BasicAliasAnalysis.cpp revision 212904
1//===- BasicAliasAnalysis.cpp - Local Alias Analysis Impl -----------------===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file defines the default implementation of the Alias Analysis interface 11// that simply implements a few identities (two different globals cannot alias, 12// etc), but otherwise does no analysis. 13// 14//===----------------------------------------------------------------------===// 15 16#include "llvm/Analysis/AliasAnalysis.h" 17#include "llvm/Analysis/Passes.h" 18#include "llvm/Constants.h" 19#include "llvm/DerivedTypes.h" 20#include "llvm/Function.h" 21#include "llvm/GlobalAlias.h" 22#include "llvm/GlobalVariable.h" 23#include "llvm/Instructions.h" 24#include "llvm/IntrinsicInst.h" 25#include "llvm/Operator.h" 26#include "llvm/Pass.h" 27#include "llvm/Analysis/CaptureTracking.h" 28#include "llvm/Analysis/MemoryBuiltins.h" 29#include "llvm/Analysis/ValueTracking.h" 30#include "llvm/Target/TargetData.h" 31#include "llvm/ADT/SmallPtrSet.h" 32#include "llvm/ADT/SmallVector.h" 33#include "llvm/Support/ErrorHandling.h" 34#include "llvm/Support/GetElementPtrTypeIterator.h" 35#include <algorithm> 36using namespace llvm; 37 38//===----------------------------------------------------------------------===// 39// Useful predicates 40//===----------------------------------------------------------------------===// 41 42/// isKnownNonNull - Return true if we know that the specified value is never 43/// null. 44static bool isKnownNonNull(const Value *V) { 45 // Alloca never returns null, malloc might. 46 if (isa<AllocaInst>(V)) return true; 47 48 // A byval argument is never null. 49 if (const Argument *A = dyn_cast<Argument>(V)) 50 return A->hasByValAttr(); 51 52 // Global values are not null unless extern weak. 53 if (const GlobalValue *GV = dyn_cast<GlobalValue>(V)) 54 return !GV->hasExternalWeakLinkage(); 55 return false; 56} 57 58/// isNonEscapingLocalObject - Return true if the pointer is to a function-local 59/// object that never escapes from the function. 60static bool isNonEscapingLocalObject(const Value *V) { 61 // If this is a local allocation, check to see if it escapes. 62 if (isa<AllocaInst>(V) || isNoAliasCall(V)) 63 // Set StoreCaptures to True so that we can assume in our callers that the 64 // pointer is not the result of a load instruction. Currently 65 // PointerMayBeCaptured doesn't have any special analysis for the 66 // StoreCaptures=false case; if it did, our callers could be refined to be 67 // more precise. 68 return !PointerMayBeCaptured(V, false, /*StoreCaptures=*/true); 69 70 // If this is an argument that corresponds to a byval or noalias argument, 71 // then it has not escaped before entering the function. Check if it escapes 72 // inside the function. 73 if (const Argument *A = dyn_cast<Argument>(V)) 74 if (A->hasByValAttr() || A->hasNoAliasAttr()) { 75 // Don't bother analyzing arguments already known not to escape. 76 if (A->hasNoCaptureAttr()) 77 return true; 78 return !PointerMayBeCaptured(V, false, /*StoreCaptures=*/true); 79 } 80 return false; 81} 82 83/// isEscapeSource - Return true if the pointer is one which would have 84/// been considered an escape by isNonEscapingLocalObject. 85static bool isEscapeSource(const Value *V) { 86 if (isa<CallInst>(V) || isa<InvokeInst>(V) || isa<Argument>(V)) 87 return true; 88 89 // The load case works because isNonEscapingLocalObject considers all 90 // stores to be escapes (it passes true for the StoreCaptures argument 91 // to PointerMayBeCaptured). 92 if (isa<LoadInst>(V)) 93 return true; 94 95 return false; 96} 97 98/// isObjectSmallerThan - Return true if we can prove that the object specified 99/// by V is smaller than Size. 100static bool isObjectSmallerThan(const Value *V, unsigned Size, 101 const TargetData &TD) { 102 const Type *AccessTy; 103 if (const GlobalVariable *GV = dyn_cast<GlobalVariable>(V)) { 104 AccessTy = GV->getType()->getElementType(); 105 } else if (const AllocaInst *AI = dyn_cast<AllocaInst>(V)) { 106 if (!AI->isArrayAllocation()) 107 AccessTy = AI->getType()->getElementType(); 108 else 109 return false; 110 } else if (const CallInst* CI = extractMallocCall(V)) { 111 if (!isArrayMalloc(V, &TD)) 112 // The size is the argument to the malloc call. 113 if (const ConstantInt* C = dyn_cast<ConstantInt>(CI->getArgOperand(0))) 114 return (C->getZExtValue() < Size); 115 return false; 116 } else if (const Argument *A = dyn_cast<Argument>(V)) { 117 if (A->hasByValAttr()) 118 AccessTy = cast<PointerType>(A->getType())->getElementType(); 119 else 120 return false; 121 } else { 122 return false; 123 } 124 125 if (AccessTy->isSized()) 126 return TD.getTypeAllocSize(AccessTy) < Size; 127 return false; 128} 129 130//===----------------------------------------------------------------------===// 131// NoAA Pass 132//===----------------------------------------------------------------------===// 133 134namespace { 135 /// NoAA - This class implements the -no-aa pass, which always returns "I 136 /// don't know" for alias queries. NoAA is unlike other alias analysis 137 /// implementations, in