1 //===- MemoryBuiltins.cpp - Identify calls to memory builtins -------------===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This family of functions identifies calls to builtin functions that allocate
13 //===----------------------------------------------------------------------===//
15 #include "llvm/Analysis/MemoryBuiltins.h"
16 #include "llvm/ADT/APInt.h"
17 #include "llvm/ADT/None.h"
18 #include "llvm/ADT/Optional.h"
19 #include "llvm/ADT/STLExtras.h"
20 #include "llvm/ADT/Statistic.h"
21 #include "llvm/ADT/StringRef.h"
22 #include "llvm/Analysis/TargetFolder.h"
23 #include "llvm/Analysis/TargetLibraryInfo.h"
24 #include "llvm/Analysis/ValueTracking.h"
25 #include "llvm/IR/Argument.h"
26 #include "llvm/IR/Attributes.h"
27 #include "llvm/IR/Constants.h"
28 #include "llvm/IR/DataLayout.h"
29 #include "llvm/IR/DerivedTypes.h"
30 #include "llvm/IR/Function.h"
31 #include "llvm/IR/GlobalAlias.h"
32 #include "llvm/IR/GlobalVariable.h"
33 #include "llvm/IR/Instruction.h"
34 #include "llvm/IR/Instructions.h"
35 #include "llvm/IR/IntrinsicInst.h"
36 #include "llvm/IR/Operator.h"
37 #include "llvm/IR/Type.h"
38 #include "llvm/IR/Value.h"
39 #include "llvm/Support/Casting.h"
40 #include "llvm/Support/Debug.h"
41 #include "llvm/Support/MathExtras.h"
42 #include "llvm/Support/raw_ostream.h"
43 #include "llvm/Transforms/Utils/Local.h"
51 #define DEBUG_TYPE "memory-builtins"
53 enum AllocType : uint8_t {
54 OpNewLike = 1<<0, // allocates; never returns null
55 MallocLike = 1<<1 | OpNewLike, // allocates; may return null
56 CallocLike = 1<<2, // allocates + bzero
57 ReallocLike = 1<<3, // reallocates
59 MallocOrCallocLike = MallocLike | CallocLike,
60 AllocLike = MallocLike | CallocLike | StrDupLike,
61 AnyAlloc = AllocLike | ReallocLike
67 // First and Second size parameters (or -1 if unused)
68 int FstParam, SndParam;
71 // FIXME: certain users need more information. E.g., SimplifyLibCalls needs to
72 // know which functions are nounwind, noalias, nocapture parameters, etc.
73 static const std::pair<LibFunc, AllocFnsTy> AllocationFnData[] = {
74 {LibFunc_malloc, {MallocLike, 1, 0, -1}},
75 {LibFunc_valloc, {MallocLike, 1, 0, -1}},
76 {LibFunc_Znwj, {OpNewLike, 1, 0, -1}}, // new(unsigned int)
77 {LibFunc_ZnwjRKSt9nothrow_t, {MallocLike, 2, 0, -1}}, // new(unsigned int, nothrow)
78 {LibFunc_Znwm, {OpNewLike, 1, 0, -1}}, // new(unsigned long)
79 {LibFunc_ZnwmRKSt9nothrow_t, {MallocLike, 2, 0, -1}}, // new(unsigned long, nothrow)
80 {LibFunc_Znaj, {OpNewLike, 1, 0, -1}}, // new[](unsigned int)
81 {LibFunc_ZnajRKSt9nothrow_t, {MallocLike, 2, 0, -1}}, // new[](unsigned int, nothrow)
82 {LibFunc_Znam, {OpNewLike, 1, 0, -1}}, // new[](unsigned long)
83 {LibFunc_ZnamRKSt9nothrow_t, {MallocLike, 2, 0, -1}}, // new[](unsigned long, nothrow)
84 {LibFunc_msvc_new_int, {OpNewLike, 1, 0, -1}}, // new(unsigned int)
85 {LibFunc_msvc_new_int_nothrow, {MallocLike, 2, 0, -1}}, // new(unsigned int, nothrow)
86 {LibFunc_msvc_new_longlong, {OpNewLike, 1, 0, -1}}, // new(unsigned long long)
87 {LibFunc_msvc_new_longlong_nothrow, {MallocLike, 2, 0, -1}}, // new(unsigned long long, nothrow)
88 {LibFunc_msvc_new_array_int, {OpNewLike, 1, 0, -1}}, // new[](unsigned int)
89 {LibFunc_msvc_new_array_int_nothrow, {MallocLike, 2, 0, -1}}, // new[](unsigned int, nothrow)
90 {LibFunc_msvc_new_array_longlong, {OpNewLike, 1, 0, -1}}, // new[](unsigned long long)
91 {LibFunc_msvc_new_array_longlong_nothrow, {MallocLike, 2, 0, -1}}, // new[](unsigned long long, nothrow)
92 {LibFunc_calloc, {CallocLike, 2, 0, 1}},
93 {LibFunc_realloc, {ReallocLike, 2, 1, -1}},
94 {LibFunc_reallocf, {ReallocLike, 2, 1, -1}},
95 {LibFunc_strdup, {StrDupLike, 1, -1, -1}},
96 {LibFunc_strndup, {StrDupLike, 2, 1, -1}}
97 // TODO: Handle "int posix_memalign(void **, size_t, size_t)"
100 static const Function *getCalledFunction(const Value *V, bool LookThroughBitCast,
102 // Don't care about intrinsics in this case.
