1 //===- BasicAliasAnalysis.cpp - Stateless Alias Analysis Impl -------------===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file defines the primary stateless implementation of the 11 // Alias Analysis interface that implements identities (two different 12 // globals cannot alias, etc), but does no stateful analysis. 13 // 14 //===----------------------------------------------------------------------===// 15 16 #include "llvm/Analysis/BasicAliasAnalysis.h" 17 #include "llvm/ADT/SmallVector.h" 18 #include "llvm/ADT/Statistic.h" 19 #include "llvm/Analysis/AliasAnalysis.h" 20 #include "llvm/Analysis/CFG.h" 21 #include "llvm/Analysis/CaptureTracking.h" 22 #include "llvm/Analysis/InstructionSimplify.h" 23 #include "llvm/Analysis/LoopInfo.h" 24 #include "llvm/Analysis/MemoryBuiltins.h" 25 #include "llvm/Analysis/ValueTracking.h" 26 #include "llvm/IR/Constants.h" 27 #include "llvm/IR/DataLayout.h" 28 #include "llvm/IR/DerivedTypes.h" 29 #include "llvm/IR/Dominators.h" 30 #include "llvm/IR/GlobalAlias.h" 31 #include "llvm/IR/GlobalVariable.h" 32 #include "llvm/IR/Instructions.h" 33 #include "llvm/IR/IntrinsicInst.h" 34 #include "llvm/IR/LLVMContext.h" 35 #include "llvm/IR/Operator.h" 36 #include "llvm/Pass.h" 37 #include "llvm/Support/ErrorHandling.h" 38 #include <algorithm> 39 using namespace llvm; 40 41 /// Enable analysis of recursive PHI nodes. 42 static cl::opt<bool> EnableRecPhiAnalysis("basicaa-recphi", cl::Hidden, 43 cl::init(false)); 44 45 /// SearchLimitReached / SearchTimes shows how often the limit of 46 /// to decompose GEPs is reached. It will affect the precision 47 /// of basic alias analysis. 48 #define DEBUG_TYPE "basicaa" 49 STATISTIC(SearchLimitReached, "Number of times the limit to " 50 "decompose GEPs is reached"); 51 STATISTIC(SearchTimes, "Number of times a GEP is decomposed"); 52 53 /// Cutoff after which to stop analysing a set of phi nodes potentially involved 54 /// in a cycle. Because we are analysing 'through' phi nodes we need to be 55 /// careful with value equivalence. We use reachability to make sure a value 56 /// cannot be involved in a cycle. 57 const unsigned MaxNumPhiBBsValueReachabilityCheck = 20; 58 59 // The max limit of the search depth in DecomposeGEPExpression() and 60 // GetUnderlyingObject(), both functions need to use the same search 61 // depth otherwise the algorithm in aliasGEP will assert. 62 static const unsigned MaxLookupSearchDepth = 6; 63 64 //===----------------------------------------------------------------------===// 65 // Useful predicates 66 //===----------------------------------------------------------------------===// 67 68 /// Returns true if the pointer is to a function-local object that never 69 /// escapes from the function. 70 static bool isNonEscapingLocalObject(const Value *V) { 71 // If this is a local allocation, check to see if it escapes. 72 if (isa<AllocaInst>(V) || isNoAliasCall(V)) 73 // Set StoreCaptures to True so that we can assume in our callers that the 74 // pointer is not the result of a load instruction. Currently 75 // PointerMayBeCaptured doesn't have any special analysis for the 76 // StoreCaptures=false case; if it did, our callers could be refined to be 77 // more precise. 78 return !PointerMayBeCaptured(V, false, /*StoreCaptures=*/true); 79 80 // If this is an argument that corresponds to a byval or noalias argument, 81 // then it has not escaped before entering the function. Check if it escapes 82 // inside the function. 83 if (const Argument *A = dyn_cast<Argument>(V)) 84 if (A->hasByValAttr() || A->hasNoAliasAttr()) 85 // Note even if the argument is marked nocapture we still need to check 86 // for copies made inside the function. The nocapture attribute only 87 // specifies that there are no copies made that outlive the function. 88 return !PointerMayBeCaptured(V, false, /*StoreCaptures=*/true); 89 90 return false; 91 } 92 93 /// Returns true if the pointer is one which would have been considered an 94 /// escape by isNonEscapingLocalObject. 95 static bool isEscapeSource(const Value *V) { 96 if (isa<CallInst>(V) || isa<InvokeInst>(V) || isa<Argument>(V)) 97 return true; 98 99 // The load case works because isNonEscapingLocalObject considers all 100 // stores to be escapes (it passes true for the StoreCaptures argument 101 // to PointerMayBeCaptured). 102 if (isa<LoadInst>(V)) 103 return true; 104 105 return false; 106 } 107 108 /// Returns the size of the object specified by V, or UnknownSize if unknown. 109 static uint64_t getObjectSize(const Value *V, const DataLayout &DL, 110 const TargetLibraryInfo &TLI, 111 bool RoundToAlign = false) { 112 uint64_t Size; 113 if (getObjectSize(V, Size, DL, &TLI, RoundToAlign)) 114 return Size; 115 return MemoryLocation::UnknownSize; 116 } 117 118 /// Returns true if we can prove that the object specified by V is smaller than 119 /// Size. 120 static bool isObjectSmallerThan(const Value *V, uint64_t Size, 121 const DataLayout &DL, 122 const TargetLibraryInfo &TLI) { 123 // Note that the meanings of the "object" are slightly different in the 124 // following contexts: 125 // c1: llvm::getObjectSize() 126 // c2: llvm.objectsize() intrinsic 127 // c3: isObjectSmallerThan() 128 // c1 and c2 share the same meaning; however, the meaning of "object" in c3 129 // refers to the "entire object". 130 // 131 // Consider this example: 132 // char *p = (char*)malloc(100) 133 // char *q = p+80; 134 // 135 // In the context of c1 and c2, the "object" pointed by q refers to the 136 // stretch of memory of q[0:19]. So, getObjectSize(q) should return 20. 137 // 138 // However, in the context of c3, the "object" refers to the chunk of memory 139 // being allocated. So, the "object" has 100 bytes, and q points to the middle 140 // the "object". In case q is passed to isObjectSmallerThan() as the 1st 141 // parameter, before the llvm::getObjectSize() is called to get the size of 142 // entire object, we should: 143 // - either rewind the pointer q to the base-address of the object in 144 // question (in this case rewind to p), or 145 // - just give up. It is up to caller to make sure the pointer is pointing 146 // to the base address the object. 147 // 148 // We go for 2nd option for simplicity. 149 if (!isIdentifiedObject(V)) 150 return false; 151 152 // This function needs to use the aligned object size because we allow 153 // reads a bit past the end given sufficient alignment. 154 uint64_t ObjectSize = getObjectSize(V, DL, TLI, /*RoundToAlign*/ true); 155 156 return ObjectSize != MemoryLocation::UnknownSize && ObjectSize < Size; 157 } 158 159 /// Returns true if we can prove that the object specified by V has size Size. 160 static bool isObjectSize(const Value *V, uint64_t Size, const DataLayout &DL, 161 const TargetLibraryInfo &TLI) { 162 uint64_t ObjectSize = getObjectSize(V, DL, TLI); 163 return ObjectSize != MemoryLocation::UnknownSize && ObjectSize == Size; 164 } 165 166 //===----------------------------------------------------------------------===// 167 // GetElementPtr Instruction Decomposition and Analysis 168 //===----------------------------------------------------------------------===// 169 170 /// Analyzes the specified value as a linear expression: "A*V + B", where A and 171 /// B are constant integers. 