shylie/llvm-project
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
llvm-project/llvm/test/Transforms/InstCombine/malloc-free.ll
Nikita Popov 92c55a315e
[IR] Only allow lifetime.start/end on allocas (#149310) 
lifetime.start and lifetime.end are primarily intended for use on
allocas, to enable stack coloring and other liveness optimizations. This
is necessary because all (static) allocas are hoisted into the entry
block, so lifetime markers are the only way to convey the actual
lifetimes.

However, lifetime.start and lifetime.end are currently *allowed* to be
used on non-alloca pointers. We don't actually do this in practice, but
just the mere fact that this is possible breaks the core purpose of the
lifetime markers, which is stack coloring of allocas. Stack coloring can
only work correctly if all lifetime markers for an alloca are
analyzable.

* If a lifetime marker may operate on multiple allocas via a select/phi,
we don't know which lifetime actually starts/ends and handle it
incorrectly (https://github.com/llvm/llvm-project/issues/104776).
* Stack coloring operates on the assumption that all lifetime markers
are visible, and not, for example, hidden behind a function call or
escaped pointer. It's not possible to change this, as part of the
purpose of lifetime markers is that they work even in the presence of
escaped pointers, where simple use analysis is insufficient.

I don't think there is any way to have coherent semantics for lifetime
markers on allocas, while also permitting them on arbitrary pointer
values.

This PR restricts lifetimes to operate on allocas only. As a followup, I
will also drop the size argument, which is superfluous if we always
operate on an alloca. (This change also renders various code handling
lifetime markers on non-alloca dead. I plan to clean up that kind of
code after dropping the size argument as well.)

In practice, I've only found a few places that currently produce
lifetimes on non-allocas:

* CoroEarly replaces the promise alloca with the result of an intrinsic,
which will later be replaced back with an alloca. I think this is the
only place where there is some legitimate loss of functionality, but I
don't think this is particularly important (I don't think we'd expect
the promise in a coroutine to admit useful lifetime optimization.)
* SafeStack moves unsafe allocas onto a separate frame. We can safely
drop lifetimes here, as SafeStack performs its own stack coloring.
* Similar for AddressSanitizer, it also moves allocas into separate
memory.
* LSR sometimes replaces the lifetime argument with a GEP chain of the
alloca (where the offsets ultimately cancel out). This is just
unnecessary. (Fixed separately in
https://github.com/llvm/llvm-project/pull/149492.)
* InferAddrSpaces sometimes makes lifetimes operate on an addrspacecast
of an alloca. I don't think this is necessary.
2025-07-21 15:04:50 +02:00

