1 //===- BasicAliasAnalysis.cpp - Stateless Alias Analysis Impl -------------===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This file defines the primary stateless implementation of the
11 // Alias Analysis interface that implements identities (two different
12 // globals cannot alias, etc), but does no stateful analysis.
13 //
14 //===----------------------------------------------------------------------===//
15
16 #include "llvm/Analysis/AliasAnalysis.h"
17 #include "llvm/Analysis/Passes.h"
18 #include "llvm/Constants.h"
19 #include "llvm/DerivedTypes.h"
20 #include "llvm/Function.h"
21 #include "llvm/GlobalAlias.h"
22 #include "llvm/GlobalVariable.h"
23 #include "llvm/Instructions.h"
24 #include "llvm/IntrinsicInst.h"
25 #include "llvm/LLVMContext.h"
26 #include "llvm/Operator.h"
27 #include "llvm/Pass.h"
28 #include "llvm/Analysis/CaptureTracking.h"
29 #include "llvm/Analysis/MemoryBuiltins.h"
30 #include "llvm/Analysis/InstructionSimplify.h"
31 #include "llvm/Analysis/ValueTracking.h"
32 #include "llvm/Target/TargetData.h"
33 #include "llvm/Target/TargetLibraryInfo.h"
34 #include "llvm/ADT/SmallPtrSet.h"
35 #include "llvm/ADT/SmallVector.h"
36 #include "llvm/Support/ErrorHandling.h"
37 #include "llvm/Support/GetElementPtrTypeIterator.h"
38 #include <algorithm>
39 using namespace llvm;
40
41 //===----------------------------------------------------------------------===//
42 // Useful predicates
43 //===----------------------------------------------------------------------===//
44
45 /// isNonEscapingLocalObject - Return true if the pointer is to a function-local
46 /// object that never escapes from the function.
isNonEscapingLocalObject(const Value * V)47 static bool isNonEscapingLocalObject(const Value *V) {
48 // If this is a local allocation, check to see if it escapes.
49 if (isa<AllocaInst>(V) || isNoAliasCall(V))
50 // Set StoreCaptures to True so that we can assume in our callers that the
51 // pointer is not the result of a load instruction. Currently
52 // PointerMayBeCaptured doesn't have any special analysis for the
53 // StoreCaptures=false case; if it did, our callers could be refined to be
54 // more precise.
55 return !PointerMayBeCaptured(V, false, /*StoreCaptures=*/true);
56
57 // If this is an argument that corresponds to a byval or noalias argument,
58 // then it has not escaped before entering the function. Check if it escapes
59 // inside the function.
60 if (const Argument *A = dyn_cast<Argument>(V))
61 if (A->hasByValAttr() || A->hasNoAliasAttr()) {
62 // Don't bother analyzing arguments already known not to escape.
63 if (A->hasNoCaptureAttr())
64 return true;
65 return !PointerMayBeCaptured(V, false, /*StoreCaptures=*/true);
66 }
67 return false;
68 }
69
70 /// isEscapeSource - Return true if the pointer is one which would have
71 /// been considered an escape by isNonEscapingLocalObject.
isEscapeSource(const Value * V)72 static bool isEscapeSource(const Value *V) {
73 if (isa<CallInst>(V) || isa<InvokeInst>(V) || isa<Argument>(V))
74 return true;
75
76 // The load case works because isNonEscapingLocalObject considers all
77 // stores to be escapes (it passes true for the StoreCaptures argument
78 // to PointerMayBeCaptured).
79 if (isa<LoadInst>(V))
80 return true;
81
82 return false;
83 }
84
85 /// getObjectSize - Return the size of the object specified by V, or
86 /// UnknownSize if unknown.
getObjectSize(const Value * V,const TargetData & TD,bool RoundToAlign=false)87 static uint64_t getObjectSize(const Value *V, const TargetData &TD,
88 bool RoundToAlign = false) {
89 Type *AccessTy;
90 unsigned Align;
91 if (const GlobalVariable *GV = dyn_cast<GlobalVariable>(V)) {
92 if (!GV->hasDefinitiveInitializer())
93 return AliasAnalysis::UnknownSize;
94 AccessTy = GV->getType()->getElementType();
95 Align = GV->getAlignment();
96 } else if (const AllocaInst *AI = dyn_cast<AllocaInst>(V)) {
97 if (!AI->isArrayAllocation())
98 AccessTy = AI->getType()->getElementType();
99 else
100 return AliasAnalysis::UnknownSize;
101 Align = AI->getAlignment();
102 } else if (const CallInst* CI = extractMallocCall(V)) {
103 if (!RoundToAlign && !isArrayMalloc(V, &TD))
104 // The size is the argument to the malloc call.
105 if (const ConstantInt* C = dyn_cast<ConstantInt>(CI->getArgOperand(0)))
106 return C->getZExtValue();
107 return AliasAnalysis::UnknownSize;
108 } else if (const Argument *A = dyn_cast<Argument>(V)) {
109 if (A->hasByValAttr()) {
110 AccessTy = cast<PointerType>(A->getType())->getElementType();
111 Align = A->getParamAlignment();
112 } else {
113 return AliasAnalysis::UnknownSize;
114 }
115 } else {
116 return AliasAnalysis::UnknownSize;
117 }
118
119 if (!AccessTy->isSized())
120 return AliasAnalysis::UnknownSize;
121
122 uint64_t Size = TD.getTypeAllocSize(AccessTy);
123 // If there is an explicitly specified alignment, and we need to
124 // take alignment into account, round up the size. (If the alignment
125 // is implicit, getTypeAllocSize is sufficient.)
126 if (RoundToAlign && Align)
127 Size = RoundUpToAlignment(Size, Align);
128
129 return Size;
130 }
131
132 /// isObjectSmallerThan - Return true if we can prove that the object specified
133 /// by V is smaller than Size.
isObjectSmallerThan(const Value * V,uint64_t Size,const TargetData & TD)134 static bool isObjectSmallerThan(const Value *V, uint64_t Size,
135 const TargetData &TD) {
136 // This function needs to use the aligned object size because we allow
137 // reads a bit past the end given sufficient alignment.
138 uint64_t ObjectSize = getObjectSize(V, TD, /*RoundToAlign*/true);
139
140 return ObjectSize != AliasAnalysis::UnknownSize && ObjectSize < Size;
141 }
142
143 /// isObjectSize - Return true if we can prove that the object specified
144 /// by V has size Size.
isObjectSize(const Value * V,uint64_t Size,const TargetData & TD)145 static bool isObjectSize(const Value *V, uint64_t Size,
146 const TargetData &TD) {
147 uint64_t ObjectSize = getObjectSize(V, TD);
148 return ObjectSize != AliasAnalysis::UnknownSize && ObjectSize == Size;
149 }
150
151 //===----------------------------------------------------------------------===//
152 // GetElementPtr Instruction Decomposition and Analysis
153 //===----------------------------------------------------------------------===//
154
155 namespace {
156 enum ExtensionKind {
157 EK_NotExtended,
158 EK_SignExt,
159 EK_ZeroExt
160 };
161
162 struct VariableGEPIndex {
163 const Value *V;
164 ExtensionKind Extension;
165 int64_t Scale;
166 };
167 }
168
169
170 /// GetLinearExpression - Analyze the specified value as a linear expression:
171 /// "A*V + B", where A and B are constant integers. Return the scale and offset
172 /// values as APInts and return V as a Value*, and return whether we looked
173 /// through any sign or zero extends. The incoming Value is known to have
174 /// IntegerType and it may already be sign or zero extended.
