| blob | 357772c9c4f2e29d3f28789e0aa5630f26f90fd7 |
1 //===- BasicAliasAnalysis.cpp - Stateless Alias Analysis Impl -------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file defines the primary stateless implementation of the
10 // Alias Analysis interface that implements identities (two different
11 // globals cannot alias, etc), but does no stateful analysis.
12 //
13 //===----------------------------------------------------------------------===//
58 #include <cassert>
59 #include <cstdint>
60 #include <cstdlib>
61 #include <utility>
67 /// Enable analysis of recursive PHI nodes.
71 /// By default, even on 32-bit architectures we use 64-bit integers for
72 /// calculations. This will allow us to more-aggressively decompose indexing
73 /// expressions calculated using i64 values (e.g., long long in C) which is
74 /// common enough to worry about.
80 /// SearchLimitReached / SearchTimes shows how often the limit of
81 /// to decompose GEPs is reached. It will affect the precision
82 /// of basic alias analysis.
87 /// Cutoff after which to stop analysing a set of phi nodes potentially involved
88 /// in a cycle. Because we are analysing 'through' phi nodes, we need to be
89 /// careful with value equivalence. We use reachability to make sure a value
90 /// cannot be involved in a cycle.
93 // The max limit of the search depth in DecomposeGEPExpression() and
94 // getUnderlyingObject(), both functions need to use the same search
95 // depth otherwise the algorithm in aliasGEP will assert.
100 // We don't care if this analysis itself is preserved, it has no state. But
101 // we need to check that the analyses it depends on have been. Note that we
102 // may be created without handles to some analyses and in that case don't
103 // depend on them.
109 // Otherwise this analysis result remains valid.
111 }
113 //===----------------------------------------------------------------------===//
114 // Useful predicates
115 //===----------------------------------------------------------------------===//
117 /// Returns true if the pointer is one which would have been considered an
118 /// escape by isNonEscapingLocalObject.
126 // The load case works because isNonEscapingLocalObject considers all
127 // stores to be escapes (it passes true for the StoreCaptures argument
128 // to PointerMayBeCaptured).
132 // The inttoptr case works because isNonEscapingLocalObject considers all
133 // means of converting or equating a pointer to an int (ptrtoint, ptr store
134 // which could be followed by an integer load, ptr<->int compare) as
135 // escaping, and objects located at well-known addresses via platform-specific
136 // means cannot be considered non-escaping local objects.
141 }
143 /// Returns the size of the object specified by V or UnknownSize if unknown.
149 ObjectSizeOpts Opts;
155 }
157 /// Returns true if we can prove that the object specified by V is smaller than
158 /// Size.
163 // Note that the meanings of the "object" are slightly different in the
164 // following contexts:
165 // c1: llvm::getObjectSize()
166 // c2: llvm.objectsize() intrinsic
167 // c3: isObjectSmallerThan()
168 // c1 and c2 share the same meaning; however, the meaning of "object" in c3
169 // refers to the "entire object".
170 //
171 // Consider this example:
172 // char *p = (char*)malloc(100)
173 // char *q = p+80;
174 //
175 // In the context of c1 and c2, the "object" pointed by q refers to the
176 // stretch of memory of q[0:19]. So, getObjectSize(q) should return 20.
177 //
178 // However, in the context of c3, the "object" refers to the chunk of memory
179 // being allocated. So, the "object" has 100 bytes, and q points to the middle
180 // the "object". In case q is passed to isObjectSmallerThan() as the 1st
181 // parameter, before the llvm::getObjectSize() is called to get the size of
182 // entire object, we should:
183 // - either rewind the pointer q to the base-address of the object in
184 // question (in this case rewind to p), or
185 // - just give up. It is up to caller to make sure the pointer is pointing
186 // to the base address the object.
187 //
188 // We go for 2nd option for simplicity.
192 // This function needs to use the aligned object size because we allow
193 // reads a bit past the end given sufficient alignment.
198 }
200 /// Return the minimal extent from \p V to the end of the underlying object,
201 /// assuming the result is used in an aliasing query. E.g., we do use the query
202 /// location size and the fact that null pointers cannot alias here.
207 // If we have dereferenceability information we know a lower bound for the
208 // extent as accesses for a lower offset would be valid. We need to exclude
209 // the "or null" part if null is a valid pointer.
215 // If queried with a precise location size, we assume that location size to be
216 // accessed, thus valid.
