2010-08-26 16:43:57 -07:00
|
|
|
/*
|
|
|
|
|
* Copyright © 2010 Intel Corporation
|
|
|
|
|
*
|
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a
|
|
|
|
|
* copy of this software and associated documentation files (the "Software"),
|
|
|
|
|
* to deal in the Software without restriction, including without limitation
|
|
|
|
|
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
|
|
|
|
|
* and/or sell copies of the Software, and to permit persons to whom the
|
|
|
|
|
* Software is furnished to do so, subject to the following conditions:
|
|
|
|
|
*
|
|
|
|
|
* The above copyright notice and this permission notice (including the next
|
|
|
|
|
* paragraph) shall be included in all copies or substantial portions of the
|
|
|
|
|
* Software.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
|
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
|
|
|
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
|
|
|
|
* DEALINGS IN THE SOFTWARE.
|
|
|
|
|
*/
|
|
|
|
|
|
2011-02-10 10:26:42 -08:00
|
|
|
#include <limits.h>
|
2010-08-26 16:43:57 -07:00
|
|
|
#include "main/compiler.h"
|
|
|
|
|
#include "glsl_types.h"
|
|
|
|
|
#include "loop_analysis.h"
|
|
|
|
|
#include "ir_hierarchical_visitor.h"
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Find an initializer of a variable outside a loop
|
|
|
|
|
*
|
|
|
|
|
* Works backwards from the loop to find the pre-loop value of the variable.
|
|
|
|
|
* This is used, for example, to find the initial value of loop induction
|
|
|
|
|
* variables.
|
|
|
|
|
*
|
|
|
|
|
* \param loop Loop where \c var is an induction variable
|
|
|
|
|
* \param var Variable whose initializer is to be found
|
|
|
|
|
*
|
|
|
|
|
* \return
|
|
|
|
|
* The \c ir_rvalue assigned to the variable outside the loop. May return
|
|
|
|
|
* \c NULL if no initializer can be found.
|
|
|
|
|
*/
|
|
|
|
|
ir_rvalue *
|
|
|
|
|
find_initial_value(ir_loop *loop, ir_variable *var)
|
|
|
|
|
{
|
|
|
|
|
for (exec_node *node = loop->prev;
|
|
|
|
|
!node->is_head_sentinel();
|
|
|
|
|
node = node->prev) {
|
|
|
|
|
ir_instruction *ir = (ir_instruction *) node;
|
|
|
|
|
|
|
|
|
|
switch (ir->ir_type) {
|
|
|
|
|
case ir_type_call:
|
|
|
|
|
case ir_type_loop:
|
|
|
|
|
case ir_type_loop_jump:
|
|
|
|
|
case ir_type_return:
|
|
|
|
|
case ir_type_if:
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
case ir_type_function:
|
|
|
|
|
case ir_type_function_signature:
|
|
|
|
|
assert(!"Should not get here.");
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
case ir_type_assignment: {
|
|
|
|
|
ir_assignment *assign = ir->as_assignment();
|
|
|
|
|
ir_variable *assignee = assign->lhs->whole_variable_referenced();
|
|
|
|
|
|
|
|
|
|
if (assignee == var)
|
|
|
|
|
return (assign->condition != NULL) ? NULL : assign->rhs;
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
calculate_iterations(ir_rvalue *from, ir_rvalue *to, ir_rvalue *increment,
|
|
|
|
|
enum ir_expression_operation op)
|
|
|
|
|
{
|
2010-09-30 12:47:31 +03:00
|
|
|
if (from == NULL || to == NULL || increment == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2011-01-21 14:32:31 -08:00
|
|
|
void *mem_ctx = ralloc_context(NULL);
|
2010-08-26 16:43:57 -07:00
|
|
|
|
|
|
|
|
ir_expression *const sub =
|
|
|
|
|
new(mem_ctx) ir_expression(ir_binop_sub, from->type, to, from);
|
|
|
|
|
|
|
|
|
|
ir_expression *const div =
|
|
|
|
|
new(mem_ctx) ir_expression(ir_binop_div, sub->type, sub, increment);
|
|
|
|
|
|
|
|
|
|
ir_constant *iter = div->constant_expression_value();
|
|
|
|
|
|
|
|
|
|
if (iter == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
if (!iter->type->is_integer()) {
|
|
|
|
|
ir_rvalue *cast =
|
|
|
|
|
new(mem_ctx) ir_expression(ir_unop_f2i, glsl_type::int_type, iter,
|
|
|
|
|
NULL);
|
|
|
|
|
|
|
|
|
|
iter = cast->constant_expression_value();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int iter_value = iter->get_int_component(0);
|
|
|
|
|
|
|
|
|
|
/* Make sure that the calculated number of iterations satisfies the exit
|
|
|
|
|
* condition. This is needed to catch off-by-one errors and some types of
|
|
|
|
|
* ill-formed loops. For example, we need to detect that the following
|
|
|
|
|
* loop does not have a maximum iteration count.
