1 //===------ MemoryBuiltins.cpp - Identify calls to memory builtins --------===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This family of functions identifies calls to builtin functions that allocate 11 // or free memory. 12 // 13 //===----------------------------------------------------------------------===// 14 15 #include "llvm/Analysis/MemoryBuiltins.h" 16 #include "llvm/ADT/STLExtras.h" 17 #include "llvm/ADT/Statistic.h" 18 #include "llvm/Analysis/TargetLibraryInfo.h" 19 #include "llvm/Analysis/ValueTracking.h" 20 #include "llvm/IR/DataLayout.h" 21 #include "llvm/IR/GlobalVariable.h" 22 #include "llvm/IR/Instructions.h" 23 #include "llvm/IR/Intrinsics.h" 24 #include "llvm/IR/Metadata.h" 25 #include "llvm/IR/Module.h" 26 #include "llvm/Support/Debug.h" 27 #include "llvm/Support/MathExtras.h" 28 #include "llvm/Support/raw_ostream.h" 29 #include "llvm/Transforms/Utils/Local.h" 30 using namespace llvm; 31 32 #define DEBUG_TYPE "memory-builtins" 33 34 enum AllocType { 35 OpNewLike = 1<<0, // allocates; never returns null 36 MallocLike = 1<<1 | OpNewLike, // allocates; may return null 37 CallocLike = 1<<2, // allocates + bzero 38 ReallocLike = 1<<3, // reallocates 39 StrDupLike = 1<<4, 40 AllocLike = MallocLike | CallocLike | StrDupLike, 41 AnyAlloc = AllocLike | ReallocLike 42 }; 43 44 struct AllocFnsTy { 45 LibFunc::Func Func; 46 AllocType AllocTy; 47 unsigned char NumParams; 48 // First and Second size parameters (or -1 if unused) 49 signed char FstParam, SndParam; 50 }; 51 52 // FIXME: certain users need more information. E.g., SimplifyLibCalls needs to 53 // know which functions are nounwind, noalias, nocapture parameters, etc. 54 static const AllocFnsTy AllocationFnData[] = { 55 {LibFunc::malloc, MallocLike, 1, 0, -1}, 56 {LibFunc::valloc, MallocLike, 1, 0, -1}, 57 {LibFunc::Znwj, OpNewLike, 1, 0, -1}, // new(unsigned int) 58 {LibFunc::ZnwjRKSt9nothrow_t, MallocLike, 2, 0, -1}, // new(unsigned int, nothrow) 59 {LibFunc::Znwm, OpNewLike, 1, 0, -1}, // new(unsigned long) 60 {LibFunc::ZnwmRKSt9nothrow_t, MallocLike, 2, 0, -1}, // new(unsigned long, nothrow) 61 {LibFunc::Znaj, OpNewLike, 1, 0, -1}, // new[](unsigned int) 62 {LibFunc::ZnajRKSt9nothrow_t, MallocLike, 2, 0, -1}, // new[](unsigned int, nothrow) 63 {LibFunc::Znam, OpNewLike, 1, 0, -1}, // new[](unsigned long) 64 {LibFunc::ZnamRKSt9nothrow_t, MallocLike, 2, 0, -1}, // new[](unsigned long, nothrow) 65 {LibFunc::calloc, CallocLike, 2, 0, 1}, 66 {LibFunc::realloc, ReallocLike, 2, 1, -1}, 67 {LibFunc::reallocf, ReallocLike, 2, 1, -1}, 68 {LibFunc::strdup, StrDupLike, 1, -1, -1}, 69 {LibFunc::strndup, StrDupLike, 2, 1, -1} 70 // TODO: Handle "int posix_memalign(void **, size_t, size_t)" 71 }; 72 73 74 static Function *getCalledFunction(const Value *V, bool LookThroughBitCast) { 75 if (LookThroughBitCast) 76 V = V->stripPointerCasts(); 77 78 CallSite CS(const_cast<Value*>(V)); 79 if (!CS.getInstruction()) 80 return nullptr; 81 82 if (CS.isNoBuiltin()) 83 return nullptr; 84 85 Function *Callee = CS.getCalledFunction(); 86 if (!Callee || !Callee->isDeclaration()) 87 return nullptr; 88 return Callee; 89 } 90 91 /// \brief Returns the allocation data for the given value if it is a call to a 92 /// known allocation function, and NULL otherwise. 93 static const AllocFnsTy *getAllocationData(const Value *V, AllocType AllocTy, 94 const TargetLibraryInfo *TLI, 95 bool LookThroughBitCast = false) { 96 // Skip intrinsics 97 if (isa<IntrinsicInst>(V)) 98 return nullptr; 99 100 Function *Callee = getCalledFunction(V, LookThroughBitCast); 101 if (!Callee) 102 return nullptr; 103 104 // Make sure that the function is available. 