172 /// 173 /// Returns the scale and offset values as APInts and return V as a Value*, and 174 /// return whether we looked through any sign or zero extends. The incoming 175 /// Value is known to have IntegerType and it may already be sign or zero 176 /// extended. 177 /// 178 /// Note that this looks through extends, so the high bits may not be 179 /// represented in the result. 180 /*static*/ Value *BasicAliasAnalysis::GetLinearExpression( 181 Value *V, APInt &Scale, APInt &Offset, ExtensionKind &Extension, 182 const DataLayout &DL, unsigned Depth, AssumptionCache *AC, 183 DominatorTree *DT) { 184 assert(V->getType()->isIntegerTy() && "Not an integer value"); 185 186 // Limit our recursion depth. 187 if (Depth == 6) { 188 Scale = 1; 189 Offset = 0; 190 return V; 191 } 192 193 if (ConstantInt *Const = dyn_cast<ConstantInt>(V)) { 194 // if it's a constant, just convert it to an offset 195 // and remove the variable. 196 Offset += Const->getValue(); 197 assert(Scale == 0 && "Constant values don't have a scale"); 198 return V; 199 } 200 201 if (BinaryOperator *BOp = dyn_cast<BinaryOperator>(V)) { 202 if (ConstantInt *RHSC = dyn_cast<ConstantInt>(BOp->getOperand(1))) { 203 switch (BOp->getOpcode()) { 204 default: 205 break; 206 case Instruction::Or: 207 // X|C == X+C if all the bits in C are unset in X. Otherwise we can't 208 // analyze it. 209 if (!MaskedValueIsZero(BOp->getOperand(0), RHSC->getValue(), DL, 0, AC, 210 BOp, DT)) 211 break; 212 // FALL THROUGH. 213 case Instruction::Add: 214 V = GetLinearExpression(BOp->getOperand(0), Scale, Offset, Extension, 215 DL, Depth + 1, AC, DT); 216 Offset += RHSC->getValue(); 217 return V; 218 case Instruction::Mul: 219 V = GetLinearExpression(BOp->getOperand(0), Scale, Offset, Extension, 220 DL, Depth + 1, AC, DT); 221 Offset *= RHSC->getValue(); 222 Scale *= RHSC->getValue(); 223 return V; 224 case Instruction::Shl: 225 V = GetLinearExpression(BOp->getOperand(0), Scale, Offset, Extension, 226 DL, Depth + 1, AC, DT); 227 Offset <<= RHSC->getValue().getLimitedValue(); 228 Scale <<= RHSC->getValue().getLimitedValue(); 229 return V; 230 } 231 } 232 } 233 234 // Since GEP indices are sign extended anyway, we don't care about the high 235 // bits of a sign or zero extended value - just scales and offsets. The 236 // extensions have to be consistent though. 237 if ((isa<SExtInst>(V) && Extension != EK_ZeroExt) || 238 (isa<ZExtInst>(V) && Extension != EK_SignExt)) { 239 Value *CastOp = cast<CastInst>(V)->getOperand(0); 240 unsigned OldWidth = Scale.getBitWidth(); 241 unsigned SmallWidth = CastOp->getType()->getPrimitiveSizeInBits(); 242 Scale = Scale.trunc(SmallWidth); 243 Offset = Offset.trunc(SmallWidth); 244 Extension = isa<SExtInst>(V) ? EK_SignExt : EK_ZeroExt; 245 246 Value *Result = GetLinearExpression(CastOp, Scale, Offset, Extension, DL, 247 Depth + 1, AC, DT); 248 Scale = Scale.zext(OldWidth); 249 250 // We have to sign-extend even if Extension == EK_ZeroExt as we can't 251 // decompose a sign extension (i.e. zext(x - 1) != zext(x) - zext(-1)). 252 Offset = Offset.sext(OldWidth); 253 254 return Result; 255 } 256 257 Scale = 1; 258 Offset = 0; 259 return V; 260 } 261 262 /// If V is a symbolic pointer expression, decompose it into a base pointer 263 /// with a constant offset and a number of scaled symbolic offsets. 264 /// 265 /// The scaled symbolic offsets (represented by pairs of a Value* and a scale 266 /// in the VarIndices vector) are Value*'s that are known to be scaled by the 267 /// specified amount, but which may have other unrepresented high bits. As 268 /// such, the gep cannot necessarily be reconstructed from its decomposed form. 269 /// 270 /// When DataLayout is around, this function is capable of analyzing everything 271 /// that GetUnderlyingObject can look through. To be able to do that 272 /// GetUnderlyingObject and DecomposeGEPExpression must use the same search 273 /// depth (MaxLookupSearchDepth). When DataLayout not is around, it just looks 274 /// through pointer casts. 275 /*static*/ const Value *BasicAliasAnalysis::DecomposeGEPExpression( 276 const Value *V, int64_t &BaseOffs, 277 SmallVectorImpl<VariableGEPIndex> &VarIndices, bool &MaxLookupReached, 278 const DataLayout &DL, AssumptionCache *AC, DominatorTree *DT) { 279 // Limit recursion depth to limit compile time in crazy cases. 280 unsigned MaxLookup = MaxLookupSearchDepth; 281 MaxLookupReached = false; 282 SearchTimes++; 283 284 BaseOffs = 0; 285 do { 286 // See if this is a bitcast or GEP. 287 const Operator *Op = dyn_cast<Operator>(V); 288 if (!Op) { 289 // The only non-operator case we can handle are GlobalAliases. 290 if (const GlobalAlias *GA = dyn_cast<GlobalAlias>(V)) { 291 if (!GA->mayBeOverridden()) { 292 V = GA->getAliasee(); 293 continue; 294 } 295 } 296 return V; 297 } 298 299 if (Op->getOpcode() == Instruction::BitCast || 300 Op->getOpcode() == Instruction::AddrSpaceCast) { 301 V = Op->getOperand(0); 302 continue; 303 } 304 305 const GEPOperator *GEPOp = dyn_cast<GEPOperator>(Op); 306 if (!GEPOp) { 307 // If it's not a GEP, hand it off to SimplifyInstruction to see if it 308 // can come up with something. This matches what GetUnderlyingObject does. 309 if (const Instruction *I = dyn_cast<Instruction>(V)) 310 // TODO: Get a DominatorTree and AssumptionCache and use them here 311 // (these are both now available in this function, but this should be 312 // updated when GetUnderlyingObject is updated). TLI should be 313 // provided also. 314 if (const Value *Simplified = 315 SimplifyInstruction(const_cast<Instruction *>(I), DL)) { 316 V = Simplified; 317 continue; 318 } 319 320 return V; 321 } 322 323 // Don't attempt to analyze GEPs over unsized objects. 324 if (!GEPOp->getOperand(0)->getType()->getPointerElementType()->isSized()) 325 return V; 326 327 unsigned AS = GEPOp->getPointerAddressSpace(); 328 // Walk the indices of the GEP, accumulating them into BaseOff/VarIndices. 329 gep_type_iterator GTI = gep_type_begin(GEPOp); 330 for (User::const_op_iterator I = GEPOp->op_begin() + 1, E = GEPOp->op_end(); 331 I != E; ++I) { 332 Value *Index = *I; 333 // Compute the (potentially symbolic) offset in bytes for this index. 334 if (StructType *STy = dyn_cast<StructType>(*GTI++)) { 335 // For a struct, add the member offset. 336 unsigned FieldNo = cast<ConstantInt>(Index)->getZExtValue(); 337 if (FieldNo == 0) 338 continue; 339 340 BaseOffs += DL.getStructLayout(STy)->getElementOffset(FieldNo); 341 continue; 342 } 343 344 // For an array/pointer, add the element offset, explicitly scaled. 