LLVM 20.0.0git
StackSafetyAnalysis.cpp
Go to the documentation of this file.
1//===- StackSafetyAnalysis.cpp - Stack memory safety analysis -------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9//===----------------------------------------------------------------------===//
10
11#include "llvm/Analysis/StackSafetyAnalysis.h"
12#include "llvm/ADT/APInt.h"
13#include "llvm/ADT/SmallPtrSet.h"
14#include "llvm/ADT/SmallVector.h"
15#include "llvm/ADT/Statistic.h"
16#include "llvm/Analysis/ModuleSummaryAnalysis.h"
17#include "llvm/Analysis/ScalarEvolution.h"
18#include "llvm/Analysis/StackLifetime.h"
19#include "llvm/IR/ConstantRange.h"
20#include "llvm/IR/DerivedTypes.h"
21#include "llvm/IR/GlobalValue.h"
22#include "llvm/IR/InstIterator.h"
23#include "llvm/IR/Instruction.h"
24#include "llvm/IR/Instructions.h"
25#include "llvm/IR/IntrinsicInst.h"
26#include "llvm/IR/ModuleSummaryIndex.h"
27#include "llvm/InitializePasses.h"
28#include "llvm/Support/Casting.h"
29#include "llvm/Support/CommandLine.h"
30#include "llvm/Support/FormatVariadic.h"
31#include "llvm/Support/raw_ostream.h"
32#include <algorithm>
33#include <memory>
34#include <tuple>
35
36using namespace llvm;
37
38#define DEBUG_TYPE "stack-safety"
39
40STATISTIC(NumAllocaStackSafe, "Number of safe allocas");
41STATISTIC(NumAllocaTotal, "Number of total allocas");
42
43STATISTIC(NumCombinedCalleeLookupTotal,
44 "Number of total callee lookups on combined index.");
45STATISTIC(NumCombinedCalleeLookupFailed,
46 "Number of failed callee lookups on combined index.");
47STATISTIC(NumModuleCalleeLookupTotal,
48 "Number of total callee lookups on module index.");
49STATISTIC(NumModuleCalleeLookupFailed,
50 "Number of failed callee lookups on module index.");
51STATISTIC(NumCombinedParamAccessesBefore,
52 "Number of total param accesses before generateParamAccessSummary.");
53STATISTIC(NumCombinedParamAccessesAfter,
54 "Number of total param accesses after generateParamAccessSummary.");
55STATISTIC(NumCombinedDataFlowNodes,
56 "Number of total nodes in combined index for dataflow processing.");
57STATISTIC(NumIndexCalleeUnhandled, "Number of index callee which are unhandled.");
58STATISTIC(NumIndexCalleeMultipleWeak, "Number of index callee non-unique weak.");
59STATISTIC(NumIndexCalleeMultipleExternal, "Number of index callee non-unique external.");
60
61
62static cl::opt<int> StackSafetyMaxIterations("stack-safety-max-iterations",
63 cl::init(20), cl::Hidden);
64
65static cl::opt<bool> StackSafetyPrint("stack-safety-print", cl::init(false),
66 cl::Hidden);
67
68static cl::opt<bool> StackSafetyRun("stack-safety-run", cl::init(false),
69 cl::Hidden);
70
71namespace {
72
73// Check if we should bailout for such ranges.
74bool isUnsafe(const ConstantRange &R) {
75 return R.isEmptySet() || R.isFullSet() || R.isUpperSignWrapped();
76}
77
78ConstantRange addOverflowNever(const ConstantRange &L, const ConstantRange &R) {
79 assert(!L.isSignWrappedSet());
80 assert(!R.isSignWrappedSet());
81 if (L.signedAddMayOverflow(R) !=
82 ConstantRange::OverflowResult::NeverOverflows)
83 return ConstantRange::getFull(L.getBitWidth());
84 ConstantRange Result = L.add(R);
85 assert(!Result.isSignWrappedSet());
86 return Result;
87}
88
89ConstantRange unionNoWrap(const ConstantRange &L, const ConstantRange &R) {
90 assert(!L.isSignWrappedSet());
91 assert(!R.isSignWrappedSet());
92 auto Result = L.unionWith(R);
93 // Two non-wrapped sets can produce wrapped.
94 if (Result.isSignWrappedSet())
95 Result = ConstantRange::getFull(Result.getBitWidth());
96 return Result;
97}
98
99/// Describes use of address in as a function call argument.
100template <typename CalleeTy> struct CallInfo {
101 /// Function being called.
102 const CalleeTy *Callee = nullptr;
103 /// Index of argument which pass address.
104 size_t ParamNo = 0;
105
106 CallInfo(const CalleeTy *Callee, size_t ParamNo)
107 : Callee(Callee), ParamNo(ParamNo) {}
108
109 struct Less {
110 bool operator()(const CallInfo &L, const CallInfo &R) const {
111 return std::tie(L.ParamNo, L.Callee) < std::tie(R.ParamNo, R.Callee);
112 }
113 };
114};
115
116/// Describe uses of address (alloca or parameter) inside of the function.
117template <typename CalleeTy> struct UseInfo {
118 // Access range if the address (alloca or parameters).
119 // It is allowed to be empty-set when there are no known accesses.
