1 //===- MemoryLocation.cpp - Memory location descriptions -------------------==// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 9 #include "llvm/Analysis/MemoryLocation.h" 10 #include "llvm/Analysis/TargetLibraryInfo.h" 11 #include "llvm/IR/BasicBlock.h" 12 #include "llvm/IR/DataLayout.h" 13 #include "llvm/IR/Instructions.h" 14 #include "llvm/IR/IntrinsicInst.h" 15 #include "llvm/IR/IntrinsicsARM.h" 16 #include "llvm/IR/LLVMContext.h" 17 #include "llvm/IR/Module.h" 18 #include "llvm/IR/Type.h" 19 using namespace llvm; 20 21 void LocationSize::print(raw_ostream &OS) const { 22 OS << "LocationSize::"; 23 if (*this == beforeOrAfterPointer()) 24 OS << "beforeOrAfterPointer"; 25 else if (*this == afterPointer()) 26 OS << "afterPointer"; 27 else if (*this == mapEmpty()) 28 OS << "mapEmpty"; 29 else if (*this == mapTombstone()) 30 OS << "mapTombstone"; 31 else if (isPrecise()) 32 OS << "precise(" << getValue() << ')'; 33 else 34 OS << "upperBound(" << getValue() << ')'; 35 } 36 37 MemoryLocation MemoryLocation::get(const LoadInst *LI) { 38 const auto &DL = LI->getModule()->getDataLayout(); 39 40 return MemoryLocation( 41 LI->getPointerOperand(), 42 LocationSize::precise(DL.getTypeStoreSize(LI->getType())), 43 LI->getAAMetadata()); 44 } 45 46 MemoryLocation MemoryLocation::get(const StoreInst *SI) { 47 const auto &DL = SI->getModule()->getDataLayout(); 48 49 return MemoryLocation(SI->getPointerOperand(), 50 LocationSize::precise(DL.getTypeStoreSize( 51 SI->getValueOperand()->getType())), 52 SI->getAAMetadata()); 53 } 54 55 MemoryLocation MemoryLocation::get(const VAArgInst *VI) { 56 return MemoryLocation(VI->getPointerOperand(), 57 LocationSize::afterPointer(), VI->getAAMetadata()); 58 } 59 60 MemoryLocation MemoryLocation::get(const AtomicCmpXchgInst *CXI) { 61 const auto &DL = CXI->getModule()->getDataLayout(); 62 63 return MemoryLocation(CXI->getPointerOperand(), 64 LocationSize::precise(DL.getTypeStoreSize( 65 CXI->getCompareOperand()->getType())), 66 CXI->getAAMetadata()); 67 } 68 69 MemoryLocation MemoryLocation::get(const AtomicRMWInst *RMWI) { 70 const auto &DL = RMWI->getModule()->getDataLayout(); 71 72 return MemoryLocation(RMWI->getPointerOperand(), 73 LocationSize::precise(DL.getTypeStoreSize( 74 RMWI->getValOperand()->getType())), 75 RMWI->getAAMetadata()); 76 } 77 78 Optional<MemoryLocation> MemoryLocation::getOrNone(const Instruction *Inst) { 79 switch (Inst->getOpcode()) { 80 case Instruction::Load: 81 return get(cast<LoadInst>(Inst)); 82 case Instruction::Store: 83 return get(cast<StoreInst>(Inst)); 84 case Instruction::VAArg: 85 return get(cast<VAArgInst>(Inst)); 86 case Instruction::AtomicCmpXchg: 87 return get(cast<AtomicCmpXchgInst>(Inst)); 88 case Instruction::AtomicRMW: 89 return get(cast<AtomicRMWInst>(Inst)); 90 default: 91 return None; 92 } 93 } 94 95 MemoryLocation MemoryLocation::getForSource(const MemTransferInst *MTI) { 96 return getForSource(cast<AnyMemTransferInst>(MTI)); 97 } 98 99 MemoryLocation MemoryLocation::getForSource(const AtomicMemTransferInst *MTI) { 100 return getForSource(cast<AnyMemTransferInst>(MTI)); 101 } 102 103 MemoryLocation MemoryLocation::getForSource(const AnyMemTransferInst *MTI) { 104 assert(MTI->getRawSource() == MTI->getArgOperand(1)); 105 return getForArgument(MTI, 1, nullptr); 106 } 107 108 MemoryLocation MemoryLocation::getForDest(const MemIntrinsic *MI) { 109 return getForDest(cast<AnyMemIntrinsic>(MI)); 110 } 111 112 MemoryLocation MemoryLocation::getForDest(const AtomicMemIntrinsic *MI) { 113 return getForDest(cast<AnyMemIntrinsic>(MI)); 114 } 115 116 MemoryLocation MemoryLocation::getForDest(const AnyMemIntrinsic *MI) { 117 assert(MI->getRawDest() == MI->getArgOperand(0)); 118 return getForArgument(MI, 0, nullptr); 119 } 120 121 Optional<MemoryLocation> 122 MemoryLocation::getForDest(const CallBase *CB, const TargetLibraryInfo &TLI) { 123 if (const IntrinsicInst *II = dyn_cast<IntrinsicInst>(CB)) { 124 if (auto *MemInst = dyn_cast<AnyMemIntrinsic>(CB)) 125 return getForDest(MemInst); 126 127 switch (II->getIntrinsicID()) { 128 default: 129 return None; 130 case Intrinsic::init_trampoline: 131 return MemoryLocation::getForArgument(CB, 0, TLI); 132 case Intrinsic::masked_store: 133 return MemoryLocation::getForArgument(CB, 1, TLI); 134 } 135 } 136 137 LibFunc LF; 138 if (TLI.getLibFunc(*CB, LF) && TLI.has(LF)) { 139 switch (LF) { 140 case LibFunc_strncpy: 141 case LibFunc_strcpy: 142 case LibFunc_strcat: 143 case LibFunc_strncat: 144 return getForArgument(CB, 0, &TLI); 145 default: 146 break; 147 } 148 } 149 150 if (!CB->onlyAccessesArgMemory()) 151 return None; 152 153 if (CB->hasOperandBundles()) 154 // TODO: remove implementation restriction 155 return None; 156 157 Value *UsedV = nullptr; 158 Optional<unsigned> UsedIdx; 159 for (unsigned i = 0; i < CB->arg_size(); i++) { 160 if (!CB->getArgOperand(i)->getType()->isPointerTy()) 161 continue; 162 if (!CB->doesNotCapture(i)) 163 // capture would allow the address to be read back in an untracked manner 164 return None; 165 if (CB->onlyReadsMemory(i)) 166 continue; 167 if (!UsedV) { 168 // First potentially writing parameter 169 UsedV = CB->getArgOperand(i); 170 UsedIdx = i; 171 continue; 172 } 173 UsedIdx = None; 174 if (UsedV != CB->getArgOperand(i)) 175 // Can't describe writing to two distinct locations. 176 // TODO: This results in an inprecision when two values derived from the 177 // same object are passed as arguments to the same function. 178 return None; 179 } 180 if (!UsedV) 181 // We don't currently have a way to represent a "does not write" result 182 // and thus have to be conservative and return unknown. 183 return None; 184 185 if (UsedIdx) 186 return getForArgument(CB, *UsedIdx, &TLI); 187 return MemoryLocation::getBeforeOrAfter(UsedV, CB->getAAMetadata()); 188 } 189 190 MemoryLocation MemoryLocation::getForArgument(const CallBase *Call, 191 unsigned ArgIdx, 192 const TargetLibraryInfo *TLI) { 193 AAMDNodes AATags = Call->getAAMetadata(); 194 const Value *Arg = Call->getArgOperand(ArgIdx); 195 196 // We may be able to produce an exact size for known intrinsics. 