345 if (ConstantInt *CIdx = dyn_cast<ConstantInt>(Index)) { 346 if (CIdx->isZero()) 347 continue; 348 BaseOffs += DL.getTypeAllocSize(*GTI) * CIdx->getSExtValue(); 349 continue; 350 } 351 352 uint64_t Scale = DL.getTypeAllocSize(*GTI); 353 ExtensionKind Extension = EK_NotExtended; 354 355 // If the integer type is smaller than the pointer size, it is implicitly 356 // sign extended to pointer size. 357 unsigned Width = Index->getType()->getIntegerBitWidth(); 358 if (DL.getPointerSizeInBits(AS) > Width) 359 Extension = EK_SignExt; 360 361 // Use GetLinearExpression to decompose the index into a C1*V+C2 form. 362 APInt IndexScale(Width, 0), IndexOffset(Width, 0); 363 Index = GetLinearExpression(Index, IndexScale, IndexOffset, Extension, DL, 364 0, AC, DT); 365 366 // The GEP index scale ("Scale") scales C1*V+C2, yielding (C1*V+C2)*Scale. 367 // This gives us an aggregate computation of (C1*Scale)*V + C2*Scale. 368 BaseOffs += IndexOffset.getSExtValue() * Scale; 369 Scale *= IndexScale.getSExtValue(); 370 371 // If we already had an occurrence of this index variable, merge this 372 // scale into it. For example, we want to handle: 373 // A[x][x] -> x*16 + x*4 -> x*20 374 // This also ensures that 'x' only appears in the index list once. 375 for (unsigned i = 0, e = VarIndices.size(); i != e; ++i) { 376 if (VarIndices[i].V == Index && VarIndices[i].Extension == Extension) { 377 Scale += VarIndices[i].Scale; 378 VarIndices.erase(VarIndices.begin() + i); 379 break; 380 } 381 } 382 383 // Make sure that we have a scale that makes sense for this target's 384 // pointer size. 385 if (unsigned ShiftBits = 64 - DL.getPointerSizeInBits(AS)) { 386 Scale <<= ShiftBits; 387 Scale = (int64_t)Scale >> ShiftBits; 388 } 389 390 if (Scale) { 391 VariableGEPIndex Entry = {Index, Extension, 392 static_cast<int64_t>(Scale)}; 393 VarIndices.push_back(Entry); 394 } 395 } 396 397 // Analyze the base pointer next. 398 V = GEPOp->getOperand(0); 399 } while (--MaxLookup); 400 401 // If the chain of expressions is too deep, just return early. 402 MaxLookupReached = true; 403 SearchLimitReached++; 404 return V; 405 } 406 407 //===----------------------------------------------------------------------===// 408 // BasicAliasAnalysis Pass 409 //===----------------------------------------------------------------------===// 410 411 // Register the pass... 412 char BasicAliasAnalysis::ID = 0; 413 INITIALIZE_AG_PASS_BEGIN(BasicAliasAnalysis, AliasAnalysis, "basicaa", 414 "Basic Alias Analysis (stateless AA impl)", false, 415 true, false) 416 INITIALIZE_PASS_DEPENDENCY(AssumptionCacheTracker) 417 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass) 418 INITIALIZE_AG_PASS_END(BasicAliasAnalysis, AliasAnalysis, "basicaa", 419 "Basic Alias Analysis (stateless AA impl)", false, true, 420 false) 421 422 ImmutablePass *llvm::createBasicAliasAnalysisPass() { 423 return new BasicAliasAnalysis(); 424 } 425 426 /// Returns whether the given pointer value points to memory that is local to 427 /// the function, with global constants being considered local to all 428 /// functions. 429 bool BasicAliasAnalysis::pointsToConstantMemory(const MemoryLocation &Loc, 430 bool OrLocal) { 431 assert(Visited.empty() && "Visited must be cleared after use!"); 432 433 unsigned MaxLookup = 8; 434 SmallVector<const Value *, 16> Worklist; 435 Worklist.push_back(Loc.Ptr); 436 do { 437 const Value *V = GetUnderlyingObject(Worklist.pop_back_val(), *DL); 438 if (!Visited.insert(V).second) { 439 Visited.clear(); 440 return AliasAnalysis::pointsToConstantMemory(Loc, OrLocal); 441 } 442 443 // An alloca instruction defines local memory. 444 if (OrLocal && isa<AllocaInst>(V)) 445 continue; 446 447 // A global constant counts as local memory for our purposes. 448 if (const GlobalVariable *GV = dyn_cast<GlobalVariable>(V)) { 449 // Note: this doesn't require GV to be "ODR" because it isn't legal for a 450 // global to be marked constant in some modules and non-constant in 451 // others. GV may even be a declaration, not a definition. 452 if (!GV->isConstant()) { 453 Visited.clear(); 454 return AliasAnalysis::pointsToConstantMemory(Loc, OrLocal); 455 } 456 continue; 457 } 458 459 // If both select values point to local memory, then so does the select. 460 if (const SelectInst *SI = dyn_cast<SelectInst>(V)) { 461 Worklist.push_back(SI->getTrueValue()); 462 Worklist.push_back(SI->getFalseValue()); 463 continue; 464 } 465 466 // If all values incoming to a phi node point to local memory, then so does 467 // the phi. 468 if (const PHINode *PN = dyn_cast<PHINode>(V)) { 469 // Don't bother inspecting phi nodes with many operands. 470 if (PN->getNumIncomingValues() > MaxLookup) { 471 Visited.clear(); 472 return AliasAnalysis::pointsToConstantMemory(Loc, OrLocal); 473 } 474 for (Value *IncValue : PN->incoming_values()) 475 Worklist.push_back(IncValue); 476 continue; 477 } 478 479 // Otherwise be conservative. 480 Visited.clear(); 481 return AliasAnalysis::pointsToConstantMemory(Loc, OrLocal); 482 483 } while (!Worklist.empty() && --MaxLookup); 484 485 Visited.clear(); 486 return Worklist.empty(); 487 } 488 489 // FIXME: This code is duplicated with MemoryLocation and should be hoisted to 490 // some common utility location. 491 static bool isMemsetPattern16(const Function *MS, 492 const TargetLibraryInfo &TLI) { 493 if (TLI.has(LibFunc::memset_pattern16) && 494 MS->getName() == "memset_pattern16") { 495 FunctionType *MemsetType = MS->getFunctionType(); 496 if (!MemsetType->isVarArg() && MemsetType->getNumParams() == 3 && 497 isa<PointerType>(MemsetType->getParamType(0)) && 498 isa<PointerType>(MemsetType->getParamType(1)) && 499 isa<IntegerType>(MemsetType->getParamType(2))) 500 return true; 501 } 502 503 return false; 504 } 505 506 /// Returns the behavior when calling the given call site. 507 FunctionModRefBehavior 508 BasicAliasAnalysis::getModRefBehavior(ImmutableCallSite CS) { 509 if (CS.doesNotAccessMemory()) 510 // Can't do better than this. 511 return FMRB_DoesNotAccessMemory; 512 513 FunctionModRefBehavior Min = FMRB_UnknownModRefBehavior; 514 515 // If the callsite knows it only reads memory, don't return worse 516 // than that. 517 if (CS.onlyReadsMemory()) 518 Min = FMRB_OnlyReadsMemory; 519 520 if (CS.onlyAccessesArgMemory()) 521 Min = FunctionModRefBehavior(Min & FMRB_OnlyAccessesArgumentPointees); 522 523 // The AliasAnalysis base class has some smarts, lets use them. 524 return FunctionModRefBehavior(AliasAnalysis::getModRefBehavior(CS) & Min); 525 } 526 527 /// Returns the behavior when calling the given function. For use when the call 528 /// site is not known. 529 FunctionModRefBehavior 530 BasicAliasAnalysis::getModRefBehavior(const Function *F) { 531 // If the function declares it doesn't access memory, we can't do better. 532 if (F->doesNotAccessMemory()) 533 return FMRB_DoesNotAccessMemory; 534 535 // For intrinsics, we can check the table. 536 if (Intrinsic::ID iid = F->getIntrinsicID()) { 537 #define GET_INTRINSIC_MODREF_BEHAVIOR 538 #include "llvm/IR/Intrinsics.gen" 539 #undef GET_INTRINSIC_MODREF_BEHAVIOR 540 } 541 542 FunctionModRefBehavior Min = FMRB_UnknownModRefBehavior; 543 544 // If the function declares it only reads memory, go with that. 545 if (F->onlyReadsMemory()) 546 Min = FMRB_OnlyReadsMemory; 547 548 if (F->onlyAccessesArgMemory()) 549 Min = FunctionModRefBehavior(Min & FMRB_OnlyAccessesArgumentPointees); 550 551 const TargetLibraryInfo &TLI = 552 getAnalysis<TargetLibraryInfoWrapperPass>().getTLI(); 553 if (isMemsetPattern16(F, TLI)) 554 Min = FMRB_OnlyAccessesArgumentPointees; 555 556 // Otherwise be conservative. 