<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">Hi Daniel,</div><div class="gmail_quote"><br></div><div class="gmail_quote">2016-02-12 18:55 GMT+01:00 Daniel Berlin <span dir="ltr"><<a href="mailto:dberlin@dberlin.org" target="_blank">dberlin@dberlin.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Hey Paul,<div><br></div><div class="gmail_extra"><br><div class="gmail_quote"><span>On Fri, Feb 12, 2016 at 3:21 AM, Paul Peet <span dir="ltr"><<a href="mailto:paulpeet17@gmail.com" target="_blank">paulpeet17@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">Hi again,</div><div class="gmail_quote"><br></div><div class="gmail_quote">So I finally gave up on trying to get through the converting (x86' push pop mov add) because it deals a lot with crazy pointer arithmetics and sonce inttoptr and ptrtoint doesn't provide any alias analysis information.</div><div class="gmail_quote">Daniel, you said it doesn't make much sense to provide it but in my cases it is actually very much needed, you didn't say it wasn't possible to provide it but it is possible right?</div></div></div></blockquote><div><br></div></span><div>Not in the general case, no.</div><div>(pardon the pseudocode)</div><div><br></div><div>void foo(struct foo *a)<br></div><div>{</div><div>c = ptrtoint (a)</div><div>c += 10</div><div>newptr = inttoptr(c)</div><div>}</div><div><br></div><div>Where does newptr point? Somewhere in a? To a field? </div><div><br></div><div>Well, you could try to do the analysis and do the math, but the amount of calculation you are going to try to statically evaluate is unbounded (and you can't statically evaluate all of it).</div><div>If you want to play this game, you need a good range analysis.</div><div>A friend of mine published a good paper on this that will appear in CGO 2016:<br><a href="http://homepages.dcc.ufmg.br/~fernando/publications/papers/CGO16_paisante.pdf" target="_blank">http://homepages.dcc.ufmg.br/~fernando/publications/papers/CGO16_paisante.pdf</a></div><div> </div></div></div></div></blockquote><div><br></div><div>First of all thank you for that paper, I quickly skimmed the paper and well, I wasn't sure if it's "the" approach to deal with the issues I have because it's about estimating bounds for memory access and I have no idea how this would help. Or it's just me not actually understanding the alias analysis.</div><div>I don't quite understand why I need bounds for the kind of optimization I "want".</div><div><br></div><div>Because when translating x86 mov/push/pop/add instruction to similar LLVM IR (preserving the semantics) you **need** pointer arithmetics and there are no "bounds" (In terms of preserving the semantics that if an invalid memory would occur).</div><div><br></div><div>Let me actually show you an example, how I would imagine an optimization for doing these kinds of things:</div><div><br></div><div>Let's say we have these x86 instructions:</div><div><br></div><div>push ecx</div><div>push ecx</div><div>xchg esp, ecx</div><div>mov [ecx + 4], ebx</div><div>mov [ecx], eax</div><div>xchg esp, ecx<br></div><div>pop ebx</div><div>pop eax</div><div><br></div><div><br></div><div>My translator would emit something like this:<br></div><div><br></div><div><div>define { i32, i32, i32, i32 } @Unit01(i32 %eax, i32 %ebx, i32 %ecx, i32 %esp) {</div><div> ; push ecx</div><div> %esp_1 = sub i32 %esp, 4</div><div> %esp_ptr1 = inttoptr i32 %esp_1 to i32*</div><div> store i32 %ecx, i32* %esp_ptr1, align 4</div><div><br></div><div> ; push ecx</div><div> %esp_2 = sub i32 %esp_1, 4</div><div> %esp_ptr2 = inttoptr i32 %esp_2 to i32*</div><div> store i32 %ecx, i32* %esp_ptr2, align 4</div><div><br></div><div> ; xchg ecx, esp - This should be eliminated as it is tracked by the</div><div> ; Translator</div><div> %esp_3 = bitcast i32 %ecx to i32</div><div> %ecx_1 = bitcast i32 %esp_2 to i32</div><div><br></div><div> ; mov [ecx + 4], ebx</div><div> %mov_tmp1 = add i32 %ecx_1, 4</div><div> %mov_ptr1 = inttoptr i32 %mov_tmp1 to i32*</div><div> store i32 %ebx, i32* %mov_ptr1, align 4</div><div><br></div><div> ; mov [ecx], eax</div><div> %mov_ptr2 = inttoptr i32 %ecx_1 to i32*</div><div> store i32 %eax, i32* %mov_ptr2, align 4</div><div><br></div><div> %esp_4 = bitcast i32 %ecx_1 to i32</div><div> %ecx_2 = bitcast i32 %esp_3 to i32</div><div><br></div><div> ; pop ebx</div><div> %pop_ptr1 = inttoptr i32 %esp_4 to i32*</div><div> %ebx_1 = load i32, i32* %pop_ptr1, align 4</div><div> %esp_5 = add i32 esp_4, 4</div><div><br></div><div> ; pop eax</div><div> %pop_ptr2 = inttoptr i32 %esp_5 to i32*</div><div> %eax_1 = load i32, i32* %pop_ptr2, align 4</div><div> %esp_6 = add i32 esp_5, 4</div><div> </div><div> ; Construct return object containing register values</div><div> ; %eax_1, %ebx_1, %, %ecx_2, %esp_6</div><div>}</div></div><div><br></div><div>I could change the types (reg i32 types) to i8* so I could convert every arithmetic operation to geps but I wouldn't be able to do other operations rather than add/sub.