1 //===- TypeBasedAliasAnalysis.cpp - Type-Based Alias Analysis -------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file defines the TypeBasedAliasAnalysis pass, which implements
10 // metadata-based TBAA.
11 //
12 // In LLVM IR, memory does not have types, so LLVM's own type system is not
13 // suitable for doing TBAA. Instead, metadata is added to the IR to describe
14 // a type system of a higher level language. This can be used to implement
15 // typical C/C++ TBAA, but it can also be used to implement custom alias
16 // analysis behavior for other languages.
17 //
18 // We now support two types of metadata format: scalar TBAA and struct-path
19 // aware TBAA. After all testing cases are upgraded to use struct-path aware
20 // TBAA and we can auto-upgrade existing bc files, the support for scalar TBAA
21 // can be dropped.
22 //
23 // The scalar TBAA metadata format is very simple. TBAA MDNodes have up to
24 // three fields, e.g.:
25 // !0 = !{ !"an example type tree" }
26 // !1 = !{ !"int", !0 }
27 // !2 = !{ !"float", !0 }
28 // !3 = !{ !"const float", !2, i64 1 }
29 //
30 // The first field is an identity field. It can be any value, usually
31 // an MDString, which uniquely identifies the type. The most important
32 // name in the tree is the name of the root node. Two trees with
33 // different root node names are entirely disjoint, even if they
34 // have leaves with common names.
35 //
36 // The second field identifies the type's parent node in the tree, or
37 // is null or omitted for a root node. A type is considered to alias
38 // all of its descendants and all of its ancestors in the tree. Also,
39 // a type is considered to alias all types in other trees, so that
40 // bitcode produced from multiple front-ends is handled conservatively.
41 //
42 // If the third field is present, it's an integer which if equal to 1
43 // indicates that the type is "constant" (meaning pointsToConstantMemory
44 // should return true; see
45 // http://llvm.org/docs/AliasAnalysis.html#OtherItfs).
46 //
47 // With struct-path aware TBAA, the MDNodes attached to an instruction using
48 // "!tbaa" are called path tag nodes.
49 //
50 // The path tag node has 4 fields with the last field being optional.
51 //
52 // The first field is the base type node, it can be a struct type node
53 // or a scalar type node. The second field is the access type node, it
54 // must be a scalar type node. The third field is the offset into the base type.
55 // The last field has the same meaning as the last field of our scalar TBAA:
56 // it's an integer which if equal to 1 indicates that the access is "constant".
57 //
58 // The struct type node has a name and a list of pairs, one pair for each member
59 // of the struct. The first element of each pair is a type node (a struct type
60 // node or a scalar type node), specifying the type of the member, the second
61 // element of each pair is the offset of the member.
62 //
63 // Given an example
64 // typedef struct {
65 // short s;
66 // } A;
67 // typedef struct {
68 // uint16_t s;
69 // A a;
70 // } B;
71 //
72 // For an access to B.a.s, we attach !5 (a path tag node) to the load/store
73 // instruction. The base type is !4 (struct B), the access type is !2 (scalar
74 // type short) and the offset is 4.
75 //
76 // !0 = !{!"Simple C/C++ TBAA"}
77 // !1 = !{!"omnipotent char", !0} // Scalar type node
78 // !2 = !{!"short", !1} // Scalar type node
79 // !3 = !{!"A", !2, i64 0} // Struct type node
80 // !4 = !{!"B", !2, i64 0, !3, i64 4}
81 // // Struct type node
82 // !5 = !{!4, !2, i64 4} // Path tag node
83 //
84 // The struct type nodes and the scalar type nodes form a type DAG.
85 // Root (!0)
86 // char (!1) -- edge to Root
87 // short (!2) -- edge to char
88 // A (!3) -- edge with offset 0 to short
89 // B (!4) -- edge with offset 0 to short and edge with offset 4 to A
90 //
91 // To check if two tags (tagX and tagY) can alias, we start from the base type
92 // of tagX, follow the edge with the correct offset in the type DAG and adjust
93 // the offset until we reach the base type of tagY or until we reach the Root
94 // node.
95 // If we reach the base type of tagY, compare the adjusted offset with
96 // offset of tagY, return Alias if the offsets are the same, return NoAlias
97 // otherwise.
98 // If we reach the Root node, perform the above starting from base type of tagY
99 // to see if we reach base type of tagX.
100 //
101 // If they have different roots, they're part of different potentially
102 // unrelated type systems, so we return Alias to be conservative.
103 // If neither node is an ancestor of the other and they have the same root,
104 // then we say NoAlias.
