This is an archive of the discontinued LLVM Phabricator instance.

Differential D122573

[TBAA] Emit distinct TBAA tags for pointers with different depths,types.
Needs ReviewPublic

Authored by fhahn on Mar 28 2022, 4:32 AM.

Details

Reviewers
rjmccall
aaron.ballman
scanon
rsmith
hfinkel
efriedma
Summary

This patch extends Clang's TBAA generation code to emit distinct tags
for incompatible pointer types.

Pointers with different element types are incompatible if the pointee
types are also incompatible (modulo sugar/modifiers).

Express this in TBAA by generating different tags for pointers based
on the pointer depth and pointee type. To get the TBAA tag for the
pointee type it uses getTypeInfoHelper on the pointee type.

I'd appreciate a careful review, because this is probably quite easy to
get subtly wrong.

Diff Detail

Unit TestsFailed

TimeTest
10 msx64 debian > Clang-Unit.CodeGen/_/ClangCodeGenTests/TBAAMetadataTest::BasicTypes
80 msx64 debian > Clang.CXX/drs::dr158.cpp
180 msx64 debian > Clang.CodeGenCXX::attr-likelihood-iteration-stmt.cpp
800 msx64 debian > Clang.OpenMP::nvptx_target_parallel_reduction_codegen_tbaa_PR46146.cpp

Event Timeline

fhahn created this revision.Mar 28 2022, 4:32 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 28 2022, 4:32 AM
Herald added subscribers: jeroen.dobbelaere, kosarev. · View Herald Transcript
fhahn requested review of this revision.Mar 28 2022, 4:32 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 28 2022, 4:32 AM
xbolva00 added a reviewer: efriedma.Mar 28 2022, 5:51 AM
rjmccall added a comment.Mar 28 2022, 11:35 AM

Hmm. We know that the big picture here, distinguishing pointers by pointee type, is going to be disruptive and will probably need a specific enabling/disabling option. I'm not sure that distinguishing only by pointer depth is a minor enough step that it shouldn't be treated the same way; in particular, it's going to start treating void * as incompatible with e.g. char **.

efriedma added a comment.Mar 28 2022, 12:15 PM

I'm a little skeptical about making TBAA more aggressive. In most situations, we're probably talking about tiny performance gains, and currently there's no good way to check whether a codebase suffers from type punning issues (either with compile-time analysis or runtime instrumentation). Probably LLVM itself does, but we have no way of knowing.

xbolva00 added a subscriber: xbolva00.EditedMar 29 2022, 1:34 AM

Can you provide some flag?

Or -fstrict-aliasing controls this generation?

Harbormaster completed remote builds in B156527: Diff 418546.Mar 29 2022, 9:02 AM
fhahn added a comment.Mar 29 2022, 9:50 AM
In D122573#3412109, @rjmccall wrote:

Hmm. We know that the big picture here, distinguishing pointers by pointee type, is going to be disruptive and will probably need a specific enabling/disabling option. I'm not sure that distinguishing only by pointer depth is a minor enough step that it shouldn't be treated the same way; in particular, it's going to start treating void * as incompatible with e.g. char **.

@rjmccall do you have any suggestions how to further reduce the initial step?

In D122573#3413445, @xbolva00 wrote:

Can you provide some flag?

It should be controlled by the existing -fno-strict-aliasing flag, but there should probably be a dedicated flag as well to opt in the additional annotations.

In D122573#3412233, @efriedma wrote:

I'm a little skeptical about making TBAA more aggressive. In most situations, we're probably talking about tiny performance gains, and currently there's no good way to check whether a codebase suffers from type punning issues (either with compile-time analysis or runtime instrumentation). Probably LLVM itself does, but we have no way of knowing.

Agreed, strict aliasing violations are already a problem with the current level of TBAA support and we regularly see mis-compiles when new optimizations get enabled due to violations in projects. Improving precision of TBAA annotation is likely to expose more violations But there are cases where the additional guarantees could make a difference and other compiler implementations make use of them, so I think it would be worthwhile to work towards improving TBAA. I think we've also been through other disruptive transitions, like more aggressively adding mustprogress, but those were probably on a somewhat smaller scale.

