1 /*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "bounds_check_elimination.h"
18
19 #include <limits>
20
21 #include "base/scoped_arena_allocator.h"
22 #include "base/scoped_arena_containers.h"
23 #include "induction_var_range.h"
24 #include "nodes.h"
25 #include "side_effects_analysis.h"
26
27 namespace art {
28
29 class MonotonicValueRange;
30
31 /**
32 * A value bound is represented as a pair of value and constant,
33 * e.g. array.length - 1.
34 */
35 class ValueBound : public ValueObject {
36 public:
ValueBound(HInstruction * instruction,int32_t constant)37 ValueBound(HInstruction* instruction, int32_t constant) {
38 if (instruction != nullptr && instruction->IsIntConstant()) {
39 // Normalize ValueBound with constant instruction.
40 int32_t instr_const = instruction->AsIntConstant()->GetValue();
41 if (!WouldAddOverflowOrUnderflow(instr_const, constant)) {
42 instruction_ = nullptr;
43 constant_ = instr_const + constant;
44 return;
45 }
46 }
47 instruction_ = instruction;
48 constant_ = constant;
49 }
50
51 // Return whether (left + right) overflows or underflows.
WouldAddOverflowOrUnderflow(int32_t left,int32_t right)52 static bool WouldAddOverflowOrUnderflow(int32_t left, int32_t right) {
53 if (right == 0) {
54 return false;
55 }
56 if ((right > 0) && (left <= (std::numeric_limits<int32_t>::max() - right))) {
57 // No overflow.
58 return false;
59 }
60 if ((right < 0) && (left >= (std::numeric_limits<int32_t>::min() - right))) {
61 // No underflow.
62 return false;
63 }
64 return true;
65 }
66
67 // Return true if instruction can be expressed as "left_instruction + right_constant".
IsAddOrSubAConstant(HInstruction * instruction,HInstruction ** left_instruction,int32_t * right_constant)68 static bool IsAddOrSubAConstant(HInstruction* instruction,
69 /* out */ HInstruction** left_instruction,
70 /* out */ int32_t* right_constant) {
71 HInstruction* left_so_far = nullptr;
72 int32_t right_so_far = 0;
73 while (instruction->IsAdd() || instruction->IsSub()) {
74 HBinaryOperation* bin_op = instruction->AsBinaryOperation();
75 HInstruction* left = bin_op->GetLeft();
76 HInstruction* right = bin_op->GetRight();
77 if (right->IsIntConstant()) {
78 int32_t v = right->AsIntConstant()->GetValue();
79 int32_t c = instruction->IsAdd() ? v : -v;
80 if (!WouldAddOverflowOrUnderflow(right_so_far, c)) {
81 instruction = left;
82 left_so_far = left;
83 right_so_far += c;
84 continue;
85 }
86 }
87 break;
88 }
89 // Return result: either false and "null+0" or true and "instr+constant".
90 *left_instruction = left_so_far;
91 *right_constant = right_so_far;
92 return left_so_far != nullptr;
93 }
94
95 // Expresses any instruction as a value bound.
AsValueBound(HInstruction * instruction)96 static ValueBound AsValueBound(HInstruction* instruction) {
97 if (instruction->IsIntConstant()) {
98 return ValueBound(nullptr, instruction->AsIntConstant()->GetValue());
99 }
100 HInstruction *left;
101 int32_t right;
102 if (IsAddOrSubAConstant(instruction, &left, &right)) {
103 return ValueBound(left, right);
104 }
105 return ValueBound(instruction, 0);
106 }
107
108 // Try to detect useful value bound format from an instruction, e.g.
109 // a constant or array length related value.
DetectValueBoundFromValue(HInstruction * instruction,bool * found)110 static ValueBound DetectValueBoundFromValue(HInstruction* instruction, /* out */ bool* found) {
111 DCHECK(instruction != nullptr);
112 if (instruction->IsIntConstant()) {
113 *found = true;
114 return ValueBound(nullptr, instruction->AsIntConstant()->GetValue());
115 }
116
117 if (instruction->IsArrayLength()) {
118 *found = true;
119 return ValueBound(instruction, 0);
120 }
121 // Try to detect (array.length + c) format.
122 HInstruction *left;
123 int32_t right;
124 if (IsAddOrSubAConstant(instruction, &left, &right)) {
125 if (left->IsArrayLength()) {
126 *found = true;
127 return ValueBound(left, right);
128 }
129 }
130
131 // No useful bound detected.
132 *found = false;
133 return ValueBound::Max();
134 }
135
GetInstruction() const136 HInstruction* GetInstruction() const { return instruction_; }
GetConstant() const137 int32_t GetConstant() const { return constant_; }
138
IsRelatedToArrayLength() const139 bool IsRelatedToArrayLength() const {
140 // Some bounds are created with HNewArray* as the instruction instead
141 // of HArrayLength*. They are treated the same.
142 return (instruction_ != nullptr) &&
143 (instruction_->IsArrayLength() || instruction_->IsNewArray());
144 }
145
IsConstant() const146 bool IsConstant() const {
147 return instruction_ == nullptr;
148 }
149
Min()150 static ValueBound Min() { return ValueBound(nullptr, std::numeric_limits<int32_t>::min()); }
Max()151 static ValueBound Max() { return ValueBound(nullptr, std::numeric_limits<int32_t>::max()); }
152
Equals(ValueBound bound) const153 bool Equals(ValueBound bound) const {
154 return instruction_ == bound.instruction_ && constant_ == bound.constant_;
155 }
156
Equal(HInstruction * instruction1,HInstruction * instruction2)157 static bool Equal(HInstruction* instruction1, HInstruction* instruction2) {
158 if (instruction1 == instruction2) {
159 return true;
160 }
161 if (instruction1 == nullptr || instruction2 == nullptr) {
162 return false;
163 }
164 instruction1 = HuntForDeclaration(instruction1);
165 instruction2 = HuntForDeclaration(instruction2);
166 return instruction1 == instruction2;
167 }
168
169 // Returns if it's certain this->bound >= `bound`.
GreaterThanOrEqualTo(ValueBound bound) const170 bool GreaterThanOrEqualTo(ValueBound bound) const {
171 if (Equal(instruction_, bound.instruction_)) {
172 return constant_ >= bound.constant_;
173 }
174 // Not comparable. Just return false.
175 return false;
176 }
177
178 // Returns if it's certain this->bound <= `bound`.
LessThanOrEqualTo(ValueBound bound) const179 bool LessThanOrEqualTo(ValueBound bound) const {
180 if (Equal(instruction_, bound.instruction_)) {
181 return constant_ <= bound.constant_;
182 }
183 // Not comparable. Just return false.
184 return false;
185 }
186
187 // Returns if it's certain this->bound > `bound`.
GreaterThan(ValueBound bound) const188 bool GreaterThan(ValueBound bound) const {
189 if (Equal(instruction_, bound.instruction_)) {
190 return constant_ > bound.constant_;
191 }
192 // Not comparable. Just return false.
193 return false;
194 }
195
196 // Returns if it's certain this->bound < `bound`.
LessThan(ValueBound bound) const197 bool LessThan(ValueBound bound) const {
198 if (Equal(instruction_, bound.instruction_)) {
199 return constant_ < bound.constant_;
200 }
201 // Not comparable. Just return false.
202 return false;
203 }
204
205 // Try to narrow lower bound. Returns the greatest of the two if possible.
206 // Pick one if they are not comparable.
NarrowLowerBound(ValueBound bound1,ValueBound bound2)207 static ValueBound NarrowLowerBound(ValueBound bound1, ValueBound bound2) {
208 if (bound1.GreaterThanOrEqualTo(bound2)) {
209 return bound1;
210 }
211 if (bound2.GreaterThanOrEqualTo(bound1)) {
212 return bound2;
213 }
214
215 // Not comparable. Just pick one. We may lose some info, but that's ok.
216 // Favor constant as lower bound.
217 return bound1.IsConstant() ? bound1 : bound2;
218 }
219
220 // Try to narrow upper bound. Returns the lowest of the two if possible.
221 // Pick one if they are not comparable.
NarrowUpperBound(ValueBound bound1,ValueBound bound2)222 static ValueBound NarrowUpperBound(ValueBound bound1, ValueBound bound2) {
223 if (bound1.LessThanOrEqualTo(bound2)) {
224 return bound1;
225 }
226 if (bound2.LessThanOrEqualTo(bound1)) {
227 return bound2;
228 }
229
230 // Not comparable. Just pick one. We may lose some info, but that's ok.
231 // Favor array length as upper bound.
232 return bound1.IsRelatedToArrayLength() ? bound1 : bound2;
233 }
234
235 // Add a constant to a ValueBound.
236 // `overflow` or `underflow` will return whether the resulting bound may
237 // overflow or underflow an int.
Add(int32_t c,bool * overflow,bool * underflow) const238 ValueBound Add(int32_t c, /* out */ bool* overflow, /* out */ bool* underflow) const {
239 *overflow = *underflow = false;
240 if (c == 0) {
241 return *this;
242 }
243
244 int32_t new_constant;
245 if (c > 0) {
246 if (constant_ > (std::numeric_limits<int32_t>::max() - c)) {
247 *overflow = true;
248 return Max();
249 }
250
251 new_constant = constant_ + c;
252 // (array.length + non-positive-constant) won't overflow an int.
253 if (IsConstant() || (IsRelatedToArrayLength() && new_constant <= 0)) {
254 return ValueBound(instruction_, new_constant);
255 }
256 // Be conservative.
257 *overflow = true;
258 return Max();
259 } else {
260 if (constant_ < (std::numeric_limits<int32_t>::min() - c)) {
261 *underflow = true;
262 return Min();
263 }
264
265 new_constant = constant_ + c;
266 // Regardless of the value new_constant, (array.length+new_constant) will
267 // never underflow since array.length is no less than 0.
268 if (IsConstant() || IsRelatedToArrayLength()) {
269 return ValueBound(instruction_, new_constant);
270 }
271 // Be conservative.
272 *underflow = true;
273 return Min();
274 }
275 }
276
277 private:
278 HInstruction* instruction_;
279 int32_t constant_;
280 };
281
282 /**
283 * Represent a range of lower bound and upper bound, both being inclusive.
284 * Currently a ValueRange may be generated as a result of the following:
285 * comparisons related to array bounds, array bounds check, add/sub on top
286 * of an existing value range, NewArray or a loop phi corresponding to an
287 * incrementing/decrementing array index (MonotonicValueRange).
288 */
289 class ValueRange : public ArenaObject<kArenaAllocBoundsCheckElimination> {
290 public:
ValueRange(ScopedArenaAllocator * allocator,ValueBound lower,ValueBound upper)291 ValueRange(ScopedArenaAllocator* allocator, ValueBound lower, ValueBound upper)
292 : allocator_(allocator), lower_(lower), upper_(upper) {}
293
~ValueRange()294 virtual ~ValueRange() {}
295
AsMonotonicValueRange()296 virtual MonotonicValueRange* AsMonotonicValueRange() { return nullptr; }
IsMonotonicValueRange()297 bool IsMonotonicValueRange() {
298 return AsMonotonicValueRange() != nullptr;
299 }
300
GetAllocator() const301 ScopedArenaAllocator* GetAllocator() const { return allocator_; }
GetLower() const302 ValueBound GetLower() const { return lower_; }
GetUpper() const303 ValueBound GetUpper() const { return upper_; }
304
IsConstantValueRange() const305 bool IsConstantValueRange() const { return lower_.IsConstant() && upper_.IsConstant(); }
306
307 // If it's certain that this value range fits in other_range.
FitsIn(ValueRange * other_range) const308 virtual bool FitsIn(ValueRange* other_range) const {
309 if (other_range == nullptr) {
310 return true;
311 }
312 DCHECK(!other_range->IsMonotonicValueRange());
313 return lower_.GreaterThanOrEqualTo(other_range->lower_) &&
314 upper_.LessThanOrEqualTo(other_range->upper_);
315 }
316
317 // Returns the intersection of this and range.
318 // If it's not possible to do intersection because some
319 // bounds are not comparable, it's ok to pick either bound.