105 StringRef FnName = Callee->getName(); 106 LibFunc::Func TLIFn; 107 if (!TLI || !TLI->getLibFunc(FnName, TLIFn) || !TLI->has(TLIFn)) 108 return nullptr; 109 110 unsigned i = 0; 111 bool found = false; 112 for ( ; i < array_lengthof(AllocationFnData); ++i) { 113 if (AllocationFnData[i].Func == TLIFn) { 114 found = true; 115 break; 116 } 117 } 118 if (!found) 119 return nullptr; 120 121 const AllocFnsTy *FnData = &AllocationFnData[i]; 122 if ((FnData->AllocTy & AllocTy) != FnData->AllocTy) 123 return nullptr; 124 125 // Check function prototype. 126 int FstParam = FnData->FstParam; 127 int SndParam = FnData->SndParam; 128 FunctionType *FTy = Callee->getFunctionType(); 129 130 if (FTy->getReturnType() == Type::getInt8PtrTy(FTy->getContext()) && 131 FTy->getNumParams() == FnData->NumParams && 132 (FstParam < 0 || 133 (FTy->getParamType(FstParam)->isIntegerTy(32) || 134 FTy->getParamType(FstParam)->isIntegerTy(64))) && 135 (SndParam < 0 || 136 FTy->getParamType(SndParam)->isIntegerTy(32) || 137 FTy->getParamType(SndParam)->isIntegerTy(64))) 138 return FnData; 139 return nullptr; 140 } 141 142 static bool hasNoAliasAttr(const Value *V, bool LookThroughBitCast) { 143 ImmutableCallSite CS(LookThroughBitCast ? V->stripPointerCasts() : V); 144 return CS && CS.hasFnAttr(Attribute::NoAlias); 145 } 146 147 148 /// \brief Tests if a value is a call or invoke to a library function that 149 /// allocates or reallocates memory (either malloc, calloc, realloc, or strdup 150 /// like). 151 bool llvm::isAllocationFn(const Value *V, const TargetLibraryInfo *TLI, 152 bool LookThroughBitCast) { 153 return getAllocationData(V, AnyAlloc, TLI, LookThroughBitCast); 154 } 155 156 /// \brief Tests if a value is a call or invoke to a function that returns a 157 /// NoAlias pointer (including malloc/calloc/realloc/strdup-like functions). 158 bool llvm::isNoAliasFn(const Value *V, const TargetLibraryInfo *TLI, 159 bool LookThroughBitCast) { 160 // it's safe to consider realloc as noalias since accessing the original 161 // pointer is undefined behavior 162 return isAllocationFn(V, TLI, LookThroughBitCast) || 163 hasNoAliasAttr(V, LookThroughBitCast); 164 } 165 166 /// \brief Tests if a value is a call or invoke to a library function that 167 /// allocates uninitialized memory (such as malloc). 168 bool llvm::isMallocLikeFn(const Value *V, const TargetLibraryInfo *TLI, 169 bool LookThroughBitCast) { 170 return getAllocationData(V, MallocLike, TLI, LookThroughBitCast); 171 } 172 173 /// \brief Tests if a value is a call or invoke to a library function that 174 /// allocates zero-filled memory (such as calloc). 175 bool llvm::isCallocLikeFn(const Value *V, const TargetLibraryInfo *TLI, 176 bool LookThroughBitCast) { 177 return getAllocationData(V, CallocLike, TLI, LookThroughBitCast); 178 } 179 180 /// \brief Tests if a value is a call or invoke to a library function that 181 /// allocates memory (either malloc, calloc, or strdup like). 182 bool llvm::isAllocLikeFn(const Value *V, const TargetLibraryInfo *TLI, 183 bool LookThroughBitCast) { 184 return getAllocationData(V, AllocLike, TLI, LookThroughBitCast); 185 } 186 187 /// \brief Tests if a value is a call or invoke to a library function that 188 /// reallocates memory (such as realloc). 189 bool llvm::isReallocLikeFn(const Value *V, const TargetLibraryInfo *TLI, 190 bool LookThroughBitCast) { 191 return getAllocationData(V, ReallocLike, TLI, LookThroughBitCast); 192 } 193 194 /// \brief Tests if a value is a call or invoke to a library function that 195 /// allocates memory and never returns null (such as operator new). 