rustc_mir_transform/ref_prop.rs
1use std::borrow::Cow;
2
3use rustc_data_structures::fx::FxHashSet;
4use rustc_index::IndexVec;
5use rustc_index::bit_set::DenseBitSet;
6use rustc_middle::bug;
7use rustc_middle::mir::visit::*;
8use rustc_middle::mir::*;
9use rustc_middle::ty::TyCtxt;
10use rustc_mir_dataflow::Analysis;
11use rustc_mir_dataflow::impls::{MaybeStorageDead, always_storage_live_locals};
12use tracing::{debug, instrument};
13
14use crate::ssa::{SsaLocals, StorageLiveLocals};
15
16/// Propagate references using SSA analysis.
17///
18/// MIR building may produce a lot of borrow-dereference patterns.
19///
20/// This pass aims to transform the following pattern:
21/// _1 = &raw? mut? PLACE;
22/// _3 = *_1;
23/// _4 = &raw? mut? *_1;
24///
25/// Into
26/// _1 = &raw? mut? PLACE;
27/// _3 = PLACE;
28/// _4 = &raw? mut? PLACE;
29///
30/// where `PLACE` is a direct or an indirect place expression.
31///
32/// There are 3 properties that need to be upheld for this transformation to be legal:
33/// - place stability: `PLACE` must refer to the same memory wherever it appears;
34/// - pointer liveness: we must not introduce dereferences of dangling pointers;
35/// - `&mut` borrow uniqueness.
36///
37/// # Stability
38///
39/// If `PLACE` is an indirect projection, if its of the form `(*LOCAL).PROJECTIONS` where:
40/// - `LOCAL` is SSA;
41/// - all projections in `PROJECTIONS` have a stable offset (no dereference and no indexing).
42///
43/// If `PLACE` is a direct projection of a local, we consider it as constant if:
44/// - the local is always live, or it has a single `StorageLive`;
45/// - all projections have a stable offset.
46///
47/// # Liveness
48///
49/// When performing an instantiation, we must take care not to introduce uses of dangling locals.
50/// To ensure this, we walk the body with the `MaybeStorageDead` dataflow analysis:
51/// - if we want to replace `*x` by reborrow `*y` and `y` may be dead, we allow replacement and
52/// mark storage statements on `y` for removal;
53/// - if we want to replace `*x` by non-reborrow `y` and `y` must be live, we allow replacement;
54/// - if we want to replace `*x` by non-reborrow `y` and `y` may be dead, we do not replace.
55///
56/// # Uniqueness
57///
58/// For `&mut` borrows, we also need to preserve the uniqueness property:
59/// we must avoid creating a state where we interleave uses of `*_1` and `_2`.
60/// To do it, we only perform full instantiation of mutable borrows:
61/// we replace either all or none of the occurrences of `*_1`.
62///
63/// Some care has to be taken when `_1` is copied in other locals.
64/// _1 = &raw? mut? _2;
65/// _3 = *_1;
66/// _4 = _1
67/// _5 = *_4
68/// In such cases, fully instantiating `_1` means fully instantiating all of the copies.
69///
70/// For immutable borrows, we do not need to preserve such uniqueness property,
71/// so we perform all the possible instantiations without removing the `_1 = &_2` statement.
72pub(super) struct ReferencePropagation;
73
74impl<'tcx> crate::MirPass<'tcx> for ReferencePropagation {
75 fn is_enabled(&self, sess: &rustc_session::Session) -> bool {
76 sess.mir_opt_level() >= 2
77 }
78
79 #[instrument(level = "trace", skip(self, tcx, body))]
80 fn run_pass(&self, tcx: TyCtxt<'tcx>, body: &mut Body<'tcx>) {
81 debug!(def_id = ?body.source.def_id());
82 move_to_copy_pointers(tcx, body);
83 while propagate_ssa(tcx, body) {}
84 }
85
86 fn is_required(&self) -> bool {
87 false
88 }
89}
90
91/// The SSA analysis done by [`SsaLocals`] treats [`Operand::Move`] as a read, even though in
92/// general [`Operand::Move`] represents pass-by-pointer where the callee can overwrite the
93/// pointee (Miri always considers the place deinitialized). CopyProp has a similar trick to
94/// turn [`Operand::Move`] into [`Operand::Copy`] when required for an optimization, but in this
95/// pass we just turn all moves of pointers into copies because pointers should be by-value anyway.