175 ///
176 /// Note that this looks through extends, so the high bits may not be
177 /// represented in the result.
GetLinearExpression(Value * V,APInt & Scale,APInt & Offset,ExtensionKind & Extension,const TargetData & TD,unsigned Depth)178 static Value *GetLinearExpression(Value *V, APInt &Scale, APInt &Offset,
179 ExtensionKind &Extension,
180 const TargetData &TD, unsigned Depth) {
181 assert(V->getType()->isIntegerTy() && "Not an integer value");
182
183 // Limit our recursion depth.
184 if (Depth == 6) {
185 Scale = 1;
186 Offset = 0;
187 return V;
188 }
189
190 if (BinaryOperator *BOp = dyn_cast<BinaryOperator>(V)) {
191 if (ConstantInt *RHSC = dyn_cast<ConstantInt>(BOp->getOperand(1))) {
192 switch (BOp->getOpcode()) {
193 default: break;
194 case Instruction::Or:
195 // X|C == X+C if all the bits in C are unset in X. Otherwise we can't
196 // analyze it.
197 if (!MaskedValueIsZero(BOp->getOperand(0), RHSC->getValue(), &TD))
198 break;
199 // FALL THROUGH.
200 case Instruction::Add:
201 V = GetLinearExpression(BOp->getOperand(0), Scale, Offset, Extension,
202 TD, Depth+1);
203 Offset += RHSC->getValue();
204 return V;
205 case Instruction::Mul:
206 V = GetLinearExpression(BOp->getOperand(0), Scale, Offset, Extension,
207 TD, Depth+1);
208 Offset *= RHSC->getValue();
209 Scale *= RHSC->getValue();
210 return V;
211 case Instruction::Shl:
212 V = GetLinearExpression(BOp->getOperand(0), Scale, Offset, Extension,
213 TD, Depth+1);
214 Offset <<= RHSC->getValue().getLimitedValue();
215 Scale <<= RHSC->getValue().getLimitedValue();
216 return V;
217 }
218 }
219 }
220
221 // Since GEP indices are sign extended anyway, we don't care about the high
222 // bits of a sign or zero extended value - just scales and offsets. The
223 // extensions have to be consistent though.
224 if ((isa<SExtInst>(V) && Extension != EK_ZeroExt) ||
225 (isa<ZExtInst>(V) && Extension != EK_SignExt)) {
226 Value *CastOp = cast<CastInst>(V)->getOperand(0);
227 unsigned OldWidth = Scale.getBitWidth();
228 unsigned SmallWidth = CastOp->getType()->getPrimitiveSizeInBits();
229 Scale = Scale.trunc(SmallWidth);
230 Offset = Offset.trunc(SmallWidth);
231 Extension = isa<SExtInst>(V) ? EK_SignExt : EK_ZeroExt;
232
233 Value *Result = GetLinearExpression(CastOp, Scale, Offset, Extension,
234 TD, Depth+1);
235 Scale = Scale.zext(OldWidth);
236 Offset = Offset.zext(OldWidth);
237
238 return Result;
239 }
240
241 Scale = 1;
242 Offset = 0;
243 return V;
244 }
245
246 /// DecomposeGEPExpression - If V is a symbolic pointer expression, decompose it
247 /// into a base pointer with a constant offset and a number of scaled symbolic
248 /// offsets.
249 ///
250 /// The scaled symbolic offsets (represented by pairs of a Value* and a scale in
251 /// the VarIndices vector) are Value*'s that are known to be scaled by the
252 /// specified amount, but which may have other unrepresented high bits. As such,
253 /// the gep cannot necessarily be reconstructed from its decomposed form.
254 ///
255 /// When TargetData is around, this function is capable of analyzing everything
256 /// that GetUnderlyingObject can look through. When not, it just looks
257 /// through pointer casts.
258 ///
259 static const Value *
DecomposeGEPExpression(const Value * V,int64_t & BaseOffs,SmallVectorImpl<VariableGEPIndex> & VarIndices,const TargetData * TD)260 DecomposeGEPExpression(const Value *V, int64_t &BaseOffs,
261 SmallVectorImpl<VariableGEPIndex> &VarIndices,
262 const TargetData *TD) {
263 // Limit recursion depth to limit compile time in crazy cases.
264 unsigned MaxLookup = 6;
265
266 BaseOffs = 0;
267 do {
268 // See if this is a bitcast or GEP.
269 const Operator *Op = dyn_cast<Operator>(V);
270 if (Op == 0) {
271 // The only non-operator case we can handle are GlobalAliases.
272 if (const GlobalAlias *GA = dyn_cast<GlobalAlias>(V)) {
273 if (!GA->mayBeOverridden()) {
274 V = GA->getAliasee();
275 continue;
276 }
277 }
278 return V;
279 }
280
281 if (Op->getOpcode() == Instruction::BitCast) {
282 V = Op->getOperand(0);
283 continue;
284 }
285
286 const GEPOperator *GEPOp = dyn_cast<GEPOperator>(Op);
287 if (GEPOp == 0) {
288 // If it's not a GEP, hand it off to SimplifyInstruction to see if it
289 // can come up with something. This matches what GetUnderlyingObject does.
290 if (const Instruction *I = dyn_cast<Instruction>(V))
291 // TODO: Get a DominatorTree and use it here.
292 if (const Value *Simplified =
293 SimplifyInstruction(const_cast<Instruction *>(I), TD)) {
294 V = Simplified;
295 continue;
296 }
297
298 return V;
299 }
300
301 // Don't attempt to analyze GEPs over unsized objects.
302 if (!cast<PointerType>(GEPOp->getOperand(0)->getType())
303 ->getElementType()->isSized())
304 return V;
305
306 // If we are lacking TargetData information, we can't compute the offets of
307 // elements computed by GEPs. However, we can handle bitcast equivalent
308 // GEPs.
309 if (TD == 0) {
310 if (!GEPOp->hasAllZeroIndices())
311 return V;
312 V = GEPOp->getOperand(0);
313 continue;
314 }
315
316 // Walk the indices of the GEP, accumulating them into BaseOff/VarIndices.
317 gep_type_iterator GTI = gep_type_begin(GEPOp);
318 for (User::const_op_iterator I = GEPOp->op_begin()+1,
319 E = GEPOp->op_end(); I != E; ++I) {
320 Value *Index = *I;
321 // Compute the (potentially symbolic) offset in bytes for this index.
322 if (StructType *STy = dyn_cast<StructType>(*GTI++)) {
323 // For a struct, add the member offset.
324 unsigned FieldNo = cast<ConstantInt>(Index)->getZExtValue();
325 if (FieldNo == 0) continue;
326
327 BaseOffs += TD->getStructLayout(STy)->getElementOffset(FieldNo);
328 continue;
329 }
330
331 // For an array/pointer, add the element offset, explicitly scaled.