105 //
106 //===----------------------------------------------------------------------===//
107
108 #include "llvm/Analysis/TypeBasedAliasAnalysis.h"
109 #include "llvm/ADT/SetVector.h"
110 #include "llvm/Analysis/AliasAnalysis.h"
111 #include "llvm/Analysis/MemoryLocation.h"
112 #include "llvm/IR/Constants.h"
113 #include "llvm/IR/DerivedTypes.h"
114 #include "llvm/IR/InstrTypes.h"
115 #include "llvm/IR/LLVMContext.h"
116 #include "llvm/IR/Metadata.h"
117 #include "llvm/InitializePasses.h"
118 #include "llvm/Pass.h"
119 #include "llvm/Support/Casting.h"
120 #include "llvm/Support/CommandLine.h"
121 #include "llvm/Support/ErrorHandling.h"
122 #include <cassert>
123 #include <cstdint>
124
125 using namespace llvm;
126
127 // A handy option for disabling TBAA functionality. The same effect can also be
128 // achieved by stripping the !tbaa tags from IR, but this option is sometimes
129 // more convenient.
130 static cl::opt<bool> EnableTBAA("enable-tbaa", cl::init(true), cl::Hidden);
131
132 namespace {
133
134 /// isNewFormatTypeNode - Return true iff the given type node is in the new
135 /// size-aware format.
isNewFormatTypeNode(const MDNode * N)136 static bool isNewFormatTypeNode(const MDNode *N) {
137 if (N->getNumOperands() < 3)
138 return false;
139 // In the old format the first operand is a string.
140 if (!isa<MDNode>(N->getOperand(0)))
141 return false;
142 return true;
143 }
144
145 /// This is a simple wrapper around an MDNode which provides a higher-level
146 /// interface by hiding the details of how alias analysis information is encoded
147 /// in its operands.
148 template<typename MDNodeTy>
149 class TBAANodeImpl {
150 MDNodeTy *Node = nullptr;
151
152 public:
153 TBAANodeImpl() = default;
TBAANodeImpl(MDNodeTy * N)154 explicit TBAANodeImpl(MDNodeTy *N) : Node(N) {}
155
156 /// getNode - Get the MDNode for this TBAANode.
getNode() const157 MDNodeTy *getNode() const { return Node; }
158
159 /// isNewFormat - Return true iff the wrapped type node is in the new
160 /// size-aware format.
isNewFormat() const161 bool isNewFormat() const { return isNewFormatTypeNode(Node); }
162
163 /// getParent - Get this TBAANode's Alias tree parent.
getParent() const164 TBAANodeImpl<MDNodeTy> getParent() const {
165 if (isNewFormat())
166 return TBAANodeImpl(cast<MDNodeTy>(Node->getOperand(0)));
167
168 if (Node->getNumOperands() < 2)
169 return TBAANodeImpl<MDNodeTy>();
170 MDNodeTy *P = dyn_cast_or_null<MDNodeTy>(Node->getOperand(1));
171 if (!P)
172 return TBAANodeImpl<MDNodeTy>();
173 // Ok, this node has a valid parent. Return it.
174 return TBAANodeImpl<MDNodeTy>(P);
175 }
176
177 /// Test if this TBAANode represents a type for objects which are
178 /// not modified (by any means) in the context where this
179 /// AliasAnalysis is relevant.
isTypeImmutable() const180 bool isTypeImmutable() const {
181 if (Node->getNumOperands() < 3)
182 return false;
183 ConstantInt *CI = mdconst::dyn_extract<ConstantInt>(Node->getOperand(2));
184 if (!CI)
185 return false;
186 return CI->getValue()[0];
187 }
188 };
189
190 /// \name Specializations of \c TBAANodeImpl for const and non const qualified
191 /// \c MDNode.
192 /// @{
193 using TBAANode = TBAANodeImpl<const MDNode>;
194 using MutableTBAANode = TBAANodeImpl<MDNode>;
195 /// @}
196
197 /// This is a simple wrapper around an MDNode which provides a
198 /// higher-level interface by hiding the details of how alias analysis
199 /// information is encoded in its operands.
200 template<typename MDNodeTy>
201 class TBAAStructTagNodeImpl {
202 /// This node should be created with createTBAAAccessTag().
