1 //===------ MemoryBuiltins.cpp - Identify calls to memory builtins --------===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This family of functions identifies calls to builtin functions that allocate 11 // or free memory. 12 // 13 //===----------------------------------------------------------------------===// 14 15 #include "llvm/Analysis/MemoryBuiltins.h" 16 #include "llvm/Constants.h" 17 #include "llvm/Instructions.h" 18 #include "llvm/Module.h" 19 #include "llvm/Analysis/ValueTracking.h" 20 #include "llvm/Target/TargetData.h" 21 using namespace llvm; 22 23 //===----------------------------------------------------------------------===// 24 // malloc Call Utility Functions. 25 // 26 27 /// isMalloc - Returns true if the value is either a malloc call or a 28 /// bitcast of the result of a malloc call. 29 bool llvm::isMalloc(const Value *I) { 30 return extractMallocCall(I) || extractMallocCallFromBitCast(I); 31 } 32 33 static bool isMallocCall(const CallInst *CI) { 34 if (!CI) 35 return false; 36 37 Function *Callee = CI->getCalledFunction(); 38 if (Callee == 0 || !Callee->isDeclaration()) 39 return false; 40 if (Callee->getName() != "malloc" && 41 Callee->getName() != "_Znwj" && // operator new(unsigned int) 42 Callee->getName() != "_Znwm" && // operator new(unsigned long) 43 Callee->getName() != "_Znaj" && // operator new[](unsigned int) 44 Callee->getName() != "_Znam") // operator new[](unsigned long) 45 return false; 46 47 // Check malloc prototype. 48 // FIXME: workaround for PR5130, this will be obsolete when a nobuiltin 49 // attribute will exist. 50 FunctionType *FTy = Callee->getFunctionType(); 51 if (FTy->getNumParams() != 1) 52 return false; 53 return FTy->getParamType(0)->isIntegerTy(32) || 54 FTy->getParamType(0)->isIntegerTy(64); 55 } 56 57 /// extractMallocCall - Returns the corresponding CallInst if the instruction 58 /// is a malloc call. Since CallInst::CreateMalloc() only creates calls, we 59 /// ignore InvokeInst here. 60 const CallInst *llvm::extractMallocCall(const Value *I) { 61 const CallInst *CI = dyn_cast<CallInst>(I); 62 return (isMallocCall(CI)) ? CI : NULL; 63 } 64 65 CallInst *llvm::extractMallocCall(Value *I) { 66 CallInst *CI = dyn_cast<CallInst>(I); 67 return (isMallocCall(CI)) ? CI : NULL; 68 } 69 70 static bool isBitCastOfMallocCall(const BitCastInst *BCI) { 71 if (!BCI) 72 return false; 73 74 return isMallocCall(dyn_cast<CallInst>(BCI->getOperand(0))); 75 } 76 77 /// extractMallocCallFromBitCast - Returns the corresponding CallInst if the 78 /// instruction is a bitcast of the result of a malloc call. 79 CallInst *llvm::extractMallocCallFromBitCast(Value *I) { 80 BitCastInst *BCI = dyn_cast<BitCastInst>(I); 81 return (isBitCastOfMallocCall(BCI)) ? cast<CallInst>(BCI->getOperand(0)) 82 : NULL; 83 } 84 85 const CallInst *llvm::extractMallocCallFromBitCast(const Value *I) { 86 const BitCastInst *BCI = dyn_cast<BitCastInst>(I); 87 return (isBitCastOfMallocCall(BCI)) ? cast<CallInst>(BCI->getOperand(0)) 88 : NULL; 89 } 90 91 static Value *computeArraySize(const CallInst *CI, const TargetData *TD, 92 bool LookThroughSExt = false) { 93 if (!CI) 94 return NULL; 95 96 // The size of the malloc's result type must be known to determine array size. 97 Type *T = getMallocAllocatedType(CI); 98 if (!T || !T->isSized() || !TD) 99 return NULL; 100 101 unsigned ElementSize = TD->getTypeAllocSize(T); 102 if (StructType *ST = dyn_cast<StructType>(T)) 103 ElementSize = TD->getStructLayout(ST)->getSizeInBytes(); 104 105 // If malloc call's arg can be determined to be a multiple of ElementSize, 106 // return the multiple. Otherwise, return NULL. 107 Value *MallocArg = CI->getArgOperand(0); 108 Value *Multiple = NULL; 109 if (ComputeMultiple(MallocArg, ElementSize, Multiple, 110 LookThroughSExt)) 111 return Multiple; 112 113 return NULL; 114 } 115 116 /// isArrayMalloc - Returns the corresponding CallInst if the instruction 117 /// is a call to malloc whose array size can be determined and the array size 118 /// is not constant 1. Otherwise, return NULL. 119 const CallInst *llvm::isArrayMalloc(const Value *I, const TargetData *TD) { 120 const CallInst *CI = extractMallocCall(I); 121 Value *ArraySize = computeArraySize(CI, TD); 122 123 if (ArraySize && 124 ArraySize != ConstantInt::get(CI->getArgOperand(0)->getType(), 1)) 125 return CI; 126 127 // CI is a non-array malloc or we can't figure out that it is an array malloc. 