Narrow(ValueRange * range)320 virtual ValueRange* Narrow(ValueRange* range) {
321 if (range == nullptr) {
322 return this;
323 }
324
325 if (range->IsMonotonicValueRange()) {
326 return this;
327 }
328
329 return new (allocator_) ValueRange(
330 allocator_,
331 ValueBound::NarrowLowerBound(lower_, range->lower_),
332 ValueBound::NarrowUpperBound(upper_, range->upper_));
333 }
334
335 // Shift a range by a constant.
Add(int32_t constant) const336 ValueRange* Add(int32_t constant) const {
337 bool overflow, underflow;
338 ValueBound lower = lower_.Add(constant, &overflow, &underflow);
339 if (underflow) {
340 // Lower bound underflow will wrap around to positive values
341 // and invalidate the upper bound.
342 return nullptr;
343 }
344 ValueBound upper = upper_.Add(constant, &overflow, &underflow);
345 if (overflow) {
346 // Upper bound overflow will wrap around to negative values
347 // and invalidate the lower bound.
348 return nullptr;
349 }
350 return new (allocator_) ValueRange(allocator_, lower, upper);
351 }
352
353 private:
354 ScopedArenaAllocator* const allocator_;
355 const ValueBound lower_; // inclusive
356 const ValueBound upper_; // inclusive
357
358 DISALLOW_COPY_AND_ASSIGN(ValueRange);
359 };
360
361 /**
362 * A monotonically incrementing/decrementing value range, e.g.
363 * the variable i in "for (int i=0; i<array.length; i++)".
364 * Special care needs to be taken to account for overflow/underflow
365 * of such value ranges.
366 */
367 class MonotonicValueRange : public ValueRange {
368 public:
MonotonicValueRange(ScopedArenaAllocator * allocator,HPhi * induction_variable,HInstruction * initial,int32_t increment,ValueBound bound)369 MonotonicValueRange(ScopedArenaAllocator* allocator,
370 HPhi* induction_variable,
371 HInstruction* initial,
372 int32_t increment,
373 ValueBound bound)
374 // To be conservative, give it full range [Min(), Max()] in case it's
375 // used as a regular value range, due to possible overflow/underflow.
376 : ValueRange(allocator, ValueBound::Min(), ValueBound::Max()),
377 induction_variable_(induction_variable),
378 initial_(initial),
379 increment_(increment),
380 bound_(bound) {}
381
~MonotonicValueRange()382 virtual ~MonotonicValueRange() {}
383
GetIncrement() const384 int32_t GetIncrement() const { return increment_; }
GetBound() const385 ValueBound GetBound() const { return bound_; }
GetLoopHeader() const386 HBasicBlock* GetLoopHeader() const {
387 DCHECK(induction_variable_->GetBlock()->IsLoopHeader());
388 return induction_variable_->GetBlock();
389 }
390
AsMonotonicValueRange()391 MonotonicValueRange* AsMonotonicValueRange() override { return this; }
392
393 // If it's certain that this value range fits in other_range.
FitsIn(ValueRange * other_range) const394 bool FitsIn(ValueRange* other_range) const override {
395 if (other_range == nullptr) {
396 return true;
397 }
398 DCHECK(!other_range->IsMonotonicValueRange());
399 return false;
400 }
401
402 // Try to narrow this MonotonicValueRange given another range.
403 // Ideally it will return a normal ValueRange. But due to
404 // possible overflow/underflow, that may not be possible.
Narrow(ValueRange * range)405 ValueRange* Narrow(ValueRange* range) override {
406 if (range == nullptr) {
407 return this;
408 }
409 DCHECK(!range->IsMonotonicValueRange());
410
411 if (increment_ > 0) {
412 // Monotonically increasing.
413 ValueBound lower = ValueBound::NarrowLowerBound(bound_, range->GetLower());
414 if (!lower.IsConstant() || lower.GetConstant() == std::numeric_limits<int32_t>::min()) {
415 // Lower bound isn't useful. Leave it to deoptimization.
416 return this;
417 }
418
419 // We currently conservatively assume max array length is Max().
420 // If we can make assumptions about the max array length, e.g. due to the max heap size,
421 // divided by the element size (such as 4 bytes for each integer array), we can
422 // lower this number and rule out some possible overflows.
423 int32_t max_array_len = std::numeric_limits<int32_t>::max();
424
425 // max possible integer value of range's upper value.
426 int32_t upper = std::numeric_limits<int32_t>::max();
427 // Try to lower upper.
428 ValueBound upper_bound = range->GetUpper();
429 if (upper_bound.IsConstant()) {
430 upper = upper_bound.GetConstant();
431 } else if (upper_bound.IsRelatedToArrayLength() && upper_bound.GetConstant() <= 0) {
432 // Normal case. e.g. <= array.length - 1.
433 upper = max_array_len + upper_bound.GetConstant();
434 }
435
436 // If we can prove for the last number in sequence of initial_,
437 // initial_ + increment_, initial_ + 2 x increment_, ...
438 // that's <= upper, (last_num_in_sequence + increment_) doesn't trigger overflow,
439 // then this MonoticValueRange is narrowed to a normal value range.
440
441 // Be conservative first, assume last number in the sequence hits upper.
442 int32_t last_num_in_sequence = upper;
443 if (initial_->IsIntConstant()) {
444 int32_t initial_constant = initial_->AsIntConstant()->GetValue();
445 if (upper <= initial_constant) {
446 last_num_in_sequence = upper;
447 } else {
448 // Cast to int64_t for the substraction part to avoid int32_t overflow.
449 last_num_in_sequence = initial_constant +
450 ((int64_t)upper - (int64_t)initial_constant) / increment_ * increment_;
451 }
452 }
453 if (last_num_in_sequence <= (std::numeric_limits<int32_t>::max() - increment_)) {
454 // No overflow. The sequence will be stopped by the upper bound test as expected.
455 return new (GetAllocator()) ValueRange(GetAllocator(), lower, range->GetUpper());
456 }
457
458 // There might be overflow. Give up narrowing.
459 return this;
460 } else {
461 DCHECK_NE(increment_, 0);
462 // Monotonically decreasing.
463 ValueBound upper = ValueBound::NarrowUpperBound(bound_, range->GetUpper());
464 if ((!upper.IsConstant() || upper.GetConstant() == std::numeric_limits<int32_t>::max()) &&
465 !upper.IsRelatedToArrayLength()) {
466 // Upper bound isn't useful. Leave it to deoptimization.
467 return this;
468 }
469
470 // Need to take care of underflow. Try to prove underflow won't happen
471 // for common cases.
472 if (range->GetLower().IsConstant()) {
473 int32_t constant = range->GetLower().GetConstant();
474 if (constant >= (std::numeric_limits<int32_t>::min() - increment_)) {
475 return new (GetAllocator()) ValueRange(GetAllocator(), range->GetLower(), upper);
476 }
477 }
478
479 // For non-constant lower bound, just assume might be underflow. Give up narrowing.
480 return this;
481 }
482 }
483
484 private:
485 HPhi* const induction_variable_; // Induction variable for this monotonic value range.
486 HInstruction* const initial_; // Initial value.
487 const int32_t increment_; // Increment for each loop iteration.
488 const ValueBound bound_; // Additional value bound info for initial_.
489
490 DISALLOW_COPY_AND_ASSIGN(MonotonicValueRange);
491 };
492
493 class BCEVisitor : public HGraphVisitor {
494 public:
495 // The least number of bounds checks that should be eliminated by triggering
496 // the deoptimization technique.
497 static constexpr size_t kThresholdForAddingDeoptimize = 2;
498
499 // Very large lengths are considered an anomaly. This is a threshold beyond which we don't
500 // bother to apply the deoptimization technique since it's likely, or sometimes certain,
501 // an AIOOBE will be thrown.
502 static constexpr uint32_t kMaxLengthForAddingDeoptimize =
503 std::numeric_limits<int32_t>::max() - 1024 * 1024;
504
505 // Added blocks for loop body entry test.
IsAddedBlock(HBasicBlock * block) const506 bool IsAddedBlock(HBasicBlock* block) const {
507 return block->GetBlockId() >= initial_block_size_;
508 }
509
BCEVisitor(HGraph * graph,const SideEffectsAnalysis & side_effects,HInductionVarAnalysis * induction_analysis)510 BCEVisitor(HGraph* graph,
511 const SideEffectsAnalysis& side_effects,
512 HInductionVarAnalysis* induction_analysis)
513 : HGraphVisitor(graph),
514 allocator_(graph->GetArenaStack()),
515 maps_(graph->GetBlocks().size(),
516 ScopedArenaSafeMap<int, ValueRange*>(
517 std::less<int>(),
518 allocator_.Adapter(kArenaAllocBoundsCheckElimination)),
519 allocator_.Adapter(kArenaAllocBoundsCheckElimination)),
520 first_index_bounds_check_map_(std::less<int>(),
521 allocator_.Adapter(kArenaAllocBoundsCheckElimination)),
522 early_exit_loop_(std::less<uint32_t>(),
523 allocator_.Adapter(kArenaAllocBoundsCheckElimination)),
524 taken_test_loop_(std::less<uint32_t>(),
525 allocator_.Adapter(kArenaAllocBoundsCheckElimination)),
526 finite_loop_(allocator_.Adapter(kArenaAllocBoundsCheckElimination)),
527 has_dom_based_dynamic_bce_(false),
528 initial_block_size_(graph->GetBlocks().size()),
529 side_effects_(side_effects),
530 induction_range_(induction_analysis),
531 next_(nullptr) {}
532
VisitBasicBlock(HBasicBlock * block)533 void VisitBasicBlock(HBasicBlock* block) override {
534 DCHECK(!IsAddedBlock(block));
535 first_index_bounds_check_map_.clear();
536 // Visit phis and instructions using a safe iterator. The iteration protects
537 // against deleting the current instruction during iteration. However, it
538 // must advance next_ if that instruction is deleted during iteration.
539 for (HInstruction* instruction = block->GetFirstPhi(); instruction != nullptr;) {
540 DCHECK(instruction->IsInBlock());
541 next_ = instruction->GetNext();
542 instruction->Accept(this);
543 instruction = next_;
544 }
545 for (HInstruction* instruction = block->GetFirstInstruction(); instruction != nullptr;) {
546 DCHECK(instruction->IsInBlock());
547 next_ = instruction->GetNext();
548 instruction->Accept(this);
549 instruction = next_;
550 }
551 // We should never deoptimize from an osr method, otherwise we might wrongly optimize
552 // code dominated by the deoptimization.
553 if (!GetGraph()->IsCompilingOsr()) {
554 AddComparesWithDeoptimization(block);
555 }
556 }
557
Finish()558 void Finish() {
559 // Preserve SSA structure which may have been broken by adding one or more
560 // new taken-test structures (see TransformLoopForDeoptimizationIfNeeded()).
561 InsertPhiNodes();
562
563 // Clear the loop data structures.
564 early_exit_loop_.clear();
565 taken_test_loop_.clear();
566 finite_loop_.clear();
567 }
568
569 private:
570 // Return the map of proven value ranges at the beginning of a basic block.
GetValueRangeMap(HBasicBlock * basic_block)571 ScopedArenaSafeMap<int, ValueRange*>* GetValueRangeMap(HBasicBlock* basic_block) {
572 if (IsAddedBlock(basic_block)) {
573 // Added blocks don't keep value ranges.
574 return nullptr;
575 }
576 return &maps_[basic_block->GetBlockId()];
577 }
578
579 // Traverse up the dominator tree to look for value range info.
LookupValueRange(HInstruction * instruction,HBasicBlock * basic_block)580 ValueRange* LookupValueRange(HInstruction* instruction, HBasicBlock* basic_block) {
581 while (basic_block != nullptr) {
582 ScopedArenaSafeMap<int, ValueRange*>* map = GetValueRangeMap(basic_block);
583 if (map != nullptr) {
584 if (map->find(instruction->GetId()) != map->end()) {
585 return map->Get(instruction->GetId());
586 }
587 } else {
588 DCHECK(IsAddedBlock(basic_block));
589 }
590 basic_block = basic_block->GetDominator();
591 }
592 // Didn't find any.