96fn move_to_copy_pointers<'tcx>(tcx: TyCtxt<'tcx>, body: &mut Body<'tcx>) {
97 let mut visitor = MoveToCopyVisitor { tcx, local_decls: &body.local_decls };
98 for (bb, data) in body.basic_blocks.as_mut_preserves_cfg().iter_enumerated_mut() {
99 visitor.visit_basic_block_data(bb, data);
100 }
101
102 struct MoveToCopyVisitor<'a, 'tcx> {
103 tcx: TyCtxt<'tcx>,
104 local_decls: &'a IndexVec<Local, LocalDecl<'tcx>>,
105 }
106
107 impl<'a, 'tcx> MutVisitor<'tcx> for MoveToCopyVisitor<'a, 'tcx> {
108 fn tcx(&self) -> TyCtxt<'tcx> {
109 self.tcx
110 }
111
112 fn visit_operand(&mut self, operand: &mut Operand<'tcx>, loc: Location) {
113 if let Operand::Move(place) = *operand {
114 if place.ty(self.local_decls, self.tcx).ty.is_any_ptr() {
115 *operand = Operand::Copy(place);
116 }
117 }
118 self.super_operand(operand, loc);
119 }
120 }
121}
122
123fn propagate_ssa<'tcx>(tcx: TyCtxt<'tcx>, body: &mut Body<'tcx>) -> bool {
124 let typing_env = body.typing_env(tcx);
125 let ssa = SsaLocals::new(tcx, body, typing_env);
126
127 let mut replacer = compute_replacement(tcx, body, ssa);
128 debug!(?replacer.targets);
129 debug!(?replacer.allowed_replacements);
130 debug!(?replacer.storage_to_remove);
131
132 replacer.visit_body_preserves_cfg(body);
133
134 if replacer.any_replacement {
135 crate::simplify::remove_unused_definitions(body);
136 }
137
138 replacer.any_replacement
139}
140
141#[derive(Copy, Clone, Debug, PartialEq, Eq)]
142enum Value<'tcx> {
143 /// Not a pointer, or we can't know.
144 Unknown,
145 /// We know the value to be a pointer to this place.
146 /// The boolean indicates whether the reference is mutable, subject the uniqueness rule.
147 Pointer(Place<'tcx>, bool),
148}
149
150/// For each local, save the place corresponding to `*local`.
151#[instrument(level = "trace", skip(tcx, body, ssa))]
152fn compute_replacement<'tcx>(
153 tcx: TyCtxt<'tcx>,
154 body: &Body<'tcx>,
155 ssa: SsaLocals,
156) -> Replacer<'tcx> {
157 let always_live_locals = always_storage_live_locals(body);
158
159 // Compute which locals have a single `StorageLive` statement ever.
160 let storage_live = StorageLiveLocals::new(body, &always_live_locals);
161
162 // Compute `MaybeStorageDead` dataflow to check that we only replace when the pointee is
163 // definitely live.
164 let mut maybe_dead = MaybeStorageDead::new(Cow::Owned(always_live_locals))
165 .iterate_to_fixpoint(tcx, body, None)
166 .into_results_cursor(body);
167
168 // Map for each local to the pointee.
169 let mut targets = IndexVec::from_elem(Value::Unknown, &body.local_decls);
170 // Set of locals for which we will remove their storage statement. This is useful for
171 // reborrowed references.
172 let mut storage_to_remove = DenseBitSet::new_empty(body.local_decls.len());
173
174 let fully_replaceable_locals = fully_replaceable_locals(&ssa);
175
176 // Returns true iff we can use `place` as a pointee.
177 //
178 // Note that we only need to verify that there is a single `StorageLive` statement, and we do
179 // not need to verify that it dominates all uses of that local.
180 //
181 // Consider the three statements:
182 // SL : StorageLive(a)
183 // DEF: b = &raw? mut? a
184 // USE: stuff that uses *b
185 //
186 // First, we recall that DEF is checked to dominate USE. Now imagine for the sake of
187 // contradiction there is a DEF -> SL -> USE path. Consider two cases:
188 //
189 // - DEF dominates SL. We always have UB the first time control flow reaches DEF,
190 // because the storage of `a` is dead. Since DEF dominates USE, that means we cannot
191 // reach USE and so our optimization is ok.
192 //
193 // - DEF does not dominate SL. Then there is a `START_BLOCK -> SL` path not including DEF.
194 // But we can extend this path to USE, meaning there is also a `START_BLOCK -> USE` path not
195 // including DEF. This violates the DEF dominates USE condition, and so is impossible.
196 let is_constant_place = |place: Place<'_>| {
197 // We only allow `Deref` as the first projection, to avoid surprises.
198 if let Some((&PlaceElem::Deref, rest)) = place.projection.split_first() {
199 // `place == (*some_local).xxx`, it is constant only if `some_local` is constant.