337 lines
12 KiB
LLVM
Raw Blame History

; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
; RUN: opt < %s -passes=instcombine -S | FileCheck %s
; PR1201
target datalayout = "p:32:32:32"
define i32 @main(i32 %argc, ptr %argv) {
; CHECK-LABEL: @main(
; CHECK-NEXT: ret i32 0
;
%c_19 = alloca ptr
%mul = mul i32 ptrtoint (ptr getelementptr (i8, ptr null, i32 1) to i32), 10
%malloc_206 = tail call ptr @malloc(i32 %mul)
store ptr %malloc_206, ptr %c_19
%tmp_207 = load ptr, ptr %c_19
tail call void @free(ptr %tmp_207)
ret i32 0
}
define i32 @dead_aligned_alloc(i32 %size, i32 %alignment, i8 %value) {
; CHECK-LABEL: @dead_aligned_alloc(
; CHECK-NEXT: ret i32 0
;
%aligned_allocation = tail call ptr @aligned_alloc(i32 %alignment, i32 %size)
store i8 %value, ptr %aligned_allocation
tail call void @free(ptr %aligned_allocation)
ret i32 0
}
define i1 @aligned_alloc_only_pointe(i32 %size, i32 %alignment, i8 %value) {
; CHECK-LABEL: @aligned_alloc_only_pointe(
; CHECK-NEXT: [[ALIGNED_ALLOCATION:%.*]] = tail call ptr @aligned_alloc(i32 [[ALIGNMENT:%.*]], i32 [[SIZE:%.*]])
; CHECK-NEXT: [[CMP:%.*]] = icmp ne ptr [[ALIGNED_ALLOCATION]], null
; CHECK-NEXT: ret i1 [[CMP]]
;
%aligned_allocation = tail call ptr @aligned_alloc(i32 %alignment, i32 %size)
%cmp = icmp ne ptr %aligned_allocation, null
ret i1 %cmp
}
define i1 @aligned_alloc_pointer_only_used_by_cmp_alignment_and_value_known_ok(i32 %size, i32 %alignment, i8 %value) {
; CHECK-LABEL: @aligned_alloc_pointer_only_used_by_cmp_alignment_and_value_known_ok(
; CHECK-NEXT: ret i1 true
;
%aligned_allocation = tail call ptr @aligned_alloc(i32 8, i32 32)
%cmp = icmp ne ptr %aligned_allocation, null
ret i1 %cmp
}
define i1 @aligned_alloc_pointer_only_used_by_cmp_alignment_no_power_of_2(i32 %size, i32 %alignment, i8 %value) {
; CHECK-LABEL: @aligned_alloc_pointer_only_used_by_cmp_alignment_no_power_of_2(
; CHECK-NEXT: [[ALIGNED_ALLOCATION:%.*]] = tail call dereferenceable_or_null(32) ptr @aligned_alloc(i32 3, i32 32)
; CHECK-NEXT: [[CMP:%.*]] = icmp ne ptr [[ALIGNED_ALLOCATION]], null
; CHECK-NEXT: ret i1 [[CMP]]
;
%aligned_allocation = tail call ptr @aligned_alloc(i32 3, i32 32)
%cmp = icmp ne ptr %aligned_allocation, null
ret i1 %cmp
}
define i1 @aligned_alloc_pointer_only_used_by_cmp_size_not_multiple_of_alignment(i32 %size, i32 %alignment, i8 %value) {
; CHECK-LABEL: @aligned_alloc_pointer_only_used_by_cmp_size_not_multiple_of_alignment(
; CHECK-NEXT: [[ALIGNED_ALLOCATION:%.*]] = tail call dereferenceable_or_null(31) ptr @aligned_alloc(i32 8, i32 31)
; CHECK-NEXT: [[CMP:%.*]] = icmp ne ptr [[ALIGNED_ALLOCATION]], null
; CHECK-NEXT: ret i1 [[CMP]]
;
%aligned_allocation = tail call ptr @aligned_alloc(i32 8, i32 31)
%cmp = icmp ne ptr %aligned_allocation, null
ret i1 %cmp
}
; This test uses a aligned allocation function different to @aligned_alloc,
; and should be treated as having @aligned_alloc's constraints on alignment
; and size operands.
define i1 @other_aligned_allocation_function(i32 %size, i32 %alignment, i8 %value) {
; CHECK-LABEL: @other_aligned_allocation_function(
; CHECK-NEXT: ret i1 true
;
%aligned_allocation = tail call ptr @other_aligned_alloc(i32 %alignment, i32 %size)
%cmp = icmp ne ptr %aligned_allocation, null
ret i1 %cmp
}
declare noalias ptr @calloc(i32, i32) nounwind allockind("alloc,zeroed") allocsize(0,1) "alloc-family"="malloc"
declare noalias ptr @malloc(i32) allockind("alloc,uninitialized") allocsize(0) "alloc-family"="malloc"
declare noalias ptr @aligned_alloc(i32, i32) allockind("alloc,uninitialized,aligned") allocsize(1) "alloc-family"="malloc"
declare noalias ptr @other_aligned_alloc(i32, i32) allockind("alloc,uninitialized,aligned") allocsize(1) "alloc-family"="malloc"
declare void @free(ptr) allockind("free") "alloc-family"="malloc"
define i1 @foo() {
; CHECK-LABEL: @foo(
; CHECK-NEXT: ret i1 false
;
%m = call ptr @malloc(i32 1)
