This is an archive of the discontinued LLVM Phabricator instance.

Differential D20890

[CFLAA] Improving the precision of cfl-aa for inttoptr and ptrtoint
AbandonedPublic

Authored by grievejia on Jun 1 2016, 4:51 PM.

Details

Reviewers
george.burgess.iv
hfinkel
Summary

Previously, pointers obtained from/to inttoptr/ptrtoint are treated like arguments and globals. According to the Pointer Aliasing Rule section in LLVM Language Reference, inttoptr-pointers can only alias with values that it depends on. Therefore, it is ok to be less conservative by handling inttoptr and ptrtoint in the same way as we handle bitcasts.

Diff Detail

Event Timeline

grievejia updated this revision to Diff 59306.Jun 1 2016, 4:51 PM
grievejia retitled this revision from to [CFLAA] Improving the precision of cfl-aa for inttoptr and ptrtoint.
grievejia updated this object.
grievejia added reviewers: george.burgess.iv, hfinkel.
grievejia added a subscriber: llvm-commits.
eli.friedman added a subscriber: eli.friedman.Jun 1 2016, 5:34 PM
eli.friedman added inline comments.
test/Analysis/CFLAliasAnalysis/int_ptr_cast.ll
13

Consider the following testcase:

%q = alloca i64, align 8
%qint = ptrtoint i64* %q to i64
%qint2 = add i64 %n, %qint
%qint2 = sub i64 %n, %qint
%qcast = inttoptr i64 %qint2 to i64*

Suppose the function is then called with p==n. Then %qcast == %p.

Also, it's possible to propagate a dependency through comparison instructions; consider, for example:

void f(unsigned * p, unsigned n) {
  int q;
  int qint = (unsigned )&q;
  while (qint != n) ++qint;
  *(unsigned*)qint = 3; // modifies *p
}
grievejia added inline comments.Jun 2 2016, 7:26 AM
test/Analysis/CFLAliasAnalysis/int_ptr_cast.ll
13

Thank you so much for the comment!

Your first example might unveil a bug in the codes (and another bug in my test). I think the current algorithm cfl-aa uses should be able to handle that, but it didn't.

Your second example basically kills this patch. Control dependency is something that I failed to take into account. I'd like to argue that codes like that is very broken and should be fixed, but since this is permitted by the specification, for now it's not worth the pain to deal with it in any precise way.

george.burgess.iv edited edge metadata.Jun 15 2016, 5:01 PM

If this patch is obsolete, could you abandon it (choose "Abandon Revision" in the Action dropdown), please? :)