332 if (ConstantInt *CIdx = dyn_cast<ConstantInt>(Index)) {
333 if (CIdx->isZero()) continue;
334 BaseOffs += TD->getTypeAllocSize(*GTI)*CIdx->getSExtValue();
335 continue;
336 }
337
338 uint64_t Scale = TD->getTypeAllocSize(*GTI);
339 ExtensionKind Extension = EK_NotExtended;
340
341 // If the integer type is smaller than the pointer size, it is implicitly
342 // sign extended to pointer size.
343 unsigned Width = cast<IntegerType>(Index->getType())->getBitWidth();
344 if (TD->getPointerSizeInBits() > Width)
345 Extension = EK_SignExt;
346
347 // Use GetLinearExpression to decompose the index into a C1*V+C2 form.
348 APInt IndexScale(Width, 0), IndexOffset(Width, 0);
349 Index = GetLinearExpression(Index, IndexScale, IndexOffset, Extension,
350 *TD, 0);
351
352 // The GEP index scale ("Scale") scales C1*V+C2, yielding (C1*V+C2)*Scale.
353 // This gives us an aggregate computation of (C1*Scale)*V + C2*Scale.
354 BaseOffs += IndexOffset.getSExtValue()*Scale;
355 Scale *= IndexScale.getSExtValue();
356
357
358 // If we already had an occurrence of this index variable, merge this
359 // scale into it. For example, we want to handle:
360 // A[x][x] -> x*16 + x*4 -> x*20
361 // This also ensures that 'x' only appears in the index list once.
362 for (unsigned i = 0, e = VarIndices.size(); i != e; ++i) {
363 if (VarIndices[i].V == Index &&
364 VarIndices[i].Extension == Extension) {
365 Scale += VarIndices[i].Scale;
366 VarIndices.erase(VarIndices.begin()+i);
367 break;
368 }
369 }
370
371 // Make sure that we have a scale that makes sense for this target's
372 // pointer size.
373 if (unsigned ShiftBits = 64-TD->getPointerSizeInBits()) {
374 Scale <<= ShiftBits;
375 Scale = (int64_t)Scale >> ShiftBits;
376 }
377
378 if (Scale) {
379 VariableGEPIndex Entry = {Index, Extension,
380 static_cast<int64_t>(Scale)};
381 VarIndices.push_back(Entry);
382 }
383 }
384
385 // Analyze the base pointer next.
386 V = GEPOp->getOperand(0);
387 } while (--MaxLookup);
388
389 // If the chain of expressions is too deep, just return early.
390 return V;
391 }
392
393 /// GetIndexDifference - Dest and Src are the variable indices from two
394 /// decomposed GetElementPtr instructions GEP1 and GEP2 which have common base
395 /// pointers. Subtract the GEP2 indices from GEP1 to find the symbolic
396 /// difference between the two pointers.
GetIndexDifference(SmallVectorImpl<VariableGEPIndex> & Dest,const SmallVectorImpl<VariableGEPIndex> & Src)397 static void GetIndexDifference(SmallVectorImpl<VariableGEPIndex> &Dest,
398 const SmallVectorImpl<VariableGEPIndex> &Src) {
399 if (Src.empty()) return;
400
401 for (unsigned i = 0, e = Src.size(); i != e; ++i) {
402 const Value *V = Src[i].V;
403 ExtensionKind Extension = Src[i].Extension;
404 int64_t Scale = Src[i].Scale;
405
406 // Find V in Dest. This is N^2, but pointer indices almost never have more
407 // than a few variable indexes.
408 for (unsigned j = 0, e = Dest.size(); j != e; ++j) {
409 if (Dest[j].V != V || Dest[j].Extension != Extension) continue;
410
411 // If we found it, subtract off Scale V's from the entry in Dest. If it
412 // goes to zero, remove the entry.
413 if (Dest[j].Scale != Scale)
414 Dest[j].Scale -= Scale;
415 else
416 Dest.erase(Dest.begin()+j);
417 Scale = 0;
418 break;
419 }
420
421 // If we didn't consume this entry, add it to the end of the Dest list.
422 if (Scale) {
423 VariableGEPIndex Entry = { V, Extension, -Scale };
424 Dest.push_back(Entry);
425 }
426 }
427 }
428
429 //===----------------------------------------------------------------------===//
430 // BasicAliasAnalysis Pass
431 //===----------------------------------------------------------------------===//
432
433 #ifndef NDEBUG
getParent(const Value * V)434 static const Function *getParent(const Value *V) {
435 if (const Instruction *inst = dyn_cast<Instruction>(V))
436 return inst->getParent()->getParent();
437
438 if (const Argument *arg = dyn_cast<Argument>(V))
439 return arg->getParent();
440
441 return NULL;
442 }
443
notDifferentParent(const Value * O1,const Value * O2)444 static bool notDifferentParent(const Value *O1, const Value *O2) {
445
446 const Function *F1 = getParent(O1);
447 const Function *F2 = getParent(O2);
448
449 return !F1 || !F2 || F1 == F2;
450 }
451 #endif
452
453 namespace {
454 /// BasicAliasAnalysis - This is the primary alias analysis implementation.
455 struct BasicAliasAnalysis : public ImmutablePass, public AliasAnalysis {
456 static char ID; // Class identification, replacement for typeinfo
BasicAliasAnalysis__anonab4d09d90211::BasicAliasAnalysis457 BasicAliasAnalysis() : ImmutablePass(ID),
458 // AliasCache rarely has more than 1 or 2 elements,
459 // so start it off fairly small so that clear()
460 // doesn't have to tromp through 64 (the default)
461 // elements on each alias query. This really wants
462 // something like a SmallDenseMap.
463 AliasCache(8) {
464 initializeBasicAliasAnalysisPass(*PassRegistry::getPassRegistry());
465 }
466
initializePass__anonab4d09d90211::BasicAliasAnalysis467 virtual void initializePass() {
468 InitializeAliasAnalysis(this);
469 }
470
getAnalysisUsage__anonab4d09d90211::BasicAliasAnalysis471 virtual void getAnalysisUsage(AnalysisUsage &AU) const {
472 AU.addRequired<AliasAnalysis>();
473 AU.addRequired<TargetLibraryInfo>();
474 }
475
alias__anonab4d09d90211::BasicAliasAnalysis476 virtual AliasResult alias(const Location &LocA,
477 const Location &LocB) {
478 assert(AliasCache.empty() && "AliasCache must be cleared after use!");
479 assert(notDifferentParent(LocA.Ptr, LocB.Ptr) &&
480 "BasicAliasAnalysis doesn't support interprocedural queries.");
481 AliasResult Alias = aliasCheck(LocA.Ptr, LocA.Size, LocA.TBAATag,
482 LocB.Ptr, LocB.Size, LocB.TBAATag);
483 AliasCache.clear();
484 return Alias;
485 }
486
487 virtual ModRefResult getModRefInfo(ImmutableCallSite CS,
488 const Location &Loc);
489
getModRefInfo__anonab4d09d90211::BasicAliasAnalysis490 virtual ModRefResult getModRefInfo(ImmutableCallSite CS1,
491 ImmutableCallSite CS2) {
492 // The AliasAnalysis base class has some smarts, lets use them.
493 return AliasAnalysis::getModRefInfo(CS1, CS2);
494 }
495
496 /// pointsToConstantMemory - Chase pointers until we find a (constant
497 /// global) or not.