that it does not chain to a previous analysis. As 138 /// such it doesn't follow many of the rules that other alias analyses must. 139 /// 140 struct NoAA : public ImmutablePass, public AliasAnalysis { 141 static char ID; // Class identification, replacement for typeinfo 142 NoAA() : ImmutablePass(ID) {} 143 explicit NoAA(char &PID) : ImmutablePass(PID) { } 144 145 virtual void getAnalysisUsage(AnalysisUsage &AU) const { 146 } 147 148 virtual void initializePass() { 149 TD = getAnalysisIfAvailable<TargetData>(); 150 } 151 152 virtual AliasResult alias(const Value *V1, unsigned V1Size, 153 const Value *V2, unsigned V2Size) { 154 return MayAlias; 155 } 156 157 virtual ModRefBehavior getModRefBehavior(ImmutableCallSite CS) { 158 return UnknownModRefBehavior; 159 } 160 virtual ModRefBehavior getModRefBehavior(const Function *F) { 161 return UnknownModRefBehavior; 162 } 163 164 virtual bool pointsToConstantMemory(const Value *P) { return false; } 165 virtual ModRefResult getModRefInfo(ImmutableCallSite CS, 166 const Value *P, unsigned Size) { 167 return ModRef; 168 } 169 virtual ModRefResult getModRefInfo(ImmutableCallSite CS1, 170 ImmutableCallSite CS2) { 171 return ModRef; 172 } 173 174 virtual void deleteValue(Value *V) {} 175 virtual void copyValue(Value *From, Value *To) {} 176 177 /// getAdjustedAnalysisPointer - This method is used when a pass implements 178 /// an analysis interface through multiple inheritance. If needed, it 179 /// should override this to adjust the this pointer as needed for the 180 /// specified pass info. 181 virtual void *getAdjustedAnalysisPointer(const void *ID) { 182 if (ID == &AliasAnalysis::ID) 183 return (AliasAnalysis*)this; 184 return this; 185 } 186 }; 187} // End of anonymous namespace 188 189// Register this pass... 190char NoAA::ID = 0; 191INITIALIZE_AG_PASS(NoAA, AliasAnalysis, "no-aa", 192 "No Alias Analysis (always returns 'may' alias)", 193 true, true, false); 194 195ImmutablePass *llvm::createNoAAPass() { return new NoAA(); } 196 197//===----------------------------------------------------------------------===// 198// GetElementPtr Instruction Decomposition and Analysis 199//===----------------------------------------------------------------------===// 200 201namespace { 202 enum ExtensionKind { 203 EK_NotExtended, 204 EK_SignExt, 205 EK_ZeroExt 206 }; 207 208 struct VariableGEPIndex { 209 const Value *V; 210 ExtensionKind Extension; 211 int64_t Scale; 212 }; 213} 214 215 216/// GetLinearExpression - Analyze the specified value as a linear expression: 217/// "A*V + B", where A and B are constant integers. Return the scale and offset 218/// values as APInts and return V as a Value*, and return whether we looked 219/// through any sign or zero extends. The incoming Value is known to have 220/// IntegerType and it may already be sign or zero extended. 221/// 222/// Note that this looks through extends, so the high bits may not be 223/// represented in the result. 224static Value *GetLinearExpression(Value *V, APInt &Scale, APInt &Offset, 225 ExtensionKind &Extension, 226 const TargetData &TD, unsigned Depth) { 227 assert(V->getType()->isIntegerTy() && "Not an integer value"); 228 229 // Limit our recursion depth. 230 if (Depth == 6) { 231 Scale = 1; 232 Offset = 0; 233 return V; 234 } 235 236 if (BinaryOperator *BOp = dyn_cast<BinaryOperator>(V)) { 237 if (ConstantInt *RHSC = dyn_cast<ConstantInt>(BOp->getOperand(1))) { 238 switch (BOp->getOpcode()) { 239 default: break; 240 case Instruction::Or: 241 // X|C == X+C if all the bits in C are unset in X. Otherwise we can't 242 // analyze it. 243 if (!MaskedValueIsZero(BOp->getOperand(0), RHSC->getValue(), &TD)) 244 break; 245 // FALL THROUGH. 246 case Instruction::Add: 247 V = GetLinearExpression(BOp->getOperand(0), Scale, Offset, Extension, 248 TD, Depth+1); 249 Offset += RHSC->getValue(); 250 return V; 251 case Instruction::Mul: 252 V = GetLinearExpression(BOp->getOperand(0), Scale, Offset, Extension, 253 TD, Depth+1); 254 Offset *= RHSC->getValue(); 255 Scale *= RHSC->getValue(); 256 return V; 257 case Instruction::Shl: 258 V = GetLinearExpression(BOp->getOperand(0), Scale, Offset, Extension, 259 TD, Depth+1); 260 Offset <<= RHSC->getValue().getLimitedValue(); 261 Scale <<= RHSC->getValue().getLimitedValue(); 262 return V; 263 } 264 } 265 } 266 267 // Since GEP indices are sign extended anyway, we don't care about the high 268 // bits of a sign or zero extended value - just scales and offsets. The 269 // extensions have to be consistent though. 270 if ((isa<SExtInst>(V) && Extension != EK_ZeroExt) || 271 (isa<ZExtInst>(V) && Extension != EK_SignExt)) { 272 Value *CastOp = cast<CastInst>(V)->getOperand(0); 273 unsigned OldWidth = Scale.getBitWidth(); 274 unsigned SmallWidth = CastOp->getType()->getPrimitiveSizeInBits(); 275 Scale.trunc(SmallWidth); 276 Offset.trunc(SmallWidth); 277 Extension = isa<SExtInst>(V) ? EK_SignExt : EK_ZeroExt; 278 279 Value *Result = GetLinearExpression(CastOp, Scale, Offset, Extension, 280 TD, Depth+1); 281 Scale.zext(OldWidth); 282 Offset.zext(OldWidth); 283 284 return Result; 285 } 286 287 Scale = 1; 288 Offset = 0; 289 return V; 290} 291 292/// DecomposeGEPExpression - If V is a symbolic pointer expression, decompose it 293/// into a base pointer with a constant offset and a number of scaled symbolic 294/// offsets. 