196 bool llvm::isOperatorNewLikeFn(const Value *V, const TargetLibraryInfo *TLI, 197 bool LookThroughBitCast) { 198 return getAllocationData(V, OpNewLike, TLI, LookThroughBitCast); 199 } 200 201 /// extractMallocCall - Returns the corresponding CallInst if the instruction 202 /// is a malloc call. Since CallInst::CreateMalloc() only creates calls, we 203 /// ignore InvokeInst here. 204 const CallInst *llvm::extractMallocCall(const Value *I, 205 const TargetLibraryInfo *TLI) { 206 return isMallocLikeFn(I, TLI) ? dyn_cast<CallInst>(I) : nullptr; 207 } 208 209 static Value *computeArraySize(const CallInst *CI, const DataLayout &DL, 210 const TargetLibraryInfo *TLI, 211 bool LookThroughSExt = false) { 212 if (!CI) 213 return nullptr; 214 215 // The size of the malloc's result type must be known to determine array size. 216 Type *T = getMallocAllocatedType(CI, TLI); 217 if (!T || !T->isSized()) 218 return nullptr; 219 220 unsigned ElementSize = DL.getTypeAllocSize(T); 221 if (StructType *ST = dyn_cast<StructType>(T)) 222 ElementSize = DL.getStructLayout(ST)->getSizeInBytes(); 223 224 // If malloc call's arg can be determined to be a multiple of ElementSize, 225 // return the multiple. Otherwise, return NULL. 226 Value *MallocArg = CI->getArgOperand(0); 227 Value *Multiple = nullptr; 228 if (ComputeMultiple(MallocArg, ElementSize, Multiple, 229 LookThroughSExt)) 230 return Multiple; 231 232 return nullptr; 233 } 234 235 /// getMallocType - Returns the PointerType resulting from the malloc call. 236 /// The PointerType depends on the number of bitcast uses of the malloc call: 237 /// 0: PointerType is the calls' return type. 238 /// 1: PointerType is the bitcast's result type. 239 /// >1: Unique PointerType cannot be determined, return NULL. 240 PointerType *llvm::getMallocType(const CallInst *CI, 241 const TargetLibraryInfo *TLI) { 242 assert(isMallocLikeFn(CI, TLI) && "getMallocType and not malloc call"); 243 244 PointerType *MallocType = nullptr; 245 unsigned NumOfBitCastUses = 0; 246 247 // Determine if CallInst has a bitcast use. 248 for (Value::const_user_iterator UI = CI->user_begin(), E = CI->user_end(); 249 UI != E;) 250 if (const BitCastInst *BCI = dyn_cast<BitCastInst>(*UI++)) { 251 MallocType = cast<PointerType>(BCI->getDestTy()); 252 NumOfBitCastUses++; 253 } 254 255 // Malloc call has 1 bitcast use, so type is the bitcast's destination type. 256 if (NumOfBitCastUses == 1) 257 return MallocType; 258 259 // Malloc call was not bitcast, so type is the malloc function's return type. 260 if (NumOfBitCastUses == 0) 261 return cast<PointerType>(CI->getType()); 262 263 // Type could not be determined. 264 return nullptr; 265 } 266 267 /// getMallocAllocatedType - Returns the Type allocated by malloc call. 268 /// The Type depends on the number of bitcast uses of the malloc call: 269 /// 0: PointerType is the malloc calls' return type. 270 /// 1: PointerType is the bitcast's result type. 271 /// >1: Unique PointerType cannot be determined, return NULL. 272 Type *llvm::getMallocAllocatedType(const CallInst *CI, 273 const TargetLibraryInfo *TLI) { 274 PointerType *PT = getMallocType(CI, TLI); 275 return PT ? PT->getElementType() : nullptr; 276 } 277 278 /// getMallocArraySize - Returns the array size of a malloc call. If the 279 /// argument passed to malloc is a multiple of the size of the malloced type, 280 /// then return that multiple. For non-array mallocs, the multiple is 281 /// constant 1. Otherwise, return NULL for mallocs whose array size cannot be 282 /// determined. 