593 return nullptr;
594 }
595
596 // Helper method to assign a new range to an instruction in given basic block.
AssignRange(HBasicBlock * basic_block,HInstruction * instruction,ValueRange * range)597 void AssignRange(HBasicBlock* basic_block, HInstruction* instruction, ValueRange* range) {
598 DCHECK(!range->IsMonotonicValueRange() || instruction->IsLoopHeaderPhi());
599 GetValueRangeMap(basic_block)->Overwrite(instruction->GetId(), range);
600 }
601
602 // Narrow the value range of `instruction` at the end of `basic_block` with `range`,
603 // and push the narrowed value range to `successor`.
ApplyRangeFromComparison(HInstruction * instruction,HBasicBlock * basic_block,HBasicBlock * successor,ValueRange * range)604 void ApplyRangeFromComparison(HInstruction* instruction, HBasicBlock* basic_block,
605 HBasicBlock* successor, ValueRange* range) {
606 ValueRange* existing_range = LookupValueRange(instruction, basic_block);
607 if (existing_range == nullptr) {
608 if (range != nullptr) {
609 AssignRange(successor, instruction, range);
610 }
611 return;
612 }
613 if (existing_range->IsMonotonicValueRange()) {
614 DCHECK(instruction->IsLoopHeaderPhi());
615 // Make sure the comparison is in the loop header so each increment is
616 // checked with a comparison.
617 if (instruction->GetBlock() != basic_block) {
618 return;
619 }
620 }
621 AssignRange(successor, instruction, existing_range->Narrow(range));
622 }
623
624 // Special case that we may simultaneously narrow two MonotonicValueRange's to
625 // regular value ranges.
HandleIfBetweenTwoMonotonicValueRanges(HIf * instruction,HInstruction * left,HInstruction * right,IfCondition cond,MonotonicValueRange * left_range,MonotonicValueRange * right_range)626 void HandleIfBetweenTwoMonotonicValueRanges(HIf* instruction,
627 HInstruction* left,
628 HInstruction* right,
629 IfCondition cond,
630 MonotonicValueRange* left_range,
631 MonotonicValueRange* right_range) {
632 DCHECK(left->IsLoopHeaderPhi());
633 DCHECK(right->IsLoopHeaderPhi());
634 if (instruction->GetBlock() != left->GetBlock()) {
635 // Comparison needs to be in loop header to make sure it's done after each
636 // increment/decrement.
637 return;
638 }
639
640 // Handle common cases which also don't have overflow/underflow concerns.
641 if (left_range->GetIncrement() == 1 &&
642 left_range->GetBound().IsConstant() &&
643 right_range->GetIncrement() == -1 &&
644 right_range->GetBound().IsRelatedToArrayLength() &&
645 right_range->GetBound().GetConstant() < 0) {
646 HBasicBlock* successor = nullptr;
647 int32_t left_compensation = 0;
648 int32_t right_compensation = 0;
649 if (cond == kCondLT) {
650 left_compensation = -1;
651 right_compensation = 1;
652 successor = instruction->IfTrueSuccessor();
653 } else if (cond == kCondLE) {
654 successor = instruction->IfTrueSuccessor();
655 } else if (cond == kCondGT) {
656 successor = instruction->IfFalseSuccessor();
657 } else if (cond == kCondGE) {
658 left_compensation = -1;
659 right_compensation = 1;
660 successor = instruction->IfFalseSuccessor();
661 } else {
662 // We don't handle '=='/'!=' test in case left and right can cross and
663 // miss each other.
664 return;
665 }
666
667 if (successor != nullptr) {
668 bool overflow;
669 bool underflow;
670 ValueRange* new_left_range = new (&allocator_) ValueRange(
671 &allocator_,
672 left_range->GetBound(),
673 right_range->GetBound().Add(left_compensation, &overflow, &underflow));
674 if (!overflow && !underflow) {
675 ApplyRangeFromComparison(left, instruction->GetBlock(), successor,
676 new_left_range);
677 }
678
679 ValueRange* new_right_range = new (&allocator_) ValueRange(
680 &allocator_,
681 left_range->GetBound().Add(right_compensation, &overflow, &underflow),
682 right_range->GetBound());
683 if (!overflow && !underflow) {
684 ApplyRangeFromComparison(right, instruction->GetBlock(), successor,
685 new_right_range);
686 }
687 }
688 }
689 }
690
691 // Handle "if (left cmp_cond right)".
HandleIf(HIf * instruction,HInstruction * left,HInstruction * right,IfCondition cond)692 void HandleIf(HIf* instruction, HInstruction* left, HInstruction* right, IfCondition cond) {
693 HBasicBlock* block = instruction->GetBlock();
694
695 HBasicBlock* true_successor = instruction->IfTrueSuccessor();
696 // There should be no critical edge at this point.
697 DCHECK_EQ(true_successor->GetPredecessors().size(), 1u);
698
699 HBasicBlock* false_successor = instruction->IfFalseSuccessor();
700 // There should be no critical edge at this point.
701 DCHECK_EQ(false_successor->GetPredecessors().size(), 1u);
702
703 ValueRange* left_range = LookupValueRange(left, block);
704 MonotonicValueRange* left_monotonic_range = nullptr;
705 if (left_range != nullptr) {
706 left_monotonic_range = left_range->AsMonotonicValueRange();
707 if (left_monotonic_range != nullptr) {
708 HBasicBlock* loop_head = left_monotonic_range->GetLoopHeader();
709 if (instruction->GetBlock() != loop_head) {
710 // For monotonic value range, don't handle `instruction`
711 // if it's not defined in the loop header.
712 return;
713 }
714 }
715 }
716
717 bool found;
718 ValueBound bound = ValueBound::DetectValueBoundFromValue(right, &found);
719 // Each comparison can establish a lower bound and an upper bound
720 // for the left hand side.
721 ValueBound lower = bound;
722 ValueBound upper = bound;
723 if (!found) {
724 // No constant or array.length+c format bound found.
725 // For i<j, we can still use j's upper bound as i's upper bound. Same for lower.
726 ValueRange* right_range = LookupValueRange(right, block);
727 if (right_range != nullptr) {
728 if (right_range->IsMonotonicValueRange()) {
729 if (left_range != nullptr && left_range->IsMonotonicValueRange()) {
730 HandleIfBetweenTwoMonotonicValueRanges(instruction, left, right, cond,
731 left_range->AsMonotonicValueRange(),
732 right_range->AsMonotonicValueRange());
733 return;
734 }
735 }
736 lower = right_range->GetLower();
737 upper = right_range->GetUpper();
738 } else {
739 lower = ValueBound::Min();
740 upper = ValueBound::Max();
741 }
742 }
743
744 bool overflow, underflow;
745 if (cond == kCondLT || cond == kCondLE) {
746 if (!upper.Equals(ValueBound::Max())) {
747 int32_t compensation = (cond == kCondLT) ? -1 : 0; // upper bound is inclusive
748 ValueBound new_upper = upper.Add(compensation, &overflow, &underflow);
749 if (overflow || underflow) {
750 return;
751 }
752 ValueRange* new_range = new (&allocator_) ValueRange(
753 &allocator_, ValueBound::Min(), new_upper);
754 ApplyRangeFromComparison(left, block, true_successor, new_range);
755 }
756
757 // array.length as a lower bound isn't considered useful.
758 if (!lower.Equals(ValueBound::Min()) && !lower.IsRelatedToArrayLength()) {
759 int32_t compensation = (cond == kCondLE) ? 1 : 0; // lower bound is inclusive
760 ValueBound new_lower = lower.Add(compensation, &overflow, &underflow);
761 if (overflow || underflow) {
762 return;
763 }
764 ValueRange* new_range = new (&allocator_) ValueRange(
765 &allocator_, new_lower, ValueBound::Max());
766 ApplyRangeFromComparison(left, block, false_successor, new_range);
767 }
768 } else if (cond == kCondGT || cond == kCondGE) {
769 // array.length as a lower bound isn't considered useful.
770 if (!lower.Equals(ValueBound::Min()) && !lower.IsRelatedToArrayLength()) {
771 int32_t compensation = (cond == kCondGT) ? 1 : 0; // lower bound is inclusive
772 ValueBound new_lower = lower.Add(compensation, &overflow, &underflow);
773 if (overflow || underflow) {
774 return;
775 }
776 ValueRange* new_range = new (&allocator_) ValueRange(
777 &allocator_, new_lower, ValueBound::Max());
778 ApplyRangeFromComparison(left, block, true_successor, new_range);
779 }
780
781 if (!upper.Equals(ValueBound::Max())) {
782 int32_t compensation = (cond == kCondGE) ? -1 : 0; // upper bound is inclusive
783 ValueBound new_upper = upper.Add(compensation, &overflow, &underflow);
784 if (overflow || underflow) {
785 return;
786 }
787 ValueRange* new_range = new (&allocator_) ValueRange(
788 &allocator_, ValueBound::Min(), new_upper);
789 ApplyRangeFromComparison(left, block, false_successor, new_range);
790 }
791 } else if (cond == kCondNE || cond == kCondEQ) {
792 if (left->IsArrayLength()) {
793 if (lower.IsConstant() && upper.IsConstant()) {
794 // Special case:
795 // length == [c,d] yields [c, d] along true
796 // length != [c,d] yields [c, d] along false
797 if (!lower.Equals(ValueBound::Min()) || !upper.Equals(ValueBound::Max())) {
798 ValueRange* new_range = new (&allocator_) ValueRange(&allocator_, lower, upper);
799 ApplyRangeFromComparison(
800 left, block, cond == kCondEQ ? true_successor : false_successor, new_range);
801 }
802 // In addition:
803 // length == 0 yields [1, max] along false
804 // length != 0 yields [1, max] along true
805 if (lower.GetConstant() == 0 && upper.GetConstant() == 0) {
806 ValueRange* new_range = new (&allocator_) ValueRange(
807 &allocator_, ValueBound(nullptr, 1), ValueBound::Max());
808 ApplyRangeFromComparison(
809 left, block, cond == kCondEQ ? false_successor : true_successor, new_range);
810 }
811 }
812 } else if (lower.IsRelatedToArrayLength() && lower.Equals(upper)) {
813 // Special aliasing case, with x not array length itself:
814 // x == [length,length] yields x == length along true
815 // x != [length,length] yields x == length along false
816 ValueRange* new_range = new (&allocator_) ValueRange(&allocator_, lower, upper);
817 ApplyRangeFromComparison(
818 left, block, cond == kCondEQ ? true_successor : false_successor, new_range);
819 }
820 }
821 }
822
VisitBoundsCheck(HBoundsCheck * bounds_check)823 void VisitBoundsCheck(HBoundsCheck* bounds_check) override {
824 HBasicBlock* block = bounds_check->GetBlock();
825 HInstruction* index = bounds_check->InputAt(0);
826 HInstruction* array_length = bounds_check->InputAt(1);
827 DCHECK(array_length->IsIntConstant() ||
828 array_length->IsArrayLength() ||
829 array_length->IsPhi());
830 bool try_dynamic_bce = true;
831 // Analyze index range.
832 if (!index->IsIntConstant()) {
833 // Non-constant index.
834 ValueBound lower = ValueBound(nullptr, 0); // constant 0
835 ValueBound upper = ValueBound(array_length, -1); // array_length - 1
836 ValueRange array_range(&allocator_, lower, upper);
837 // Try index range obtained by dominator-based analysis.
838 ValueRange* index_range = LookupValueRange(index, block);
839 if (index_range != nullptr) {
840 if (index_range->FitsIn(&array_range)) {
841 ReplaceInstruction(bounds_check, index);
842 return;
843 } else if (index_range->IsConstantValueRange()) {
844 // If the non-constant index turns out to have a constant range,
845 // make one more attempt to get a constant in the array range.
