From 0df9abbd63a6cb3767d3ddf3b6c2f8ea8a4f6f7e Mon Sep 17 00:00:00 2001
From: Reid Kleckner <reid@kleckner.net>
Date: Mon, 21 Apr 2014 20:48:47 +0000
Subject: [PATCH] Fix PR7272 in -tailcallelim instead of the inliner

The -tailcallelim pass should be checking if byval or inalloca args can
be captured before marking calls as tail calls.  This was the real root
cause of PR7272.

With a better fix in place, revert the inliner change from r105255.  The
test case it introduced still passes and has been moved to
test/Transforms/Inline/byval-tail-call.ll.

Reviewers: chandlerc

Differential Revision: http://reviews.llvm.org/D3403

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@206789 91177308-0d34-0410-b5e6-96231b3b80d8
---
 .../Scalar/TailRecursionElimination.cpp       |  9 ++++++++
 lib/Transforms/Utils/InlineFunction.cpp       |  9 +-------
 ...31-ByvalTailcall.ll => byval-tail-call.ll} | 21 +++++++++++++++----
 test/Transforms/TailCallElim/basic.ll         |  8 +++++++
 4 files changed, 35 insertions(+), 12 deletions(-)
 rename test/Transforms/Inline/{2010-05-31-ByvalTailcall.ll => byval-tail-call.ll} (52%)

diff --git a/lib/Transforms/Scalar/TailRecursionElimination.cpp b/lib/Transforms/Scalar/TailRecursionElimination.cpp
index 6d02777d091..2f77f9c404f 100644
--- a/lib/Transforms/Scalar/TailRecursionElimination.cpp
+++ b/lib/Transforms/Scalar/TailRecursionElimination.cpp
@@ -204,6 +204,15 @@ bool TailCallElim::runOnFunction(Function &F) {
     }
   }
 
+  // If any byval or inalloca args are captured, exit. They are also allocated
+  // in our stack frame.
+  for (Argument &Arg : F.args()) {
+    if (Arg.hasByValOrInAllocaAttr())
+      PointerMayBeCaptured(&Arg, &ACT);
+    if (ACT.Captured)
+      return false;
+  }
+
   // Second pass, change any tail recursive calls to loops.
   //
   // FIXME: The code generator produces really bad code when an 'escaping
diff --git a/lib/Transforms/Utils/InlineFunction.cpp b/lib/Transforms/Utils/InlineFunction.cpp
index 5692d91c86e..73d40f70b3c 100644
--- a/lib/Transforms/Utils/InlineFunction.cpp
+++ b/lib/Transforms/Utils/InlineFunction.cpp
@@ -586,15 +586,8 @@ bool llvm::InlineFunction(CallSite CS, InlineFunctionInfo &IFI,
       if (CS.isByValArgument(ArgNo)) {
         ActualArg = HandleByValArgument(ActualArg, TheCall, CalledFunc, IFI,
                                         CalledFunc->getParamAlignment(ArgNo+1));
- 
-        // Calls that we inline may use the new alloca, so we need to clear
-        // their 'tail' flags if HandleByValArgument introduced a new alloca and
-        // the callee has calls.
-        if (ActualArg != *AI) {
-          MustClearTailCallFlags = true;
+        if (ActualArg != *AI)
           ByValInit.push_back(std::make_pair(ActualArg, (Value*) *AI));
-        }
-
       }
 
       VMap[I] = ActualArg;
diff --git a/test/Transforms/Inline/2010-05-31-ByvalTailcall.ll b/test/Transforms/Inline/byval-tail-call.ll
similarity index 52%
rename from test/Transforms/Inline/2010-05-31-ByvalTailcall.ll
rename to test/Transforms/Inline/byval-tail-call.ll
index 07ea5fc6cc1..3a8906aa210 100644
--- a/test/Transforms/Inline/2010-05-31-ByvalTailcall.ll
+++ b/test/Transforms/Inline/byval-tail-call.ll
@@ -1,10 +1,8 @@
 ; RUN: opt < %s -tailcallelim -inline -instcombine -dse -S | FileCheck %s
 ; PR7272
 
-; When inlining through a byval call site, the inliner creates allocas which may
-; be used by inlined calls, so any inlined calls need to have their 'tail' flags
-; cleared.  If not then you can get nastiness like with this testcase, where the
-; (inlined) call to 'ext' in 'foo' was being passed an uninitialized value.
+; Calls that capture byval parameters cannot be marked as tail calls. Other
+; tails that don't capture byval parameters can still be tail calls.
 
 target datalayout = "e-p:32:32:32-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:32:64-f32:32:32-f64:32:64-v64:64:64-v128:128:128-a0:0:64-f80:32:32-n8:16:32"
 target triple = "i386-pc-linux-gnu"
@@ -23,3 +21,18 @@ define void @foo(i32* %x) {
   call void @bar(i32* byval %x)
   ret void
 }
+
+define internal void @qux(i32* byval %x) {
+  call void @ext(i32* %x)
+  tail call void @ext(i32* null)
+  ret void
+}
+define void @frob(i32* %x) {
+; CHECK-LABEL: define void @frob(
+; CHECK: alloca i32
+; CHECK: {{^ *}}call void @ext(
+; CHECK: tail call void @ext(i32* null)
+; CHECK: ret void
+  tail call void @qux(i32* byval %x)
+  ret void
+}
diff --git a/test/Transforms/TailCallElim/basic.ll b/test/Transforms/TailCallElim/basic.ll
index 35420ab08c3..5582ee33edc 100644
--- a/test/Transforms/TailCallElim/basic.ll
+++ b/test/Transforms/TailCallElim/basic.ll
@@ -143,3 +143,11 @@ cond_false:
   call void @noarg()
   ret i32* null
 }
+
+; Don't tail call if a byval arg is captured.
+define void @test9(i32* byval %a) {
+; CHECK-LABEL: define void @test9(
+; CHECK: {{^ *}}call void @use(
+  call void @use(i32* %a)
+  ret void
+}
-- 
2.34.1