283 Value *llvm::getMallocArraySize(CallInst *CI, const DataLayout &DL, 284 const TargetLibraryInfo *TLI, 285 bool LookThroughSExt) { 286 assert(isMallocLikeFn(CI, TLI) && "getMallocArraySize and not malloc call"); 287 return computeArraySize(CI, DL, TLI, LookThroughSExt); 288 } 289 290 291 /// extractCallocCall - Returns the corresponding CallInst if the instruction 292 /// is a calloc call. 293 const CallInst *llvm::extractCallocCall(const Value *I, 294 const TargetLibraryInfo *TLI) { 295 return isCallocLikeFn(I, TLI) ? cast<CallInst>(I) : nullptr; 296 } 297 298 299 /// isFreeCall - Returns non-null if the value is a call to the builtin free() 300 const CallInst *llvm::isFreeCall(const Value *I, const TargetLibraryInfo *TLI) { 301 const CallInst *CI = dyn_cast<CallInst>(I); 302 if (!CI || isa<IntrinsicInst>(CI)) 303 return nullptr; 304 Function *Callee = CI->getCalledFunction(); 305 if (Callee == nullptr) 306 return nullptr; 307 308 StringRef FnName = Callee->getName(); 309 LibFunc::Func TLIFn; 310 if (!TLI || !TLI->getLibFunc(FnName, TLIFn) || !TLI->has(TLIFn)) 311 return nullptr; 312 313 unsigned ExpectedNumParams; 314 if (TLIFn == LibFunc::free || 315 TLIFn == LibFunc::ZdlPv || // operator delete(void*) 316 TLIFn == LibFunc::ZdaPv) // operator delete[](void*) 317 ExpectedNumParams = 1; 318 else if (TLIFn == LibFunc::ZdlPvj || // delete(void*, uint) 319 TLIFn == LibFunc::ZdlPvm || // delete(void*, ulong) 320 TLIFn == LibFunc::ZdlPvRKSt9nothrow_t || // delete(void*, nothrow) 321 TLIFn == LibFunc::ZdaPvj || // delete[](void*, uint) 322 TLIFn == LibFunc::ZdaPvm || // delete[](void*, ulong) 323 TLIFn == LibFunc::ZdaPvRKSt9nothrow_t) // delete[](void*, nothrow) 324 ExpectedNumParams = 2; 325 else 326 return nullptr; 327 328 // Check free prototype. 329 // FIXME: workaround for PR5130, this will be obsolete when a nobuiltin 330 // attribute will exist. 331 FunctionType *FTy = Callee->getFunctionType(); 332 if (!FTy->getReturnType()->isVoidTy()) 333 return nullptr; 334 if (FTy->getNumParams() != ExpectedNumParams) 335 return nullptr; 336 if (FTy->getParamType(0) != Type::getInt8PtrTy(Callee->getContext())) 337 return nullptr; 338 339 return CI; 340 } 341 342 343 344 //===----------------------------------------------------------------------===// 345 // Utility functions to compute size of objects. 346 // 347 348 349 /// \brief Compute the size of the object pointed by Ptr. Returns true and the 350 /// object size in Size if successful, and false otherwise. 351 /// If RoundToAlign is true, then Size is rounded up to the aligment of allocas, 352 /// byval arguments, and global variables. 353 bool llvm::getObjectSize(const Value *Ptr, uint64_t &Size, const DataLayout &DL, 354 const TargetLibraryInfo *TLI, bool RoundToAlign) { 355 ObjectSizeOffsetVisitor Visitor(DL, TLI, Ptr->getContext(), RoundToAlign); 356 SizeOffsetType Data = Visitor.compute(const_cast<Value*>(Ptr)); 357 if (!Visitor.bothKnown(Data)) 358 return false; 359 360 APInt ObjSize = Data.first, Offset = Data.second; 361 // check for overflow 362 if (Offset.slt(0) || ObjSize.ult(Offset)) 363 Size = 0; 364 else 365 Size = (ObjSize - Offset).getZExtValue(); 366 return true; 367 } 368 369 370 STATISTIC(ObjectVisitorArgument, 371 "Number of arguments with unsolved size and offset"); 372 STATISTIC(ObjectVisitorLoad, 373 "Number of load instructions with unsolved size and offset"); 374 375 376 APInt ObjectSizeOffsetVisitor::align(APInt Size, uint64_t Align) { 377 if (RoundToAlign && Align) 378 return APInt(IntTyBits, RoundUpToAlignment(Size.getZExtValue(), Align)); 379 return Size; 380 } 381 382 ObjectSizeOffsetVisitor::ObjectSizeOffsetVisitor(const DataLayout &DL, 383 const TargetLibraryInfo *TLI, 384 LLVMContext &Context, 385 bool RoundToAlign) 386 : DL(DL), TLI(TLI), RoundToAlign(RoundToAlign) { 387 // Pointer size must be rechecked for each object visited since it could have 388 // a different address space. 