128 return NULL; 129 } 130 131 /// getMallocType - Returns the PointerType resulting from the malloc call. 132 /// The PointerType depends on the number of bitcast uses of the malloc call: 133 /// 0: PointerType is the calls' return type. 134 /// 1: PointerType is the bitcast's result type. 135 /// >1: Unique PointerType cannot be determined, return NULL. 136 PointerType *llvm::getMallocType(const CallInst *CI) { 137 assert(isMalloc(CI) && "getMallocType and not malloc call"); 138 139 PointerType *MallocType = NULL; 140 unsigned NumOfBitCastUses = 0; 141 142 // Determine if CallInst has a bitcast use. 143 for (Value::const_use_iterator UI = CI->use_begin(), E = CI->use_end(); 144 UI != E; ) 145 if (const BitCastInst *BCI = dyn_cast<BitCastInst>(*UI++)) { 146 MallocType = cast<PointerType>(BCI->getDestTy()); 147 NumOfBitCastUses++; 148 } 149 150 // Malloc call has 1 bitcast use, so type is the bitcast's destination type. 151 if (NumOfBitCastUses == 1) 152 return MallocType; 153 154 // Malloc call was not bitcast, so type is the malloc function's return type. 155 if (NumOfBitCastUses == 0) 156 return cast<PointerType>(CI->getType()); 157 158 // Type could not be determined. 159 return NULL; 160 } 161 162 /// getMallocAllocatedType - Returns the Type allocated by malloc call. 163 /// The Type depends on the number of bitcast uses of the malloc call: 164 /// 0: PointerType is the malloc calls' return type. 165 /// 1: PointerType is the bitcast's result type. 166 /// >1: Unique PointerType cannot be determined, return NULL. 167 Type *llvm::getMallocAllocatedType(const CallInst *CI) { 168 PointerType *PT = getMallocType(CI); 169 return PT ? PT->getElementType() : NULL; 170 } 171 172 /// getMallocArraySize - Returns the array size of a malloc call. If the 173 /// argument passed to malloc is a multiple of the size of the malloced type, 174 /// then return that multiple. For non-array mallocs, the multiple is 175 /// constant 1. Otherwise, return NULL for mallocs whose array size cannot be 176 /// determined. 177 Value *llvm::getMallocArraySize(CallInst *CI, const TargetData *TD, 178 bool LookThroughSExt) { 179 assert(isMalloc(CI) && "getMallocArraySize and not malloc call"); 180 return computeArraySize(CI, TD, LookThroughSExt); 181 } 182 183 //===----------------------------------------------------------------------===// 184 // free Call Utility Functions. 185 // 186 187 /// isFreeCall - Returns non-null if the value is a call to the builtin free() 188 const CallInst *llvm::isFreeCall(const Value *I) { 189 const CallInst *CI = dyn_cast<CallInst>(I); 190 if (!CI) 191 return 0; 192 Function *Callee = CI->getCalledFunction(); 193 if (Callee == 0 || !Callee->isDeclaration()) 194 return 0; 195 196 if (Callee->getName() != "free" && 197 Callee->getName() != "_ZdlPv" && // operator delete(void*) 198 Callee->getName() != "_ZdaPv") // operator delete[](void*) 199 return 0; 200 201 // Check free prototype. 202 // FIXME: workaround for PR5130, this will be obsolete when a nobuiltin 203 // attribute will exist. 204 FunctionType *FTy = Callee->getFunctionType(); 205 if (!FTy->getReturnType()->isVoidTy()) 206 return 0; 207 if (FTy->getNumParams() != 1) 208 return 0; 209 if (FTy->getParamType(0) != Type::getInt8PtrTy(Callee->getContext())) 210 return 0; 211 212 return CI; 213 } 214