200 // We approximate constness using SSAness.
201 ssa.is_ssa(place.local) && rest.iter().all(PlaceElem::is_stable_offset)
202 } else {
203 storage_live.has_single_storage(place.local)
204 && place.projection[..].iter().all(PlaceElem::is_stable_offset)
205 }
206 };
207
208 let mut can_perform_opt = |target: Place<'tcx>, loc: Location| {
209 if target.is_indirect_first_projection() {
210 // We are creating a reborrow. As `place.local` is a reference, removing the storage
211 // statements should not make it much harder for LLVM to optimize.
212 storage_to_remove.insert(target.local);
213 true
214 } else {
215 // This is a proper dereference. We can only allow it if `target` is live.
216 maybe_dead.seek_after_primary_effect(loc);
217 let maybe_dead = maybe_dead.get().contains(target.local);
218 !maybe_dead
219 }
220 };
221
222 for (local, rvalue, location) in ssa.assignments(body) {
223 debug!(?local);
224
225 // Only visit if we have something to do.
226 let Value::Unknown = targets[local] else { bug!() };
227
228 let ty = body.local_decls[local].ty;
229
230 // If this is not a reference or pointer, do nothing.
231 if !ty.is_any_ptr() {
232 debug!("not a reference or pointer");
233 continue;
234 }
235
236 // Whether the current local is subject to the uniqueness rule.
237 let needs_unique = ty.is_mutable_ptr();
238
239 // If this a mutable reference that we cannot fully replace, mark it as unknown.
240 if needs_unique && !fully_replaceable_locals.contains(local) {
241 debug!("not fully replaceable");
242 continue;
243 }
244
245 debug!(?rvalue);
246 match rvalue {
247 // This is a copy, just use the value we have in store for the previous one.
248 // As we are visiting in `assignment_order`, ie. reverse postorder, `rhs` should
249 // have been visited before.
250 Rvalue::Use(Operand::Copy(place) | Operand::Move(place))
251 | Rvalue::CopyForDeref(place) => {
252 if let Some(rhs) = place.as_local()
253 && ssa.is_ssa(rhs)
254 {
255 let target = targets[rhs];
256 // Only see through immutable reference and pointers, as we do not know yet if
257 // mutable references are fully replaced.
258 if !needs_unique && matches!(target, Value::Pointer(..)) {
259 targets[local] = target;
260 } else {
261 targets[local] =
262 Value::Pointer(tcx.mk_place_deref(rhs.into()), needs_unique);
263 }
264 }
265 }
266 Rvalue::Ref(_, _, place) | Rvalue::RawPtr(_, place) => {
267 let mut place = *place;
268 // Try to see through `place` in order to collapse reborrow chains.
269 if let Some((&PlaceElem::Deref, rest)) = place.projection.split_first()
270 && let Value::Pointer(target, inner_needs_unique) = targets[place.local]
271 // Only see through immutable reference and pointers, as we do not know yet if
272 // mutable references are fully replaced.
273 && !inner_needs_unique
274 // Only collapse chain if the pointee is definitely live.
275 && can_perform_opt(target, location)
276 {
277 place = target.project_deeper(rest, tcx);
278 }
279 assert_ne!(place.local, local);
280 if is_constant_place(place) {
281 targets[local] = Value::Pointer(place, needs_unique);
282 }
283 }
284 // We do not know what to do, so keep as not-a-pointer.
285 _ => {}
286 }
287 }
288
289 debug!(?targets);
290
291 let mut finder =
292 ReplacementFinder { targets, can_perform_opt, allowed_replacements: FxHashSet::default() };
293 let reachable_blocks = traversal::reachable_as_bitset(body);
294 for (bb, bbdata) in body.basic_blocks.iter_enumerated() {
295 // Only visit reachable blocks as we rely on dataflow.
296 if reachable_blocks.contains(bb) {
297 finder.visit_basic_block_data(bb, bbdata);
298 }
299 }
300
301 let allowed_replacements = finder.allowed_replacements;
302 return Replacer {
303 tcx,
304 targets: finder.targets,
305 storage_to_remove,
306 allowed_replacements,
307 any_replacement: false,
308 };
309
310 struct ReplacementFinder<'tcx, F> {
311 targets: IndexVec<Local, Value<'tcx>>,
312 can_perform_opt: F,
313 allowed_replacements: FxHashSet<(Local, Location)>,
314 }
315
316 impl<'tcx, F> Visitor<'tcx> for ReplacementFinder<'tcx, F>
317 where
318 F: FnMut(Place<'tcx>, Location) -> bool,
319 {
320 fn visit_place(&mut self, place: &Place<'tcx>, ctxt: PlaceContext, loc: Location) {
321 if matches!(ctxt, PlaceContext::NonUse(_)) {
322 // There is no need to check liveness for non-uses.