557 return FunctionModRefBehavior(AliasAnalysis::getModRefBehavior(F) & Min); 558 } 559 560 ModRefInfo BasicAliasAnalysis::getArgModRefInfo(ImmutableCallSite CS, 561 unsigned ArgIdx) { 562 if (const IntrinsicInst *II = dyn_cast<IntrinsicInst>(CS.getInstruction())) 563 switch (II->getIntrinsicID()) { 564 default: 565 break; 566 case Intrinsic::memset: 567 case Intrinsic::memcpy: 568 case Intrinsic::memmove: 569 assert((ArgIdx == 0 || ArgIdx == 1) && 570 "Invalid argument index for memory intrinsic"); 571 return ArgIdx ? MRI_Ref : MRI_Mod; 572 } 573 574 // We can bound the aliasing properties of memset_pattern16 just as we can 575 // for memcpy/memset. This is particularly important because the 576 // LoopIdiomRecognizer likes to turn loops into calls to memset_pattern16 577 // whenever possible. 578 if (CS.getCalledFunction() && 579 isMemsetPattern16(CS.getCalledFunction(), *TLI)) { 580 assert((ArgIdx == 0 || ArgIdx == 1) && 581 "Invalid argument index for memset_pattern16"); 582 return ArgIdx ? MRI_Ref : MRI_Mod; 583 } 584 // FIXME: Handle memset_pattern4 and memset_pattern8 also. 585 586 return AliasAnalysis::getArgModRefInfo(CS, ArgIdx); 587 } 588 589 static bool isAssumeIntrinsic(ImmutableCallSite CS) { 590 const IntrinsicInst *II = dyn_cast<IntrinsicInst>(CS.getInstruction()); 591 if (II && II->getIntrinsicID() == Intrinsic::assume) 592 return true; 593 594 return false; 595 } 596 597 bool BasicAliasAnalysis::doInitialization(Module &M) { 598 InitializeAliasAnalysis(this, &M.getDataLayout()); 599 return true; 600 } 601 602 /// Checks to see if the specified callsite can clobber the specified memory 603 /// object. 604 /// 605 /// Since we only look at local properties of this function, we really can't 606 /// say much about this query. We do, however, use simple "address taken" 607 /// analysis on local objects. 608 ModRefInfo BasicAliasAnalysis::getModRefInfo(ImmutableCallSite CS, 609 const MemoryLocation &Loc) { 610 assert(notDifferentParent(CS.getInstruction(), Loc.Ptr) && 611 "AliasAnalysis query involving multiple functions!"); 612 613 const Value *Object = GetUnderlyingObject(Loc.Ptr, *DL); 614 615 // If this is a tail call and Loc.Ptr points to a stack location, we know that 616 // the tail call cannot access or modify the local stack. 617 // We cannot exclude byval arguments here; these belong to the caller of 618 // the current function not to the current function, and a tail callee 619 // may reference them. 620 if (isa<AllocaInst>(Object)) 621 if (const CallInst *CI = dyn_cast<CallInst>(CS.getInstruction())) 622 if (CI->isTailCall()) 623 return MRI_NoModRef; 624 625 // If the pointer is to a locally allocated object that does not escape, 626 // then the call can not mod/ref the pointer unless the call takes the pointer 627 // as an argument, and itself doesn't capture it. 628 if (!isa<Constant>(Object) && CS.getInstruction() != Object && 629 isNonEscapingLocalObject(Object)) { 630 bool PassedAsArg = false; 631 unsigned ArgNo = 0; 632 for (ImmutableCallSite::arg_iterator CI = CS.arg_begin(), CE = CS.arg_end(); 633 CI != CE; ++CI, ++ArgNo) { 634 // Only look at the no-capture or byval pointer arguments. If this 635 // pointer were passed to arguments that were neither of these, then it 636 // couldn't be no-capture. 637 if (!(*CI)->getType()->isPointerTy() || 638 (!CS.doesNotCapture(ArgNo) && !CS.isByValArgument(ArgNo))) 639 continue; 640 641 // If this is a no-capture pointer argument, see if we can tell that it 642 // is impossible to alias the pointer we're checking. If not, we have to 643 // assume that the call could touch the pointer, even though it doesn't 644 // escape. 645 if (!isNoAlias(MemoryLocation(*CI), MemoryLocation(Object))) { 646 PassedAsArg = true; 647 break; 648 } 649 } 650 651 if (!PassedAsArg) 652 return MRI_NoModRef; 653 } 654 655 // While the assume intrinsic is marked as arbitrarily writing so that 656 // proper control dependencies will be maintained, it never aliases any 657 // particular memory location. 658 if (isAssumeIntrinsic(CS)) 659 return MRI_NoModRef; 660 661 // The AliasAnalysis base class has some smarts, lets use them. 662 return AliasAnalysis::getModRefInfo(CS, Loc); 663 } 664 665 ModRefInfo BasicAliasAnalysis::getModRefInfo(ImmutableCallSite CS1, 666 ImmutableCallSite CS2) { 667 // While the assume intrinsic is marked as arbitrarily writing so that 668 // proper control dependencies will be maintained, it never aliases any 669 // particular memory location. 670 if (isAssumeIntrinsic(CS1) || isAssumeIntrinsic(CS2)) 671 return MRI_NoModRef; 672 673 // The AliasAnalysis base class has some smarts, lets use them. 674 return AliasAnalysis::getModRefInfo(CS1, CS2); 675 } 676 677 /// Provide ad-hoc rules to disambiguate accesses through two GEP operators, 678 /// both having the exact same pointer operand. 679 static AliasResult aliasSameBasePointerGEPs(const GEPOperator *GEP1, 680 uint64_t V1Size, 681 const GEPOperator *GEP2, 682 uint64_t V2Size, 683 const DataLayout &DL) { 684 685 assert(GEP1->getPointerOperand() == GEP2->getPointerOperand() && 686 "Expected GEPs with the same pointer operand"); 687 688 // Try to determine whether GEP1 and GEP2 index through arrays, into structs, 689 // such that the struct field accesses provably cannot alias. 690 // We also need at least two indices (the pointer, and the struct field). 691 if (GEP1->getNumIndices() != GEP2->getNumIndices() || 692 GEP1->getNumIndices() < 2) 693 return MayAlias; 694 695 // If we don't know the size of the accesses through both GEPs, we can't 696 // determine whether the struct fields accessed can't alias. 697 if (V1Size == MemoryLocation::UnknownSize || 698 V2Size == MemoryLocation::UnknownSize) 699 return MayAlias; 700 701 ConstantInt *C1 = 702 dyn_cast<ConstantInt>(GEP1->getOperand(GEP1->getNumOperands() - 1)); 703 ConstantInt *C2 = 704 dyn_cast<ConstantInt>(GEP2->getOperand(GEP2->getNumOperands() - 1)); 705 706 // If the last (struct) indices aren't constants, we can't say anything. 707 // If they're identical, the other indices might be also be dynamically 708 // equal, so the GEPs can alias. 709 if (!C1 || !C2 || C1 == C2) 710 return MayAlias; 711 712 // Find the last-indexed type of the GEP, i.e., the type you'd get if 713 // you stripped the last index. 714 // On the way, look at each indexed type. If there's something other 715 // than an array, different indices can lead to different final types. 716 SmallVector<Value *, 8> IntermediateIndices; 717 718 // Insert the first index; we don't need to check the type indexed 719 // through it as it only drops the pointer indirection. 720 assert(GEP1->getNumIndices() > 1 && "Not enough GEP indices to examine"); 721 IntermediateIndices.push_back(GEP1->getOperand(1)); 722 723 // Insert all the remaining indices but the last one. 724 // Also, check that they all index through arrays. 