203 MDNodeTy *Node;
204
205 public:
TBAAStructTagNodeImpl(MDNodeTy * N)206 explicit TBAAStructTagNodeImpl(MDNodeTy *N) : Node(N) {}
207
208 /// Get the MDNode for this TBAAStructTagNode.
getNode() const209 MDNodeTy *getNode() const { return Node; }
210
211 /// isNewFormat - Return true iff the wrapped access tag is in the new
212 /// size-aware format.
isNewFormat() const213 bool isNewFormat() const {
214 if (Node->getNumOperands() < 4)
215 return false;
216 if (MDNodeTy *AccessType = getAccessType())
217 if (!TBAANodeImpl<MDNodeTy>(AccessType).isNewFormat())
218 return false;
219 return true;
220 }
221
getBaseType() const222 MDNodeTy *getBaseType() const {
223 return dyn_cast_or_null<MDNode>(Node->getOperand(0));
224 }
225
getAccessType() const226 MDNodeTy *getAccessType() const {
227 return dyn_cast_or_null<MDNode>(Node->getOperand(1));
228 }
229
getOffset() const230 uint64_t getOffset() const {
231 return mdconst::extract<ConstantInt>(Node->getOperand(2))->getZExtValue();
232 }
233
getSize() const234 uint64_t getSize() const {
235 if (!isNewFormat())
236 return UINT64_MAX;
237 return mdconst::extract<ConstantInt>(Node->getOperand(3))->getZExtValue();
238 }
239
240 /// Test if this TBAAStructTagNode represents a type for objects
241 /// which are not modified (by any means) in the context where this
242 /// AliasAnalysis is relevant.
isTypeImmutable() const243 bool isTypeImmutable() const {
244 unsigned OpNo = isNewFormat() ? 4 : 3;
245 if (Node->getNumOperands() < OpNo + 1)
246 return false;
247 ConstantInt *CI = mdconst::dyn_extract<ConstantInt>(Node->getOperand(OpNo));
248 if (!CI)
249 return false;
250 return CI->getValue()[0];
251 }
252 };
253
254 /// \name Specializations of \c TBAAStructTagNodeImpl for const and non const
255 /// qualified \c MDNods.
256 /// @{
257 using TBAAStructTagNode = TBAAStructTagNodeImpl<const MDNode>;
258 using MutableTBAAStructTagNode = TBAAStructTagNodeImpl<MDNode>;
259 /// @}
260
261 /// This is a simple wrapper around an MDNode which provides a
262 /// higher-level interface by hiding the details of how alias analysis
263 /// information is encoded in its operands.
264 class TBAAStructTypeNode {
265 /// This node should be created with createTBAATypeNode().
266 const MDNode *Node = nullptr;
267
268 public:
269 TBAAStructTypeNode() = default;
TBAAStructTypeNode(const MDNode * N)270 explicit TBAAStructTypeNode(const MDNode *N) : Node(N) {}
271
272 /// Get the MDNode for this TBAAStructTypeNode.
getNode() const273 const MDNode *getNode() const { return Node; }
274
275 /// isNewFormat - Return true iff the wrapped type node is in the new
276 /// size-aware format.
isNewFormat() const277 bool isNewFormat() const { return isNewFormatTypeNode(Node); }
278
operator ==(const TBAAStructTypeNode & Other) const279 bool operator==(const TBAAStructTypeNode &Other) const {
280 return getNode() == Other.getNode();
281 }
282
283 /// getId - Return type identifier.
getId() const284 Metadata *getId() const {
285 return Node->getOperand(isNewFormat() ? 2 : 0);
286 }
287
getNumFields() const288 unsigned getNumFields() const {
289 unsigned FirstFieldOpNo = isNewFormat() ? 3 : 1;
290 unsigned NumOpsPerField = isNewFormat() ? 3 : 2;
291 return (getNode()->getNumOperands() - FirstFieldOpNo) / NumOpsPerField;
292 }
293
getFieldType(unsigned FieldIndex) const294 TBAAStructTypeNode getFieldType(unsigned FieldIndex) const {
295 unsigned FirstFieldOpNo = isNewFormat() ? 3 : 1;
296 unsigned NumOpsPerField = isNewFormat() ? 3 : 2;
297 unsigned OpIndex = FirstFieldOpNo + FieldIndex * NumOpsPerField;
298 auto *TypeNode = cast<MDNode>(getNode()->getOperand(OpIndex));
299 return TBAAStructTypeNode(TypeNode);
300 }
301
302 /// Get this TBAAStructTypeNode's field in the type DAG with
303 /// given offset. Update the offset to be relative to the field type.
getField(uint64_t & Offset) const304 TBAAStructTypeNode getField(uint64_t &Offset) const {
305 bool NewFormat = isNewFormat();
306 const ArrayRef<MDOperand> Operands = Node->operands();
307 const unsigned NumOperands = Operands.size();
308
309 if (NewFormat) {
310 // New-format root and scalar type nodes have no fields.
311 if (NumOperands < 6)
312 return TBAAStructTypeNode();
313 } else {
314 // Parent can be omitted for the root node.