846 ValueRange* existing_range = LookupValueRange(array_length, block);
847 if (existing_range != nullptr &&
848 existing_range->IsConstantValueRange() &&
849 existing_range->GetLower().GetConstant() > 0) {
850 ValueBound constant_upper(nullptr, existing_range->GetLower().GetConstant() - 1);
851 ValueRange constant_array_range(&allocator_, lower, constant_upper);
852 if (index_range->FitsIn(&constant_array_range)) {
853 ReplaceInstruction(bounds_check, index);
854 return;
855 }
856 }
857 }
858 }
859 // Try index range obtained by induction variable analysis.
860 // Disables dynamic bce if OOB is certain.
861 if (InductionRangeFitsIn(&array_range, bounds_check, &try_dynamic_bce)) {
862 ReplaceInstruction(bounds_check, index);
863 return;
864 }
865 } else {
866 // Constant index.
867 int32_t constant = index->AsIntConstant()->GetValue();
868 if (constant < 0) {
869 // Will always throw exception.
870 return;
871 } else if (array_length->IsIntConstant()) {
872 if (constant < array_length->AsIntConstant()->GetValue()) {
873 ReplaceInstruction(bounds_check, index);
874 }
875 return;
876 }
877 // Analyze array length range.
878 DCHECK(array_length->IsArrayLength());
879 ValueRange* existing_range = LookupValueRange(array_length, block);
880 if (existing_range != nullptr) {
881 ValueBound lower = existing_range->GetLower();
882 DCHECK(lower.IsConstant());
883 if (constant < lower.GetConstant()) {
884 ReplaceInstruction(bounds_check, index);
885 return;
886 } else {
887 // Existing range isn't strong enough to eliminate the bounds check.
888 // Fall through to update the array_length range with info from this
889 // bounds check.
890 }
891 }
892 // Once we have an array access like 'array[5] = 1', we record array.length >= 6.
893 // We currently don't do it for non-constant index since a valid array[i] can't prove
894 // a valid array[i-1] yet due to the lower bound side.
895 if (constant == std::numeric_limits<int32_t>::max()) {
896 // Max() as an index will definitely throw AIOOBE.
897 return;
898 } else {
899 ValueBound lower = ValueBound(nullptr, constant + 1);
900 ValueBound upper = ValueBound::Max();
901 ValueRange* range = new (&allocator_) ValueRange(&allocator_, lower, upper);
902 AssignRange(block, array_length, range);
903 }
904 }
905
906 // If static analysis fails, and OOB is not certain, try dynamic elimination.
907 if (try_dynamic_bce) {
908 // Try loop-based dynamic elimination.
909 HLoopInformation* loop = bounds_check->GetBlock()->GetLoopInformation();
910 bool needs_finite_test = false;
911 bool needs_taken_test = false;
912 if (DynamicBCESeemsProfitable(loop, bounds_check->GetBlock()) &&
913 induction_range_.CanGenerateRange(
914 bounds_check, index, &needs_finite_test, &needs_taken_test) &&
915 CanHandleInfiniteLoop(loop, index, needs_finite_test) &&
916 // Do this test last, since it may generate code.
917 CanHandleLength(loop, array_length, needs_taken_test)) {
918 TransformLoopForDeoptimizationIfNeeded(loop, needs_taken_test);
919 TransformLoopForDynamicBCE(loop, bounds_check);
920 return;
921 }
922 // Otherwise, prepare dominator-based dynamic elimination.
923 if (first_index_bounds_check_map_.find(array_length->GetId()) ==
924 first_index_bounds_check_map_.end()) {
925 // Remember the first bounds check against each array_length. That bounds check
926 // instruction has an associated HEnvironment where we may add an HDeoptimize
927 // to eliminate subsequent bounds checks against the same array_length.
928 first_index_bounds_check_map_.Put(array_length->GetId(), bounds_check);
929 }
930 }
931 }
932
HasSameInputAtBackEdges(HPhi * phi)933 static bool HasSameInputAtBackEdges(HPhi* phi) {
934 DCHECK(phi->IsLoopHeaderPhi());
935 HConstInputsRef inputs = phi->GetInputs();
936 // Start with input 1. Input 0 is from the incoming block.
937 const HInstruction* input1 = inputs[1];
938 DCHECK(phi->GetBlock()->GetLoopInformation()->IsBackEdge(
939 *phi->GetBlock()->GetPredecessors()[1]));
940 for (size_t i = 2; i < inputs.size(); ++i) {
941 DCHECK(phi->GetBlock()->GetLoopInformation()->IsBackEdge(
942 *phi->GetBlock()->GetPredecessors()[i]));
943 if (input1 != inputs[i]) {
944 return false;
945 }
946 }
947 return true;
948 }
949
VisitPhi(HPhi * phi)950 void VisitPhi(HPhi* phi) override {
951 if (phi->IsLoopHeaderPhi()
952 && (phi->GetType() == DataType::Type::kInt32)
953 && HasSameInputAtBackEdges(phi)) {
954 HInstruction* instruction = phi->InputAt(1);
955 HInstruction *left;
956 int32_t increment;
957 if (ValueBound::IsAddOrSubAConstant(instruction, &left, &increment)) {
958 if (left == phi) {
959 HInstruction* initial_value = phi->InputAt(0);
960 ValueRange* range = nullptr;
961 if (increment == 0) {
962 // Add constant 0. It's really a fixed value.
963 range = new (&allocator_) ValueRange(
964 &allocator_,
965 ValueBound(initial_value, 0),
966 ValueBound(initial_value, 0));
967 } else {
968 // Monotonically increasing/decreasing.
969 bool found;
970 ValueBound bound = ValueBound::DetectValueBoundFromValue(
971 initial_value, &found);
972 if (!found) {
973 // No constant or array.length+c bound found.
974 // For i=j, we can still use j's upper bound as i's upper bound.
975 // Same for lower.
976 ValueRange* initial_range = LookupValueRange(initial_value, phi->GetBlock());
977 if (initial_range != nullptr) {
978 bound = increment > 0 ? initial_range->GetLower() :
979 initial_range->GetUpper();
980 } else {
981 bound = increment > 0 ? ValueBound::Min() : ValueBound::Max();
982 }
983 }
984 range = new (&allocator_) MonotonicValueRange(
985 &allocator_,
986 phi,
987 initial_value,
988 increment,
989 bound);
990 }
991 AssignRange(phi->GetBlock(), phi, range);
992 }
993 }
994 }
995 }
996
VisitIf(HIf * instruction)997 void VisitIf(HIf* instruction) override {
998 if (instruction->InputAt(0)->IsCondition()) {
999 HCondition* cond = instruction->InputAt(0)->AsCondition();
1000 HandleIf(instruction, cond->GetLeft(), cond->GetRight(), cond->GetCondition());
1001 }
1002 }
1003
1004 // Check whether HSub is a result of the HRem optimization of:
1005 // q = Div(dividend, const_divisor)
1006 // r = Rem(dividend, const_divisor)
1007 // into
1008 // q = Div(dividend, const_divisor)
1009 // t = Mul(q, const_divisor)
1010 // r = Sub(dividend, t)
1011 // or for divisors 2^n + 1 into
1012 // q = Div(dividend, const_divisor)
1013 // t1 = Shl(q, n)
1014 // t2 = Add(q, t1)
1015 // r = Sub(dividend, t2)
1016 // or for divisors 2^n - 1 into
1017 // q = Div(dividend, const_divisor)
1018 // t1 = Shl(q, n)
1019 // t2 = Sub(t1, q)
1020 // r = Sub(dividend, t2)
1021 //
1022 // If it is the case, the value range for the instruction is
1023 // [1 - abs(const_divisor), abs(const_divisor) - 1] merged with
1024 // the range of the left input is assigned and true is returned. Otherwise,
1025 // no range is assigned and false is returned.
TryToAssignRangeIfOptimizedRemWithConstantDivisor(HSub * instruction)1026 bool TryToAssignRangeIfOptimizedRemWithConstantDivisor(HSub* instruction) {
1027 if (instruction->GetResultType() != DataType::Type::kInt32) {
1028 return false;
1029 }
1030
1031 auto is_needed_shl = [](HShl* shl) {
1032 return shl != nullptr && shl->GetRight()->IsConstant() && shl->GetLeft()->IsDiv();
1033 };
1034
1035 HDiv* div = nullptr;
1036 int64_t const_divisor = 0;
1037 if (HMul* mul = instruction->GetRight()->AsMul()) {
1038 if (!mul->GetLeft()->IsDiv() || !mul->GetRight()->IsConstant()) {
1039 return false;
1040 }
1041 div = mul->GetLeft()->AsDiv();
1042 const_divisor = Int64FromConstant(mul->GetRight()->AsConstant());
1043 } else if (HAdd* add = instruction->GetRight()->AsAdd()) {
1044 HShl* shl = add->GetRight()->AsShl();
1045 if (!is_needed_shl(shl)) {
1046 return false;
1047 }
1048
1049 div = shl->GetLeft()->AsDiv();
1050 if (add->GetLeft() != div) {
1051 return false;
1052 }
1053
1054 int32_t n = shl->GetRight()->AsIntConstant()->GetValue();
1055 if (n == BitSizeOf<int32_t>() - 1) {
1056 // 2^n + 1 will be negative.
1057 return false;
1058 }
1059 const_divisor = (1LL << n) + 1;
1060 } else if (HSub* sub = instruction->GetRight()->AsSub()) {
1061 HShl* shl = sub->GetLeft()->AsShl();
1062 if (!is_needed_shl(shl)) {
1063 return false;
1064 }
1065
1066 div = shl->GetLeft()->AsDiv();
1067 if (sub->GetRight() != div) {
1068 return false;
1069 }
1070
1071 int32_t n = shl->GetRight()->AsIntConstant()->GetValue();
1072 const_divisor = (1LL << n) - 1;
1073 }
1074
1075 if (div == nullptr || !IsInt64Value(div->GetRight()->AsConstant(), const_divisor) ||
1076 div->GetLeft() != instruction->GetLeft()) {
1077 return false;
1078 }
1079
1080 ValueRange* range = nullptr;
1081 if (const_divisor == DataType::MinValueOfIntegralType(DataType::Type::kInt32)) {
1082 range = new (&allocator_) ValueRange(&allocator_,
1083 ValueBound(nullptr, DataType::MinValueOfIntegralType(DataType::Type::kInt32) + 1),
1084 ValueBound(nullptr, DataType::MaxValueOfIntegralType(DataType::Type::kInt32)));
1085 } else {
1086 DCHECK_GT(const_divisor, DataType::MinValueOfIntegralType(DataType::Type::kInt32));
1087 DCHECK_LE(const_divisor, DataType::MaxValueOfIntegralType(DataType::Type::kInt32));
1088 int32_t abs_const_divisor = static_cast<int32_t>(std::abs(const_divisor));
1089 range = new (&allocator_) ValueRange(&allocator_,
1090 ValueBound(nullptr, 1 - abs_const_divisor),
1091 ValueBound(nullptr, abs_const_divisor - 1));
1092 }
1093 HBasicBlock* basic_block = instruction->GetBlock();
1094 if (ValueRange* left_range = LookupValueRange(instruction->GetLeft(), basic_block)) {
1095 range = range->Narrow(left_range);
1096 }
1097 AssignRange(basic_block, instruction, range);
1098 return true;
1099 }
1100
VisitAdd(HAdd * add)1101 void VisitAdd(HAdd* add) override {
1102 HInstruction* right = add->GetRight();
1103 if (right->IsIntConstant()) {
1104 ValueRange* left_range = LookupValueRange(add->GetLeft(), add->GetBlock());
1105 if (left_range == nullptr) {
1106 return;
1107 }
1108 ValueRange* range = left_range->Add(right->AsIntConstant()->GetValue());
1109 if (range != nullptr) {
1110 AssignRange(add->GetBlock(), add, range);
1111 }
1112 }
1113 }
1114
VisitSub(HSub * sub)1115 void VisitSub(HSub* sub) override {
1116 if (TryToAssignRangeIfOptimizedRemWithConstantDivisor(sub)) {
1117 return;
1118 }
1119
1120 HInstruction* left = sub->GetLeft();
1121 HInstruction* right = sub->GetRight();
1122 if (right->IsIntConstant()) {
1123 ValueRange* left_range = LookupValueRange(left, sub->GetBlock());
1124 if (left_range == nullptr) {
1125 return;
1126 }
1127 ValueRange* range = left_range->Add(-right->AsIntConstant()->GetValue());
1128 if (range != nullptr) {
1129 AssignRange(sub->GetBlock(), sub, range);
1130 return;
1131 }
1132 }
1133
1134 // Here we are interested in the typical triangular case of nested loops,
1135 // such as the inner loop 'for (int j=0; j<array.length-i; j++)' where i
1136 // is the index for outer loop. In this case, we know j is bounded by array.length-1.