725 for (unsigned i = 1, e = GEP1->getNumIndices() - 1; i != e; ++i) { 726 if (!isa<ArrayType>(GetElementPtrInst::getIndexedType( 727 GEP1->getSourceElementType(), IntermediateIndices))) 728 return MayAlias; 729 IntermediateIndices.push_back(GEP1->getOperand(i + 1)); 730 } 731 732 StructType *LastIndexedStruct = 733 dyn_cast<StructType>(GetElementPtrInst::getIndexedType( 734 GEP1->getSourceElementType(), IntermediateIndices)); 735 736 if (!LastIndexedStruct) 737 return MayAlias; 738 739 // We know that: 740 // - both GEPs begin indexing from the exact same pointer; 741 // - the last indices in both GEPs are constants, indexing into a struct; 742 // - said indices are different, hence, the pointed-to fields are different; 743 // - both GEPs only index through arrays prior to that. 744 // 745 // This lets us determine that the struct that GEP1 indexes into and the 746 // struct that GEP2 indexes into must either precisely overlap or be 747 // completely disjoint. Because they cannot partially overlap, indexing into 748 // different non-overlapping fields of the struct will never alias. 749 750 // Therefore, the only remaining thing needed to show that both GEPs can't 751 // alias is that the fields are not overlapping. 752 const StructLayout *SL = DL.getStructLayout(LastIndexedStruct); 753 const uint64_t StructSize = SL->getSizeInBytes(); 754 const uint64_t V1Off = SL->getElementOffset(C1->getZExtValue()); 755 const uint64_t V2Off = SL->getElementOffset(C2->getZExtValue()); 756 757 auto EltsDontOverlap = [StructSize](uint64_t V1Off, uint64_t V1Size, 758 uint64_t V2Off, uint64_t V2Size) { 759 return V1Off < V2Off && V1Off + V1Size <= V2Off && 760 ((V2Off + V2Size <= StructSize) || 761 (V2Off + V2Size - StructSize <= V1Off)); 762 }; 763 764 if (EltsDontOverlap(V1Off, V1Size, V2Off, V2Size) || 765 EltsDontOverlap(V2Off, V2Size, V1Off, V1Size)) 766 return NoAlias; 767 768 return MayAlias; 769 } 770 771 /// Provides a bunch of ad-hoc rules to disambiguate a GEP instruction against 772 /// another pointer. 773 /// 774 /// We know that V1 is a GEP, but we don't know anything about V2. 775 /// UnderlyingV1 is GetUnderlyingObject(GEP1, DL), UnderlyingV2 is the same for 776 /// V2. 777 AliasResult BasicAliasAnalysis::aliasGEP( 778 const GEPOperator *GEP1, uint64_t V1Size, const AAMDNodes &V1AAInfo, 779 const Value *V2, uint64_t V2Size, const AAMDNodes &V2AAInfo, 780 const Value *UnderlyingV1, const Value *UnderlyingV2) { 781 int64_t GEP1BaseOffset; 782 bool GEP1MaxLookupReached; 783 SmallVector<VariableGEPIndex, 4> GEP1VariableIndices; 784 785 // We have to get two AssumptionCaches here because GEP1 and V2 may be from 786 // different functions. 787 // FIXME: This really doesn't make any sense. We get a dominator tree below 788 // that can only refer to a single function. But this function (aliasGEP) is 789 // a method on an immutable pass that can be called when there *isn't* 790 // a single function. The old pass management layer makes this "work", but 791 // this isn't really a clean solution. 792 AssumptionCacheTracker &ACT = getAnalysis<AssumptionCacheTracker>(); 793 AssumptionCache *AC1 = nullptr, *AC2 = nullptr; 794 if (auto *GEP1I = dyn_cast<Instruction>(GEP1)) 795 AC1 = &ACT.getAssumptionCache( 796 const_cast<Function &>(*GEP1I->getParent()->getParent())); 797 if (auto *I2 = dyn_cast<Instruction>(V2)) 798 AC2 = &ACT.getAssumptionCache( 799 const_cast<Function &>(*I2->getParent()->getParent())); 800 801 DominatorTreeWrapperPass *DTWP = 802 getAnalysisIfAvailable<DominatorTreeWrapperPass>(); 803 DominatorTree *DT = DTWP ? &DTWP->getDomTree() : nullptr; 804 805 // If we have two gep instructions with must-alias or not-alias'ing base 806 // pointers, figure out if the indexes to the GEP tell us anything about the 807 // derived pointer. 808 if (const GEPOperator *GEP2 = dyn_cast<GEPOperator>(V2)) { 809 // Do the base pointers alias? 810 AliasResult BaseAlias = 811 aliasCheck(UnderlyingV1, MemoryLocation::UnknownSize, AAMDNodes(), 812 UnderlyingV2, MemoryLocation::UnknownSize, AAMDNodes()); 813 814 // Check for geps of non-aliasing underlying pointers where the offsets are 815 // identical. 816 if ((BaseAlias == MayAlias) && V1Size == V2Size) { 817 // Do the base pointers alias assuming type and size. 818 AliasResult PreciseBaseAlias = aliasCheck(UnderlyingV1, V1Size, V1AAInfo, 819 UnderlyingV2, V2Size, V2AAInfo); 820 if (PreciseBaseAlias == NoAlias) { 821 // See if the computed offset from the common pointer tells us about the 822 // relation of the resulting pointer. 823 int64_t GEP2BaseOffset; 824 bool GEP2MaxLookupReached; 825 SmallVector<VariableGEPIndex, 4> GEP2VariableIndices; 826 const Value *GEP2BasePtr = 827 DecomposeGEPExpression(GEP2, GEP2BaseOffset, GEP2VariableIndices, 828 GEP2MaxLookupReached, *DL, AC2, DT); 829 const Value *GEP1BasePtr = 830 DecomposeGEPExpression(GEP1, GEP1BaseOffset, GEP1VariableIndices, 831 GEP1MaxLookupReached, *DL, AC1, DT); 832 // DecomposeGEPExpression and GetUnderlyingObject should return the 833 // same result except when DecomposeGEPExpression has no DataLayout. 834 if (GEP1BasePtr != UnderlyingV1 || GEP2BasePtr != UnderlyingV2) { 835 assert(!DL && 836 "DecomposeGEPExpression and GetUnderlyingObject disagree!"); 837 return MayAlias; 838 } 839 // If the max search depth is reached the result is undefined 840 if (GEP2MaxLookupReached || GEP1MaxLookupReached) 841 return MayAlias; 842 843 // Same offsets. 844 if (GEP1BaseOffset == GEP2BaseOffset && 845 GEP1VariableIndices == GEP2VariableIndices) 846 return NoAlias; 847 GEP1VariableIndices.clear(); 848 } 849 } 850 851 // If we get a No or May, then return it immediately, no amount of analysis 852 // will improve this situation. 853 if (BaseAlias != MustAlias) 854 return BaseAlias; 855 856 // Otherwise, we have a MustAlias. Since the base pointers alias each other 857 // exactly, see if the computed offset from the common pointer tells us 858 // about the relation of the resulting pointer. 859 const Value *GEP1BasePtr = 860 DecomposeGEPExpression(GEP1, GEP1BaseOffset, GEP1VariableIndices, 861 GEP1MaxLookupReached, *DL, AC1, DT); 862 863 int64_t GEP2BaseOffset; 864 bool GEP2MaxLookupReached; 865 SmallVector<VariableGEPIndex, 4> GEP2VariableIndices; 866 const Value *GEP2BasePtr = 867 DecomposeGEPExpression(GEP2, GEP2BaseOffset, GEP2VariableIndices, 868 GEP2MaxLookupReached, *DL, AC2, DT); 869 870 // DecomposeGEPExpression and GetUnderlyingObject should return the 871 // same result except when DecomposeGEPExpression has no DataLayout. 872 if (GEP1BasePtr != UnderlyingV1 || GEP2BasePtr != UnderlyingV2) { 873 assert(!DL && "DecomposeGEPExpression and GetUnderlyingObject disagree!"); 874 return MayAlias; 875 } 876 877 // If we know the two GEPs are based off of the exact same pointer (and not 878 // just the same underlying object), see if that tells us anything about 879 // the resulting pointers. 