197 if (const IntrinsicInst *II = dyn_cast<IntrinsicInst>(Call)) { 198 const DataLayout &DL = II->getModule()->getDataLayout(); 199 200 switch (II->getIntrinsicID()) { 201 default: 202 break; 203 case Intrinsic::memset: 204 case Intrinsic::memcpy: 205 case Intrinsic::memcpy_inline: 206 case Intrinsic::memmove: 207 case Intrinsic::memcpy_element_unordered_atomic: 208 case Intrinsic::memmove_element_unordered_atomic: 209 case Intrinsic::memset_element_unordered_atomic: 210 assert((ArgIdx == 0 || ArgIdx == 1) && 211 "Invalid argument index for memory intrinsic"); 212 if (ConstantInt *LenCI = dyn_cast<ConstantInt>(II->getArgOperand(2))) 213 return MemoryLocation(Arg, LocationSize::precise(LenCI->getZExtValue()), 214 AATags); 215 return MemoryLocation::getAfter(Arg, AATags); 216 217 case Intrinsic::lifetime_start: 218 case Intrinsic::lifetime_end: 219 case Intrinsic::invariant_start: 220 assert(ArgIdx == 1 && "Invalid argument index"); 221 return MemoryLocation( 222 Arg, 223 LocationSize::precise( 224 cast<ConstantInt>(II->getArgOperand(0))->getZExtValue()), 225 AATags); 226 227 case Intrinsic::masked_load: 228 assert(ArgIdx == 0 && "Invalid argument index"); 229 return MemoryLocation( 230 Arg, 231 LocationSize::upperBound(DL.getTypeStoreSize(II->getType())), 232 AATags); 233 234 case Intrinsic::masked_store: 235 assert(ArgIdx == 1 && "Invalid argument index"); 236 return MemoryLocation( 237 Arg, 238 LocationSize::upperBound( 239 DL.getTypeStoreSize(II->getArgOperand(0)->getType())), 240 AATags); 241 242 case Intrinsic::invariant_end: 243 // The first argument to an invariant.end is a "descriptor" type (e.g. a 244 // pointer to a empty struct) which is never actually dereferenced. 245 if (ArgIdx == 0) 246 return MemoryLocation(Arg, LocationSize::precise(0), AATags); 247 assert(ArgIdx == 2 && "Invalid argument index"); 248 return MemoryLocation( 249 Arg, 250 LocationSize::precise( 251 cast<ConstantInt>(II->getArgOperand(1))->getZExtValue()), 252 AATags); 253 254 case Intrinsic::arm_neon_vld1: 255 assert(ArgIdx == 0 && "Invalid argument index"); 256 // LLVM's vld1 and vst1 intrinsics currently only support a single 257 // vector register. 258 return MemoryLocation( 259 Arg, LocationSize::precise(DL.getTypeStoreSize(II->getType())), 260 AATags); 261 262 case Intrinsic::arm_neon_vst1: 263 assert(ArgIdx == 0 && "Invalid argument index"); 264 return MemoryLocation(Arg, 265 LocationSize::precise(DL.getTypeStoreSize( 266 II->getArgOperand(1)->getType())), 267 AATags); 268 } 269 270 assert( 271 !isa<AnyMemTransferInst>(II) && 272 "all memory transfer intrinsics should be handled by the switch above"); 273 } 274 275 // We can bound the aliasing properties of memset_pattern16 just as we can 276 // for memcpy/memset. This is particularly important because the 277 // LoopIdiomRecognizer likes to turn loops into calls to memset_pattern16 278 // whenever possible. 