LowerTypeTests.cpp source code [llvm_projects/llvm/lib/Transforms/IPO/LowerTypeTests.cpp]

1	//===- LowerTypeTests.cpp - type metadata lowering pass -------------------===//
2	//
3	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4	// See https://llvm.org/LICENSE.txt for license information.
5	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6	//
7	//===----------------------------------------------------------------------===//
8	//
9	// This pass lowers type metadata and calls to the llvm.type.test intrinsic.
10	// It also ensures that globals are properly laid out for the
11	// llvm.icall.branch.funnel intrinsic.
12	// See http://llvm.org/docs/TypeMetadata.html for more information.
13	//
14	//===----------------------------------------------------------------------===//
15
16	#include "llvm/Transforms/IPO/LowerTypeTests.h"
17	#include "llvm/ADT/APInt.h"
18	#include "llvm/ADT/ArrayRef.h"
19	#include "llvm/ADT/DenseMap.h"
20	#include "llvm/ADT/EquivalenceClasses.h"
21	#include "llvm/ADT/PointerUnion.h"
22	#include "llvm/ADT/STLExtras.h"
23	#include "llvm/ADT/SetVector.h"
24	#include "llvm/ADT/SmallVector.h"
25	#include "llvm/ADT/Statistic.h"
26	#include "llvm/ADT/StringRef.h"
27	#include "llvm/ADT/TinyPtrVector.h"
28	#include "llvm/Analysis/LoopInfo.h"
29	#include "llvm/Analysis/PostDominators.h"
30	#include "llvm/Analysis/TargetTransformInfo.h"
31	#include "llvm/Analysis/TypeMetadataUtils.h"
32	#include "llvm/Analysis/ValueTracking.h"
33	#include "llvm/IR/Attributes.h"
34	#include "llvm/IR/BasicBlock.h"
35	#include "llvm/IR/Constant.h"
36	#include "llvm/IR/Constants.h"
37	#include "llvm/IR/DataLayout.h"
38	#include "llvm/IR/DerivedTypes.h"
39	#include "llvm/IR/Function.h"
40	#include "llvm/IR/GlobalAlias.h"
41	#include "llvm/IR/GlobalObject.h"
42	#include "llvm/IR/GlobalValue.h"
43	#include "llvm/IR/GlobalVariable.h"
44	#include "llvm/IR/IRBuilder.h"
45	#include "llvm/IR/InlineAsm.h"
46	#include "llvm/IR/Instruction.h"
47	#include "llvm/IR/Instructions.h"
48	#include "llvm/IR/IntrinsicInst.h"
49	#include "llvm/IR/Intrinsics.h"
50	#include "llvm/IR/LLVMContext.h"
51	#include "llvm/IR/MDBuilder.h"
52	#include "llvm/IR/Metadata.h"
53	#include "llvm/IR/Module.h"
54	#include "llvm/IR/ModuleSummaryIndex.h"
55	#include "llvm/IR/ModuleSummaryIndexYAML.h"
56	#include "llvm/IR/Operator.h"
57	#include "llvm/IR/PassManager.h"
58	#include "llvm/IR/ProfDataUtils.h"
59	#include "llvm/IR/ReplaceConstant.h"
60	#include "llvm/IR/Type.h"
61	#include "llvm/IR/Use.h"
62	#include "llvm/IR/User.h"
63	#include "llvm/IR/Value.h"
64	#include "llvm/Support/Allocator.h"
65	#include "llvm/Support/Casting.h"
66	#include "llvm/Support/CommandLine.h"
67	#include "llvm/Support/Debug.h"
68	#include "llvm/Support/Error.h"
69	#include "llvm/Support/ErrorHandling.h"
70	#include "llvm/Support/FileSystem.h"
71	#include "llvm/Support/MathExtras.h"
72	#include "llvm/Support/MemoryBuffer.h"
73	#include "llvm/Support/TrailingObjects.h"
74	#include "llvm/Support/YAMLTraits.h"
75	#include "llvm/Support/raw_ostream.h"
76	#include "llvm/TargetParser/Triple.h"
77	#include "llvm/Transforms/IPO.h"
78	#include "llvm/Transforms/Utils/BasicBlockUtils.h"
79	#include "llvm/Transforms/Utils/ModuleUtils.h"
80	#include <algorithm>
81	#include <cassert>
82	#include <cstdint>
83	#include <set>
84	#include <string>
85	#include <system_error>
86	#include <utility>
87	#include <vector>
88
89	using namespace llvm;
90	using namespace lowertypetests;
91
92	#define DEBUG_TYPE "lowertypetests"
93
94	STATISTIC(ByteArraySizeBits, "Byte array size in bits");
95	STATISTIC(ByteArraySizeBytes, "Byte array size in bytes");
96	STATISTIC(NumByteArraysCreated, "Number of byte arrays created");
97	STATISTIC(NumTypeTestCallsLowered, "Number of type test calls lowered");
98	STATISTIC(NumTypeIdDisjointSets, "Number of disjoint sets of type identifiers");
99
100	static cl::opt<bool> AvoidReuse(
101	"lowertypetests-avoid-reuse",
102	cl::desc ("Try to avoid reuse of byte array addresses using aliases"),
103	cl::Hidden, cl::init(Val: true));
104
105	static cl::opt<PassSummaryAction> ClSummaryAction(
106	"lowertypetests-summary-action",
107	cl::desc ("What to do with the summary when running this pass"),
108	cl::values(clEnumValN(PassSummaryAction::None, "none", "Do nothing"),
109	clEnumValN(PassSummaryAction::Import, "import",
110	"Import typeid resolutions from summary and globals"),
111	clEnumValN(PassSummaryAction::Export, "export",
112	"Export typeid resolutions to summary and globals")),
113	cl::Hidden);
114
115	static cl::opt<std::string> ClReadSummary(
116	"lowertypetests-read-summary",
117	cl::desc ("Read summary from given YAML file before running pass"),
118	cl::Hidden);
119
120	static cl::opt<std::string> ClWriteSummary(
121	"lowertypetests-write-summary",
122	cl::desc ("Write summary to given YAML file after running pass"),
123	cl::Hidden);
124
125	static cl::opt<DropTestKind>
126	ClDropTypeTests("lowertypetests-drop-type-tests",
127	cl::desc ("Simply drop type test sequences"),
128	cl::values(clEnumValN(DropTestKind::None, "none",
129	"Do not drop any type tests"),
130	clEnumValN(DropTestKind::Assume, "assume",
131	"Drop type test assume sequences"),
132	clEnumValN(DropTestKind::All, "all",
133	"Drop all type test sequences")),
134	cl::Hidden, cl::init(Val: DropTestKind::None));
135
136	bool BitSetInfo::containsGlobalOffset(uint64_t Offset) const {
137	if (Offset < ByteOffset)
138	return false;
139
140	if ((Offset - ByteOffset) % (uint64_t(`1`) << AlignLog2) != `0`)
141	return false;
142
143	uint64_t BitOffset = (Offset - ByteOffset) >> AlignLog2;
144	if (BitOffset >= BitSize)
145	return false;
146
147	return Bits.count(x: BitSize - `1` - BitOffset);
148	}
149
150	void BitSetInfo::print(raw_ostream &OS) const {
151	OS << "offset " << ByteOffset << " size " << BitSize << " align "
152	<< (`1` << AlignLog2);
153
154	if (isAllOnes()) {
155	OS << " all-ones\n";
156	return;
157	}
158
159	OS << " { ";
160	for (uint64_t B : Bits)
161	OS << B << `' '`;
162	OS << "}\n";
163	}
164
165	BitSetInfo BitSetBuilder::build() {
166	if (Min > Max)
167	Min = `0`;
168
169	// Normalize each offset against the minimum observed offset, and compute
170	// the bitwise OR of each of the offsets. The number of trailing zeros
171	// in the mask gives us the log2 of the alignment of all offsets, which
172	// allows us to compress the bitset by only storing one bit per aligned
173	// address.
174	uint64_t Mask = `0`;
175	for (uint64_t &Offset : Offsets) {
176	Offset -= Min;
177	Mask \|= Offset;
178	}
179
180	BitSetInfo BSI;
181	BSI.ByteOffset = Min;
182
183	BSI.AlignLog2 = `0`;
184	if (Mask != `0`)
185	BSI.AlignLog2 = llvm::countr_zero(Val: Mask);
186
187	// Build the compressed bitset while normalizing the offsets against the
188	// computed alignment.
189	BSI.BitSize = ((Max - Min) >> BSI.AlignLog2) + `1`;
190	for (uint64_t Offset : Offsets) {
191	Offset >>= BSI.AlignLog2;
192	// We invert the order of bits when adding them to the bitset. This is
193	// because the offset that we test against is computed by subtracting the
194	// address that we are testing from the global's address, which means that
195	// the offset increases as the tested address decreases.
196	BSI.Bits.insert(x: BSI.BitSize - `1` - Offset);
197	}
198
199	return BSI;
200	}
201
202	void GlobalLayoutBuilder::addFragment(const std::set<uint64_t> &F) {
203	// Create a new fragment to hold the layout for F.
204	Fragments.emplace_back();
205	std::vector<uint64_t> &Fragment = Fragments.back();
206	uint64_t FragmentIndex = Fragments.size() - `1`;
207
208	for (auto ObjIndex : F) {
209	uint64_t OldFragmentIndex = FragmentMap [ObjIndex];
210	if (OldFragmentIndex == `0`) {
211	// We haven't seen this object index before, so just add it to the current
212	// fragment.
213	Fragment.push_back(x: ObjIndex);
214	} else {
215	// This index belongs to an existing fragment. Copy the elements of the
216	// old fragment into this one and clear the old fragment. We don't update
217	// the fragment map just yet, this ensures that any further references to
218	// indices from the old fragment in this fragment do not insert any more
219	// indices.
220	std::vector<uint64_t> &OldFragment = Fragments [OldFragmentIndex];
221	llvm::append_range(C&: Fragment, R&: OldFragment);
222	OldFragment.clear();
223	}
224	}
225
226	// Update the fragment map to point our object indices to this fragment.
227	for (uint64_t ObjIndex : Fragment)
228	FragmentMap [ObjIndex] = FragmentIndex;
229	}
230
231	void ByteArrayBuilder::allocate(const std::set<uint64_t> &Bits,
232	uint64_t BitSize, uint64_t &AllocByteOffset,
233	uint8_t &AllocMask) {
234	// Find the smallest current allocation.
235	unsigned Bit = `0`;
236	for (unsigned I = `1`; I != BitsPerByte; ++I)
237	if (BitAllocs[I] < BitAllocs[Bit])
238	Bit = I;
239
240	AllocByteOffset = BitAllocs[Bit];
241
242	// Add our size to it.
243	unsigned ReqSize = AllocByteOffset + BitSize;
244	BitAllocs[Bit] = ReqSize;
245	if (Bytes.size() < ReqSize)
246	Bytes.resize(new_size: ReqSize);
247
248	// Set our bits.
249	AllocMask = `1` << Bit;
250	for (uint64_t B : Bits)
251	Bytes [AllocByteOffset + B] \|= AllocMask;
252	}
253
254	bool lowertypetests::isJumpTableCanonical(Function *F) {
255	if (F->isDeclarationForLinker())
256	return false;
257	auto *CI = mdconst::extract_or_null<ConstantInt>(
258	MD: F->getParent()->getModuleFlag(Key: "CFI Canonical Jump Tables"));
259	if (!CI \|\| !CI->isZero())
260	return true;
261	return F->hasFnAttribute(Kind: "cfi-canonical-jump-table");
262	}
263
264	namespace {
265
266	struct ByteArrayInfo {
267	std::set<uint64_t> Bits;
268	uint64_t BitSize;
269	GlobalVariable *ByteArray;
270	GlobalVariable *MaskGlobal;
271	uint8_t MaskPtr = nullptr*;
272	};
273
274	/// A POD-like structure that we use to store a global reference together with
275	/// its metadata types. In this pass we frequently need to query the set of
276	/// metadata types referenced by a global, which at the IR level is an expensive
277	/// operation involving a map lookup; this data structure helps to reduce the
278	/// number of times we need to do this lookup.
279	class GlobalTypeMember final : TrailingObjects<GlobalTypeMember, MDNode *> {
280	friend TrailingObjects;
281
282	GlobalObject *GO;
283	size_t NTypes;
284
285	// For functions: true if the jump table is canonical. This essentially means
286	// whether the canonical address (i.e. the symbol table entry) of the function
287	// is provided by the local jump table. This is normally the same as whether
288	// the function is defined locally, but if canonical jump tables are disabled
289	// by the user then the jump table never provides a canonical definition.
290	bool IsJumpTableCanonical;
291
292	// For functions: true if this function is either defined or used in a thinlto
293	// module and its jumptable entry needs to be exported to thinlto backends.
294	bool IsExported;
295
296	public:
297	static GlobalTypeMember create(BumpPtrAllocator &Alloc, GlobalObject GO,
298	bool IsJumpTableCanonical, bool IsExported,
299	ArrayRef<MDNode *> Types) {
300	auto GTM = static_cast<GlobalTypeMember >(Alloc.Allocate(
301	Size: totalSizeToAlloc<MDNode >(Counts: Types.size()), Alignment: alignof*(GlobalTypeMember)));
302	GTM->GO = GO;
303	GTM->NTypes = Types.size();
304	GTM->IsJumpTableCanonical = IsJumpTableCanonical;
305	GTM->IsExported = IsExported;
306	llvm::copy(Range&: Types, Out: GTM->getTrailingObjects());
307	return GTM;
308	}
309
310	GlobalObject getGlobal() const* {
311	return GO;
312	}
313
314	bool isJumpTableCanonical() const {
315	return IsJumpTableCanonical;
316	}
317
318	bool isExported() const {
319	return IsExported;
320	}
321
322	ArrayRef<MDNode > types() const* { return getTrailingObjects(N: NTypes); }
323	};
324
325	struct ICallBranchFunnel final
326	: TrailingObjects<ICallBranchFunnel, GlobalTypeMember *> {
327	static ICallBranchFunnel create(BumpPtrAllocator &Alloc, CallInst CI,
328	ArrayRef<GlobalTypeMember *> Targets,
329	unsigned UniqueId) {
330	auto Call = static_cast<ICallBranchFunnel >(
331	Alloc.Allocate(Size: totalSizeToAlloc<GlobalTypeMember *>(Counts: Targets.size()),
332	Alignment: alignof(ICallBranchFunnel)));
333	Call->CI = CI;
334	Call->UniqueId = UniqueId;
335	Call->NTargets = Targets.size();
336	llvm::copy(Range&: Targets, Out: Call->getTrailingObjects());
337	return Call;
338	}
339
340	CallInst *CI;
341	ArrayRef<GlobalTypeMember > targets() const* {
342	return getTrailingObjects(N: NTargets);
343	}
344
345	unsigned UniqueId;
346
347	private:
348	size_t NTargets;
349	};
350
351	struct ScopedSaveAliaseesAndUsed {
352	Module &M;
353	SmallVector<GlobalValue *, `4`> Used, CompilerUsed;
354	std::vector<std::pair<GlobalAlias , Function >> FunctionAliases;
355	std::vector<std::pair<GlobalIFunc , Function >> ResolverIFuncs;
356
357	// This function only removes functions from llvm.used and llvm.compiler.used.
358	// We cannot remove global variables because they need to follow RAUW, as
359	// they may be deleted by buildBitSetsFromGlobalVariables.
360	void collectAndEraseUsedFunctions(Module &M,
361	SmallVectorImpl<GlobalValue *> &Vec,
362	bool CompilerUsed) {
363	auto *GV = collectUsedGlobalVariables(M, Vec, CompilerUsed);
364	if (!GV)
365	return;
366	// There's no API to only remove certain array elements from
367	// llvm.used/llvm.compiler.used, so we remove all of them and add back only
368	// the non-functions.