295/// 296/// The scaled symbolic offsets (represented by pairs of a Value* and a scale in 297/// the VarIndices vector) are Value*'s that are known to be scaled by the 298/// specified amount, but which may have other unrepresented high bits. As such, 299/// the gep cannot necessarily be reconstructed from its decomposed form. 300/// 301/// When TargetData is around, this function is capable of analyzing everything 302/// that Value::getUnderlyingObject() can look through. When not, it just looks 303/// through pointer casts. 304/// 305static const Value * 306DecomposeGEPExpression(const Value *V, int64_t &BaseOffs, 307 SmallVectorImpl<VariableGEPIndex> &VarIndices, 308 const TargetData *TD) { 309 // Limit recursion depth to limit compile time in crazy cases. 310 unsigned MaxLookup = 6; 311 312 BaseOffs = 0; 313 do { 314 // See if this is a bitcast or GEP. 315 const Operator *Op = dyn_cast<Operator>(V); 316 if (Op == 0) { 317 // The only non-operator case we can handle are GlobalAliases. 318 if (const GlobalAlias *GA = dyn_cast<GlobalAlias>(V)) { 319 if (!GA->mayBeOverridden()) { 320 V = GA->getAliasee(); 321 continue; 322 } 323 } 324 return V; 325 } 326 327 if (Op->getOpcode() == Instruction::BitCast) { 328 V = Op->getOperand(0); 329 continue; 330 } 331 332 const GEPOperator *GEPOp = dyn_cast<GEPOperator>(Op); 333 if (GEPOp == 0) 334 return V; 335 336 // Don't attempt to analyze GEPs over unsized objects. 337 if (!cast<PointerType>(GEPOp->getOperand(0)->getType()) 338 ->getElementType()->isSized()) 339 return V; 340 341 // If we are lacking TargetData information, we can't compute the offets of 342 // elements computed by GEPs. However, we can handle bitcast equivalent 343 // GEPs. 344 if (TD == 0) { 345 if (!GEPOp->hasAllZeroIndices()) 346 return V; 347 V = GEPOp->getOperand(0); 348 continue; 349 } 350 351 // Walk the indices of the GEP, accumulating them into BaseOff/VarIndices. 352 gep_type_iterator GTI = gep_type_begin(GEPOp); 353 for (User::const_op_iterator I = GEPOp->op_begin()+1, 354 E = GEPOp->op_end(); I != E; ++I) { 355 Value *Index = *I; 356 // Compute the (potentially symbolic) offset in bytes for this index. 357 if (const StructType *STy = dyn_cast<StructType>(*GTI++)) { 358 // For a struct, add the member offset. 359 unsigned FieldNo = cast<ConstantInt>(Index)->getZExtValue(); 360 if (FieldNo == 0) continue; 361 362 BaseOffs += TD->getStructLayout(STy)->getElementOffset(FieldNo); 363 continue; 364 } 365 366 // For an array/pointer, add the element offset, explicitly scaled. 367 if (ConstantInt *CIdx = dyn_cast<ConstantInt>(Index)) { 368 if (CIdx->isZero()) continue; 369 BaseOffs += TD->getTypeAllocSize(*GTI)*CIdx->getSExtValue(); 370 continue; 371 } 372 373 uint64_t Scale = TD->getTypeAllocSize(*GTI); 374 ExtensionKind Extension = EK_NotExtended; 375 376 // If the integer type is smaller than the pointer size, it is implicitly 377 // sign extended to pointer size. 378 unsigned Width = cast<IntegerType>(Index->getType())->getBitWidth(); 379 if (TD->getPointerSizeInBits() > Width) 380 Extension = EK_SignExt; 381 382 // Use GetLinearExpression to decompose the index into a C1*V+C2 form. 383 APInt IndexScale(Width, 0), IndexOffset(Width, 0); 384 Index = GetLinearExpression(Index, IndexScale, IndexOffset, Extension, 385 *TD, 0); 386 387 // The GEP index scale ("Scale") scales C1*V+C2, yielding (C1*V+C2)*Scale. 388 // This gives us an aggregate computation of (C1*Scale)*V + C2*Scale. 389 BaseOffs += IndexOffset.getZExtValue()*Scale; 390 Scale *= IndexScale.getZExtValue(); 391 392 393 // If we already had an occurrance of this index variable, merge this 394 // scale into it. For example, we want to handle: 395 // A[x][x] -> x*16 + x*4 -> x*20 396 // This also ensures that 'x' only appears in the index list once. 397 for (unsigned i = 0, e = VarIndices.size(); i != e; ++i) { 398 if (VarIndices[i].V == Index && 399 VarIndices[i].Extension == Extension) { 400 Scale += VarIndices[i].Scale; 401 VarIndices.erase(VarIndices.begin()+i); 402 break; 403 } 404 } 405 406 // Make sure that we have a scale that makes sense for this target's 407 // pointer size. 408 if (unsigned ShiftBits = 64-TD->getPointerSizeInBits()) { 409 Scale <<= ShiftBits; 410 Scale >>= ShiftBits; 411 } 412 413 if (Scale) { 414 VariableGEPIndex Entry = {Index, Extension, Scale}; 415 VarIndices.push_back(Entry); 416 } 417 } 418 419 // Analyze the base pointer next. 420 V = GEPOp->getOperand(0); 421 } while (--MaxLookup); 422 423 // If the chain of expressions is too deep, just return early. 424 return V; 425} 426 427/// GetIndexDifference - Dest and Src are the variable indices from two 428/// decomposed GetElementPtr instructions GEP1 and GEP2 which have common base 429/// pointers. Subtract the GEP2 indices from GEP1 to find the symbolic 430/// difference between the two pointers. 