grievejia abandoned this revision.Jun 15 2016, 5:06 PM

Revision Contents

PathSize
lib/
Analysis/
10 lines
test/
Analysis/
CFLAliasAnalysis/
31 lines

Diff 59306

lib/Analysis/CFLAliasAnalysis.cpp

Show First 20 LinesShow All 97 Lines▼ Show 20 Linesconst StratifiedIndex StratifiedLink::SetSentinel =
std::numeric_limits<StratifiedIndex>::max(); std::numeric_limits<StratifiedIndex>::max();
namespace { namespace {
/// StratifiedInfo Attribute things. /// StratifiedInfo Attribute things.
typedef unsigned StratifiedAttr; typedef unsigned StratifiedAttr;
LLVM_CONSTEXPR unsigned MaxStratifiedAttrIndex = NumStratifiedAttrs; LLVM_CONSTEXPR unsigned MaxStratifiedAttrIndex = NumStratifiedAttrs;
LLVM_CONSTEXPR unsigned AttrAllIndex = 0; LLVM_CONSTEXPR unsigned AttrAllIndex = 0;
LLVM_CONSTEXPR unsigned AttrGlobalIndex = 1; LLVM_CONSTEXPR unsigned AttrGlobalIndex = 1;
LLVM_CONSTEXPR unsigned AttrUnknownIndex = 2; LLVM_CONSTEXPR unsigned AttrFirstArgIndex = 2;
LLVM_CONSTEXPR unsigned AttrFirstArgIndex = 3;
LLVM_CONSTEXPR unsigned AttrLastArgIndex = MaxStratifiedAttrIndex; LLVM_CONSTEXPR unsigned AttrLastArgIndex = MaxStratifiedAttrIndex;
LLVM_CONSTEXPR unsigned AttrMaxNumArgs = AttrLastArgIndex - AttrFirstArgIndex; LLVM_CONSTEXPR unsigned AttrMaxNumArgs = AttrLastArgIndex - AttrFirstArgIndex;
LLVM_CONSTEXPR StratifiedAttr AttrNone = 0; LLVM_CONSTEXPR StratifiedAttr AttrNone = 0;
LLVM_CONSTEXPR StratifiedAttr AttrUnknown = 1 << AttrUnknownIndex;
LLVM_CONSTEXPR StratifiedAttr AttrAll = ~AttrNone; LLVM_CONSTEXPR StratifiedAttr AttrAll = ~AttrNone;
/// StratifiedSets call for knowledge of "direction", so this is how we /// StratifiedSets call for knowledge of "direction", so this is how we
/// represent that locally. /// represent that locally.
enum class Level { Same, Above, Below }; enum class Level { Same, Above, Below };
/// Edges can be one of four "weights" -- each weight must have an inverse /// Edges can be one of four "weights" -- each weight must have an inverse
/// weight (Assign has Assign; Reference has Dereference). /// weight (Assign has Assign; Reference has Dereference).
▲ Show 20 LinesShow All 49 Lines▼ Show 20 Lines GetEdgesVisitor(CFLAAResult &AA, SmallVectorImpl<Edge> &Output,
: AA(AA), Output(Output), TLI(TLI) {} : AA(AA), Output(Output), TLI(TLI) {}
void visitInstruction(Instruction &) { void visitInstruction(Instruction &) {
llvm_unreachable("Unsupported instruction encountered"); llvm_unreachable("Unsupported instruction encountered");
} }
void visitPtrToIntInst(PtrToIntInst &Inst) { void visitPtrToIntInst(PtrToIntInst &Inst) {
auto *Ptr = Inst.getOperand(0); auto *Ptr = Inst.getOperand(0);
Output.push_back(Edge(Ptr, Ptr, EdgeType::Assign, AttrUnknown)); Output.push_back(Edge(&Inst, Ptr, EdgeType::Assign, AttrNone));
} }
void visitIntToPtrInst(IntToPtrInst &Inst) { void visitIntToPtrInst(IntToPtrInst &Inst) {
auto *Ptr = &Inst; auto *Src = Inst.getOperand(0);
Output.push_back(Edge(Ptr, Ptr, EdgeType::Assign, AttrUnknown)); Output.push_back(Edge(&Inst, Src, EdgeType::Assign, AttrNone));
} }
void visitCastInst(CastInst &Inst) { void visitCastInst(CastInst &Inst) {
Output.push_back( Output.push_back(
Edge(&Inst, Inst.getOperand(0), EdgeType::Assign, AttrNone)); Edge(&Inst, Inst.getOperand(0), EdgeType::Assign, AttrNone));
} }
void visitBinaryOperator(BinaryOperator &Inst) { void visitBinaryOperator(BinaryOperator &Inst) {
▲ Show 20 LinesShow All 944 LinesShow Last 20 Lines

test/Analysis/CFLAliasAnalysis/int_ptr_cast.ll

; This testcase ensures that inttoptr pointer only aliases pointers that it depends on
; RUN: opt < %s -disable-basicaa -cfl-aa -aa-eval -print-all-alias-modref-info -disable-output 2>&1 | FileCheck %s
; RUN: opt < %s -aa-pipeline=cfl-aa -passes=aa-eval -print-all-alias-modref-info -disable-output 2>&1 | FileCheck %s
; CHECK: Function: test_value_dep
; CHECK: NoAlias: i64* %p, i64* %qcast
; CHECK: MayAlias: i64* %q, i64* %qcast
define void @test_value_dep(i64* %p, i64 %n) {
%q = alloca i64, align 8
%qint = ptrtoint i64* %q to i64
%qint2 = add nsw i64 %qint, %n
%qcast = inttoptr i64 %qint2 to i64*
eli.friedmanUnsubmitted
Not Done
ReplyInline Actions

Consider the following testcase:

%q = alloca i64, align 8
%qint = ptrtoint i64* %q to i64
%qint2 = add i64 %n, %qint
%qint2 = sub i64 %n, %qint
%qcast = inttoptr i64 %qint2 to i64*

Suppose the function is then called with p==n. Then %qcast == %p.

Also, it's possible to propagate a dependency through comparison instructions; consider, for example:

void f(unsigned * p, unsigned n) {
  int q;
  int qint = (unsigned )&q;
  while (qint != n) ++qint;
  *(unsigned*)qint = 3; // modifies *p
}
eli.friedman: Consider the following testcase: ``` %q = alloca i64, align 8 %qint = ptrtoint i64* %q to…
grievejiaAuthorUnsubmitted
Not Done
ReplyInline Actions

Thank you so much for the comment!

Your first example might unveil a bug in the codes (and another bug in my test). I think the current algorithm cfl-aa uses should be able to handle that, but it didn't.

Your second example basically kills this patch. Control dependency is something that I failed to take into account. I'd like to argue that codes like that is very broken and should be fixed, but since this is permitted by the specification, for now it's not worth the pain to deal with it in any precise way.

grievejia: Thank you so much for the comment! Your first example might unveil a bug in the codes (and…
ret void
}
; CHECK: Function: test_memory_dep
; CHECK: NoAlias: i64* %p, i64* %qcast
; CHECK: MayAlias: i64* %q, i64* %qcast
; CHECK: NoAlias: i64* %qcast, i64* %r
define void @test_memory_dep(i64* %p) {
%q = alloca i64, align 8
%qint = ptrtoint i64* %q to i64
%r = alloca i64, align 8
store i64 %qint, i64* %r
%qint2 = load i64, i64* %r
%qcast = inttoptr i64 %qint2 to i64*
ret void
}