389 } 390 391 SizeOffsetType ObjectSizeOffsetVisitor::compute(Value *V) { 392 IntTyBits = DL.getPointerTypeSizeInBits(V->getType()); 393 Zero = APInt::getNullValue(IntTyBits); 394 395 V = V->stripPointerCasts(); 396 if (Instruction *I = dyn_cast<Instruction>(V)) { 397 // If we have already seen this instruction, bail out. Cycles can happen in 398 // unreachable code after constant propagation. 399 if (!SeenInsts.insert(I).second) 400 return unknown(); 401 402 if (GEPOperator *GEP = dyn_cast<GEPOperator>(V)) 403 return visitGEPOperator(*GEP); 404 return visit(*I); 405 } 406 if (Argument *A = dyn_cast<Argument>(V)) 407 return visitArgument(*A); 408 if (ConstantPointerNull *P = dyn_cast<ConstantPointerNull>(V)) 409 return visitConstantPointerNull(*P); 410 if (GlobalAlias *GA = dyn_cast<GlobalAlias>(V)) 411 return visitGlobalAlias(*GA); 412 if (GlobalVariable *GV = dyn_cast<GlobalVariable>(V)) 413 return visitGlobalVariable(*GV); 414 if (UndefValue *UV = dyn_cast<UndefValue>(V)) 415 return visitUndefValue(*UV); 416 if (ConstantExpr *CE = dyn_cast<ConstantExpr>(V)) { 417 if (CE->getOpcode() == Instruction::IntToPtr) 418 return unknown(); // clueless 419 if (CE->getOpcode() == Instruction::GetElementPtr) 420 return visitGEPOperator(cast<GEPOperator>(*CE)); 421 } 422 423 DEBUG(dbgs() << "ObjectSizeOffsetVisitor::compute() unhandled value: " << *V 424 << '\n'); 425 return unknown(); 426 } 427 428 SizeOffsetType ObjectSizeOffsetVisitor::visitAllocaInst(AllocaInst &I) { 429 if (!I.getAllocatedType()->isSized()) 430 return unknown(); 431 432 APInt Size(IntTyBits, DL.getTypeAllocSize(I.getAllocatedType())); 433 if (!I.isArrayAllocation()) 434 return std::make_pair(align(Size, I.getAlignment()), Zero); 435 436 Value *ArraySize = I.getArraySize(); 437 if (const ConstantInt *C = dyn_cast<ConstantInt>(ArraySize)) { 438 Size *= C->getValue().zextOrSelf(IntTyBits); 439 return std::make_pair(align(Size, I.getAlignment()), Zero); 440 } 441 return unknown(); 442 } 443 444 SizeOffsetType ObjectSizeOffsetVisitor::visitArgument(Argument &A) { 445 // no interprocedural analysis is done at the moment 446 if (!A.hasByValOrInAllocaAttr()) { 447 ++ObjectVisitorArgument; 448 return unknown(); 449 } 450 PointerType *PT = cast<PointerType>(A.getType()); 451 APInt Size(IntTyBits, DL.getTypeAllocSize(PT->getElementType())); 452 return std::make_pair(align(Size, A.getParamAlignment()), Zero); 453 } 454 455 SizeOffsetType ObjectSizeOffsetVisitor::visitCallSite(CallSite CS) { 456 const AllocFnsTy *FnData = getAllocationData(CS.getInstruction(), AnyAlloc, 457 TLI); 458 if (!FnData) 459 return unknown(); 460 461 // handle strdup-like functions separately 462 if (FnData->AllocTy == StrDupLike) { 463 APInt Size(IntTyBits, GetStringLength(CS.getArgument(0))); 464 if (!Size) 465 return unknown(); 466 467 // strndup limits strlen 468 if (FnData->FstParam > 0) { 469 ConstantInt *Arg= dyn_cast<ConstantInt>(CS.getArgument(FnData->FstParam)); 470 if (!Arg) 471 return unknown(); 472 473 APInt MaxSize = Arg->getValue().zextOrSelf(IntTyBits); 474 if (Size.ugt(MaxSize)) 475 Size = MaxSize + 1; 476 } 477 return std::make_pair(Size, Zero); 478 } 479 480 ConstantInt *Arg = dyn_cast<ConstantInt>(CS.getArgument(FnData->FstParam)); 481 