431static void GetIndexDifference(SmallVectorImpl<VariableGEPIndex> &Dest, 432 const SmallVectorImpl<VariableGEPIndex> &Src) { 433 if (Src.empty()) return; 434 435 for (unsigned i = 0, e = Src.size(); i != e; ++i) { 436 const Value *V = Src[i].V; 437 ExtensionKind Extension = Src[i].Extension; 438 int64_t Scale = Src[i].Scale; 439 440 // Find V in Dest. This is N^2, but pointer indices almost never have more 441 // than a few variable indexes. 442 for (unsigned j = 0, e = Dest.size(); j != e; ++j) { 443 if (Dest[j].V != V || Dest[j].Extension != Extension) continue; 444 445 // If we found it, subtract off Scale V's from the entry in Dest. If it 446 // goes to zero, remove the entry. 447 if (Dest[j].Scale != Scale) 448 Dest[j].Scale -= Scale; 449 else 450 Dest.erase(Dest.begin()+j); 451 Scale = 0; 452 break; 453 } 454 455 // If we didn't consume this entry, add it to the end of the Dest list. 456 if (Scale) { 457 VariableGEPIndex Entry = { V, Extension, -Scale }; 458 Dest.push_back(Entry); 459 } 460 } 461} 462 463//===----------------------------------------------------------------------===// 464// BasicAliasAnalysis Pass 465//===----------------------------------------------------------------------===// 466 467#ifndef NDEBUG 468static const Function *getParent(const Value *V) { 469 if (const Instruction *inst = dyn_cast<Instruction>(V)) 470 return inst->getParent()->getParent(); 471 472 if (const Argument *arg = dyn_cast<Argument>(V)) 473 return arg->getParent(); 474 475 return NULL; 476} 477 478static bool notDifferentParent(const Value *O1, const Value *O2) { 479 480 const Function *F1 = getParent(O1); 481 const Function *F2 = getParent(O2); 482 483 return !F1 || !F2 || F1 == F2; 484} 485#endif 486 487namespace { 488 /// BasicAliasAnalysis - This is the default alias analysis implementation. 489 /// Because it doesn't chain to a previous alias analysis (like -no-aa), it 490 /// derives from the NoAA class. 491 struct BasicAliasAnalysis : public NoAA { 492 static char ID; // Class identification, replacement for typeinfo 493 BasicAliasAnalysis() : NoAA(ID) {} 494 495 virtual AliasResult alias(const Value *V1, unsigned V1Size, 496 const Value *V2, unsigned V2Size) { 497 assert(Visited.empty() && "Visited must be cleared after use!"); 498 assert(notDifferentParent(V1, V2) && 499 "BasicAliasAnalysis doesn't support interprocedural queries."); 500 AliasResult Alias = aliasCheck(V1, V1Size, V2, V2Size); 501 Visited.clear(); 502 return Alias; 503 } 504 505 virtual ModRefResult getModRefInfo(ImmutableCallSite CS, 506 const Value *P, unsigned Size); 507 508 virtual ModRefResult getModRefInfo(ImmutableCallSite CS1, 509 ImmutableCallSite CS2) { 510 // The AliasAnalysis base class has some smarts, lets use them. 511 return AliasAnalysis::getModRefInfo(CS1, CS2); 512 } 513 514 /// pointsToConstantMemory - Chase pointers until we find a (constant 515 /// global) or not. 516 virtual bool pointsToConstantMemory(const Value *P); 517 518 /// getModRefBehavior - Return the behavior when calling the given 519 /// call site. 520 virtual ModRefBehavior getModRefBehavior(ImmutableCallSite CS); 521 522 /// getModRefBehavior - Return the behavior when calling the given function. 523 /// For use when the call site is not known. 524 virtual ModRefBehavior getModRefBehavior(const Function *F); 525 526 /// getAdjustedAnalysisPointer - This method is used when a pass implements 527 /// an analysis interface through multiple inheritance. If needed, it 528 /// should override this to adjust the this pointer as needed for the 529 /// specified pass info. 530 virtual void *getAdjustedAnalysisPointer(const void *ID) { 531 if (ID == &AliasAnalysis::ID) 532 return (AliasAnalysis*)this; 533 return this; 534 } 535 536 private: 537 // Visited - Track instructions visited by a aliasPHI, aliasSelect(), and aliasGEP(). 538 SmallPtrSet<const Value*, 16> Visited; 539 540 // aliasGEP - Provide a bunch of ad-hoc rules to disambiguate a GEP 541 // instruction against another. 542 AliasResult aliasGEP(const GEPOperator *V1, unsigned V1Size, 543 const Value *V2, unsigned V2Size, 544 const Value *UnderlyingV1, const Value *UnderlyingV2); 545 546 // aliasPHI - Provide a bunch of ad-hoc rules to disambiguate a PHI 547 // instruction against another. 548 AliasResult aliasPHI(const PHINode *PN, unsigned PNSize, 549 const Value *V2, unsigned V2Size); 550 551 /// aliasSelect - Disambiguate a Select instruction against another value. 552 AliasResult aliasSelect(const SelectInst *SI, unsigned SISize, 553 const Value *V2, unsigned V2Size); 554 555 AliasResult aliasCheck(const Value *V1, unsigned V1Size, 556 const Value *V2, unsigned V2Size); 557 }; 558} // End of anonymous namespace 559 560// Register this pass... 561char BasicAliasAnalysis::ID = 0; 562INITIALIZE_AG_PASS(BasicAliasAnalysis, AliasAnalysis, "basicaa", 563 "Basic Alias Analysis (default AA impl)", 564 false, true, true); 565 566ImmutablePass *llvm::createBasicAliasAnalysisPass() { 567 return new BasicAliasAnalysis(); 568} 569 570 571/// pointsToConstantMemory - Chase pointers until we find a (constant 572/// global) or not. 573bool BasicAliasAnalysis::pointsToConstantMemory(const Value *P) { 574 if (const GlobalVariable *GV = 575 dyn_cast<GlobalVariable>(P->getUnderlyingObject())) 576 // Note: this doesn't require GV to be "ODR" because it isn't legal for a 577 // global to be marked constant in some modules and non-constant in others. 