void GraphBuilder::visitLoadInst(LoadInst &LI) {
//
// Create a DSNode for the pointer dereferenced by the load. If the DSNode
// is NULL, do nothing more (this can occur if the load is loading from a
// NULL pointer constant (bugpoint can generate such code).
//
DSNodeHandle Ptr = getValueDest(LI.getPointerOperand());
if (Ptr.isNull()) return; // Load from null
// Make that the node is read from...
Ptr.getNode()->setReadMarker();
// Ensure a typerecord exists...
Ptr.getNode()->growSizeForType(LI.getType(), Ptr.getOffset());
if (isa<PointerType>(LI.getType()))
setDestTo(LI, getLink(Ptr));
// check that it is the inserted value
if(TypeInferenceOptimize)
if(LI.hasOneUse())
if(StoreInst *SI = dyn_cast<StoreInst>(*(LI.use_begin())))
if(SI->getOperand(0) == &LI) {
++NumIgnoredInst;
return;
}
Ptr.getNode()->mergeTypeInfo(LI.getType(), Ptr.getOffset());
}
void GraphBuilder::visitAtomicCmpXchgInst(AtomicCmpXchgInst &I) {
if (isa<PointerType>(I.getType())) {
visitInstruction (I);
return;
}
//
// Create a DSNode for the dereferenced pointer . If the DSNode is NULL, do
// nothing more (this can occur if the pointer is a NULL constant; bugpoint
// can generate such code).
//
DSNodeHandle Ptr = getValueDest(I.getPointerOperand());
if (Ptr.isNull()) return;
//
// Make that the memory object is read and written.
//
Ptr.getNode()->setReadMarker();
Ptr.getNode()->setModifiedMarker();
//
// If the result of the compare-and-swap is a pointer, then we need to do
// a few things:
// o Merge the compare and swap values (which are pointers) with the result
// o Merge the DSNode of the pointer *within* the memory object with the
// DSNode of the compare, swap, and result DSNode.
//
if (isa<PointerType>(I.getType())) {
//
// Get the DSNodeHandle of the memory object returned from the load. Make
// it the DSNodeHandle of the instruction's result.
//
DSNodeHandle FieldPtr = getLink (Ptr);
setDestTo(I, getLink(Ptr));
//
// Merge the result, compare, and swap values of the instruction.
//
FieldPtr.mergeWith (getValueDest (I.getCompareOperand()));
FieldPtr.mergeWith (getValueDest (I.getNewValOperand()));
}
//
// Modify the DSNode so that it has the loaded/written type at the
// appropriate offset.
//
Ptr.getNode()->growSizeForType(I.getType(), Ptr.getOffset());
Ptr.getNode()->mergeTypeInfo(I.getType(), Ptr.getOffset());
return;
}
void GraphBuilder::mergeInGlobalInitializer(GlobalVariable *GV) {
// Ensure that the global variable is not external
assert(!GV->isDeclaration() && "Cannot merge in external global!");
//
// Get a node handle to the global node and merge the initializer into it.
//
DSNodeHandle NH = getValueDest(GV);
//
// Ensure that the DSNode is large enough to hold the new constant that we'll
// be adding to it.
//
Type * ElementType = GV->getType()->getElementType();
while(ArrayType *ATy = dyn_cast<ArrayType>(ElementType)) {
ElementType = ATy->getElementType();
}
if(!NH.getNode()->isNodeCompletelyFolded()) {
unsigned requiredSize = TD.getTypeAllocSize(ElementType) + NH.getOffset();
if (NH.getNode()->getSize() < requiredSize){
NH.getNode()->growSize (requiredSize);
}
}
//
// Do the actual merging in of the constant initializer.
//
MergeConstantInitIntoNode(NH, GV->getType()->getElementType(), GV->getInitializer());
}
bool DSGraphStats::isNodeForValueUntyped(Value *V, unsigned Offset, const Function *F) {
DSNodeHandle NH = getNodeHandleForValue(V);
if(!NH.getNode()){
return true;
}
else {
DSNode *N = NH.getNode();
if (N->isNodeCompletelyFolded()){
++NumFoldedAccess;
return true;
}
if ( N->isExternalNode()){
++NumExternalAccesses;
return true;
}
if ( N->isIncompleteNode()){
++NumIncompleteAccesses;
return true;
}
if (N->isUnknownNode()){
++NumUnknownAccesses;
return true;
}
if (N->isIntToPtrNode()){
++NumI2PAccesses;
return true;
}
// it is a complete node, now check how many types are present
int count = 0;
unsigned offset = NH.getOffset() + Offset;
if (N->type_begin() != N->type_end())
for (DSNode::TyMapTy::const_iterator ii = N->type_begin(),
ee = N->type_end(); ii != ee; ++ii) {
if(ii->first != offset)
continue;
count += ii->second->size();
}
if (count ==0)
++NumTypeCount0Accesses;
else if(count == 1)
++NumTypeCount1Accesses;
else if(count == 2)
++NumTypeCount2Accesses;
else if(count == 3)
++NumTypeCount3Accesses;
else
++NumTypeCount4Accesses;
DEBUG(assert(TS->isTypeSafe(V,F)));
}
return false;
}
void GraphBuilder::visitAtomicRMWInst(AtomicRMWInst &I) {
//
// Create a DSNode for the dereferenced pointer . If the DSNode is NULL, do
// nothing more (this can occur if the pointer is a NULL constant; bugpoint
// can generate such code).