103 if (isa<IntrinsicInst>(V))
106 if (LookThroughBitCast)
107 V = V->stripPointerCasts();
109 ImmutableCallSite CS(V);
110 if (!CS.getInstruction())
113 IsNoBuiltin = CS.isNoBuiltin();
115 const Function *Callee = CS.getCalledFunction();
116 if (!Callee || !Callee->isDeclaration())
121 /// Returns the allocation data for the given value if it's either a call to a
122 /// known allocation function, or a call to a function with the allocsize
124 static Optional<AllocFnsTy>
125 getAllocationDataForFunction(const Function *Callee, AllocType AllocTy,
126 const TargetLibraryInfo *TLI) {
127 // Make sure that the function is available.
128 StringRef FnName = Callee->getName();
130 if (!TLI || !TLI->getLibFunc(FnName, TLIFn) || !TLI->has(TLIFn))
133 const auto *Iter = find_if(
134 AllocationFnData, [TLIFn](const std::pair<LibFunc, AllocFnsTy> &P) {
135 return P.first == TLIFn;
138 if (Iter == std::end(AllocationFnData))
141 const AllocFnsTy *FnData = &Iter->second;
142 if ((FnData->AllocTy & AllocTy) != FnData->AllocTy)
145 // Check function prototype.
146 int FstParam = FnData->FstParam;
147 int SndParam = FnData->SndParam;
148 FunctionType *FTy = Callee->getFunctionType();
150 if (FTy->getReturnType() == Type::getInt8PtrTy(FTy->getContext()) &&
151 FTy->getNumParams() == FnData->NumParams &&
153 (FTy->getParamType(FstParam)->isIntegerTy(32) ||
154 FTy->getParamType(FstParam)->isIntegerTy(64))) &&
156 FTy->getParamType(SndParam)->isIntegerTy(32) ||
157 FTy->getParamType(SndParam)->isIntegerTy(64)))
162 static Optional<AllocFnsTy> getAllocationData(const Value *V, AllocType AllocTy,
163 const TargetLibraryInfo *TLI,
164 bool LookThroughBitCast = false) {
165 bool IsNoBuiltinCall;
166 if (const Function *Callee =
167 getCalledFunction(V, LookThroughBitCast, IsNoBuiltinCall))
168 if (!IsNoBuiltinCall)
169 return getAllocationDataForFunction(Callee, AllocTy, TLI);
173 static Optional<AllocFnsTy> getAllocationSize(const Value *V,
174 const TargetLibraryInfo *TLI) {
175 bool IsNoBuiltinCall;
176 const Function *Callee =
177 getCalledFunction(V, /*LookThroughBitCast=*/false, IsNoBuiltinCall);
181 // Prefer to use existing information over allocsize. This will give us an
183 if (!IsNoBuiltinCall)
184 if (Optional<AllocFnsTy> Data =
185 getAllocationDataForFunction(Callee, AnyAlloc, TLI))
188 Attribute Attr = Callee->getFnAttribute(Attribute::AllocSize);
189 if (Attr == Attribute())
192 std::pair<unsigned, Optional<unsigned>> Args = Attr.getAllocSizeArgs();
195 // Because allocsize only tells us how many bytes are allocated, we're not
196 // really allowed to assume anything, so we use MallocLike.
197 Result.AllocTy = MallocLike;
198 Result.NumParams = Callee->getNumOperands();
199 Result.FstParam = Args.first;
200 Result.SndParam = Args.second.getValueOr(-1);
204 static bool hasNoAliasAttr(const Value *V, bool LookThroughBitCast) {
205 ImmutableCallSite CS(LookThroughBitCast ? V->stripPointerCasts() : V);
206 return CS && CS.hasRetAttr(Attribute::NoAlias);
209 /// \brief Tests if a value is a call or invoke to a library function that
210 /// allocates or reallocates memory (either malloc, calloc, realloc, or strdup
212 bool llvm::isAllocationFn(const Value *V, const TargetLibraryInfo *TLI,
213 bool LookThroughBitCast) {
214 return getAllocationData(V, AnyAlloc, TLI, LookThroughBitCast).hasValue();
217 /// \brief Tests if a value is a call or invoke to a function that returns a
218 /// NoAlias pointer (including malloc/calloc/realloc/strdup-like functions).