578 // GV may even be a declaration, not a definition. 579 return GV->isConstant(); 580 581 return NoAA::pointsToConstantMemory(P); 582} 583 584/// getModRefBehavior - Return the behavior when calling the given call site. 585AliasAnalysis::ModRefBehavior 586BasicAliasAnalysis::getModRefBehavior(ImmutableCallSite CS) { 587 if (CS.doesNotAccessMemory()) 588 // Can't do better than this. 589 return DoesNotAccessMemory; 590 591 ModRefBehavior Min = UnknownModRefBehavior; 592 593 // If the callsite knows it only reads memory, don't return worse 594 // than that. 595 if (CS.onlyReadsMemory()) 596 Min = OnlyReadsMemory; 597 598 // The AliasAnalysis base class has some smarts, lets use them. 599 return std::min(AliasAnalysis::getModRefBehavior(CS), Min); 600} 601 602/// getModRefBehavior - Return the behavior when calling the given function. 603/// For use when the call site is not known. 604AliasAnalysis::ModRefBehavior 605BasicAliasAnalysis::getModRefBehavior(const Function *F) { 606 if (F->doesNotAccessMemory()) 607 // Can't do better than this. 608 return DoesNotAccessMemory; 609 if (F->onlyReadsMemory()) 610 return OnlyReadsMemory; 611 if (unsigned id = F->getIntrinsicID()) 612 return getIntrinsicModRefBehavior(id); 613 614 return NoAA::getModRefBehavior(F); 615} 616 617/// getModRefInfo - Check to see if the specified callsite can clobber the 618/// specified memory object. Since we only look at local properties of this 619/// function, we really can't say much about this query. We do, however, use 620/// simple "address taken" analysis on local objects. 621AliasAnalysis::ModRefResult 622BasicAliasAnalysis::getModRefInfo(ImmutableCallSite CS, 623 const Value *P, unsigned Size) { 624 assert(notDifferentParent(CS.getInstruction(), P) && 625 "AliasAnalysis query involving multiple functions!"); 626 627 const Value *Object = P->getUnderlyingObject(); 628 629 // If this is a tail call and P points to a stack location, we know that 630 // the tail call cannot access or modify the local stack. 631 // We cannot exclude byval arguments here; these belong to the caller of 632 // the current function not to the current function, and a tail callee 633 // may reference them. 634 if (isa<AllocaInst>(Object)) 635 if (const CallInst *CI = dyn_cast<CallInst>(CS.getInstruction())) 636 if (CI->isTailCall()) 637 return NoModRef; 638 639 // If the pointer is to a locally allocated object that does not escape, 640 // then the call can not mod/ref the pointer unless the call takes the pointer 641 // as an argument, and itself doesn't capture it. 642 if (!isa<Constant>(Object) && CS.getInstruction() != Object && 643 isNonEscapingLocalObject(Object)) { 644 bool PassedAsArg = false; 645 unsigned ArgNo = 0; 646 for (ImmutableCallSite::arg_iterator CI = CS.arg_begin(), CE = CS.arg_end(); 647 CI != CE; ++CI, ++ArgNo) { 648 // Only look at the no-capture pointer arguments. 649 if (!(*CI)->getType()->isPointerTy() || 650 !CS.paramHasAttr(ArgNo+1, Attribute::NoCapture)) 651 continue; 652 653 // If this is a no-capture pointer argument, see if we can tell that it 654 // is impossible to alias the pointer we're checking. If not, we have to 655 // assume that the call could touch the pointer, even though it doesn't 656 // escape. 657 if (!isNoAlias(cast<Value>(CI), UnknownSize, P, UnknownSize)) { 658 PassedAsArg = true; 659 break; 660 } 661 } 662 663 if (!PassedAsArg) 664 return NoModRef; 665 } 666 667 // Finally, handle specific knowledge of intrinsics. 668 const IntrinsicInst *II = dyn_cast<IntrinsicInst>(CS.getInstruction()); 669 if (II != 0) 670 switch (II->getIntrinsicID()) { 671 default: break; 672 case Intrinsic::memcpy: 673 case Intrinsic::memmove: { 674 unsigned Len = UnknownSize; 675 if (ConstantInt *LenCI = dyn_cast<ConstantInt>(II->getArgOperand(2))) 676 Len = LenCI->getZExtValue(); 677 Value *Dest = II->getArgOperand(0); 678 Value *Src = II->getArgOperand(1); 679 if (isNoAlias(Dest, Len, P, Size)) { 680 if (isNoAlias(Src, Len, P, Size)) 681 return NoModRef; 682 return Ref; 683 } 684 break; 685 } 686 case Intrinsic::memset: 687 // Since memset is 'accesses arguments' only, the AliasAnalysis base class 688 // will handle it for the variable length case. 689 if (ConstantInt *LenCI = dyn_cast<ConstantInt>(II->getArgOperand(2))) { 690 unsigned Len = LenCI->getZExtValue(); 691 Value *Dest = II->getArgOperand(0); 692 if (isNoAlias(Dest, Len, P, Size)) 693 return NoModRef; 694 } 695 break; 696 case Intrinsic::atomic_cmp_swap: 697 case Intrinsic::atomic_swap: 698 case Intrinsic::atomic_load_add: 699 case Intrinsic::atomic_load_sub: 700 case Intrinsic::atomic_load_and: 701 case Intrinsic::atomic_load_nand: 702 case Intrinsic::atomic_load_or: 703 case Intrinsic::atomic_load_xor: 704 case Intrinsic::atomic_load_max: 705 case Intrinsic::atomic_load_min: 706 case Intrinsic::atomic_load_umax: 