Maybe we should try improve our tooling to detect violations in parallel to the effort in this patch? I am planning on trying to resurrect the type-sanitizer patches. I've also been playing around with a simple tool that's inserting assertions to check 2 pointers are not equal if TBAA claims they are no alias. The latter seems to surface a few violations in code in llvm-test-suite and also in tablegen. That is even without the current patch applied.

xbolva00 added a comment.Mar 29 2022, 10:07 AM

Maybe we should try improve our tooling to detect violations in parallel to the effort in this patch? I am planning on trying to resurrect the type-sanitizer patches. I've also been playing around with a simple tool that's inserting assertions to check 2 pointers are not equal if TBAA claims they are no alias. The latter seems to surface a few violations in code in llvm-test-suite and also in tablegen. That is even without the current patch applied.

Amazing!

Even your simple tool could be very useful, this functionality could be mapped to something like gcc’s -Wstrict-aliasing.

efriedma added a comment.Mar 29 2022, 10:31 AM

Maybe we should try improve our tooling to detect violations in parallel to the effort in this patch? I am planning on trying to resurrect the type-sanitizer patches. I've also been playing around with a simple tool that's inserting assertions to check 2 pointers are not equal if TBAA claims they are no alias. The latter seems to surface a few violations in code in llvm-test-suite and also in tablegen. That is even without the current patch applied.

I'd be more comfortable if we had tooling, yes. The current state of "only a compiler expert can figure out if your code has undefined behavior" is the most scary part.

rjmccall added a comment.Mar 29 2022, 12:02 PM
In D122573#3414357, @fhahn wrote:
In D122573#3412109, @rjmccall wrote:

Hmm. We know that the big picture here, distinguishing pointers by pointee type, is going to be disruptive and will probably need a specific enabling/disabling option. I'm not sure that distinguishing only by pointer depth is a minor enough step that it shouldn't be treated the same way; in particular, it's going to start treating void * as incompatible with e.g. char **.

@rjmccall do you have any suggestions how to further reduce the initial step?

Well, if you can find a solution to the void* <-> T** problem, that might make it tractable. Or you can introduce a flag to control whether we do this — I guess on some level -fstrict-aliasing ought to be the full language model, so this would mean introducing a -fless-strict-aliasing or something like it.

I agree that better tooling seems necessary.

jcranmer-intel added a subscriber: jcranmer-intel.Mar 29 2022, 2:01 PM

Apologies for the drive-by comment, but I happened to be searching for TBAA reviews after lamenting the current documentation and this popped up.

Agreed, strict aliasing violations are already a problem with the current level of TBAA support and we regularly see mis-compiles when new optimizations get enabled due to violations in projects. Improving precision of TBAA annotation is likely to expose more violations But there are cases where the additional guarantees could make a difference and other compiler implementations make use of them, so I think it would be worthwhile to work towards improving TBAA. I think we've also been through other disruptive transitions, like more aggressively adding mustprogress, but those were probably on a somewhat smaller scale.

Maybe we should try improve our tooling to detect violations in parallel to the effort in this patch? I am planning on trying to resurrect the type-sanitizer patches. I've also been playing around with a simple tool that's inserting assertions to check 2 pointers are not equal if TBAA claims they are no alias. The latter seems to surface a few violations in code in llvm-test-suite and also in tablegen. That is even without the current patch applied.

I think better tooling for TBAA in general is needed, although I'm not sure if this is a "in parallel" or "as a prerequisite step." One of the things I started doing myself is building a DOT output for TBAA metadata so that it's easier to understand the TBAA type tree without having to stare too hard at all of the metadata numbers. I don't want to derail this patch with too much discussion, but since it's slightly relevant here, one more comment:

clang/lib/CodeGen/CodeGenTBAA.cpp
200–203

Seeing this code reminds me that in a few other contexts, it would be useful to have access to the TBAA wrapper helpers in llvm/lib/Analysis/TypeBasedAliasAnalysis.cpp, so it would be worthwhile at some point to start fronting those types into header files to simplify some of the queries, especially in cases where you want to support both old and new TBAA formats. I'd imagine your tbaa-checker tool would also want access to this information as well, for example; I know the helper I started writing wanted it.

maciej-irl added a subscriber: maciej-irl.May 29 2022, 10:46 PM
rui.zhang added a subscriber: rui.zhang.Jun 9 2022, 1:34 PM
rui.zhang removed a subscriber: rui.zhang.
rui.zhang added a subscriber: rui.zhang.
rui.zhang removed a subscriber: rui.zhang.
rui.zhang added a comment.Jun 29 2022, 2:46 PM

Well, if you can find a solution to the void* <-> T** problem, that might make it tractable. Or you can introduce a flag to control whether we do this — I guess on some level -fstrict-aliasing ought to be the full language model, so this would mean introducing a -fless-strict-aliasing or something like it.