219 bool llvm::isNoAliasFn(const Value *V, const TargetLibraryInfo *TLI,
220 bool LookThroughBitCast) {
221 // it's safe to consider realloc as noalias since accessing the original
222 // pointer is undefined behavior
223 return isAllocationFn(V, TLI, LookThroughBitCast) ||
224 hasNoAliasAttr(V, LookThroughBitCast);
227 /// \brief Tests if a value is a call or invoke to a library function that
228 /// allocates uninitialized memory (such as malloc).
229 bool llvm::isMallocLikeFn(const Value *V, const TargetLibraryInfo *TLI,
230 bool LookThroughBitCast) {
231 return getAllocationData(V, MallocLike, TLI, LookThroughBitCast).hasValue();
234 /// \brief Tests if a value is a call or invoke to a library function that
235 /// allocates zero-filled memory (such as calloc).
236 bool llvm::isCallocLikeFn(const Value *V, const TargetLibraryInfo *TLI,
237 bool LookThroughBitCast) {
238 return getAllocationData(V, CallocLike, TLI, LookThroughBitCast).hasValue();
241 /// \brief Tests if a value is a call or invoke to a library function that
242 /// allocates memory similiar to malloc or calloc.
243 bool llvm::isMallocOrCallocLikeFn(const Value *V, const TargetLibraryInfo *TLI,
244 bool LookThroughBitCast) {
245 return getAllocationData(V, MallocOrCallocLike, TLI,
246 LookThroughBitCast).hasValue();
249 /// \brief Tests if a value is a call or invoke to a library function that
250 /// allocates memory (either malloc, calloc, or strdup like).
251 bool llvm::isAllocLikeFn(const Value *V, const TargetLibraryInfo *TLI,
252 bool LookThroughBitCast) {
253 return getAllocationData(V, AllocLike, TLI, LookThroughBitCast).hasValue();
256 /// extractMallocCall - Returns the corresponding CallInst if the instruction
257 /// is a malloc call. Since CallInst::CreateMalloc() only creates calls, we
258 /// ignore InvokeInst here.
259 const CallInst *llvm::extractMallocCall(const Value *I,
260 const TargetLibraryInfo *TLI) {
261 return isMallocLikeFn(I, TLI) ? dyn_cast<CallInst>(I) : nullptr;
264 static Value *computeArraySize(const CallInst *CI, const DataLayout &DL,
265 const TargetLibraryInfo *TLI,
266 bool LookThroughSExt = false) {
270 // The size of the malloc's result type must be known to determine array size.
271 Type *T = getMallocAllocatedType(CI, TLI);
272 if (!T || !T->isSized())
275 unsigned ElementSize = DL.getTypeAllocSize(T);
276 if (StructType *ST = dyn_cast<StructType>(T))
277 ElementSize = DL.getStructLayout(ST)->getSizeInBytes();
279 // If malloc call's arg can be determined to be a multiple of ElementSize,
280 // return the multiple. Otherwise, return NULL.
281 Value *MallocArg = CI->getArgOperand(0);
282 Value *Multiple = nullptr;
283 if (ComputeMultiple(MallocArg, ElementSize, Multiple, LookThroughSExt))
289 /// getMallocType - Returns the PointerType resulting from the malloc call.
290 /// The PointerType depends on the number of bitcast uses of the malloc call:
291 /// 0: PointerType is the calls' return type.
292 /// 1: PointerType is the bitcast's result type.
293 /// >1: Unique PointerType cannot be determined, return NULL.
294 PointerType *llvm::getMallocType(const CallInst *CI,
295 const TargetLibraryInfo *TLI) {
296 assert(isMallocLikeFn(CI, TLI) && "getMallocType and not malloc call");
298 PointerType *MallocType = nullptr;
299 unsigned NumOfBitCastUses = 0;
301 // Determine if CallInst has a bitcast use.
302 for (Value::const_user_iterator UI = CI->user_begin(), E = CI->user_end();
304 if (const BitCastInst *BCI = dyn_cast<BitCastInst>(*UI++)) {
305 MallocType = cast<PointerType>(BCI->getDestTy());
309 // Malloc call has 1 bitcast use, so type is the bitcast's destination type.
310 if (NumOfBitCastUses == 1)
313 // Malloc call was not bitcast, so type is the malloc function's return type.
314 if (NumOfBitCastUses == 0)
315 return cast<PointerType>(CI->getType());
317 // Type could not be determined.
321 /// getMallocAllocatedType - Returns the Type allocated by malloc call.
322 /// The Type depends on the number of bitcast uses of the malloc call:
323 /// 0: PointerType is the malloc calls' return type.
324 /// 1: PointerType is the bitcast's result type.
325 /// >1: Unique PointerType cannot be determined, return NULL.