707 case Intrinsic::atomic_load_umin: 708 if (TD) { 709 Value *Op1 = II->getArgOperand(0); 710 unsigned Op1Size = TD->getTypeStoreSize(Op1->getType()); 711 if (isNoAlias(Op1, Op1Size, P, Size)) 712 return NoModRef; 713 } 714 break; 715 case Intrinsic::lifetime_start: 716 case Intrinsic::lifetime_end: 717 case Intrinsic::invariant_start: { 718 unsigned PtrSize = 719 cast<ConstantInt>(II->getArgOperand(0))->getZExtValue(); 720 if (isNoAlias(II->getArgOperand(1), PtrSize, P, Size)) 721 return NoModRef; 722 break; 723 } 724 case Intrinsic::invariant_end: { 725 unsigned PtrSize = 726 cast<ConstantInt>(II->getArgOperand(1))->getZExtValue(); 727 if (isNoAlias(II->getArgOperand(2), PtrSize, P, Size)) 728 return NoModRef; 729 break; 730 } 731 } 732 733 // The AliasAnalysis base class has some smarts, lets use them. 734 return AliasAnalysis::getModRefInfo(CS, P, Size); 735} 736 737 738/// aliasGEP - Provide a bunch of ad-hoc rules to disambiguate a GEP instruction 739/// against another pointer. We know that V1 is a GEP, but we don't know 740/// anything about V2. UnderlyingV1 is GEP1->getUnderlyingObject(), 741/// UnderlyingV2 is the same for V2. 742/// 743AliasAnalysis::AliasResult 744BasicAliasAnalysis::aliasGEP(const GEPOperator *GEP1, unsigned V1Size, 745 const Value *V2, unsigned V2Size, 746 const Value *UnderlyingV1, 747 const Value *UnderlyingV2) { 748 // If this GEP has been visited before, we're on a use-def cycle. 749 // Such cycles are only valid when PHI nodes are involved or in unreachable 750 // code. The visitPHI function catches cycles containing PHIs, but there 751 // could still be a cycle without PHIs in unreachable code. 752 if (!Visited.insert(GEP1)) 753 return MayAlias; 754 755 int64_t GEP1BaseOffset; 756 SmallVector<VariableGEPIndex, 4> GEP1VariableIndices; 757 758 // If we have two gep instructions with must-alias'ing base pointers, figure 759 // out if the indexes to the GEP tell us anything about the derived pointer. 760 if (const GEPOperator *GEP2 = dyn_cast<GEPOperator>(V2)) { 761 // Do the base pointers alias? 762 AliasResult BaseAlias = aliasCheck(UnderlyingV1, UnknownSize, 763 UnderlyingV2, UnknownSize); 764 765 // If we get a No or May, then return it immediately, no amount of analysis 766 // will improve this situation. 767 if (BaseAlias != MustAlias) return BaseAlias; 768 769 // Otherwise, we have a MustAlias. Since the base pointers alias each other 770 // exactly, see if the computed offset from the common pointer tells us 771 // about the relation of the resulting pointer. 772 const Value *GEP1BasePtr = 773 DecomposeGEPExpression(GEP1, GEP1BaseOffset, GEP1VariableIndices, TD); 774 775 int64_t GEP2BaseOffset; 776 SmallVector<VariableGEPIndex, 4> GEP2VariableIndices; 777 const Value *GEP2BasePtr = 778 DecomposeGEPExpression(GEP2, GEP2BaseOffset, GEP2VariableIndices, TD); 779 780 // If DecomposeGEPExpression isn't able to look all the way through the 781 // addressing operation, we must not have TD and this is too complex for us 782 // to handle without it. 783 if (GEP1BasePtr != UnderlyingV1 || GEP2BasePtr != UnderlyingV2) { 784 assert(TD == 0 && 785 "DecomposeGEPExpression and getUnderlyingObject disagree!"); 786 return MayAlias; 787 } 788 789 // Subtract the GEP2 pointer from the GEP1 pointer to find out their 790 // symbolic difference. 791 GEP1BaseOffset -= GEP2BaseOffset; 792 GetIndexDifference(GEP1VariableIndices, GEP2VariableIndices); 793 794 } else { 795 // Check to see if these two pointers are related by the getelementptr 796 // instruction. If one pointer is a GEP with a non-zero index of the other 797 // pointer, we know they cannot alias. 798 799 // If both accesses are unknown size, we can't do anything useful here. 800 if (V1Size == UnknownSize && V2Size == UnknownSize) 801 return MayAlias; 802 803 AliasResult R = aliasCheck(UnderlyingV1, UnknownSize, V2, V2Size); 804 if (R != MustAlias) 805 // If V2 may alias GEP base pointer, conservatively returns MayAlias. 806 // If V2 is known not to alias GEP base pointer, then the two values 807 // cannot alias per GEP semantics: "A pointer value formed from a 808 // getelementptr instruction is associated with the addresses associated 809 // with the first operand of the getelementptr". 810 return R; 811 812 const Value *GEP1BasePtr = 813 DecomposeGEPExpression(GEP1, GEP1BaseOffset, GEP1VariableIndices, TD); 814 815 // If DecomposeGEPExpression isn't able to look all the way through the 816 // addressing operation, we must not have TD and this is too complex for us 817 // to handle without it. 818 if (GEP1BasePtr != UnderlyingV1) { 819 assert(TD == 0 && 820 "DecomposeGEPExpression and getUnderlyingObject disagree!"); 821 return MayAlias; 822 } 823 } 824 825 // In the two GEP Case, if there is no difference in the offsets of the 826 // computed pointers, the resultant pointers are a must alias. This 827 // hapens when we have two lexically identical GEP's (for example). 