315 if (NumOperands < 2)
316 return TBAAStructTypeNode();
317
318 // Fast path for a scalar type node and a struct type node with a single
319 // field.
320 if (NumOperands <= 3) {
321 uint64_t Cur =
322 NumOperands == 2
323 ? 0
324 : mdconst::extract<ConstantInt>(Operands[2])->getZExtValue();
325 Offset -= Cur;
326 MDNode *P = dyn_cast_or_null<MDNode>(Operands[1]);
327 if (!P)
328 return TBAAStructTypeNode();
329 return TBAAStructTypeNode(P);
330 }
331 }
332
333 // Assume the offsets are in order. We return the previous field if
334 // the current offset is bigger than the given offset.
335 unsigned FirstFieldOpNo = NewFormat ? 3 : 1;
336 unsigned NumOpsPerField = NewFormat ? 3 : 2;
337 unsigned TheIdx = 0;
338
339 for (unsigned Idx = FirstFieldOpNo; Idx < NumOperands;
340 Idx += NumOpsPerField) {
341 uint64_t Cur =
342 mdconst::extract<ConstantInt>(Operands[Idx + 1])->getZExtValue();
343 if (Cur > Offset) {
344 assert(Idx >= FirstFieldOpNo + NumOpsPerField &&
345 "TBAAStructTypeNode::getField should have an offset match!");
346 TheIdx = Idx - NumOpsPerField;
347 break;
348 }
349 }
350 // Move along the last field.
351 if (TheIdx == 0)
352 TheIdx = NumOperands - NumOpsPerField;
353 uint64_t Cur =
354 mdconst::extract<ConstantInt>(Operands[TheIdx + 1])->getZExtValue();
355 Offset -= Cur;
356 MDNode *P = dyn_cast_or_null<MDNode>(Operands[TheIdx]);
357 if (!P)
358 return TBAAStructTypeNode();
359 return TBAAStructTypeNode(P);
360 }
361 };
362
363 } // end anonymous namespace
364
365 /// Check the first operand of the tbaa tag node, if it is a MDNode, we treat
366 /// it as struct-path aware TBAA format, otherwise, we treat it as scalar TBAA
367 /// format.
isStructPathTBAA(const MDNode * MD)368 static bool isStructPathTBAA(const MDNode *MD) {
369 // Anonymous TBAA root starts with a MDNode and dragonegg uses it as
370 // a TBAA tag.
371 return isa<MDNode>(MD->getOperand(0)) && MD->getNumOperands() >= 3;
372 }
373
alias(const MemoryLocation & LocA,const MemoryLocation & LocB,AAQueryInfo & AAQI)374 AliasResult TypeBasedAAResult::alias(const MemoryLocation &LocA,
375 const MemoryLocation &LocB,
376 AAQueryInfo &AAQI) {
377 if (!EnableTBAA)
378 return AAResultBase::alias(LocA, LocB, AAQI);
379
380 // If accesses may alias, chain to the next AliasAnalysis.
381 if (Aliases(LocA.AATags.TBAA, LocB.AATags.TBAA))
382 return AAResultBase::alias(LocA, LocB, AAQI);
383
384 // Otherwise return a definitive result.
385 return AliasResult::NoAlias;
386 }
387
pointsToConstantMemory(const MemoryLocation & Loc,AAQueryInfo & AAQI,bool OrLocal)388 bool TypeBasedAAResult::pointsToConstantMemory(const MemoryLocation &Loc,
389 AAQueryInfo &AAQI,
390 bool OrLocal) {
391 if (!EnableTBAA)
392 return AAResultBase::pointsToConstantMemory(Loc, AAQI, OrLocal);
393
394 const MDNode *M = Loc.AATags.TBAA;
395 if (!M)
396 return AAResultBase::pointsToConstantMemory(Loc, AAQI, OrLocal);
397
398 // If this is an "immutable" type, we can assume the pointer is pointing
399 // to constant memory.
400 if ((!isStructPathTBAA(M) && TBAANode(M).isTypeImmutable()) ||
401 (isStructPathTBAA(M) && TBAAStructTagNode(M).isTypeImmutable()))
402 return true;
403
404 return AAResultBase::pointsToConstantMemory(Loc, AAQI, OrLocal);
405 }
406
407 FunctionModRefBehavior
getModRefBehavior(const CallBase * Call)408 TypeBasedAAResult::getModRefBehavior(const CallBase *Call) {
409 if (!EnableTBAA)
410 return AAResultBase::getModRefBehavior(Call);
411
412 FunctionModRefBehavior Min = FMRB_UnknownModRefBehavior;
413
414 // If this is an "immutable" type, we can assume the call doesn't write
415 // to memory.