|
|
|
|
|
*
|
|
|
|
|
* for (float x = 0.0; x != 0.9; x += 0.2)
|
|
|
|
|
* ;
|
|
|
|
|
*/
|
|
|
|
|
const int bias[] = { -1, 0, 1 };
|
|
|
|
|
bool valid_loop = false;
|
|
|
|
|
|
|
|
|
|
for (unsigned i = 0; i < Elements(bias); i++) {
|
|
|
|
|
iter = (increment->type->is_integer())
|
|
|
|
|
? new(mem_ctx) ir_constant(iter_value + bias[i])
|
|
|
|
|
: new(mem_ctx) ir_constant(float(iter_value + bias[i]));
|
|
|
|
|
|
|
|
|
|
ir_expression *const mul =
|
|
|
|
|
new(mem_ctx) ir_expression(ir_binop_mul, increment->type, iter,
|
|
|
|
|
increment);
|
|
|
|
|
|
|
|
|
|
ir_expression *const add =
|
|
|
|
|
new(mem_ctx) ir_expression(ir_binop_add, mul->type, mul, from);
|
|
|
|
|
|
|
|
|
|
ir_expression *const cmp =
|
|
|
|
|
new(mem_ctx) ir_expression(op, glsl_type::bool_type, add, to);
|
|
|
|
|
|
|
|
|
|
ir_constant *const cmp_result = cmp->constant_expression_value();
|
|
|
|
|
|
|
|
|
|
assert(cmp_result != NULL);
|
|
|
|
|
if (cmp_result->get_bool_component(0)) {
|
|
|
|
|
iter_value += bias[i];
|
|
|
|
|
valid_loop = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2011-01-21 14:32:31 -08:00
|
|
|
ralloc_free(mem_ctx);
|
2010-08-26 16:43:57 -07:00
|
|
|
return (valid_loop) ? iter_value : -1;
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-20 11:03:44 -07:00
|
|
|
namespace {
|
2010-08-26 16:43:57 -07:00
|
|
|
|
|
|
|
|
class loop_control_visitor : public ir_hierarchical_visitor {
|
|
|
|
|
public:
|
|
|
|
|
loop_control_visitor(loop_state *state)
|
|
|
|
|
{
|
|
|
|
|
this->state = state;
|
|
|
|
|
this->progress = false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
virtual ir_visitor_status visit_leave(ir_loop *ir);
|
|
|
|
|
|
|
|
|
|
loop_state *state;
|
|
|
|
|
|
|
|
|
|
bool progress;
|
|
|
|
|
};
|
|
|
|
|
|
2013-09-20 11:03:44 -07:00
|
|
|
} /* anonymous namespace */
|
2010-08-26 16:43:57 -07:00
|
|
|
|
|
|
|
|
ir_visitor_status
|
|
|
|
|
loop_control_visitor::visit_leave(ir_loop *ir)
|
|
|
|
|
{
|
|
|
|
|
loop_variable_state *const ls = this->state->get(ir);
|
|
|
|
|
|
|
|
|
|
/* If we've entered a loop that hasn't been analyzed, something really,
|
|
|
|
|
* really bad has happened.
|
|
|
|
|
*/
|
|
|
|
|
if (ls == NULL) {
|
|
|
|
|
assert(ls != NULL);
|
|
|
|
|
return visit_continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Search the loop terminating conditions for one of the form 'i < c' where
|
|
|
|
|
* i is a loop induction variable, c is a constant, and < is any relative
|
|
|
|
|
* operator.