if (!Arg) 482 return unknown(); 483 484 APInt Size = Arg->getValue().zextOrSelf(IntTyBits); 485 // size determined by just 1 parameter 486 if (FnData->SndParam < 0) 487 return std::make_pair(Size, Zero); 488 489 Arg = dyn_cast<ConstantInt>(CS.getArgument(FnData->SndParam)); 490 if (!Arg) 491 return unknown(); 492 493 Size *= Arg->getValue().zextOrSelf(IntTyBits); 494 return std::make_pair(Size, Zero); 495 496 // TODO: handle more standard functions (+ wchar cousins): 497 // - strdup / strndup 498 // - strcpy / strncpy 499 // - strcat / strncat 500 // - memcpy / memmove 501 // - strcat / strncat 502 // - memset 503 } 504 505 SizeOffsetType 506 ObjectSizeOffsetVisitor::visitConstantPointerNull(ConstantPointerNull&) { 507 return std::make_pair(Zero, Zero); 508 } 509 510 SizeOffsetType 511 ObjectSizeOffsetVisitor::visitExtractElementInst(ExtractElementInst&) { 512 return unknown(); 513 } 514 515 SizeOffsetType 516 ObjectSizeOffsetVisitor::visitExtractValueInst(ExtractValueInst&) { 517 // Easy cases were already folded by previous passes. 518 return unknown(); 519 } 520 521 SizeOffsetType ObjectSizeOffsetVisitor::visitGEPOperator(GEPOperator &GEP) { 522 SizeOffsetType PtrData = compute(GEP.getPointerOperand()); 523 APInt Offset(IntTyBits, 0); 524 if (!bothKnown(PtrData) || !GEP.accumulateConstantOffset(DL, Offset)) 525 return unknown(); 526 527 return std::make_pair(PtrData.first, PtrData.second + Offset); 528 } 529 530 SizeOffsetType ObjectSizeOffsetVisitor::visitGlobalAlias(GlobalAlias &GA) { 531 if (GA.mayBeOverridden()) 532 return unknown(); 533 return compute(GA.getAliasee()); 534 } 535 536 SizeOffsetType ObjectSizeOffsetVisitor::visitGlobalVariable(GlobalVariable &GV){ 537 if (!GV.hasDefinitiveInitializer()) 538 return unknown(); 539 540 APInt Size(IntTyBits, DL.getTypeAllocSize(GV.getType()->getElementType())); 541 return std::make_pair(align(Size, GV.getAlignment()), Zero); 542 } 543 544 SizeOffsetType ObjectSizeOffsetVisitor::visitIntToPtrInst(IntToPtrInst&) { 545 // clueless 546 return unknown(); 547 } 548 549 SizeOffsetType ObjectSizeOffsetVisitor::visitLoadInst(LoadInst&) { 550 ++ObjectVisitorLoad; 551 return unknown(); 552 } 553 554 SizeOffsetType ObjectSizeOffsetVisitor::visitPHINode(PHINode&) { 555 // too complex to analyze statically. 556 return unknown(); 557 } 558 559 SizeOffsetType ObjectSizeOffsetVisitor::visitSelectInst(SelectInst &I) { 560 SizeOffsetType TrueSide = compute(I.getTrueValue()); 561 SizeOffsetType FalseSide = compute(I.getFalseValue()); 562 if (bothKnown(TrueSide) && bothKnown(FalseSide) && TrueSide == FalseSide) 563 return TrueSide; 564 return unknown(); 565 } 566 567 SizeOffsetType ObjectSizeOffsetVisitor::visitUndefValue(UndefValue&) { 568 return std::make_pair(Zero, Zero); 569 } 570 571 SizeOffsetType ObjectSizeOffsetVisitor::visitInstruction(Instruction &I) { 572 DEBUG(dbgs() << "ObjectSizeOffsetVisitor unknown instruction:" << I << '\n'); 573 return unknown(); 574 } 575 576 ObjectSizeOffsetEvaluator::ObjectSizeOffsetEvaluator( 577 const DataLayout &DL, const TargetLibraryInfo *TLI, LLVMContext &Context, 578 bool RoundToAlign) 579 : DL(DL), TLI(TLI), Context(Context), Builder(Context, TargetFolder(DL)), 580 RoundToAlign(RoundToAlign) { 581 // IntTy and Zero must be set for each compute() since the address space may 582 // be different for later objects. 