416 if (const MDNode *M = Call->getMetadata(LLVMContext::MD_tbaa))
417 if ((!isStructPathTBAA(M) && TBAANode(M).isTypeImmutable()) ||
418 (isStructPathTBAA(M) && TBAAStructTagNode(M).isTypeImmutable()))
419 Min = FMRB_OnlyReadsMemory;
420
421 return FunctionModRefBehavior(AAResultBase::getModRefBehavior(Call) & Min);
422 }
423
getModRefBehavior(const Function * F)424 FunctionModRefBehavior TypeBasedAAResult::getModRefBehavior(const Function *F) {
425 // Functions don't have metadata. Just chain to the next implementation.
426 return AAResultBase::getModRefBehavior(F);
427 }
428
getModRefInfo(const CallBase * Call,const MemoryLocation & Loc,AAQueryInfo & AAQI)429 ModRefInfo TypeBasedAAResult::getModRefInfo(const CallBase *Call,
430 const MemoryLocation &Loc,
431 AAQueryInfo &AAQI) {
432 if (!EnableTBAA)
433 return AAResultBase::getModRefInfo(Call, Loc, AAQI);
434
435 if (const MDNode *L = Loc.AATags.TBAA)
436 if (const MDNode *M = Call->getMetadata(LLVMContext::MD_tbaa))
437 if (!Aliases(L, M))
438 return ModRefInfo::NoModRef;
439
440 return AAResultBase::getModRefInfo(Call, Loc, AAQI);
441 }
442
getModRefInfo(const CallBase * Call1,const CallBase * Call2,AAQueryInfo & AAQI)443 ModRefInfo TypeBasedAAResult::getModRefInfo(const CallBase *Call1,
444 const CallBase *Call2,
445 AAQueryInfo &AAQI) {
446 if (!EnableTBAA)
447 return AAResultBase::getModRefInfo(Call1, Call2, AAQI);
448
449 if (const MDNode *M1 = Call1->getMetadata(LLVMContext::MD_tbaa))
450 if (const MDNode *M2 = Call2->getMetadata(LLVMContext::MD_tbaa))
451 if (!Aliases(M1, M2))
452 return ModRefInfo::NoModRef;
453
454 return AAResultBase::getModRefInfo(Call1, Call2, AAQI);
455 }
456
isTBAAVtableAccess() const457 bool MDNode::isTBAAVtableAccess() const {
458 if (!isStructPathTBAA(this)) {
459 if (getNumOperands() < 1)
460 return false;
461 if (MDString *Tag1 = dyn_cast<MDString>(getOperand(0))) {
462 if (Tag1->getString() == "vtable pointer")
463 return true;
464 }
465 return false;
466 }
467
468 // For struct-path aware TBAA, we use the access type of the tag.
469 TBAAStructTagNode Tag(this);
470 TBAAStructTypeNode AccessType(Tag.getAccessType());
471 if(auto *Id = dyn_cast<MDString>(AccessType.getId()))
472 if (Id->getString() == "vtable pointer")
473 return true;
474 return false;
475 }
476
477 static bool matchAccessTags(const MDNode *A, const MDNode *B,
478 const MDNode **GenericTag = nullptr);
479
getMostGenericTBAA(MDNode * A,MDNode * B)480 MDNode *MDNode::getMostGenericTBAA(MDNode *A, MDNode *B) {
481 const MDNode *GenericTag;
482 matchAccessTags(A, B, &GenericTag);
483 return const_cast<MDNode*>(GenericTag);
484 }
485
getLeastCommonType(const MDNode * A,const MDNode * B)486 static const MDNode *getLeastCommonType(const MDNode *A, const MDNode *B) {
487 if (!A || !B)
488 return nullptr;
489
490 if (A == B)
491 return A;
492
493 SmallSetVector<const MDNode *, 4> PathA;
494 TBAANode TA(A);
495 while (TA.getNode()) {
496 if (PathA.count(TA.getNode()))
497 report_fatal_error("Cycle found in TBAA metadata.");
498 PathA.insert(TA.getNode());
499 TA = TA.getParent();
500 }
501
502 SmallSetVector<const MDNode *, 4> PathB;
503 TBAANode TB(B);
504 while (TB.getNode()) {
505 if (PathB.count(TB.getNode()))
506 report_fatal_error("Cycle found in TBAA metadata.");
507 PathB.insert(TB.getNode());
508 TB = TB.getParent();
509 }
510
511 int IA = PathA.size() - 1;
512 int IB = PathB.size() - 1;
513
514 const MDNode *Ret = nullptr;
515 while (IA >= 0 && IB >= 0) {
516 if (PathA[IA] == PathB[IB])
517 Ret = PathA[IA];
518 else
519 break;
520 --IA;
521 --IB;
522 }
523
524 return Ret;
525 }
526
merge(const AAMDNodes & Other) const527 AAMDNodes AAMDNodes::merge(const AAMDNodes &Other) const {
