86::ADCX64rr: case X86::ADCX32rm: case X86::ADCX64rm: return FlagArithMnemonic::ADCX; case X86::ADOX32rr: case X86::ADOX64rr: case X86::ADOX32rm: case X86::ADOX64rm: return FlagArithMnemonic::ADOX; case X86::SETB_C32r: case X86::SETB_C64r: return FlagArithMnemonic::SETB; } } static MachineBasicBlock &splitBlock(MachineBasicBlock &MBB, MachineInstr &SplitI, const X86InstrInfo &TII) { MachineFunction &MF = *MBB.getParent(); assert(SplitI.getParent() == &MBB && "Split instruction must be in the split block!"); assert(SplitI.isBranch() && "Only designed to split a tail of branch instructions!"); assert(X86::getCondFromBranch(SplitI) != X86::COND_INVALID && "Must split on an actual jCC instruction!"); // Dig out the previous instruction to the split point. MachineInstr &PrevI = *std::prev(SplitI.getIterator()); assert(PrevI.isBranch() && "Must split after a branch!"); assert(X86::getCondFromBranch(PrevI) != X86::COND_INVALID && "Must split after an actual jCC instruction!"); assert(!std::prev(PrevI.getIterator())->isTerminator() && "Must only have this one terminator prior to the split!"); // Grab the one successor edge that will stay in `MBB`. MachineBasicBlock &UnsplitSucc = *PrevI.getOperand(0).getMBB(); // Analyze the original block to see if we are actually splitting an edge // into two edges. This can happen when we have multiple conditional jumps to // the same successor. bool IsEdgeSplit = std::any_of(SplitI.getIterator(), MBB.instr_end(), [&](MachineInstr &MI) { assert(MI.isTerminator() && "Should only have spliced terminators!"); return llvm::any_of( MI.operands(), [&](MachineOperand &MOp) { return MOp.isMBB() && MOp.getMBB() == &UnsplitSucc; }); }) || MBB.getFallThrough() == &UnsplitSucc; MachineBasicBlock &NewMBB = *MF.CreateMachineBasicBlock(); // Insert the new block immediately after the current one. Any existing // fallthrough will be sunk into this new block anyways. MF.insert(std::next(MachineFunction::iterator(&MBB)), &NewMBB); // Splice the tail of instructions into the new block. NewMBB.splice(NewMBB.end(), &MBB, SplitI.getIterator(), MBB.end()); // Copy the necessary succesors (and their probability info) into the new // block. for (auto SI = MBB.succ_begin(), SE = MBB.succ_end(); SI != SE; ++SI) if (IsEdgeSplit || *SI != &UnsplitSucc) NewMBB.copySuccessor(&MBB, SI); // Normalize the probabilities if we didn't end up splitting the edge. if (!IsEdgeSplit) NewMBB.normalizeSuccProbs(); // Now replace all of the moved successors in the original block with the new // block. This will merge their probabilities. for (MachineBasicBlock *Succ : NewMBB.successors()) if (Succ != &UnsplitSucc) MBB.replaceSuccessor(Succ, &NewMBB); // We should always end up replacing at least one successor. assert(MBB.isSuccessor(&NewMBB) && "Failed to make the new block a successor!"); // Now update all the PHIs. for (MachineBasicBlock *Succ : NewMBB.successors()) { for (MachineInstr &MI : *Succ) { if (!MI.isPHI()) break; for (int OpIdx = 1, NumOps = MI.getNumOperands(); OpIdx < NumOps; OpIdx += 2) { MachineOperand &OpV = MI.getOperand(OpIdx); MachineOperand &OpMBB = MI.getOperand(OpIdx + 1); assert(OpMBB.isMBB() && "Block operand to a PHI is not a block!"); if (OpMBB.getMBB() != &MBB) continue; // Replace the operand for unsplit successors if (!IsEdgeSplit || Succ != &UnsplitSucc) { OpMBB.setMBB(&NewMBB); // We