369	GV->eraseFromParent();
370	auto NonFuncBegin =
371	std::stable_partition(first: Vec.begin(), last: Vec.end(), pred: [](GlobalValue *GV) {
372	return isa<Function>(Val: GV);
373	});
374	if (CompilerUsed)
375	appendToCompilerUsed(M, Values: {NonFuncBegin, Vec.end()});
376	else
377	appendToUsed(M, Values: {NonFuncBegin, Vec.end()});
378	Vec.resize(N: NonFuncBegin - Vec.begin());
379	}
380
381	ScopedSaveAliaseesAndUsed(Module &M) : M(M) {
382	// The users of this class want to replace all function references except
383	// for aliases and llvm.used/llvm.compiler.used with references to a jump
384	// table. We avoid replacing aliases in order to avoid introducing a double
385	// indirection (or an alias pointing to a declaration in ThinLTO mode), and
386	// we avoid replacing llvm.used/llvm.compiler.used because these global
387	// variables describe properties of the global, not the jump table (besides,
388	// offseted references to the jump table in llvm.used are invalid).
389	// Unfortunately, LLVM doesn't have a "RAUW except for these (possibly
390	// indirect) users", so what we do is save the list of globals referenced by
391	// llvm.used/llvm.compiler.used and aliases, erase the used lists, let RAUW
392	// replace the aliasees and then set them back to their original values at
393	// the end.
394	collectAndEraseUsedFunctions(M, Vec&: Used, CompilerUsed: false);
395	collectAndEraseUsedFunctions(M, Vec&: CompilerUsed, CompilerUsed: true);
396
397	for (auto &GA : M.aliases()) {
398	// FIXME: This should look past all aliases not just interposable ones,
399	// see discussion on D65118.
400	if (auto *F = dyn_cast<Function>(Val: GA.getAliasee()->stripPointerCasts()))
401	FunctionAliases.push_back(x: {&GA, F});
402	}
403
404	for (auto &GI : M.ifuncs())
405	if (auto *F = dyn_cast<Function>(Val: GI.getResolver()->stripPointerCasts()))
406	ResolverIFuncs.push_back(x: {&GI, F});
407	}
408
409	~ScopedSaveAliaseesAndUsed() {
410	appendToUsed(M, Values: Used);
411	appendToCompilerUsed(M, Values: CompilerUsed);
412
413	for (auto P : FunctionAliases)
414	P.first->setAliasee(P.second);
415
416	for (auto P : ResolverIFuncs) {
417	// This does not preserve pointer casts that may have been stripped by the
418	// constructor, but the resolver's type is different from that of the
419	// ifunc anyway.
420	P.first->setResolver(P.second);
421	}
422	}
423	};
424
425	class LowerTypeTestsModule {
426	Module &M;
427
428	ModuleSummaryIndex *ExportSummary;
429	const ModuleSummaryIndex *ImportSummary;
430	// Set when the client has invoked this to simply drop all type test assume
431	// sequences.
432	DropTestKind DropTypeTests;
433
434	Triple::ArchType Arch;
435	Triple::OSType OS;
436	Triple::ObjectFormatType ObjectFormat;
437
438	// Determines which kind of Thumb jump table we generate. If arch is
439	// either 'arm' or 'thumb' we need to find this out, because
440	// selectJumpTableArmEncoding may decide to use Thumb in either case.
441	bool CanUseArmJumpTable = false, CanUseThumbBWJumpTable = false;
442
443	// Cache variable used by hasBranchTargetEnforcement().
444	int HasBranchTargetEnforcement = -`1`;
445
446	IntegerType *Int1Ty = Type::getInt1Ty(C&: M.getContext());
447	IntegerType *Int8Ty = Type::getInt8Ty(C&: M.getContext());
448	PointerType *PtrTy = PointerType::getUnqual(C&: M.getContext());
449	ArrayType *Int8Arr0Ty = ArrayType::get(ElementType: Type::getInt8Ty(C&: M.getContext()), NumElements: `0`);
450	IntegerType *Int32Ty = Type::getInt32Ty(C&: M.getContext());
451	IntegerType *Int64Ty = Type::getInt64Ty(C&: M.getContext());
452	IntegerType *IntPtrTy = M.getDataLayout().getIntPtrType(C&: M.getContext(), AddressSpace: `0`);
453
454	// Indirect function call index assignment counter for WebAssembly
455	uint64_t IndirectIndex = `1`;
456
457	// Mapping from type identifiers to the call sites that test them, as well as
458	// whether the type identifier needs to be exported to ThinLTO backends as
459	// part of the regular LTO phase of the ThinLTO pipeline (see exportTypeId).
460	struct TypeIdUserInfo {
461	std::vector<CallInst *> CallSites;
462	bool IsExported = false;
463	};
464	DenseMap<Metadata *, TypeIdUserInfo> TypeIdUsers;
465
466	/// This structure describes how to lower type tests for a particular type
467	/// identifier. It is either built directly from the global analysis (during
468	/// regular LTO or the regular LTO phase of ThinLTO), or indirectly using type
469	/// identifier summaries and external symbol references (in ThinLTO backends).
470	struct TypeIdLowering {
471	TypeTestResolution::Kind TheKind = TypeTestResolution::Unsat;
472
473	/// All except Unsat: the address of the last element within the combined
474	/// global.
475	Constant *OffsetedGlobal;
476
477	/// ByteArray, Inline, AllOnes: log2 of the required global alignment
478	/// relative to the start address.
479	Constant *AlignLog2;
480
481	/// ByteArray, Inline, AllOnes: one less than the size of the memory region
482	/// covering members of this type identifier as a multiple of 2^AlignLog2.
483	Constant *SizeM1;
484
485	/// ByteArray: the byte array to test the address against.
486	Constant *TheByteArray;
487
488	/// ByteArray: the bit mask to apply to bytes loaded from the byte array.
489	Constant *BitMask;
490
491	/// Inline: the bit mask to test the address against.
492	Constant *InlineBits;
493	};
494
495	std::vector<ByteArrayInfo> ByteArrayInfos;
496
497	Function WeakInitializerFn = nullptr*;
498
499	GlobalVariable *GlobalAnnotation;
500	DenseSet<Value *> FunctionAnnotations;
501
502	bool shouldExportConstantsAsAbsoluteSymbols();
503	uint8_t exportTypeId(StringRef TypeId, const* TypeIdLowering &TIL);
504	TypeIdLowering importTypeId(StringRef TypeId);
505	void importTypeTest(CallInst *CI);
506	void importFunction(Function F, bool* isJumpTableCanonical);
507
508	ByteArrayInfo createByteArray(const* BitSetInfo &BSI);
509	void allocateByteArrays();
510	Value createBitSetTest(IRBuilder<> &B, const* TypeIdLowering &TIL,
511	Value *BitOffset);
512	void lowerTypeTestCalls(
513	ArrayRef<Metadata > TypeIds, Constant CombinedGlobalAddr,
514	const DenseMap<GlobalTypeMember *, uint64_t> &GlobalLayout);
515	Value lowerTypeTestCall(Metadata TypeId, CallInst *CI,
516	const TypeIdLowering &TIL);
517
518	void buildBitSetsFromGlobalVariables(ArrayRef<Metadata *> TypeIds,
519	ArrayRef<GlobalTypeMember *> Globals);
520	Triple::ArchType
521	selectJumpTableArmEncoding(ArrayRef<GlobalTypeMember *> Functions);
522	bool hasBranchTargetEnforcement();
523	unsigned getJumpTableEntrySize(Triple::ArchType JumpTableArch);
524	InlineAsm *createJumpTableEntryAsm(Triple::ArchType JumpTableArch);
525	void verifyTypeMDNode(GlobalObject GO, MDNode Type);
526	void buildBitSetsFromFunctions(ArrayRef<Metadata *> TypeIds,
527	ArrayRef<GlobalTypeMember *> Functions);
528	void buildBitSetsFromFunctionsNative(ArrayRef<Metadata *> TypeIds,
529	ArrayRef<GlobalTypeMember *> Functions);
530	void buildBitSetsFromFunctionsWASM(ArrayRef<Metadata *> TypeIds,
531	ArrayRef<GlobalTypeMember *> Functions);
532	void
533	buildBitSetsFromDisjointSet(ArrayRef<Metadata *> TypeIds,
534	ArrayRef<GlobalTypeMember *> Globals,
535	ArrayRef<ICallBranchFunnel *> ICallBranchFunnels);
536
537	void replaceWeakDeclarationWithJumpTablePtr(Function F, Constant JT,
538	bool IsJumpTableCanonical);
539	void moveInitializerToModuleConstructor(GlobalVariable *GV);
540	void findGlobalVariableUsersOf(Constant *C,
541	SmallSetVector<GlobalVariable *, `8`> &Out);
542
543	void createJumpTable(Function F, ArrayRef<GlobalTypeMember > Functions,
544	Triple::ArchType JumpTableArch);
545
546	/// replaceCfiUses - Go through the uses list for this definition
547	/// and make each use point to "V" instead of "this" when the use is outside
548	/// the block. 'This's use list is expected to have at least one element.
549	/// Unlike replaceAllUsesWith this function skips blockaddr and direct call
550	/// uses.
551	void replaceCfiUses(Function Old, Value New, bool IsJumpTableCanonical);
552
553	/// replaceDirectCalls - Go through the uses list for this definition and
554	/// replace each use, which is a direct function call.
555	void replaceDirectCalls(Value Old, Value New);
556
557	bool isFunctionAnnotation(Value V) const* {
558	return FunctionAnnotations.contains(V);
559	}
560
561	void maybeReplaceComdat(Function *F, StringRef OriginalName);
562
563	public:
564	LowerTypeTestsModule(Module &M, ModuleAnalysisManager &AM,
565	ModuleSummaryIndex *ExportSummary,
566	const ModuleSummaryIndex *ImportSummary,
567	DropTestKind DropTypeTests);
568
569	bool lower();
570
571	// Lower the module using the action and summary passed as command line
572	// arguments. For testing purposes only.
573	static bool runForTesting(Module &M, ModuleAnalysisManager &AM);
574	};
575	} // end anonymous namespace
576
577	/// Build a bit set for list of offsets.
578	static BitSetInfo buildBitSet(ArrayRef<uint64_t> Offsets) {
579	// Compute the byte offset of each address associated with this type
580	// identifier.
581	return BitSetBuilder (Offsets).build();
582	}
583
584	/// Build a test that bit BitOffset mod sizeof(Bits)8 is set in*
585	/// Bits. This pattern matches to the bt instruction on x86.
586	static Value createMaskedBitTest(IRBuilder<> &B, Value Bits,
587	Value *BitOffset) {
588	auto BitsType = cast<IntegerType>(Val: Bits->getType());
589	unsigned BitWidth = BitsType->getBitWidth();
590
591	BitOffset = B.CreateZExtOrTrunc(V: BitOffset, DestTy: BitsType);
592	Value *BitIndex =
593	B.CreateAnd(LHS: BitOffset, RHS: ConstantInt::get(Ty: BitsType, V: BitWidth - `1`));
594	Value *BitMask = B.CreateShl(LHS: ConstantInt::get(Ty: BitsType, V: `1`), RHS: BitIndex);
595	Value *MaskedBits = B.CreateAnd(LHS: Bits, RHS: BitMask);
596	return B.CreateICmpNE(LHS: MaskedBits, RHS: ConstantInt::get(Ty: BitsType, V: `0`));
597	}
598
599	ByteArrayInfo LowerTypeTestsModule::createByteArray(const* BitSetInfo &BSI) {
600	// Create globals to stand in for byte arrays and masks. These never actually
601	// get initialized, we RAUW and erase them later in allocateByteArrays() once
602	// we know the offset and mask to use.
603	auto ByteArrayGlobal = new GlobalVariable (
604	M, Int8Ty, /isConstant=/true, GlobalValue::PrivateLinkage, nullptr);
605	auto MaskGlobal = new GlobalVariable (M, Int8Ty, /isConstant=/true,
606	GlobalValue::PrivateLinkage, nullptr);
607
608	ByteArrayInfos.emplace_back();
609	ByteArrayInfo *BAI = &ByteArrayInfos.back();
610
611	BAI->Bits = BSI.Bits;
612	BAI->BitSize = BSI.BitSize;
613	BAI->ByteArray = ByteArrayGlobal;
614	BAI->MaskGlobal = MaskGlobal;
615	return BAI;
616	}
617
618	void LowerTypeTestsModule::allocateByteArrays() {
619	llvm::stable_sort(Range&: ByteArrayInfos,
620	C: [](const ByteArrayInfo &BAI1, const ByteArrayInfo &BAI2) {
621	return BAI1.BitSize > BAI2.BitSize;
622	});
623
624	std::vector<uint64_t> ByteArrayOffsets(ByteArrayInfos.size());
625
626	ByteArrayBuilder BAB;
627	for (unsigned I = `0`; I != ByteArrayInfos.size(); ++I) {
628	ByteArrayInfo *BAI = &ByteArrayInfos [I];
629
630	uint8_t Mask;
631	BAB.allocate(Bits: BAI->Bits, BitSize: BAI->BitSize, AllocByteOffset&: ByteArrayOffsets [I], AllocMask&: Mask);
632
633	BAI->MaskGlobal->replaceAllUsesWith(
634	V: ConstantExpr::getIntToPtr(C: ConstantInt::get(Ty: Int8Ty, V: Mask), Ty: PtrTy));
635	BAI->MaskGlobal->eraseFromParent();
636	if (BAI->MaskPtr)
637	*BAI->MaskPtr = Mask;
638	}
639
640	Constant *ByteArrayConst = ConstantDataArray::get(Context&: M.getContext(), Elts&: BAB.Bytes);
641	auto ByteArray =
642	new GlobalVariable (M, ByteArrayConst->getType(), /isConstant=/true,
643	GlobalValue::PrivateLinkage, ByteArrayConst);
644
645	for (unsigned I = `0`; I != ByteArrayInfos.size(); ++I) {
646	ByteArrayInfo *BAI = &ByteArrayInfos [I];
647	Constant *GEP = ConstantExpr::getInBoundsPtrAdd(
648	Ptr: ByteArray, Offset: ConstantInt::get(Ty: IntPtrTy, V: ByteArrayOffsets [I]));
649
650	// Create an alias instead of RAUW'ing the gep directly. On x86 this ensures
651	// that the pc-relative displacement is folded into the lea instead of the
652	// test instruction getting another displacement.
653	GlobalAlias *Alias = GlobalAlias::create(
654	Ty: Int8Ty, AddressSpace: `0`, Linkage: GlobalValue::PrivateLinkage, Name: "bits", Aliasee: GEP, Parent: &M);
655	BAI->ByteArray->replaceAllUsesWith(V: Alias);
656	BAI->ByteArray->eraseFromParent();
657	}
658
659	ByteArraySizeBits = BAB.BitAllocs[`0`] + BAB.BitAllocs[`1`] + BAB.BitAllocs[`2`] +
660	BAB.BitAllocs[`3`] + BAB.BitAllocs[`4`] + BAB.BitAllocs[`5`] +
661	BAB.BitAllocs[`6`] + BAB.BitAllocs[`7`];
662	ByteArraySizeBytes = BAB.Bytes.size();
663	}
664
665	/// Build a test that bit BitOffset is set in the type identifier that was
666	/// lowered to TIL, which must be either an Inline or a ByteArray.
667	Value *LowerTypeTestsModule::createBitSetTest(IRBuilder<> &B,
668	const TypeIdLowering &TIL,
669	Value *BitOffset) {
670	if (TIL.TheKind == TypeTestResolution::Inline) {
671	// If the bit set is sufficiently small, we can avoid a load by bit testing
672	// a constant.
673	return createMaskedBitTest(B, Bits: TIL.InlineBits, BitOffset);
674	} else {
675	Constant *ByteArray = TIL.TheByteArray;
676	if (AvoidReuse && !ImportSummary) {
677	// Each use of the byte array uses a different alias. This makes the
678	// backend less likely to reuse previously computed byte array addresses,
679	// improving the security of the CFI mechanism based on this pass.
680	// This won't work when importing because TheByteArray is external.