%z = icmp eq ptr %m, null
call void @free(ptr %m)
ret i1 %z
}
declare void @llvm.lifetime.start.p0(i64, ptr)
declare void @llvm.lifetime.end.p0(i64, ptr)
declare i64 @llvm.objectsize.i64(ptr, i1)
declare void @llvm.memcpy.p0.p0.i32(ptr nocapture, ptr nocapture, i32, i1) nounwind
declare void @llvm.memmove.p0.p0.i32(ptr nocapture, ptr nocapture, i32, i1) nounwind
declare void @llvm.memset.p0.i32(ptr, i8, i32, i1) nounwind
define void @test3(ptr %src) {
; CHECK-LABEL: @test3(
; CHECK-NEXT: ret void
;
%a = call noalias ptr @malloc(i32 10)
%size = call i64 @llvm.objectsize.i64(ptr %a, i1 true)
store i8 42, ptr %a
call void @llvm.memcpy.p0.p0.i32(ptr %a, ptr %src, i32 32, i1 false)
call void @llvm.memmove.p0.p0.i32(ptr %a, ptr %src, i32 32, i1 false)
call void @llvm.memset.p0.i32(ptr %a, i8 5, i32 32, i1 false)
%alloc2 = call noalias ptr @calloc(i32 5, i32 7) nounwind
%z = icmp ne ptr %alloc2, null
ret void
}
;; This used to crash.
define void @test4() {
; CHECK-LABEL: @test4(
; CHECK-NEXT: ret void
;
%A = call ptr @malloc(i32 16000)
call void @free(ptr %A)
ret void
}
define void @test5(ptr %ptr, ptr %esc) {
; CHECK-LABEL: @test5(
; CHECK-NEXT: [[C:%.*]] = call dereferenceable_or_null(700) ptr @malloc(i32 700)
; CHECK-NEXT: [[D:%.*]] = call dereferenceable_or_null(700) ptr @malloc(i32 700)
; CHECK-NEXT: [[E:%.*]] = call dereferenceable_or_null(700) ptr @malloc(i32 700)
; CHECK-NEXT: [[F:%.*]] = call dereferenceable_or_null(700) ptr @malloc(i32 700)
; CHECK-NEXT: [[G:%.*]] = call dereferenceable_or_null(700) ptr @malloc(i32 700)
; CHECK-NEXT: store ptr [[C]], ptr [[ESC:%.*]], align 4
; CHECK-NEXT: call void @llvm.memcpy.p0.p0.i32(ptr [[D]], ptr [[PTR:%.*]], i32 32, i1 true)
; CHECK-NEXT: call void @llvm.memmove.p0.p0.i32(ptr [[E]], ptr [[PTR]], i32 32, i1 true)
; CHECK-NEXT: call void @llvm.memset.p0.i32(ptr [[F]], i8 5, i32 32, i1 true)
; CHECK-NEXT: store volatile i8 4, ptr [[G]], align 1
; CHECK-NEXT: ret void
;
%a = call ptr @malloc(i32 700)
%b = call ptr @malloc(i32 700)
%c = call ptr @malloc(i32 700)
%d = call ptr @malloc(i32 700)
%e = call ptr @malloc(i32 700)
%f = call ptr @malloc(i32 700)
%g = call ptr @malloc(i32 700)
call void @llvm.memcpy.p0.p0.i32(ptr %ptr, ptr %a, i32 32, i1 false)
call void @llvm.memmove.p0.p0.i32(ptr %ptr, ptr %b, i32 32, i1 false)
store ptr %c, ptr %esc
call void @llvm.memcpy.p0.p0.i32(ptr %d, ptr %ptr, i32 32, i1 true)
call void @llvm.memmove.p0.p0.i32(ptr %e, ptr %ptr, i32 32, i1 true)
call void @llvm.memset.p0.i32(ptr %f, i8 5, i32 32, i1 true)
store volatile i8 4, ptr %g
ret void
}
;; When a basic block contains only a call to free and this block is accessed
;; through a test of the argument of free against null, move the call in the
;; predecessor block.
;; Using simplifycfg will remove the empty basic block and the branch operation
;; Then, performing a dead elimination will remove the comparison.
;; This is what happens with -O1 and upper.
define void @test6(ptr %foo) minsize {
; CHECK-LABEL: @test6(
; CHECK-NEXT: entry:
; CHECK-NEXT: [[TOBOOL:%.*]] = icmp eq ptr [[FOO:%.*]], null
; CHECK-NEXT: tail call void @free(ptr [[FOO]])
; CHECK-NEXT: br i1 [[TOBOOL]], label [[IF_END:%.*]], label [[IF_THEN:%.*]]
; CHECK: if.then:
; CHECK-NEXT: br label [[IF_END]]
; CHECK: if.end:
; CHECK-NEXT: ret void
;
;; Call to free moved
;; Block is now empty and may be simplified by simplifycfg
entry:
%tobool = icmp eq ptr %foo, null
br i1 %tobool, label %if.end, label %if.then
if.then: ; preds = %entry
tail call void @free(ptr %foo)
br label %if.end
if.end: ; preds = %entry, %if.then
ret void
}
;; Check that the optimization that moves a call to free in its predecessor
;; block (see test6) also happens when noop casts are involved.
define void @test12(ptr %foo) minsize {
; CHECK-LABEL: @test12(
; CHECK-NEXT: entry:
; CHECK-NEXT: [[TOBOOL:%.*]] = icmp eq ptr [[FOO:%.*]], null
; CHECK-NEXT: tail call void @free(ptr [[FOO]])