880 if (DL && GEP1->getPointerOperand() == GEP2->getPointerOperand()) { 881 AliasResult R = aliasSameBasePointerGEPs(GEP1, V1Size, GEP2, V2Size, *DL); 882 // If we couldn't find anything interesting, don't abandon just yet. 883 if (R != MayAlias) 884 return R; 885 } 886 887 // If the max search depth is reached the result is undefined 888 if (GEP2MaxLookupReached || GEP1MaxLookupReached) 889 return MayAlias; 890 891 // Subtract the GEP2 pointer from the GEP1 pointer to find out their 892 // symbolic difference. 893 GEP1BaseOffset -= GEP2BaseOffset; 894 GetIndexDifference(GEP1VariableIndices, GEP2VariableIndices); 895 896 } else { 897 // Check to see if these two pointers are related by the getelementptr 898 // instruction. If one pointer is a GEP with a non-zero index of the other 899 // pointer, we know they cannot alias. 900 901 // If both accesses are unknown size, we can't do anything useful here. 902 if (V1Size == MemoryLocation::UnknownSize && 903 V2Size == MemoryLocation::UnknownSize) 904 return MayAlias; 905 906 AliasResult R = aliasCheck(UnderlyingV1, MemoryLocation::UnknownSize, 907 AAMDNodes(), V2, V2Size, V2AAInfo); 908 if (R != MustAlias) 909 // If V2 may alias GEP base pointer, conservatively returns MayAlias. 910 // If V2 is known not to alias GEP base pointer, then the two values 911 // cannot alias per GEP semantics: "A pointer value formed from a 912 // getelementptr instruction is associated with the addresses associated 913 // with the first operand of the getelementptr". 914 return R; 915 916 const Value *GEP1BasePtr = 917 DecomposeGEPExpression(GEP1, GEP1BaseOffset, GEP1VariableIndices, 918 GEP1MaxLookupReached, *DL, AC1, DT); 919 920 // DecomposeGEPExpression and GetUnderlyingObject should return the 921 // same result except when DecomposeGEPExpression has no DataLayout. 922 if (GEP1BasePtr != UnderlyingV1) { 923 assert(!DL && "DecomposeGEPExpression and GetUnderlyingObject disagree!"); 924 return MayAlias; 925 } 926 // If the max search depth is reached the result is undefined 927 if (GEP1MaxLookupReached) 928 return MayAlias; 929 } 930 931 // In the two GEP Case, if there is no difference in the offsets of the 932 // computed pointers, the resultant pointers are a must alias. This 933 // hapens when we have two lexically identical GEP's (for example). 934 // 935 // In the other case, if we have getelementptr <ptr>, 0, 0, 0, 0, ... and V2 936 // must aliases the GEP, the end result is a must alias also. 937 if (GEP1BaseOffset == 0 && GEP1VariableIndices.empty()) 938 return MustAlias; 939 940 // If there is a constant difference between the pointers, but the difference 941 // is less than the size of the associated memory object, then we know 942 // that the objects are partially overlapping. If the difference is 943 // greater, we know they do not overlap. 944 if (GEP1BaseOffset != 0 && GEP1VariableIndices.empty()) { 945 if (GEP1BaseOffset >= 0) { 946 if (V2Size != MemoryLocation::UnknownSize) { 947 if ((uint64_t)GEP1BaseOffset < V2Size) 948 return PartialAlias; 949 return NoAlias; 950 } 951 } else { 952 // We have the situation where: 953 // + + 954 // | BaseOffset | 955 // ---------------->| 956 // |-->V1Size |-------> V2Size 957 // GEP1 V2 958 // We need to know that V2Size is not unknown, otherwise we might have 959 // stripped a gep with negative index ('gep <ptr>, -1, ...). 960 if (V1Size != MemoryLocation::UnknownSize && 961 V2Size != MemoryLocation::UnknownSize) { 962 if (-(uint64_t)GEP1BaseOffset < V1Size) 963 return PartialAlias; 964 return NoAlias; 965 } 966 } 967 } 968 969 if (!GEP1VariableIndices.empty()) { 970 uint64_t Modulo = 0; 971 bool AllPositive = true; 972 for (unsigned i = 0, e = GEP1VariableIndices.size(); i != e; ++i) { 973 974 // Try to distinguish something like &A[i][1] against &A[42][0]. 975 // Grab the least significant bit set in any of the scales. We 976 // don't need std::abs here (even if the scale's negative) as we'll 977 // be ^'ing Modulo with itself later. 978 Modulo |= (uint64_t)GEP1VariableIndices[i].Scale; 979 980 if (AllPositive) { 981 // If the Value could change between cycles, then any reasoning about 982 // the Value this cycle may not hold in the next cycle. We'll just 983 // give up if we can't determine conditions that hold for every cycle: 984 const Value *V = GEP1VariableIndices[i].V; 985 986 bool SignKnownZero, SignKnownOne; 987 ComputeSignBit(const_cast<Value *>(V), SignKnownZero, SignKnownOne, *DL, 988 0, AC1, nullptr, DT); 989 990 // Zero-extension widens the variable, and so forces the sign 991 // bit to zero. 992 bool IsZExt = GEP1VariableIndices[i].Extension == EK_ZeroExt; 993 SignKnownZero |= IsZExt; 994 SignKnownOne &= !IsZExt; 995 996 // If the variable begins with a zero then we know it's 997 // positive, regardless of whether the value is signed or 998 // unsigned. 999 int64_t Scale = GEP1VariableIndices[i].Scale; 1000 AllPositive = 1001 (SignKnownZero && Scale >= 0) || (SignKnownOne && Scale < 0); 1002 } 1003 } 1004 1005 Modulo = Modulo ^ (Modulo & (Modulo - 1)); 1006 1007 // We can compute the difference between the two addresses 1008 // mod Modulo. Check whether that difference guarantees that the 1009 // two locations do not alias. 1010 uint64_t ModOffset = (uint64_t)GEP1BaseOffset & (Modulo - 1); 1011 if (V1Size != MemoryLocation::UnknownSize && 1012 V2Size != MemoryLocation::UnknownSize && ModOffset >= V2Size && 1013 V1Size <= Modulo - ModOffset) 1014 return NoAlias; 1015 1016 // If we know all the variables are positive, then GEP1 >= GEP1BasePtr. 1017 // If GEP1BasePtr > V2 (GEP1BaseOffset > 0) then we know the pointers 1018 // don't alias if V2Size can fit in the gap between V2 and GEP1BasePtr. 1019 if (AllPositive && GEP1BaseOffset > 0 && V2Size <= (uint64_t)GEP1BaseOffset) 1020 return NoAlias; 1021 } 1022 1023 // Statically, we can see that the base objects are the same, but the 1024 // pointers have dynamic offsets which we can't resolve. And none of our 1025 // little tricks above worked. 1026 // 1027 // TODO: Returning PartialAlias instead of MayAlias is a mild hack; the 1028 // practical effect of this is protecting TBAA in the case of dynamic 1029 // indices into arrays of unions or malloc'd memory. 1030 return PartialAlias; 1031 } 1032 1033 static AliasResult MergeAliasResults(AliasResult A, AliasResult B) { 1034 // If the results agree, take it. 1035 if (A == B) 1036 return A; 1037 // A mix of PartialAlias and MustAlias is PartialAlias. 1038 if ((A == PartialAlias && B == MustAlias) || 1039 (B == PartialAlias && A == MustAlias)) 1040 return PartialAlias; 1041 // Otherwise, we don't know anything. 1042 return MayAlias; 1043 } 1044 1045 /// Provides a bunch of ad-hoc rules to disambiguate a Select instruction 1046 /// against another. 1047 AliasResult BasicAliasAnalysis::aliasSelect(const SelectInst *SI, 1048 uint64_t SISize, 1049 const AAMDNodes &SIAAInfo, 1050 const Value *V2, uint64_t V2Size, 1051 const AAMDNodes &V2AAInfo) { 1052 // If the values are Selects with the same condition, we can do a more precise 1053 // check: just check for aliases between the values on corresponding arms. 1054 if (const SelectInst *SI2 = dyn_cast<SelectInst>(V2)) 1055 if (SI->getCondition() == SI2->getCondition()) { 1056 AliasResult Alias = aliasCheck(SI->getTrueValue(), SISize, SIAAInfo, 1057 SI2->getTrueValue(), V2Size, V2AAInfo); 1058 if (Alias == MayAlias) 1059 return MayAlias; 1060 AliasResult ThisAlias = 1061 aliasCheck(SI->getFalseValue(), SISize, SIAAInfo, 1062 SI2->getFalseValue(), V2Size, V2AAInfo); 1063 return MergeAliasResults(ThisAlias, Alias); 1064 } 1065 1066 // If both arms of the Select node NoAlias or MustAlias V2, then returns 1067 // NoAlias / MustAlias. Otherwise, returns MayAlias. 