| blob | 3f44f746eb173ace12ab0f55eb77ac8cea11af2c |
1 //===- TypeBasedAliasAnalysis.cpp - Type-Based Alias Analysis -------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file defines the TypeBasedAliasAnalysis pass, which implements
10 // metadata-based TBAA.
11 //
12 // In LLVM IR, memory does not have types, so LLVM's own type system is not
13 // suitable for doing TBAA. Instead, metadata is added to the IR to describe
14 // a type system of a higher level language. This can be used to implement
15 // typical C/C++ TBAA, but it can also be used to implement custom alias
16 // analysis behavior for other languages.
17 //
18 // We now support two types of metadata format: scalar TBAA and struct-path
19 // aware TBAA. After all testing cases are upgraded to use struct-path aware
20 // TBAA and we can auto-upgrade existing bc files, the support for scalar TBAA
21 // can be dropped.
22 //
23 // The scalar TBAA metadata format is very simple. TBAA MDNodes have up to
24 // three fields, e.g.:
25 // !0 = !{ !"an example type tree" }
26 // !1 = !{ !"int", !0 }
27 // !2 = !{ !"float", !0 }
28 // !3 = !{ !"const float", !2, i64 1 }
29 //
30 // The first field is an identity field. It can be any value, usually
31 // an MDString, which uniquely identifies the type. The most important
32 // name in the tree is the name of the root node. Two trees with
33 // different root node names are entirely disjoint, even if they
34 // have leaves with common names.
35 //
36 // The second field identifies the type's parent node in the tree, or
37 // is null or omitted for a root node. A type is considered to alias
38 // all of its descendants and all of its ancestors in the tree. Also,
39 // a type is considered to alias all types in other trees, so that
40 // bitcode produced from multiple front-ends is handled conservatively.
41 //
42 // If the third field is present, it's an integer which if equal to 1
43 // indicates that the type is "constant" (meaning pointsToConstantMemory
44 // should return true; see
45 // http://llvm.org/docs/AliasAnalysis.html#OtherItfs).
46 //
47 // With struct-path aware TBAA, the MDNodes attached to an instruction using
48 // "!tbaa" are called path tag nodes.
49 //
50 // The path tag node has 4 fields with the last field being optional.
51 //
52 // The first field is the base type node, it can be a struct type node
53 // or a scalar type node. The second field is the access type node, it
54 // must be a scalar type node. The third field is the offset into the base type.
55 // The last field has the same meaning as the last field of our scalar TBAA:
56 // it's an integer which if equal to 1 indicates that the access is "constant".
57 //
58 // The struct type node has a name and a list of pairs, one pair for each member
59 // of the struct. The first element of each pair is a type node (a struct type
60 // node or a scalar type node), specifying the type of the member, the second
61 // element of each pair is the offset of the member.
62 //
63 // Given an example
64 // typedef struct {
65 // short s;
66 // } A;
67 // typedef struct {
68 // uint16_t s;
69 // A a;
70 // } B;
71 //
72 // For an access to B.a.s, we attach !5 (a path tag node) to the load/store
73 // instruction. The base type is !4 (struct B), the access type is !2 (scalar
74 // type short) and the offset is 4.
75 //
76 // !0 = !{!"Simple C/C++ TBAA"}
77 // !1 = !{!"omnipotent char", !0} // Scalar type node
78 // !2 = !{!"short", !1} // Scalar type node
79 // !3 = !{!"A", !2, i64 0} // Struct type node
80 // !4 = !{!"B", !2, i64 0, !3, i64 4}
81 // // Struct type node
82 // !5 = !{!4, !2, i64 4} // Path tag node
83 //
84 // The struct type nodes and the scalar type nodes form a type DAG.
85 // Root (!0)
86 // char (!1) -- edge to Root
87 // short (!2) -- edge to char
88 // A (!3) -- edge with offset 0 to short
89 // B (!4) -- edge with offset 0 to short and edge with offset 4 to A
90 //
91 // To check if two tags (tagX and tagY) can alias, we start from the base type
92 // of tagX, follow the edge with the correct offset in the type DAG and adjust
93 // the offset until we reach the base type of tagY or until we reach the Root
94 // node.