220 }
222 /// Returns true if we can prove that the object specified by V has size Size.
227 }
229 //===----------------------------------------------------------------------===//
230 // GetElementPtr Instruction Decomposition and Analysis
231 //===----------------------------------------------------------------------===//
234 /// Represents zext(sext(V)).
246 }
250 }
255 // zext(sext(zext(NewV))) == zext(zext(zext(NewV)))
257 }
262 // zext(sext(sext(NewV)))
264 }
272 }
275 // zext(x op<nuw> y) == zext(x) op<nuw> zext(y)
276 // sext(x op<nsw> y) == sext(x) op<nsw> sext(y)
278 }
279 };
281 /// Represents zext(sext(V)) * Scale + Offset.
283 ExtendedValue Val;
284 APInt Scale;
285 APInt Offset;
287 /// True if all operations in this expression are NSW.
298 }
299 };
300 }
302 /// Analyzes the specified value as a linear expression: "A*V + B", where A and
303 /// B are constant integers.
307 // Limit our recursion depth.
318 // The only non-OBO case we deal with is or, and only limited to the
319 // case where it is both nuw and nsw.
324 }
331 // We don't understand this instruction, so we can't decompose it any
332 // further.
335 // X|C == X+C if all the bits in C are unset in X. Otherwise we can't
336 // analyze it.
341 LLVM_FALLTHROUGH;
348 }
355 }
363 }
365 // We're trying to linearize an expression of the kind:
366 // shl i8 -128, 36
367 // where the shift count exceeds the bitwidth of the type.
368 // We can't decompose this further (the expression would return
369 // a poison value).
379 }
381 }
382 }
395 }
397 /// To ensure a pointer offset fits in an integer of size PointerSize
398 /// (in bits) when that size is smaller than the maximum pointer size. This is
399 /// an issue, for example, in particular for 32b pointers with negative indices
400 /// that rely on two's complement wrap-arounds for precise alias information
401 /// where the maximum pointer size is 64b.
406 }
414 }
416 /// If V is a symbolic pointer expression, decompose it into a base pointer
417 /// with a constant offset and a number of scaled symbolic offsets.
418 ///
419 /// The scaled symbolic offsets (represented by pairs of a Value* and a scale
420 /// in the VarIndices vector) are Value*'s that are known to be scaled by the
421 /// specified amount, but which may have other unrepresented high bits. As
422 /// such, the gep cannot necessarily be reconstructed from its decomposed form.
423 ///
424 /// This function is capable of analyzing everything that getUnderlyingObject
425 /// can look through. To be able to do that getUnderlyingObject and
426 /// DecomposeGEPExpression must use the same search depth
427 /// (MaxLookupSearchDepth).
431 // Limit recursion depth to limit compile time in crazy cases.
433 SearchTimes++;
437 DecomposedGEP Decomposed;
441 // See if this is a bitcast or GEP.
444 // The only non-operator case we can handle are GlobalAliases.
449 }
450 }
453 }
459 }
464 // Look through single-arg phi nodes created by LCSSA.
468 }
470 // CaptureTracking can know about special capturing properties of some
471 // intrinsics like launder.invariant.group, that can't be expressed with
472 // the attributes, but have properties like returning aliasing pointer.
473 // Because some analysis may assume that nocaptured pointer is not
474 // returned from some special intrinsic (because function would have to
475 // be marked with returns attribute), it is crucial to use this function
476 // because it should be in sync with CaptureTracking. Not using it may
477 // cause weird miscompilations where 2 aliasing pointers are assumed to
478 // noalias.
482 }
483 }
487 }
489 // Track whether we've seen at least one in bounds gep, and if so, whether
490 // all geps parsed were in bounds.
496 // Don't attempt to analyze GEPs over unsized objects.
500 }
502 // Don't attempt to analyze GEPs if index scale is not a compile-time
503 // constant.
508 }
511 // Walk the indices of the GEP, accumulating them into BaseOff/VarIndices.
514 // Assume all GEP operands are constants until proven otherwise.
519 // Compute the (potentially symbolic) offset in bytes for this index.
521 // For a struct, add the member offset.
528 }
530 // For an array/pointer, add the element offset, explicitly scaled.
538 }
544 // If the integer type is smaller than the pointer size, it is implicitly
545 // sign extended to pointer size.
