1 //===- Local.cpp - Compute a local data structure graph for a function ----===//
3 // The LLVM Compiler Infrastructure
5 // This file was developed by the LLVM research group and is distributed under
6 // the University of Illinois Open Source License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // Compute the local version of the data structure graph for a function. The
11 // external interface to this file is the DSGraph constructor.
13 //===----------------------------------------------------------------------===//
15 #include "llvm/Analysis/DataStructure.h"
16 #include "llvm/Analysis/DSGraph.h"
17 #include "llvm/Constants.h"
18 #include "llvm/DerivedTypes.h"
19 #include "llvm/Instructions.h"
20 #include "llvm/Intrinsics.h"
21 #include "llvm/Support/GetElementPtrTypeIterator.h"
22 #include "llvm/Support/InstVisitor.h"
23 #include "llvm/Target/TargetData.h"
24 #include "Support/CommandLine.h"
25 #include "Support/Debug.h"
26 #include "Support/Timer.h"
28 // FIXME: This should eventually be a FunctionPass that is automatically
29 // aggregated into a Pass.
31 #include "llvm/Module.h"
35 static RegisterAnalysis<LocalDataStructures>
36 X("datastructure", "Local Data Structure Analysis");
39 TrackIntegersAsPointers("dsa-track-integers",
40 cl::desc("If this is set, track integers as potential pointers"));
45 // isPointerType - Return true if this type is big enough to hold a pointer.
46 bool isPointerType(const Type *Ty) {
47 if (isa<PointerType>(Ty))
49 else if (TrackIntegersAsPointers && Ty->isPrimitiveType() &&Ty->isInteger())
50 return Ty->getPrimitiveSize() >= PointerSize;
59 DisableDirectCallOpt("disable-direct-call-dsopt", cl::Hidden,
60 cl::desc("Disable direct call optimization in "
61 "DSGraph construction"));
63 DisableFieldSensitivity("disable-ds-field-sensitivity", cl::Hidden,
64 cl::desc("Disable field sensitivity in DSGraphs"));
66 //===--------------------------------------------------------------------===//
68 //===--------------------------------------------------------------------===//
70 /// This class is the builder class that constructs the local data structure
71 /// graph by performing a single pass over the function in question.
73 class GraphBuilder : InstVisitor<GraphBuilder> {
75 DSNodeHandle *RetNode; // Node that gets returned...
76 DSScalarMap &ScalarMap;
77 std::vector<DSCallSite> *FunctionCalls;
80 GraphBuilder(Function &f, DSGraph &g, DSNodeHandle &retNode,
81 std::vector<DSCallSite> &fc)
82 : G(g), RetNode(&retNode), ScalarMap(G.getScalarMap()),
85 // Create scalar nodes for all pointer arguments...
86 for (Function::aiterator I = f.abegin(), E = f.aend(); I != E; ++I)
87 if (isPointerType(I->getType()))
90 visit(f); // Single pass over the function
93 // GraphBuilder ctor for working on the globals graph
94 GraphBuilder(DSGraph &g)
95 : G(g), RetNode(0), ScalarMap(G.getScalarMap()), FunctionCalls(0) {
98 void mergeInGlobalInitializer(GlobalVariable *GV);
101 // Visitor functions, used to handle each instruction type we encounter...
102 friend class InstVisitor<GraphBuilder>;
103 void visitMallocInst(MallocInst &MI) { handleAlloc(MI, true); }
104 void visitAllocaInst(AllocaInst &AI) { handleAlloc(AI, false); }
105 void handleAlloc(AllocationInst &AI, bool isHeap);
107 void visitPHINode(PHINode &PN);
109 void visitGetElementPtrInst(User &GEP);
110 void visitReturnInst(ReturnInst &RI);
111 void visitLoadInst(LoadInst &LI);
112 void visitStoreInst(StoreInst &SI);
113 void visitCallInst(CallInst &CI);
114 void visitInvokeInst(InvokeInst &II);
115 void visitSetCondInst(SetCondInst &SCI) {} // SetEQ & friends are ignored
116 void visitFreeInst(FreeInst &FI);
117 void visitCastInst(CastInst &CI);
118 void visitInstruction(Instruction &I);
120 void visitCallSite(CallSite CS);
122 void MergeConstantInitIntoNode(DSNodeHandle &NH, Constant *C);
124 // Helper functions used to implement the visitation functions...