1068 AliasResult Alias = 1069 aliasCheck(V2, V2Size, V2AAInfo, SI->getTrueValue(), SISize, SIAAInfo); 1070 if (Alias == MayAlias) 1071 return MayAlias; 1072 1073 AliasResult ThisAlias = 1074 aliasCheck(V2, V2Size, V2AAInfo, SI->getFalseValue(), SISize, SIAAInfo); 1075 return MergeAliasResults(ThisAlias, Alias); 1076 } 1077 1078 /// Provide a bunch of ad-hoc rules to disambiguate a PHI instruction against 1079 /// another. 1080 AliasResult BasicAliasAnalysis::aliasPHI(const PHINode *PN, uint64_t PNSize, 1081 const AAMDNodes &PNAAInfo, 1082 const Value *V2, uint64_t V2Size, 1083 const AAMDNodes &V2AAInfo) { 1084 // Track phi nodes we have visited. We use this information when we determine 1085 // value equivalence. 1086 VisitedPhiBBs.insert(PN->getParent()); 1087 1088 // If the values are PHIs in the same block, we can do a more precise 1089 // as well as efficient check: just check for aliases between the values 1090 // on corresponding edges. 1091 if (const PHINode *PN2 = dyn_cast<PHINode>(V2)) 1092 if (PN2->getParent() == PN->getParent()) { 1093 LocPair Locs(MemoryLocation(PN, PNSize, PNAAInfo), 1094 MemoryLocation(V2, V2Size, V2AAInfo)); 1095 if (PN > V2) 1096 std::swap(Locs.first, Locs.second); 1097 // Analyse the PHIs' inputs under the assumption that the PHIs are 1098 // NoAlias. 1099 // If the PHIs are May/MustAlias there must be (recursively) an input 1100 // operand from outside the PHIs' cycle that is MayAlias/MustAlias or 1101 // there must be an operation on the PHIs within the PHIs' value cycle 1102 // that causes a MayAlias. 1103 // Pretend the phis do not alias. 1104 AliasResult Alias = NoAlias; 1105 assert(AliasCache.count(Locs) && 1106 "There must exist an entry for the phi node"); 1107 AliasResult OrigAliasResult = AliasCache[Locs]; 1108 AliasCache[Locs] = NoAlias; 1109 1110 for (unsigned i = 0, e = PN->getNumIncomingValues(); i != e; ++i) { 1111 AliasResult ThisAlias = 1112 aliasCheck(PN->getIncomingValue(i), PNSize, PNAAInfo, 1113 PN2->getIncomingValueForBlock(PN->getIncomingBlock(i)), 1114 V2Size, V2AAInfo); 1115 Alias = MergeAliasResults(ThisAlias, Alias); 1116 if (Alias == MayAlias) 1117 break; 1118 } 1119 1120 // Reset if speculation failed. 1121 if (Alias != NoAlias) 1122 AliasCache[Locs] = OrigAliasResult; 1123 1124 return Alias; 1125 } 1126 1127 SmallPtrSet<Value *, 4> UniqueSrc; 1128 SmallVector<Value *, 4> V1Srcs; 1129 bool isRecursive = false; 1130 for (Value *PV1 : PN->incoming_values()) { 1131 if (isa<PHINode>(PV1)) 1132 // If any of the source itself is a PHI, return MayAlias conservatively 1133 // to avoid compile time explosion. The worst possible case is if both 1134 // sides are PHI nodes. In which case, this is O(m x n) time where 'm' 1135 // and 'n' are the number of PHI sources. 1136 return MayAlias; 1137 1138 if (EnableRecPhiAnalysis) 1139 if (GEPOperator *PV1GEP = dyn_cast<GEPOperator>(PV1)) { 1140 // Check whether the incoming value is a GEP that advances the pointer 1141 // result of this PHI node (e.g. in a loop). If this is the case, we 1142 // would recurse and always get a MayAlias. Handle this case specially 1143 // below. 1144 if (PV1GEP->getPointerOperand() == PN && PV1GEP->getNumIndices() == 1 && 1145 isa<ConstantInt>(PV1GEP->idx_begin())) { 1146 isRecursive = true; 1147 continue; 1148 } 1149 } 1150 1151 if (UniqueSrc.insert(PV1).second) 1152 V1Srcs.push_back(PV1); 1153 } 1154 1155 // If this PHI node is recursive, set the size of the accessed memory to 1156 // unknown to represent all the possible values the GEP could advance the 1157 // pointer to. 1158 if (isRecursive) 1159 PNSize = MemoryLocation::UnknownSize; 1160 1161 AliasResult Alias = 1162 aliasCheck(V2, V2Size, V2AAInfo, V1Srcs[0], PNSize, PNAAInfo); 1163 1164 // Early exit if the check of the first PHI source against V2 is MayAlias. 1165 // Other results are not possible. 1166 if (Alias == MayAlias) 1167 return MayAlias; 1168 1169 // If all sources of the PHI node NoAlias or MustAlias V2, then returns 1170 // NoAlias / MustAlias. Otherwise, returns MayAlias. 1171 for (unsigned i = 1, e = V1Srcs.size(); i != e; ++i) { 1172 Value *V = V1Srcs[i]; 1173 1174 AliasResult ThisAlias = 1175 aliasCheck(V2, V2Size, V2AAInfo, V, PNSize, PNAAInfo); 1176 Alias = MergeAliasResults(ThisAlias, Alias); 1177 if (Alias == MayAlias) 1178 break; 1179 } 1180 1181 return Alias; 1182 } 1183 1184 /// Provideis a bunch of ad-hoc rules to disambiguate in common cases, such as 1185 /// array references. 1186 AliasResult BasicAliasAnalysis::aliasCheck(const Value *V1, uint64_t V1Size, 1187 AAMDNodes V1AAInfo, const Value *V2, 1188 uint64_t V2Size, 1189 AAMDNodes V2AAInfo) { 1190 // If either of the memory references is empty, it doesn't matter what the 1191 // pointer values are. 1192 if (V1Size == 0 || V2Size == 0) 1193 return NoAlias; 1194 1195 // Strip off any casts if they exist. 1196 V1 = V1->stripPointerCasts(); 1197 V2 = V2->stripPointerCasts(); 1198 1199 // If V1 or V2 is undef, the result is NoAlias because we can always pick a 1200 // value for undef that aliases nothing in the program. 1201 if (isa<UndefValue>(V1) || isa<UndefValue>(V2)) 1202 return NoAlias; 1203 1204 // Are we checking for alias of the same value? 1205 // Because we look 'through' phi nodes we could look at "Value" pointers from 1206 // different iterations. We must therefore make sure that this is not the 1207 // case. The function isValueEqualInPotentialCycles ensures that this cannot 1208 // happen by looking at the visited phi nodes and making sure they cannot 1209 // reach the value. 1210 if (isValueEqualInPotentialCycles(V1, V2)) 1211 return MustAlias; 1212 1213 if (!V1->getType()->isPointerTy() || !V2->getType()->isPointerTy()) 1214 return NoAlias; // Scalars cannot alias each other 1215 1216 // Figure out what objects these things are pointing to if we can. 1217 const Value *O1 = GetUnderlyingObject(V1, *DL, MaxLookupSearchDepth); 1218 const Value *O2 = GetUnderlyingObject(V2, *DL, MaxLookupSearchDepth); 1219 1220 // Null values in the default address space don't point to any object, so they 1221 // don't alias any other pointer. 1222 if (const ConstantPointerNull *CPN = dyn_cast<ConstantPointerNull>(O1)) 1223 if (CPN->getType()->getAddressSpace() == 0) 1224 return NoAlias; 1225 if (const ConstantPointerNull *CPN = dyn_cast<ConstantPointerNull>(O2)) 1226 if (CPN->getType()->getAddressSpace() == 0) 1227 return NoAlias; 1228 1229 if (O1 != O2) { 1230 // If V1/V2 point to two different objects we know that we have no alias. 1231 if (isIdentifiedObject(O1) && isIdentifiedObject(O2)) 1232 return NoAlias; 1233 1234 // Constant pointers can't alias with non-const isIdentifiedObject objects. 