498 virtual bool pointsToConstantMemory(const Location &Loc, bool OrLocal);
499
500 /// getModRefBehavior - Return the behavior when calling the given
501 /// call site.
502 virtual ModRefBehavior getModRefBehavior(ImmutableCallSite CS);
503
504 /// getModRefBehavior - Return the behavior when calling the given function.
505 /// For use when the call site is not known.
506 virtual ModRefBehavior getModRefBehavior(const Function *F);
507
508 /// getAdjustedAnalysisPointer - This method is used when a pass implements
509 /// an analysis interface through multiple inheritance. If needed, it
510 /// should override this to adjust the this pointer as needed for the
511 /// specified pass info.
getAdjustedAnalysisPointer__anonab4d09d90211::BasicAliasAnalysis512 virtual void *getAdjustedAnalysisPointer(const void *ID) {
513 if (ID == &AliasAnalysis::ID)
514 return (AliasAnalysis*)this;
515 return this;
516 }
517
518 private:
519 // AliasCache - Track alias queries to guard against recursion.
520 typedef std::pair<Location, Location> LocPair;
521 typedef DenseMap<LocPair, AliasResult> AliasCacheTy;
522 AliasCacheTy AliasCache;
523
524 // Visited - Track instructions visited by pointsToConstantMemory.
525 SmallPtrSet<const Value*, 16> Visited;
526
527 // aliasGEP - Provide a bunch of ad-hoc rules to disambiguate a GEP
528 // instruction against another.
529 AliasResult aliasGEP(const GEPOperator *V1, uint64_t V1Size,
530 const Value *V2, uint64_t V2Size,
531 const MDNode *V2TBAAInfo,
532 const Value *UnderlyingV1, const Value *UnderlyingV2);
533
534 // aliasPHI - Provide a bunch of ad-hoc rules to disambiguate a PHI
535 // instruction against another.
536 AliasResult aliasPHI(const PHINode *PN, uint64_t PNSize,
537 const MDNode *PNTBAAInfo,
538 const Value *V2, uint64_t V2Size,
539 const MDNode *V2TBAAInfo);
540
541 /// aliasSelect - Disambiguate a Select instruction against another value.
542 AliasResult aliasSelect(const SelectInst *SI, uint64_t SISize,
543 const MDNode *SITBAAInfo,
544 const Value *V2, uint64_t V2Size,
545 const MDNode *V2TBAAInfo);
546
547 AliasResult aliasCheck(const Value *V1, uint64_t V1Size,
548 const MDNode *V1TBAATag,
549 const Value *V2, uint64_t V2Size,
550 const MDNode *V2TBAATag);
551 };
552 } // End of anonymous namespace
553
554 // Register this pass...
555 char BasicAliasAnalysis::ID = 0;
556 INITIALIZE_AG_PASS_BEGIN(BasicAliasAnalysis, AliasAnalysis, "basicaa",
557 "Basic Alias Analysis (stateless AA impl)",
558 false, true, false)
INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfo)559 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfo)
560 INITIALIZE_AG_PASS_END(BasicAliasAnalysis, AliasAnalysis, "basicaa",
561 "Basic Alias Analysis (stateless AA impl)",
562 false, true, false)
563
564
565 ImmutablePass *llvm::createBasicAliasAnalysisPass() {
566 return new BasicAliasAnalysis();
567 }
568
569 /// pointsToConstantMemory - Returns whether the given pointer value
570 /// points to memory that is local to the function, with global constants being
571 /// considered local to all functions.
572 bool
pointsToConstantMemory(const Location & Loc,bool OrLocal)573 BasicAliasAnalysis::pointsToConstantMemory(const Location &Loc, bool OrLocal) {
574 assert(Visited.empty() && "Visited must be cleared after use!");
575
576 unsigned MaxLookup = 8;
577 SmallVector<const Value *, 16> Worklist;
578 Worklist.push_back(Loc.Ptr);
579 do {
580 const Value *V = GetUnderlyingObject(Worklist.pop_back_val(), TD);
581 if (!Visited.insert(V)) {
582 Visited.clear();
583 return AliasAnalysis::pointsToConstantMemory(Loc, OrLocal);
584 }
585
586 // An alloca instruction defines local memory.
587 if (OrLocal && isa<AllocaInst>(V))
588 continue;
589
590 // A global constant counts as local memory for our purposes.
591 if (const GlobalVariable *GV = dyn_cast<GlobalVariable>(V)) {
592 // Note: this doesn't require GV to be "ODR" because it isn't legal for a
593 // global to be marked constant in some modules and non-constant in
594 // others. GV may even be a declaration, not a definition.
595 if (!GV->isConstant()) {
596 Visited.clear();
597 return AliasAnalysis::pointsToConstantMemory(Loc, OrLocal);
598 }
599 continue;
600 }
601
602 // If both select values point to local memory, then so does the select.
603 if (const SelectInst *SI = dyn_cast<SelectInst>(V)) {
604 Worklist.push_back(SI->getTrueValue());
605 Worklist.push_back(SI->getFalseValue());
606 continue;
607 }
608
609 // If all values incoming to a phi node point to local memory, then so does
610 // the phi.
611 if (const PHINode *PN = dyn_cast<PHINode>(V)) {
612 // Don't bother inspecting phi nodes with many operands.
613 if (PN->getNumIncomingValues() > MaxLookup) {
614 Visited.clear();
615 return AliasAnalysis::pointsToConstantMemory(Loc, OrLocal);
616 }
617 for (unsigned i = 0, e = PN->getNumIncomingValues(); i != e; ++i)
618 Worklist.push_back(PN->getIncomingValue(i));
619 continue;
620 }
621
622 // Otherwise be conservative.
623 Visited.clear();
624 return AliasAnalysis::pointsToConstantMemory(Loc, OrLocal);
625
626 } while (!Worklist.empty() && --MaxLookup);
627
628 Visited.clear();
629 return Worklist.empty();
630 }
631
632 /// getModRefBehavior - Return the behavior when calling the given call site.
633 AliasAnalysis::ModRefBehavior
getModRefBehavior(ImmutableCallSite CS)634 BasicAliasAnalysis::getModRefBehavior(ImmutableCallSite CS) {
635 if (CS.doesNotAccessMemory())
636 // Can't do better than this.
637 return DoesNotAccessMemory;
638
639 ModRefBehavior Min = UnknownModRefBehavior;
640
641 // If the callsite knows it only reads memory, don't return worse
642 // than that.
643 if (CS.onlyReadsMemory())
644 Min = OnlyReadsMemory;
645
646 // The AliasAnalysis base class has some smarts, lets use them.
647 return ModRefBehavior(AliasAnalysis::getModRefBehavior(CS) & Min);
648 }
649
650 /// getModRefBehavior - Return the behavior when calling the given function.
651 /// For use when the call site is not known.
652 AliasAnalysis::ModRefBehavior
getModRefBehavior(const Function * F)653 BasicAliasAnalysis::getModRefBehavior(const Function *F) {
654 // If the function declares it doesn't access memory, we can't do better.
655 if (F->doesNotAccessMemory())
656 return DoesNotAccessMemory;
657
658 // For intrinsics, we can check the table.