Is it helpful if we only track pointers to user defined types so that void * or char * is not in the picture?

rui.zhang added a subscriber: rui.zhang.Jul 5 2022, 10:02 AM
rui.zhang added a comment.Jul 5 2022, 10:11 AM

I like the direction where this change is leading to and hope there is some way to land it incrementally. Since BuiltinType has the above mentioned concern on void *, how about we focus on RecordType pointers as a first step instead? Are there any pitfalls if we distinguish RecordType pointers by depth?

fhahn updated this revision to Diff 469329.Oct 20 2022, 1:11 PM

Rebased on current main

In D122573#3630767, @rui.zhang wrote:

I like the direction where this change is leading to and hope there is some way to land it incrementally. Since BuiltinType has the above mentioned concern on void *, how about we focus on RecordType pointers as a first step instead? Are there any pitfalls if we distinguish RecordType pointers by depth?

An initial restriction like that sounds reasonable to me. @jcranmer-intel @efriedma @rjmccall WDYT?

I also updated the type sanitizer patches and posted https://discourse.llvm.org/t/reviving-typesanitizer-a-sanitizer-to-catch-type-based-aliasing-violations/66092 to discuss ways to move forward with the sanitizer.

Harbormaster completed remote builds in B193306: Diff 469329.Oct 20 2022, 1:46 PM
rui.zhang added subscribers: mcberg2021, craig.topper.Oct 21 2022, 8:50 AM
In D122573#3872138, @fhahn wrote:

Rebased on current main

In D122573#3630767, @rui.zhang wrote:

I like the direction where this change is leading to and hope there is some way to land it incrementally. Since BuiltinType has the above mentioned concern on void *, how about we focus on RecordType pointers as a first step instead? Are there any pitfalls if we distinguish RecordType pointers by depth?

An initial restriction like that sounds reasonable to me. @jcranmer-intel @efriedma @rjmccall WDYT?

I also updated the type sanitizer patches and posted https://discourse.llvm.org/t/reviving-typesanitizer-a-sanitizer-to-catch-type-based-aliasing-violations/66092 to discuss ways to move forward with the sanitizer.

@craig.topper @mcberg2021 FYI

bipmis added a subscriber: bipmis.Feb 14 2023, 3:32 AM

@fhahn We are also observing scenarios where this maybe necessary. A couple of points on where it may be missing

  1. createScalarTypeNode(OutName, AnyPtr, Size) -> This will generate different Base type. However the accessTy being "any pointer" , the check "access to the base object is through a field of the subobject's type" will return alias as we traverse from BaseTag Node until we reach Root or we find a SubobjectTag BaseType. In this case the match would be true on "any pointer". Can this be potentially be thought of as createScalarTypeNode(OutName, getChar(), Size) as a pointer type can edge to char?
  1. The pointer type is restricted to isa<BuiltinType>(Ty). There can be potential scenarios where we may want pointer to struct or class.

I can provide some examples if that would be helpful. Thanks.

Herald added a subscriber: StephenFan. · View Herald TranscriptFeb 14 2023, 3:32 AM
xbolva00 added a comment.Apr 9 2023, 1:40 AM

@fhahn do you plan to continue with this change?

fhahn added a comment.Apr 10 2023, 1:34 PM
In D122573#4125641, @bipmis wrote:

@fhahn We are also observing scenarios where this maybe necessary. A couple of points on where it may be missing

  1. createScalarTypeNode(OutName, AnyPtr, Size) -> This will generate different Base type. However the accessTy being "any pointer" , the check "access to the base object is through a field of the subobject's type" will return alias as we traverse from BaseTag Node until we reach Root or we find a SubobjectTag BaseType. In this case the match would be true on "any pointer". Can this be potentially be thought of as createScalarTypeNode(OutName, getChar(), Size) as a pointer type can edge to char?
  1. The pointer type is restricted to isa<BuiltinType>(Ty). There can be potential scenarios where we may want pointer to struct or class.

I can provide some examples if that would be helpful. Thanks.