; CHECK-NEXT: br i1 [[TOBOOL]], label [[IF_END:%.*]], label [[IF_THEN:%.*]]
; CHECK: if.then:
; CHECK-NEXT: br label [[IF_END]]
; CHECK: if.end:
; CHECK-NEXT: ret void
;
;; Everything before the call to free should have been moved as well.
;; Call to free moved
;; Block is now empty and may be simplified by simplifycfg
entry:
%tobool = icmp eq ptr %foo, null
br i1 %tobool, label %if.end, label %if.then
if.then: ; preds = %entry
tail call void @free(ptr %foo)
br label %if.end
if.end: ; preds = %entry, %if.then
ret void
}
;; Test that nonnull-implying attributes on the parameter are adjusted when the
;; call is moved, since they may no longer be valid and result in miscompiles if
;; kept unchanged.
define void @test_nonnull_free_move(ptr %foo) minsize {
; CHECK-LABEL: @test_nonnull_free_move(
; CHECK-NEXT: entry:
; CHECK-NEXT: [[TOBOOL:%.*]] = icmp eq ptr [[FOO:%.*]], null
; CHECK-NEXT: tail call void @free(ptr [[FOO]])
; CHECK-NEXT: br i1 [[TOBOOL]], label [[IF_END:%.*]], label [[IF_THEN:%.*]]
; CHECK: if.then:
; CHECK-NEXT: br label [[IF_END]]
; CHECK: if.end:
; CHECK-NEXT: ret void
;
entry:
%tobool = icmp eq ptr %foo, null
br i1 %tobool, label %if.end, label %if.then
if.then: ; preds = %entry
tail call void @free(ptr nonnull %foo)
br label %if.end
if.end: ; preds = %entry, %if.then
ret void
}
define void @test_dereferenceable_free_move(ptr %foo) minsize {
; CHECK-LABEL: @test_dereferenceable_free_move(
; CHECK-NEXT: entry:
; CHECK-NEXT: [[TOBOOL:%.*]] = icmp eq ptr [[FOO:%.*]], null
; CHECK-NEXT: tail call void @free(ptr dereferenceable_or_null(4) [[FOO]])
; CHECK-NEXT: br i1 [[TOBOOL]], label [[IF_END:%.*]], label [[IF_THEN:%.*]]
; CHECK: if.then:
; CHECK-NEXT: br label [[IF_END]]
; CHECK: if.end:
; CHECK-NEXT: ret void
;
entry:
%tobool = icmp eq ptr %foo, null
br i1 %tobool, label %if.end, label %if.then
if.then: ; preds = %entry
tail call void @free(ptr dereferenceable(4) %foo)
br label %if.end
if.end: ; preds = %entry, %if.then
ret void
}
define void @test_nonnull_dereferenceable_free_move(ptr %foo) minsize {
; CHECK-LABEL: @test_nonnull_dereferenceable_free_move(
; CHECK-NEXT: entry:
; CHECK-NEXT: [[TOBOOL:%.*]] = icmp eq ptr [[FOO:%.*]], null
; CHECK-NEXT: tail call void @free(ptr dereferenceable_or_null(16) [[FOO]])
; CHECK-NEXT: br i1 [[TOBOOL]], label [[IF_END:%.*]], label [[IF_THEN:%.*]]
; CHECK: if.then:
; CHECK-NEXT: br label [[IF_END]]
; CHECK: if.end:
; CHECK-NEXT: ret void
;
entry:
%tobool = icmp eq ptr %foo, null
br i1 %tobool, label %if.end, label %if.then
if.then: ; preds = %entry
tail call void @free(ptr nonnull dereferenceable(16) %foo)
br label %if.end
if.end: ; preds = %entry, %if.then
ret void
}
; The next four tests cover the semantics of the nofree attributes. These
; are thought to be legal transforms, but an implementation thereof has
; been reverted once due to difficult to isolate fallout.
; TODO: Freeing a no-free pointer -> %foo must be null
define void @test13(ptr nofree %foo) {
; CHECK-LABEL: @test13(
; CHECK-NEXT: call void @free(ptr [[FOO:%.*]])
; CHECK-NEXT: ret void
;
call void @free(ptr %foo)
ret void
}
; TODO: Freeing a no-free pointer -> %foo must be null
define void @test14(ptr %foo) nofree {
; CHECK-LABEL: @test14(
; CHECK-NEXT: call void @free(ptr [[FOO:%.*]])
; CHECK-NEXT: ret void
;
call void @free(ptr %foo)
ret void
}
; TODO: free call marked no-free -> %foo must be null
define void @test15(ptr %foo) {
; CHECK-LABEL: @test15(
; CHECK-NEXT: call void @free(ptr [[FOO:%.*]]) #[[ATTR8:[0-9]+]]
; CHECK-NEXT: ret void
;
call void @free(ptr %foo) nofree
ret void
}
; TODO: freeing a nonnull nofree pointer -> full UB
define void @test16(ptr nonnull nofree %foo) {
; CHECK-LABEL: @test16(
; CHECK-NEXT: call void @free(ptr [[FOO:%.*]])
; CHECK-NEXT: ret void
;
call void @free(ptr %foo)
ret void
}
Reference in New Issue View Git Blame Copy Permalink