1137
1138 // Try to handle (array.length - i) or (array.length + c - i) format.
1139 HInstruction* left_of_left; // left input of left.
1140 int32_t right_const = 0;
1141 if (ValueBound::IsAddOrSubAConstant(left, &left_of_left, &right_const)) {
1142 left = left_of_left;
1143 }
1144 // The value of left input of the sub equals (left + right_const).
1145
1146 if (left->IsArrayLength()) {
1147 HInstruction* array_length = left->AsArrayLength();
1148 ValueRange* right_range = LookupValueRange(right, sub->GetBlock());
1149 if (right_range != nullptr) {
1150 ValueBound lower = right_range->GetLower();
1151 ValueBound upper = right_range->GetUpper();
1152 if (lower.IsConstant() && upper.IsRelatedToArrayLength()) {
1153 HInstruction* upper_inst = upper.GetInstruction();
1154 // Make sure it's the same array.
1155 if (ValueBound::Equal(array_length, upper_inst)) {
1156 int32_t c0 = right_const;
1157 int32_t c1 = lower.GetConstant();
1158 int32_t c2 = upper.GetConstant();
1159 // (array.length + c0 - v) where v is in [c1, array.length + c2]
1160 // gets [c0 - c2, array.length + c0 - c1] as its value range.
1161 if (!ValueBound::WouldAddOverflowOrUnderflow(c0, -c2) &&
1162 !ValueBound::WouldAddOverflowOrUnderflow(c0, -c1)) {
1163 if ((c0 - c1) <= 0) {
1164 // array.length + (c0 - c1) won't overflow/underflow.
1165 ValueRange* range = new (&allocator_) ValueRange(
1166 &allocator_,
1167 ValueBound(nullptr, right_const - upper.GetConstant()),
1168 ValueBound(array_length, right_const - lower.GetConstant()));
1169 AssignRange(sub->GetBlock(), sub, range);
1170 }
1171 }
1172 }
1173 }
1174 }
1175 }
1176 }
1177
FindAndHandlePartialArrayLength(HBinaryOperation * instruction)1178 void FindAndHandlePartialArrayLength(HBinaryOperation* instruction) {
1179 DCHECK(instruction->IsDiv() || instruction->IsShr() || instruction->IsUShr());
1180 HInstruction* right = instruction->GetRight();
1181 int32_t right_const;
1182 if (right->IsIntConstant()) {
1183 right_const = right->AsIntConstant()->GetValue();
1184 // Detect division by two or more.
1185 if ((instruction->IsDiv() && right_const <= 1) ||
1186 (instruction->IsShr() && right_const < 1) ||
1187 (instruction->IsUShr() && right_const < 1)) {
1188 return;
1189 }
1190 } else {
1191 return;
1192 }
1193
1194 // Try to handle array.length/2 or (array.length-1)/2 format.
1195 HInstruction* left = instruction->GetLeft();
1196 HInstruction* left_of_left; // left input of left.
1197 int32_t c = 0;
1198 if (ValueBound::IsAddOrSubAConstant(left, &left_of_left, &c)) {
1199 left = left_of_left;
1200 }
1201 // The value of left input of instruction equals (left + c).
1202
1203 // (array_length + 1) or smaller divided by two or more
1204 // always generate a value in [Min(), array_length].
1205 // This is true even if array_length is Max().
1206 if (left->IsArrayLength() && c <= 1) {
1207 if (instruction->IsUShr() && c < 0) {
1208 // Make sure for unsigned shift, left side is not negative.
1209 // e.g. if array_length is 2, ((array_length - 3) >>> 2) is way bigger
1210 // than array_length.
1211 return;
1212 }
1213 ValueRange* range = new (&allocator_) ValueRange(
1214 &allocator_,
1215 ValueBound(nullptr, std::numeric_limits<int32_t>::min()),
1216 ValueBound(left, 0));
1217 AssignRange(instruction->GetBlock(), instruction, range);
1218 }
1219 }
1220
VisitDiv(HDiv * div)1221 void VisitDiv(HDiv* div) override {
1222 FindAndHandlePartialArrayLength(div);
1223 }
1224
VisitShr(HShr * shr)1225 void VisitShr(HShr* shr) override {
1226 FindAndHandlePartialArrayLength(shr);
1227 }
1228
VisitUShr(HUShr * ushr)1229 void VisitUShr(HUShr* ushr) override {
1230 FindAndHandlePartialArrayLength(ushr);
1231 }
1232
VisitAnd(HAnd * instruction)1233 void VisitAnd(HAnd* instruction) override {
1234 if (instruction->GetRight()->IsIntConstant()) {
1235 int32_t constant = instruction->GetRight()->AsIntConstant()->GetValue();
1236 if (constant > 0) {
1237 // constant serves as a mask so any number masked with it
1238 // gets a [0, constant] value range.
1239 ValueRange* range = new (&allocator_) ValueRange(
1240 &allocator_,
1241 ValueBound(nullptr, 0),
1242 ValueBound(nullptr, constant));
1243 AssignRange(instruction->GetBlock(), instruction, range);
1244 }
1245 }
1246 }
1247
VisitRem(HRem * instruction)1248 void VisitRem(HRem* instruction) override {
1249 HInstruction* left = instruction->GetLeft();
1250 HInstruction* right = instruction->GetRight();
1251
1252 // Handle 'i % CONST' format expression in array index, e.g:
1253 // array[i % 20];
1254 if (right->IsIntConstant()) {
1255 int32_t right_const = std::abs(right->AsIntConstant()->GetValue());
1256 if (right_const == 0) {
1257 return;
1258 }
1259 // The sign of divisor CONST doesn't affect the sign final value range.
1260 // For example:
1261 // if (i > 0) {
1262 // array[i % 10]; // index value range [0, 9]
1263 // array[i % -10]; // index value range [0, 9]
1264 // }
1265 ValueRange* right_range = new (&allocator_) ValueRange(
1266 &allocator_,
1267 ValueBound(nullptr, 1 - right_const),
1268 ValueBound(nullptr, right_const - 1));
1269
1270 ValueRange* left_range = LookupValueRange(left, instruction->GetBlock());
1271 if (left_range != nullptr) {
1272 right_range = right_range->Narrow(left_range);
1273 }
1274 AssignRange(instruction->GetBlock(), instruction, right_range);
1275 return;
1276 }
1277
1278 // Handle following pattern:
1279 // i0 NullCheck
1280 // i1 ArrayLength[i0]
1281 // i2 DivByZeroCheck [i1] <-- right
1282 // i3 Rem [i5, i2] <-- we are here.
1283 // i4 BoundsCheck [i3,i1]
1284 if (right->IsDivZeroCheck()) {
1285 // if array_length can pass div-by-zero check,
1286 // array_length must be > 0.
1287 right = right->AsDivZeroCheck()->InputAt(0);
1288 }
1289
1290 // Handle 'i % array.length' format expression in array index, e.g:
1291 // array[(i+7) % array.length];
1292 if (right->IsArrayLength()) {
1293 ValueBound lower = ValueBound::Min(); // ideally, lower should be '1-array_length'.
1294 ValueBound upper = ValueBound(right, -1); // array_length - 1
1295 ValueRange* right_range = new (&allocator_) ValueRange(
1296 &allocator_,
1297 lower,
1298 upper);
1299 ValueRange* left_range = LookupValueRange(left, instruction->GetBlock());
1300 if (left_range != nullptr) {
1301 right_range = right_range->Narrow(left_range);
1302 }
1303 AssignRange(instruction->GetBlock(), instruction, right_range);
1304 return;
1305 }
1306 }
1307
VisitNewArray(HNewArray * new_array)1308 void VisitNewArray(HNewArray* new_array) override {
1309 HInstruction* len = new_array->GetLength();
1310 if (!len->IsIntConstant()) {
1311 HInstruction *left;
1312 int32_t right_const;
1313 if (ValueBound::IsAddOrSubAConstant(len, &left, &right_const)) {
1314 // (left + right_const) is used as size to new the array.
1315 // We record "-right_const <= left <= new_array - right_const";
1316 ValueBound lower = ValueBound(nullptr, -right_const);
1317 // We use new_array for the bound instead of new_array.length,
1318 // which isn't available as an instruction yet. new_array will
1319 // be treated the same as new_array.length when it's used in a ValueBound.
1320 ValueBound upper = ValueBound(new_array, -right_const);
1321 ValueRange* range = new (&allocator_) ValueRange(&allocator_, lower, upper);
1322 ValueRange* existing_range = LookupValueRange(left, new_array->GetBlock());
1323 if (existing_range != nullptr) {
1324 range = existing_range->Narrow(range);
1325 }
1326 AssignRange(new_array->GetBlock(), left, range);
1327 }
1328 }
1329 }
1330
1331 /**
1332 * After null/bounds checks are eliminated, some invariant array references
1333 * may be exposed underneath which can be hoisted out of the loop to the
1334 * preheader or, in combination with dynamic bce, the deoptimization block.
1335 *
1336 * for (int i = 0; i < n; i++) {
1337 * <-------+
1338 * for (int j = 0; j < n; j++) |
1339 * a[i][j] = 0; --a[i]--+
1340 * }
1341 *
1342 * Note: this optimization is no longer applied after dominator-based dynamic deoptimization
1343 * has occurred (see AddCompareWithDeoptimization()), since in those cases it would be
1344 * unsafe to hoist array references across their deoptimization instruction inside a loop.
1345 */
VisitArrayGet(HArrayGet * array_get)1346 void VisitArrayGet(HArrayGet* array_get) override {
1347 if (!has_dom_based_dynamic_bce_ && array_get->IsInLoop()) {
1348 HLoopInformation* loop = array_get->GetBlock()->GetLoopInformation();
1349 if (loop->IsDefinedOutOfTheLoop(array_get->InputAt(0)) &&
1350 loop->IsDefinedOutOfTheLoop(array_get->InputAt(1))) {
1351 SideEffects loop_effects = side_effects_.GetLoopEffects(loop->GetHeader());
1352 if (!array_get->GetSideEffects().MayDependOn(loop_effects)) {
1353 // We can hoist ArrayGet only if its execution is guaranteed on every iteration.
1354 // In other words only if array_get_bb dominates all back branches.
1355 if (loop->DominatesAllBackEdges(array_get->GetBlock())) {
1356 HoistToPreHeaderOrDeoptBlock(loop, array_get);
1357 }
1358 }
1359 }
1360 }
1361 }
1362
1363 /** Performs dominator-based dynamic elimination on suitable set of bounds checks. */
AddCompareWithDeoptimization(HBasicBlock * block,HInstruction * array_length,HInstruction * base,int32_t min_c,int32_t max_c)1364 void AddCompareWithDeoptimization(HBasicBlock* block,
1365 HInstruction* array_length,
1366 HInstruction* base,
1367 int32_t min_c, int32_t max_c) {
1368 HBoundsCheck* bounds_check =
1369 first_index_bounds_check_map_.Get(array_length->GetId())->AsBoundsCheck();
1370 // Construct deoptimization on single or double bounds on range [base-min_c,base+max_c],
1371 // for example either for a[0]..a[3] just 3 or for a[base-1]..a[base+3] both base-1
1372 // and base+3, since we made the assumption any in between value may occur too.