659 if (unsigned iid = F->getIntrinsicID()) {
660 #define GET_INTRINSIC_MODREF_BEHAVIOR
661 #include "llvm/Intrinsics.gen"
662 #undef GET_INTRINSIC_MODREF_BEHAVIOR
663 }
664
665 ModRefBehavior Min = UnknownModRefBehavior;
666
667 // If the function declares it only reads memory, go with that.
668 if (F->onlyReadsMemory())
669 Min = OnlyReadsMemory;
670
671 // Otherwise be conservative.
672 return ModRefBehavior(AliasAnalysis::getModRefBehavior(F) & Min);
673 }
674
675 /// getModRefInfo - Check to see if the specified callsite can clobber the
676 /// specified memory object. Since we only look at local properties of this
677 /// function, we really can't say much about this query. We do, however, use
678 /// simple "address taken" analysis on local objects.
679 AliasAnalysis::ModRefResult
getModRefInfo(ImmutableCallSite CS,const Location & Loc)680 BasicAliasAnalysis::getModRefInfo(ImmutableCallSite CS,
681 const Location &Loc) {
682 assert(notDifferentParent(CS.getInstruction(), Loc.Ptr) &&
683 "AliasAnalysis query involving multiple functions!");
684
685 const Value *Object = GetUnderlyingObject(Loc.Ptr, TD);
686
687 // If this is a tail call and Loc.Ptr points to a stack location, we know that
688 // the tail call cannot access or modify the local stack.
689 // We cannot exclude byval arguments here; these belong to the caller of
690 // the current function not to the current function, and a tail callee
691 // may reference them.
692 if (isa<AllocaInst>(Object))
693 if (const CallInst *CI = dyn_cast<CallInst>(CS.getInstruction()))
694 if (CI->isTailCall())
695 return NoModRef;
696
697 // If the pointer is to a locally allocated object that does not escape,
698 // then the call can not mod/ref the pointer unless the call takes the pointer
699 // as an argument, and itself doesn't capture it.
700 if (!isa<Constant>(Object) && CS.getInstruction() != Object &&
701 isNonEscapingLocalObject(Object)) {
702 bool PassedAsArg = false;
703 unsigned ArgNo = 0;
704 for (ImmutableCallSite::arg_iterator CI = CS.arg_begin(), CE = CS.arg_end();
705 CI != CE; ++CI, ++ArgNo) {
706 // Only look at the no-capture or byval pointer arguments. If this
707 // pointer were passed to arguments that were neither of these, then it
708 // couldn't be no-capture.
709 if (!(*CI)->getType()->isPointerTy() ||
710 (!CS.doesNotCapture(ArgNo) && !CS.isByValArgument(ArgNo)))
711 continue;
712
713 // If this is a no-capture pointer argument, see if we can tell that it
714 // is impossible to alias the pointer we're checking. If not, we have to
715 // assume that the call could touch the pointer, even though it doesn't
716 // escape.
717 if (!isNoAlias(Location(*CI), Location(Object))) {
718 PassedAsArg = true;
719 break;
720 }
721 }
722
723 if (!PassedAsArg)
724 return NoModRef;
725 }
726
727 const TargetLibraryInfo &TLI = getAnalysis<TargetLibraryInfo>();
728 ModRefResult Min = ModRef;
729
730 // Finally, handle specific knowledge of intrinsics.
731 const IntrinsicInst *II = dyn_cast<IntrinsicInst>(CS.getInstruction());
732 if (II != 0)
733 switch (II->getIntrinsicID()) {
734 default: break;
735 case Intrinsic::memcpy:
736 case Intrinsic::memmove: {
737 uint64_t Len = UnknownSize;
738 if (ConstantInt *LenCI = dyn_cast<ConstantInt>(II->getArgOperand(2)))
739 Len = LenCI->getZExtValue();
740 Value *Dest = II->getArgOperand(0);
741 Value *Src = II->getArgOperand(1);
742 // If it can't overlap the source dest, then it doesn't modref the loc.
743 if (isNoAlias(Location(Dest, Len), Loc)) {
744 if (isNoAlias(Location(Src, Len), Loc))
745 return NoModRef;
746 // If it can't overlap the dest, then worst case it reads the loc.
747 Min = Ref;
748 } else if (isNoAlias(Location(Src, Len), Loc)) {
749 // If it can't overlap the source, then worst case it mutates the loc.
750 Min = Mod;
751 }
752 break;
753 }
754 case Intrinsic::memset:
755 // Since memset is 'accesses arguments' only, the AliasAnalysis base class
756 // will handle it for the variable length case.
757 if (ConstantInt *LenCI = dyn_cast<ConstantInt>(II->getArgOperand(2))) {
758 uint64_t Len = LenCI->getZExtValue();
759 Value *Dest = II->getArgOperand(0);
760 if (isNoAlias(Location(Dest, Len), Loc))
761 return NoModRef;
762 }
763 // We know that memset doesn't load anything.
764 Min = Mod;
765 break;
766 case Intrinsic::lifetime_start:
767 case Intrinsic::lifetime_end:
768 case Intrinsic::invariant_start: {
769 uint64_t PtrSize =
770 cast<ConstantInt>(II->getArgOperand(0))->getZExtValue();
771 if (isNoAlias(Location(II->getArgOperand(1),
772 PtrSize,
773 II->getMetadata(LLVMContext::MD_tbaa)),
774 Loc))
775 return NoModRef;
776 break;
777 }
778 case Intrinsic::invariant_end: {
779 uint64_t PtrSize =
780 cast<ConstantInt>(II->getArgOperand(1))->getZExtValue();
781 if (isNoAlias(Location(II->getArgOperand(2),
782 PtrSize,
783 II->getMetadata(LLVMContext::MD_tbaa)),
784 Loc))
785 return NoModRef;
786 break;
787 }
788 case Intrinsic::arm_neon_vld1: {
789 // LLVM's vld1 and vst1 intrinsics currently only support a single
790 // vector register.
791 uint64_t Size =
792 TD ? TD->getTypeStoreSize(II->getType()) : UnknownSize;
793 if (isNoAlias(Location(II->getArgOperand(0), Size,
794 II->getMetadata(LLVMContext::MD_tbaa)),
795 Loc))
796 return NoModRef;
797 break;
798 }
799 case Intrinsic::arm_neon_vst1: {
800 uint64_t Size =
801 TD ? TD->getTypeStoreSize(II->getArgOperand(1)->getType()) : UnknownSize;
802 if (isNoAlias(Location(II->getArgOperand(0), Size,
803 II->getMetadata(LLVMContext::MD_tbaa)),
804 Loc))
805 return NoModRef;
806 break;
807 }
808 }
809
810 // We can bound the aliasing properties of memset_pattern16 just as we can
811 // for memcpy/memset. This is particularly important because the
812 // LoopIdiomRecognizer likes to turn loops into calls to memset_pattern16
813 // whenever possible.