681	ByteArray = GlobalAlias::create(Ty: Int8Ty, AddressSpace: `0`, Linkage: GlobalValue::PrivateLinkage,
682	Name: "bits_use", Aliasee: ByteArray, Parent: &M);
683	}
684
685	Value *ByteAddr = B.CreateGEP(Ty: Int8Ty, Ptr: ByteArray, IdxList: BitOffset);
686	Value *Byte = B.CreateLoad(Ty: Int8Ty, Ptr: ByteAddr);
687
688	Value *ByteAndMask =
689	B.CreateAnd(LHS: Byte, RHS: ConstantExpr::getPtrToInt(C: TIL.BitMask, Ty: Int8Ty));
690	return B.CreateICmpNE(LHS: ByteAndMask, RHS: ConstantInt::get(Ty: Int8Ty, V: `0`));
691	}
692	}
693
694	static bool isKnownTypeIdMember(Metadata TypeId, const* DataLayout &DL,
695	Value *V, uint64_t COffset) {
696	if (auto GV = dyn_cast<GlobalObject>(Val: V)) {
697	SmallVector<MDNode *, `2`> Types;
698	GV->getMetadata(KindID: LLVMContext::MD_type, MDs&: Types);
699	for (MDNode *Type : Types) {
700	if (Type->getOperand(I: `1`) != TypeId)
701	continue;
702	uint64_t Offset =
703	cast<ConstantInt>(
704	Val: cast<ConstantAsMetadata>(Val: Type->getOperand(I: `0`))->getValue())
705	->getZExtValue();
706	if (COffset == Offset)
707	return true;
708	}
709	return false;
710	}
711
712	if (auto GEP = dyn_cast<GEPOperator>(Val: V)) {
713	APInt APOffset(DL.getIndexSizeInBits(AS: `0`), `0`);
714	bool Result = GEP->accumulateConstantOffset(DL, Offset&: APOffset);
715	if (!Result)
716	return false;
717	COffset += APOffset.getZExtValue();
718	return isKnownTypeIdMember(TypeId, DL, V: GEP->getPointerOperand(), COffset);
719	}
720
721	if (auto Op = dyn_cast<Operator>(Val: V)) {
722	if (Op->getOpcode() == Instruction::BitCast)
723	return isKnownTypeIdMember(TypeId, DL, V: Op->getOperand(i: `0`), COffset);
724
725	if (Op->getOpcode() == Instruction::Select)
726	return isKnownTypeIdMember(TypeId, DL, V: Op->getOperand(i: `1`), COffset) &&
727	isKnownTypeIdMember(TypeId, DL, V: Op->getOperand(i: `2`), COffset);
728	}
729
730	return false;
731	}
732
733	/// Lower a llvm.type.test call to its implementation. Returns the value to
734	/// replace the call with.
735	Value LowerTypeTestsModule::lowerTypeTestCall(Metadata TypeId, CallInst *CI,
736	const TypeIdLowering &TIL) {
737	// Delay lowering if the resolution is currently unknown.
738	if (TIL.TheKind == TypeTestResolution::Unknown)
739	return nullptr;
740	if (TIL.TheKind == TypeTestResolution::Unsat)
741	return ConstantInt::getFalse(Context&: M.getContext());
742
743	Value *Ptr = CI->getArgOperand(i: `0`);
744	const DataLayout &DL = M.getDataLayout();
745	if (isKnownTypeIdMember(TypeId, DL, V: Ptr, COffset: `0`))
746	return ConstantInt::getTrue(Context&: M.getContext());
747
748	BasicBlock *InitialBB = CI->getParent();
749
750	IRBuilder<> B(CI);
751
752	Value *PtrAsInt = B.CreatePtrToInt(V: Ptr, DestTy: IntPtrTy);
753
754	Constant *OffsetedGlobalAsInt =
755	ConstantExpr::getPtrToInt(C: TIL.OffsetedGlobal, Ty: IntPtrTy);
756	if (TIL.TheKind == TypeTestResolution::Single)
757	return B.CreateICmpEQ(LHS: PtrAsInt, RHS: OffsetedGlobalAsInt);
758
759	// Here we compute `last element - address`. The reason why we do this instead
760	// of computing `address - first element` is that it leads to a slightly
761	// shorter instruction sequence on x86. Because it doesn't matter how we do
762	// the subtraction on other architectures, we do so unconditionally.
763	Value *PtrOffset = B.CreateSub(LHS: OffsetedGlobalAsInt, RHS: PtrAsInt);
764
765	// We need to check that the offset both falls within our range and is
766	// suitably aligned. We can check both properties at the same time by
767	// performing a right rotate by log2(alignment) followed by an integer
768	// comparison against the bitset size. The rotate will move the lower
769	// order bits that need to be zero into the higher order bits of the
770	// result, causing the comparison to fail if they are nonzero. The rotate
771	// also conveniently gives us a bit offset to use during the load from
772	// the bitset.
773	Value *BitOffset = B.CreateIntrinsic(RetTy: IntPtrTy, ID: Intrinsic::fshr,
774	Args: {PtrOffset, PtrOffset, TIL.AlignLog2});
775
776	Value *OffsetInRange = B.CreateICmpULE(LHS: BitOffset, RHS: TIL.SizeM1);
777
778	// If the bit set is all ones, testing against it is unnecessary.
779	if (TIL.TheKind == TypeTestResolution::AllOnes)
780	return OffsetInRange;
781
782	// See if the intrinsic is used in the following common pattern:
783	// br(llvm.type.test(...), thenbb, elsebb)
784	// where nothing happens between the type test and the br.
785	// If so, create slightly simpler IR.
786	if (CI->hasOneUse())
787	if (auto Br = dyn_cast<BranchInst>(Val: CI->user_begin()))
788	if (CI->getNextNode() == Br) {
789	BasicBlock *Then = InitialBB->splitBasicBlock(I: CI->getIterator());
790	BasicBlock *Else = Br->getSuccessor(i: `1`);
791	BranchInst *NewBr = BranchInst::Create(IfTrue: Then, IfFalse: Else, Cond: OffsetInRange);
792	NewBr->setMetadata(KindID: LLVMContext::MD_prof,
793	Node: Br->getMetadata(KindID: LLVMContext::MD_prof));
794	ReplaceInstWithInst(From: InitialBB->getTerminator(), To: NewBr);
795
796	// Update phis in Else resulting from InitialBB being split
797	for (auto &Phi : Else->phis())
798	Phi.addIncoming(V: Phi.getIncomingValueForBlock(BB: Then), BB: InitialBB);
799
800	IRBuilder<> ThenB(CI);
801	return createBitSetTest(B&: ThenB, TIL, BitOffset);
802	}
803
804	MDBuilder MDB(M.getContext());
805	IRBuilder<> ThenB(SplitBlockAndInsertIfThen(Cond: OffsetInRange, SplitBefore: CI, Unreachable: false,
806	BranchWeights: MDB.createLikelyBranchWeights()));
807
808	// Now that we know that the offset is in range and aligned, load the
809	// appropriate bit from the bitset.
810	Value *Bit = createBitSetTest(B&: ThenB, TIL, BitOffset);
811
812	// The value we want is 0 if we came directly from the initial block
813	// (having failed the range or alignment checks), or the loaded bit if
814	// we came from the block in which we loaded it.
815	B.SetInsertPoint(CI);
816	PHINode *P = B.CreatePHI(Ty: Int1Ty, NumReservedValues: `2`);
817	P->addIncoming(V: ConstantInt::get(Ty: Int1Ty, V: `0`), BB: InitialBB);
818	P->addIncoming(V: Bit, BB: ThenB.GetInsertBlock());
819	return P;
820	}
821
822	/// Given a disjoint set of type identifiers and globals, lay out the globals,
823	/// build the bit sets and lower the llvm.type.test calls.
824	void LowerTypeTestsModule::buildBitSetsFromGlobalVariables(
825	ArrayRef<Metadata > TypeIds, ArrayRef<GlobalTypeMember > Globals) {
826	// Build a new global with the combined contents of the referenced globals.
827	// This global is a struct whose even-indexed elements contain the original
828	// contents of the referenced globals and whose odd-indexed elements contain
829	// any padding required to align the next element to the next power of 2 plus
830	// any additional padding required to meet its alignment requirements.
831	std::vector<Constant *> GlobalInits;
832	const DataLayout &DL = M.getDataLayout();
833	DenseMap<GlobalTypeMember *, uint64_t> GlobalLayout;
834	Align MaxAlign;
835	uint64_t CurOffset = `0`;
836	uint64_t DesiredPadding = `0`;
837	for (GlobalTypeMember *G : Globals) {
838	auto *GV = cast<GlobalVariable>(Val: G->getGlobal());
839	Align Alignment =
840	DL.getValueOrABITypeAlignment(Alignment: GV->getAlign(), Ty: GV->getValueType());
841	MaxAlign = std::max(a: MaxAlign, b: Alignment);
842	uint64_t GVOffset = alignTo(Size: CurOffset + DesiredPadding, A: Alignment);
843	GlobalLayout [G] = GVOffset;
844	if (GVOffset != `0`) {
845	uint64_t Padding = GVOffset - CurOffset;
846	GlobalInits.push_back(
847	x: ConstantAggregateZero::get(Ty: ArrayType::get(ElementType: Int8Ty, NumElements: Padding)));
848	}
849
850	GlobalInits.push_back(x: GV->getInitializer());
851	uint64_t InitSize = GV->getGlobalSize(DL);
852	CurOffset = GVOffset + InitSize;
853
854	// Compute the amount of padding that we'd like for the next element.
855	DesiredPadding = NextPowerOf2(A: InitSize - `1`) - InitSize;
856
857	// Experiments of different caps with Chromium on both x64 and ARM64
858	// have shown that the 32-byte cap generates the smallest binary on
859	// both platforms while different caps yield similar performance.
860	// (see https://lists.llvm.org/pipermail/llvm-dev/2018-July/124694.html)
861	if (DesiredPadding > `32`)
862	DesiredPadding = alignTo(Value: InitSize, Align: `32`) - InitSize;
863	}
864
865	Constant *NewInit = ConstantStruct::getAnon(Ctx&: M.getContext(), V: GlobalInits);
866	auto *CombinedGlobal =
867	new GlobalVariable (M, NewInit->getType(), /isConstant=/true,
868	GlobalValue::PrivateLinkage, NewInit);
869	CombinedGlobal->setAlignment(MaxAlign);
870
871	StructType *NewTy = cast<StructType>(Val: NewInit->getType());
872	lowerTypeTestCalls(TypeIds, CombinedGlobalAddr: CombinedGlobal, GlobalLayout);
873
874	// Build aliases pointing to offsets into the combined global for each
875	// global from which we built the combined global, and replace references
876	// to the original globals with references to the aliases.
877	for (unsigned I = `0`; I != Globals.size(); ++I) {
878	GlobalVariable *GV = cast<GlobalVariable>(Val: Globals [I]->getGlobal());
879
880	// Multiply by 2 to account for padding elements.
881	Constant *CombinedGlobalIdxs[] = {ConstantInt::get(Ty: Int32Ty, V: `0`),
882	ConstantInt::get(Ty: Int32Ty, V: I * `2`)};
883	Constant *CombinedGlobalElemPtr = ConstantExpr::getInBoundsGetElementPtr(
884	Ty: NewInit->getType(), C: CombinedGlobal, IdxList: CombinedGlobalIdxs);
885	assert(GV->getType()->getAddressSpace() == `0`);
886	GlobalAlias *GAlias =
887	GlobalAlias::create(Ty: NewTy->getElementType(N: I * `2`), AddressSpace: `0`, Linkage: GV->getLinkage(),
888	Name: "", Aliasee: CombinedGlobalElemPtr, Parent: &M);
889	GAlias->setVisibility(GV->getVisibility());
890	GAlias->takeName(V: GV);
891	GV->replaceAllUsesWith(V: GAlias);
892	GV->eraseFromParent();
893	}
894	}
895
896	bool LowerTypeTestsModule::shouldExportConstantsAsAbsoluteSymbols() {
897	return (Arch == Triple::x86 \|\| Arch == Triple::x86_64) &&
898	ObjectFormat == Triple::ELF;
899	}
900
901	/// Export the given type identifier so that ThinLTO backends may import it.
902	/// Type identifiers are exported by adding coarse-grained information about how
903	/// to test the type identifier to the summary, and creating symbols in the
904	/// object file (aliases and absolute symbols) containing fine-grained
905	/// information about the type identifier.
906	///
907	/// Returns a pointer to the location in which to store the bitmask, if
908	/// applicable.
909	uint8_t *LowerTypeTestsModule::exportTypeId(StringRef TypeId,
910	const TypeIdLowering &TIL) {
911	TypeTestResolution &TTRes =
912	ExportSummary->getOrInsertTypeIdSummary(TypeId).TTRes;
913	TTRes.TheKind = TIL.TheKind;
914
915	auto ExportGlobal = [&](StringRef Name, Constant *C) {
916	GlobalAlias *GA =
917	GlobalAlias::create(Ty: Int8Ty, AddressSpace: `0`, Linkage: GlobalValue::ExternalLinkage,
918	Name: "__typeid_" + TypeId + "_" + Name, Aliasee: C, Parent: &M);
919	GA->setVisibility(GlobalValue::HiddenVisibility);
920	};
921
922	auto ExportConstant = [&](StringRef Name, uint64_t &Storage, Constant *C) {
923	if (shouldExportConstantsAsAbsoluteSymbols())
924	ExportGlobal (Name, ConstantExpr::getIntToPtr(C, Ty: PtrTy));
925	else
926	Storage = cast<ConstantInt>(Val: C)->getZExtValue();
927	};
928
929	if (TIL.TheKind != TypeTestResolution::Unsat)
930	ExportGlobal ("global_addr", TIL.OffsetedGlobal);
931
932	if (TIL.TheKind == TypeTestResolution::ByteArray \|\|
933	TIL.TheKind == TypeTestResolution::Inline \|\|
934	TIL.TheKind == TypeTestResolution::AllOnes) {
935	ExportConstant ("align", TTRes.AlignLog2, TIL.AlignLog2);
936	ExportConstant ("size_m1", TTRes.SizeM1, TIL.SizeM1);
937
938	uint64_t BitSize = cast<ConstantInt>(Val: TIL.SizeM1)->getZExtValue() + `1`;
939	if (TIL.TheKind == TypeTestResolution::Inline)
940	TTRes.SizeM1BitWidth = (BitSize <= `32`) ? `5` : `6`;
941	else
942	TTRes.SizeM1BitWidth = (BitSize <= `128`) ? `7` : `32`;
943	}
944
945	if (TIL.TheKind == TypeTestResolution::ByteArray) {
946	ExportGlobal ("byte_array", TIL.TheByteArray);
947	if (shouldExportConstantsAsAbsoluteSymbols())
948	ExportGlobal ("bit_mask", TIL.BitMask);
949	else
950	return &TTRes.BitMask;
951	}
952
953	if (TIL.TheKind == TypeTestResolution::Inline)
954	ExportConstant ("inline_bits", TTRes.InlineBits, TIL.InlineBits);
955
956	return nullptr;
957	}
958
959	LowerTypeTestsModule::TypeIdLowering
960	LowerTypeTestsModule::importTypeId(StringRef TypeId) {
961	const TypeIdSummary *TidSummary = ImportSummary->getTypeIdSummary(TypeId);
962	if (!TidSummary)
963	return {}; // Unsat: no globals match this type id.
964	const TypeTestResolution &TTRes = TidSummary->TTRes;
965
966	TypeIdLowering TIL;
967	TIL.TheKind = TTRes.TheKind;
968
969	auto ImportGlobal = [&](StringRef Name) {
970	// Give the global a type of length 0 so that it is not assumed not to alias
971	// with any other global.