126 /// createNode - Create a new DSNode, ensuring that it is properly added to
129 DSNode *createNode(const Type *Ty = 0) {
130 DSNode *N = new DSNode(Ty, &G); // Create the node
131 if (DisableFieldSensitivity) {
132 N->foldNodeCompletely();
133 if (DSNode *FN = N->getForwardNode())
139 /// setDestTo - Set the ScalarMap entry for the specified value to point to
140 /// the specified destination. If the Value already points to a node, make
141 /// sure to merge the two destinations together.
143 void setDestTo(Value &V, const DSNodeHandle &NH);
145 /// getValueDest - Return the DSNode that the actual value points to.
147 DSNodeHandle getValueDest(Value &V);
149 /// getLink - This method is used to return the specified link in the
150 /// specified node if one exists. If a link does not already exist (it's
151 /// null), then we create a new node, link it, then return it.
153 DSNodeHandle &getLink(const DSNodeHandle &Node, unsigned Link = 0);
159 //===----------------------------------------------------------------------===//
160 // DSGraph constructor - Simply use the GraphBuilder to construct the local
162 DSGraph::DSGraph(const TargetData &td, Function &F, DSGraph *GG)
163 : GlobalsGraph(GG), TD(td) {
164 PrintAuxCalls = false;
166 DEBUG(std::cerr << " [Loc] Calculating graph for: " << F.getName() << "\n");
168 // Use the graph builder to construct the local version of the graph
169 GraphBuilder B(F, *this, ReturnNodes[&F], FunctionCalls);
171 Timer::addPeakMemoryMeasurement();
174 // Remove all integral constants from the scalarmap!
175 for (DSScalarMap::iterator I = ScalarMap.begin(); I != ScalarMap.end();)
176 if (isa<ConstantIntegral>(I->first))
177 ScalarMap.erase(I++);
181 markIncompleteNodes(DSGraph::MarkFormalArgs);
183 // Remove any nodes made dead due to merging...
184 removeDeadNodes(DSGraph::KeepUnreachableGlobals);
188 //===----------------------------------------------------------------------===//
189 // Helper method implementations...
192 /// getValueDest - Return the DSNode that the actual value points to.
194 DSNodeHandle GraphBuilder::getValueDest(Value &Val) {
196 if (V == Constant::getNullValue(V->getType()))
197 return 0; // Null doesn't point to anything, don't add to ScalarMap!
199 DSNodeHandle &NH = ScalarMap[V];
201 return NH; // Already have a node? Just return it...
203 // Otherwise we need to create a new node to point to.
204 // Check first for constant expressions that must be traversed to
205 // extract the actual value.
206 if (Constant *C = dyn_cast<Constant>(V))
207 if (ConstantPointerRef *CPR = dyn_cast<ConstantPointerRef>(C)) {
208 return NH = getValueDest(*CPR->getValue());
209 } else if (ConstantExpr *CE = dyn_cast<ConstantExpr>(C)) {
210 if (CE->getOpcode() == Instruction::Cast)
211 NH = getValueDest(*CE->getOperand(0));
212 else if (CE->getOpcode() == Instruction::GetElementPtr) {
213 visitGetElementPtrInst(*CE);
214 DSScalarMap::iterator I = ScalarMap.find(CE);
215 assert(I != ScalarMap.end() && "GEP didn't get processed right?");
218 // This returns a conservative unknown node for any unhandled ConstExpr
219 return NH = createNode()->setUnknownNodeMarker();
221 if (NH.getNode() == 0) { // (getelementptr null, X) returns null
227 } else if (ConstantIntegral *CI = dyn_cast<ConstantIntegral>(C)) {
228 // Random constants are unknown mem
229 return NH = createNode()->setUnknownNodeMarker();
231 assert(0 && "Unknown constant type!");
234 // Otherwise we need to create a new node to point to...