Please share examples if you can. The initial implementation is limited in scope intentionally and can be extended later. Staggering the change helps adopters with tracking down mis-compiles.

In D122573#4253837, @xbolva00 wrote:

@fhahn do you plan to continue with this change?

On my side yes, but it is still not clear what checkers need to be in place before strengthening TBAA.

Revision Contents

PathSize
clang/
lib/
CodeGen/
29 lines
test/
CodeGen/
74 lines

Diff 469329

clang/lib/CodeGen/CodeGenTBAA.cpp

Show First 20 LinesShow All 178 Lines▼ Show 20 Linesllvm::MDNode *CodeGenTBAA::getTypeInfoHelper(const Type *Ty) {
// C++1z [basic.lval]p10: "If a program attempts to access the stored value of // C++1z [basic.lval]p10: "If a program attempts to access the stored value of
// an object through a glvalue of other than one of the following types the // an object through a glvalue of other than one of the following types the
// behavior is undefined: [...] a char, unsigned char, or std::byte type." // behavior is undefined: [...] a char, unsigned char, or std::byte type."
if (Ty->isStdByteType()) if (Ty->isStdByteType())
return getChar(); return getChar();
// Handle pointers and references. // Handle pointers and references.
if (Ty->isPointerType() || Ty->isReferenceType()) {
llvm::MDNode *AnyPtr = createScalarTypeNode("any pointer", getChar(), Size);
// Compute the depth of the pointer and generate a tag of the form "p<depth>
// <base type tag>".
unsigned PtrDepth = 0;
do {
PtrDepth++;
Ty = Ty->getPointeeType().getTypePtr();
} while (Ty->isPointerType() || Ty->isReferenceType());
// TODO: Implement C++'s type "similarity" and consider dis-"similar" // TODO: Implement C++'s type "similarity" and consider dis-"similar"
// pointers distinct. // pointers distinct for non-builtin types.
if (Ty->isPointerType() || Ty->isReferenceType()) if (isa<BuiltinType>(Ty)) {
return createScalarTypeNode("any pointer", getChar(), Size); llvm::MDNode *ScalarMD = getTypeInfoHelper(Ty);
StringRef Name =
cast<llvm::MDString>(
ScalarMD->getOperand(CodeGenOpts.NewStructPathTBAA ? 2 : 0))
->getString();
jcranmer-intelUnsubmitted
Not Done
ReplyInline Actions

Seeing this code reminds me that in a few other contexts, it would be useful to have access to the TBAA wrapper helpers in llvm/lib/Analysis/TypeBasedAliasAnalysis.cpp, so it would be worthwhile at some point to start fronting those types into header files to simplify some of the queries, especially in cases where you want to support both old and new TBAA formats. I'd imagine your tbaa-checker tool would also want access to this information as well, for example; I know the helper I started writing wanted it.

jcranmer-intel: Seeing this code reminds me that in a few other contexts, it would be useful to have access to…
SmallString<256> OutName("p");
OutName += std::to_string(PtrDepth);
OutName += " ";
OutName += Name;
return createScalarTypeNode(OutName, AnyPtr, Size);
}
return AnyPtr;
}
// Accesses to arrays are accesses to objects of their element types. // Accesses to arrays are accesses to objects of their element types.
if (CodeGenOpts.NewStructPathTBAA && Ty->isArrayType()) if (CodeGenOpts.NewStructPathTBAA && Ty->isArrayType())
return getTypeInfo(cast<ArrayType>(Ty)->getElementType()); return getTypeInfo(cast<ArrayType>(Ty)->getElementType());
// Enum types are distinct types. In C++ they have "underlying types", // Enum types are distinct types. In C++ they have "underlying types",
// however they aren't related for TBAA. // however they aren't related for TBAA.
if (const EnumType *ETy = dyn_cast<EnumType>(Ty)) { if (const EnumType *ETy = dyn_cast<EnumType>(Ty)) {
▲ Show 20 LinesShow All 302 LinesShow Last 20 Lines