</div><div><br></div><div>I could only give esp and ebp, i8* types so I can still do arithmetic on other registers but that would be limited because what if I use xchg and swap eax and esp? (I kinda would still need inttoptr/ptrtoint).</div><div><br></div><div>So there is only one option left, using i32 for every register.</div><div><br></div><div>My idea is to build symbolic expression for every store/load and treat inttoptr/ptrtoint as noop instruction as if they were arithmetic expression. These expressions would be store in a set. Then these expressions can be simplified (eg. constant propagation) and then finally compared when store/loads occur. If a store and load points to the same symbolic expression, then they would point to the same memory location.</div><div><br></div><div>Example (for the llvm ir above):</div><div><br></div><div><div>; push eax</div><div>(1) Mem( ptr( (%esp - 4), i32) ) = %eax</div><div><br></div><div>; push eax</div><div>Mem( ptr( ((%esp - 4) - 4), i32) ) = %eax</div><div>=> ; Optimization</div><div>(2) Mem( ptr((%esp - 8), i32) ) = %eax</div><div><br></div><div>; mov [ecx + 4], ebx</div><div>Mem( ptr( (((%esp - 4) - 4) + 4), i32) ) = %ebx</div><div>=> ; Optimization</div><div>(3) Mem( ptr( (%esp - 4), i32) ) = %ebx</div><div><br></div><div>; mov [ecx], eax</div><div>Mem( ptr( ((%esp - 4) - 4), i32) ) = %ebx</div><div>=> ; Optimization</div><div>(4) Mem( ptr( (%esp - 8), i32) ) = %eax</div><div><br></div><div>; pop ebx</div><div>%ebx_1 = Mem( ptr( ((%esp - 4) - 4), i32 ) )</div><div>=> ; Optimization</div><div>(5) %ebx_1 = Mem( ptr( (%esp - 8), i32 ) )</div><div><br></div><div>; pop eax</div><div>%eax_1 = Mem( ptr( (((%esp - 4) - 4) + 4), i32 ) )</div><div>=> ; Optimization</div><div>(6) %eax_1 = Mem( ptr( (%esp - 4), i32 ) )</div><div><br></div></div><div>(5) LHS can be replaced with %eax because (5) and (4) have the same symbolic expression. The same for (3) and (6).</div><div><br></div><div>This is a very trivial approach and has a lots of flaws but to go back to the issue you mentioned.</div><div>I am not sure how I should understand the bounds? </div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>You could try to do something like that to calculate the bounds of newptr and use that in alias analysis.</div><div><br></div><div><div><br>void foo(struct foo *a)<br></div><div>{</div><div>newptr = gep (a, 10)</div><div>}</div></div><div><br></div><div>Here, where newptr goes is very well defined. If it was outside the object, it's undefined, if it's inside the object, we have a type from the gep, and we can tell which field it's accessing.</div><span><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"> Could you guide me through where I should look to implement such analysis? Would it be complex/non-trivial to implement such thing?</div><div class="gmail_quote"><br></div></div></div></blockquote><div><br></div></span><div>I honestly don't have a ton of time to help with this. I would look at things like CFL-AA and SCEV-AA, and the AA interface in general. You are going to have to implement the AAResult interface and provide results that way.</div><div>But overall, i wouldn't do this.</div><div>It's complex and non-trivial in all but the absolute most basic cases.<br></div><div><div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"></div><div class="gmail_quote"><span>2016-02-10 21:24 GMT+01:00 Daniel Berlin <span dir="ltr"><<a href="mailto:dberlin@dberlin.org" target="_blank">dberlin@dberlin.org</a>></span>:<br></span><div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Wed, Feb 10, 2016 at 12:18 PM, Paul Peet via llvm-dev <span dir="ltr"><<a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Thank you for the hint.