1235 if ((isa<Constant>(O1) && isIdentifiedObject(O2) && !isa<Constant>(O2)) || 1236 (isa<Constant>(O2) && isIdentifiedObject(O1) && !isa<Constant>(O1))) 1237 return NoAlias; 1238 1239 // Function arguments can't alias with things that are known to be 1240 // unambigously identified at the function level. 1241 if ((isa<Argument>(O1) && isIdentifiedFunctionLocal(O2)) || 1242 (isa<Argument>(O2) && isIdentifiedFunctionLocal(O1))) 1243 return NoAlias; 1244 1245 // Most objects can't alias null. 1246 if ((isa<ConstantPointerNull>(O2) && isKnownNonNull(O1)) || 1247 (isa<ConstantPointerNull>(O1) && isKnownNonNull(O2))) 1248 return NoAlias; 1249 1250 // If one pointer is the result of a call/invoke or load and the other is a 1251 // non-escaping local object within the same function, then we know the 1252 // object couldn't escape to a point where the call could return it. 1253 // 1254 // Note that if the pointers are in different functions, there are a 1255 // variety of complications. A call with a nocapture argument may still 1256 // temporary store the nocapture argument's value in a temporary memory 1257 // location if that memory location doesn't escape. Or it may pass a 1258 // nocapture value to other functions as long as they don't capture it. 1259 if (isEscapeSource(O1) && isNonEscapingLocalObject(O2)) 1260 return NoAlias; 1261 if (isEscapeSource(O2) && isNonEscapingLocalObject(O1)) 1262 return NoAlias; 1263 } 1264 1265 // If the size of one access is larger than the entire object on the other 1266 // side, then we know such behavior is undefined and can assume no alias. 1267 if (DL) 1268 if ((V1Size != MemoryLocation::UnknownSize && 1269 isObjectSmallerThan(O2, V1Size, *DL, *TLI)) || 1270 (V2Size != MemoryLocation::UnknownSize && 1271 isObjectSmallerThan(O1, V2Size, *DL, *TLI))) 1272 return NoAlias; 1273 1274 // Check the cache before climbing up use-def chains. This also terminates 1275 // otherwise infinitely recursive queries. 1276 LocPair Locs(MemoryLocation(V1, V1Size, V1AAInfo), 1277 MemoryLocation(V2, V2Size, V2AAInfo)); 1278 if (V1 > V2) 1279 std::swap(Locs.first, Locs.second); 1280 std::pair<AliasCacheTy::iterator, bool> Pair = 1281 AliasCache.insert(std::make_pair(Locs, MayAlias)); 1282 if (!Pair.second) 1283 return Pair.first->second; 1284 1285 // FIXME: This isn't aggressively handling alias(GEP, PHI) for example: if the 1286 // GEP can't simplify, we don't even look at the PHI cases. 1287 if (!isa<GEPOperator>(V1) && isa<GEPOperator>(V2)) { 1288 std::swap(V1, V2); 1289 std::swap(V1Size, V2Size); 1290 std::swap(O1, O2); 1291 std::swap(V1AAInfo, V2AAInfo); 1292 } 1293 if (const GEPOperator *GV1 = dyn_cast<GEPOperator>(V1)) { 1294 AliasResult Result = 1295 aliasGEP(GV1, V1Size, V1AAInfo, V2, V2Size, V2AAInfo, O1, O2); 1296 if (Result != MayAlias) 1297 return AliasCache[Locs] = Result; 1298 } 1299 1300 if (isa<PHINode>(V2) && !isa<PHINode>(V1)) { 1301 std::swap(V1, V2); 1302 std::swap(V1Size, V2Size); 1303 std::swap(V1AAInfo, V2AAInfo); 1304 } 1305 if (const PHINode *PN = dyn_cast<PHINode>(V1)) { 1306 AliasResult Result = aliasPHI(PN, V1Size, V1AAInfo, V2, V2Size, V2AAInfo); 1307 if (Result != MayAlias) 1308 return AliasCache[Locs] = Result; 1309 } 1310 1311 if (isa<SelectInst>(V2) && !isa<SelectInst>(V1)) { 1312 std::swap(V1, V2); 1313 std::swap(V1Size, V2Size); 1314 std::swap(V1AAInfo, V2AAInfo); 1315 } 1316 if (const SelectInst *S1 = dyn_cast<SelectInst>(V1)) { 1317 AliasResult Result = 1318 aliasSelect(S1, V1Size, V1AAInfo, V2, V2Size, V2AAInfo); 1319 if (Result != MayAlias) 1320 return AliasCache[Locs] = Result; 1321 } 1322 1323 // If both pointers are pointing into the same object and one of them 1324 // accesses is accessing the entire object, then the accesses must 1325 // overlap in some way. 1326 if (DL && O1 == O2) 1327 if ((V1Size != MemoryLocation::UnknownSize && 1328 isObjectSize(O1, V1Size, *DL, *TLI)) || 1329 (V2Size != MemoryLocation::UnknownSize && 1330 isObjectSize(O2, V2Size, *DL, *TLI))) 1331 return AliasCache[Locs] = PartialAlias; 1332 1333 AliasResult Result = 1334 AliasAnalysis::alias(MemoryLocation(V1, V1Size, V1AAInfo), 1335 MemoryLocation(V2, V2Size, V2AAInfo)); 1336 return AliasCache[Locs] = Result; 1337 } 1338 1339 /// Check whether two Values can be considered equivalent. 1340 /// 1341 /// In addition to pointer equivalence of \p V1 and \p V2 this checks whether 1342 /// they can not be part of a cycle in the value graph by looking at all 1343 /// visited phi nodes an making sure that the phis cannot reach the value. We 1344 /// have to do this because we are looking through phi nodes (That is we say 1345 /// noalias(V, phi(VA, VB)) if noalias(V, VA) and noalias(V, VB). 1346 bool BasicAliasAnalysis::isValueEqualInPotentialCycles(const Value *V, 1347 const Value *V2) { 1348 if (V != V2) 1349 return false; 1350 1351 const Instruction *Inst = dyn_cast<Instruction>(V); 1352 if (!Inst) 1353 return true; 1354 1355 if (VisitedPhiBBs.empty()) 1356 return true; 1357 1358 if (VisitedPhiBBs.size() > MaxNumPhiBBsValueReachabilityCheck) 1359 return false; 1360 1361 // Use dominance or loop info if available. 1362 DominatorTreeWrapperPass *DTWP = 1363 getAnalysisIfAvailable<DominatorTreeWrapperPass>(); 1364 DominatorTree *DT = DTWP ? &DTWP->getDomTree() : nullptr; 1365 auto *LIWP = getAnalysisIfAvailable<LoopInfoWrapperPass>(); 1366 LoopInfo *LI = LIWP ? &LIWP->getLoopInfo() : nullptr; 1367 1368 // Make sure that the visited phis cannot reach the Value. This ensures that 1369 // the Values cannot come from different iterations of a potential cycle the 1370 // phi nodes could be involved in. 1371 for (auto *P : VisitedPhiBBs) 1372 if (isPotentiallyReachable(P->begin(), Inst, DT, LI)) 1373 return false; 1374 1375 return true; 1376 } 1377 1378 /// Computes the symbolic difference between two de-composed GEPs. 1379 /// 1380 /// Dest and Src are the variable indices from two decomposed GetElementPtr 1381 /// instructions GEP1 and GEP2 which have common base pointers. 1382 void BasicAliasAnalysis::GetIndexDifference( 1383 SmallVectorImpl<VariableGEPIndex> &Dest, 1384 const SmallVectorImpl<VariableGEPIndex> &Src) { 1385 if (Src.empty()) 1386 return; 1387 1388 for (unsigned i = 0, e = Src.size(); i != e; ++i) { 1389 const Value *V = Src[i].V; 1390 ExtensionKind Extension = Src[i].Extension; 1391 int64_t Scale = Src[i].Scale; 1392 1393 // Find V in Dest. This is N^2, but pointer indices almost never have more 1394 // than a few variable indexes. 1395 for (unsigned j = 0, e = Dest.size(); j != e; ++j) { 1396 if (!isValueEqualInPotentialCycles(Dest[j].V, V) || 1397 Dest[j].Extension != Extension) 1398 continue; 1399 1400 // If we found it, subtract off Scale V's from the entry in Dest. If it 1401 // goes to zero, remove the entry. 1402 if (Dest[j].Scale != Scale) 1403 Dest[j].Scale -= Scale; 1404 else 1405 Dest.erase(Dest.begin() + j); 1406 Scale = 0; 1407 break; 1408 } 1409 1410 // If we didn't consume this entry, add it to the end of the Dest list. 1411 if (Scale) { 1412 VariableGEPIndex Entry = {V, Extension, -Scale}; 1413 Dest.push_back(Entry); 1414 } 1415 } 1416 } 1417