clang/test/CodeGen/tbaa-pointers.c

// RUN: %clang_cc1 -triple x86_64-apple-darwin -O1 -disable-llvm-passes %s -emit-llvm -o - | FileCheck %s // RUN: %clang_cc1 -triple x86_64-apple-darwin -O1 -disable-llvm-passes %s -emit-llvm -o - | FileCheck %s
void p2unsigned(unsigned **ptr) { void p2unsigned(unsigned** ptr) {
// CHECK-LABEL: define void @p2unsigned(ptr noundef %ptr) // CHECK-LABEL: define void @p2unsigned(ptr noundef %ptr)
// CHECK-NEXT: entry: // CHECK-NEXT: entry:
// CHECK-NEXT: %ptr.addr = alloca ptr, align 8 // CHECK-NEXT: %ptr.addr = alloca ptr, align 8
// CHECK-NEXT: store ptr %ptr, ptr %ptr.addr, align 8, !tbaa [[ANY_POINTER_0:!.+]] // CHECK-NEXT: store ptr %ptr, ptr %ptr.addr, align 8, !tbaa [[P2INT_0:!.+]]
// CHECK-NEXT: [[BASE:%.+]] = load ptr, ptr %ptr.addr, align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: [[BASE:%.+]] = load ptr, ptr %ptr.addr, align 8, !tbaa [[P2INT_0]]
// CHECK-NEXT: store ptr null, ptr [[BASE]], align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: store ptr null, ptr [[BASE]], align 8, !tbaa [[P1INT_0:!.+]]
// CHECK-NEXT: ret void // CHECK-NEXT: ret void
// //
*ptr = 0; *ptr = 0;
} }
void p2unsigned_volatile(unsigned *volatile *ptr) { void p2unsigned_volatile(unsigned *volatile *ptr) {
// CHECK-LABEL: define void @p2unsigned_volatile(ptr noundef %ptr) // CHECK-LABEL: define void @p2unsigned_volatile(ptr noundef %ptr)
// CHECK-NEXT: entry: // CHECK-NEXT: entry:
// CHECK-NEXT: %ptr.addr = alloca ptr, align 8 // CHECK-NEXT: %ptr.addr = alloca ptr, align 8
// CHECK-NEXT: store ptr %ptr, ptr %ptr.addr, align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: store ptr %ptr, ptr %ptr.addr, align 8, !tbaa [[P2INT_0]]
// CHECK-NEXT: [[BASE:%.+]] = load ptr, ptr %ptr.addr, align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: [[BASE:%.+]] = load ptr, ptr %ptr.addr, align 8, !tbaa [[P2INT_0]]
// CHECK-NEXT: store volatile ptr null, ptr [[BASE]], align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: store volatile ptr null, ptr [[BASE]], align 8, !tbaa [[P1INT_0]]
// CHECK-NEXT: ret void // CHECK-NEXT: ret void
// //
*ptr = 0; *ptr = 0;
} }
void p3int(int ***ptr) { void p3int(int ***ptr) {
// CHECK-LABEL: define void @p3int(ptr noundef %ptr) // CHECK-LABEL: define void @p3int(ptr noundef %ptr)
// CHECK-NEXT: entry: // CHECK-NEXT: entry:
// CHECK-NEXT: %ptr.addr = alloca ptr, align 8 // CHECK-NEXT: %ptr.addr = alloca ptr, align 8
// CHECK-NEXT: store ptr %ptr, ptr %ptr.addr, align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: store ptr %ptr, ptr %ptr.addr, align 8, !tbaa [[P3INT_0:!.+]]
// CHECK-NEXT: [[BASE_0:%.+]] = load ptr, ptr %ptr.addr, align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: [[BASE_0:%.+]] = load ptr, ptr %ptr.addr, align 8, !tbaa [[P3INT_0]]
// CHECK-NEXT: [[BASE_1:%.+]] = load ptr, ptr [[BASE_0]], align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: [[BASE_1:%.+]] = load ptr, ptr [[BASE_0]], align 8, !tbaa [[P2INT_0]]
// CHECK-NEXT: store ptr null, ptr [[BASE_1]], align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: store ptr null, ptr [[BASE_1]], align 8, !tbaa [[P1INT_0]]