583 } 584 585 SizeOffsetEvalType ObjectSizeOffsetEvaluator::compute(Value *V) { 586 // XXX - Are vectors of pointers possible here? 587 IntTy = cast<IntegerType>(DL.getIntPtrType(V->getType())); 588 Zero = ConstantInt::get(IntTy, 0); 589 590 SizeOffsetEvalType Result = compute_(V); 591 592 if (!bothKnown(Result)) { 593 // erase everything that was computed in this iteration from the cache, so 594 // that no dangling references are left behind. We could be a bit smarter if 595 // we kept a dependency graph. It's probably not worth the complexity. 596 for (PtrSetTy::iterator I=SeenVals.begin(), E=SeenVals.end(); I != E; ++I) { 597 CacheMapTy::iterator CacheIt = CacheMap.find(*I); 598 // non-computable results can be safely cached 599 if (CacheIt != CacheMap.end() && anyKnown(CacheIt->second)) 600 CacheMap.erase(CacheIt); 601 } 602 } 603 604 SeenVals.clear(); 605 return Result; 606 } 607 608 SizeOffsetEvalType ObjectSizeOffsetEvaluator::compute_(Value *V) { 609 ObjectSizeOffsetVisitor Visitor(DL, TLI, Context, RoundToAlign); 610 SizeOffsetType Const = Visitor.compute(V); 611 if (Visitor.bothKnown(Const)) 612 return std::make_pair(ConstantInt::get(Context, Const.first), 613 ConstantInt::get(Context, Const.second)); 614 615 V = V->stripPointerCasts(); 616 617 // check cache 618 CacheMapTy::iterator CacheIt = CacheMap.find(V); 619 if (CacheIt != CacheMap.end()) 620 return CacheIt->second; 621 622 // always generate code immediately before the instruction being 623 // processed, so that the generated code dominates the same BBs 624 Instruction *PrevInsertPoint = Builder.GetInsertPoint(); 625 if (Instruction *I = dyn_cast<Instruction>(V)) 626 Builder.SetInsertPoint(I); 627 628 // now compute the size and offset 629 SizeOffsetEvalType Result; 630 631 // Record the pointers that were handled in this run, so that they can be 632 // cleaned later if something fails. We also use this set to break cycles that 633 // can occur in dead code. 634 if (!SeenVals.insert(V).second) { 635 Result = unknown(); 636 } else if (GEPOperator *GEP = dyn_cast<GEPOperator>(V)) { 637 Result = visitGEPOperator(*GEP); 638 } else if (Instruction *I = dyn_cast<Instruction>(V)) { 639 Result = visit(*I); 640 } else if (isa<Argument>(V) || 641 (isa<ConstantExpr>(V) && 642 cast<ConstantExpr>(V)->getOpcode() == Instruction::IntToPtr) || 643 isa<GlobalAlias>(V) || 644 isa<GlobalVariable>(V)) { 645 // ignore values where we cannot do more than what ObjectSizeVisitor can 646 Result = unknown(); 647 } else { 648 DEBUG(dbgs() << "ObjectSizeOffsetEvaluator::compute() unhandled value: " 649 << *V << '\n'); 650 Result = unknown(); 651 } 652 653 if (PrevInsertPoint) 654 Builder.SetInsertPoint(PrevInsertPoint); 655 656 // Don't reuse CacheIt since it may be invalid at this point. 657 CacheMap[V] = Result; 658 return Result; 659 } 660 661 SizeOffsetEvalType ObjectSizeOffsetEvaluator::visitAllocaInst(AllocaInst &I) { 662 if (!I.getAllocatedType()->isSized()) 663 return unknown(); 664 665 // must be a VLA 666 assert(I.isArrayAllocation()); 667 Value *ArraySize = I.getArraySize(); 668 Value *Size = ConstantInt::get(ArraySize->getType(), 669 DL.getTypeAllocSize(I.getAllocatedType())); 670 Size = Builder.CreateMul(Size, ArraySize); 671 return std::make_pair(Size, Zero); 672 } 673 674 SizeOffsetEvalType ObjectSizeOffsetEvaluator::visitCallSite(CallSite CS) { 675 const AllocFnsTy *FnData = getAllocationData(CS.getInstruction(), AnyAlloc, 676 TLI); 677 if (!FnData) 678 return unknown(); 679 680 // handle strdup-like functions separately 681 if (FnData->AllocTy == StrDupLike) { 682 // TODO 683 return unknown(); 684 } 685 686 Value *FirstArg = CS.getArgument(FnData->FstParam); 687 FirstArg = Builder.CreateZExt(FirstArg, IntTy); 688 if (FnData->SndParam < 0) 689 return std::make_pair(FirstArg, Zero); 690 691 Value *SecondArg = CS.getArgument(FnData->SndParam); 692 SecondArg = Builder.CreateZExt(SecondArg, IntTy); 693 Value *Size = Builder.CreateMul(FirstArg, SecondArg); 694 return std::make_pair(Size, Zero); 695 696 // TODO: handle more standard functions (+ wchar cousins): 697 // - strdup / strndup 698 // - strcpy / strncpy 699 // - strcat / strncat 700 // - memcpy / memmove 701 // - strcat / strncat 702 // - memset 703 } 704 705 SizeOffsetEvalType 706 ObjectSizeOffsetEvaluator::visitExtractElementInst(ExtractElementInst&) { 707 return unknown(); 708 } 709 710 SizeOffsetEvalType 711 ObjectSizeOffsetEvaluator::visitExtractValueInst(ExtractValueInst&) { 712 return unknown(); 713 } 714 715 SizeOffsetEvalType 716 ObjectSizeOffsetEvaluator::visitGEPOperator(GEPOperator &GEP) { 717 SizeOffsetEvalType PtrData = compute_(GEP.getPointerOperand()); 718 if (!bothKnown(PtrData)) 719 return unknown(); 720 721 Value *Offset = EmitGEPOffset(&Builder, DL, &GEP, /*NoAssumptions=*/true); 722 Offset = Builder.CreateAdd(PtrData.second, Offset); 723 return std::make_pair(PtrData.first, Offset); 724 } 725 726 SizeOffsetEvalType ObjectSizeOffsetEvaluator::visitIntToPtrInst(IntToPtrInst&) { 727 // clueless 728 return unknown(); 729 } 730 731 SizeOffsetEvalType ObjectSizeOffsetEvaluator::visitLoadInst(LoadInst&) { 732 return unknown(); 733 } 734 735 SizeOffsetEvalType ObjectSizeOffsetEvaluator::visitPHINode(PHINode &PHI) { 736 // create 2 PHIs: one for size and another for offset 737 PHINode *SizePHI = Builder.CreatePHI(IntTy, PHI.getNumIncomingValues()); 738 PHINode *OffsetPHI = Builder.CreatePHI(IntTy, PHI.getNumIncomingValues()); 739 740 // insert right away in the cache to handle recursive PHIs 741 CacheMap[&PHI] = std::make_pair(SizePHI, OffsetPHI); 742 743 // compute offset/size for each PHI incoming pointer 744 for (unsigned i = 0, e = PHI.getNumIncomingValues(); i != e; ++i) { 745 Builder.SetInsertPoint(PHI.getIncomingBlock(i)->getFirstInsertionPt()); 746 SizeOffsetEvalType EdgeData = compute_(PHI.getIncomingValue(i)); 747 748 if (!bothKnown(EdgeData)) { 749 OffsetPHI->replaceAllUsesWith(UndefValue::get(IntTy)); 750 OffsetPHI->eraseFromParent(); 751 SizePHI->replaceAllUsesWith(UndefValue::get(IntTy)); 752 SizePHI->eraseFromParent(); 753 return unknown(); 754 } 755 SizePHI->addIncoming(EdgeData.first, PHI.getIncomingBlock(i)); 756 OffsetPHI->addIncoming(EdgeData.second, PHI.getIncomingBlock(i)); 757 } 758 759 Value *Size = SizePHI, *Offset = OffsetPHI, *Tmp; 760 if ((Tmp = SizePHI->hasConstantValue())) { 761 Size = Tmp; 762 SizePHI->replaceAllUsesWith(Size); 763 SizePHI->eraseFromParent(); 764 } 765 if ((Tmp = OffsetPHI->hasConstantValue())) { 766 Offset = Tmp; 767 OffsetPHI->replaceAllUsesWith(Offset); 768 OffsetPHI->eraseFromParent(); 769 } 770 return std::make_pair(Size, Offset); 771 } 772 773 SizeOffsetEvalType ObjectSizeOffsetEvaluator::visitSelectInst(SelectInst &I) { 774 SizeOffsetEvalType TrueSide = compute_(I.getTrueValue()); 775 SizeOffsetEvalType FalseSide = compute_(I.getFalseValue()); 776 777 if (!bothKnown(TrueSide) || !bothKnown(FalseSide)) 778 return unknown(); 779 if (TrueSide == FalseSide) 780 return TrueSide; 781 782 Value *Size = Builder.CreateSelect(I.getCondition(), TrueSide.first, 783 FalseSide.first); 784 Value *Offset = Builder.CreateSelect(I.getCondition(), TrueSide.second, 785 FalseSide.second); 786 return std::make_pair(Size, Offset); 787 } 788 789 SizeOffsetEvalType ObjectSizeOffsetEvaluator::visitInstruction(Instruction &I) { 790 DEBUG(dbgs() << "ObjectSizeOffsetEvaluator unknown instruction:" << I <<'\n'); 791 return unknown(); 792 } 793