236 if (GlobalValue *GV = dyn_cast<GlobalValue>(V)) {
237 // Create a new global node for this global variable...
238 N = createNode(GV->getType()->getElementType());
241 // Otherwise just create a shadow node
245 NH.setNode(N); // Remember that we are pointing to it...
251 /// getLink - This method is used to return the specified link in the
252 /// specified node if one exists. If a link does not already exist (it's
253 /// null), then we create a new node, link it, then return it. We must
254 /// specify the type of the Node field we are accessing so that we know what
255 /// type should be linked to if we need to create a new node.
257 DSNodeHandle &GraphBuilder::getLink(const DSNodeHandle &node, unsigned LinkNo) {
258 DSNodeHandle &Node = const_cast<DSNodeHandle&>(node);
259 DSNodeHandle &Link = Node.getLink(LinkNo);
260 if (!Link.getNode()) {
261 // If the link hasn't been created yet, make and return a new shadow node
268 /// setDestTo - Set the ScalarMap entry for the specified value to point to the
269 /// specified destination. If the Value already points to a node, make sure to
270 /// merge the two destinations together.
272 void GraphBuilder::setDestTo(Value &V, const DSNodeHandle &NH) {
273 DSNodeHandle &AINH = ScalarMap[&V];
274 if (AINH.getNode() == 0) // Not pointing to anything yet?
275 AINH = NH; // Just point directly to NH
281 //===----------------------------------------------------------------------===//
282 // Specific instruction type handler implementations...
285 /// Alloca & Malloc instruction implementation - Simply create a new memory
286 /// object, pointing the scalar to it.
288 void GraphBuilder::handleAlloc(AllocationInst &AI, bool isHeap) {
289 DSNode *N = createNode();
291 N->setHeapNodeMarker();
293 N->setAllocaNodeMarker();
297 // PHINode - Make the scalar for the PHI node point to all of the things the
298 // incoming values point to... which effectively causes them to be merged.
300 void GraphBuilder::visitPHINode(PHINode &PN) {
301 if (!isPointerType(PN.getType())) return; // Only pointer PHIs
303 DSNodeHandle &PNDest = ScalarMap[&PN];
304 for (unsigned i = 0, e = PN.getNumIncomingValues(); i != e; ++i)
305 PNDest.mergeWith(getValueDest(*PN.getIncomingValue(i)));
308 void GraphBuilder::visitGetElementPtrInst(User &GEP) {
309 DSNodeHandle Value = getValueDest(*GEP.getOperand(0));
310 if (Value.getNode() == 0) return;
312 // As a special case, if all of the index operands of GEP are constant zeros,
313 // handle this just like we handle casts (ie, don't do much).
314 bool AllZeros = true;
315 for (unsigned i = 1, e = GEP.getNumOperands(); i != e; ++i)
316 if (GEP.getOperand(i) !=
317 Constant::getNullValue(GEP.getOperand(i)->getType())) {
322 // If all of the indices are zero, the result points to the operand without
323 // applying the type.
325 setDestTo(GEP, Value);
330 const PointerType *PTy = cast<PointerType>(GEP.getOperand(0)->getType());
331 const Type *CurTy = PTy->getElementType();
333 if (Value.getNode()->mergeTypeInfo(CurTy, Value.getOffset())) {
334 // If the node had to be folded... exit quickly
335 setDestTo(GEP, Value); // GEP result points to folded node
339 const TargetData &TD = Value.getNode()->getTargetData();
342 // Handle the pointer index specially...