// CHECK-NEXT: ret void // CHECK-NEXT: ret void
// //
**ptr = 0; **ptr = 0;
} }
void p4char(char ****ptr) { void p4char(char ****ptr) {
// CHECK-LABEL: define void @p4char(ptr noundef %ptr) // CHECK-LABEL: define void @p4char(ptr noundef %ptr)
// CHECK-NEXT: entry: // CHECK-NEXT: entry:
// CHECK-NEXT: %ptr.addr = alloca ptr, align 8 // CHECK-NEXT: %ptr.addr = alloca ptr, align 8
// CHECK-NEXT: store ptr %ptr, ptr %ptr.addr, align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: store ptr %ptr, ptr %ptr.addr, align 8, !tbaa [[P4CHAR_0:!.+]]
// CHECK-NEXT: [[BASE_0:%.+]] = load ptr, ptr %ptr.addr, align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: [[BASE_0:%.+]] = load ptr, ptr %ptr.addr, align 8, !tbaa [[P4CHAR_0]]
// CHECK-NEXT: [[BASE_1:%.+]] = load ptr, ptr [[BASE_0]], align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: [[BASE_1:%.+]] = load ptr, ptr [[BASE_0]], align 8, !tbaa [[P3CHAR_0:!.+]]
// CHECK-NEXT: [[BASE_2:%.+]] = load ptr, ptr [[BASE_1]], align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: [[BASE_2:%.+]] = load ptr, ptr [[BASE_1]], align 8, !tbaa [[P2CHAR_0:!.+]]
// CHECK-NEXT: store ptr null, ptr [[BASE_2]], align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: store ptr null, ptr [[BASE_2]], align 8, !tbaa [[P1CHAR_0:!.+]]
// CHECK-NEXT: ret void // CHECK-NEXT: ret void
// //
***ptr = 0; ***ptr = 0;
} }
void p4char_const1(const char ****ptr) { void p4char_const1(const char ****ptr) {
// CHECK-LABEL: define void @p4char_const1(ptr noundef %ptr) // CHECK-LABEL: define void @p4char_const1(ptr noundef %ptr)
// CHECK-NEXT: entry: // CHECK-NEXT: entry:
// CHECK-NEXT: %ptr.addr = alloca ptr, align 8 // CHECK-NEXT: %ptr.addr = alloca ptr, align 8
// CHECK-NEXT: store ptr %ptr, ptr %ptr.addr, align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: store ptr %ptr, ptr %ptr.addr, align 8, !tbaa [[P4CHAR_0]]
// CHECK-NEXT: [[BASE_0:%.+]] = load ptr, ptr %ptr.addr, align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: [[BASE_0:%.+]] = load ptr, ptr %ptr.addr, align 8, !tbaa [[P4CHAR_0]]
// CHECK-NEXT: [[BASE_1:%.+]] = load ptr, ptr [[BASE_0]], align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: [[BASE_1:%.+]] = load ptr, ptr [[BASE_0]], align 8, !tbaa [[P3CHAR_0]]
// CHECK-NEXT: [[BASE_2:%.+]] = load ptr, ptr [[BASE_1]], align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: [[BASE_2:%.+]] = load ptr, ptr [[BASE_1]], align 8, !tbaa [[P2CHAR_0]]
// CHECK-NEXT: store ptr null, ptr [[BASE_2]], align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: store ptr null, ptr [[BASE_2]], align 8, !tbaa [[P1CHAR_0]]
// CHECK-NEXT: ret void // CHECK-NEXT: ret void
// //
***ptr = 0; ***ptr = 0;
} }
void p4char_const2(const char **const **ptr) { void p4char_const2(const char **const **ptr) {
// CHECK-LABEL: define void @p4char_const2(ptr noundef %ptr) // CHECK-LABEL: define void @p4char_const2(ptr noundef %ptr)
// CHECK-NEXT: entry: // CHECK-NEXT: entry:
// CHECK-NEXT: %ptr.addr = alloca ptr, align 8 // CHECK-NEXT: %ptr.addr = alloca ptr, align 8
// CHECK-NEXT: store ptr %ptr, ptr %ptr.addr, align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: store ptr %ptr, ptr %ptr.addr, align 8, !tbaa [[P4CHAR_0]]