972	GlobalVariable *GV = M.getOrInsertGlobal(
973	Name: ("__typeid_" + TypeId + "_" + Name).str(), Ty: Int8Arr0Ty);
974	GV->setVisibility(GlobalValue::HiddenVisibility);
975	return GV;
976	};
977
978	auto ImportConstant = [&](StringRef Name, uint64_t Const, unsigned AbsWidth,
979	Type *Ty) {
980	if (!shouldExportConstantsAsAbsoluteSymbols()) {
981	Constant *C =
982	ConstantInt::get(Ty: isa<IntegerType>(Val: Ty) ? Ty : Int64Ty, V: Const);
983	if (!isa<IntegerType>(Val: Ty))
984	C = ConstantExpr::getIntToPtr(C, Ty);
985	return C;
986	}
987
988	Constant *C = ImportGlobal (Name);
989	auto *GV = cast<GlobalVariable>(Val: C->stripPointerCasts());
990	if (isa<IntegerType>(Val: Ty))
991	C = ConstantExpr::getPtrToInt(C, Ty);
992	if (GV->getMetadata(KindID: LLVMContext::MD_absolute_symbol))
993	return C;
994
995	auto SetAbsRange = [&](uint64_t Min, uint64_t Max) {
996	auto *MinC = ConstantAsMetadata::get(C: ConstantInt::get(Ty: IntPtrTy, V: Min));
997	auto *MaxC = ConstantAsMetadata::get(C: ConstantInt::get(Ty: IntPtrTy, V: Max));
998	GV->setMetadata(KindID: LLVMContext::MD_absolute_symbol,
999	Node: MDNode::get(Context&: M.getContext(), MDs: {MinC, MaxC}));
1000	};
1001	if (AbsWidth == IntPtrTy->getBitWidth()) {
1002	uint64_t AllOnes = IntPtrTy->getBitMask();
1003	SetAbsRange(AllOnes, AllOnes); // Full set.
1004	} else {
1005	SetAbsRange(`0`, `1ull` << AbsWidth);
1006	}
1007	return C;
1008	};
1009
1010	if (TIL.TheKind != TypeTestResolution::Unsat) {
1011	auto *GV = ImportGlobal ("global_addr");
1012	// This is either a vtable (in .data.rel.ro) or a jump table (in .text).
1013	// Either way it's expected to be in the low 2 GiB, so set the small code
1014	// model.
1015	//
1016	// For .data.rel.ro, we currently place all such sections in the low 2 GiB
1017	// [1], and for .text the sections are expected to be in the low 2 GiB under
1018	// the small and medium code models [2] and this pass only supports those
1019	// code models (e.g. jump tables use jmp instead of movabs/jmp).
1020	//
1021	// [1]https://github.com/llvm/llvm-project/pull/137742
1022	// [2]https://maskray.me/blog/2023-05-14-relocation-overflow-and-code-models
1023	GV->setCodeModel(CodeModel::Small);
1024	TIL.OffsetedGlobal = GV;
1025	}
1026
1027	if (TIL.TheKind == TypeTestResolution::ByteArray \|\|
1028	TIL.TheKind == TypeTestResolution::Inline \|\|
1029	TIL.TheKind == TypeTestResolution::AllOnes) {
1030	TIL.AlignLog2 = ImportConstant ("align", TTRes.AlignLog2, `8`, IntPtrTy);
1031	TIL.SizeM1 =
1032	ImportConstant ("size_m1", TTRes.SizeM1, TTRes.SizeM1BitWidth, IntPtrTy);
1033	}
1034
1035	if (TIL.TheKind == TypeTestResolution::ByteArray) {
1036	TIL.TheByteArray = ImportGlobal ("byte_array");
1037	TIL.BitMask = ImportConstant ("bit_mask", TTRes.BitMask, `8`, PtrTy);
1038	}
1039
1040	if (TIL.TheKind == TypeTestResolution::Inline)
1041	TIL.InlineBits = ImportConstant (
1042	"inline_bits", TTRes.InlineBits, `1` << TTRes.SizeM1BitWidth,
1043	TTRes.SizeM1BitWidth <= `5` ? Int32Ty : Int64Ty);
1044
1045	return TIL;
1046	}
1047
1048	void LowerTypeTestsModule::importTypeTest(CallInst *CI) {
1049	auto TypeIdMDVal = dyn_cast<MetadataAsValue>(Val: CI->getArgOperand(i: `1`));
1050	if (!TypeIdMDVal)
1051	report_fatal_error(reason: "Second argument of llvm.type.test must be metadata");
1052
1053	auto TypeIdStr = dyn_cast<MDString>(Val: TypeIdMDVal->getMetadata());
1054	// If this is a local unpromoted type, which doesn't have a metadata string,
1055	// treat as Unknown and delay lowering, so that we can still utilize it for
1056	// later optimizations.
1057	if (!TypeIdStr)
1058	return;
1059
1060	TypeIdLowering TIL = importTypeId(TypeId: TypeIdStr->getString());
1061	Value *Lowered = lowerTypeTestCall(TypeId: TypeIdStr, CI, TIL);
1062	if (Lowered) {
1063	CI->replaceAllUsesWith(V: Lowered);
1064	CI->eraseFromParent();
1065	}
1066	}
1067
1068	void LowerTypeTestsModule::maybeReplaceComdat(Function *F,
1069	StringRef OriginalName) {
1070	// For COFF we should also rename the comdat if this function also
1071	// happens to be the key function. Even if the comdat name changes, this
1072	// should still be fine since comdat and symbol resolution happens
1073	// before LTO, so all symbols which would prevail have been selected.
1074	if (F->hasComdat() && ObjectFormat == Triple::COFF &&
1075	F->getComdat()->getName() == OriginalName) {
1076	Comdat *OldComdat = F->getComdat();
1077	Comdat *NewComdat = M.getOrInsertComdat(Name: F->getName());
1078	for (GlobalObject &GO : M.global_objects()) {
1079	if (GO.getComdat() == OldComdat)
1080	GO.setComdat(NewComdat);
1081	}
1082	}
1083	}
1084
1085	// ThinLTO backend: the function F has a jump table entry; update this module
1086	// accordingly. isJumpTableCanonical describes the type of the jump table entry.
1087	void LowerTypeTestsModule::importFunction(Function *F,
1088	bool isJumpTableCanonical) {
1089	assert(F->getType()->getAddressSpace() == `0`);
1090
1091	GlobalValue::VisibilityTypes Visibility = F->getVisibility();
1092	std::string Name = std::string (F->getName());
1093
1094	if (F->isDeclarationForLinker() && isJumpTableCanonical) {
1095	// Non-dso_local functions may be overriden at run time,
1096	// don't short curcuit them
1097	if (F->isDSOLocal()) {
1098	Function *RealF = Function::Create(Ty: F->getFunctionType(),
1099	Linkage: GlobalValue::ExternalLinkage,
1100	AddrSpace: F->getAddressSpace(),
1101	N: Name + ".cfi", M: &M);
1102	RealF->setVisibility(GlobalVariable::HiddenVisibility);
1103	replaceDirectCalls(Old: F, New: RealF);
1104	}
1105	return;
1106	}
1107
1108	Function *FDecl;
1109	if (!isJumpTableCanonical) {
1110	// Either a declaration of an external function or a reference to a locally
1111	// defined jump table.
1112	FDecl = Function::Create(Ty: F->getFunctionType(), Linkage: GlobalValue::ExternalLinkage,
1113	AddrSpace: F->getAddressSpace(), N: Name + ".cfi_jt", M: &M);
1114	FDecl->setVisibility(GlobalValue::HiddenVisibility);
1115	} else {
1116	F->setName(Name + ".cfi");
1117	maybeReplaceComdat(F, OriginalName: Name);
1118	FDecl = Function::Create(Ty: F->getFunctionType(), Linkage: GlobalValue::ExternalLinkage,
1119	AddrSpace: F->getAddressSpace(), N: Name, M: &M);
1120	FDecl->setVisibility(Visibility);
1121	Visibility = GlobalValue::HiddenVisibility;
1122
1123	// Update aliases pointing to this function to also include the ".cfi" suffix,
1124	// We expect the jump table entry to either point to the real function or an
1125	// alias. Redirect all other users to the jump table entry.
1126	for (auto &U : F->uses()) {
1127	if (auto *A = dyn_cast<GlobalAlias>(Val: U.getUser())) {
1128	std::string AliasName = A->getName().str() + ".cfi";
1129	Function *AliasDecl = Function::Create(
1130	Ty: F->getFunctionType(), Linkage: GlobalValue::ExternalLinkage,
1131	AddrSpace: F->getAddressSpace(), N: "", M: &M);
1132	AliasDecl->takeName(V: A);
1133	A->replaceAllUsesWith(V: AliasDecl);
1134	A->setName(AliasName);
1135	}
1136	}
1137	}
1138
1139	if (F->hasExternalWeakLinkage())
1140	replaceWeakDeclarationWithJumpTablePtr(F, JT: FDecl, IsJumpTableCanonical: isJumpTableCanonical);
1141	else
1142	replaceCfiUses(Old: F, New: FDecl, IsJumpTableCanonical: isJumpTableCanonical);
1143
1144	// Set visibility late because it's used in replaceCfiUses() to determine
1145	// whether uses need to be replaced.
1146	F->setVisibility(Visibility);
1147	}
1148
1149	static auto
1150	buildBitSets(ArrayRef<Metadata *> TypeIds,
1151	const DenseMap<GlobalTypeMember *, uint64_t> &GlobalLayout) {
1152	DenseMap<Metadata *, SmallVector<uint64_t, `16`>> OffsetsByTypeID;
1153	// Pre-populate the map with interesting type identifiers.
1154	for (Metadata *TypeId : TypeIds)
1155	OffsetsByTypeID [TypeId];
1156	for (const auto &[Mem, MemOff] : GlobalLayout) {
1157	for (MDNode *Type : Mem->types()) {
1158	auto It = OffsetsByTypeID.find(Val: Type->getOperand(I: `1`));
1159	if (It == OffsetsByTypeID.end())
1160	continue;
1161	uint64_t Offset =
1162	cast<ConstantInt>(
1163	Val: cast<ConstantAsMetadata>(Val: Type->getOperand(I: `0`))->getValue())
1164	->getZExtValue();
1165	It ->second.push_back(Elt: MemOff + Offset);
1166	}
1167	}
1168
1169	SmallVector<std::pair<Metadata *, BitSetInfo>> BitSets;
1170	BitSets.reserve(N: TypeIds.size());
1171	for (Metadata *TypeId : TypeIds) {
1172	BitSets.emplace_back(Args&: TypeId, Args: buildBitSet(Offsets: OffsetsByTypeID [TypeId]));
1173	LLVM_DEBUG({
1174	if (auto MDS = dyn_cast<MDString>(TypeId))
1175	dbgs() << MDS->getString() << ": ";
1176	else
1177	dbgs() << "<unnamed>: ";
1178	BitSets.back().second.print(dbgs());
1179	});
1180	}
1181
1182	return BitSets;
1183	}
1184
1185	void LowerTypeTestsModule::lowerTypeTestCalls(
1186	ArrayRef<Metadata > TypeIds, Constant CombinedGlobalAddr,
1187	const DenseMap<GlobalTypeMember *, uint64_t> &GlobalLayout) {
1188	// For each type identifier in this disjoint set...
1189	for (const auto &[TypeId, BSI] : buildBitSets(TypeIds, GlobalLayout)) {
1190	ByteArrayInfo BAI = nullptr*;
1191	TypeIdLowering TIL;
1192
1193	uint64_t GlobalOffset =
1194	BSI.ByteOffset + ((BSI.BitSize - `1`) << BSI.AlignLog2);
1195	TIL.OffsetedGlobal = ConstantExpr::getPtrAdd(
1196	Ptr: CombinedGlobalAddr, Offset: ConstantInt::get(Ty: IntPtrTy, V: GlobalOffset)),
1197	TIL.AlignLog2 = ConstantInt::get(Ty: IntPtrTy, V: BSI.AlignLog2);
1198	TIL.SizeM1 = ConstantInt::get(Ty: IntPtrTy, V: BSI.BitSize - `1`);
1199	if (BSI.isAllOnes()) {
1200	TIL.TheKind = (BSI.BitSize == `1`) ? TypeTestResolution::Single
1201	: TypeTestResolution::AllOnes;
1202	} else if (BSI.BitSize <= IntPtrTy->getBitWidth()) {
1203	TIL.TheKind = TypeTestResolution::Inline;
1204	uint64_t InlineBits = `0`;
1205	for (auto Bit : BSI.Bits)
1206	InlineBits \|= uint64_t(`1`) << Bit;
1207	if (InlineBits == `0`)
1208	TIL.TheKind = TypeTestResolution::Unsat;
1209	else
1210	TIL.InlineBits = ConstantInt::get(
1211	Ty: (BSI.BitSize <= `32`) ? Int32Ty : Int64Ty, V: InlineBits);
1212	} else {
1213	TIL.TheKind = TypeTestResolution::ByteArray;
1214	++NumByteArraysCreated;
1215	BAI = createByteArray(BSI);
1216	TIL.TheByteArray = BAI->ByteArray;
1217	TIL.BitMask = BAI->MaskGlobal;
1218	}
1219
1220	TypeIdUserInfo &TIUI = TypeIdUsers [TypeId];
1221
1222	if (TIUI.IsExported) {
1223	uint8_t *MaskPtr = exportTypeId(TypeId: cast<MDString>(Val: TypeId)->getString(), TIL);
1224	if (BAI)
1225	BAI->MaskPtr = MaskPtr;
1226	}
1227
1228	// Lower each call to llvm.type.test for this type identifier.
1229	for (CallInst *CI : TIUI.CallSites) {
1230	++NumTypeTestCallsLowered;
1231	Value *Lowered = lowerTypeTestCall(TypeId, CI, TIL);
1232	if (Lowered) {
1233	CI->replaceAllUsesWith(V: Lowered);
1234	CI->eraseFromParent();
1235	}
1236	}
1237	}
1238	}
1239
1240	void LowerTypeTestsModule::verifyTypeMDNode(GlobalObject GO, MDNode Type) {
1241	if (Type->getNumOperands() != `2`)
1242	report_fatal_error(reason: "All operands of type metadata must have 2 elements");
1243
1244	if (GO->isThreadLocal())
1245	report_fatal_error(reason: "Bit set element may not be thread-local");
1246	if (isa<GlobalVariable>(Val: GO) && GO->hasSection())
1247	report_fatal_error(
1248	reason: "A member of a type identifier may not have an explicit section");
1249
1250	// FIXME: We previously checked that global var member of a type identifier
1251	// must be a definition, but the IR linker may leave type metadata on
1252	// declarations. We should restore this check after fixing PR31759.
1253
1254	auto OffsetConstMD = dyn_cast<ConstantAsMetadata>(Val: Type->getOperand(I: `0`));
1255	if (!OffsetConstMD)
1256	report_fatal_error(reason: "Type offset must be a constant");
1257	auto OffsetInt = dyn_cast<ConstantInt>(Val: OffsetConstMD->getValue());
1258	if (!OffsetInt)
1259	report_fatal_error(reason: "Type offset must be an integer constant");
1260	}
1261
1262	static const unsigned kX86JumpTableEntrySize = `8`;
1263	static const unsigned kX86IBTJumpTableEntrySize = `16`;
1264	static const unsigned kARMJumpTableEntrySize = `4`;
1265	static const unsigned kARMBTIJumpTableEntrySize = `8`;
1266	static const unsigned kARMv6MJumpTableEntrySize = `16`;
1267	static const unsigned kRISCVJumpTableEntrySize = `8`;
1268	static const unsigned kLOONGARCH64JumpTableEntrySize = `8`;
1269
1270	bool LowerTypeTestsModule::hasBranchTargetEnforcement() {
1271	if (HasBranchTargetEnforcement == -`1`) {
1272	// First time this query has been called. Find out the answer by checking
1273	// the module flags.