323 return;
324 }
325
326 if !place.is_indirect_first_projection() {
327 // This is not a dereference, nothing to do.
328 return;
329 }
330
331 let mut place = place.as_ref();
332 loop {
333 if let Value::Pointer(target, needs_unique) = self.targets[place.local] {
334 let perform_opt = (self.can_perform_opt)(target, loc);
335 debug!(?place, ?target, ?needs_unique, ?perform_opt);
336
337 // This a reborrow chain, recursively allow the replacement.
338 //
339 // This also allows to detect cases where `target.local` is not replaceable,
340 // and mark it as such.
341 if let &[PlaceElem::Deref] = &target.projection[..] {
342 assert!(perform_opt);
343 self.allowed_replacements.insert((target.local, loc));
344 place.local = target.local;
345 continue;
346 } else if perform_opt {
347 self.allowed_replacements.insert((target.local, loc));
348 } else if needs_unique {
349 // This mutable reference is not fully replaceable, so drop it.
350 self.targets[place.local] = Value::Unknown;
351 }
352 }
353
354 break;
355 }
356 }
357 }
358}
359
360/// Compute the set of locals that can be fully replaced.
361///
362/// We consider a local to be replaceable iff it's only used in a `Deref` projection `*_local` or
363/// non-use position (like storage statements and debuginfo).
364fn fully_replaceable_locals(ssa: &SsaLocals) -> DenseBitSet<Local> {
365 let mut replaceable = DenseBitSet::new_empty(ssa.num_locals());
366
367 // First pass: for each local, whether its uses can be fully replaced.
368 for local in ssa.locals() {
369 if ssa.num_direct_uses(local) == 0 {
370 replaceable.insert(local);
371 }
372 }
373
374 // Second pass: a local can only be fully replaced if all its copies can.
375 ssa.meet_copy_equivalence(&mut replaceable);
376
377 replaceable
378}
379
380/// Utility to help performing substitution of `*pattern` by `target`.
381struct Replacer<'tcx> {
382 tcx: TyCtxt<'tcx>,
383 targets: IndexVec<Local, Value<'tcx>>,
384 storage_to_remove: DenseBitSet<Local>,
385 allowed_replacements: FxHashSet<(Local, Location)>,
386 any_replacement: bool,
387}
388
389impl<'tcx> MutVisitor<'tcx> for Replacer<'tcx> {
390 fn tcx(&self) -> TyCtxt<'tcx> {
391 self.tcx
392 }
393
394 fn visit_var_debug_info(&mut self, debuginfo: &mut VarDebugInfo<'tcx>) {
395 // If the debuginfo is a pointer to another place
396 // and it's a reborrow: see through it
397 while let VarDebugInfoContents::Place(ref mut place) = debuginfo.value
398 && place.projection.is_empty()
399 && let Value::Pointer(target, _) = self.targets[place.local]
400 && let &[PlaceElem::Deref] = &target.projection[..]
401 {
402 *place = Place::from(target.local);
403 self.any_replacement = true;
404 }
405
406 // Simplify eventual projections left inside `debuginfo`.
407 self.super_var_debug_info(debuginfo);
408 }
409
410 fn visit_place(&mut self, place: &mut Place<'tcx>, ctxt: PlaceContext, loc: Location) {
411 loop {
412 let Some((&PlaceElem::Deref, rest)) = place.projection.split_first() else { return };
413
414 let Value::Pointer(target, _) = self.targets[place.local] else { return };
415
416 let perform_opt = match ctxt {
417 PlaceContext::NonUse(NonUseContext::VarDebugInfo) => {
418 target.projection.iter().all(|p| p.can_use_in_debuginfo())
419 }
420 PlaceContext::NonUse(_) => true,
421 _ => self.allowed_replacements.contains(&(target.local, loc)),
422 };
423
424 if !perform_opt {
425 return;
426 }
427
428 *place = target.project_deeper(rest, self.tcx);
429 self.any_replacement = true;
430 }
431 }
432
433 fn visit_statement(&mut self, stmt: &mut Statement<'tcx>, loc: Location) {
434 match stmt.kind {
435 StatementKind::StorageLive(l) | StatementKind::StorageDead(l)
436 if self.storage_to_remove.contains(l) =>
437 {
438 stmt.make_nop();
439 }
440 // Do not remove assignments as they may still be useful for debuginfo.
441 _ => self.super_statement(stmt, loc),
442 }
443 }
444}