have to continue scanning as there may be multiple entries in // the PHI. continue; } // When we have split the edge append a new successor. MI.addOperand(MF, OpV); MI.addOperand(MF, MachineOperand::CreateMBB(&NewMBB)); break; } } } return NewMBB; } static X86::CondCode getCondFromFCMOV(unsigned Opcode) { switch (Opcode) { default: return X86::COND_INVALID; case X86::CMOVBE_Fp32: case X86::CMOVBE_Fp64: case X86::CMOVBE_Fp80: return X86::COND_BE; case X86::CMOVB_Fp32: case X86::CMOVB_Fp64: case X86::CMOVB_Fp80: return X86::COND_B; case X86::CMOVE_Fp32: case X86::CMOVE_Fp64: case X86::CMOVE_Fp80: return X86::COND_E; case X86::CMOVNBE_Fp32: case X86::CMOVNBE_Fp64: case X86::CMOVNBE_Fp80: return X86::COND_A; case X86::CMOVNB_Fp32: case X86::CMOVNB_Fp64: case X86::CMOVNB_Fp80: return X86::COND_AE; case X86::CMOVNE_Fp32: case X86::CMOVNE_Fp64: case X86::CMOVNE_Fp80: return X86::COND_NE; case X86::CMOVNP_Fp32: case X86::CMOVNP_Fp64: case X86::CMOVNP_Fp80: return X86::COND_NP; case X86::CMOVP_Fp32: case X86::CMOVP_Fp64: case X86::CMOVP_Fp80: return X86::COND_P; } } bool X86FlagsCopyLoweringPass::runOnMachineFunction(MachineFunction &MF) { LLVM_DEBUG(dbgs() << "********** " << getPassName() << " : " << MF.getName() << " **********\n"); Subtarget = &MF.getSubtarget(); MRI = &MF.getRegInfo(); TII = Subtarget->getInstrInfo(); TRI = Subtarget->getRegisterInfo(); MDT = &getAnalysis(); PromoteRC = &X86::GR8RegClass; if (MF.begin() == MF.end()) // Nothing to do for a degenerate empty function... return false; // Collect the copies in RPO so that when there are chains where a copy is in // turn copied again we visit the first one first. This ensures we can find // viable locations for testing the original EFLAGS that dominate all the // uses across complex CFGs. SmallVector Copies; ReversePostOrderTraversal RPOT(&MF); for (MachineBasicBlock *MBB : RPOT) for (MachineInstr &MI : *MBB) if (MI.getOpcode() == TargetOpcode::COPY && MI.getOperand(0).getReg() == X86::EFLAGS) Copies.push_back(&MI); for (MachineInstr *CopyI : Copies) { MachineBasicBlock &MBB = *CopyI->getParent(); MachineOperand &VOp = CopyI->getOperand(1); assert(VOp.isReg() && "The input to the copy for EFLAGS should always be a register!"); MachineInstr &CopyDefI = *MRI->getVRegDef(VOp.getReg()); if (CopyDefI.getOpcode() != TargetOpcode::COPY) { // FIXME: The big likely candidate here are PHI nodes. We could in theory // handle PHI nodes, but it gets really, really hard. Insanely hard. Hard // enough that it is probably better to change every other part of LLVM // to avoid creating them. The issue is that once we have PHIs we won't // know which original EFLAGS value we need to capture with our setCCs // below. The end result will be computing a complete set of setCCs that // we *might* want, computing them in every place where we copy *out* of // EFLAGS and then doing SSA formation on all of them to insert necessary // PHI nodes and consume those here. Then hoping that somehow we DCE the // unnecessary ones. This DCE seems very unlikely to be successful and so // we will almost certainly end up with a glut of dead setCC // instructions. Until we have a motivating test case and fail to avoid // it by changing other parts of LLVM's lowering, we refuse to handle // this complex case here. LLVM_DEBUG( dbgs() << "ERROR: Encountered