528 AAMDNodes Result;
529 Result.TBAA = MDNode::getMostGenericTBAA(TBAA, Other.TBAA);
530 Result.TBAAStruct = nullptr;
531 Result.Scope = MDNode::getMostGenericAliasScope(Scope, Other.Scope);
532 Result.NoAlias = MDNode::intersect(NoAlias, Other.NoAlias);
533 return Result;
534 }
535
concat(const AAMDNodes & Other) const536 AAMDNodes AAMDNodes::concat(const AAMDNodes &Other) const {
537 AAMDNodes Result;
538 Result.TBAA = Result.TBAAStruct = nullptr;
539 Result.Scope = MDNode::getMostGenericAliasScope(Scope, Other.Scope);
540 Result.NoAlias = MDNode::intersect(NoAlias, Other.NoAlias);
541 return Result;
542 }
543
createAccessTag(const MDNode * AccessType)544 static const MDNode *createAccessTag(const MDNode *AccessType) {
545 // If there is no access type or the access type is the root node, then
546 // we don't have any useful access tag to return.
547 if (!AccessType || AccessType->getNumOperands() < 2)
548 return nullptr;
549
550 Type *Int64 = IntegerType::get(AccessType->getContext(), 64);
551 auto *OffsetNode = ConstantAsMetadata::get(ConstantInt::get(Int64, 0));
552
553 if (TBAAStructTypeNode(AccessType).isNewFormat()) {
554 // TODO: Take access ranges into account when matching access tags and
555 // fix this code to generate actual access sizes for generic tags.
556 uint64_t AccessSize = UINT64_MAX;
557 auto *SizeNode =
558 ConstantAsMetadata::get(ConstantInt::get(Int64, AccessSize));
559 Metadata *Ops[] = {const_cast<MDNode*>(AccessType),
560 const_cast<MDNode*>(AccessType),
561 OffsetNode, SizeNode};
562 return MDNode::get(AccessType->getContext(), Ops);
563 }
564
565 Metadata *Ops[] = {const_cast<MDNode*>(AccessType),
566 const_cast<MDNode*>(AccessType),
567 OffsetNode};
568 return MDNode::get(AccessType->getContext(), Ops);
569 }
570
hasField(TBAAStructTypeNode BaseType,TBAAStructTypeNode FieldType)571 static bool hasField(TBAAStructTypeNode BaseType,
572 TBAAStructTypeNode FieldType) {
573 for (unsigned I = 0, E = BaseType.getNumFields(); I != E; ++I) {
574 TBAAStructTypeNode T = BaseType.getFieldType(I);
575 if (T == FieldType || hasField(T, FieldType))
576 return true;
577 }
578 return false;
579 }
580
581 /// Return true if for two given accesses, one of the accessed objects may be a
582 /// subobject of the other. The \p BaseTag and \p SubobjectTag parameters
583 /// describe the accesses to the base object and the subobject respectively.
584 /// \p CommonType must be the metadata node describing the common type of the
585 /// accessed objects. On return, \p MayAlias is set to true iff these accesses
586 /// may alias and \p Generic, if not null, points to the most generic access
587 /// tag for the given two.
mayBeAccessToSubobjectOf(TBAAStructTagNode BaseTag,TBAAStructTagNode SubobjectTag,const MDNode * CommonType,const MDNode ** GenericTag,bool & MayAlias)588 static bool mayBeAccessToSubobjectOf(TBAAStructTagNode BaseTag,
589 TBAAStructTagNode SubobjectTag,
590 const MDNode *CommonType,
591 const MDNode **GenericTag,
592 bool &MayAlias) {
593 // If the base object is of the least common type, then this may be an access
594 // to its subobject.
595 if (BaseTag.getAccessType() == BaseTag.getBaseType() &&
596 BaseTag.getAccessType() == CommonType) {
597 if (GenericTag)
598 *GenericTag = createAccessTag(CommonType);
599 MayAlias = true;
600 return true;
601 }
602
603 // If the access to the base object is through a field of the subobject's
604 // type, then this may be an access to that field. To check for that we start
605 // from the base type, follow the edge with the correct offset in the type DAG
606 // and adjust the offset until we reach the field type or until we reach the
607 // access type.