343 if (GEP.getNumOperands() > 1 &&
344 GEP.getOperand(1) != ConstantSInt::getNullValue(Type::LongTy)) {
346 // If we already know this is an array being accessed, don't do anything...
347 if (!TopTypeRec.isArray) {
348 TopTypeRec.isArray = true;
350 // If we are treating some inner field pointer as an array, fold the node
351 // up because we cannot handle it right. This can come because of
352 // something like this: &((&Pt->X)[1]) == &Pt->Y
354 if (Value.getOffset()) {
355 // Value is now the pointer we want to GEP to be...
356 Value.getNode()->foldNodeCompletely();
357 setDestTo(GEP, Value); // GEP result points to folded node
360 // This is a pointer to the first byte of the node. Make sure that we
361 // are pointing to the outter most type in the node.
362 // FIXME: We need to check one more case here...
368 // All of these subscripts are indexing INTO the elements we have...
370 for (gep_type_iterator I = gep_type_begin(GEP), E = gep_type_end(GEP);
372 if (const StructType *STy = dyn_cast<StructType>(*I)) {
373 unsigned FieldNo = cast<ConstantUInt>(I.getOperand())->getValue();
374 Offset += TD.getStructLayout(STy)->MemberOffsets[FieldNo];
379 if (const SequentialType *STy = cast<SequentialType>(*I)) {
380 CurTy = STy->getElementType();
381 if (ConstantSInt *CS = dyn_cast<ConstantSInt>(GEP.getOperand(i))) {
382 Offset += CS->getValue()*TD.getTypeSize(CurTy);
384 // Variable index into a node. We must merge all of the elements of the
385 // sequential type here.
386 if (isa<PointerType>(STy))
387 std::cerr << "Pointer indexing not handled yet!\n";
389 const ArrayType *ATy = cast<ArrayType>(STy);
390 unsigned ElSize = TD.getTypeSize(CurTy);
391 DSNode *N = Value.getNode();
392 assert(N && "Value must have a node!");
393 unsigned RawOffset = Offset+Value.getOffset();
395 // Loop over all of the elements of the array, merging them into the
397 for (unsigned i = 1, e = ATy->getNumElements(); i != e; ++i)
398 // Merge all of the byte components of this array element
399 for (unsigned j = 0; j != ElSize; ++j)
400 N->mergeIndexes(RawOffset+j, RawOffset+i*ElSize+j);
406 // Add in the offset calculated...
407 Value.setOffset(Value.getOffset()+Offset);
409 // Value is now the pointer we want to GEP to be...
410 setDestTo(GEP, Value);
413 void GraphBuilder::visitLoadInst(LoadInst &LI) {
414 DSNodeHandle Ptr = getValueDest(*LI.getOperand(0));
415 if (Ptr.getNode() == 0) return;
417 // Make that the node is read from...
418 Ptr.getNode()->setReadMarker();
420 // Ensure a typerecord exists...
421 Ptr.getNode()->mergeTypeInfo(LI.getType(), Ptr.getOffset(), false);
423 if (isPointerType(LI.getType()))
424 setDestTo(LI, getLink(Ptr));
427 void GraphBuilder::visitStoreInst(StoreInst &SI) {
428 const Type *StoredTy = SI.getOperand(0)->getType();
429 DSNodeHandle Dest = getValueDest(*SI.getOperand(1));
430 if (Dest.getNode() == 0) return;
432 // Mark that the node is written to...
433 Dest.getNode()->setModifiedMarker();
435 // Ensure a type-record exists...
436 Dest.getNode()->mergeTypeInfo(StoredTy, Dest.getOffset());
438 // Avoid adding edges from null, or processing non-"pointer" stores
439 if (isPointerType(StoredTy))
440 Dest.addEdgeTo(getValueDest(*SI.getOperand(0)));
443 void GraphBuilder::visitReturnInst(ReturnInst &RI) {
444 if (RI.getNumOperands() && isPointerType(RI.getOperand(0)->getType()))
445 RetNode->mergeWith(getValueDest(*RI.getOperand(0)));
448 void GraphBuilder::visitCallInst(CallInst &CI) {
452 void GraphBuilder::visitInvokeInst(InvokeInst &II) {
456 void GraphBuilder::visitCallSite(CallSite CS) {
457 // Special case handling of certain libc allocation functions here.