<div><br></div><div>I adjusted the code and it works:</div><div><br></div><div>The code after replacing inttoptr with getelementptr:</div><div><br></div><div><div>define { i32, i32, i8* } @test(i32 %foo, i32 %bar, i8* %sp) {</div><div>entry:</div><span><div> ; push foo (On "stack")</div></span><div> %sp_1 = getelementptr i8, i8* %sp, i32 -4</div><div> %sp_1_ptr = bitcast i8* %sp_1 to i32*</div><span><div> store i32 %foo, i32* %sp_1_ptr, align 4</div><div><br></div><div> ; push bar</div></span><div> %sp_2 = getelementptr i8, i8* %sp_1, i32 -4</div><div> %sp_2_ptr = bitcast i8* %sp_2 to i32*</div><span><div> store i32 %bar, i32* %sp_2_ptr, align 4</div><div><br></div><div> ; val1 = pop (val1 = bar)</div></span><div> %sp_3_ptr = bitcast i8* %sp_2 to i32*</div><span><div> %val1 = load i32, i32* %sp_3_ptr, align 4</div></span><div> %sp_3 = getelementptr i8, i8* %sp_2, i32 4</div><span><div><br></div><div> ; val2 = pop (val2 = foo)</div></span><div> %sp_4_ptr = bitcast i8* %sp_3 to i32*</div><span><div> %val2 = load i32, i32* %sp_4_ptr, align 4</div></span><div> %sp_4 = getelementptr i8, i8* %sp_3, i32 4</div><div><br></div><div> %ret_1 = insertvalue { i32, i32, i8* } undef, i32 %val1, 0</div><div> %ret_2 = insertvalue { i32, i32, i8* } %ret_1, i32 %val2, 1</div><div> %ret_3 = insertvalue { i32, i32, i8* } %ret_2, i8* %sp_4, 2</div><div><br></div><div> ret { i32, i32, i8* } %ret_3</div><div>}</div></div><div><br></div><div>After optimization ("opt -instcombine ./code.ll -S")</div><div><br></div><div><div>define { i32, i32, i8* } @test(i32 %foo, i32 %bar, i8* %sp) {</div><div>entry:</div><div> %sp_1 = getelementptr i8, i8* %sp, i64 -4</div><div> %sp_1_ptr = bitcast i8* %sp_1 to i32*</div><span><div> store i32 %foo, i32* %sp_1_ptr, align 4</div></span><div> %sp_2 = getelementptr i8, i8* %sp, i64 -8</div><div> %sp_2_ptr = bitcast i8* %sp_2 to i32*</div><span><div> store i32 %bar, i32* %sp_2_ptr, align 4</div></span><div> %ret_1 = insertvalue { i32, i32, i8* } undef, i32 %bar, 0</div><div> %ret_2 = insertvalue { i32, i32, i8* } %ret_1, i32 %foo, 1</div><div> %ret_3 = insertvalue { i32, i32, i8* } %ret_2, i8* %sp, 2</div><div> ret { i32, i32, i8* } %ret_3</div><div>}</div></div><div><br></div><div>My only questions are now:</div><div>- How is it that inttoptr cannot provide that specific alias information so it can optimize that store/load away ?</div></div></blockquote></div></div><div>Because nothing tracks what happens to the ints, and what happens when they are converted back to pointers and whether it's sane :)</div><div> <a href="http://llvm.org/docs/GetElementPtr.html#how-is-gep-different-from-ptrtoint-arithmetic-and-inttoptr" target="_blank">http://llvm.org/docs/GetElementPtr.html#how-is-gep-different-from-ptrtoint-arithmetic-and-inttoptr</a></div><span><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div>- Might it be possible to get inttoptr providing such alias analysis ?</div></div></blockquote></span><div>It doesn't make a lot of sense to try in most cases.</div><div>Most of the cases ptrtoint/inttoptr is useful are those where you want to do crazy things to the pointer.</div><span><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div>- I came across MemorySSA while browsing though the llvm source. Is it possible that one can use MemorySSA to do such optimization without alias analysis ?</div></div></blockquote><div><br></div></span><div>MemorySSA relies on alias analysis to generate the SSA form.</div><span><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div>- Where do I have to look in the source which is doing this kind of optimization (Is it instcombine which uses lib/Analysis/Loads.cpp ?)</div><div><br></div></div></blockquote></span><div>It's probably a combination of opts. The most likely candidate is -gvn, but I would look at the pass dumps after each opt </div><div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div></div><div>Regards,</div><div>Paul</div><div><br></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2016-02-10 0:26 GMT+01:00 Philip Reames <span dir="ltr"><<a href="mailto:listmail@philipreames.com" target="_blank">listmail@philipreames.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Two points:<br>
- Using inttoptr is a mistake here. GEPs are strongly preferred and
provide strictly more aliasing information to the optimizer.<br>
- The zext is a bit weird. I'm not sure where that came from, but
I'd not bother looking into until the preceding point is addressed.