|
|
|
|
|
*/
|
2010-09-07 17:02:37 +02:00
|
|
|
int max_iterations = ls->max_iterations;
|
|
|
|
|
|
|
|
|
|
if(ir->from && ir->to && ir->increment)
|
|
|
|
|
max_iterations = calculate_iterations(ir->from, ir->to, ir->increment, (ir_expression_operation)ir->cmp);
|
|
|
|
|
|
|
|
|
|
if(max_iterations < 0)
|
|
|
|
|
max_iterations = INT_MAX;
|
|
|
|
|
|
2010-08-26 16:43:57 -07:00
|
|
|
foreach_list(node, &ls->terminators) {
|
|
|
|
|
loop_terminator *t = (loop_terminator *) node;
|
|
|
|
|
ir_if *if_stmt = t->ir;
|
|
|
|
|
|
|
|
|
|
/* If-statements can be either 'if (expr)' or 'if (deref)'. We only care
|
|
|
|
|
* about the former here.
|
|
|
|
|
*/
|
|
|
|
|
ir_expression *cond = if_stmt->condition->as_expression();
|
|
|
|
|
if (cond == NULL)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
switch (cond->operation) {
|
|
|
|
|
case ir_binop_less:
|
|
|
|
|
case ir_binop_greater:
|
|
|
|
|
case ir_binop_lequal:
|
|
|
|
|
case ir_binop_gequal: {
|
|
|
|
|
/* The expressions that we care about will either be of the form
|
|
|
|
|
* 'counter < limit' or 'limit < counter'. Figure out which is
|
|
|
|
|
* which.
|
|
|
|
|
*/
|
|
|
|
|
ir_rvalue *counter = cond->operands[0]->as_dereference_variable();
|
2010-09-02 14:53:17 -07:00
|
|
|
ir_constant *limit = cond->operands[1]->as_constant();
|
2010-08-26 16:43:57 -07:00
|
|
|
enum ir_expression_operation cmp = cond->operation;
|
|
|
|
|
|
|
|
|
|
if (limit == NULL) {
|
|
|
|
|
counter = cond->operands[1]->as_dereference_variable();
|
2010-09-02 14:53:17 -07:00
|
|
|
limit = cond->operands[0]->as_constant();
|
2010-08-26 16:43:57 -07:00
|
|
|
|
|
|
|
|
switch (cmp) {
|
2013-01-07 18:10:30 -08:00
|
|
|
case ir_binop_less: cmp = ir_binop_greater; break;
|
|
|
|
|
case ir_binop_greater: cmp = ir_binop_less; break;
|
|
|
|
|
case ir_binop_lequal: cmp = ir_binop_gequal; break;
|
|
|
|
|
case ir_binop_gequal: cmp = ir_binop_lequal; break;
|
2010-08-26 16:43:57 -07:00
|
|
|
default: assert(!"Should not get here.");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((counter == NULL) || (limit == NULL))
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
ir_variable *var = counter->variable_referenced();
|
|
|
|
|
|
|
|
|
|
ir_rvalue *init = find_initial_value(ir, var);
|
|
|
|
|
|
|
|
|
|
foreach_list(iv_node, &ls->induction_variables) {
|
|
|
|
|
loop_variable *lv = (loop_variable *) iv_node;
|
|
|
|
|
|
|
|
|
|
if (lv->var == var) {
|
|
|
|
|
const int iterations = calculate_iterations(init, limit,
|
|
|
|
|
lv->increment,
|
|
|
|
|
cmp);
|
2010-08-27 11:26:08 -07:00
|
|
|
if (iterations >= 0) {
|
2010-08-26 16:43:57 -07:00
|
|
|
/* If the new iteration count is lower than the previously
|
|
|
|
|
* believed iteration count, update the loop control values.
|
|
|
|
|
*/
|
|
|
|
|
if (iterations < max_iterations) {
|
|
|
|
|
ir->from = init->clone(ir, NULL);
|
|
|
|
|
ir->to = limit->clone(ir, NULL);
|
|
|
|
|
ir->increment = lv->increment->clone(ir, NULL);
|
glsl: Fix inconsistent assumptions about ir_loop::counter.