814 else if (TLI.has(LibFunc::memset_pattern16) &&
815 CS.getCalledFunction() &&
816 CS.getCalledFunction()->getName() == "memset_pattern16") {
817 const Function *MS = CS.getCalledFunction();
818 FunctionType *MemsetType = MS->getFunctionType();
819 if (!MemsetType->isVarArg() && MemsetType->getNumParams() == 3 &&
820 isa<PointerType>(MemsetType->getParamType(0)) &&
821 isa<PointerType>(MemsetType->getParamType(1)) &&
822 isa<IntegerType>(MemsetType->getParamType(2))) {
823 uint64_t Len = UnknownSize;
824 if (const ConstantInt *LenCI = dyn_cast<ConstantInt>(CS.getArgument(2)))
825 Len = LenCI->getZExtValue();
826 const Value *Dest = CS.getArgument(0);
827 const Value *Src = CS.getArgument(1);
828 // If it can't overlap the source dest, then it doesn't modref the loc.
829 if (isNoAlias(Location(Dest, Len), Loc)) {
830 // Always reads 16 bytes of the source.
831 if (isNoAlias(Location(Src, 16), Loc))
832 return NoModRef;
833 // If it can't overlap the dest, then worst case it reads the loc.
834 Min = Ref;
835 // Always reads 16 bytes of the source.
836 } else if (isNoAlias(Location(Src, 16), Loc)) {
837 // If it can't overlap the source, then worst case it mutates the loc.
838 Min = Mod;
839 }
840 }
841 }
842
843 // The AliasAnalysis base class has some smarts, lets use them.
844 return ModRefResult(AliasAnalysis::getModRefInfo(CS, Loc) & Min);
845 }
846
847 /// aliasGEP - Provide a bunch of ad-hoc rules to disambiguate a GEP instruction
848 /// against another pointer. We know that V1 is a GEP, but we don't know
849 /// anything about V2. UnderlyingV1 is GetUnderlyingObject(GEP1, TD),
850 /// UnderlyingV2 is the same for V2.
851 ///
852 AliasAnalysis::AliasResult
aliasGEP(const GEPOperator * GEP1,uint64_t V1Size,const Value * V2,uint64_t V2Size,const MDNode * V2TBAAInfo,const Value * UnderlyingV1,const Value * UnderlyingV2)853 BasicAliasAnalysis::aliasGEP(const GEPOperator *GEP1, uint64_t V1Size,
854 const Value *V2, uint64_t V2Size,
855 const MDNode *V2TBAAInfo,
856 const Value *UnderlyingV1,
857 const Value *UnderlyingV2) {
858 int64_t GEP1BaseOffset;
859 SmallVector<VariableGEPIndex, 4> GEP1VariableIndices;
860
861 // If we have two gep instructions with must-alias'ing base pointers, figure
862 // out if the indexes to the GEP tell us anything about the derived pointer.
863 if (const GEPOperator *GEP2 = dyn_cast<GEPOperator>(V2)) {
864 // Do the base pointers alias?
865 AliasResult BaseAlias = aliasCheck(UnderlyingV1, UnknownSize, 0,
866 UnderlyingV2, UnknownSize, 0);
867
868 // If we get a No or May, then return it immediately, no amount of analysis
869 // will improve this situation.
870 if (BaseAlias != MustAlias) return BaseAlias;
871
872 // Otherwise, we have a MustAlias. Since the base pointers alias each other
873 // exactly, see if the computed offset from the common pointer tells us
874 // about the relation of the resulting pointer.
875 const Value *GEP1BasePtr =
876 DecomposeGEPExpression(GEP1, GEP1BaseOffset, GEP1VariableIndices, TD);
877
878 int64_t GEP2BaseOffset;
879 SmallVector<VariableGEPIndex, 4> GEP2VariableIndices;
880 const Value *GEP2BasePtr =
881 DecomposeGEPExpression(GEP2, GEP2BaseOffset, GEP2VariableIndices, TD);
882
883 // If DecomposeGEPExpression isn't able to look all the way through the
884 // addressing operation, we must not have TD and this is too complex for us
885 // to handle without it.
886 if (GEP1BasePtr != UnderlyingV1 || GEP2BasePtr != UnderlyingV2) {
887 assert(TD == 0 &&
888 "DecomposeGEPExpression and GetUnderlyingObject disagree!");
889 return MayAlias;
890 }
891
892 // Subtract the GEP2 pointer from the GEP1 pointer to find out their
893 // symbolic difference.
894 GEP1BaseOffset -= GEP2BaseOffset;
895 GetIndexDifference(GEP1VariableIndices, GEP2VariableIndices);
896
897 } else {
898 // Check to see if these two pointers are related by the getelementptr
899 // instruction. If one pointer is a GEP with a non-zero index of the other
900 // pointer, we know they cannot alias.
901
902 // If both accesses are unknown size, we can't do anything useful here.
903 if (V1Size == UnknownSize && V2Size == UnknownSize)
904 return MayAlias;
905
906 AliasResult R = aliasCheck(UnderlyingV1, UnknownSize, 0,
907 V2, V2Size, V2TBAAInfo);
908 if (R != MustAlias)
909 // If V2 may alias GEP base pointer, conservatively returns MayAlias.
910 // If V2 is known not to alias GEP base pointer, then the two values
911 // cannot alias per GEP semantics: "A pointer value formed from a
912 // getelementptr instruction is associated with the addresses associated
913 // with the first operand of the getelementptr".
914 return R;
915
916 const Value *GEP1BasePtr =
917 DecomposeGEPExpression(GEP1, GEP1BaseOffset, GEP1VariableIndices, TD);
918
919 // If DecomposeGEPExpression isn't able to look all the way through the
920 // addressing operation, we must not have TD and this is too complex for us
921 // to handle without it.
922 if (GEP1BasePtr != UnderlyingV1) {
923 assert(TD == 0 &&
924 "DecomposeGEPExpression and GetUnderlyingObject disagree!");
925 return MayAlias;
926 }
927 }
928
929 // In the two GEP Case, if there is no difference in the offsets of the
930 // computed pointers, the resultant pointers are a must alias. This
931 // hapens when we have two lexically identical GEP's (for example).
932 //
933 // In the other case, if we have getelementptr <ptr>, 0, 0, 0, 0, ... and V2
934 // must aliases the GEP, the end result is a must alias also.
935 if (GEP1BaseOffset == 0 && GEP1VariableIndices.empty())
936 return MustAlias;
937
938 // If there is a constant difference between the pointers, but the difference
939 // is less than the size of the associated memory object, then we know
940 // that the objects are partially overlapping. If the difference is
941 // greater, we know they do not overlap.
942 if (GEP1BaseOffset != 0 && GEP1VariableIndices.empty()) {
943 if (GEP1BaseOffset >= 0) {
944 if (V2Size != UnknownSize) {
945 if ((uint64_t)GEP1BaseOffset < V2Size)
946 return PartialAlias;
947 return NoAlias;
948 }
949 } else {
950 if (V1Size != UnknownSize) {
951 if (-(uint64_t)GEP1BaseOffset < V1Size)
952 return PartialAlias;
953 return NoAlias;
954 }
955 }
956 }
957
958 // Try to distinguish something like &A[i][1] against &A[42][0].
959 // Grab the least significant bit set in any of the scales.
960 if (!GEP1VariableIndices.empty()) {
961 uint64_t Modulo = 0;
962 for (unsigned i = 0, e = GEP1VariableIndices.size(); i != e; ++i)
963 Modulo |= (uint64_t)GEP1VariableIndices[i].Scale;
964 Modulo = Modulo ^ (Modulo & (Modulo - 1));
965
966 // We can compute the difference between the two addresses
967 // mod Modulo. Check whether that difference guarantees that the
968 // two locations do not alias.