326 Type *llvm::getMallocAllocatedType(const CallInst *CI,
327 const TargetLibraryInfo *TLI) {
328 PointerType *PT = getMallocType(CI, TLI);
329 return PT ? PT->getElementType() : nullptr;
332 /// getMallocArraySize - Returns the array size of a malloc call. If the
333 /// argument passed to malloc is a multiple of the size of the malloced type,
334 /// then return that multiple. For non-array mallocs, the multiple is
335 /// constant 1. Otherwise, return NULL for mallocs whose array size cannot be
337 Value *llvm::getMallocArraySize(CallInst *CI, const DataLayout &DL,
338 const TargetLibraryInfo *TLI,
339 bool LookThroughSExt) {
340 assert(isMallocLikeFn(CI, TLI) && "getMallocArraySize and not malloc call");
341 return computeArraySize(CI, DL, TLI, LookThroughSExt);
344 /// extractCallocCall - Returns the corresponding CallInst if the instruction
345 /// is a calloc call.
346 const CallInst *llvm::extractCallocCall(const Value *I,
347 const TargetLibraryInfo *TLI) {
348 return isCallocLikeFn(I, TLI) ? cast<CallInst>(I) : nullptr;
351 /// isFreeCall - Returns non-null if the value is a call to the builtin free()
352 const CallInst *llvm::isFreeCall(const Value *I, const TargetLibraryInfo *TLI) {
353 const CallInst *CI = dyn_cast<CallInst>(I);
354 if (!CI || isa<IntrinsicInst>(CI))
356 Function *Callee = CI->getCalledFunction();
357 if (Callee == nullptr)
360 StringRef FnName = Callee->getName();
362 if (!TLI || !TLI->getLibFunc(FnName, TLIFn) || !TLI->has(TLIFn))
365 unsigned ExpectedNumParams;
366 if (TLIFn == LibFunc_free ||
367 TLIFn == LibFunc_ZdlPv || // operator delete(void*)
368 TLIFn == LibFunc_ZdaPv || // operator delete[](void*)
369 TLIFn == LibFunc_msvc_delete_ptr32 || // operator delete(void*)
370 TLIFn == LibFunc_msvc_delete_ptr64 || // operator delete(void*)
371 TLIFn == LibFunc_msvc_delete_array_ptr32 || // operator delete[](void*)
372 TLIFn == LibFunc_msvc_delete_array_ptr64) // operator delete[](void*)
373 ExpectedNumParams = 1;
374 else if (TLIFn == LibFunc_ZdlPvj || // delete(void*, uint)
375 TLIFn == LibFunc_ZdlPvm || // delete(void*, ulong)
376 TLIFn == LibFunc_ZdlPvRKSt9nothrow_t || // delete(void*, nothrow)
377 TLIFn == LibFunc_ZdaPvj || // delete[](void*, uint)
378 TLIFn == LibFunc_ZdaPvm || // delete[](void*, ulong)
379 TLIFn == LibFunc_ZdaPvRKSt9nothrow_t || // delete[](void*, nothrow)
380 TLIFn == LibFunc_msvc_delete_ptr32_int || // delete(void*, uint)
381 TLIFn == LibFunc_msvc_delete_ptr64_longlong || // delete(void*, ulonglong)
382 TLIFn == LibFunc_msvc_delete_ptr32_nothrow || // delete(void*, nothrow)
383 TLIFn == LibFunc_msvc_delete_ptr64_nothrow || // delete(void*, nothrow)
384 TLIFn == LibFunc_msvc_delete_array_ptr32_int || // delete[](void*, uint)
385 TLIFn == LibFunc_msvc_delete_array_ptr64_longlong || // delete[](void*, ulonglong)
386 TLIFn == LibFunc_msvc_delete_array_ptr32_nothrow || // delete[](void*, nothrow)
387 TLIFn == LibFunc_msvc_delete_array_ptr64_nothrow) // delete[](void*, nothrow)
388 ExpectedNumParams = 2;
392 // Check free prototype.
393 // FIXME: workaround for PR5130, this will be obsolete when a nobuiltin
394 // attribute will exist.
395 FunctionType *FTy = Callee->getFunctionType();
396 if (!FTy->getReturnType()->isVoidTy())
398 if (FTy->getNumParams() != ExpectedNumParams)
400 if (FTy->getParamType(0) != Type::getInt8PtrTy(Callee->getContext()))
406 //===----------------------------------------------------------------------===//
407 // Utility functions to compute size of objects.
409 static APInt getSizeWithOverflow(const SizeOffsetType &Data) {
410 if (Data.second.isNegative() || Data.first.ult(Data.second))
411 return APInt(Data.first.getBitWidth(), 0);
412 return Data.first - Data.second;
415 /// \brief Compute the size of the object pointed by Ptr. Returns true and the
416 /// object size in Size if successful, and false otherwise.
417 /// If RoundToAlign is true, then Size is rounded up to the alignment of
418 /// allocas, byval arguments, and global variables.