551 // The GEP index scale ("Scale") scales C1*V+C2, yielding (C1*V+C2)*Scale.
552 // This gives us an aggregate computation of (C1*Scale)*V + C2*Scale.
554 // It can be the case that, even through C1*V+C2 does not overflow for
555 // relevant values of V, (C2*Scale) can overflow. In that case, we cannot
556 // decompose the expression in this way.
557 //
558 // FIXME: C1*Scale and the other operations in the decomposed
559 // (C1*Scale)*V+C2*Scale can also overflow. We should check for this
560 // possibility.
569 }
571 // If we already had an occurrence of this index variable, merge this
572 // scale into it. For example, we want to handle:
573 // A[x][x] -> x*16 + x*4 -> x*20
574 // This also ensures that 'x' only appears in the index list once.
582 }
583 }
585 // Make sure that we have a scale that makes sense for this target's
586 // pointer size.
590 VariableGEPIndex Entry = {
593 }
594 }
596 // Take care of wrap-arounds
600 // Analyze the base pointer next.
604 // If the chain of expressions is too deep, just return early.
606 SearchLimitReached++;
608 }
610 /// Returns whether the given pointer value points to memory that is local to
611 /// the function, with global constants being considered local to all
612 /// functions.
625 }
627 // An alloca instruction defines local memory.
631 // A global constant counts as local memory for our purposes.
633 // Note: this doesn't require GV to be "ODR" because it isn't legal for a
634 // global to be marked constant in some modules and non-constant in
635 // others. GV may even be a declaration, not a definition.
639 }
641 }
643 // If both select values point to local memory, then so does the select.
648 }
650 // If all values incoming to a phi node point to local memory, then so does
651 // the phi.
653 // Don't bother inspecting phi nodes with many operands.
657 }
660 }
662 // Otherwise be conservative.
669 }
674 }
676 /// Returns the behavior when calling the given call site.
679 // Can't do better than this.
684 // If the callsite knows it only reads memory, don't return worse
685 // than that.
698 // If the call has operand bundles then aliasing attributes from the function
699 // it calls do not directly apply to the call. This can be made more precise
700 // in the future.
703 Min =
707 }
709 /// Returns the behavior when calling the given function. For use when the call
710 /// site is not known.
712 // If the function declares it doesn't access memory, we can't do better.
718 // If the function declares it only reads memory, go with that.
732 }
734 /// Returns true if this is a writeonly (i.e Mod only) parameter.
740 // We can bound the aliasing properties of memset_pattern16 just as we can
741 // for memcpy/memset. This is particularly important because the
742 // LoopIdiomRecognizer likes to turn loops into calls to memset_pattern16
743 // whenever possible.
744 // FIXME Consider handling this in InferFunctionAttr.cpp together with other
745 // attributes.
746 LibFunc F;
753 // TODO: memset_pattern4, memset_pattern8
754 // TODO: _chk variants
755 // TODO: strcmp, strcpy
758 }
762 // Checking for known builtin intrinsics and target library functions.
773 }
775 #ifndef NDEBUG
781 }
787 }
795 }
796 #endif
804 }
806 /// Checks to see if the specified callsite can clobber the specified memory
807 /// object.
808 ///
809 /// Since we only look at local properties of this function, we really can't
810 /// say much about this query. We do, however, use simple "address taken"
811 /// analysis on local objects.
820 // Calls marked 'tail' cannot read or write allocas from the current frame
821 // because the current frame might be destroyed by the time they run. However,
822 // a tail call may use an alloca with byval. Calling with byval copies the
823 // contents of the alloca into argument registers or stack slots, so there is
824 // no lifetime issue.
831 // Stack restore is able to modify unescaped dynamic allocas. Assume it may
832 // modify them even though the alloca is not escaped.
837 // If the pointer is to a locally allocated object that does not escape,
838 // then the call can not mod/ref the pointer unless the call takes the pointer
839 // as an argument, and itself doesn't capture it.
843 // Optimistically assume that call doesn't touch Object and check this
844 // assumption in the following loop.
851 // Only look at the no-capture or byval pointer arguments. If this
852 // pointer were passed to arguments that were neither of these, then it
853 // couldn't be no-capture.
860 // Call doesn't access memory through this operand, so we don't care
861 // if it aliases with Object.
865 // If this is a no-capture pointer argument, see if we can tell that it
866 // is impossible to alias the pointer we're checking.