//
DSNodeHandle Ptr = getValueDest(I.getPointerOperand());
if (Ptr.isNull()) return;
//
// Make that the memory object is read and written.
//
Ptr.getNode()->setReadMarker();
Ptr.getNode()->setModifiedMarker();
//
// Modify the DSNode so that it has the loaded/written type at the
// appropriate offset.
//
Ptr.getNode()->growSizeForType(I.getType(), Ptr.getOffset());
Ptr.getNode()->mergeTypeInfo(I.getType(), Ptr.getOffset());
return;
}
void GraphBuilder::visitStoreInst(StoreInst &SI) {
Type *StoredTy = SI.getOperand(0)->getType();
DSNodeHandle Dest = getValueDest(SI.getOperand(1));
if (Dest.isNull()) return;
// Mark that the node is written to...
Dest.getNode()->setModifiedMarker();
// Ensure a type-record exists...
Dest.getNode()->growSizeForType(StoredTy, Dest.getOffset());
// Avoid adding edges from null, or processing non-"pointer" stores
if (isa<PointerType>(StoredTy))
Dest.addEdgeTo(getValueDest(SI.getOperand(0)));
if(TypeInferenceOptimize)
if(SI.getOperand(0)->hasOneUse())
if(isa<LoadInst>(SI.getOperand(0))){
++NumIgnoredInst;
return;
}
Dest.getNode()->mergeTypeInfo(StoredTy, Dest.getOffset());
}
void GraphBuilder::visitVAArgInst(VAArgInst &I) {
Module *M = FB->getParent();
Triple TargetTriple(M->getTargetTriple());
Triple::ArchType Arch = TargetTriple.getArch();
switch(Arch) {
case Triple::x86_64: {
// On x86_64, we have va_list as a struct {i32, i32, i8*, i8* }
// The first i8* is where arguments generally go, but the second i8* can
// be used also to pass arguments by register.
// We model this by having both the i8*'s point to an array of pointers
// to the arguments.
DSNodeHandle Ptr = G.getVANodeFor(*FB);
DSNodeHandle Dest = getValueDest(&I);
if (Ptr.isNull()) return;
// Make that the node is read and written
Ptr.getNode()->setReadMarker()->setModifiedMarker();
// Not updating type info, as it is already a collapsed node
if (isa<PointerType>(I.getType()))
Dest.mergeWith(Ptr);
return;
}
default: {
assert(0 && "What frontend generates this?");
DSNodeHandle Ptr = getValueDest(I.getOperand(0));
//FIXME: also updates the argument
if (Ptr.isNull()) return;
// Make that the node is read and written
Ptr.getNode()->setReadMarker()->setModifiedMarker();
// Ensure a type record exists.
DSNode *PtrN = Ptr.getNode();
PtrN->mergeTypeInfo(I.getType(), Ptr.getOffset());
if (isa<PointerType>(I.getType()))
setDestTo(I, getLink(Ptr));
}
}
}
template<class dsa> bool
TypeSafety<dsa>::isFieldDisjoint (const Value * V, const Function * F) {
//
// Get the DSNode for the specified value.
//
DSNodeHandle DH = getDSNodeHandle (V, F);
DSNode *node = DH.getNode();
unsigned offset = DH.getOffset();
DEBUG(errs() << " check fields overlap at: " << offset << "\n");
//
// If there is no DSNode, claim that it is not type safe.
//
if (DH.isNull()) {
return false;
}
//
// If the DSNode is completely folded, then we know for sure that it is not
// type-safe.
//
if (node->isNodeCompletelyFolded())
return false;
//
// If the memory object represented by this DSNode can be manipulated by
// external code or DSA has otherwise not finished analyzing all operations
// on it, declare it type-unsafe.
//
if (node->isExternalNode() || node->isIncompleteNode())
return false;
//
// If the pointer to the memory object came from some source not understood
// by DSA or somehow came from/escapes to the realm of integers, declare it
// type-unsafe.