1274	if (const auto *BTE = mdconst::extract_or_null<ConstantInt>(
1275	MD: M.getModuleFlag(Key: "branch-target-enforcement")))
1276	HasBranchTargetEnforcement = !BTE->isZero();
1277	else
1278	HasBranchTargetEnforcement = `0`;
1279	}
1280	return HasBranchTargetEnforcement;
1281	}
1282
1283	unsigned
1284	LowerTypeTestsModule::getJumpTableEntrySize(Triple::ArchType JumpTableArch) {
1285	switch (JumpTableArch) {
1286	case Triple::x86:
1287	case Triple::x86_64:
1288	if (const auto *MD = mdconst::extract_or_null<ConstantInt>(
1289	MD: M.getModuleFlag(Key: "cf-protection-branch")))
1290	if (MD->getZExtValue())
1291	return kX86IBTJumpTableEntrySize;
1292	return kX86JumpTableEntrySize;
1293	case Triple::arm:
1294	return kARMJumpTableEntrySize;
1295	case Triple::thumb:
1296	if (CanUseThumbBWJumpTable) {
1297	if (hasBranchTargetEnforcement())
1298	return kARMBTIJumpTableEntrySize;
1299	return kARMJumpTableEntrySize;
1300	} else {
1301	return kARMv6MJumpTableEntrySize;
1302	}
1303	case Triple::aarch64:
1304	if (hasBranchTargetEnforcement())
1305	return kARMBTIJumpTableEntrySize;
1306	return kARMJumpTableEntrySize;
1307	case Triple::riscv32:
1308	case Triple::riscv64:
1309	return kRISCVJumpTableEntrySize;
1310	case Triple::loongarch64:
1311	return kLOONGARCH64JumpTableEntrySize;
1312	default:
1313	report_fatal_error(reason: "Unsupported architecture for jump tables");
1314	}
1315	}
1316
1317	// Create an inline asm constant representing a jump table entry for the target.
1318	// This consists of an instruction sequence containing a relative branch to
1319	// Dest.
1320	InlineAsm *
1321	LowerTypeTestsModule::createJumpTableEntryAsm(Triple::ArchType JumpTableArch) {
1322	std::string Asm;
1323	raw_string_ostream AsmOS(Asm);
1324
1325	if (JumpTableArch == Triple::x86 \|\| JumpTableArch == Triple::x86_64) {
1326	bool Endbr = false;
1327	if (const auto *MD = mdconst::extract_or_null<ConstantInt>(
1328	MD: M.getModuleFlag(Key: "cf-protection-branch")))
1329	Endbr = !MD->isZero();
1330	if (Endbr)
1331	AsmOS << (JumpTableArch == Triple::x86 ? "endbr32\n" : "endbr64\n");
1332	AsmOS << "jmp ${0:c}@plt\n";
1333	if (Endbr)
1334	AsmOS << ".balign 16, 0xcc\n";
1335	else
1336	AsmOS << "int3\nint3\nint3\n";
1337	} else if (JumpTableArch == Triple::arm) {
1338	AsmOS << "b $0\n";
1339	} else if (JumpTableArch == Triple::aarch64) {
1340	if (hasBranchTargetEnforcement())
1341	AsmOS << "bti c\n";
1342	AsmOS << "b $0\n";
1343	} else if (JumpTableArch == Triple::thumb) {
1344	if (!CanUseThumbBWJumpTable) {
1345	// In Armv6-M, this sequence will generate a branch without corrupting
1346	// any registers. We use two stack words; in the second, we construct the
1347	// address we'll pop into pc, and the first is used to save and restore
1348	// r0 which we use as a temporary register.
1349	//
1350	// To support position-independent use cases, the offset of the target
1351	// function is stored as a relative offset (which will expand into an
1352	// R_ARM_REL32 relocation in ELF, and presumably the equivalent in other
1353	// object file types), and added to pc after we load it. (The alternative
1354	// B.W is automatically pc-relative.)
1355	//
1356	// There are five 16-bit Thumb instructions here, so the .balign 4 adds a
1357	// sixth halfword of padding, and then the offset consumes a further 4
1358	// bytes, for a total of 16, which is very convenient since entries in
1359	// this jump table need to have power-of-two size.
1360	AsmOS << "push {r0,r1}\n"
1361	<< "ldr r0, 1f\n"
1362	<< "0: add r0, r0, pc\n"
1363	<< "str r0, [sp, #4]\n"
1364	<< "pop {r0,pc}\n"
1365	<< ".balign 4\n"
1366	<< "1: .word $0 - (0b + 4)\n";
1367	} else {
1368	if (hasBranchTargetEnforcement())
1369	AsmOS << "bti\n";
1370	AsmOS << "b.w $0\n";
1371	}
1372	} else if (JumpTableArch == Triple::riscv32 \|\|
1373	JumpTableArch == Triple::riscv64) {
1374	AsmOS << "tail $0@plt\n";
1375	} else if (JumpTableArch == Triple::loongarch64) {
1376	AsmOS << "pcalau12i $$t0, %pc_hi20($0)\n"
1377	<< "jirl $$r0, $$t0, %pc_lo12($0)\n";
1378	} else {
1379	report_fatal_error(reason: "Unsupported architecture for jump tables");
1380	}
1381
1382	return InlineAsm::get(
1383	Ty: FunctionType::get(Result: Type::getVoidTy(C&: M.getContext()), Params: PtrTy, isVarArg: false),
1384	AsmString: AsmOS.str(), Constraints: "s",
1385	/hasSideEffects=/true);
1386	}
1387
1388	/// Given a disjoint set of type identifiers and functions, build the bit sets
1389	/// and lower the llvm.type.test calls, architecture dependently.
1390	void LowerTypeTestsModule::buildBitSetsFromFunctions(
1391	ArrayRef<Metadata > TypeIds, ArrayRef<GlobalTypeMember > Functions) {
1392	if (Arch == Triple::x86 \|\| Arch == Triple::x86_64 \|\| Arch == Triple::arm \|\|
1393	Arch == Triple::thumb \|\| Arch == Triple::aarch64 \|\|
1394	Arch == Triple::riscv32 \|\| Arch == Triple::riscv64 \|\|
1395	Arch == Triple::loongarch64)
1396	buildBitSetsFromFunctionsNative(TypeIds, Functions);
1397	else if (Arch == Triple::wasm32 \|\| Arch == Triple::wasm64)
1398	buildBitSetsFromFunctionsWASM(TypeIds, Functions);
1399	else
1400	report_fatal_error(reason: "Unsupported architecture for jump tables");
1401	}
1402
1403	void LowerTypeTestsModule::moveInitializerToModuleConstructor(
1404	GlobalVariable *GV) {
1405	if (WeakInitializerFn == nullptr) {
1406	WeakInitializerFn = Function::Create(
1407	Ty: FunctionType::get(Result: Type::getVoidTy(C&: M.getContext()),
1408	/ IsVarArg / isVarArg: false),
1409	Linkage: GlobalValue::InternalLinkage,
1410	AddrSpace: M.getDataLayout().getProgramAddressSpace(),
1411	N: "__cfi_global_var_init", M: &M);
1412	BasicBlock *BB =
1413	BasicBlock::Create(Context&: M.getContext(), Name: "entry", Parent: WeakInitializerFn);
1414	ReturnInst::Create(C&: M.getContext(), InsertAtEnd: BB);
1415	WeakInitializerFn->setSection(
1416	ObjectFormat == Triple::MachO
1417	? "__TEXT,__StaticInit,regular,pure_instructions"
1418	: ".text.startup");
1419	// This code is equivalent to relocation application, and should run at the
1420	// earliest possible time (i.e. with the highest priority).
1421	appendToGlobalCtors(M, F: WeakInitializerFn, / Priority / `0`);
1422	}
1423
1424	IRBuilder<> IRB(WeakInitializerFn->getEntryBlock().getTerminator());
1425	GV->setConstant(false);
1426	IRB.CreateAlignedStore(Val: GV->getInitializer(), Ptr: GV, Align: GV->getAlign());
1427	GV->setInitializer(Constant::getNullValue(Ty: GV->getValueType()));
1428	}
1429
1430	void LowerTypeTestsModule::findGlobalVariableUsersOf(
1431	Constant C, SmallSetVector<GlobalVariable , `8`> &Out) {
1432	for (auto *U : C->users()){
1433	if (auto *GV = dyn_cast<GlobalVariable>(Val: U))
1434	Out.insert(X: GV);
1435	else if (auto *C2 = dyn_cast<Constant>(Val: U))
1436	findGlobalVariableUsersOf(C: C2, Out);
1437	}
1438	}
1439
1440	// Replace all uses of F with (F ? JT : 0).
1441	void LowerTypeTestsModule::replaceWeakDeclarationWithJumpTablePtr(
1442	Function F, Constant JT, bool IsJumpTableCanonical) {
1443	// The target expression can not appear in a constant initializer on most
1444	// (all?) targets. Switch to a runtime initializer.
1445	SmallSetVector<GlobalVariable *, `8`> GlobalVarUsers;
1446	findGlobalVariableUsersOf(C: F, Out&: GlobalVarUsers);
1447	for (auto *GV : GlobalVarUsers) {
1448	if (GV == GlobalAnnotation)
1449	continue;
1450	moveInitializerToModuleConstructor(GV);
1451	}
1452
1453	// Can not RAUW F with an expression that uses F. Replace with a temporary
1454	// placeholder first.
1455	Function *PlaceholderFn =
1456	Function::Create(Ty: F->getFunctionType(), Linkage: GlobalValue::ExternalWeakLinkage,
1457	AddrSpace: F->getAddressSpace(), N: "", M: &M);
1458	replaceCfiUses(Old: F, New: PlaceholderFn, IsJumpTableCanonical);
1459
1460	convertUsersOfConstantsToInstructions(Consts: PlaceholderFn);
1461	// Don't use range based loop, because use list will be modified.
1462	while (!PlaceholderFn->use_empty()) {
1463	Use &U = *PlaceholderFn->use_begin();
1464	auto *InsertPt = dyn_cast<Instruction>(Val: U.getUser());
1465	assert(InsertPt && "Non-instruction users should have been eliminated");
1466	auto *PN = dyn_cast<PHINode>(Val: InsertPt);
1467	if (PN)
1468	InsertPt = PN->getIncomingBlock(U)->getTerminator();
1469	IRBuilder Builder(InsertPt);
1470	Value *ICmp = Builder.CreateICmp(P: CmpInst::ICMP_NE, LHS: F,
1471	RHS: Constant::getNullValue(Ty: F->getType()));
1472	Value *Select = Builder.CreateSelect(C: ICmp, True: JT,
1473	False: Constant::getNullValue(Ty: F->getType()));
1474
1475	if (auto *SI = dyn_cast<SelectInst>(Val: Select))
1476	setExplicitlyUnknownBranchWeightsIfProfiled(I&: *SI, DEBUG_TYPE);
1477	// For phi nodes, we need to update the incoming value for all operands
1478	// with the same predecessor.
1479	if (PN)
1480	PN->setIncomingValueForBlock(BB: InsertPt->getParent(), V: Select);
1481	else
1482	U.set(Select);
1483	}
1484	PlaceholderFn->eraseFromParent();
1485	}
1486
1487	static bool isThumbFunction(Function *F, Triple::ArchType ModuleArch) {
1488	Attribute TFAttr = F->getFnAttribute(Kind: "target-features");
1489	if (TFAttr.isValid()) {
1490	SmallVector<StringRef, `6`> Features;
1491	TFAttr.getValueAsString().split(A&: Features, Separator: `','`);
1492	for (StringRef Feature : Features) {
1493	if (Feature == "-thumb-mode")
1494	return false;
1495	else if (Feature == "+thumb-mode")
1496	return true;
1497	}
1498	}
1499
1500	return ModuleArch == Triple::thumb;
1501	}
1502
1503	// Each jump table must be either ARM or Thumb as a whole for the bit-test math
1504	// to work. Pick one that matches the majority of members to minimize interop
1505	// veneers inserted by the linker.
1506	Triple::ArchType LowerTypeTestsModule::selectJumpTableArmEncoding(
1507	ArrayRef<GlobalTypeMember *> Functions) {
1508	if (Arch != Triple::arm && Arch != Triple::thumb)
1509	return Arch;
1510
1511	if (!CanUseThumbBWJumpTable && CanUseArmJumpTable) {
1512	// In architectures that provide Arm and Thumb-1 but not Thumb-2,
1513	// we should always prefer the Arm jump table format, because the
1514	// Thumb-1 one is larger and slower.
1515	return Triple::arm;
1516	}
1517
1518	// Otherwise, go with majority vote.
1519	unsigned ArmCount = `0`, ThumbCount = `0`;
1520	for (const auto GTM : Functions) {
1521	if (!GTM->isJumpTableCanonical()) {
1522	// PLT stubs are always ARM.
1523	// FIXME: This is the wrong heuristic for non-canonical jump tables.
1524	++ArmCount;
1525	continue;
1526	}
1527
1528	Function *F = cast<Function>(Val: GTM->getGlobal());
1529	++(isThumbFunction(F, ModuleArch: Arch) ? ThumbCount : ArmCount);
1530	}
1531
1532	return ArmCount > ThumbCount ? Triple::arm : Triple::thumb;
1533	}
1534
1535	void LowerTypeTestsModule::createJumpTable(
1536	Function F, ArrayRef<GlobalTypeMember > Functions,
1537	Triple::ArchType JumpTableArch) {
1538	BasicBlock *BB = BasicBlock::Create(Context&: M.getContext(), Name: "entry", Parent: F);
1539	IRBuilder<> IRB(BB);
1540
1541	InlineAsm *JumpTableAsm = createJumpTableEntryAsm(JumpTableArch);
1542
1543	// Check if all entries have the NoUnwind attribute.
1544	// If all entries have it, we can safely mark the
1545	// cfi.jumptable as NoUnwind, otherwise, direct calls
1546	// to the jump table will not handle exceptions properly
1547	bool areAllEntriesNounwind = true;
1548	for (GlobalTypeMember *GTM : Functions) {
1549	if (!llvm::cast<llvm::Function>(Val: GTM->getGlobal())
1550	->hasFnAttribute(Kind: llvm::Attribute::NoUnwind)) {
1551	areAllEntriesNounwind = false;
1552	}
1553	IRB.CreateCall(Callee: JumpTableAsm, Args: GTM->getGlobal());
1554	}
1555	IRB.CreateUnreachable();
1556
1557	// Align the whole table by entry size.
1558	F->setAlignment(Align (getJumpTableEntrySize(JumpTableArch)));
1559	F->addFnAttr(Kind: Attribute::Naked);
1560	if (JumpTableArch == Triple::arm)
1561	F->addFnAttr(Kind: "target-features", Val: "-thumb-mode");
1562	if (JumpTableArch == Triple::thumb) {
1563	if (hasBranchTargetEnforcement()) {
1564	// If we're generating a Thumb jump table with BTI, add a target-features
1565	// setting to ensure BTI can be assembled.
1566	F->addFnAttr(Kind: "target-features", Val: "+thumb-mode,+pacbti");
1567	} else {
1568	F->addFnAttr(Kind: "target-features", Val: "+thumb-mode");
1569	if (CanUseThumbBWJumpTable) {
1570	// Thumb jump table assembly needs Thumb2. The following attribute is
1571	// added by Clang for -march=armv7.
1572	F->addFnAttr(Kind: "target-cpu", Val: "cortex-a8");
1573	}
1574	}
1575	}
1576	// When -mbranch-protection= is used, the inline asm adds a BTI. Suppress BTI
1577	// for the function to avoid double BTI. This is a no-op without
1578	// -mbranch-protection=.
1579	if (JumpTableArch == Triple::aarch64 \|\| JumpTableArch == Triple::thumb) {
1580	if (F->hasFnAttribute(Kind: "branch-target-enforcement"))
1581	F->removeFnAttr(Kind: "branch-target-enforcement");
1582	if (F->hasFnAttribute(Kind: "sign-return-address"))
1583	F->removeFnAttr(Kind: "sign-return-address");
1584	}
1585	if (JumpTableArch == Triple::riscv32 \|\| JumpTableArch == Triple::riscv64) {
1586	// Make sure the jump table assembly is not modified by the assembler or
1587	// the linker.
1588	F->addFnAttr(Kind: "target-features", Val: "-c,-relax");
1589	}
1590	// When -fcf-protection= is used, the inline asm adds an ENDBR. Suppress ENDBR
1591	// for the function to avoid double ENDBR. This is a no-op without
1592	// -fcf-protection=.
1593	if (JumpTableArch == Triple::x86 \|\| JumpTableArch == Triple::x86_64)
1594	F->addFnAttr(Kind: Attribute::NoCfCheck);
1595
1596	// Make sure we don't emit .eh_frame for this function if it isn't needed.
1597	if (areAllEntriesNounwind)
1598	F->addFnAttr(Kind: Attribute::NoUnwind);
1599
1600	// Make sure we do not inline any calls to the cfi.jumptable.