872 // Operand doesn't alias 'Object', continue looking for other aliases
875 // Operand aliases 'Object', but call doesn't modify it. Strengthen
876 // initial assumption and keep looking in case if there are more aliases.
880 }
881 // Operand aliases 'Object' but call only writes into it.
885 }
886 // This operand aliases 'Object' and call reads and writes into it.
887 // Setting ModRef will not yield an early return below, MustAlias is not
888 // used further.
891 }
893 // No operand aliases, reset Must bit. Add below if at least one aliases
894 // and all aliases found are MustAlias.
898 // Early return if we improved mod ref information
903 }
904 }
906 // If the call is malloc/calloc like, we can assume that it doesn't
907 // modify any IR visible value. This is only valid because we assume these
908 // routines do not read values visible in the IR. TODO: Consider special
909 // casing realloc and strdup routines which access only their arguments as
910 // well. Or alternatively, replace all of this with inaccessiblememonly once
911 // that's implemented fully.
913 // Be conservative if the accessed pointer may alias the allocation -
914 // fallback to the generic handling below.
918 }
920 // The semantics of memcpy intrinsics either exactly overlap or do not
921 // overlap, i.e., source and destination of any given memcpy are either
922 // no-alias or must-alias.
924 AliasResult SrcAA =
926 AliasResult DestAA =
928 // It's also possible for Loc to alias both src and dest, or neither.
935 }
937 // Guard intrinsics are marked as arbitrarily writing so that proper control
938 // dependencies are maintained but they never mods any particular memory
939 // location.
940 //
941 // *Unlike* assumes, guard intrinsics are modeled as reading memory since the
942 // heap state at the point the guard is issued needs to be consistent in case
943 // the guard invokes the "deopt" continuation.
946 // The same applies to deoptimize which is essentially a guard(false).
950 // Like assumes, invariant.start intrinsics were also marked as arbitrarily
951 // writing so that proper control dependencies are maintained but they never
952 // mod any particular memory location visible to the IR.
953 // *Unlike* assumes (which are now modeled as NoModRef), invariant.start
954 // intrinsic is now modeled as reading memory. This prevents hoisting the
955 // invariant.start intrinsic over stores. Consider:
956 // *ptr = 40;
957 // *ptr = 50;
958 // invariant_start(ptr)
959 // int val = *ptr;
960 // print(val);
961 //
962 // This cannot be transformed to:
963 //
964 // *ptr = 40;
965 // invariant_start(ptr)
966 // *ptr = 50;
967 // int val = *ptr;
968 // print(val);
969 //
970 // The transformation will cause the second store to be ignored (based on
971 // rules of invariant.start) and print 40, while the first program always
972 // prints 50.
976 // The AAResultBase base class has some smarts, lets use them.
978 }
983 // Guard intrinsics are marked as arbitrarily writing so that proper control
984 // dependencies are maintained but they never mods any particular memory
985 // location.
986 //
987 // *Unlike* assumes, guard intrinsics are modeled as reading memory since the
988 // heap state at the point the guard is issued needs to be consistent in case
989 // the guard invokes the "deopt" continuation.
991 // NB! This function is *not* commutative, so we special case two
992 // possibilities for guard intrinsics.
1004 // The AAResultBase base class has some smarts, lets use them.
1006 }
1008 /// Return true if we know V to the base address of the corresponding memory
1009 /// object. This implies that any address less than V must be out of bounds
1010 /// for the underlying object. Note that just being isIdentifiedObject() is
1011 /// not enough - For example, a negative offset from a noalias argument or call
1012 /// can be inbounds w.r.t the actual underlying object.
1014 // TODO: We can handle other cases here
1015 // 1) For GC languages, arguments to functions are often required to be
1016 // base pointers.
1017 // 2) Result of allocation routines are often base pointers. Leverage TLI.
1019 }
1021 /// Provides a bunch of ad-hoc rules to disambiguate a GEP instruction against
1022 /// another pointer.
1023 ///
1024 /// We know that V1 is a GEP, but we don't know anything about V2.
1025 /// UnderlyingV1 is getUnderlyingObject(GEP1), UnderlyingV2 is the same for
1026 /// V2.
1032 // TODO: This limitation exists for compile-time reasons. Relax it if we
1033 // can avoid exponential pathological cases.
1037 // If both accesses have unknown size, we can only check whether the base
1038 // objects don't alias.