The compiler back-ends (i965's fs_visitor and brw_visitor,
ir_to_mesa_visitor, and glsl_to_tgsi_visitor) assume that when
ir_loop::counter is non-null, it points to a fresh ir_variable that
should be used as the loop counter (as opposed to an ir_variable that
exists elsewhere in the instruction stream).
However, previous to this patch:
(1) loop_control_visitor did not create a new variable for
ir_loop::counter; instead it re-used the existing ir_variable.
This caused the loop counter to be double-incremented (once
explicitly by the body of the loop, and once implicitly by
ir_loop::increment).
(2) ir_clone did not clone ir_loop::counter properly, resulting in the
cloned ir_loop pointing to the source ir_loop's counter.
(3) ir_hierarchical_visitor did not visit ir_loop::counter, resulting
in the ir_variable being missed by reparenting.
Additionally, most optimization passes (e.g. loop unrolling) assume
that the variable mentioned by ir_loop::counter is not accessed in the
body of the loop (an assumption which (1) violates).
The combination of these factors caused a perfect storm in which the
code worked properly nearly all of the time: for loops that got
unrolled, (1) would introduce a double-increment, but loop unrolling
would fail to notice it (since it assumes that ir_loop::counter is not
accessed in the body of the loop), so it would unroll the loop the
correct number of times. For loops that didn't get unrolled, (1)
would introduce a double-increment, but then later when the IR was
cloned for linking, (2) would prevent the loop counter from being
cloned properly, so it would look to further analysis stages like an
independent variable (and hence the double-increment would stop
occurring). At the end of linking, (3) would prevent the loop counter
from being reparented, so it would still belong to the shader object
rather than the linked program object. Provided that the client
program didn't delete the shader object, the memory would never get
reclaimed, and so the shader would function properly.
However, for loops that didn't get unrolled, if the client program did
delete the shader object, and the memory belonging to the loop counter
got re-used, this could cause a use-after-free bug, leading to a
crash.
This patch fixes loop_control_visitor, ir_clone, and
ir_hierarchical_visitor to treat ir_loop::counter the same way the
back-ends treat it: as a freshly allocated ir_variable that needs to
be visited and cloned independently of other ir_variables.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=72026
Reviewed-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Kenneth Graunke <kenneth@whitecape.org>
2013-11-26 14:19:49 -08:00
|
|
|
ir->counter = lv->var->clone(ir, NULL);
|
2010-08-26 16:43:57 -07:00
|
|
|
ir->cmp = cmp;
|
|
|
|
|
|
|
|
|
|
max_iterations = iterations;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Remove the conditional break statement. The loop
|
|
|
|
|
* controls are now set such that the exit condition will be
|
|
|
|
|
* satisfied.
|
|
|
|
|
*/
|
|
|
|
|
if_stmt->remove();
|
2010-08-27 15:41:20 -07:00
|
|
|
|
|
|
|
|
assert(ls->num_loop_jumps > 0);
|
|
|
|
|
ls->num_loop_jumps--;
|
|
|
|
|
|
2010-08-26 16:43:57 -07:00
|
|
|
this->progress = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2010-08-27 11:26:08 -07:00
|
|
|
/* If we have proven the one of the loop exit conditions is satisifed before
|
|
|
|
|
* running the loop once, remove the loop.
|
|
|
|
|
*/
|
|
|
|
|
if (max_iterations == 0)
|
|
|
|
|
ir->remove();
|
2010-08-27 13:59:49 -07:00
|
|
|
else
|
|
|
|
|
ls->max_iterations = max_iterations;
|
2010-08-27 11:26:08 -07:00
|
|
|
|
2010-08-26 16:43:57 -07:00
|
|
|
return visit_continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
bool
|
|
|
|
|
set_loop_controls(exec_list *instructions, loop_state *ls)
|
|
|
|
|
{
|
|
|
|
|
loop_control_visitor v(ls);
|
|
|
|
|
|
|
|
|
|
v.run(instructions);
|
|
|
|
|
|
|
|
|
|
return v.progress;
|
|
|
|
|
}
|