1601	F->addFnAttr(Kind: Attribute::NoInline);
1602	}
1603
1604	/// Given a disjoint set of type identifiers and functions, build a jump table
1605	/// for the functions, build the bit sets and lower the llvm.type.test calls.
1606	void LowerTypeTestsModule::buildBitSetsFromFunctionsNative(
1607	ArrayRef<Metadata > TypeIds, ArrayRef<GlobalTypeMember > Functions) {
1608	// Unlike the global bitset builder, the function bitset builder cannot
1609	// re-arrange functions in a particular order and base its calculations on the
1610	// layout of the functions' entry points, as we have no idea how large a
1611	// particular function will end up being (the size could even depend on what
1612	// this pass does!) Instead, we build a jump table, which is a block of code
1613	// consisting of one branch instruction for each of the functions in the bit
1614	// set that branches to the target function, and redirect any taken function
1615	// addresses to the corresponding jump table entry. In the object file's
1616	// symbol table, the symbols for the target functions also refer to the jump
1617	// table entries, so that addresses taken outside the module will pass any
1618	// verification done inside the module.
1619	//
1620	// In more concrete terms, suppose we have three functions f, g, h which are
1621	// of the same type, and a function foo that returns their addresses:
1622	//
1623	// f:
1624	// mov 0, %eax
1625	// ret
1626	//
1627	// g:
1628	// mov 1, %eax
1629	// ret
1630	//
1631	// h:
1632	// mov 2, %eax
1633	// ret
1634	//
1635	// foo:
1636	// mov f, %eax
1637	// mov g, %edx
1638	// mov h, %ecx
1639	// ret
1640	//
1641	// We output the jump table as module-level inline asm string. The end result
1642	// will (conceptually) look like this:
1643	//
1644	// f = .cfi.jumptable
1645	// g = .cfi.jumptable + 4
1646	// h = .cfi.jumptable + 8
1647	// .cfi.jumptable:
1648	// jmp f.cfi ; 5 bytes
1649	// int3 ; 1 byte
1650	// int3 ; 1 byte
1651	// int3 ; 1 byte
1652	// jmp g.cfi ; 5 bytes
1653	// int3 ; 1 byte
1654	// int3 ; 1 byte
1655	// int3 ; 1 byte
1656	// jmp h.cfi ; 5 bytes
1657	// int3 ; 1 byte
1658	// int3 ; 1 byte
1659	// int3 ; 1 byte
1660	//
1661	// f.cfi:
1662	// mov 0, %eax
1663	// ret
1664	//
1665	// g.cfi:
1666	// mov 1, %eax
1667	// ret
1668	//
1669	// h.cfi:
1670	// mov 2, %eax
1671	// ret
1672	//
1673	// foo:
1674	// mov f, %eax
1675	// mov g, %edx
1676	// mov h, %ecx
1677	// ret
1678	//
1679	// Because the addresses of f, g, h are evenly spaced at a power of 2, in the
1680	// normal case the check can be carried out using the same kind of simple
1681	// arithmetic that we normally use for globals.
1682
1683	// FIXME: find a better way to represent the jumptable in the IR.
1684	assert(!Functions.empty());
1685
1686	// Decide on the jump table encoding, so that we know how big the
1687	// entries will be.
1688	Triple::ArchType JumpTableArch = selectJumpTableArmEncoding(Functions);
1689
1690	// Build a simple layout based on the regular layout of jump tables.
1691	DenseMap<GlobalTypeMember *, uint64_t> GlobalLayout;
1692	unsigned EntrySize = getJumpTableEntrySize(JumpTableArch);
1693	for (unsigned I = `0`; I != Functions.size(); ++I)
1694	GlobalLayout [Functions [I]] = I * EntrySize;
1695
1696	Function *JumpTableFn =
1697	Function::Create(Ty: FunctionType::get(Result: Type::getVoidTy(C&: M.getContext()),
1698	/ IsVarArg / isVarArg: false),
1699	Linkage: GlobalValue::PrivateLinkage,
1700	AddrSpace: M.getDataLayout().getProgramAddressSpace(),
1701	N: ".cfi.jumptable", M: &M);
1702	ArrayType *JumpTableEntryType = ArrayType::get(ElementType: Int8Ty, NumElements: EntrySize);
1703	ArrayType *JumpTableType =
1704	ArrayType::get(ElementType: JumpTableEntryType, NumElements: Functions.size());
1705	auto JumpTable = ConstantExpr::getPointerCast(
1706	C: JumpTableFn, Ty: PointerType::getUnqual(C&: M.getContext()));
1707
1708	lowerTypeTestCalls(TypeIds, CombinedGlobalAddr: JumpTable, GlobalLayout);
1709
1710	// Build aliases pointing to offsets into the jump table, and replace
1711	// references to the original functions with references to the aliases.
1712	for (unsigned I = `0`; I != Functions.size(); ++I) {
1713	Function *F = cast<Function>(Val: Functions [I]->getGlobal());
1714	bool IsJumpTableCanonical = Functions [I]->isJumpTableCanonical();
1715
1716	Constant *CombinedGlobalElemPtr = ConstantExpr::getInBoundsGetElementPtr(
1717	Ty: JumpTableType, C: JumpTable,
1718	IdxList: ArrayRef<Constant *>{ConstantInt::get(Ty: IntPtrTy, V: `0`),
1719	ConstantInt::get(Ty: IntPtrTy, V: I)});
1720
1721	const bool IsExported = Functions [I]->isExported();
1722	if (!IsJumpTableCanonical) {
1723	GlobalValue::LinkageTypes LT = IsExported ? GlobalValue::ExternalLinkage
1724	: GlobalValue::InternalLinkage;
1725	GlobalAlias *JtAlias = GlobalAlias::create(Ty: JumpTableEntryType, AddressSpace: `0`, Linkage: LT,
1726	Name: F->getName() + ".cfi_jt",
1727	Aliasee: CombinedGlobalElemPtr, Parent: &M);
1728	if (IsExported)
1729	JtAlias->setVisibility(GlobalValue::HiddenVisibility);
1730	else
1731	appendToUsed(M, Values: {JtAlias});
1732	}
1733
1734	if (IsExported) {
1735	if (IsJumpTableCanonical)
1736	ExportSummary->cfiFunctionDefs().emplace(A: F->getName());
1737	else
1738	ExportSummary->cfiFunctionDecls().emplace(A: F->getName());
1739	}
1740
1741	if (!IsJumpTableCanonical) {
1742	if (F->hasExternalWeakLinkage())
1743	replaceWeakDeclarationWithJumpTablePtr(F, JT: CombinedGlobalElemPtr,
1744	IsJumpTableCanonical);
1745	else
1746	replaceCfiUses(Old: F, New: CombinedGlobalElemPtr, IsJumpTableCanonical);
1747	} else {
1748	assert(F->getType()->getAddressSpace() == `0`);
1749
1750	GlobalAlias *FAlias =
1751	GlobalAlias::create(Ty: JumpTableEntryType, AddressSpace: `0`, Linkage: F->getLinkage(), Name: "",
1752	Aliasee: CombinedGlobalElemPtr, Parent: &M);
1753	FAlias->setVisibility(F->getVisibility());
1754	FAlias->takeName(V: F);
1755	if (FAlias->hasName()) {
1756	F->setName(FAlias->getName() + ".cfi");
1757	maybeReplaceComdat(F, OriginalName: FAlias->getName());
1758	}
1759	replaceCfiUses(Old: F, New: FAlias, IsJumpTableCanonical);
1760	if (!F->hasLocalLinkage())
1761	F->setVisibility(GlobalVariable::HiddenVisibility);
1762	}
1763	}
1764
1765	createJumpTable(F: JumpTableFn, Functions, JumpTableArch);
1766	}
1767
1768	/// Assign a dummy layout using an incrementing counter, tag each function
1769	/// with its index represented as metadata, and lower each type test to an
1770	/// integer range comparison. During generation of the indirect function call
1771	/// table in the backend, it will assign the given indexes.
1772	/// Note: Dynamic linking is not supported, as the WebAssembly ABI has not yet
1773	/// been finalized.
1774	void LowerTypeTestsModule::buildBitSetsFromFunctionsWASM(
1775	ArrayRef<Metadata > TypeIds, ArrayRef<GlobalTypeMember > Functions) {
1776	assert(!Functions.empty());
1777
1778	// Build consecutive monotonic integer ranges for each call target set
1779	DenseMap<GlobalTypeMember *, uint64_t> GlobalLayout;
1780
1781	for (GlobalTypeMember *GTM : Functions) {
1782	Function *F = cast<Function>(Val: GTM->getGlobal());
1783
1784	// Skip functions that are not address taken, to avoid bloating the table
1785	if (!F->hasAddressTaken())
1786	continue;
1787
1788	// Store metadata with the index for each function
1789	MDNode *MD = MDNode::get(Context&: F->getContext(),
1790	MDs: ArrayRef<Metadata *>(ConstantAsMetadata::get(
1791	C: ConstantInt::get(Ty: Int64Ty, V: IndirectIndex))));
1792	F->setMetadata(Kind: "wasm.index", Node: MD);
1793
1794	// Assign the counter value
1795	GlobalLayout [GTM] = IndirectIndex++;
1796	}
1797
1798	// The indirect function table index space starts at zero, so pass a NULL
1799	// pointer as the subtracted "jump table" offset.
1800	lowerTypeTestCalls(TypeIds, CombinedGlobalAddr: ConstantPointerNull::get(T: PtrTy),
1801	GlobalLayout);
1802	}
1803
1804	void LowerTypeTestsModule::buildBitSetsFromDisjointSet(
1805	ArrayRef<Metadata > TypeIds, ArrayRef<GlobalTypeMember > Globals,
1806	ArrayRef<ICallBranchFunnel *> ICallBranchFunnels) {
1807	DenseMap<Metadata *, uint64_t> TypeIdIndices;
1808	for (unsigned I = `0`; I != TypeIds.size(); ++I)
1809	TypeIdIndices [TypeIds [I]] = I;
1810
1811	// For each type identifier, build a set of indices that refer to members of
1812	// the type identifier.
1813	std::vector<std::set<uint64_t>> TypeMembers(TypeIds.size());
1814	unsigned GlobalIndex = `0`;
1815	DenseMap<GlobalTypeMember *, uint64_t> GlobalIndices;
1816	for (GlobalTypeMember *GTM : Globals) {
1817	for (MDNode *Type : GTM->types()) {
1818	// Type = { offset, type identifier }
1819	auto I = TypeIdIndices.find(Val: Type->getOperand(I: `1`));
1820	if (I != TypeIdIndices.end())
1821	TypeMembers [I ->second].insert(x: GlobalIndex);
1822	}
1823	GlobalIndices [GTM] = GlobalIndex;
1824	GlobalIndex++;
1825	}
1826
1827	for (ICallBranchFunnel *JT : ICallBranchFunnels) {
1828	TypeMembers.emplace_back();
1829	std::set<uint64_t> &TMSet = TypeMembers.back();
1830	for (GlobalTypeMember *T : JT->targets())
1831	TMSet.insert(x: GlobalIndices [T]);
1832	}
1833
1834	// Order the sets of indices by size. The GlobalLayoutBuilder works best
1835	// when given small index sets first.
1836	llvm::stable_sort(Range&: TypeMembers, C: [](const std::set<uint64_t> &O1,
1837	const std::set<uint64_t> &O2) {
1838	return O1.size() < O2.size();
1839	});
1840
1841	// Create a GlobalLayoutBuilder and provide it with index sets as layout
1842	// fragments. The GlobalLayoutBuilder tries to lay out members of fragments as
1843	// close together as possible.
1844	GlobalLayoutBuilder GLB(Globals.size());
1845	for (auto &&MemSet : TypeMembers)
1846	GLB.addFragment(F: MemSet);
1847
1848	// Build a vector of globals with the computed layout.
1849	bool IsGlobalSet =
1850	Globals.empty() \|\| isa<GlobalVariable>(Val: Globals [`0`]->getGlobal());
1851	std::vector<GlobalTypeMember *> OrderedGTMs(Globals.size());
1852	auto OGTMI = OrderedGTMs.begin();
1853	for (auto &&F : GLB.Fragments) {
1854	for (auto &&Offset : F) {
1855	if (IsGlobalSet != isa<GlobalVariable>(Val: Globals [Offset]->getGlobal()))
1856	report_fatal_error(reason: "Type identifier may not contain both global "
1857	"variables and functions");
1858	*OGTMI ++ = Globals [Offset];
1859	}
1860	}
1861
1862	// Build the bitsets from this disjoint set.
1863	if (IsGlobalSet)
1864	buildBitSetsFromGlobalVariables(TypeIds, Globals: OrderedGTMs);
1865	else
1866	buildBitSetsFromFunctions(TypeIds, Functions: OrderedGTMs);
1867	}
1868
1869	/// Lower all type tests in this module.
1870	LowerTypeTestsModule::LowerTypeTestsModule(
1871	Module &M, ModuleAnalysisManager &AM, ModuleSummaryIndex *ExportSummary,
1872	const ModuleSummaryIndex *ImportSummary, DropTestKind DropTypeTests)
1873	: M(M), ExportSummary(ExportSummary), ImportSummary(ImportSummary),
1874	DropTypeTests(ClDropTypeTests > DropTypeTests ? ClDropTypeTests
1875	: DropTypeTests) {
1876	assert(!(ExportSummary && ImportSummary));
1877	Triple TargetTriple(M.getTargetTriple());
1878	Arch = TargetTriple.getArch();
1879	if (Arch == Triple::arm)
1880	CanUseArmJumpTable = true;
1881	if (Arch == Triple::arm \|\| Arch == Triple::thumb) {
1882	auto &FAM =
1883	AM.getResult<FunctionAnalysisManagerModuleProxy>(IR&: M).getManager();
1884	for (Function &F : M) {
1885	// Skip declarations since we should not query the TTI for them.
1886	if (F.isDeclaration())
1887	continue;
1888	auto &TTI = FAM.getResult<TargetIRAnalysis>(IR&: F);
1889	if (TTI.hasArmWideBranch(Thumb: false))
1890	CanUseArmJumpTable = true;
1891	if (TTI.hasArmWideBranch(Thumb: true))
1892	CanUseThumbBWJumpTable = true;
1893	}
1894	}
1895	OS = TargetTriple.getOS();
1896	ObjectFormat = TargetTriple.getObjectFormat();
1897
1898	// Function annotation describes or applies to function itself, and
1899	// shouldn't be associated with jump table thunk generated for CFI.
1900	GlobalAnnotation = M.getGlobalVariable(Name: "llvm.global.annotations");
1901	if (GlobalAnnotation && GlobalAnnotation->hasInitializer()) {
1902	const ConstantArray *CA =
1903	cast<ConstantArray>(Val: GlobalAnnotation->getInitializer());
1904	FunctionAnnotations.insert_range(R: CA->operands());
1905	}
1906	}
1907
1908	bool LowerTypeTestsModule::runForTesting(Module &M, ModuleAnalysisManager &AM) {
1909	ModuleSummaryIndex Summary(/HaveGVs=/false);
1910
1911	// Handle the command-line summary arguments. This code is for testing
1912	// purposes only, so we handle errors directly.