1044 }
1049 // Don't attempt to analyze the decomposed GEP if index scale is not a
1050 // compile-time constant.
1056 "DecomposeGEPExpression returned a result different from "
1059 // Subtract the GEP2 pointer from the GEP1 pointer to find out their
1060 // symbolic difference.
1064 // If an inbounds GEP would have to start from an out of bounds address
1065 // for the two to alias, then we can assume noalias.
1072 // Symmetric case to above.
1077 }
1079 // For GEPs with identical offsets, we can preserve the size and AAInfo
1080 // when performing the alias check on the underlying objects.
1086 // Do the base pointers alias?
1091 // If we get a No or May, then return it immediately, no amount of analysis
1092 // will improve this situation.
1097 }
1099 // If there is a constant difference between the pointers, but the difference
1100 // is less than the size of the associated memory object, then we know
1101 // that the objects are partially overlapping. If the difference is
1102 // greater, we know they do not overlap.
1106 // Initialize for Off >= 0 (V2 <= GEP1) case.
1114 // Swap if we have the situation where:
1115 // + +
1116 // | BaseOffset |
1117 // ---------------->|
1118 // |-->V1Size |-------> V2Size
1119 // GEP1 V2
1123 }
1128 // Conservatively drop processing if a phi was visited and/or offset is
1129 // too big.
1133 // Memory referenced by right pointer is nested. Save the offset in
1134 // cache. Note that originally offset estimated as GEP1-V2, but
1135 // AliasResult contains the shift that represents GEP1+Offset=V2.
1138 }
1140 }
1142 }
1143 }
1146 APInt GCD;
1158 else
1162 // If the Value could change between cycles, then any reasoning about
1163 // the Value this cycle may not hold in the next cycle. We'll just
1164 // give up if we can't determine conditions that hold for every cycle:
1172 // Zero-extension widens the variable, and so forces the sign
1173 // bit to zero.
1182 }
1183 }
1185 // We now have accesses at two offsets from the same base:
1186 // 1. (...)*GCD + DecompGEP1.Offset with size V1Size
1187 // 2. 0 with size V2Size
1188 // Using arithmetic modulo GCD, the accesses are at
1189 // [ModOffset..ModOffset+V1Size) and [0..V2Size). If the first access fits
1190 // into the range [V2Size..GCD), then we know they cannot overlap.
1199 // If we know all the variables are non-negative, then the total offset is
1200 // also non-negative and >= DecompGEP1.Offset. We have the following layout:
1201 // [0, V2Size) ... [TotalOffset, TotalOffer+V1Size]
1202 // If DecompGEP1.Offset >= V2Size, the accesses don't alias.
1206 // Similarly, if the variables are non-positive, then the total offset is
1207 // also non-positive and <= DecompGEP1.Offset. We have the following layout:
1208 // [TotalOffset, TotalOffset+V1Size) ... [0, V2Size)
1209 // If -DecompGEP1.Offset >= V1Size, the accesses don't alias.
1215 // Try to determine whether abs(VarIndex) > 0.
1218 // VarIndex = Scale*V. If V != 0 then abs(VarIndex) >= abs(Scale).
1223 // VarIndex = Scale*V0 + (-Scale)*V1.
1224 // If V0 != V1 then abs(VarIndex) >= abs(Scale).
1225 // Check that VisitedPhiBBs is empty, to avoid reasoning about
1226 // inequality of values across loop iterations.
1233 }
1236 // The constant offset will have added at least +/-MinAbsVarIndex to it.
1239 // Check that an access at OffsetLo or lower, and an access at OffsetHi
1240 // or higher both do not alias.
1244 }
1245 }
1250 }
1252 // Statically, we can see that the base objects are the same, but the
1253 // pointers have dynamic offsets which we can't resolve. And none of our
1254 // little tricks above worked.
1256 }
1259 // If the results agree, take it.
1262 // A mix of PartialAlias and MustAlias is PartialAlias.
1266 // Otherwise, we don't know anything.
1268 }
1270 /// Provides a bunch of ad-hoc rules to disambiguate a Select instruction
1271 /// against another.
1272 AliasResult
1276 // If the values are Selects with the same condition, we can do a more precise
1277 // check: just check for aliases between the values on corresponding arms.
1289 }
1291 // If both arms of the Select node NoAlias or MustAlias V2, then returns
1292 // NoAlias / MustAlias. Otherwise, returns MayAlias.
