mirror of
https://github.com/RPCS3/llvm-mirror.git
synced 2024-10-26 06:22:56 +02:00
c56daa1083
Remove implicit ilist iterator conversions from LLVMAnalysis.
I came across something really scary in `llvm::isKnownNotFullPoison()`
which relied on `Instruction::getNextNode()` being completely broken
(not surprising, but scary nevertheless). This function is documented
(and coded to) return `nullptr` when it gets to the sentinel, but with
an `ilist_half_node` as a sentinel, the sentinel check looks into some
other memory and we don't recognize we've hit the end.
Rooting out these scary cases is the reason I'm removing the implicit
conversions before doing anything else with `ilist`; I'm not at all
surprised that clients rely on badness.
I found another scary case -- this time, not relying on badness, just
bad (but I guess getting lucky so far) -- in
`ObjectSizeOffsetEvaluator::compute_()`. Here, we save out the
insertion point, do some things, and then restore it. Previously, we
let the iterator auto-convert to `Instruction*`, and then set it back
using the `Instruction*` version:
Instruction *PrevInsertPoint = Builder.GetInsertPoint();
/* Logic that may change insert point */
if (PrevInsertPoint)
Builder.SetInsertPoint(PrevInsertPoint);
The check for `PrevInsertPoint` doesn't protect correctly against bad
accesses. If the insertion point has been set to the end of a basic
block (i.e., `SetInsertPoint(SomeBB)`), then `GetInsertPoint()` returns
an iterator pointing at the list sentinel. The version of
`SetInsertPoint()` that's getting called will then call
`PrevInsertPoint->getParent()`, which explodes horribly. The only
reason this hasn't blown up is that it's fairly unlikely the builder is
adding to the end of the block; usually, we're adding instructions
somewhere before the terminator.
llvm-svn: 249925
|
||
|---|---|---|
| .. | ||
| AliasAnalysis.cpp | ||
| AliasAnalysisEvaluator.cpp | ||
| AliasSetTracker.cpp | ||
| Analysis.cpp | ||
| AssumptionCache.cpp | ||
| BasicAliasAnalysis.cpp | ||
| BlockFrequencyInfo.cpp | ||
| BlockFrequencyInfoImpl.cpp | ||
| BranchProbabilityInfo.cpp | ||
| CallGraph.cpp | ||
| CallGraphSCCPass.cpp | ||
| CallPrinter.cpp | ||
| CaptureTracking.cpp | ||
| CFG.cpp | ||
| CFGPrinter.cpp | ||
| CFLAliasAnalysis.cpp | ||
| CGSCCPassManager.cpp | ||
| CMakeLists.txt | ||
| CodeMetrics.cpp | ||
| ConstantFolding.cpp | ||
| CostModel.cpp | ||
| Delinearization.cpp | ||
| DemandedBits.cpp | ||
| DependenceAnalysis.cpp | ||
| DivergenceAnalysis.cpp | ||
| DominanceFrontier.cpp | ||
| DomPrinter.cpp | ||
| GlobalsModRef.cpp | ||
| InlineCost.cpp | ||
| InstCount.cpp | ||
| InstructionSimplify.cpp | ||
| Interval.cpp | ||
| IntervalPartition.cpp | ||
| IteratedDominanceFrontier.cpp | ||
| IVUsers.cpp | ||
| LazyCallGraph.cpp | ||
| LazyValueInfo.cpp | ||
| LibCallSemantics.cpp | ||
| Lint.cpp | ||
| LLVMBuild.txt | ||
| Loads.cpp | ||
| LoopAccessAnalysis.cpp | ||
| LoopInfo.cpp | ||
| LoopPass.cpp | ||
| Makefile | ||
| MemDepPrinter.cpp | ||
| MemDerefPrinter.cpp | ||
| MemoryBuiltins.cpp | ||
| MemoryDependenceAnalysis.cpp | ||
| MemoryLocation.cpp | ||
| ModuleDebugInfoPrinter.cpp | ||
| ObjCARCAliasAnalysis.cpp | ||
| ObjCARCAnalysisUtils.cpp | ||
| ObjCARCInstKind.cpp | ||
| OrderedBasicBlock.cpp | ||
| PHITransAddr.cpp | ||
| PostDominators.cpp | ||
| PtrUseVisitor.cpp | ||
| README.txt | ||
| RegionInfo.cpp | ||
| RegionPass.cpp | ||
| RegionPrinter.cpp | ||
| ScalarEvolution.cpp | ||
| ScalarEvolutionAliasAnalysis.cpp | ||
| ScalarEvolutionExpander.cpp | ||
| ScalarEvolutionNormalization.cpp | ||
| ScopedNoAliasAA.cpp | ||
| SparsePropagation.cpp | ||
| StratifiedSets.h | ||
| TargetLibraryInfo.cpp | ||
| TargetTransformInfo.cpp | ||
| Trace.cpp | ||
| TypeBasedAliasAnalysis.cpp | ||
| ValueTracking.cpp | ||
| VectorUtils.cpp | ||
Analysis Opportunities:
//===---------------------------------------------------------------------===//
In test/Transforms/LoopStrengthReduce/quadradic-exit-value.ll, the
ScalarEvolution expression for %r is this:
{1,+,3,+,2}<loop>
Outside the loop, this could be evaluated simply as (%n * %n), however
ScalarEvolution currently evaluates it as
(-2 + (2 * (trunc i65 (((zext i64 (-2 + %n) to i65) * (zext i64 (-1 + %n) to i65)) /u 2) to i64)) + (3 * %n))
In addition to being much more complicated, it involves i65 arithmetic,
which is very inefficient when expanded into code.
//===---------------------------------------------------------------------===//
In formatValue in test/CodeGen/X86/lsr-delayed-fold.ll,
ScalarEvolution is forming this expression:
((trunc i64 (-1 * %arg5) to i32) + (trunc i64 %arg5 to i32) + (-1 * (trunc i64 undef to i32)))
This could be folded to
(-1 * (trunc i64 undef to i32))
//===---------------------------------------------------------------------===//