458 if (Function *F = CS.getCalledFunction())
460 switch (F->getIntrinsicID()) {
461 case Intrinsic::memmove:
462 case Intrinsic::memcpy: {
463 // Merge the first & second arguments, and mark the memory read and
465 DSNodeHandle RetNH = getValueDest(**CS.arg_begin());
466 RetNH.mergeWith(getValueDest(**(CS.arg_begin()+1)));
467 if (DSNode *N = RetNH.getNode())
468 N->setModifiedMarker()->setReadMarker();
472 if (F->getName() == "calloc") {
473 setDestTo(*CS.getInstruction(),
474 createNode()->setHeapNodeMarker()->setModifiedMarker());
476 } else if (F->getName() == "realloc") {
477 DSNodeHandle RetNH = getValueDest(*CS.getInstruction());
478 RetNH.mergeWith(getValueDest(**CS.arg_begin()));
479 if (DSNode *N = RetNH.getNode())
480 N->setHeapNodeMarker()->setModifiedMarker()->setReadMarker();
482 } else if (F->getName() == "memset") {
483 // Merge the first argument with the return value, and mark the memory
485 DSNodeHandle RetNH = getValueDest(*CS.getInstruction());
486 RetNH.mergeWith(getValueDest(**CS.arg_begin()));
487 if (DSNode *N = RetNH.getNode())
488 N->setModifiedMarker();
490 } else if (F->getName() == "bzero") {
491 // Mark the memory modified.
492 DSNodeHandle H = getValueDest(**CS.arg_begin());
493 if (DSNode *N = H.getNode())
494 N->setModifiedMarker();
500 // Set up the return value...
502 Instruction *I = CS.getInstruction();
503 if (isPointerType(I->getType()))
504 RetVal = getValueDest(*I);
507 if (DisableDirectCallOpt || !isa<Function>(CS.getCalledValue())) {
508 Callee = getValueDest(*CS.getCalledValue()).getNode();
510 std::cerr << "WARNING: Program is calling through a null pointer?\n"
512 return; // Calling a null pointer?
516 std::vector<DSNodeHandle> Args;
517 Args.reserve(CS.arg_end()-CS.arg_begin());
519 // Calculate the arguments vector...
520 for (CallSite::arg_iterator I = CS.arg_begin(), E = CS.arg_end(); I != E; ++I)
521 if (isPointerType((*I)->getType()))
522 Args.push_back(getValueDest(**I));
524 // Add a new function call entry...
526 FunctionCalls->push_back(DSCallSite(CS, RetVal, Callee, Args));
528 FunctionCalls->push_back(DSCallSite(CS, RetVal, CS.getCalledFunction(),
532 void GraphBuilder::visitFreeInst(FreeInst &FI) {
533 // Mark that the node is written to...
534 DSNode *N = getValueDest(*FI.getOperand(0)).getNode();
535 N->setModifiedMarker();
536 N->setHeapNodeMarker();
540 void GraphBuilder::visitCastInst(CastInst &CI) {
541 if (isPointerType(CI.getType()))
542 if (isPointerType(CI.getOperand(0)->getType())) {
543 // Cast one pointer to the other, just act like a copy instruction
544 setDestTo(CI, getValueDest(*CI.getOperand(0)));
546 // Cast something (floating point, small integer) to a pointer. We need
547 // to track the fact that the node points to SOMETHING, just something we
548 // don't know about. Make an "Unknown" node.
550 setDestTo(CI, createNode()->setUnknownNodeMarker());
555 // visitInstruction - For all other instruction types, if we have any arguments
556 // that are of pointer type, make them have unknown composition bits, and merge
557 // the nodes together.