unexpected def of an eflags copy: "; CopyDefI.dump()); report_fatal_error( "Cannot lower EFLAGS copy unless it is defined in turn by a copy!"); } auto Cleanup = make_scope_exit([&] { // All uses of the EFLAGS copy are now rewritten, kill the copy into // eflags and if dead the copy from. CopyI->eraseFromParent(); if (MRI->use_empty(CopyDefI.getOperand(0).getReg())) CopyDefI.eraseFromParent(); ++NumCopiesEliminated; }); MachineOperand &DOp = CopyI->getOperand(0); assert(DOp.isDef() && "Expected register def!"); assert(DOp.getReg() == X86::EFLAGS && "Unexpected copy def register!"); if (DOp.isDead()) continue; MachineBasicBlock *TestMBB = CopyDefI.getParent(); auto TestPos = CopyDefI.getIterator(); DebugLoc TestLoc = CopyDefI.getDebugLoc(); LLVM_DEBUG(dbgs() << "Rewriting copy: "; CopyI->dump()); // Walk up across live-in EFLAGS to find where they were actually def'ed. // // This copy's def may just be part of a region of blocks covered by // a single def of EFLAGS and we want to find the top of that region where // possible. // // This is essentially a search for a *candidate* reaching definition // location. We don't need to ever find the actual reaching definition here, // but we want to walk up the dominator tree to find the highest point which // would be viable for such a definition. auto HasEFLAGSClobber = [&](MachineBasicBlock::iterator Begin, MachineBasicBlock::iterator End) { // Scan backwards as we expect these to be relatively short and often find // a clobber near the end. return llvm::any_of( llvm::reverse(llvm::make_range(Begin, End)), [&](MachineInstr &MI) { // Flag any instruction (other than the copy we are // currently rewriting) that defs EFLAGS. return &MI != CopyI && MI.findRegisterDefOperand(X86::EFLAGS); }); }; auto HasEFLAGSClobberPath = [&](MachineBasicBlock *BeginMBB, MachineBasicBlock *EndMBB) { assert(MDT->dominates(BeginMBB, EndMBB) && "Only support paths down the dominator tree!"); SmallPtrSet Visited; SmallVector Worklist; // We terminate at the beginning. No need to scan it. Visited.insert(BeginMBB); Worklist.push_back(EndMBB); do { auto *MBB = Worklist.pop_back_val(); for (auto *PredMBB : MBB->predecessors()) { if (!Visited.insert(PredMBB).second) continue; if (HasEFLAGSClobber(PredMBB->begin(), PredMBB->end())) return true; // Enqueue this block to walk its predecessors. Worklist.push_back(PredMBB); } } while (!Worklist.empty()); // No clobber found along a path from the begin to end. return false; }; while (TestMBB->isLiveIn(X86::EFLAGS) && !TestMBB->pred_empty() && !HasEFLAGSClobber(TestMBB->begin(), TestPos)) { // Find the nearest common dominator of the predecessors, as // that will be the best candidate to hoist into. MachineBasicBlock *HoistMBB = std::accumulate(std::next(TestMBB->pred_begin()), TestMBB->pred_end(), *TestMBB->pred_begin(), [&](MachineBasicBlock *LHS, MachineBasicBlock *RHS) { return MDT->findNearestCommonDominator(LHS, RHS); }); // Now we need to scan all predecessors that may be reached along paths to // the hoist block. A clobber anywhere in any of these blocks the hoist. // Note that this even handles loops because we require *no* clobbers. if (HasEFLAGSClobberPath(HoistMBB, TestMBB)) break; // We also need the terminators to not sneakily clobber flags. if (HasEFLAGSClobber(HoistMBB->getFirstTerminator()->getIterator(), HoistMBB->instr_end())) break; // We