608 bool NewFormat = BaseTag.isNewFormat();
609 TBAAStructTypeNode BaseType(BaseTag.getBaseType());
610 uint64_t OffsetInBase = BaseTag.getOffset();
611
612 for (;;) {
613 // In the old format there is no distinction between fields and parent
614 // types, so in this case we consider all nodes up to the root.
615 if (!BaseType.getNode()) {
616 assert(!NewFormat && "Did not see access type in access path!");
617 break;
618 }
619
620 if (BaseType.getNode() == SubobjectTag.getBaseType()) {
621 bool SameMemberAccess = OffsetInBase == SubobjectTag.getOffset();
622 if (GenericTag) {
623 *GenericTag = SameMemberAccess ? SubobjectTag.getNode() :
624 createAccessTag(CommonType);
625 }
626 MayAlias = SameMemberAccess;
627 return true;
628 }
629
630 // With new-format nodes we stop at the access type.
631 if (NewFormat && BaseType.getNode() == BaseTag.getAccessType())
632 break;
633
634 // Follow the edge with the correct offset. Offset will be adjusted to
635 // be relative to the field type.
636 BaseType = BaseType.getField(OffsetInBase);
637 }
638
639 // If the base object has a direct or indirect field of the subobject's type,
640 // then this may be an access to that field. We need this to check now that
641 // we support aggregates as access types.
642 if (NewFormat) {
643 // TBAAStructTypeNode BaseAccessType(BaseTag.getAccessType());
644 TBAAStructTypeNode FieldType(SubobjectTag.getBaseType());
645 if (hasField(BaseType, FieldType)) {
646 if (GenericTag)
647 *GenericTag = createAccessTag(CommonType);
648 MayAlias = true;
649 return true;
650 }
651 }
652
653 return false;
654 }
655
656 /// matchTags - Return true if the given couple of accesses are allowed to
657 /// overlap. If \arg GenericTag is not null, then on return it points to the
658 /// most generic access descriptor for the given two.
matchAccessTags(const MDNode * A,const MDNode * B,const MDNode ** GenericTag)659 static bool matchAccessTags(const MDNode *A, const MDNode *B,
660 const MDNode **GenericTag) {
661 if (A == B) {
662 if (GenericTag)
663 *GenericTag = A;
664 return true;
665 }
666
667 // Accesses with no TBAA information may alias with any other accesses.
668 if (!A || !B) {
669 if (GenericTag)
670 *GenericTag = nullptr;
671 return true;
672 }
673
674 // Verify that both input nodes are struct-path aware. Auto-upgrade should
675 // have taken care of this.
676 assert(isStructPathTBAA(A) && "Access A is not struct-path aware!");
677 assert(isStructPathTBAA(B) && "Access B is not struct-path aware!");
678
679 TBAAStructTagNode TagA(A), TagB(B);
680 const MDNode *CommonType = getLeastCommonType(TagA.getAccessType(),
681 TagB.getAccessType());
682
683 // If the final access types have different roots, they're part of different
684 // potentially unrelated type systems, so we must be conservative.
685 if (!CommonType) {
686 if (GenericTag)
687 *GenericTag = nullptr;
688 return true;
689 }
690
691 // If one of the accessed objects may be a subobject of the other, then such
692 // accesses may alias.
693 bool MayAlias;
694 if (mayBeAccessToSubobjectOf(/* BaseTag= */ TagA, /* SubobjectTag= */ TagB,
695 CommonType, GenericTag, MayAlias) ||
696 mayBeAccessToSubobjectOf(/* BaseTag= */ TagB, /* SubobjectTag= */ TagA,
697 CommonType, GenericTag, MayAlias))
698 return MayAlias;
699
700 // Otherwise, we've proved there's no alias.
701 if (GenericTag)
702 *GenericTag = createAccessTag(CommonType);
703 return false;
704 }
705
706 /// Aliases - Test whether the access represented by tag A may alias the
707 /// access represented by tag B.