1373 // In code, using unsigned comparisons:
1374 // (1) constants only
1375 // if (max_c >= a.length) deoptimize;
1376 // (2) general case
1377 // if (base-min_c > base+max_c) deoptimize;
1378 // if (base+max_c >= a.length ) deoptimize;
1379 static_assert(kMaxLengthForAddingDeoptimize < std::numeric_limits<int32_t>::max(),
1380 "Incorrect max length may be subject to arithmetic wrap-around");
1381 HInstruction* upper = GetGraph()->GetIntConstant(max_c);
1382 if (base == nullptr) {
1383 DCHECK_GE(min_c, 0);
1384 } else {
1385 HInstruction* lower = new (GetGraph()->GetAllocator())
1386 HAdd(DataType::Type::kInt32, base, GetGraph()->GetIntConstant(min_c));
1387 upper = new (GetGraph()->GetAllocator()) HAdd(DataType::Type::kInt32, base, upper);
1388 block->InsertInstructionBefore(lower, bounds_check);
1389 block->InsertInstructionBefore(upper, bounds_check);
1390 InsertDeoptInBlock(bounds_check, new (GetGraph()->GetAllocator()) HAbove(lower, upper));
1391 }
1392 InsertDeoptInBlock(
1393 bounds_check, new (GetGraph()->GetAllocator()) HAboveOrEqual(upper, array_length));
1394 // Flag that this kind of deoptimization has occurred.
1395 has_dom_based_dynamic_bce_ = true;
1396 }
1397
1398 /** Attempts dominator-based dynamic elimination on remaining candidates. */
AddComparesWithDeoptimization(HBasicBlock * block)1399 void AddComparesWithDeoptimization(HBasicBlock* block) {
1400 for (const auto& entry : first_index_bounds_check_map_) {
1401 HBoundsCheck* bounds_check = entry.second;
1402 HInstruction* index = bounds_check->InputAt(0);
1403 HInstruction* array_length = bounds_check->InputAt(1);
1404 if (!array_length->IsArrayLength()) {
1405 continue; // disregard phis and constants
1406 }
1407 // Collect all bounds checks that are still there and that are related as "a[base + constant]"
1408 // for a base instruction (possibly absent) and various constants. Note that no attempt
1409 // is made to partition the set into matching subsets (viz. a[0], a[1] and a[base+1] and
1410 // a[base+2] are considered as one set).
1411 // TODO: would such a partitioning be worthwhile?
1412 ValueBound value = ValueBound::AsValueBound(index);
1413 HInstruction* base = value.GetInstruction();
1414 int32_t min_c = base == nullptr ? 0 : value.GetConstant();
1415 int32_t max_c = value.GetConstant();
1416 ScopedArenaVector<HBoundsCheck*> candidates(
1417 allocator_.Adapter(kArenaAllocBoundsCheckElimination));
1418 ScopedArenaVector<HBoundsCheck*> standby(
1419 allocator_.Adapter(kArenaAllocBoundsCheckElimination));
1420 for (const HUseListNode<HInstruction*>& use : array_length->GetUses()) {
1421 // Another bounds check in same or dominated block?
1422 HInstruction* user = use.GetUser();
1423 HBasicBlock* other_block = user->GetBlock();
1424 if (user->IsBoundsCheck() && block->Dominates(other_block)) {
1425 HBoundsCheck* other_bounds_check = user->AsBoundsCheck();
1426 HInstruction* other_index = other_bounds_check->InputAt(0);
1427 HInstruction* other_array_length = other_bounds_check->InputAt(1);
1428 ValueBound other_value = ValueBound::AsValueBound(other_index);
1429 if (array_length == other_array_length && base == other_value.GetInstruction()) {
1430 // Reject certain OOB if BoundsCheck(l, l) occurs on considered subset.
1431 if (array_length == other_index) {
1432 candidates.clear();
1433 standby.clear();
1434 break;
1435 }
1436 // Since a subsequent dominated block could be under a conditional, only accept
1437 // the other bounds check if it is in same block or both blocks dominate the exit.
1438 // TODO: we could improve this by testing proper post-dominance, or even if this
1439 // constant is seen along *all* conditional paths that follow.
1440 HBasicBlock* exit = GetGraph()->GetExitBlock();
1441 if (block == user->GetBlock() ||
1442 (block->Dominates(exit) && other_block->Dominates(exit))) {
1443 int32_t other_c = other_value.GetConstant();
1444 min_c = std::min(min_c, other_c);
1445 max_c = std::max(max_c, other_c);
1446 candidates.push_back(other_bounds_check);
1447 } else {
1448 // Add this candidate later only if it falls into the range.
1449 standby.push_back(other_bounds_check);
1450 }
1451 }
1452 }
1453 }
1454 // Add standby candidates that fall in selected range.
1455 for (HBoundsCheck* other_bounds_check : standby) {
1456 HInstruction* other_index = other_bounds_check->InputAt(0);
1457 int32_t other_c = ValueBound::AsValueBound(other_index).GetConstant();
1458 if (min_c <= other_c && other_c <= max_c) {
1459 candidates.push_back(other_bounds_check);
1460 }
1461 }
1462 // Perform dominator-based deoptimization if it seems profitable, where we eliminate
1463 // bounds checks and replace these with deopt checks that guard against any possible
1464 // OOB. Note that we reject cases where the distance min_c:max_c range gets close to
1465 // the maximum possible array length, since those cases are likely to always deopt
1466 // (such situations do not necessarily go OOB, though, since the array could be really
1467 // large, or the programmer could rely on arithmetic wrap-around from max to min).
1468 size_t threshold = kThresholdForAddingDeoptimize + (base == nullptr ? 0 : 1); // extra test?
1469 uint32_t distance = static_cast<uint32_t>(max_c) - static_cast<uint32_t>(min_c);
1470 if (candidates.size() >= threshold &&
1471 (base != nullptr || min_c >= 0) && // reject certain OOB
1472 distance <= kMaxLengthForAddingDeoptimize) { // reject likely/certain deopt
1473 AddCompareWithDeoptimization(block, array_length, base, min_c, max_c);
1474 for (HBoundsCheck* other_bounds_check : candidates) {
1475 // Only replace if still in the graph. This avoids visiting the same
1476 // bounds check twice if it occurred multiple times in the use list.
1477 if (other_bounds_check->IsInBlock()) {
1478 ReplaceInstruction(other_bounds_check, other_bounds_check->InputAt(0));
1479 }
1480 }
1481 }
1482 }
1483 }
1484
1485 /**
1486 * Returns true if static range analysis based on induction variables can determine the bounds
1487 * check on the given array range is always satisfied with the computed index range. The output
1488 * parameter try_dynamic_bce is set to false if OOB is certain.
1489 */
InductionRangeFitsIn(ValueRange * array_range,HBoundsCheck * context,bool * try_dynamic_bce)1490 bool InductionRangeFitsIn(ValueRange* array_range,
1491 HBoundsCheck* context,
1492 bool* try_dynamic_bce) {
1493 InductionVarRange::Value v1;
1494 InductionVarRange::Value v2;
1495 bool needs_finite_test = false;
1496 HInstruction* index = context->InputAt(0);
1497 HInstruction* hint = HuntForDeclaration(context->InputAt(1));
1498 if (induction_range_.GetInductionRange(context, index, hint, &v1, &v2, &needs_finite_test)) {
1499 if (v1.is_known && (v1.a_constant == 0 || v1.a_constant == 1) &&
1500 v2.is_known && (v2.a_constant == 0 || v2.a_constant == 1)) {
1501 DCHECK(v1.a_constant == 1 || v1.instruction == nullptr);
1502 DCHECK(v2.a_constant == 1 || v2.instruction == nullptr);
1503 ValueRange index_range(&allocator_,
1504 ValueBound(v1.instruction, v1.b_constant),
1505 ValueBound(v2.instruction, v2.b_constant));
1506 // If analysis reveals a certain OOB, disable dynamic BCE. Otherwise,
1507 // use analysis for static bce only if loop is finite.
1508 if (index_range.GetLower().LessThan(array_range->GetLower()) ||
1509 index_range.GetUpper().GreaterThan(array_range->GetUpper())) {
1510 *try_dynamic_bce = false;
1511 } else if (!needs_finite_test && index_range.FitsIn(array_range)) {
1512 return true;
1513 }
1514 }
1515 }
1516 return false;
1517 }
1518
1519 /**
1520 * Performs loop-based dynamic elimination on a bounds check. In order to minimize the
1521 * number of eventually generated tests, related bounds checks with tests that can be
1522 * combined with tests for the given bounds check are collected first.
1523 */
TransformLoopForDynamicBCE(HLoopInformation * loop,HBoundsCheck * bounds_check)1524 void TransformLoopForDynamicBCE(HLoopInformation* loop, HBoundsCheck* bounds_check) {
1525 HInstruction* index = bounds_check->InputAt(0);
1526 HInstruction* array_length = bounds_check->InputAt(1);
1527 DCHECK(loop->IsDefinedOutOfTheLoop(array_length)); // pre-checked
1528 DCHECK(loop->DominatesAllBackEdges(bounds_check->GetBlock()));
1529 // Collect all bounds checks in the same loop that are related as "a[base + constant]"
1530 // for a base instruction (possibly absent) and various constants.
1531 ValueBound value = ValueBound::AsValueBound(index);
1532 HInstruction* base = value.GetInstruction();
1533 int32_t min_c = base == nullptr ? 0 : value.GetConstant();
1534 int32_t max_c = value.GetConstant();
1535 ScopedArenaVector<HBoundsCheck*> candidates(
1536 allocator_.Adapter(kArenaAllocBoundsCheckElimination));
1537 ScopedArenaVector<HBoundsCheck*> standby(
1538 allocator_.Adapter(kArenaAllocBoundsCheckElimination));
1539 for (const HUseListNode<HInstruction*>& use : array_length->GetUses()) {
1540 HInstruction* user = use.GetUser();
1541 if (user->IsBoundsCheck() && loop == user->GetBlock()->GetLoopInformation()) {
1542 HBoundsCheck* other_bounds_check = user->AsBoundsCheck();
1543 HInstruction* other_index = other_bounds_check->InputAt(0);
1544 HInstruction* other_array_length = other_bounds_check->InputAt(1);
1545 ValueBound other_value = ValueBound::AsValueBound(other_index);
1546 int32_t other_c = other_value.GetConstant();
1547 if (array_length == other_array_length && base == other_value.GetInstruction()) {
1548 // Ensure every candidate could be picked for code generation.
1549 bool b1 = false, b2 = false;
1550 if (!induction_range_.CanGenerateRange(other_bounds_check, other_index, &b1, &b2)) {
1551 continue;
1552 }
1553 // Does the current basic block dominate all back edges? If not,
1554 // add this candidate later only if it falls into the range.
1555 if (!loop->DominatesAllBackEdges(user->GetBlock())) {
1556 standby.push_back(other_bounds_check);
1557 continue;
1558 }
1559 min_c = std::min(min_c, other_c);
1560 max_c = std::max(max_c, other_c);
1561 candidates.push_back(other_bounds_check);
1562 }
1563 }
1564 }
1565 // Add standby candidates that fall in selected range.
1566 for (HBoundsCheck* other_bounds_check : standby) {
1567 HInstruction* other_index = other_bounds_check->InputAt(0);
1568 int32_t other_c = ValueBound::AsValueBound(other_index).GetConstant();
1569 if (min_c <= other_c && other_c <= max_c) {
1570 candidates.push_back(other_bounds_check);
1571 }
1572 }
1573 // Perform loop-based deoptimization if it seems profitable, where we eliminate bounds
1574 // checks and replace these with deopt checks that guard against any possible OOB.
1575 DCHECK_LT(0u, candidates.size());
1576 uint32_t distance = static_cast<uint32_t>(max_c) - static_cast<uint32_t>(min_c);
1577 if ((base != nullptr || min_c >= 0) && // reject certain OOB
1578 distance <= kMaxLengthForAddingDeoptimize) { // reject likely/certain deopt
1579 HBasicBlock* block = GetPreHeader(loop, bounds_check);
1580 HInstruction* min_lower = nullptr;
1581 HInstruction* min_upper = nullptr;
1582 HInstruction* max_lower = nullptr;
1583 HInstruction* max_upper = nullptr;
1584 // Iterate over all bounds checks.
1585 for (HBoundsCheck* other_bounds_check : candidates) {
1586 // Only handle if still in the graph. This avoids visiting the same
1587 // bounds check twice if it occurred multiple times in the use list.