found a viable location, hoist our test position to it. TestMBB = HoistMBB; TestPos = TestMBB->getFirstTerminator()->getIterator(); // Clear the debug location as it would just be confusing after hoisting. TestLoc = DebugLoc(); } LLVM_DEBUG({ auto DefIt = llvm::find_if( llvm::reverse(llvm::make_range(TestMBB->instr_begin(), TestPos)), [&](MachineInstr &MI) { return MI.findRegisterDefOperand(X86::EFLAGS); }); if (DefIt.base() != TestMBB->instr_begin()) { dbgs() << " Using EFLAGS defined by: "; DefIt->dump(); } else { dbgs() << " Using live-in flags for BB:\n"; TestMBB->dump(); } }); // While rewriting uses, we buffer jumps and rewrite them in a second pass // because doing so will perturb the CFG that we are walking to find the // uses in the first place. SmallVector JmpIs; // Gather the condition flags that have already been preserved in // registers. We do this from scratch each time as we expect there to be // very few of them and we expect to not revisit the same copy definition // many times. If either of those change sufficiently we could build a map // of these up front instead. CondRegArray CondRegs = collectCondsInRegs(*TestMBB, TestPos); // Collect the basic blocks we need to scan. Typically this will just be // a single basic block but we may have to scan multiple blocks if the // EFLAGS copy lives into successors. SmallVector Blocks; SmallPtrSet VisitedBlocks; Blocks.push_back(&MBB); do { MachineBasicBlock &UseMBB = *Blocks.pop_back_val(); // Track when if/when we find a kill of the flags in this block. bool FlagsKilled = false; // In most cases, we walk from the beginning to the end of the block. But // when the block is the same block as the copy is from, we will visit it // twice. The first time we start from the copy and go to the end. The // second time we start from the beginning and go to the copy. This lets // us handle copies inside of cycles. // FIXME: This loop is *super* confusing. This is at least in part // a symptom of all of this routine needing to be refactored into // documentable components. Once done, there may be a better way to write // this loop. for (auto MII = (&UseMBB == &MBB && !VisitedBlocks.count(&UseMBB)) ? std::next(CopyI->getIterator()) : UseMBB.instr_begin(), MIE = UseMBB.instr_end(); MII != MIE;) { MachineInstr &MI = *MII++; // If we are in the original copy block and encounter either the copy // def or the copy itself, break so that we don't re-process any part of // the block or process the instructions in the range that was copied // over. if (&MI == CopyI || &MI == &CopyDefI) { assert(&UseMBB == &MBB && VisitedBlocks.count(&MBB) && "Should only encounter these on the second pass over the " "original block."); break; } MachineOperand *FlagUse = MI.findRegisterUseOperand(X86::EFLAGS); if (!FlagUse) { if (MI.findRegisterDefOperand(X86::EFLAGS)) { // If EFLAGS are defined, it's as-if they were killed. We can stop // scanning here. // // NB!!! Many instructions only modify some flags. LLVM currently // models this as clobbering all flags, but if that ever changes // this will need to be carefully updated to handle that more // complex logic. FlagsKilled = true; break; } continue; } LLVM_DEBUG(dbgs() << " Rewriting use: "; MI.dump()); // Check the kill flag before we rewrite as that may change it. if (FlagUse->isKill()) FlagsKilled = true; // Once we encounter a branch, the rest of the instructions must also be // branches. We can't rewrite in place here, so we handle them below. // // Note that we don't have to handle tail calls here, even conditional // tail calls, as those are not introduced into the X86 MI until post-RA // branch folding or black placement. As a consequence, we get to deal // with the simpler formulation of conditional branches followed by tail // calls. if (X86::getCondFromBranch(MI) != X86::COND_INVALID) { auto JmpIt = MI.getIterator(); do { JmpIs.push_back(&*JmpIt); ++JmpIt; } while (JmpIt != UseMBB.instr_end() && X86::getCondFromBranch(*JmpIt) != X86::COND_INVALID); break; } // Otherwise we can just rewrite in-place. if (X86::getCondFromCMov(MI) != X86::COND_INVALID) { rewriteCMov(*TestMBB, TestPos, TestLoc, MI, *FlagUse, CondRegs); } else if (getCondFromFCMOV(MI.getOpcode()) != X86::COND_INVALID) { rewriteFCMov(*TestMBB, TestPos, TestLoc, MI, *FlagUse, CondRegs); } else if (X86::getCondFromSETCC(MI) != X86::COND_INVALID) { rewriteSetCC(*TestMBB, TestPos, TestLoc, MI, *FlagUse, CondRegs); } else if (MI.getOpcode() == TargetOpcode::COPY) { rewriteCopy(MI, *FlagUse, CopyDefI); } else { // We assume all other instructions that use flags also def them. assert(MI.findRegisterDefOperand(X86::EFLAGS) && "Expected a def of EFLAGS for this instruction!"); // NB!!! Several arithmetic instructions only *partially* update // flags. Theoretically, we could generate MI code sequences that // would rely on this fact and observe different flags independently. // But currently LLVM models all of these instructions as clobbering // all the flags in an undef way. We rely on that to simplify the // logic. FlagsKilled = true; // Generically handle remaining uses as arithmetic instructions. rewriteArithmetic(*TestMBB, TestPos, TestLoc, MI, *FlagUse, CondRegs); } // If this was the last use of the flags, we're done. if (FlagsKilled) break; } // If the flags were killed, we're done with this block. if (FlagsKilled) continue; // Otherwise we need to scan successors for ones where the flags live-in // and queue those up for processing. for (MachineBasicBlock *SuccMBB : UseMBB.successors()) if (SuccMBB->isLiveIn(X86::EFLAGS) && VisitedBlocks.insert(SuccMBB).second) { // We currently don't do any PHI insertion and so we require that the // test basic block dominates all of the use basic blocks. Further, we // can't have a cycle from the test block back to itself as that would // create a cycle requiring a PHI to break it. // // We could in theory do PHI insertion here if it becomes useful by // just taking undef values in along every edge that we don't trace // this EFLAGS copy along. This isn't as bad as fully general PHI // insertion, but still seems like a great deal of complexity. // // Because it is theoretically possible that some earlier MI pass or // other lowering transformation could induce this to happen, we do // a hard check even in non-debug builds here. if (SuccMBB == TestMBB || !MDT->dominates(TestMBB, SuccMBB)) { LLVM_DEBUG({ dbgs() << "ERROR: Encountered use that is not dominated by our test " "basic block! Rewriting this would require inserting PHI " "nodes to track the flag state across the CFG.