95 // If we reach the base type of tagY, compare the adjusted offset with
96 // offset of tagY, return Alias if the offsets are the same, return NoAlias
97 // otherwise.
98 // If we reach the Root node, perform the above starting from base type of tagY
99 // to see if we reach base type of tagX.
100 //
101 // If they have different roots, they're part of different potentially
102 // unrelated type systems, so we return Alias to be conservative.
103 // If neither node is an ancestor of the other and they have the same root,
104 // then we say NoAlias.
105 //
106 //===----------------------------------------------------------------------===//
123 #include <cassert>
124 #include <cstdint>
128 // A handy option for disabling TBAA functionality. The same effect can also be
129 // achieved by stripping the !tbaa tags from IR, but this option is sometimes
130 // more convenient.
135 /// isNewFormatTypeNode - Return true iff the given type node is in the new
136 /// size-aware format.
140 // In the old format the first operand is a string.
144 }
146 /// This is a simple wrapper around an MDNode which provides a higher-level
147 /// interface by hiding the details of how alias analysis information is encoded
148 /// in its operands.
157 /// getNode - Get the MDNode for this TBAANode.
160 /// isNewFormat - Return true iff the wrapped type node is in the new
161 /// size-aware format.
164 /// getParent - Get this TBAANode's Alias tree parent.
174 // Ok, this node has a valid parent. Return it.
176 }
178 /// Test if this TBAANode represents a type for objects which are
179 /// not modified (by any means) in the context where this
180 /// AliasAnalysis is relevant.
188 }
189 };
191 /// \name Specializations of \c TBAANodeImpl for const and non const qualified
192 /// \c MDNode.
193 /// @{
196 /// @}
198 /// This is a simple wrapper around an MDNode which provides a
199 /// higher-level interface by hiding the details of how alias analysis
200 /// information is encoded in its operands.
203 /// This node should be created with createTBAAAccessTag().
209 /// Get the MDNode for this TBAAStructTagNode.
212 /// isNewFormat - Return true iff the wrapped access tag is in the new
213 /// size-aware format.
221 }
225 }
229 }
233 }
239 }
241 /// Test if this TBAAStructTagNode represents a type for objects
242 /// which are not modified (by any means) in the context where this
243 /// AliasAnalysis is relevant.
252 }
253 };
255 /// \name Specializations of \c TBAAStructTagNodeImpl for const and non const
256 /// qualified \c MDNods.
257 /// @{
260 /// @}
262 /// This is a simple wrapper around an MDNode which provides a
263 /// higher-level interface by hiding the details of how alias analysis
264 /// information is encoded in its operands.
266 /// This node should be created with createTBAATypeNode().
273 /// Get the MDNode for this TBAAStructTypeNode.
276 /// isNewFormat - Return true iff the wrapped type node is in the new
277 /// size-aware format.
282 }
284 /// getId - Return type identifier.
287 }
293 }
301 }
303 /// Get this TBAAStructTypeNode's field in the type DAG with
304 /// given offset. Update the offset to be relative to the field type.
311 // New-format root and scalar type nodes have no fields.
315 // Parent can be omitted for the root node.
319 // Fast path for a scalar type node and a struct type node with a single
320 // field.
331 }
332 }
334 // Assume the offsets are in order. We return the previous field if
335 // the current offset is bigger than the given offset.
349 }
350 }
351 // Move along the last field.
361 }
362 };
366 /// Check the first operand of the tbaa tag node, if it is a MDNode, we treat
367 /// it as struct-path aware TBAA format, otherwise, we treat it as scalar TBAA
368 /// format.
370 // Anonymous TBAA root starts with a MDNode and dragonegg uses it as
371 // a TBAA tag.
373 }
384 // Otherwise return a definitive result.