1913	if (!ClReadSummary.empty()) {
1914	ExitOnError ExitOnErr("-lowertypetests-read-summary: " + ClReadSummary +
1915	": ");
1916	auto ReadSummaryFile = ExitOnErr (errorOrToExpected(
1917	EO: MemoryBuffer::getFile(Filename: ClReadSummary, /IsText=/true)));
1918
1919	yaml::Input In(ReadSummaryFile ->getBuffer());
1920	In >> Summary;
1921	ExitOnErr (errorCodeToError(EC: In.error()));
1922	}
1923
1924	bool Changed =
1925	LowerTypeTestsModule (
1926	M, AM,
1927	ClSummaryAction == PassSummaryAction::Export ? &Summary : nullptr,
1928	ClSummaryAction == PassSummaryAction::Import ? &Summary : nullptr,
1929	/DropTypeTests=/DropTestKind::None)
1930	.lower();
1931
1932	if (!ClWriteSummary.empty()) {
1933	ExitOnError ExitOnErr("-lowertypetests-write-summary: " + ClWriteSummary +
1934	": ");
1935	std::error_code EC;
1936	raw_fd_ostream OS(ClWriteSummary, EC, sys::fs::OF_TextWithCRLF);
1937	ExitOnErr (errorCodeToError(EC));
1938
1939	yaml::Output Out(OS);
1940	Out << Summary;
1941	}
1942
1943	return Changed;
1944	}
1945
1946	static bool isDirectCall(Use& U) {
1947	auto *Usr = dyn_cast<CallInst>(Val: U.getUser());
1948	if (Usr) {
1949	auto *CB = dyn_cast<CallBase>(Val: Usr);
1950	if (CB && CB->isCallee(U: &U))
1951	return true;
1952	}
1953	return false;
1954	}
1955
1956	void LowerTypeTestsModule::replaceCfiUses(Function Old, Value New,
1957	bool IsJumpTableCanonical) {
1958	SmallSetVector<Constant *, `4`> Constants;
1959	for (Use &U : llvm::make_early_inc_range(Range: Old->uses())) {
1960	// Skip no_cfi values, which refer to the function body instead of the jump
1961	// table.
1962	if (isa<NoCFIValue>(Val: U.getUser()))
1963	continue;
1964
1965	// Skip direct calls to externally defined or non-dso_local functions.
1966	if (isDirectCall(U) && (Old->isDSOLocal() \|\| !IsJumpTableCanonical))
1967	continue;
1968
1969	// Skip function annotation.
1970	if (isFunctionAnnotation(V: U.getUser()))
1971	continue;
1972
1973	// Must handle Constants specially, we cannot call replaceUsesOfWith on a
1974	// constant because they are uniqued.
1975	if (auto *C = dyn_cast<Constant>(Val: U.getUser())) {
1976	if (!isa<GlobalValue>(Val: C)) {
1977	// Save unique users to avoid processing operand replacement
1978	// more than once.
1979	Constants.insert(X: C);
1980	continue;
1981	}
1982	}
1983
1984	U.set(New);
1985	}
1986
1987	// Process operand replacement of saved constants.
1988	for (auto *C : Constants)
1989	C->handleOperandChange(Old, New);
1990	}
1991
1992	void LowerTypeTestsModule::replaceDirectCalls(Value Old, Value New) {
1993	Old->replaceUsesWithIf(New, ShouldReplace: isDirectCall);
1994	}
1995
1996	static void dropTypeTests(Module &M, Function &TypeTestFunc,
1997	bool ShouldDropAll) {
1998	for (Use &U : llvm::make_early_inc_range(Range: TypeTestFunc.uses())) {
1999	auto *CI = cast<CallInst>(Val: U.getUser());
2000	// Find and erase llvm.assume intrinsics for this llvm.type.test call.
2001	for (Use &CIU : llvm::make_early_inc_range(Range: CI->uses()))
2002	if (auto *Assume = dyn_cast<AssumeInst>(Val: CIU.getUser()))
2003	Assume->eraseFromParent();
2004	// If the assume was merged with another assume, we might have a use on a
2005	// phi (which will feed the assume). Simply replace the use on the phi
2006	// with "true" and leave the merged assume.
2007	//
2008	// If ShouldDropAll is set, then we we need to update any remaining uses,
2009	// regardless of the instruction type.
2010	if (!CI->use_empty()) {
2011	assert(ShouldDropAll \|\| all_of(CI->users(), [](User U) -> bool* {
2012	return isa<PHINode>(U);
2013	}));
2014	CI->replaceAllUsesWith(V: ConstantInt::getTrue(Context&: M.getContext()));
2015	}
2016	CI->eraseFromParent();
2017	}
2018	}
2019
2020	bool LowerTypeTestsModule::lower() {
2021	Function *TypeTestFunc =
2022	Intrinsic::getDeclarationIfExists(M: &M, id: Intrinsic::type_test);
2023
2024	if (DropTypeTests != DropTestKind::None) {
2025	bool ShouldDropAll = DropTypeTests == DropTestKind::All;
2026	if (TypeTestFunc)
2027	dropTypeTests(M, TypeTestFunc&: *TypeTestFunc, ShouldDropAll);
2028	// Normally we'd have already removed all @llvm.public.type.test calls,
2029	// except for in the case where we originally were performing ThinLTO but
2030	// decided not to in the backend.
2031	Function *PublicTypeTestFunc =
2032	Intrinsic::getDeclarationIfExists(M: &M, id: Intrinsic::public_type_test);
2033	if (PublicTypeTestFunc)
2034	dropTypeTests(M, TypeTestFunc&: *PublicTypeTestFunc, ShouldDropAll);
2035	if (TypeTestFunc \|\| PublicTypeTestFunc) {
2036	// We have deleted the type intrinsics, so we no longer have enough
2037	// information to reason about the liveness of virtual function pointers
2038	// in GlobalDCE.
2039	for (GlobalVariable &GV : M.globals())
2040	GV.eraseMetadata(KindID: LLVMContext::MD_vcall_visibility);
2041	return true;
2042	}
2043	return false;
2044	}
2045
2046	// If only some of the modules were split, we cannot correctly perform
2047	// this transformation. We already checked for the presense of type tests
2048	// with partially split modules during the thin link, and would have emitted
2049	// an error if any were found, so here we can simply return.
2050	if ((ExportSummary && ExportSummary->partiallySplitLTOUnits()) \|\|
2051	(ImportSummary && ImportSummary->partiallySplitLTOUnits()))
2052	return false;
2053
2054	Function *ICallBranchFunnelFunc =
2055	Intrinsic::getDeclarationIfExists(M: &M, id: Intrinsic::icall_branch_funnel);
2056	if ((!TypeTestFunc \|\| TypeTestFunc->use_empty()) &&
2057	(!ICallBranchFunnelFunc \|\| ICallBranchFunnelFunc->use_empty()) &&
2058	!ExportSummary && !ImportSummary)
2059	return false;
2060
2061	if (ImportSummary) {
2062	if (TypeTestFunc)
2063	for (Use &U : llvm::make_early_inc_range(Range: TypeTestFunc->uses()))
2064	importTypeTest(CI: cast<CallInst>(Val: U.getUser()));
2065
2066	if (ICallBranchFunnelFunc && !ICallBranchFunnelFunc->use_empty())
2067	report_fatal_error(
2068	reason: "unexpected call to llvm.icall.branch.funnel during import phase");
2069
2070	SmallVector<Function *, `8`> Defs;
2071	SmallVector<Function *, `8`> Decls;
2072	for (auto &F : M) {
2073	// CFI functions are either external, or promoted. A local function may
2074	// have the same name, but it's not the one we are looking for.
2075	if (F.hasLocalLinkage())
2076	continue;
2077	if (ImportSummary->cfiFunctionDefs().count(S: F.getName()))
2078	Defs.push_back(Elt: &F);
2079	else if (ImportSummary->cfiFunctionDecls().count(S: F.getName()))
2080	Decls.push_back(Elt: &F);
2081	}
2082
2083	{
2084	ScopedSaveAliaseesAndUsed S(M);
2085	for (auto *F : Defs)
2086	importFunction(F, /isJumpTableCanonical/ true);
2087	for (auto *F : Decls)
2088	importFunction(F, /isJumpTableCanonical/ false);
2089	}
2090
2091	return true;
2092	}
2093
2094	// Equivalence class set containing type identifiers and the globals that
2095	// reference them. This is used to partition the set of type identifiers in
2096	// the module into disjoint sets.
2097	using GlobalClassesTy = EquivalenceClasses<
2098	PointerUnion<GlobalTypeMember , Metadata , ICallBranchFunnel *>>;
2099	GlobalClassesTy GlobalClasses;
2100
2101	// Verify the type metadata and build a few data structures to let us
2102	// efficiently enumerate the type identifiers associated with a global:
2103	// a list of GlobalTypeMembers (a GlobalObject stored alongside a vector
2104	// of associated type metadata) and a mapping from type identifiers to their
2105	// list of GlobalTypeMembers and last observed index in the list of globals.
2106	// The indices will be used later to deterministically order the list of type
2107	// identifiers.
2108	BumpPtrAllocator Alloc;
2109	struct TIInfo {
2110	unsigned UniqueId;
2111	std::vector<GlobalTypeMember *> RefGlobals;
2112	};
2113	DenseMap<Metadata *, TIInfo> TypeIdInfo;
2114	unsigned CurUniqueId = `0`;
2115	SmallVector<MDNode *, `2`> Types;
2116
2117	// Cross-DSO CFI emits jumptable entries for exported functions as well as
2118	// address taken functions in case they are address taken in other modules.
2119	const bool CrossDsoCfi = M.getModuleFlag(Key: "Cross-DSO CFI") != nullptr;
2120
2121	struct ExportedFunctionInfo {
2122	CfiFunctionLinkage Linkage;
2123	MDNode FuncMD; // {name, linkage, type[, type...]}*
2124	};
2125	MapVector<StringRef, ExportedFunctionInfo> ExportedFunctions;
2126	if (ExportSummary) {
2127	NamedMDNode *CfiFunctionsMD = M.getNamedMetadata(Name: "cfi.functions");
2128	if (CfiFunctionsMD) {
2129	// A set of all functions that are address taken by a live global object.
2130	DenseSet<GlobalValue::GUID> AddressTaken;
2131	for (auto &I : *ExportSummary)
2132	for (auto &GVS : I.second.getSummaryList())
2133	if (GVS ->isLive())
2134	for (const auto &Ref : GVS ->refs()) {
2135	AddressTaken.insert(V: Ref.getGUID());
2136	for (auto &RefGVS : Ref.getSummaryList())
2137	if (auto Alias = dyn_cast<AliasSummary>(Val: RefGVS.get()))
2138	AddressTaken.insert(V: Alias->getAliaseeGUID());
2139	}
2140	auto IsAddressTaken = [&](GlobalValue::GUID GUID) {
2141	if (AddressTaken.count(V: GUID))
2142	return true;
2143	auto VI = ExportSummary->getValueInfo(GUID);
2144	if (!VI)
2145	return false;
2146	for (auto &I : VI.getSummaryList())
2147	if (auto Alias = dyn_cast<AliasSummary>(Val: I.get()))
2148	if (AddressTaken.count(V: Alias->getAliaseeGUID()))
2149	return true;
2150	return false;
2151	};
2152	for (auto *FuncMD : CfiFunctionsMD->operands()) {
2153	assert(FuncMD->getNumOperands() >= `2`);
2154	StringRef FunctionName =
2155	cast<MDString>(Val: FuncMD->getOperand(I: `0`))->getString();
2156	CfiFunctionLinkage Linkage = static_cast<CfiFunctionLinkage>(
2157	cast<ConstantAsMetadata>(Val: FuncMD->getOperand(I: `1`))
2158	->getValue()
2159	->getUniqueInteger()
2160	.getZExtValue());
2161	const GlobalValue::GUID GUID =
2162	GlobalValue::getGUIDAssumingExternalLinkage(
2163	GlobalName: GlobalValue::dropLLVMManglingEscape(Name: FunctionName));
2164	// Do not emit jumptable entries for functions that are not-live and
2165	// have no live references (and are not exported with cross-DSO CFI.)
2166	if (!ExportSummary->isGUIDLive(GUID))
2167	continue;
2168	if (!IsAddressTaken (GUID)) {
2169	if (!CrossDsoCfi \|\| Linkage != CFL_Definition)
2170	continue;
2171
2172	bool Exported = false;
2173	if (auto VI = ExportSummary->getValueInfo(GUID))
2174	for (const auto &GVS : VI.getSummaryList())
2175	if (GVS ->isLive() && !GlobalValue::isLocalLinkage(Linkage: GVS ->linkage()))
2176	Exported = true;
2177
2178	if (!Exported)
2179	continue;
2180	}
2181	auto P = ExportedFunctions.insert(KV: {FunctionName, {.Linkage: Linkage, .FuncMD: FuncMD}});
2182	if (!P.second && P.first->second.Linkage != CFL_Definition)
2183	P.first->second = {.Linkage: Linkage, .FuncMD: FuncMD};
2184	}
2185
2186	for (const auto &P : ExportedFunctions) {
2187	StringRef FunctionName = P.first;
2188	CfiFunctionLinkage Linkage = P.second.Linkage;
2189	MDNode *FuncMD = P.second.FuncMD;
2190	Function *F = M.getFunction(Name: FunctionName);
2191	if (F && F->hasLocalLinkage()) {
2192	// Locally defined function that happens to have the same name as a
2193	// function defined in a ThinLTO module. Rename it to move it out of
2194	// the way of the external reference that we're about to create.
2195	// Note that setName will find a unique name for the function, so even
2196	// if there is an existing function with the suffix there won't be a
2197	// name collision.
2198	F->setName(F->getName() + ".1");
2199	F = nullptr;
2200	}
2201
2202	if (!F)
2203	F = Function::Create(
2204	Ty: FunctionType::get(Result: Type::getVoidTy(C&: M.getContext()), isVarArg: false),
2205	Linkage: GlobalVariable::ExternalLinkage,
2206	AddrSpace: M.getDataLayout().getProgramAddressSpace(), N: FunctionName, M: &M);
2207
2208	// If the function is available_externally, remove its definition so
2209	// that it is handled the same way as a declaration. Later we will try
2210	// to create an alias using this function's linkage, which will fail if
2211	// the linkage is available_externally. This will also result in us
2212	// following the code path below to replace the type metadata.
2213	if (F->hasAvailableExternallyLinkage()) {
2214	F->setLinkage(GlobalValue::ExternalLinkage);
2215	F->deleteBody();
2216	F->setComdat(nullptr);
2217	F->clearMetadata();
2218	}
2219
2220	// Update the linkage for extern_weak declarations when a definition
2221	// exists.
2222	if (Linkage == CFL_Definition && F->hasExternalWeakLinkage())
2223	F->setLinkage(GlobalValue::ExternalLinkage);
2224
2225	// If the function in the full LTO module is a declaration, replace its
2226	// type metadata with the type metadata we found in cfi.functions. That
2227	// metadata is presumed to be more accurate than the metadata attached
2228	// to the declaration.
2229	if (F->isDeclaration()) {
2230	if (Linkage == CFL_WeakDeclaration)
2231	F->setLinkage(GlobalValue::ExternalWeakLinkage);
2232
2233	F->eraseMetadata(KindID: LLVMContext::MD_type);
2234	for (unsigned I = `2`; I < FuncMD->getNumOperands(); ++I)
2235	F->addMetadata(KindID: LLVMContext::MD_type,
2236	MD&: *cast<MDNode>(Val: FuncMD->getOperand(I).get()));
2237	}
2238	}
2239	}
2240	}
2241
2242	struct AliasToCreate {
2243	Function *Alias;
2244	std::string TargetName;
2245	};
2246	std::vector<AliasToCreate> AliasesToCreate;
2247
2248	// Parse alias data to replace stand-in function declarations for aliases
2249	// with an alias to the intended target.
2250	if (ExportSummary) {
2251	if (NamedMDNode *AliasesMD = M.getNamedMetadata(Name: "aliases")) {
2252	for (auto *AliasMD : AliasesMD->operands()) {
2253	SmallVector<Function *> Aliases;
2254	for (Metadata *MD : AliasMD->operands()) {
2255	auto *MDS = dyn_cast<MDString>(Val: MD);
2256	if (!MDS)
2257	continue;
2258	StringRef AliasName = MDS->getString();
2259	if (!ExportedFunctions.count(Key: AliasName))
2260	continue;
2261	auto *AliasF = M.getFunction(Name: AliasName);
2262	if (AliasF)
2263	Aliases.push_back(Elt: AliasF);
2264	}
2265
2266	if (Aliases.empty())
2267	continue;
2268
2269	for (unsigned I = `1`; I != Aliases.size(); ++I) {
2270	auto *AliasF = Aliases [I];
2271	ExportedFunctions.erase(Key: AliasF->getName());
2272	AliasesToCreate.push_back(
2273	x: {.Alias: AliasF, .TargetName: std::string (Aliases [`0`]->getName())});
2274	}
2275	}
2276	}
2277	}
2278
2279	DenseMap<GlobalObject , GlobalTypeMember > GlobalTypeMembers;
2280	for (GlobalObject &GO : M.global_objects()) {
2281	if (isa<GlobalVariable>(Val: GO) && GO.isDeclarationForLinker())
2282	continue;
2283
2284	Types.clear();
2285	GO.getMetadata(KindID: LLVMContext::MD_type, MDs&: Types);
2286
2287	bool IsJumpTableCanonical = false;
2288	bool IsExported = false;
2289	if (Function *F = dyn_cast<Function>(Val: &GO)) {
2290	IsJumpTableCanonical = isJumpTableCanonical(F);
2291	if (auto It = ExportedFunctions.find(Key: F->getName());
2292	It != ExportedFunctions.end()) {
2293	IsJumpTableCanonical \|= It->second.Linkage == CFL_Definition;
2294	IsExported = true;
2295	// TODO: The logic here checks only that the function is address taken,
2296	// not that the address takers are live. This can be updated to check
2297	// their liveness and emit fewer jumptable entries once monolithic LTO
2298	// builds also emit summaries.