<br>
<br>
In general, you may find these docs useful:<br>
<a href="http://llvm.org/docs/Frontend/PerformanceTips.html" target="_blank">http://llvm.org/docs/Frontend/PerformanceTips.html</a><br>
<br>
Philip<div><div><br>
<br>
<br>
<div>On 02/08/2016 06:54 AM, Paul Peet via
llvm-dev wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div>
<div dir="ltr">Hello,
<div><br>
</div>
<div>I am trying to emulate the "stack" as like on x86 when
using push/pop so afterwards I can use LLVM's optimizer passes
to simplify (reduce junk) the code.</div>
<div><br>
</div>
<div>The LLVM IR code:</div>
<div><br>
</div>
<div>
<div>define { i32, i32, i32 } @test(i32 %foo, i32 %bar, i32
%sp) {</div>
<div> ; push foo (On "stack")</div>
<div> %sp_1 = sub i32 %sp, 4</div>
<div> %sp_1_ptr = inttoptr i32 %sp_1 to i32*</div>
<div> store i32 %foo, i32* %sp_1_ptr, align 4</div>
<div><br>
</div>
<div> ; push bar</div>
<div> %sp_2 = sub i32 %sp_1, 4</div>
<div> %sp_2_ptr = inttoptr i32 %sp_2 to i32*</div>
<div> store i32 %bar, i32* %sp_2_ptr, align 4</div>
<div><br>
</div>
<div> ; val1 = pop (val1 = bar)</div>
<div> %sp_3_ptr = inttoptr i32 %sp_2 to i32*</div>
<div> %val1 = load i32, i32* %sp_3_ptr, align 4</div>
<div> %sp_3 = add i32 %sp_2, 4</div>
<div><br>
</div>
<div> ; val2 = pop (val2 = foo)</div>
<div> %sp_4_ptr = inttoptr i32 %sp_3 to i32*</div>
<div> %val2 = load i32, i32* %sp_4_ptr, align 4</div>
<div> %sp_4 = add i32 %sp_3, 4</div>
<div><br>
</div>
<div> %ret_1 = insertvalue { i32, i32, i32 } undef, i32
%val1, 0</div>
<div> %ret_2 = insertvalue { i32, i32, i32 } %ret_1, i32
%val2, 1</div>
<div> %ret_3 = insertvalue { i32, i32, i32 } %ret_2, i32
%sp_4, 2</div>
<div><br>
</div>
<div> ret { i32, i32, i32 } %ret_3</div>
<div>}</div>
</div>
<div><br>
</div>
<div>This code will "push" two values onto the stack and pop
them in reverse order so afterwards "foo" and "bar" will be
swapped and returned back.</div>
<div><br>
</div>
<div>After running this through "opt -O2 ./test.ll", I am
getting this:</div>
<div><br>
</div>
<div>
<div>define { i32, i32, i32 } @test(i32 %foo, i32 %bar, i32
%sp) #0 {</div>
<div> %sp_1 = add i32 %sp, -4</div>
<div> %1 = zext i32 %sp_1 to i64</div>
<div> %sp_1_ptr = inttoptr i64 %1 to i32*</div>
<div> store i32 %foo, i32* %sp_1_ptr, align 4</div>
<div> %sp_2 = add i32 %sp, -8</div>
<div> %2 = zext i32 %sp_2 to i64</div>
<div> %sp_2_ptr = inttoptr i64 %2 to i32*</div>
<div> store i32 %bar, i32* %sp_2_ptr, align 4</div>
<div> %val2 = load i32, i32* %sp_1_ptr, align 4</div>
<div> %ret_1 = insertvalue { i32, i32, i32 } undef, i32 %bar,
0 ; Swapped</div>
<div> %ret_2 = insertvalue { i32, i32, i32 } %ret_1, i32
%val2, 1; Not Swapped (Not optimized; Should be %foo)</div>
<div> %ret_3 = insertvalue { i32, i32, i32 } %ret_2, i32 %sp,
2</div>
<div> ret { i32, i32, i32 } %ret_3</div>
<div>}</div>
</div>
<div><br>
</div>
<div>As you can see that the IR has got additional code, eg.
zext. But the main problem here is that val2 hasn't been
optimized.</div>
<div>Could anyone show me some hints what is preventing the
second val from being optimized? (My guess would be the zext
because I am using %sp as a 32bit pointer although the
"target" is 64bit).</div>
<div><br>
</div>
<div>Regards,</div>
<div>Paul</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
LLVM Developers mailing list
<a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev</a>
</pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
LLVM Developers mailing list<br>
<a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev</a><br>
<br></blockquote></div></div></div><br></div></div>
</blockquote></div></div></div><br></div></div>
</blockquote></div></div></div><br></div></div>
</blockquote></div><br></div></div>