\n\nTest " "block:\n"; TestMBB->dump(); dbgs() << "Use block:\n"; SuccMBB->dump(); }); report_fatal_error( "Cannot lower EFLAGS copy when original copy def " "does not dominate all uses."); } Blocks.push_back(SuccMBB); // After this, EFLAGS will be recreated before each use. SuccMBB->removeLiveIn(X86::EFLAGS); } } while (!Blocks.empty()); // Now rewrite the jumps that use the flags. These we handle specially // because if there are multiple jumps in a single basic block we'll have // to do surgery on the CFG. MachineBasicBlock *LastJmpMBB = nullptr; for (MachineInstr *JmpI : JmpIs) { // Past the first jump within a basic block we need to split the blocks // apart. if (JmpI->getParent() == LastJmpMBB) splitBlock(*JmpI->getParent(), *JmpI, *TII); else LastJmpMBB = JmpI->getParent(); rewriteCondJmp(*TestMBB, TestPos, TestLoc, *JmpI, CondRegs); } // FIXME: Mark the last use of EFLAGS before the copy's def as a kill if // the copy's def operand is itself a kill. } #ifndef NDEBUG for (MachineBasicBlock &MBB : MF) for (MachineInstr &MI : MBB) if (MI.getOpcode() == TargetOpcode::COPY && (MI.getOperand(0).getReg() == X86::EFLAGS || MI.getOperand(1).getReg() == X86::EFLAGS)) { LLVM_DEBUG(dbgs() << "ERROR: Found a COPY involving EFLAGS: "; MI.dump()); llvm_unreachable("Unlowered EFLAGS copy!"); } #endif return true; } /// Collect any conditions that have already been set in registers so that we /// can re-use them rather than adding duplicates. CondRegArray X86FlagsCopyLoweringPass::collectCondsInRegs( MachineBasicBlock &MBB, MachineBasicBlock::iterator TestPos) { CondRegArray CondRegs = {}; // Scan backwards across the range of instructions with live EFLAGS. for (MachineInstr &MI : llvm::reverse(llvm::make_range(MBB.begin(), TestPos))) { X86::CondCode Cond = X86::getCondFromSETCC(MI); if (Cond != X86::COND_INVALID && !MI.mayStore() && MI.getOperand(0).isReg() && MI.getOperand(0).getReg().isVirtual()) { assert(MI.getOperand(0).isDef() && "A non-storing SETcc should always define a register!"); CondRegs[Cond] = MI.getOperand(0).getReg(); } // Stop scanning when we see the first definition of the EFLAGS as prior to // this we would potentially capture the wrong flag state. if (MI.findRegisterDefOperand(X86::EFLAGS)) break; } return CondRegs; } Register X86FlagsCopyLoweringPass::promoteCondToReg( MachineBasicBlock &TestMBB, MachineBasicBlock::iterator TestPos, const DebugLoc &TestLoc, X86::CondCode Cond) { Register Reg = MRI->createVirtualRegister(PromoteRC); auto SetI = BuildMI(TestMBB, TestPos, TestLoc, TII->get(X86::SETCCr), Reg).addImm(Cond); (void)SetI; LLVM_DEBUG(dbgs() << " save cond: "; SetI->dump()); ++NumSetCCsInserted; return Reg; } std::pair X86FlagsCopyLoweringPass::getCondOrInverseInReg( MachineBasicBlock &TestMBB, MachineBasicBlock::iterator TestPos, const DebugLoc &TestLoc, X86::CondCode Cond, CondRegArray &CondRegs) { unsigned &CondReg = CondRegs[Cond]; unsigned &InvCondReg = CondRegs[X86::GetOppositeBranchCondition(Cond)]; if (!CondReg && !InvCondReg) CondReg = promoteCondToReg(TestMBB, TestPos, TestLoc, Cond); if (CondReg) return {CondReg, false}; else return {InvCondReg, true}; } void X86FlagsCopyLoweringPass::insertTest(MachineBasicBlock &MBB, MachineBasicBlock::iterator Pos, const DebugLoc &Loc, unsigned Reg) { auto TestI = BuildMI(MBB, Pos, Loc, TII->get(X86::TEST8rr)).addReg(Reg).addReg(Reg); (void)TestI; LLVM_DEBUG(dbgs() << " test cond: "; TestI->dump()); ++NumTestsInserted; } void