1588 if (other_bounds_check->IsInBlock()) {
1589 HInstruction* other_index = other_bounds_check->InputAt(0);
1590 int32_t other_c = ValueBound::AsValueBound(other_index).GetConstant();
1591 // Generate code for either the maximum or minimum. Range analysis already was queried
1592 // whether code generation on the original and, thus, related bounds check was possible.
1593 // It handles either loop invariants (lower is not set) or unit strides.
1594 if (other_c == max_c) {
1595 induction_range_.GenerateRange(
1596 other_bounds_check, other_index, GetGraph(), block, &max_lower, &max_upper);
1597 } else if (other_c == min_c && base != nullptr) {
1598 induction_range_.GenerateRange(
1599 other_bounds_check, other_index, GetGraph(), block, &min_lower, &min_upper);
1600 }
1601 ReplaceInstruction(other_bounds_check, other_index);
1602 }
1603 }
1604 // In code, using unsigned comparisons:
1605 // (1) constants only
1606 // if (max_upper >= a.length ) deoptimize;
1607 // (2) two symbolic invariants
1608 // if (min_upper > max_upper) deoptimize; unless min_c == max_c
1609 // if (max_upper >= a.length ) deoptimize;
1610 // (3) general case, unit strides (where lower would exceed upper for arithmetic wrap-around)
1611 // if (min_lower > max_lower) deoptimize; unless min_c == max_c
1612 // if (max_lower > max_upper) deoptimize;
1613 // if (max_upper >= a.length ) deoptimize;
1614 if (base == nullptr) {
1615 // Constants only.
1616 DCHECK_GE(min_c, 0);
1617 DCHECK(min_lower == nullptr && min_upper == nullptr &&
1618 max_lower == nullptr && max_upper != nullptr);
1619 } else if (max_lower == nullptr) {
1620 // Two symbolic invariants.
1621 if (min_c != max_c) {
1622 DCHECK(min_lower == nullptr && min_upper != nullptr &&
1623 max_lower == nullptr && max_upper != nullptr);
1624 InsertDeoptInLoop(
1625 loop, block, new (GetGraph()->GetAllocator()) HAbove(min_upper, max_upper));
1626 } else {
1627 DCHECK(min_lower == nullptr && min_upper == nullptr &&
1628 max_lower == nullptr && max_upper != nullptr);
1629 }
1630 } else {
1631 // General case, unit strides.
1632 if (min_c != max_c) {
1633 DCHECK(min_lower != nullptr && min_upper != nullptr &&
1634 max_lower != nullptr && max_upper != nullptr);
1635 InsertDeoptInLoop(
1636 loop, block, new (GetGraph()->GetAllocator()) HAbove(min_lower, max_lower));
1637 } else {
1638 DCHECK(min_lower == nullptr && min_upper == nullptr &&
1639 max_lower != nullptr && max_upper != nullptr);
1640 }
1641 InsertDeoptInLoop(
1642 loop, block, new (GetGraph()->GetAllocator()) HAbove(max_lower, max_upper));
1643 }
1644 InsertDeoptInLoop(
1645 loop, block, new (GetGraph()->GetAllocator()) HAboveOrEqual(max_upper, array_length));
1646 } else {
1647 // TODO: if rejected, avoid doing this again for subsequent instructions in this set?
1648 }
1649 }
1650
1651 /**
1652 * Returns true if heuristics indicate that dynamic bce may be profitable.
1653 */
DynamicBCESeemsProfitable(HLoopInformation * loop,HBasicBlock * block)1654 bool DynamicBCESeemsProfitable(HLoopInformation* loop, HBasicBlock* block) {
1655 if (loop != nullptr) {
1656 // The loop preheader of an irreducible loop does not dominate all the blocks in
1657 // the loop. We would need to find the common dominator of all blocks in the loop.
1658 if (loop->IsIrreducible()) {
1659 return false;
1660 }
1661 // We should never deoptimize from an osr method, otherwise we might wrongly optimize
1662 // code dominated by the deoptimization.
1663 if (GetGraph()->IsCompilingOsr()) {
1664 return false;
1665 }
1666 // A try boundary preheader is hard to handle.
1667 // TODO: remove this restriction.
1668 if (loop->GetPreHeader()->GetLastInstruction()->IsTryBoundary()) {
1669 return false;
1670 }
1671 // Does loop have early-exits? If so, the full range may not be covered by the loop
1672 // at runtime and testing the range may apply deoptimization unnecessarily.
1673 if (IsEarlyExitLoop(loop)) {
1674 return false;
1675 }
1676 // Does the current basic block dominate all back edges? If not,
1677 // don't apply dynamic bce to something that may not be executed.
1678 return loop->DominatesAllBackEdges(block);
1679 }
1680 return false;
1681 }
1682
1683 /**
1684 * Returns true if the loop has early exits, which implies it may not cover
1685 * the full range computed by range analysis based on induction variables.
1686 */
IsEarlyExitLoop(HLoopInformation * loop)1687 bool IsEarlyExitLoop(HLoopInformation* loop) {
1688 const uint32_t loop_id = loop->GetHeader()->GetBlockId();
1689 // If loop has been analyzed earlier for early-exit, don't repeat the analysis.
1690 auto it = early_exit_loop_.find(loop_id);
1691 if (it != early_exit_loop_.end()) {
1692 return it->second;
1693 }
1694 // First time early-exit analysis for this loop. Since analysis requires scanning
1695 // the full loop-body, results of the analysis is stored for subsequent queries.
1696 HBlocksInLoopReversePostOrderIterator it_loop(*loop);
1697 for (it_loop.Advance(); !it_loop.Done(); it_loop.Advance()) {
1698 for (HBasicBlock* successor : it_loop.Current()->GetSuccessors()) {
1699 if (!loop->Contains(*successor)) {
1700 early_exit_loop_.Put(loop_id, true);
1701 return true;
1702 }
1703 }
1704 }
1705 early_exit_loop_.Put(loop_id, false);
1706 return false;
1707 }
1708
1709 /**
1710 * Returns true if the array length is already loop invariant, or can be made so
1711 * by handling the null check under the hood of the array length operation.
1712 */
CanHandleLength(HLoopInformation * loop,HInstruction * length,bool needs_taken_test)1713 bool CanHandleLength(HLoopInformation* loop, HInstruction* length, bool needs_taken_test) {
1714 if (loop->IsDefinedOutOfTheLoop(length)) {
1715 return true;
1716 } else if (length->IsArrayLength() && length->GetBlock()->GetLoopInformation() == loop) {
1717 if (CanHandleNullCheck(loop, length->InputAt(0), needs_taken_test)) {
1718 HoistToPreHeaderOrDeoptBlock(loop, length);
1719 return true;
1720 }
1721 }
1722 return false;
1723 }
1724
1725 /**
1726 * Returns true if the null check is already loop invariant, or can be made so
1727 * by generating a deoptimization test.
1728 */
CanHandleNullCheck(HLoopInformation * loop,HInstruction * check,bool needs_taken_test)1729 bool CanHandleNullCheck(HLoopInformation* loop, HInstruction* check, bool needs_taken_test) {
1730 if (loop->IsDefinedOutOfTheLoop(check)) {
1731 return true;
1732 } else if (check->IsNullCheck() && check->GetBlock()->GetLoopInformation() == loop) {
1733 HInstruction* array = check->InputAt(0);
1734 if (loop->IsDefinedOutOfTheLoop(array)) {
1735 // Generate: if (array == null) deoptimize;
1736 TransformLoopForDeoptimizationIfNeeded(loop, needs_taken_test);
1737 HBasicBlock* block = GetPreHeader(loop, check);
1738 HInstruction* cond =
1739 new (GetGraph()->GetAllocator()) HEqual(array, GetGraph()->GetNullConstant());
1740 InsertDeoptInLoop(loop, block, cond, /* is_null_check= */ true);
1741 ReplaceInstruction(check, array);
1742 return true;
1743 }
1744 }
1745 return false;
1746 }
1747
1748 /**
1749 * Returns true if compiler can apply dynamic bce to loops that may be infinite
1750 * (e.g. for (int i = 0; i <= U; i++) with U = MAX_INT), which would invalidate
1751 * the range analysis evaluation code by "overshooting" the computed range.
1752 * Since deoptimization would be a bad choice, and there is no other version
1753 * of the loop to use, dynamic bce in such cases is only allowed if other tests
1754 * ensure the loop is finite.
1755 */
CanHandleInfiniteLoop(HLoopInformation * loop,HInstruction * index,bool needs_infinite_test)1756 bool CanHandleInfiniteLoop(HLoopInformation* loop, HInstruction* index, bool needs_infinite_test) {
1757 if (needs_infinite_test) {
1758 // If we already forced the loop to be finite, allow directly.
1759 const uint32_t loop_id = loop->GetHeader()->GetBlockId();
1760 if (finite_loop_.find(loop_id) != finite_loop_.end()) {
1761 return true;
1762 }
1763 // Otherwise, allow dynamic bce if the index (which is necessarily an induction at
1764 // this point) is the direct loop index (viz. a[i]), since then the runtime tests
1765 // ensure upper bound cannot cause an infinite loop.
1766 HInstruction* control = loop->GetHeader()->GetLastInstruction();
1767 if (control->IsIf()) {
1768 HInstruction* if_expr = control->AsIf()->InputAt(0);
1769 if (if_expr->IsCondition()) {
1770 HCondition* condition = if_expr->AsCondition();
1771 if (index == condition->InputAt(0) ||
1772 index == condition->InputAt(1)) {
1773 finite_loop_.insert(loop_id);
1774 return true;
1775 }
1776 }
1777 }
1778 return false;
1779 }
1780 return true;
1781 }
1782
1783 /**
1784 * Returns appropriate preheader for the loop, depending on whether the
1785 * instruction appears in the loop header or proper loop-body.
1786 */
GetPreHeader(HLoopInformation * loop,HInstruction * instruction)1787 HBasicBlock* GetPreHeader(HLoopInformation* loop, HInstruction* instruction) {
1788 // Use preheader unless there is an earlier generated deoptimization block since
1789 // hoisted expressions may depend on and/or used by the deoptimization tests.
1790 HBasicBlock* header = loop->GetHeader();
1791 const uint32_t loop_id = header->GetBlockId();
1792 auto it = taken_test_loop_.find(loop_id);
1793 if (it != taken_test_loop_.end()) {
1794 HBasicBlock* block = it->second;
1795 // If always taken, keep it that way by returning the original preheader,
1796 // which can be found by following the predecessor of the true-block twice.
1797 if (instruction->GetBlock() == header) {
1798 return block->GetSinglePredecessor()->GetSinglePredecessor();
1799 }
1800 return block;
1801 }
1802 return loop->GetPreHeader();
1803 }
1804
1805 /** Inserts a deoptimization test in a loop preheader. */
InsertDeoptInLoop(HLoopInformation * loop,HBasicBlock * block,HInstruction * condition,bool is_null_check=false)1806 void InsertDeoptInLoop(HLoopInformation* loop,
1807 HBasicBlock* block,
1808 HInstruction* condition,
1809 bool is_null_check = false) {
1810 HInstruction* suspend = loop->GetSuspendCheck();
1811 block->InsertInstructionBefore(condition, block->GetLastInstruction());
1812 DeoptimizationKind kind =
1813 is_null_check ? DeoptimizationKind::kLoopNullBCE : DeoptimizationKind::kLoopBoundsBCE;
1814 HDeoptimize* deoptimize = new (GetGraph()->GetAllocator()) HDeoptimize(
1815 GetGraph()->GetAllocator(), condition, kind, suspend->GetDexPc());
1816 block->InsertInstructionBefore(deoptimize, block->GetLastInstruction());
1817 if (suspend->HasEnvironment()) {
1818 deoptimize->CopyEnvironmentFromWithLoopPhiAdjustment(
1819 suspend->GetEnvironment(), loop->GetHeader());
1820 }
1821 }
1822
1823 /** Inserts a deoptimization test right before a bounds check. */
InsertDeoptInBlock(HBoundsCheck * bounds_check,HInstruction * condition)1824 void InsertDeoptInBlock(HBoundsCheck* bounds_check, HInstruction* condition) {
1825 HBasicBlock* block = bounds_check->GetBlock();
1826 block->InsertInstructionBefore(condition, bounds_check);
1827 HDeoptimize* deoptimize = new (GetGraph()->GetAllocator()) HDeoptimize(
1828 GetGraph()->GetAllocator(),
1829 condition,
1830 DeoptimizationKind::kBlockBCE,
1831 bounds_check->GetDexPc());
1832 block->InsertInstructionBefore(deoptimize, bounds_check);
1833 deoptimize->CopyEnvironmentFrom(bounds_check->GetEnvironment());
1834 }
1835
1836 /** Hoists instruction out of the loop to preheader or deoptimization block. */
HoistToPreHeaderOrDeoptBlock(HLoopInformation * loop,HInstruction * instruction)1837 void HoistToPreHeaderOrDeoptBlock(HLoopInformation* loop, HInstruction* instruction) {
1838 HBasicBlock* block = GetPreHeader(loop, instruction);
1839 DCHECK(!instruction->HasEnvironment());
1840 instruction->MoveBefore(block->GetLastInstruction());
1841 }
1842
1843 /**
1844 * Adds a new taken-test structure to a loop if needed and not already done.