Aliases(const MDNode * A,const MDNode * B) const708 bool TypeBasedAAResult::Aliases(const MDNode *A, const MDNode *B) const {
709 return matchAccessTags(A, B);
710 }
711
712 AnalysisKey TypeBasedAA::Key;
713
run(Function & F,FunctionAnalysisManager & AM)714 TypeBasedAAResult TypeBasedAA::run(Function &F, FunctionAnalysisManager &AM) {
715 return TypeBasedAAResult();
716 }
717
718 char TypeBasedAAWrapperPass::ID = 0;
719 INITIALIZE_PASS(TypeBasedAAWrapperPass, "tbaa", "Type-Based Alias Analysis",
720 false, true)
721
createTypeBasedAAWrapperPass()722 ImmutablePass *llvm::createTypeBasedAAWrapperPass() {
723 return new TypeBasedAAWrapperPass();
724 }
725
TypeBasedAAWrapperPass()726 TypeBasedAAWrapperPass::TypeBasedAAWrapperPass() : ImmutablePass(ID) {
727 initializeTypeBasedAAWrapperPassPass(*PassRegistry::getPassRegistry());
728 }
729
doInitialization(Module & M)730 bool TypeBasedAAWrapperPass::doInitialization(Module &M) {
731 Result.reset(new TypeBasedAAResult());
732 return false;
733 }
734
doFinalization(Module & M)735 bool TypeBasedAAWrapperPass::doFinalization(Module &M) {
736 Result.reset();
737 return false;
738 }
739
getAnalysisUsage(AnalysisUsage & AU) const740 void TypeBasedAAWrapperPass::getAnalysisUsage(AnalysisUsage &AU) const {
741 AU.setPreservesAll();
742 }
743
shiftTBAA(MDNode * MD,size_t Offset)744 MDNode *AAMDNodes::shiftTBAA(MDNode *MD, size_t Offset) {
745 // Fast path if there's no offset
746 if (Offset == 0)
747 return MD;
748 // Fast path if there's no path tbaa node (and thus scalar)
749 if (!isStructPathTBAA(MD))
750 return MD;
751
752 // The correct behavior here is to add the offset into the TBAA
753 // struct node offset. The base type, however may not have defined
754 // a type at this additional offset, resulting in errors. Since
755 // this method is only used within a given load/store access
756 // the offset provided is only used to subdivide the previous load
757 // maintaining the validity of the previous TBAA.
758 //
759 // This, however, should be revisited in the future.
760 return MD;
761 }
762
shiftTBAAStruct(MDNode * MD,size_t Offset)763 MDNode *AAMDNodes::shiftTBAAStruct(MDNode *MD, size_t Offset) {
764 // Fast path if there's no offset
765 if (Offset == 0)
766 return MD;
767 SmallVector<Metadata *, 3> Sub;
768 for (size_t i = 0, size = MD->getNumOperands(); i < size; i += 3) {
769 ConstantInt *InnerOffset = mdconst::extract<ConstantInt>(MD->getOperand(i));
770 ConstantInt *InnerSize =
771 mdconst::extract<ConstantInt>(MD->getOperand(i + 1));
772 // Don't include any triples that aren't in bounds
773 if (InnerOffset->getZExtValue() + InnerSize->getZExtValue() <= Offset)
774 continue;
775
776 uint64_t NewSize = InnerSize->getZExtValue();
777 uint64_t NewOffset = InnerOffset->getZExtValue() - Offset;
778 if (InnerOffset->getZExtValue() < Offset) {
779 NewOffset = 0;
780 NewSize -= Offset - InnerOffset->getZExtValue();
781 }
782
783 // Shift the offset of the triple
784 Sub.push_back(ConstantAsMetadata::get(
785 ConstantInt::get(InnerOffset->getType(), NewOffset)));
786 Sub.push_back(ConstantAsMetadata::get(
787 ConstantInt::get(InnerSize->getType(), NewSize)));
788 Sub.push_back(MD->getOperand(i + 2));
789 }
790 return MDNode::get(MD->getContext(), Sub);
791 }
792
extendToTBAA(MDNode * MD,ssize_t Len)793 MDNode *AAMDNodes::extendToTBAA(MDNode *MD, ssize_t Len) {
794 // Fast path if 0-length
795 if (Len == 0)
796 return nullptr;
797
798 // Regular TBAA is invariant of length, so we only need to consider
799 // struct-path TBAA.
800 if (!isStructPathTBAA(MD))
801 return MD;
802
803 TBAAStructTagNode Tag(MD);
804
805 // Only new format TBAA has a size
806 if (!Tag.isNewFormat())
807 return MD;
808
809 // If unknown size, drop the TBAA.
810 if (Len == -1)
811 return nullptr;
812
813 // Otherwise, create TBAA with the new Len
814 ArrayRef<MDOperand> MDOperands = MD->operands();
815 SmallVector<Metadata *, 4> NextNodes(MDOperands.begin(), MDOperands.end());
816 ConstantInt *PreviousSize = mdconst::extract<ConstantInt>(NextNodes[3]);
817
818 // Don't create a new MDNode if it is the same length.
819 if (PreviousSize->equalsInt(Len))
820 return MD;
821
822 NextNodes[3] =
823 ConstantAsMetadata::get(ConstantInt::get(PreviousSize->getType(), Len));
824 return MDNode::get(MD->getContext(), NextNodes);
825 }
826