X86FlagsCopyLoweringPass::rewriteArithmetic( MachineBasicBlock &TestMBB, MachineBasicBlock::iterator TestPos, const DebugLoc &TestLoc, MachineInstr &MI, MachineOperand &FlagUse, CondRegArray &CondRegs) { // Arithmetic is either reading CF or OF. Figure out which condition we need // to preserve in a register. X86::CondCode Cond = X86::COND_INVALID; // The addend to use to reset CF or OF when added to the flag value. int Addend = 0; switch (getMnemonicFromOpcode(MI.getOpcode())) { case FlagArithMnemonic::ADC: case FlagArithMnemonic::ADCX: case FlagArithMnemonic::RCL: case FlagArithMnemonic::RCR: case FlagArithMnemonic::SBB: case FlagArithMnemonic::SETB: Cond = X86::COND_B; // CF == 1 // Set up an addend that when one is added will need a carry due to not // having a higher bit available. Addend = 255; break; case FlagArithMnemonic::ADOX: Cond = X86::COND_O; // OF == 1 // Set up an addend that when one is added will turn from positive to // negative and thus overflow in the signed domain. Addend = 127; break; } // Now get a register that contains the value of the flag input to the // arithmetic. We require exactly this flag to simplify the arithmetic // required to materialize it back into the flag. unsigned &CondReg = CondRegs[Cond]; if (!CondReg) CondReg = promoteCondToReg(TestMBB, TestPos, TestLoc, Cond); MachineBasicBlock &MBB = *MI.getParent(); // Insert an instruction that will set the flag back to the desired value. Register TmpReg = MRI->createVirtualRegister(PromoteRC); auto AddI = BuildMI(MBB, MI.getIterator(), MI.getDebugLoc(), TII->get(X86::ADD8ri)) .addDef(TmpReg, RegState::Dead) .addReg(CondReg) .addImm(Addend); (void)AddI; LLVM_DEBUG(dbgs() << " add cond: "; AddI->dump()); ++NumAddsInserted; FlagUse.setIsKill(true); } void X86FlagsCopyLoweringPass::rewriteCMov(MachineBasicBlock &TestMBB, MachineBasicBlock::iterator TestPos, const DebugLoc &TestLoc, MachineInstr &CMovI, MachineOperand &FlagUse, CondRegArray &CondRegs) { // First get the register containing this specific condition. X86::CondCode Cond = X86::getCondFromCMov(CMovI); unsigned CondReg; bool Inverted; std::tie(CondReg, Inverted) = getCondOrInverseInReg(TestMBB, TestPos, TestLoc, Cond, CondRegs); MachineBasicBlock &MBB = *CMovI.getParent(); // Insert a direct test of the saved register. insertTest(MBB, CMovI.getIterator(), CMovI.getDebugLoc(), CondReg); // Rewrite the CMov to use the !ZF flag from the test, and then kill its use // of the flags afterward. CMovI.getOperand(CMovI.getDesc().getNumOperands() - 1) .setImm(Inverted ? X86::COND_E : X86::COND_NE); FlagUse.setIsKill(true); LLVM_DEBUG(dbgs() << " fixed cmov: "; CMovI.dump()); } void X86FlagsCopyLoweringPass::rewriteFCMov(MachineBasicBlock &TestMBB, MachineBasicBlock::iterator TestPos, const DebugLoc &TestLoc, MachineInstr &CMovI, MachineOperand &FlagUse, CondRegArray &CondRegs) { // First get the register containing this specific condition. X86::CondCode Cond = getCondFromFCMOV(CMovI.getOpcode()); unsigned CondReg; bool Inverted; std::tie(CondReg, Inverted) = getCondOrInverseInReg(TestMBB, TestPos, TestLoc, Cond, CondRegs); MachineBasicBlock &MBB = *CMovI.getParent(); // Insert a direct test of the saved register. insertTest(MBB, CMovI.getIterator(), CMovI.getDebugLoc(), CondReg); auto getFCMOVOpcode = [](unsigned Opcode, bool Inverted) { switch (Opcode) { default: llvm_unreachable("Unexpected opcode!"); case X86::CMOVBE_Fp32: case X86::CMOVNBE_Fp32: case X86::CMOVB_Fp32: case X86::CMOVNB_Fp32: case X86::CMOVE_Fp32: case X86::CMOVNE_Fp32: case X86::CMOVP_Fp32: case X86::CMOVNP_Fp32: return Inverted ? X86::CMOVE_Fp32 : X86::CMOVNE_Fp32; case X86::CMOVBE_Fp64: case X86::CMOVNBE_Fp64: case X86::CMOVB_Fp64: case X86::CMOVNB_Fp64: case X86::CMOVE_Fp64: case X86::CMOVNE_Fp64: case X86::CMOVP_Fp64: case X86::CMOVNP_Fp64: return Inverted ? X86::CMOVE_Fp64 : X86::CMOVNE_Fp64; case X86::CMOVBE_Fp80: case X86::CMOVNBE_Fp80: case X86::CMOVB_Fp80: case X86::CMOVNB_Fp80: case X86::CMOVE_Fp80: case X86::CMOVNE_Fp80: case X86::CMOVP_Fp80: case X86::CMOVNP_Fp80: return Inverted ? X86::CMOVE_Fp80 : X86::CMOVNE_Fp80; } }; // Rewrite the CMov to use the !ZF flag from the test. CMovI.setDesc(TII->get(getFCMOVOpcode(CMovI.getOpcode(), Inverted))); FlagUse.setIsKill(true); LLVM_DEBUG(dbgs() << " fixed fcmov: "; CMovI.dump()); } void X86FlagsCopyLoweringPass::rewriteCondJmp( MachineBasicBlock &TestMBB, MachineBasicBlock::iterator TestPos, const DebugLoc &TestLoc, MachineInstr &JmpI, CondRegArray &CondRegs) { // First get the register containing this specific condition. X86::CondCode Cond = X86::getCondFromBranch(JmpI); unsigned CondReg; bool Inverted; std::tie(CondReg, Inverted) = getCondOrInverseInReg(TestMBB, TestPos, TestLoc, Cond, CondRegs); MachineBasicBlock &JmpMBB = *JmpI.getParent(); // Insert a direct test of the saved register. insertTest(JmpMBB, JmpI.getIterator(), JmpI.getDebugLoc(), CondReg); // Rewrite the jump to use the !ZF flag from the test, and kill its use of // flags afterward. JmpI.getOperand(1).setImm(Inverted ? X86::COND_E : X86::COND_NE); JmpI.findRegisterUseOperand(X86::EFLAGS)->setIsKill(true); LLVM_DEBUG(dbgs() << " fixed jCC: "; JmpI.dump()); } void X86FlagsCopyLoweringPass::rewriteCopy(MachineInstr &MI, MachineOperand &FlagUse, MachineInstr &CopyDefI) { // Just replace this copy with the original copy def. MRI->replaceRegWith(MI.getOperand(0).getReg(), CopyDefI.getOperand(0).getReg()); MI.eraseFromParent(); } void X86FlagsCopyLoweringPass::rewriteSetCC(MachineBasicBlock &TestMBB, MachineBasicBlock::iterator TestPos, const DebugLoc &TestLoc, MachineInstr &SetCCI, MachineOperand &FlagUse, CondRegArray &CondRegs) { X86::CondCode Cond = X86::getCondFromSETCC(SetCCI); // Note that we can't usefully rewrite this to the inverse without complex // analysis of the users of the setCC. Largely we rely on duplicates which // could have been avoided already being avoided here. unsigned &CondReg = CondRegs[Cond]; if (!CondReg) CondReg = promoteCondToReg(TestMBB, TestPos, TestLoc, Cond); // Rewriting a register def is trivial: we just replace the register and // remove the setcc. if (!SetCCI.mayStore()) { assert(SetCCI.getOperand(0).isReg() && "Cannot have a non-register defined operand to SETcc!"); MRI->replaceRegWith(SetCCI.getOperand(0).getReg(), CondReg); SetCCI.eraseFromParent(); return; } // Otherwise, we need to emit a store. auto MIB = BuildMI(*SetCCI.getParent(), SetCCI.getIterator(), SetCCI.getDebugLoc(), TII->get(X86::MOV8mr)); // Copy the address operands. for (int i = 0; i < X86::AddrNumOperands; ++i) MIB.add(SetCCI.getOperand(i)); MIB.addReg(CondReg); MIB.setMemRefs(SetCCI.memoperands()); SetCCI.eraseFromParent(); }