419 bool llvm::getObjectSize(const Value *Ptr, uint64_t &Size, const DataLayout &DL,
420 const TargetLibraryInfo *TLI, ObjectSizeOpts Opts) {
421 ObjectSizeOffsetVisitor Visitor(DL, TLI, Ptr->getContext(), Opts);
422 SizeOffsetType Data = Visitor.compute(const_cast<Value*>(Ptr));
423 if (!Visitor.bothKnown(Data))
426 Size = getSizeWithOverflow(Data).getZExtValue();
430 ConstantInt *llvm::lowerObjectSizeCall(IntrinsicInst *ObjectSize,
431 const DataLayout &DL,
432 const TargetLibraryInfo *TLI,
434 assert(ObjectSize->getIntrinsicID() == Intrinsic::objectsize &&
435 "ObjectSize must be a call to llvm.objectsize!");
437 bool MaxVal = cast<ConstantInt>(ObjectSize->getArgOperand(1))->isZero();
438 ObjectSizeOpts EvalOptions;
439 // Unless we have to fold this to something, try to be as accurate as
442 EvalOptions.EvalMode =
443 MaxVal ? ObjectSizeOpts::Mode::Max : ObjectSizeOpts::Mode::Min;
445 EvalOptions.EvalMode = ObjectSizeOpts::Mode::Exact;
447 EvalOptions.NullIsUnknownSize =
448 cast<ConstantInt>(ObjectSize->getArgOperand(2))->isOne();
450 // FIXME: Does it make sense to just return a failure value if the size won't
451 // fit in the output and `!MustSucceed`?
453 auto *ResultType = cast<IntegerType>(ObjectSize->getType());
454 if (getObjectSize(ObjectSize->getArgOperand(0), Size, DL, TLI, EvalOptions) &&
455 isUIntN(ResultType->getBitWidth(), Size))
456 return ConstantInt::get(ResultType, Size);
461 return ConstantInt::get(ResultType, MaxVal ? -1ULL : 0);
464 STATISTIC(ObjectVisitorArgument,
465 "Number of arguments with unsolved size and offset");
466 STATISTIC(ObjectVisitorLoad,
467 "Number of load instructions with unsolved size and offset");
469 APInt ObjectSizeOffsetVisitor::align(APInt Size, uint64_t Align) {
470 if (Options.RoundToAlign && Align)
471 return APInt(IntTyBits, alignTo(Size.getZExtValue(), Align));
475 ObjectSizeOffsetVisitor::ObjectSizeOffsetVisitor(const DataLayout &DL,
476 const TargetLibraryInfo *TLI,
477 LLVMContext &Context,
478 ObjectSizeOpts Options)
479 : DL(DL), TLI(TLI), Options(Options) {
480 // Pointer size must be rechecked for each object visited since it could have
481 // a different address space.
484 SizeOffsetType ObjectSizeOffsetVisitor::compute(Value *V) {
485 IntTyBits = DL.getPointerTypeSizeInBits(V->getType());
486 Zero = APInt::getNullValue(IntTyBits);
488 V = V->stripPointerCasts();
489 if (Instruction *I = dyn_cast<Instruction>(V)) {
490 // If we have already seen this instruction, bail out. Cycles can happen in
491 // unreachable code after constant propagation.
492 if (!SeenInsts.insert(I).second)
495 if (GEPOperator *GEP = dyn_cast<GEPOperator>(V))
496 return visitGEPOperator(*GEP);
499 if (Argument *A = dyn_cast<Argument>(V))
500 return visitArgument(*A);
501 if (ConstantPointerNull *P = dyn_cast<ConstantPointerNull>(V))
502 return visitConstantPointerNull(*P);
503 if (GlobalAlias *GA = dyn_cast<GlobalAlias>(V))
504 return visitGlobalAlias(*GA);
505 if (GlobalVariable *GV = dyn_cast<GlobalVariable>(V))
506 return visitGlobalVariable(*GV);
507 if (UndefValue *UV = dyn_cast<UndefValue>(V))
508 return visitUndefValue(*UV);
509 if (ConstantExpr *CE = dyn_cast<ConstantExpr>(V)) {
510 if (CE->getOpcode() == Instruction::IntToPtr)
511 return unknown(); // clueless
512 if (CE->getOpcode() == Instruction::GetElementPtr)
513 return visitGEPOperator(cast<GEPOperator>(*CE));
516 DEBUG(dbgs() << "ObjectSizeOffsetVisitor::compute() unhandled value: " << *V
521 /// When we're compiling N-bit code, and the user uses parameters that are
522 /// greater than N bits (e.g. uint64_t on a 32-bit build), we can run into
523 /// trouble with APInt size issues. This function handles resizing + overflow
524 /// checks for us. Check and zext or trunc \p I depending on IntTyBits and
526 bool ObjectSizeOffsetVisitor::CheckedZextOrTrunc(APInt &I) {
527 // More bits than we can handle. Checking the bit width isn't necessary, but
528 // it's faster than checking active bits, and should give `false` in the
529 // vast majority of cases.