1303 }
1305 /// Provide a bunch of ad-hoc rules to disambiguate a PHI instruction against
1306 /// another.
1312 // If the values are PHIs in the same block, we can do a more precise
1313 // as well as efficient check: just check for aliases between the values
1314 // on corresponding edges.
1323 AAQI);
1326 else
1330 }
1332 }
1335 // If a phi operand recurses back to the phi, we can still determine NoAlias
1336 // if we don't alias the underlying objects of the other phi operands, as we
1337 // know that the recursive phi needs to be based on them in some way.
1345 }
1347 };
1350 // If we have PhiValues then use it to get the underlying phi values.
1352 // If we have more phi values than the search depth then return MayAlias
1353 // conservatively to avoid compile time explosion. The worst possible case
1354 // is if both sides are PHI nodes. In which case, this is O(m x n) time
1355 // where 'm' and 'n' are the number of PHI sources.
1358 // Add the values to V1Srcs
1363 }
1365 // If we don't have PhiInfo then just look at the operands of the phi itself
1366 // FIXME: Remove this once we can guarantee that we have PhiInfo always
1372 // To control potential compile time explosion, we choose to be
1373 // conserviate when we have more than one Phi input. It is important
1374 // that we handle the single phi case as that lets us handle LCSSA
1375 // phi nodes and (combined with the recursive phi handling) simple
1376 // pointer induction variable patterns.
1378 }
1380 }
1387 }
1390 // Out of an abundance of caution, allow only the trivial lcssa and
1391 // recursive phi cases.
1393 }
1395 // If V1Srcs is empty then that means that the phi has no underlying non-phi
1396 // value. This should only be possible in blocks unreachable from the entry
1397 // block, but return MayAlias just in case.
1401 // If this PHI node is recursive, indicate that the pointer may be moved
1402 // across iterations. We can only prove NoAlias if different underlying
1403 // objects are involved.
1407 // In the recursive alias queries below, we may compare values from two
1408 // different loop iterations. Keep track of visited phi blocks, which will
1409 // be used when determining value equivalence.
1414 });
1416 // If we inserted a block into VisitedPhiBBs, alias analysis results that
1417 // have been cached earlier may no longer be valid. Perform recursive queries
1418 // with a new AAQueryInfo.
1426 // Early exit if the check of the first PHI source against V2 is MayAlias.
1427 // Other results are not possible.
1430 // With recursive phis we cannot guarantee that MustAlias/PartialAlias will
1431 // remain valid to all elements and needs to conservatively return MayAlias.
1435 // If all sources of the PHI node NoAlias or MustAlias V2, then returns
1436 // NoAlias / MustAlias. Otherwise, returns MayAlias.
1445 }
1448 }
1450 /// Provides a bunch of ad-hoc rules to disambiguate in common cases, such as
1451 /// array references.
1455 // If either of the memory references is empty, it doesn't matter what the
1456 // pointer values are.
1460 // Strip off any casts if they exist.
1464 // If V1 or V2 is undef, the result is NoAlias because we can always pick a
1465 // value for undef that aliases nothing in the program.
1469 // Are we checking for alias of the same value?
1470 // Because we look 'through' phi nodes, we could look at "Value" pointers from
1471 // different iterations. We must therefore make sure that this is not the
1472 // case. The function isValueEqualInPotentialCycles ensures that this cannot
1473 // happen by looking at the visited phi nodes and making sure they cannot
1474 // reach the value.
1481 // Figure out what objects these things are pointing to if we can.
1485 // Null values in the default address space don't point to any object, so they
1486 // don't alias any other pointer.
1495 // If V1/V2 point to two different objects, we know that we have no alias.
1499 // Constant pointers can't alias with non-const isIdentifiedObject objects.
1504 // Function arguments can't alias with things that are known to be
1505 // unambigously identified at the function level.
1510 // If one pointer is the result of a call/invoke or load and the other is a
1511 // non-escaping local object within the same function, then we know the
1512 // object couldn't escape to a point where the call could return it.
1513 //
1514 // Note that if the pointers are in different functions, there are a
1515 // variety of complications. A call with a nocapture argument may still
1516 // temporary store the nocapture argument's value in a temporary memory
1517 // location if that memory location doesn't escape. Or it may pass a
1518 // nocapture value to other functions as long as they don't capture it.