558 void GraphBuilder::visitInstruction(Instruction &Inst) {
559 DSNodeHandle CurNode;
560 if (isPointerType(Inst.getType()))
561 CurNode = getValueDest(Inst);
562 for (User::op_iterator I = Inst.op_begin(), E = Inst.op_end(); I != E; ++I)
563 if (isPointerType((*I)->getType()))
564 CurNode.mergeWith(getValueDest(**I));
566 if (CurNode.getNode())
567 CurNode.getNode()->setUnknownNodeMarker();
572 //===----------------------------------------------------------------------===//
573 // LocalDataStructures Implementation
574 //===----------------------------------------------------------------------===//
576 // MergeConstantInitIntoNode - Merge the specified constant into the node
578 void GraphBuilder::MergeConstantInitIntoNode(DSNodeHandle &NH, Constant *C) {
579 // Ensure a type-record exists...
580 NH.getNode()->mergeTypeInfo(C->getType(), NH.getOffset());
582 if (C->getType()->isFirstClassType()) {
583 if (isPointerType(C->getType()))
584 // Avoid adding edges from null, or processing non-"pointer" stores
585 NH.addEdgeTo(getValueDest(*C));
589 const TargetData &TD = NH.getNode()->getTargetData();
591 if (ConstantArray *CA = dyn_cast<ConstantArray>(C)) {
592 for (unsigned i = 0, e = CA->getNumOperands(); i != e; ++i)
593 // We don't currently do any indexing for arrays...
594 MergeConstantInitIntoNode(NH, cast<Constant>(CA->getOperand(i)));
595 } else if (ConstantStruct *CS = dyn_cast<ConstantStruct>(C)) {
596 const StructLayout *SL = TD.getStructLayout(CS->getType());
597 for (unsigned i = 0, e = CS->getNumOperands(); i != e; ++i) {
598 DSNodeHandle NewNH(NH.getNode(), NH.getOffset()+SL->MemberOffsets[i]);
599 MergeConstantInitIntoNode(NewNH, cast<Constant>(CS->getOperand(i)));
602 assert(0 && "Unknown constant type!");
606 void GraphBuilder::mergeInGlobalInitializer(GlobalVariable *GV) {
607 assert(!GV->isExternal() && "Cannot merge in external global!");
608 // Get a node handle to the global node and merge the initializer into it.
609 DSNodeHandle NH = getValueDest(*GV);
610 MergeConstantInitIntoNode(NH, GV->getInitializer());
614 bool LocalDataStructures::run(Module &M) {
615 GlobalsGraph = new DSGraph(getAnalysis<TargetData>());
617 const TargetData &TD = getAnalysis<TargetData>();
619 // Calculate all of the graphs...
620 for (Module::iterator I = M.begin(), E = M.end(); I != E; ++I)
621 if (!I->isExternal())
622 DSInfo.insert(std::make_pair(I, new DSGraph(TD, *I, GlobalsGraph)));
624 GraphBuilder GGB(*GlobalsGraph);
626 // Add initializers for all of the globals to the globals graph...
627 for (Module::giterator I = M.gbegin(), E = M.gend(); I != E; ++I)
628 if (!I->isExternal())
629 GGB.mergeInGlobalInitializer(I);
631 GlobalsGraph->removeTriviallyDeadNodes();
632 GlobalsGraph->markIncompleteNodes(DSGraph::MarkFormalArgs);
636 // releaseMemory - If the pass pipeline is done with this pass, we can release
637 // our memory... here...
639 void LocalDataStructures::releaseMemory() {
640 for (hash_map<Function*, DSGraph*>::iterator I = DSInfo.begin(),
641 E = DSInfo.end(); I != E; ++I) {
642 I->second->getReturnNodes().erase(I->first);
643 if (I->second->getReturnNodes().empty())
647 // Empty map so next time memory is released, data structures are not