530 if (I.getBitWidth() > IntTyBits && I.getActiveBits() > IntTyBits)
532 if (I.getBitWidth() != IntTyBits)
533 I = I.zextOrTrunc(IntTyBits);
537 SizeOffsetType ObjectSizeOffsetVisitor::visitAllocaInst(AllocaInst &I) {
538 if (!I.getAllocatedType()->isSized())
541 APInt Size(IntTyBits, DL.getTypeAllocSize(I.getAllocatedType()));
542 if (!I.isArrayAllocation())
543 return std::make_pair(align(Size, I.getAlignment()), Zero);
545 Value *ArraySize = I.getArraySize();
546 if (const ConstantInt *C = dyn_cast<ConstantInt>(ArraySize)) {
547 APInt NumElems = C->getValue();
548 if (!CheckedZextOrTrunc(NumElems))
552 Size = Size.umul_ov(NumElems, Overflow);
553 return Overflow ? unknown() : std::make_pair(align(Size, I.getAlignment()),
559 SizeOffsetType ObjectSizeOffsetVisitor::visitArgument(Argument &A) {
560 // No interprocedural analysis is done at the moment.
561 if (!A.hasByValOrInAllocaAttr()) {
562 ++ObjectVisitorArgument;
565 PointerType *PT = cast<PointerType>(A.getType());
566 APInt Size(IntTyBits, DL.getTypeAllocSize(PT->getElementType()));
567 return std::make_pair(align(Size, A.getParamAlignment()), Zero);
570 SizeOffsetType ObjectSizeOffsetVisitor::visitCallSite(CallSite CS) {
571 Optional<AllocFnsTy> FnData = getAllocationSize(CS.getInstruction(), TLI);
575 // Handle strdup-like functions separately.
576 if (FnData->AllocTy == StrDupLike) {
577 APInt Size(IntTyBits, GetStringLength(CS.getArgument(0)));
581 // Strndup limits strlen.
582 if (FnData->FstParam > 0) {
584 dyn_cast<ConstantInt>(CS.getArgument(FnData->FstParam));
588 APInt MaxSize = Arg->getValue().zextOrSelf(IntTyBits);
589 if (Size.ugt(MaxSize))
592 return std::make_pair(Size, Zero);
595 ConstantInt *Arg = dyn_cast<ConstantInt>(CS.getArgument(FnData->FstParam));
599 APInt Size = Arg->getValue();
600 if (!CheckedZextOrTrunc(Size))
603 // Size is determined by just 1 parameter.
604 if (FnData->SndParam < 0)
605 return std::make_pair(Size, Zero);
607 Arg = dyn_cast<ConstantInt>(CS.getArgument(FnData->SndParam));
611 APInt NumElems = Arg->getValue();
612 if (!CheckedZextOrTrunc(NumElems))
616 Size = Size.umul_ov(NumElems, Overflow);
617 return Overflow ? unknown() : std::make_pair(Size, Zero);
619 // TODO: handle more standard functions (+ wchar cousins):
620 // - strdup / strndup
621 // - strcpy / strncpy
622 // - strcat / strncat
623 // - memcpy / memmove
624 // - strcat / strncat
629 ObjectSizeOffsetVisitor::visitConstantPointerNull(ConstantPointerNull& CPN) {
630 if (Options.NullIsUnknownSize && CPN.getType()->getAddressSpace() == 0)
632 return std::make_pair(Zero, Zero);
636 ObjectSizeOffsetVisitor::visitExtractElementInst(ExtractElementInst&) {
641 ObjectSizeOffsetVisitor::visitExtractValueInst(ExtractValueInst&) {
642 // Easy cases were already folded by previous passes.
646 SizeOffsetType ObjectSizeOffsetVisitor::visitGEPOperator(GEPOperator &GEP) {
647 SizeOffsetType PtrData = compute(GEP.getPointerOperand());
648 APInt Offset(IntTyBits, 0);
649 if (!bothKnown(PtrData) || !GEP.accumulateConstantOffset(DL, Offset))
652 return std::make_pair(PtrData.first, PtrData.second + Offset);
655 SizeOffsetType ObjectSizeOffsetVisitor::visitGlobalAlias(GlobalAlias &GA) {
656 if (GA.isInterposable())
658 return compute(GA.getAliasee());
661 SizeOffsetType ObjectSizeOffsetVisitor::visitGlobalVariable(GlobalVariable &GV){
662 if (!GV.hasDefinitiveInitializer())
665 APInt Size(IntTyBits, DL.getTypeAllocSize(GV.getType()->getElementType()));
666 return std::make_pair(align(Size, GV.getAlignment()), Zero);
669 SizeOffsetType ObjectSizeOffsetVisitor::visitIntToPtrInst(IntToPtrInst&) {
674 SizeOffsetType ObjectSizeOffsetVisitor::visitLoadInst(LoadInst&) {
679 SizeOffsetType ObjectSizeOffsetVisitor::visitPHINode(PHINode&) {
680 // too complex to analyze statically.