969 uint64_t ModOffset = (uint64_t)GEP1BaseOffset & (Modulo - 1);
970 if (V1Size != UnknownSize && V2Size != UnknownSize &&
971 ModOffset >= V2Size && V1Size <= Modulo - ModOffset)
972 return NoAlias;
973 }
974
975 // Statically, we can see that the base objects are the same, but the
976 // pointers have dynamic offsets which we can't resolve. And none of our
977 // little tricks above worked.
978 //
979 // TODO: Returning PartialAlias instead of MayAlias is a mild hack; the
980 // practical effect of this is protecting TBAA in the case of dynamic
981 // indices into arrays of unions or malloc'd memory.
982 return PartialAlias;
983 }
984
985 static AliasAnalysis::AliasResult
MergeAliasResults(AliasAnalysis::AliasResult A,AliasAnalysis::AliasResult B)986 MergeAliasResults(AliasAnalysis::AliasResult A, AliasAnalysis::AliasResult B) {
987 // If the results agree, take it.
988 if (A == B)
989 return A;
990 // A mix of PartialAlias and MustAlias is PartialAlias.
991 if ((A == AliasAnalysis::PartialAlias && B == AliasAnalysis::MustAlias) ||
992 (B == AliasAnalysis::PartialAlias && A == AliasAnalysis::MustAlias))
993 return AliasAnalysis::PartialAlias;
994 // Otherwise, we don't know anything.
995 return AliasAnalysis::MayAlias;
996 }
997
998 /// aliasSelect - Provide a bunch of ad-hoc rules to disambiguate a Select
999 /// instruction against another.
1000 AliasAnalysis::AliasResult
aliasSelect(const SelectInst * SI,uint64_t SISize,const MDNode * SITBAAInfo,const Value * V2,uint64_t V2Size,const MDNode * V2TBAAInfo)1001 BasicAliasAnalysis::aliasSelect(const SelectInst *SI, uint64_t SISize,
1002 const MDNode *SITBAAInfo,
1003 const Value *V2, uint64_t V2Size,
1004 const MDNode *V2TBAAInfo) {
1005 // If the values are Selects with the same condition, we can do a more precise
1006 // check: just check for aliases between the values on corresponding arms.
1007 if (const SelectInst *SI2 = dyn_cast<SelectInst>(V2))
1008 if (SI->getCondition() == SI2->getCondition()) {
1009 AliasResult Alias =
1010 aliasCheck(SI->getTrueValue(), SISize, SITBAAInfo,
1011 SI2->getTrueValue(), V2Size, V2TBAAInfo);
1012 if (Alias == MayAlias)
1013 return MayAlias;
1014 AliasResult ThisAlias =
1015 aliasCheck(SI->getFalseValue(), SISize, SITBAAInfo,
1016 SI2->getFalseValue(), V2Size, V2TBAAInfo);
1017 return MergeAliasResults(ThisAlias, Alias);
1018 }
1019
1020 // If both arms of the Select node NoAlias or MustAlias V2, then returns
1021 // NoAlias / MustAlias. Otherwise, returns MayAlias.
1022 AliasResult Alias =
1023 aliasCheck(V2, V2Size, V2TBAAInfo, SI->getTrueValue(), SISize, SITBAAInfo);
1024 if (Alias == MayAlias)
1025 return MayAlias;
1026
1027 AliasResult ThisAlias =
1028 aliasCheck(V2, V2Size, V2TBAAInfo, SI->getFalseValue(), SISize, SITBAAInfo);
1029 return MergeAliasResults(ThisAlias, Alias);
1030 }
1031
1032 // aliasPHI - Provide a bunch of ad-hoc rules to disambiguate a PHI instruction
1033 // against another.
1034 AliasAnalysis::AliasResult
aliasPHI(const PHINode * PN,uint64_t PNSize,const MDNode * PNTBAAInfo,const Value * V2,uint64_t V2Size,const MDNode * V2TBAAInfo)1035 BasicAliasAnalysis::aliasPHI(const PHINode *PN, uint64_t PNSize,
1036 const MDNode *PNTBAAInfo,
1037 const Value *V2, uint64_t V2Size,
1038 const MDNode *V2TBAAInfo) {
1039 // If the values are PHIs in the same block, we can do a more precise
1040 // as well as efficient check: just check for aliases between the values
1041 // on corresponding edges.
1042 if (const PHINode *PN2 = dyn_cast<PHINode>(V2))
1043 if (PN2->getParent() == PN->getParent()) {
1044 AliasResult Alias =
1045 aliasCheck(PN->getIncomingValue(0), PNSize, PNTBAAInfo,
1046 PN2->getIncomingValueForBlock(PN->getIncomingBlock(0)),
1047 V2Size, V2TBAAInfo);
1048 if (Alias == MayAlias)
1049 return MayAlias;
1050 for (unsigned i = 1, e = PN->getNumIncomingValues(); i != e; ++i) {
1051 AliasResult ThisAlias =
1052 aliasCheck(PN->getIncomingValue(i), PNSize, PNTBAAInfo,
1053 PN2->getIncomingValueForBlock(PN->getIncomingBlock(i)),
1054 V2Size, V2TBAAInfo);
1055 Alias = MergeAliasResults(ThisAlias, Alias);
1056 if (Alias == MayAlias)
1057 break;
1058 }
1059 return Alias;
1060 }
1061
1062 SmallPtrSet<Value*, 4> UniqueSrc;
1063 SmallVector<Value*, 4> V1Srcs;
1064 for (unsigned i = 0, e = PN->getNumIncomingValues(); i != e; ++i) {
1065 Value *PV1 = PN->getIncomingValue(i);
1066 if (isa<PHINode>(PV1))
1067 // If any of the source itself is a PHI, return MayAlias conservatively
1068 // to avoid compile time explosion. The worst possible case is if both
1069 // sides are PHI nodes. In which case, this is O(m x n) time where 'm'
1070 // and 'n' are the number of PHI sources.
1071 return MayAlias;
1072 if (UniqueSrc.insert(PV1))
1073 V1Srcs.push_back(PV1);
1074 }
1075
1076 AliasResult Alias = aliasCheck(V2, V2Size, V2TBAAInfo,
1077 V1Srcs[0], PNSize, PNTBAAInfo);
1078 // Early exit if the check of the first PHI source against V2 is MayAlias.
1079 // Other results are not possible.
1080 if (Alias == MayAlias)
1081 return MayAlias;
1082
1083 // If all sources of the PHI node NoAlias or MustAlias V2, then returns
1084 // NoAlias / MustAlias. Otherwise, returns MayAlias.
1085 for (unsigned i = 1, e = V1Srcs.size(); i != e; ++i) {
1086 Value *V = V1Srcs[i];
1087
1088 AliasResult ThisAlias = aliasCheck(V2, V2Size, V2TBAAInfo,
1089 V, PNSize, PNTBAAInfo);
1090 Alias = MergeAliasResults(ThisAlias, Alias);
1091 if (Alias == MayAlias)
1092 break;
1093 }
1094
1095 return Alias;
1096 }
1097
1098 // aliasCheck - Provide a bunch of ad-hoc rules to disambiguate in common cases,
1099 // such as array references.