1845 * The taken-test protects range analysis evaluation code to avoid any
1846 * deoptimization caused by incorrect trip-count evaluation in non-taken loops.
1847 *
1848 * old_preheader
1849 * |
1850 * if_block <- taken-test protects deoptimization block
1851 * / \
1852 * true_block false_block <- deoptimizations/invariants are placed in true_block
1853 * \ /
1854 * new_preheader <- may require phi nodes to preserve SSA structure
1855 * |
1856 * header
1857 *
1858 * For example, this loop:
1859 *
1860 * for (int i = lower; i < upper; i++) {
1861 * array[i] = 0;
1862 * }
1863 *
1864 * will be transformed to:
1865 *
1866 * if (lower < upper) {
1867 * if (array == null) deoptimize;
1868 * array_length = array.length;
1869 * if (lower > upper) deoptimize; // unsigned
1870 * if (upper >= array_length) deoptimize; // unsigned
1871 * } else {
1872 * array_length = 0;
1873 * }
1874 * for (int i = lower; i < upper; i++) {
1875 * // Loop without null check and bounds check, and any array.length replaced with array_length.
1876 * array[i] = 0;
1877 * }
1878 */
TransformLoopForDeoptimizationIfNeeded(HLoopInformation * loop,bool needs_taken_test)1879 void TransformLoopForDeoptimizationIfNeeded(HLoopInformation* loop, bool needs_taken_test) {
1880 // Not needed (can use preheader) or already done (can reuse)?
1881 const uint32_t loop_id = loop->GetHeader()->GetBlockId();
1882 if (!needs_taken_test || taken_test_loop_.find(loop_id) != taken_test_loop_.end()) {
1883 return;
1884 }
1885
1886 // Generate top test structure.
1887 HBasicBlock* header = loop->GetHeader();
1888 GetGraph()->TransformLoopHeaderForBCE(header);
1889 HBasicBlock* new_preheader = loop->GetPreHeader();
1890 HBasicBlock* if_block = new_preheader->GetDominator();
1891 HBasicBlock* true_block = if_block->GetSuccessors()[0]; // True successor.
1892 HBasicBlock* false_block = if_block->GetSuccessors()[1]; // False successor.
1893
1894 // Goto instructions.
1895 true_block->AddInstruction(new (GetGraph()->GetAllocator()) HGoto());
1896 false_block->AddInstruction(new (GetGraph()->GetAllocator()) HGoto());
1897 new_preheader->AddInstruction(new (GetGraph()->GetAllocator()) HGoto());
1898
1899 // Insert the taken-test to see if the loop body is entered. If the
1900 // loop isn't entered at all, it jumps around the deoptimization block.
1901 if_block->AddInstruction(new (GetGraph()->GetAllocator()) HGoto()); // placeholder
1902 HInstruction* condition = induction_range_.GenerateTakenTest(
1903 header->GetLastInstruction(), GetGraph(), if_block);
1904 DCHECK(condition != nullptr);
1905 if_block->RemoveInstruction(if_block->GetLastInstruction());
1906 if_block->AddInstruction(new (GetGraph()->GetAllocator()) HIf(condition));
1907
1908 taken_test_loop_.Put(loop_id, true_block);
1909 }
1910
1911 /**
1912 * Inserts phi nodes that preserve SSA structure in generated top test structures.
1913 * All uses of instructions in the deoptimization block that reach the loop need
1914 * a phi node in the new loop preheader to fix the dominance relation.
1915 *
1916 * Example:
1917 * if_block
1918 * / \
1919 * x_0 = .. false_block
1920 * \ /
1921 * x_1 = phi(x_0, null) <- synthetic phi
1922 * |
1923 * new_preheader
1924 */
InsertPhiNodes()1925 void InsertPhiNodes() {
1926 // Scan all new deoptimization blocks.
1927 for (const auto& entry : taken_test_loop_) {
1928 HBasicBlock* true_block = entry.second;
1929 HBasicBlock* new_preheader = true_block->GetSingleSuccessor();
1930 // Scan all instructions in a new deoptimization block.
1931 for (HInstructionIterator it(true_block->GetInstructions()); !it.Done(); it.Advance()) {
1932 HInstruction* instruction = it.Current();
1933 DataType::Type type = instruction->GetType();
1934 HPhi* phi = nullptr;
1935 // Scan all uses of an instruction and replace each later use with a phi node.
1936 const HUseList<HInstruction*>& uses = instruction->GetUses();
1937 for (auto it2 = uses.begin(), end2 = uses.end(); it2 != end2; /* ++it2 below */) {
1938 HInstruction* user = it2->GetUser();
1939 size_t index = it2->GetIndex();
1940 // Increment `it2` now because `*it2` may disappear thanks to user->ReplaceInput().
1941 ++it2;
1942 if (user->GetBlock() != true_block) {
1943 if (phi == nullptr) {
1944 phi = NewPhi(new_preheader, instruction, type);
1945 }
1946 user->ReplaceInput(phi, index); // Removes the use node from the list.
1947 induction_range_.Replace(user, instruction, phi); // update induction
1948 }
1949 }
1950 // Scan all environment uses of an instruction and replace each later use with a phi node.
1951 const HUseList<HEnvironment*>& env_uses = instruction->GetEnvUses();
1952 for (auto it2 = env_uses.begin(), end2 = env_uses.end(); it2 != end2; /* ++it2 below */) {
1953 HEnvironment* user = it2->GetUser();
1954 size_t index = it2->GetIndex();
1955 // Increment `it2` now because `*it2` may disappear thanks to user->RemoveAsUserOfInput().
1956 ++it2;
1957 if (user->GetHolder()->GetBlock() != true_block) {
1958 if (phi == nullptr) {
1959 phi = NewPhi(new_preheader, instruction, type);
1960 }
1961 user->RemoveAsUserOfInput(index);
1962 user->SetRawEnvAt(index, phi);
1963 phi->AddEnvUseAt(user, index);
1964 }
1965 }
1966 }
1967 }
1968 }
1969
1970 /**
1971 * Construct a phi(instruction, 0) in the new preheader to fix the dominance relation.
1972 * These are synthetic phi nodes without a virtual register.
1973 */
NewPhi(HBasicBlock * new_preheader,HInstruction * instruction,DataType::Type type)1974 HPhi* NewPhi(HBasicBlock* new_preheader,
1975 HInstruction* instruction,
1976 DataType::Type type) {
1977 HGraph* graph = GetGraph();
1978 HInstruction* zero;
1979 switch (type) {
1980 case DataType::Type::kReference: zero = graph->GetNullConstant(); break;
1981 case DataType::Type::kFloat32: zero = graph->GetFloatConstant(0); break;
1982 case DataType::Type::kFloat64: zero = graph->GetDoubleConstant(0); break;
1983 default: zero = graph->GetConstant(type, 0); break;
1984 }
1985 HPhi* phi = new (graph->GetAllocator())
1986 HPhi(graph->GetAllocator(), kNoRegNumber, /*number_of_inputs*/ 2, HPhi::ToPhiType(type));
1987 phi->SetRawInputAt(0, instruction);
1988 phi->SetRawInputAt(1, zero);
1989 if (type == DataType::Type::kReference) {
1990 phi->SetReferenceTypeInfo(instruction->GetReferenceTypeInfo());
1991 }
1992 new_preheader->AddPhi(phi);
1993 return phi;
1994 }
1995
1996 /** Helper method to replace an instruction with another instruction. */
ReplaceInstruction(HInstruction * instruction,HInstruction * replacement)1997 void ReplaceInstruction(HInstruction* instruction, HInstruction* replacement) {
1998 // Safe iteration.
1999 if (instruction == next_) {
2000 next_ = next_->GetNext();
2001 }
2002 // Replace and remove.
2003 instruction->ReplaceWith(replacement);
2004 instruction->GetBlock()->RemoveInstruction(instruction);
2005 }
2006
2007 // Use local allocator for allocating memory.
2008 ScopedArenaAllocator allocator_;
2009
2010 // A set of maps, one per basic block, from instruction to range.
2011 ScopedArenaVector<ScopedArenaSafeMap<int, ValueRange*>> maps_;
2012
2013 // Map an HArrayLength instruction's id to the first HBoundsCheck instruction
2014 // in a block that checks an index against that HArrayLength.
2015 ScopedArenaSafeMap<int, HBoundsCheck*> first_index_bounds_check_map_;
2016
2017 // Early-exit loop bookkeeping.
2018 ScopedArenaSafeMap<uint32_t, bool> early_exit_loop_;
2019
2020 // Taken-test loop bookkeeping.
2021 ScopedArenaSafeMap<uint32_t, HBasicBlock*> taken_test_loop_;
2022
2023 // Finite loop bookkeeping.
2024 ScopedArenaSet<uint32_t> finite_loop_;
2025
2026 // Flag that denotes whether dominator-based dynamic elimination has occurred.
2027 bool has_dom_based_dynamic_bce_;
2028
2029 // Initial number of blocks.
2030 uint32_t initial_block_size_;
2031
2032 // Side effects.
2033 const SideEffectsAnalysis& side_effects_;
2034
2035 // Range analysis based on induction variables.
2036 InductionVarRange induction_range_;
2037
2038 // Safe iteration.
2039 HInstruction* next_;
2040
2041 DISALLOW_COPY_AND_ASSIGN(BCEVisitor);
2042 };
2043
Run()2044 bool BoundsCheckElimination::Run() {
2045 if (!graph_->HasBoundsChecks()) {
2046 return false;
2047 }
2048
2049 // Reverse post order guarantees a node's dominators are visited first.
2050 // We want to visit in the dominator-based order since if a value is known to
2051 // be bounded by a range at one instruction, it must be true that all uses of
2052 // that value dominated by that instruction fits in that range. Range of that
2053 // value can be narrowed further down in the dominator tree.
2054 BCEVisitor visitor(graph_, side_effects_, induction_analysis_);
2055 for (size_t i = 0, size = graph_->GetReversePostOrder().size(); i != size; ++i) {
2056 HBasicBlock* current = graph_->GetReversePostOrder()[i];
2057 if (visitor.IsAddedBlock(current)) {
2058 // Skip added blocks. Their effects are already taken care of.
2059 continue;
2060 }
2061 visitor.VisitBasicBlock(current);
2062 // Skip forward to the current block in case new basic blocks were inserted
2063 // (which always appear earlier in reverse post order) to avoid visiting the
2064 // same basic block twice.
2065 size_t new_size = graph_->GetReversePostOrder().size();
2066 DCHECK_GE(new_size, size);
2067 i += new_size - size;
2068 DCHECK_EQ(current, graph_->GetReversePostOrder()[i]);
2069 size = new_size;
2070 }
2071
2072 // Perform cleanup.
2073 visitor.Finish();
2074
2075 return true;
2076 }
2077
2078 } // namespace art
2079