684 SizeOffsetType ObjectSizeOffsetVisitor::visitSelectInst(SelectInst &I) {
685 SizeOffsetType TrueSide = compute(I.getTrueValue());
686 SizeOffsetType FalseSide = compute(I.getFalseValue());
687 if (bothKnown(TrueSide) && bothKnown(FalseSide)) {
688 if (TrueSide == FalseSide) {
692 APInt TrueResult = getSizeWithOverflow(TrueSide);
693 APInt FalseResult = getSizeWithOverflow(FalseSide);
695 if (TrueResult == FalseResult) {
698 if (Options.EvalMode == ObjectSizeOpts::Mode::Min) {
699 if (TrueResult.slt(FalseResult))
703 if (Options.EvalMode == ObjectSizeOpts::Mode::Max) {
704 if (TrueResult.sgt(FalseResult))
712 SizeOffsetType ObjectSizeOffsetVisitor::visitUndefValue(UndefValue&) {
713 return std::make_pair(Zero, Zero);
716 SizeOffsetType ObjectSizeOffsetVisitor::visitInstruction(Instruction &I) {
717 DEBUG(dbgs() << "ObjectSizeOffsetVisitor unknown instruction:" << I << '\n');
721 ObjectSizeOffsetEvaluator::ObjectSizeOffsetEvaluator(
722 const DataLayout &DL, const TargetLibraryInfo *TLI, LLVMContext &Context,
724 : DL(DL), TLI(TLI), Context(Context), Builder(Context, TargetFolder(DL)),
725 RoundToAlign(RoundToAlign) {
726 // IntTy and Zero must be set for each compute() since the address space may
727 // be different for later objects.
730 SizeOffsetEvalType ObjectSizeOffsetEvaluator::compute(Value *V) {
731 // XXX - Are vectors of pointers possible here?
732 IntTy = cast<IntegerType>(DL.getIntPtrType(V->getType()));
733 Zero = ConstantInt::get(IntTy, 0);
735 SizeOffsetEvalType Result = compute_(V);
737 if (!bothKnown(Result)) {
738 // Erase everything that was computed in this iteration from the cache, so
739 // that no dangling references are left behind. We could be a bit smarter if
740 // we kept a dependency graph. It's probably not worth the complexity.
741 for (const Value *SeenVal : SeenVals) {
742 CacheMapTy::iterator CacheIt = CacheMap.find(SeenVal);
743 // non-computable results can be safely cached
744 if (CacheIt != CacheMap.end() && anyKnown(CacheIt->second))
745 CacheMap.erase(CacheIt);
753 SizeOffsetEvalType ObjectSizeOffsetEvaluator::compute_(Value *V) {
754 ObjectSizeOpts ObjSizeOptions;
755 ObjSizeOptions.RoundToAlign = RoundToAlign;
757 ObjectSizeOffsetVisitor Visitor(DL, TLI, Context, ObjSizeOptions);
758 SizeOffsetType Const = Visitor.compute(V);
759 if (Visitor.bothKnown(Const))
760 return std::make_pair(ConstantInt::get(Context, Const.first),
761 ConstantInt::get(Context, Const.second));
763 V = V->stripPointerCasts();
766 CacheMapTy::iterator CacheIt = CacheMap.find(V);
767 if (CacheIt != CacheMap.end())
768 return CacheIt->second;
770 // Always generate code immediately before the instruction being
771 // processed, so that the generated code dominates the same BBs.
772 BuilderTy::InsertPointGuard Guard(Builder);
773 if (Instruction *I = dyn_cast<Instruction>(V))
774 Builder.SetInsertPoint(I);
776 // Now compute the size and offset.
777 SizeOffsetEvalType Result;
779 // Record the pointers that were handled in this run, so that they can be
780 // cleaned later if something fails. We also use this set to break cycles that
781 // can occur in dead code.
782 if (!SeenVals.insert(V).second) {
784 } else if (GEPOperator *GEP = dyn_cast<GEPOperator>(V)) {
785 Result = visitGEPOperator(*GEP);
786 } else if (Instruction *I = dyn_cast<Instruction>(V)) {
788 } else if (isa<Argument>(V) ||
789 (isa<ConstantExpr>(V) &&
790 cast<ConstantExpr>(V)->getOpcode() == Instruction::IntToPtr) ||
791 isa<GlobalAlias>(V) ||
792 isa<GlobalVariable>(V)) {
793 // Ignore values where we cannot do more than ObjectSizeVisitor.
796 DEBUG(dbgs() << "ObjectSizeOffsetEvaluator::compute() unhandled value: "
801 // Don't reuse CacheIt since it may be invalid at this point.
802 CacheMap[V] = Result;
806 SizeOffsetEvalType ObjectSizeOffsetEvaluator::visitAllocaInst(AllocaInst &I) {
807 if (!I.getAllocatedType()->isSized())
811 assert(I.isArrayAllocation());
812 Value *ArraySize = I.getArraySize();
813 Value *Size = ConstantInt::get(ArraySize->getType(),
814 DL.getTypeAllocSize(I.getAllocatedType()));
815 Size = Builder.CreateMul(Size, ArraySize);
816 return std::make_pair(Size, Zero);
819 SizeOffsetEvalType ObjectSizeOffsetEvaluator::visitCallSite(CallSite CS) {
820 Optional<AllocFnsTy> FnData = getAllocationSize(CS.getInstruction(), TLI);
824 // Handle strdup-like functions separately.