1525 }
1527 // If the size of one access is larger than the entire object on the other
1528 // side, then we know such behavior is undefined and can assume no alias.
1538 // If one the accesses may be before the accessed pointer, canonicalize this
1539 // by using unknown after-pointer sizes for both accesses. This is
1540 // equivalent, because regardless of which pointer is lower, one of them
1541 // will always came after the other, as long as the underlying objects aren't
1542 // disjoint. We do this so that the rest of BasicAA does not have to deal
1543 // with accesses before the base pointer, and to improve cache utilization by
1544 // merging equivalent states.
1548 }
1550 // FIXME: If this depth limit is hit, then we may cache sub-optimal results
1551 // for recursive queries. For this reason, this limit is chosen to be large
1552 // enough to be very rarely hit, while still being small enough to avoid
1553 // stack overflows.
1557 // Check the cache before climbing up use-def chains. This also terminates
1558 // otherwise infinitely recursive queries.
1568 // Remember that we used an assumption.
1571 }
1572 // Cache contains sorted {V1,V2} pairs but we should return original order.
1576 }
1580 AliasResult Result =
1587 // Check whether a NoAlias assumption has been used, but disproven.
1593 // This is a definitive result now, when considered as a root query.
1596 // Cache contains sorted {V1,V2} pairs.
1600 // If the assumption has been disproven, remove any results that may have
1601 // been based on this assumption. Do this after the Entry updates above to
1602 // avoid iterator invalidation.
1607 // The result may still be based on assumptions higher up in the chain.
1608 // Remember it, so it can be purged from the cache later.
1613 }
1627 }
1637 }
1647 }
1649 // If both pointers are pointing into the same object and one of them
1650 // accesses the entire object, then the accesses must overlap in some way.
1657 }
1660 }
1662 /// Check whether two Values can be considered equivalent.
1663 ///
1664 /// In addition to pointer equivalence of \p V1 and \p V2 this checks whether
1665 /// they can not be part of a cycle in the value graph by looking at all
1666 /// visited phi nodes an making sure that the phis cannot reach the value. We
1667 /// have to do this because we are looking through phi nodes (That is we say
1668 /// noalias(V, phi(VA, VB)) if noalias(V, VA) and noalias(V, VB).
1684 // Make sure that the visited phis cannot reach the Value. This ensures that
1685 // the Values cannot come from different iterations of a potential cycle the
1686 // phi nodes could be involved in.
1692 }
1694 /// Computes the symbolic difference between two de-composed GEPs.
1695 ///
1696 /// Dest and Src are the variable indices from two decomposed GetElementPtr
1697 /// instructions GEP1 and GEP2 which have common base pointers.
1709 // Find V in Dest. This is N^2, but pointer indices almost never have more
1710 // than a few variable indexes.
1716 // If we found it, subtract off Scale V's from the entry in Dest. If it
1717 // goes to zero, remove the entry.
1725 }
1727 // If we didn't consume this entry, add it to the end of the Dest list.
1732 }
1733 }
1734 }
1753 // We'll strip off the Extensions of Var0 and Var1 and do another round
1754 // of GetLinearExpression decomposition. In the example above, if Var0
1755 // is zext(%x + 1) we should get V1 == %x and V1Offset == 1.
1757 LinearExpression E0 =
1759 LinearExpression E1 =
1766 // We have a hit - Var0 and Var1 only differ by a constant offset!
1768 // If we've been sext'ed then zext'd the maximum difference between Var0 and
1769 // Var1 is possible to calculate, but we're just interested in the absolute
1770 // minimum difference between the two. The minimum distance may occur due to
1771 // wrapping; consider "add i3 %i, 5": if %i == 7 then 7 + 5 mod 8 == 4, and so
1772 // the minimum distance between %i and %i + 5 is 3.
1775 APInt MinDiffBytes =
1778 // We can't definitely say whether GEP1 is before or after V2 due to wrapping
1779 // arithmetic (i.e. for some values of GEP1 and V2 GEP1 < V2, and for other
1780 // values GEP1 > V2). We'll therefore only declare NoAlias if both V1Size and
1781 // V2Size can fit in the MinDiffBytes gap.
1784 }
1786 //===----------------------------------------------------------------------===//
1787 // BasicAliasAnalysis Pass
1788 //===----------------------------------------------------------------------===//
1798 }
1802 }
1819 }
1833 }
1841 }
1848 }