1100 //
1101 AliasAnalysis::AliasResult
aliasCheck(const Value * V1,uint64_t V1Size,const MDNode * V1TBAAInfo,const Value * V2,uint64_t V2Size,const MDNode * V2TBAAInfo)1102 BasicAliasAnalysis::aliasCheck(const Value *V1, uint64_t V1Size,
1103 const MDNode *V1TBAAInfo,
1104 const Value *V2, uint64_t V2Size,
1105 const MDNode *V2TBAAInfo) {
1106 // If either of the memory references is empty, it doesn't matter what the
1107 // pointer values are.
1108 if (V1Size == 0 || V2Size == 0)
1109 return NoAlias;
1110
1111 // Strip off any casts if they exist.
1112 V1 = V1->stripPointerCasts();
1113 V2 = V2->stripPointerCasts();
1114
1115 // Are we checking for alias of the same value?
1116 if (V1 == V2) return MustAlias;
1117
1118 if (!V1->getType()->isPointerTy() || !V2->getType()->isPointerTy())
1119 return NoAlias; // Scalars cannot alias each other
1120
1121 // Figure out what objects these things are pointing to if we can.
1122 const Value *O1 = GetUnderlyingObject(V1, TD);
1123 const Value *O2 = GetUnderlyingObject(V2, TD);
1124
1125 // Null values in the default address space don't point to any object, so they
1126 // don't alias any other pointer.
1127 if (const ConstantPointerNull *CPN = dyn_cast<ConstantPointerNull>(O1))
1128 if (CPN->getType()->getAddressSpace() == 0)
1129 return NoAlias;
1130 if (const ConstantPointerNull *CPN = dyn_cast<ConstantPointerNull>(O2))
1131 if (CPN->getType()->getAddressSpace() == 0)
1132 return NoAlias;
1133
1134 if (O1 != O2) {
1135 // If V1/V2 point to two different objects we know that we have no alias.
1136 if (isIdentifiedObject(O1) && isIdentifiedObject(O2))
1137 return NoAlias;
1138
1139 // Constant pointers can't alias with non-const isIdentifiedObject objects.
1140 if ((isa<Constant>(O1) && isIdentifiedObject(O2) && !isa<Constant>(O2)) ||
1141 (isa<Constant>(O2) && isIdentifiedObject(O1) && !isa<Constant>(O1)))
1142 return NoAlias;
1143
1144 // Arguments can't alias with local allocations or noalias calls
1145 // in the same function.
1146 if (((isa<Argument>(O1) && (isa<AllocaInst>(O2) || isNoAliasCall(O2))) ||
1147 (isa<Argument>(O2) && (isa<AllocaInst>(O1) || isNoAliasCall(O1)))))
1148 return NoAlias;
1149
1150 // Most objects can't alias null.
1151 if ((isa<ConstantPointerNull>(O2) && isKnownNonNull(O1)) ||
1152 (isa<ConstantPointerNull>(O1) && isKnownNonNull(O2)))
1153 return NoAlias;
1154
1155 // If one pointer is the result of a call/invoke or load and the other is a
1156 // non-escaping local object within the same function, then we know the
1157 // object couldn't escape to a point where the call could return it.
1158 //
1159 // Note that if the pointers are in different functions, there are a
1160 // variety of complications. A call with a nocapture argument may still
1161 // temporary store the nocapture argument's value in a temporary memory
1162 // location if that memory location doesn't escape. Or it may pass a
1163 // nocapture value to other functions as long as they don't capture it.
1164 if (isEscapeSource(O1) && isNonEscapingLocalObject(O2))
1165 return NoAlias;
1166 if (isEscapeSource(O2) && isNonEscapingLocalObject(O1))
1167 return NoAlias;
1168 }
1169
1170 // If the size of one access is larger than the entire object on the other
1171 // side, then we know such behavior is undefined and can assume no alias.
1172 if (TD)
1173 if ((V1Size != UnknownSize && isObjectSmallerThan(O2, V1Size, *TD)) ||
1174 (V2Size != UnknownSize && isObjectSmallerThan(O1, V2Size, *TD)))
1175 return NoAlias;
1176
1177 // Check the cache before climbing up use-def chains. This also terminates
1178 // otherwise infinitely recursive queries.
1179 LocPair Locs(Location(V1, V1Size, V1TBAAInfo),
1180 Location(V2, V2Size, V2TBAAInfo));
1181 if (V1 > V2)
1182 std::swap(Locs.first, Locs.second);
1183 std::pair<AliasCacheTy::iterator, bool> Pair =
1184 AliasCache.insert(std::make_pair(Locs, MayAlias));
1185 if (!Pair.second)
1186 return Pair.first->second;
1187
1188 // FIXME: This isn't aggressively handling alias(GEP, PHI) for example: if the
1189 // GEP can't simplify, we don't even look at the PHI cases.
1190 if (!isa<GEPOperator>(V1) && isa<GEPOperator>(V2)) {
1191 std::swap(V1, V2);
1192 std::swap(V1Size, V2Size);
1193 std::swap(O1, O2);
1194 }
1195 if (const GEPOperator *GV1 = dyn_cast<GEPOperator>(V1)) {
1196 AliasResult Result = aliasGEP(GV1, V1Size, V2, V2Size, V2TBAAInfo, O1, O2);
1197 if (Result != MayAlias) return AliasCache[Locs] = Result;
1198 }
1199
1200 if (isa<PHINode>(V2) && !isa<PHINode>(V1)) {
1201 std::swap(V1, V2);
1202 std::swap(V1Size, V2Size);
1203 }
1204 if (const PHINode *PN = dyn_cast<PHINode>(V1)) {
1205 AliasResult Result = aliasPHI(PN, V1Size, V1TBAAInfo,
1206 V2, V2Size, V2TBAAInfo);
1207 if (Result != MayAlias) return AliasCache[Locs] = Result;
1208 }
1209
1210 if (isa<SelectInst>(V2) && !isa<SelectInst>(V1)) {
1211 std::swap(V1, V2);
1212 std::swap(V1Size, V2Size);
1213 }
1214 if (const SelectInst *S1 = dyn_cast<SelectInst>(V1)) {
1215 AliasResult Result = aliasSelect(S1, V1Size, V1TBAAInfo,
1216 V2, V2Size, V2TBAAInfo);
1217 if (Result != MayAlias) return AliasCache[Locs] = Result;
1218 }
1219
1220 // If both pointers are pointing into the same object and one of them
1221 // accesses is accessing the entire object, then the accesses must
1222 // overlap in some way.
1223 if (TD && O1 == O2)
1224 if ((V1Size != UnknownSize && isObjectSize(O1, V1Size, *TD)) ||
1225 (V2Size != UnknownSize && isObjectSize(O2, V2Size, *TD)))
1226 return AliasCache[Locs] = PartialAlias;
1227
1228 AliasResult Result =
1229 AliasAnalysis::alias(Location(V1, V1Size, V1TBAAInfo),
1230 Location(V2, V2Size, V2TBAAInfo));
1231 return AliasCache[Locs] = Result;
1232 }
1233