825 if (FnData->AllocTy == StrDupLike) {
830 Value *FirstArg = CS.getArgument(FnData->FstParam);
831 FirstArg = Builder.CreateZExt(FirstArg, IntTy);
832 if (FnData->SndParam < 0)
833 return std::make_pair(FirstArg, Zero);
835 Value *SecondArg = CS.getArgument(FnData->SndParam);
836 SecondArg = Builder.CreateZExt(SecondArg, IntTy);
837 Value *Size = Builder.CreateMul(FirstArg, SecondArg);
838 return std::make_pair(Size, Zero);
840 // TODO: handle more standard functions (+ wchar cousins):
841 // - strdup / strndup
842 // - strcpy / strncpy
843 // - strcat / strncat
844 // - memcpy / memmove
845 // - strcat / strncat
850 ObjectSizeOffsetEvaluator::visitExtractElementInst(ExtractElementInst&) {
855 ObjectSizeOffsetEvaluator::visitExtractValueInst(ExtractValueInst&) {
860 ObjectSizeOffsetEvaluator::visitGEPOperator(GEPOperator &GEP) {
861 SizeOffsetEvalType PtrData = compute_(GEP.getPointerOperand());
862 if (!bothKnown(PtrData))
865 Value *Offset = EmitGEPOffset(&Builder, DL, &GEP, /*NoAssumptions=*/true);
866 Offset = Builder.CreateAdd(PtrData.second, Offset);
867 return std::make_pair(PtrData.first, Offset);
870 SizeOffsetEvalType ObjectSizeOffsetEvaluator::visitIntToPtrInst(IntToPtrInst&) {
875 SizeOffsetEvalType ObjectSizeOffsetEvaluator::visitLoadInst(LoadInst&) {
879 SizeOffsetEvalType ObjectSizeOffsetEvaluator::visitPHINode(PHINode &PHI) {
880 // Create 2 PHIs: one for size and another for offset.
881 PHINode *SizePHI = Builder.CreatePHI(IntTy, PHI.getNumIncomingValues());
882 PHINode *OffsetPHI = Builder.CreatePHI(IntTy, PHI.getNumIncomingValues());
884 // Insert right away in the cache to handle recursive PHIs.
885 CacheMap[&PHI] = std::make_pair(SizePHI, OffsetPHI);
887 // Compute offset/size for each PHI incoming pointer.
888 for (unsigned i = 0, e = PHI.getNumIncomingValues(); i != e; ++i) {
889 Builder.SetInsertPoint(&*PHI.getIncomingBlock(i)->getFirstInsertionPt());
890 SizeOffsetEvalType EdgeData = compute_(PHI.getIncomingValue(i));
892 if (!bothKnown(EdgeData)) {
893 OffsetPHI->replaceAllUsesWith(UndefValue::get(IntTy));
894 OffsetPHI->eraseFromParent();
895 SizePHI->replaceAllUsesWith(UndefValue::get(IntTy));
896 SizePHI->eraseFromParent();
899 SizePHI->addIncoming(EdgeData.first, PHI.getIncomingBlock(i));
900 OffsetPHI->addIncoming(EdgeData.second, PHI.getIncomingBlock(i));
903 Value *Size = SizePHI, *Offset = OffsetPHI, *Tmp;
904 if ((Tmp = SizePHI->hasConstantValue())) {
906 SizePHI->replaceAllUsesWith(Size);
907 SizePHI->eraseFromParent();
909 if ((Tmp = OffsetPHI->hasConstantValue())) {
911 OffsetPHI->replaceAllUsesWith(Offset);
912 OffsetPHI->eraseFromParent();
914 return std::make_pair(Size, Offset);
917 SizeOffsetEvalType ObjectSizeOffsetEvaluator::visitSelectInst(SelectInst &I) {
918 SizeOffsetEvalType TrueSide = compute_(I.getTrueValue());
919 SizeOffsetEvalType FalseSide = compute_(I.getFalseValue());
921 if (!bothKnown(TrueSide) || !bothKnown(FalseSide))
923 if (TrueSide == FalseSide)
926 Value *Size = Builder.CreateSelect(I.getCondition(), TrueSide.first,
928 Value *Offset = Builder.CreateSelect(I.getCondition(), TrueSide.second,
930 return std::make_pair(Size, Offset);
933 SizeOffsetEvalType ObjectSizeOffsetEvaluator::visitInstruction(Instruction &I) {
934 DEBUG(dbgs() << "ObjectSizeOffsetEvaluator unknown instruction:" << I <<'\n');
projects / FreeBSD / FreeBSD.git / blob