//
if (node->isUnknownNode() || node->isIntToPtrNode() || node->isPtrToIntNode()) {
return false;
}
return !((NodeInfo[node])[offset]);
}
void GraphBuilder::visitGetElementPtrInst(User &GEP) {
//
// Ensure that the indexed pointer has a DSNode.
//
DSNodeHandle Value = getValueDest(GEP.getOperand(0));
if (Value.isNull())
Value = createNode();
//
// There are a few quick and easy cases to handle. If the DSNode of the
// indexed pointer is already folded, then we know that the result of the
// GEP will have the same offset into the same DSNode
// as the indexed pointer.
//
if (!Value.isNull() &&
Value.getNode()->isNodeCompletelyFolded()) {
setDestTo(GEP, Value);
return;
}
//
// Okay, no easy way out. Calculate the offset into the object being
// indexed.
//
int Offset = 0;
// FIXME: I am not sure if the code below is completely correct (especially
// if we start doing fancy analysis on non-constant array indices).
// What if the array is indexed using a larger index than its declared
// size? Does the LLVM verifier catch such issues?
//
//
// Determine the offset (in bytes) between the result of the GEP and the
// GEP's pointer operand.
//
// Note: All of these subscripts are indexing INTO the elements we have...
//
// FIXME: We can do better for array indexing. First, if the array index is
// constant, we can determine how much farther we're moving the
// pointer. Second, we can try to use the results of other analysis
// passes (e.g., ScalarEvolution) to find min/max values to do less
// conservative type-folding.
//
for (gep_type_iterator I = gep_type_begin(GEP), E = gep_type_end(GEP);
I != E; ++I)
if (StructType *STy = dyn_cast<StructType>(*I)) {
// indexing into a structure
// next index must be a constant
const ConstantInt* CUI = cast<ConstantInt>(I.getOperand());
int FieldNo = CUI->getSExtValue();
// increment the offset by the actual byte offset being accessed
unsigned requiredSize = TD.getTypeAllocSize(STy) + Value.getOffset() + Offset;
if(!Value.getNode()->isArrayNode() || Value.getNode()->getSize() <= 0){
if (requiredSize > Value.getNode()->getSize())
Value.getNode()->growSize(requiredSize);
}
Offset += (unsigned)TD.getStructLayout(STy)->getElementOffset(FieldNo);
if(TypeInferenceOptimize) {
if(ArrayType* AT = dyn_cast<ArrayType>(STy->getTypeAtIndex(FieldNo))) {
Value.getNode()->mergeTypeInfo(AT, Value.getOffset() + Offset);
if((++I) == E) {
break;
}
// Check if we are still indexing into an array.
// We only record the topmost array type of any nested array.
// Keep skipping indexes till we reach a non-array type.
// J is the type of the next index.
// Uncomment the line below to get all the nested types.
gep_type_iterator J = I;
while(isa<ArrayType>(*(++J))) {
// Value.getNode()->mergeTypeInfo(AT1, Value.getOffset() + Offset);
if((++I) == E) {
break;
}
J = I;
}
if((I) == E) {
break;
}
}
}
} else if(ArrayType *ATy = dyn_cast<ArrayType>(*I)) {
// indexing into an array.
Value.getNode()->setArrayMarker();
Type *CurTy = ATy->getElementType();
if(!isa<ArrayType>(CurTy) &&
Value.getNode()->getSize() <= 0) {
Value.getNode()->growSize(TD.getTypeAllocSize(CurTy));
} else if(isa<ArrayType>(CurTy) && Value.getNode()->getSize() <= 0){
Type *ETy = (cast<ArrayType>(CurTy))->getElementType();
while(isa<ArrayType>(ETy)) {
ETy = (cast<ArrayType>(ETy))->getElementType();
}
Value.getNode()->growSize(TD.getTypeAllocSize(ETy));
}
// Find if the DSNode belongs to the array
// If not fold.
if((Value.getOffset() || Offset != 0)
|| (!isa<ArrayType>(CurTy)
&& (Value.getNode()->getSize() != TD.getTypeAllocSize(CurTy)))) {
Value.getNode()->foldNodeCompletely();
Value.getNode();
Offset = 0;
break;
}
} else if (const PointerType *PtrTy = dyn_cast<PointerType>(*I)) {
Type *CurTy = PtrTy->getElementType();
//
// Unless we're advancing the pointer by zero bytes via array indexing,
// fold the node (i.e., mark it type-unknown) and indicate that we're
// indexing zero bytes into the object.
//
// Note that we break out of the loop if we fold the node. Once
// something is folded, all values within it are considered to alias.