2299	} else if (!F->hasAddressTaken()) {
2300	if (!CrossDsoCfi \|\| !IsJumpTableCanonical \|\| F->hasLocalLinkage())
2301	continue;
2302	}
2303	}
2304
2305	auto *GTM = GlobalTypeMember::create(Alloc, GO: &GO, IsJumpTableCanonical,
2306	IsExported, Types);
2307	GlobalTypeMembers [&GO] = GTM;
2308	for (MDNode *Type : Types) {
2309	verifyTypeMDNode(GO: &GO, Type);
2310	auto &Info = TypeIdInfo [Type->getOperand(I: `1`)];
2311	Info.UniqueId = ++CurUniqueId;
2312	Info.RefGlobals.push_back(x: GTM);
2313	}
2314	}
2315
2316	auto AddTypeIdUse = [&](Metadata *TypeId) -> TypeIdUserInfo & {
2317	// Add the call site to the list of call sites for this type identifier. We
2318	// also use TypeIdUsers to keep track of whether we have seen this type
2319	// identifier before. If we have, we don't need to re-add the referenced
2320	// globals to the equivalence class.
2321	auto Ins = TypeIdUsers.insert(KV: {TypeId, {}});
2322	if (Ins.second) {
2323	// Add the type identifier to the equivalence class.
2324	auto &GCI = GlobalClasses.insert(Data: TypeId);
2325	GlobalClassesTy::member_iterator CurSet = GlobalClasses.findLeader(ECV: GCI);
2326
2327	// Add the referenced globals to the type identifier's equivalence class.
2328	for (GlobalTypeMember *GTM : TypeIdInfo [TypeId].RefGlobals)
2329	CurSet = GlobalClasses.unionSets(
2330	L1: CurSet, L2: GlobalClasses.findLeader(ECV: GlobalClasses.insert(Data: GTM)));
2331	}
2332
2333	return Ins.first ->second;
2334	};
2335
2336	if (TypeTestFunc) {
2337	for (const Use &U : TypeTestFunc->uses()) {
2338	auto CI = cast<CallInst>(Val: U.getUser());
2339	// If this type test is only used by llvm.assume instructions, it
2340	// was used for whole program devirtualization, and is being kept
2341	// for use by other optimization passes. We do not need or want to
2342	// lower it here. We also don't want to rewrite any associated globals
2343	// unnecessarily. These will be removed by a subsequent LTT invocation
2344	// with the DropTypeTests flag set.
2345	bool OnlyAssumeUses = !CI->use_empty();
2346	for (const Use &CIU : CI->uses()) {
2347	if (isa<AssumeInst>(Val: CIU.getUser()))
2348	continue;
2349	OnlyAssumeUses = false;
2350	break;
2351	}
2352	if (OnlyAssumeUses)
2353	continue;
2354
2355	auto TypeIdMDVal = dyn_cast<MetadataAsValue>(Val: CI->getArgOperand(i: `1`));
2356	if (!TypeIdMDVal)
2357	report_fatal_error(reason: "Second argument of llvm.type.test must be metadata");
2358	auto TypeId = TypeIdMDVal->getMetadata();
2359	AddTypeIdUse (TypeId).CallSites.push_back(x: CI);
2360	}
2361	}
2362
2363	if (ICallBranchFunnelFunc) {
2364	for (const Use &U : ICallBranchFunnelFunc->uses()) {
2365	if (Arch != Triple::x86_64)
2366	report_fatal_error(
2367	reason: "llvm.icall.branch.funnel not supported on this target");
2368
2369	auto CI = cast<CallInst>(Val: U.getUser());
2370
2371	std::vector<GlobalTypeMember *> Targets;
2372	if (CI->arg_size() % `2` != `1`)
2373	report_fatal_error(reason: "number of arguments should be odd");
2374
2375	GlobalClassesTy::member_iterator CurSet;
2376	for (unsigned I = `1`; I != CI->arg_size(); I += `2`) {
2377	int64_t Offset;
2378	auto *Base = dyn_cast<GlobalObject>(Val: GetPointerBaseWithConstantOffset(
2379	Ptr: CI->getOperand(i_nocapture: I), Offset, DL: M.getDataLayout()));
2380	if (!Base)
2381	report_fatal_error(
2382	reason: "Expected branch funnel operand to be global value");
2383
2384	GlobalTypeMember *GTM = GlobalTypeMembers [Base];
2385	Targets.push_back(x: GTM);
2386	GlobalClassesTy::member_iterator NewSet =
2387	GlobalClasses.findLeader(ECV: GlobalClasses.insert(Data: GTM));
2388	if (I == `1`)
2389	CurSet = NewSet;
2390	else
2391	CurSet = GlobalClasses.unionSets(L1: CurSet, L2: NewSet);
2392	}
2393
2394	GlobalClasses.unionSets(
2395	L1: CurSet, L2: GlobalClasses.findLeader(
2396	ECV: GlobalClasses.insert(Data: ICallBranchFunnel::create(
2397	Alloc, CI, Targets, UniqueId: ++CurUniqueId))));
2398	}
2399	}
2400
2401	if (ExportSummary) {
2402	DenseMap<GlobalValue::GUID, TinyPtrVector<Metadata *>> MetadataByGUID;
2403	for (auto &P : TypeIdInfo) {
2404	if (auto *TypeId = dyn_cast<MDString>(Val: P.first))
2405	MetadataByGUID [GlobalValue::getGUIDAssumingExternalLinkage(
2406	GlobalName: TypeId->getString())]
2407	.push_back(NewVal: TypeId);
2408	}
2409
2410	for (auto &P : *ExportSummary) {
2411	for (auto &S : P.second.getSummaryList()) {
2412	if (!ExportSummary->isGlobalValueLive(GVS: S.get()))
2413	continue;
2414	if (auto *FS = dyn_cast<FunctionSummary>(Val: S ->getBaseObject()))
2415	for (GlobalValue::GUID G : FS->type_tests())
2416	for (Metadata *MD : MetadataByGUID [G])
2417	AddTypeIdUse (MD).IsExported = true;
2418	}
2419	}
2420	}
2421
2422	if (GlobalClasses.empty())
2423	return false;
2424
2425	{
2426	ScopedSaveAliaseesAndUsed S(M);
2427	// For each disjoint set we found...
2428	for (const auto &C : GlobalClasses) {
2429	if (!C->isLeader())
2430	continue;
2431
2432	++NumTypeIdDisjointSets;
2433	// Build the list of type identifiers in this disjoint set.
2434	std::vector<Metadata *> TypeIds;
2435	std::vector<GlobalTypeMember *> Globals;
2436	std::vector<ICallBranchFunnel *> ICallBranchFunnels;
2437	for (auto M : GlobalClasses.members(ECV: *C)) {
2438	if (isa<Metadata *>(Val: M))
2439	TypeIds.push_back(x: cast<Metadata *>(Val&: M));
2440	else if (isa<GlobalTypeMember *>(Val: M))
2441	Globals.push_back(x: cast<GlobalTypeMember *>(Val&: M));
2442	else
2443	ICallBranchFunnels.push_back(x: cast<ICallBranchFunnel *>(Val&: M));
2444	}
2445
2446	// Order type identifiers by unique ID for determinism. This ordering is
2447	// stable as there is a one-to-one mapping between metadata and unique
2448	// IDs.
2449	llvm::sort(C&: TypeIds, Comp: [&](Metadata M1, Metadata M2) {
2450	return TypeIdInfo [M1].UniqueId < TypeIdInfo [M2].UniqueId;
2451	});
2452
2453	// Same for the branch funnels.
2454	llvm::sort(C&: ICallBranchFunnels,
2455	Comp: [&](ICallBranchFunnel F1, ICallBranchFunnel F2) {
2456	return F1->UniqueId < F2->UniqueId;
2457	});
2458
2459	// Build bitsets for this disjoint set.
2460	buildBitSetsFromDisjointSet(TypeIds, Globals, ICallBranchFunnels);
2461	}
2462	}
2463
2464	allocateByteArrays();
2465
2466	for (auto A : AliasesToCreate) {
2467	auto *Target = M.getNamedValue(Name: A.TargetName);
2468	if (!isa<GlobalAlias>(Val: Target))
2469	continue;
2470	auto *AliasGA = GlobalAlias::create(Name: "", Aliasee: Target);
2471	AliasGA->setVisibility(A.Alias->getVisibility());
2472	AliasGA->setLinkage(A.Alias->getLinkage());
2473	AliasGA->takeName(V: A.Alias);
2474	A.Alias->replaceAllUsesWith(V: AliasGA);
2475	A.Alias->eraseFromParent();
2476	}
2477
2478	// Emit .symver directives for exported functions, if they exist.
2479	if (ExportSummary) {
2480	if (NamedMDNode *SymversMD = M.getNamedMetadata(Name: "symvers")) {
2481	for (auto *Symver : SymversMD->operands()) {
2482	assert(Symver->getNumOperands() >= `2`);
2483	StringRef SymbolName =
2484	cast<MDString>(Val: Symver->getOperand(I: `0`))->getString();
2485	StringRef Alias = cast<MDString>(Val: Symver->getOperand(I: `1`))->getString();
2486
2487	if (!ExportedFunctions.count(Key: SymbolName))
2488	continue;
2489
2490	M.appendModuleInlineAsm(
2491	Asm: (llvm::Twine (".symver ") + SymbolName + ", " + Alias).str());
2492	}
2493	}
2494	}
2495
2496	return true;
2497	}
2498
2499	PreservedAnalyses LowerTypeTestsPass::run(Module &M,
2500	ModuleAnalysisManager &AM) {
2501	bool Changed;
2502	if (UseCommandLine)
2503	Changed = LowerTypeTestsModule::runForTesting(M, AM);
2504	else
2505	Changed =
2506	LowerTypeTestsModule (M, AM, ExportSummary, ImportSummary, DropTypeTests)
2507	.lower();
2508	if (!Changed)
2509	return PreservedAnalyses::all();
2510	return PreservedAnalyses::none();
2511	}
2512
2513	PreservedAnalyses SimplifyTypeTestsPass::run(Module &M,
2514	ModuleAnalysisManager &AM) {
2515	bool Changed = false;
2516	// Figure out whether inlining has exposed a constant address to a lowered
2517	// type test, and remove the test if so and the address is known to pass the
2518	// test. Unfortunately this pass ends up needing to reverse engineer what
2519	// LowerTypeTests did; this is currently inherent to the design of ThinLTO
2520	// importing where LowerTypeTests needs to run at the start.
2521	//
2522	// We look for things like:
2523	//
2524	// sub (i64 ptrtoint (ptr @_Z2fpv to i64), i64 ptrtoint (ptr
2525	// @__typeid__ZTSFvvE_global_addr to i64))
2526	//
2527	// which gets replaced with 0 if _Z2fpv (more specifically _Z2fpv.cfi, the
2528	// function referred to by the jump table) is a member of the type _ZTSFvv, as
2529	// well as things like
2530	//
2531	// icmp eq ptr @_Z2fpv, @__typeid__ZTSFvvE_global_addr
2532	//
2533	// which gets replaced with true if _Z2fpv is a member.
2534	for (auto &GV : M.globals()) {
2535	if (!GV.getName().starts_with(Prefix: "__typeid_") \|\|
2536	!GV.getName().ends_with(Suffix: "_global_addr"))
2537	continue;
2538	// __typeid_foo_global_addr -> foo
2539	auto *MD = MDString::get(Context&: M.getContext(),
2540	Str: GV.getName().substr(Start: `9`, N: GV.getName().size() - `21`));
2541	auto MaySimplifyPtr = [&](Value *Ptr) {
2542	if (auto *GV = dyn_cast<GlobalValue>(Val: Ptr))
2543	if (auto *CFIGV = M.getNamedValue(Name: (GV->getName() + ".cfi").str()))
2544	Ptr = CFIGV;
2545	return isKnownTypeIdMember(TypeId: MD, DL: M.getDataLayout(), V: Ptr, COffset: `0`);
2546	};
2547	auto MaySimplifyInt = [&](Value *Op) {
2548	auto *PtrAsInt = dyn_cast<ConstantExpr>(Val: Op);
2549	if (!PtrAsInt \|\| PtrAsInt->getOpcode() != Instruction::PtrToInt)
2550	return false;
2551	return MaySimplifyPtr (PtrAsInt->getOperand(i_nocapture: `0`));
2552	};
2553	for (User *U : make_early_inc_range(Range: GV.users())) {
2554	if (auto *CI = dyn_cast<ICmpInst>(Val: U)) {
2555	if (CI->getPredicate() == CmpInst::ICMP_EQ &&
2556	MaySimplifyPtr (CI->getOperand(i_nocapture: `0`))) {
2557	// This is an equality comparison (TypeTestResolution::Single case in
2558	// lowerTypeTestCall). In this case we just replace the comparison
2559	// with true.
2560	CI->replaceAllUsesWith(V: ConstantInt::getTrue(Context&: M.getContext()));
2561	CI->eraseFromParent();
2562	Changed = true;
2563	continue;
2564	}
2565	}
2566	auto *CE = dyn_cast<ConstantExpr>(Val: U);
2567	if (!CE \|\| CE->getOpcode() != Instruction::PtrToInt)
2568	continue;
2569	for (Use &U : make_early_inc_range(Range: CE->uses())) {
2570	auto *CE = dyn_cast<ConstantExpr>(Val: U.getUser());
2571	if (U.getOperandNo() == `0` && CE &&
2572	CE->getOpcode() == Instruction::Sub &&
2573	MaySimplifyInt (CE->getOperand(i_nocapture: `1`))) {
2574	// This is a computation of PtrOffset as generated by
2575	// LowerTypeTestsModule::lowerTypeTestCall above. If
2576	// isKnownTypeIdMember passes we just pretend it evaluated to 0. This
2577	// should cause later passes to remove the range and alignment checks.
2578	// The bitset checks won't be removed but those are uncommon.
2579	CE->replaceAllUsesWith(V: ConstantInt::get(Ty: CE->getType(), V: `0`));
2580	Changed = true;
2581	}
2582	auto *CI = dyn_cast<ICmpInst>(Val: U.getUser());
2583	if (U.getOperandNo() == `1` && CI &&
2584	CI->getPredicate() == CmpInst::ICMP_EQ &&
2585	MaySimplifyInt (CI->getOperand(i_nocapture: `0`))) {
2586	// This is an equality comparison. Unlike in the case above it
2587	// remained as an integer compare.
2588	CI->replaceAllUsesWith(V: ConstantInt::getTrue(Context&: M.getContext()));
2589	CI->eraseFromParent();
2590	Changed = true;
2591	}
2592	}
2593	}
2594	}
2595
2596	if (!Changed)
2597	return PreservedAnalyses::all();
2598	PreservedAnalyses PA = PreservedAnalyses::none();
2599	PA.preserve<DominatorTreeAnalysis>();
2600	PA.preserve<PostDominatorTreeAnalysis>();
2601	PA.preserve<LoopAnalysis>();
2602	return PA;
2603	}
2604

Browse the source code of llvm_projects/llvm/lib/Transforms/IPO/LowerTypeTests.cpp