279 LibFunc F; 280 if (TLI && TLI->getLibFunc(*Call, F) && TLI->has(F)) { 281 switch (F) { 282 case LibFunc_strcpy: 283 case LibFunc_strcat: 284 case LibFunc_strncat: 285 assert((ArgIdx == 0 || ArgIdx == 1) && "Invalid argument index for str function"); 286 return MemoryLocation::getAfter(Arg, AATags); 287 288 case LibFunc_memset_chk: { 289 assert(ArgIdx == 0 && "Invalid argument index for memset_chk"); 290 LocationSize Size = LocationSize::afterPointer(); 291 if (const auto *Len = dyn_cast<ConstantInt>(Call->getArgOperand(2))) { 292 // memset_chk writes at most Len bytes. It may write less, if Len 293 // exceeds the specified max size and aborts. 294 Size = LocationSize::upperBound(Len->getZExtValue()); 295 } 296 return MemoryLocation(Arg, Size, AATags); 297 } 298 case LibFunc_strncpy: { 299 assert((ArgIdx == 0 || ArgIdx == 1) && 300 "Invalid argument index for strncpy"); 301 LocationSize Size = LocationSize::afterPointer(); 302 if (const auto *Len = dyn_cast<ConstantInt>(Call->getArgOperand(2))) { 303 // strncpy is guaranteed to write Len bytes, but only reads up to Len 304 // bytes. 305 Size = ArgIdx == 0 ? LocationSize::precise(Len->getZExtValue()) 306 : LocationSize::upperBound(Len->getZExtValue()); 307 } 308 return MemoryLocation(Arg, Size, AATags); 309 } 310 case LibFunc_memset_pattern16: 311 case LibFunc_memset_pattern4: 312 case LibFunc_memset_pattern8: 313 assert((ArgIdx == 0 || ArgIdx == 1) && 314 "Invalid argument index for memset_pattern16"); 315 if (ArgIdx == 1) { 316 unsigned Size = 16; 317 if (F == LibFunc_memset_pattern4) 318 Size = 4; 319 else if (F == LibFunc_memset_pattern8) 320 Size = 8; 321 return MemoryLocation(Arg, LocationSize::precise(Size), AATags); 322 } 323 if (const ConstantInt *LenCI = 324 dyn_cast<ConstantInt>(Call->getArgOperand(2))) 325 return MemoryLocation(Arg, LocationSize::precise(LenCI->getZExtValue()), 326 AATags); 327 return MemoryLocation::getAfter(Arg, AATags); 328 case LibFunc_bcmp: 329 case LibFunc_memcmp: 330 assert((ArgIdx == 0 || ArgIdx == 1) && 331 "Invalid argument index for memcmp/bcmp"); 332 if (const ConstantInt *LenCI = 333 dyn_cast<ConstantInt>(Call->getArgOperand(2))) 334 return MemoryLocation(Arg, LocationSize::precise(LenCI->getZExtValue()), 335 AATags); 336 return MemoryLocation::getAfter(Arg, AATags); 337 case LibFunc_memchr: 338 assert((ArgIdx == 0) && "Invalid argument index for memchr"); 339 if (const ConstantInt *LenCI = 340 dyn_cast<ConstantInt>(Call->getArgOperand(2))) 341 return MemoryLocation(Arg, LocationSize::precise(LenCI->getZExtValue()), 342 AATags); 343 return MemoryLocation::getAfter(Arg, AATags); 344 case LibFunc_memccpy: 345 assert((ArgIdx == 0 || ArgIdx == 1) && 346 "Invalid argument index for memccpy"); 347 // We only know an upper bound on the number of bytes read/written. 348 if (const ConstantInt *LenCI = 349 dyn_cast<ConstantInt>(Call->getArgOperand(3))) 350 return MemoryLocation( 351 Arg, LocationSize::upperBound(LenCI->getZExtValue()), AATags); 352 return MemoryLocation::getAfter(Arg, AATags); 353 default: 354 break; 355 }; 356 } 357 358 return MemoryLocation::getBeforeOrAfter(Call->getArgOperand(ArgIdx), AATags); 359 } 360