// CHECK-NEXT: [[BASE_0:%.+]] = load ptr, ptr %ptr.addr, align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: [[BASE_0:%.+]] = load ptr, ptr %ptr.addr, align 8, !tbaa [[P4CHAR_0]]
// CHECK-NEXT: [[BASE_1:%.+]] = load ptr, ptr [[BASE_0]], align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: [[BASE_1:%.+]] = load ptr, ptr [[BASE_0]], align 8, !tbaa [[P3CHAR_0]]
// CHECK-NEXT: [[BASE_2:%.+]] = load ptr, ptr [[BASE_1]], align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: [[BASE_2:%.+]] = load ptr, ptr [[BASE_1]], align 8, !tbaa [[P2CHAR_0]]
// CHECK-NEXT: store ptr null, ptr [[BASE_2]], align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: store ptr null, ptr [[BASE_2]], align 8, !tbaa [[P1CHAR_0]]
// CHECK-NEXT: ret void // CHECK-NEXT: ret void
// //
***ptr = 0; ***ptr = 0;
} }
struct S1 { struct S1 {
int x; int x;
int y; int y;
}; };
void p2struct(struct S1 **ptr) { void p2struct(struct S1 **ptr) {
// CHECK-LABEL: define void @p2struct(ptr noundef %ptr) // CHECK-LABEL: define void @p2struct(ptr noundef %ptr)
// CHECK-NEXT: entry: // CHECK-NEXT: entry:
// CHECK-NEXT: %ptr.addr = alloca ptr, align 8 // CHECK-NEXT: %ptr.addr = alloca ptr, align 8
// CHECK-NEXT: store ptr %ptr, ptr %ptr.addr, align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: store ptr %ptr, ptr %ptr.addr, align 8, !tbaa [[P2S1_0:!.+]]
// CHECK-NEXT: [[BASE:%.+]] = load ptr, ptr %ptr.addr, align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: [[BASE:%.+]] = load ptr, ptr %ptr.addr, align 8, !tbaa [[P2S1_0]]
// CHECK-NEXT: store ptr null, ptr [[BASE]], align 8, !tbaa [[ANY_POINTER_0]] // CHECK-NEXT: store ptr null, ptr [[BASE]], align 8, !tbaa [[P1S1_:!.+]]
// CHECK-NEXT: ret void // CHECK-NEXT: ret void
// //
*ptr = 0; *ptr = 0;
} }
// CHECK: [[ANY_POINTER_0]] = !{[[ANY_POINTER:!.+]], [[ANY_POINTER]], i64 0} // CHECK: [[P2INT_0]] = !{[[P2INT:!.+]], [[P2INT]], i64 0}
// CHECK: [[P2INT]] = !{!"p2 int", [[ANY_POINTER:!.+]], i64 0}
// CHECK: [[ANY_POINTER]] = !{!"any pointer", [[CHAR:!.+]], i64 0} // CHECK: [[ANY_POINTER]] = !{!"any pointer", [[CHAR:!.+]], i64 0}
// CHECK: [[CHAR]] = !{!"omnipotent char", [[TBAA_ROOT:!.+]], i64 0} // CHECK: [[CHAR]] = !{!"omnipotent char", [[TBAA_ROOT:!.+]], i64 0}
// CHECK: [[TBAA_ROOT]] = !{!"Simple C/C++ TBAA"} // CHECK: [[TBAA_ROOT]] = !{!"Simple C/C++ TBAA"}
// // CHECK: [[P1INT_0]] = !{[[P1INT:!.+]], [[P1INT]], i64 0}
// CHECK: [[P1INT]] = !{!"p1 int", [[ANY_POINTER]], i64 0}
// CHECK: [[P3INT_0]] = !{[[P3INT:!.+]], [[P3INT]], i64 0}
// CHECK: [[P3INT]] = !{!"p3 int", [[ANY_POINTER]], i64 0}
// CHECK: [[P4CHAR_0]] = !{[[P4CHAR:!.+]], [[P4CHAR]], i64 0}
// CHECK: [[P4CHAR]] = !{!"p4 omnipotent char", [[ANY_POINTER]], i64 0}
// CHECK: [[P3CHAR_0]] = !{[[P3CHAR:!.+]], [[P3CHAR]], i64 0}
// CHECK: [[P3CHAR]] = !{!"p3 omnipotent char", [[ANY_POINTER]], i64 0}
// CHECK: [[P2CHAR_0]] = !{[[P2CHAR:!.+]], [[P2CHAR]], i64 0}
// CHECK: [[P2CHAR]] = !{!"p2 omnipotent char", [[ANY_POINTER]], i64 0}
// CHECK: [[P1CHAR_0]] = !{[[P1CHAR:!.+]], [[P1CHAR]], i64 0}
// CHECK: [[P1CHAR]] = !{!"p1 omnipotent char", [[ANY_POINTER]], i64 0}