//
if (!isa<Constant>(I.getOperand()) ||
!cast<Constant>(I.getOperand())->isNullValue()) {
Value.getNode()->setArrayMarker();
if(!isa<ArrayType>(CurTy) && Value.getNode()->getSize() <= 0){
Value.getNode()->growSize(TD.getTypeAllocSize(CurTy));
} else if(isa<ArrayType>(CurTy) && Value.getNode()->getSize() <= 0){
Type *ETy = (cast<ArrayType>(CurTy))->getElementType();
while(isa<ArrayType>(ETy)) {
ETy = (cast<ArrayType>(ETy))->getElementType();
}
Value.getNode()->growSize(TD.getTypeAllocSize(ETy));
}
if(Value.getOffset() || Offset != 0
|| (!isa<ArrayType>(CurTy)
&& (Value.getNode()->getSize() != TD.getTypeAllocSize(CurTy)))) {
Value.getNode()->foldNodeCompletely();
Value.getNode();
Offset = 0;
break;
}
}
}
// Add in the offset calculated...
Value.setOffset(Value.getOffset()+Offset);
// Check the offset
DSNode *N = Value.getNode();
if (N) N->checkOffsetFoldIfNeeded(Value.getOffset());
// Value is now the pointer we want to GEP to be...
setDestTo(GEP, Value);
}
//
// Function: MergeConstantInitIntoNode()
//
// Description:
// Merge the specified constant into the specified DSNode.
//
void
GraphBuilder::MergeConstantInitIntoNode(DSNodeHandle &NH,
Type* Ty,
Constant *C) {
//
// Ensure a type-record exists...
//
DSNode *NHN = NH.getNode();
//NHN->mergeTypeInfo(Ty, NH.getOffset());
//
// If we've found something of pointer type, create or find its DSNode and
// make a link from the specified DSNode to the new DSNode describing the
// pointer we've just found.
//
if (isa<PointerType>(Ty)) {
NHN->mergeTypeInfo(Ty, NH.getOffset());
NH.addEdgeTo(getValueDest(C));
return;
}
//
// If the type of the object (array element, structure field, etc.) is an
// integer or floating point type, then just ignore it. It has no DSNode.
//
if (Ty->isIntOrIntVectorTy() || Ty->isFPOrFPVectorTy()) return;
//
// Handle aggregate constants.
//
if (ConstantArray *CA = dyn_cast<ConstantArray>(C)) {
//
// For an array, we don't worry about different elements pointing to
// different objects; we essentially pretend that all array elements alias.
//
Type * ElementType = cast<ArrayType>(Ty)->getElementType();
for (unsigned i = 0, e = CA->getNumOperands(); i != e; ++i) {
Constant * ConstElement = cast<Constant>(CA->getOperand(i));
MergeConstantInitIntoNode(NH, ElementType, ConstElement);
}
} else if (ConstantStruct *CS = dyn_cast<ConstantStruct>(C)) {
//
// For a structure, we need to merge each element of the constant structure
// into the specified DSNode. However, we must also handle structures that
// end with a zero-length array ([0 x sbyte]); this is a common C idiom
// that continues to plague the world.
//
//NHN->mergeTypeInfo(Ty, NH.getOffset());
const StructLayout *SL = TD.getStructLayout(cast<StructType>(Ty));
for (unsigned i = 0, e = CS->getNumOperands(); i != e; ++i) {
DSNode *NHN = NH.getNode();
if (SL->getElementOffset(i) < SL->getSizeInBytes()) {
//
// Get the type and constant value of this particular element of the
// constant structure.
//
Type * ElementType = cast<StructType>(Ty)->getElementType(i);
Constant * ConstElement = cast<Constant>(CS->getOperand(i));
//
// Get the offset (in bytes) into the memory object that we're
// analyzing.
//
unsigned offset = NH.getOffset()+(unsigned)SL->getElementOffset(i);
NHN->mergeTypeInfo(ElementType, offset);
//
// Create a new DSNodeHandle. This DSNodeHandle will point to the same
// DSNode as the one we're constructing for our caller; however, it
// will point into a different offset into that DSNode.
//
DSNodeHandle NewNH (NHN, offset);
assert ((NHN->isNodeCompletelyFolded() || (NewNH.getOffset() == offset))
&& "Need to resize DSNode!");
//
// Recursively merge in this element of the constant struture into the
// DSNode.
//
MergeConstantInitIntoNode(NewNH, ElementType, ConstElement);
} else if (SL->getElementOffset(i) == SL->getSizeInBytes()) {
//
// If this is one of those cute structures that ends with a zero-length
// array, just fold the DSNode now and get it over with.
//
DEBUG(errs() << "Zero size element at end of struct\n" );
NHN->foldNodeCompletely();
} else {
assert(0 && "type was smaller than offsets of struct layout indicate");
}
}
} else if (isa<ConstantAggregateZero>(C) || isa<UndefValue>(C)) {
//
// Undefined values and NULL pointers have no DSNodes, so they do nothing.
//
} else {
assert(0 && "Unknown constant type!");
}
}