386 }
398 // If this is an "immutable" type, we can assume the pointer is pointing
399 // to constant memory.
405 }
412 // If this is an "immutable" type, the access is not observable.
419 }
422 // Functions don't have metadata.
424 }
438 }
452 }
461 }
463 }
465 // For struct-path aware TBAA, we use the access type of the tag.
472 }
481 }
496 }
504 }
513 else
517 }
520 }
523 AAMDNodes Result;
529 }
532 AAMDNodes Result;
537 }
540 // If there is no access type or the access type is the root node, then
541 // we don't have any useful access tag to return.
549 // TODO: Take access ranges into account when matching access tags and
550 // fix this code to generate actual access sizes for generic tags.
558 }
562 OffsetNode};
564 }
567 TBAAStructTypeNode FieldType) {
572 }
574 }
576 /// Return true if for two given accesses, one of the accessed objects may be a
577 /// subobject of the other. The \p BaseTag and \p SubobjectTag parameters
578 /// describe the accesses to the base object and the subobject respectively.
579 /// \p CommonType must be the metadata node describing the common type of the
580 /// accessed objects. On return, \p MayAlias is set to true iff these accesses
581 /// may alias and \p Generic, if not null, points to the most generic access
582 /// tag for the given two.
584 TBAAStructTagNode SubobjectTag,
588 // If the base object is of the least common type, then this may be an access
589 // to its subobject.
596 }
598 // If the access to the base object is through a field of the subobject's
599 // type, then this may be an access to that field. To check for that we start
600 // from the base type, follow the edge with the correct offset in the type DAG
601 // and adjust the offset until we reach the field type or until we reach the
602 // access type.
608 // In the old format there is no distinction between fields and parent
609 // types, so in this case we consider all nodes up to the root.
613 }
622 }
624 }
626 // With new-format nodes we stop at the access type.
630 // Follow the edge with the correct offset. Offset will be adjusted to
631 // be relative to the field type.
633 }
635 // If the base object has a direct or indirect field of the subobject's type,
636 // then this may be an access to that field. We need this to check now that
637 // we support aggregates as access types.
639 // TBAAStructTypeNode BaseAccessType(BaseTag.getAccessType());
646 }
647 }
650 }
652 /// matchTags - Return true if the given couple of accesses are allowed to
653 /// overlap. If \arg GenericTag is not null, then on return it points to the
654 /// most generic access descriptor for the given two.
661 }
663 // Accesses with no TBAA information may alias with any other accesses.
668 }
670 // Verify that both input nodes are struct-path aware. Auto-upgrade should
671 // have taken care of this.
679 // If the final access types have different roots, they're part of different
680 // potentially unrelated type systems, so we must be conservative.
685 }
687 // If one of the accessed objects may be a subobject of the other, then such
688 // accesses may alias.
696 // Otherwise, we've proved there's no alias.
700 }
702 /// Aliases - Test whether the access represented by tag A may alias the
703 /// access represented by tag B.
706 }
710 }
716 }
724 }
728 }
733 }
738 }
742 }
745 // Fast path if there's no offset
748 // Fast path if there's no path tbaa node (and thus scalar)
752 // The correct behavior here is to add the offset into the TBAA
753 // struct node offset. The base type, however may not have defined
754 // a type at this additional offset, resulting in errors. Since
755 // this method is only used within a given load/store access
756 // the offset provided is only used to subdivide the previous load
757 // maintaining the validity of the previous TBAA.
758 //
759 // This, however, should be revisited in the future.
761 }
764 // Fast path if there's no offset
772 // Don't include any triples that aren't in bounds
781 }
783 // Shift the offset of the triple
789 }
791 }
794 // Fast path if 0-length
798 // Regular TBAA is invariant of length, so we only need to consider
799 // struct-path TBAA.
805 // Only new format TBAA has a size
809 // If unknown size, drop the TBAA.
813 // Otherwise, create TBAA with the new Len
818 // Don't create a new MDNode if it is the same length.
825 }
835 AccessSize &&
841 }
853 }
858 }