828 // 829 // In the other case, if we have getelementptr <ptr>, 0, 0, 0, 0, ... and V2 830 // must aliases the GEP, the end result is a must alias also. 831 if (GEP1BaseOffset == 0 && GEP1VariableIndices.empty()) 832 return MustAlias; 833 834 // If we have a known constant offset, see if this offset is larger than the 835 // access size being queried. If so, and if no variable indices can remove 836 // pieces of this constant, then we know we have a no-alias. For example, 837 // &A[100] != &A. 838 839 // In order to handle cases like &A[100][i] where i is an out of range 840 // subscript, we have to ignore all constant offset pieces that are a multiple 841 // of a scaled index. Do this by removing constant offsets that are a 842 // multiple of any of our variable indices. This allows us to transform 843 // things like &A[i][1] because i has a stride of (e.g.) 8 bytes but the 1 844 // provides an offset of 4 bytes (assuming a <= 4 byte access). 845 for (unsigned i = 0, e = GEP1VariableIndices.size(); 846 i != e && GEP1BaseOffset;++i) 847 if (int64_t RemovedOffset = GEP1BaseOffset/GEP1VariableIndices[i].Scale) 848 GEP1BaseOffset -= RemovedOffset*GEP1VariableIndices[i].Scale; 849 850 // If our known offset is bigger than the access size, we know we don't have 851 // an alias. 852 if (GEP1BaseOffset) { 853 if (GEP1BaseOffset >= (int64_t)V2Size || 854 GEP1BaseOffset <= -(int64_t)V1Size) 855 return NoAlias; 856 } 857 858 return MayAlias; 859} 860 861/// aliasSelect - Provide a bunch of ad-hoc rules to disambiguate a Select 862/// instruction against another. 863AliasAnalysis::AliasResult 864BasicAliasAnalysis::aliasSelect(const SelectInst *SI, unsigned SISize, 865 const Value *V2, unsigned V2Size) { 866 // If this select has been visited before, we're on a use-def cycle. 867 // Such cycles are only valid when PHI nodes are involved or in unreachable 868 // code. The visitPHI function catches cycles containing PHIs, but there 869 // could still be a cycle without PHIs in unreachable code. 870 if (!Visited.insert(SI)) 871 return MayAlias; 872 873 // If the values are Selects with the same condition, we can do a more precise 874 // check: just check for aliases between the values on corresponding arms. 875 if (const SelectInst *SI2 = dyn_cast<SelectInst>(V2)) 876 if (SI->getCondition() == SI2->getCondition()) { 877 AliasResult Alias = 878 aliasCheck(SI->getTrueValue(), SISize, 879 SI2->getTrueValue(), V2Size); 880 if (Alias == MayAlias) 881 return MayAlias; 882 AliasResult ThisAlias = 883 aliasCheck(SI->getFalseValue(), SISize, 884 SI2->getFalseValue(), V2Size); 885 if (ThisAlias != Alias) 886 return MayAlias; 887 return Alias; 888 } 889 890 // If both arms of the Select node NoAlias or MustAlias V2, then returns 891 // NoAlias / MustAlias. Otherwise, returns MayAlias. 892 AliasResult Alias = 893 aliasCheck(V2, V2Size, SI->getTrueValue(), SISize); 894 if (Alias == MayAlias) 895 return MayAlias; 896 897 // If V2 is visited, the recursive case will have been caught in the 898 // above aliasCheck call, so these subsequent calls to aliasCheck 899 // don't need to assume that V2 is being visited recursively. 900 Visited.erase(V2); 901 902 AliasResult ThisAlias = 903 aliasCheck(V2, V2Size, SI->getFalseValue(), SISize); 904 if (ThisAlias != Alias) 905 return MayAlias; 906 return Alias; 907} 908 909// aliasPHI - Provide a bunch of ad-hoc rules to disambiguate a PHI instruction 910// against another. 911AliasAnalysis::AliasResult 912BasicAliasAnalysis::aliasPHI(const PHINode *PN, unsigned PNSize, 913 const Value *V2, unsigned V2Size) { 914 // The PHI node has already been visited, avoid recursion any further. 915 if (!Visited.insert(PN)) 916 return MayAlias; 917 918 // If the values are PHIs in the same block, we can do a more precise 919 // as well as efficient check: just check for aliases between the values 920 // on corresponding edges. 921 if (const PHINode *PN2 = dyn_cast<PHINode>(V2)) 922 if (PN2->getParent() == PN->getParent()) { 923 AliasResult Alias = 924 aliasCheck(PN->getIncomingValue(0), PNSize, 925 PN2->getIncomingValueForBlock(PN->getIncomingBlock(0)), 926 V2Size); 927 if (Alias == MayAlias) 928 return MayAlias; 929 for (unsigned i = 1, e = PN->getNumIncomingValues(); i != e; ++i) { 930 AliasResult ThisAlias = 931 aliasCheck(PN->getIncomingValue(i), PNSize, 932 PN2->getIncomingValueForBlock(PN->getIncomingBlock(i)), 933 V2Size); 934 if (ThisAlias != Alias) 935 return MayAlias; 936 } 937 return Alias; 938 } 939 940 SmallPtrSet<Value*, 4> UniqueSrc; 941 SmallVector<Value*, 4> V1Srcs; 942 for (unsigned i = 0, e = PN->getNumIncomingValues(); i != e; ++i) { 943 Value *PV1 = PN->getIncomingValue(i); 944 if (isa<PHINode>(PV1)) 945 // If any of the source itself is a PHI, return MayAlias conservatively 946 // to avoid compile time explosion. The worst possible case is if both 947 // sides are PHI nodes. In which case, this is O(m x n) time where 'm' 948 // and 'n' are the number of PHI sources. 949 return MayAlias; 950 if (UniqueSrc.insert(PV1)) 951 V1Srcs.push_back(PV1); 952 } 953 954 AliasResult Alias = aliasCheck(V2, V2Size, V1Srcs[0], PNSize); 955 // Early exit if the check of the first PHI source against V2 is MayAlias. 956 // Other results are not possible. 957 if (Alias == MayAlias) 958 return MayAlias; 959 960 // If all sources of the PHI node NoAlias or MustAlias V2, then returns 961 // NoAlias / MustAlias. Otherwise, returns MayAlias. 962 for (unsigned i = 1, e = V1Srcs.size(); i != e; ++i) { 963 Value *V = V1Srcs[i]; 964 965 // If V2 is visited, the recursive case will have been caught in the 966 // above aliasCheck call, so these subsequent calls to aliasCheck 967 // don't need to assume that V2 is being visited recursively. 968 Visited.erase(V2); 969 970 AliasResult ThisAlias = aliasCheck(V2, V2Size, V, PNSize); 971 if (ThisAlias != Alias || ThisAlias == MayAlias) 972 return MayAlias; 973 } 974 975 return Alias; 976} 977 978// aliasCheck - Provide a bunch of ad-hoc rules to disambiguate in common cases, 979// such as array references. 980// 981AliasAnalysis::AliasResult 982BasicAliasAnalysis::aliasCheck(const Value *V1, unsigned V1Size, 983 const Value *V2, unsigned V2Size) { 984 // If either of the memory references is empty, it doesn't matter what the 985 // pointer values are. 986 if (V1Size == 0 || V2Size == 0) 987 return NoAlias; 988 989 // Strip off any casts if they exist. 990 V1 = V1->stripPointerCasts(); 991 V2 = V2->stripPointerCasts(); 992 993 // Are we checking for alias of the same value? 994 if (V1 == V2) return MustAlias; 995 996 if (!V1->getType()->isPointerTy() || !V2->getType()->isPointerTy()) 997 return NoAlias; // Scalars cannot alias each other 998 999 // Figure out what objects these things are pointing to if we can. 1000 const Value *O1 = V1->getUnderlyingObject(); 1001 const Value *O2 = V2->getUnderlyingObject(); 1002 1003 // Null values in the default address space don't point to any object, so they 1004 // don't alias any other pointer. 1005 if (const ConstantPointerNull *CPN = dyn_cast<ConstantPointerNull>(O1)) 1006 if (CPN->getType()->getAddressSpace() == 0) 1007 return NoAlias; 1008 if (const ConstantPointerNull *CPN = dyn_cast<ConstantPointerNull>(O2)) 1009 if (CPN->getType()->getAddressSpace() == 0) 1010 return NoAlias; 1011 1012 if (O1 != O2) { 1013 // If V1/V2 point to two different objects we know that we have no alias. 1014 if (isIdentifiedObject(O1) && isIdentifiedObject(O2)) 1015 return NoAlias; 1016 1017 // Constant pointers can't alias with non-const isIdentifiedObject objects. 1018 if ((isa<Constant>(O1) && isIdentifiedObject(O2) && !isa<Constant>(O2)) || 1019 (isa<Constant>(O2) && isIdentifiedObject(O1) && !isa<Constant>(O1))) 1020 return NoAlias; 1021 1022 // Arguments can't alias with local allocations or noalias calls 1023 // in the same function. 1024 if (((isa<Argument>(O1) && (isa<AllocaInst>(O2) || isNoAliasCall(O2))) || 1025 (isa<Argument>(O2) && (isa<AllocaInst>(O1) || isNoAliasCall(O1))))) 1026 return NoAlias; 1027 1028 // Most objects can't alias null. 1029 if ((isa<ConstantPointerNull>(O2) && isKnownNonNull(O1)) || 1030 (isa<ConstantPointerNull>(O1) && isKnownNonNull(O2))) 1031 return NoAlias; 1032 1033 // If one pointer is the result of a call/invoke or load and the other is a 1034 // non-escaping local object within the same function, then we know the 1035 // object couldn't escape to a point where the call could return it. 1036 // 1037 // Note that if the pointers are in different functions, there are a 1038 // variety of complications. A call with a nocapture argument may still 1039 // temporary store the nocapture argument's value in a temporary memory 1040 // location if that memory location doesn't escape. Or it may pass a 1041 // nocapture value to other functions as long as they don't capture it. 1042 if (isEscapeSource(O1) && isNonEscapingLocalObject(O2)) 1043 return NoAlias; 1044 if (isEscapeSource(O2) && isNonEscapingLocalObject(O1)) 1045 return NoAlias; 1046 } 1047 1048 // If the size of one access is larger than the entire object on the other 1049 // side, then we know such behavior is undefined and can assume no alias. 1050 if (TD) 1051 if ((V1Size != UnknownSize && isObjectSmallerThan(O2, V1Size, *TD)) || 1052 (V2Size != UnknownSize && isObjectSmallerThan(O1, V2Size, *TD))) 1053 return NoAlias; 1054 1055 // FIXME: This isn't aggressively handling alias(GEP, PHI) for example: if the 1056 // GEP can't simplify, we don't even look at the PHI cases. 1057 if (!isa<GEPOperator>(V1) && isa<GEPOperator>(V2)) { 1058 std::swap(V1, V2); 1059 std::swap(V1Size, V2Size); 1060 std::swap(O1, O2); 1061 } 1062 if (const GEPOperator *GV1 = dyn_cast<GEPOperator>(V1)) 1063 return aliasGEP(GV1, V1Size, V2, V2Size, O1, O2); 1064 1065 if (isa<PHINode>(V2) && !isa<PHINode>(V1)) { 1066 std::swap(V1, V2); 1067 std::swap(V1Size, V2Size); 1068 } 1069 if (const PHINode *PN = dyn_cast<PHINode>(V1)) 1070 return aliasPHI(PN, V1Size, V2, V2Size); 1071 1072 if (isa<SelectInst>(V2) && !isa<SelectInst>(V1)) { 1073 std::swap(V1, V2); 1074 std::swap(V1Size, V2Size); 1075 } 1076 if (const SelectInst *S1 = dyn_cast<SelectInst>(V1)) 1077 return aliasSelect(S1, V1Size, V2, V2Size); 1078 1079 return NoAA::alias(V1, V1Size, V2, V2Size); 1080} 1081 1082// Make sure that anything that uses AliasAnalysis pulls in this file. 1083DEFINING_FILE_FOR(BasicAliasAnalysis) 1084