120 ConstantRange Range;
121 std::set<const Instruction *> UnsafeAccesses;
122
123 // List of calls which pass address as an argument.
124 // Value is offset range of address from base address (alloca or calling
125 // function argument). Range should never set to empty-set, that is an invalid
126 // access range that can cause empty-set to be propagated with
127 // ConstantRange::add
128 using CallsTy = std::map<CallInfo<CalleeTy>, ConstantRange,
129 typename CallInfo<CalleeTy>::Less>;
130 CallsTy Calls;
131
132 UseInfo(unsigned PointerSize) : Range{PointerSize, false} {}
133
134 void updateRange(const ConstantRange &R) { Range = unionNoWrap(Range, R); }
135 void addRange(const Instruction *I, const ConstantRange &R, bool IsSafe) {
136 if (!IsSafe)
137 UnsafeAccesses.insert(I);
138 updateRange(R);
139 }
140};
141
142template <typename CalleeTy>
143raw_ostream &operator<<(raw_ostream &OS, const UseInfo<CalleeTy> &U) {
144 OS << U.Range;
145 for (auto &Call : U.Calls)
146 OS << ", "
147 << "@" << Call.first.Callee->getName() << "(arg" << Call.first.ParamNo
148 << ", " << Call.second << ")";
149 return OS;
150}
151
152/// Calculate the allocation size of a given alloca. Returns empty range
153// in case of confution.
154ConstantRange getStaticAllocaSizeRange(const AllocaInst &AI) {
155 const DataLayout &DL = AI.getDataLayout();
156 TypeSize TS = DL.getTypeAllocSize(AI.getAllocatedType());
157 unsigned PointerSize = DL.getPointerTypeSizeInBits(AI.getType());
158 // Fallback to empty range for alloca size.
159 ConstantRange R = ConstantRange::getEmpty(PointerSize);
160 if (TS.isScalable())
161 return R;
162 APInt APSize(PointerSize, TS.getFixedValue(), true);
163 if (APSize.isNonPositive())
164 return R;
165 if (AI.isArrayAllocation()) {
166 const auto *C = dyn_cast<ConstantInt>(AI.getArraySize());
167 if (!C)
168 return R;
169 bool Overflow = false;
170 APInt Mul = C->getValue();
171 if (Mul.isNonPositive())
172 return R;
173 Mul = Mul.sextOrTrunc(PointerSize);
174 APSize = APSize.smul_ov(Mul, Overflow);
175 if (Overflow)
176 return R;
177 }
178 R = ConstantRange(APInt::getZero(PointerSize), APSize);
179 assert(!isUnsafe(R));
180 return R;
181}
182
183template <typename CalleeTy> struct FunctionInfo {
184 std::map<const AllocaInst *, UseInfo<CalleeTy>> Allocas;
185 std::map<uint32_t, UseInfo<CalleeTy>> Params;
186 // TODO: describe return value as depending on one or more of its arguments.
187
188 // StackSafetyDataFlowAnalysis counter stored here for faster access.
189 int UpdateCount = 0;
190
191 void print(raw_ostream &O, StringRef Name, const Function *F) const {
192 // TODO: Consider different printout format after
193 // StackSafetyDataFlowAnalysis. Calls and parameters are irrelevant then.
194 O << " @" << Name << ((F && F->isDSOLocal()) ? "" : " dso_preemptable")
195 << ((F && F->isInterposable()) ? " interposable" : "") << "\n";
196
197 O << " args uses:\n";
198 for (auto &KV : Params) {
199 O << " ";
200 if (F)
201 O << F->getArg(KV.first)->getName();
202 else
203 O << formatv("arg{0}", KV.first);
204 O << "[]: " << KV.second << "\n";
205 }
206
207 O << " allocas uses:\n";
208 if (F) {
209 for (const auto &I : instructions(F)) {
210 if (const AllocaInst *AI = dyn_cast<AllocaInst>(&I)) {
211 auto &AS = Allocas.find(AI)->second;
212 O << " " << AI->getName() << "["
213 << getStaticAllocaSizeRange(*AI).getUpper() << "]: " << AS << "\n";
214 }
215 }
216 } else {
217 assert(Allocas.empty());
218 }
219 }
220};
221
222using GVToSSI = std::map<const GlobalValue *, FunctionInfo<GlobalValue>>;
223
224} // namespace
225
226struct StackSafetyInfo::InfoTy {
227 FunctionInfo<GlobalValue> Info;
228};
229
230struct StackSafetyGlobalInfo::InfoTy {
231 GVToSSI Info;
232 SmallPtrSet<const AllocaInst *, 8> SafeAllocas;
233 std::set<const Instruction *> UnsafeAccesses;
234};
235
236namespace {
237
238class StackSafetyLocalAnalysis {
239 Function &F;
240 const DataLayout &DL;
241 ScalarEvolution &SE;
242 unsigned PointerSize = 0;
243
244 const ConstantRange UnknownRange;
245
246 /// FIXME: This function is a bandaid, it's only needed
247 /// because this pass doesn't handle address spaces of different pointer
248 /// sizes.
249 ///
250 /// \returns \p Val's SCEV as a pointer of AS zero, or nullptr if it can't be
251 /// converted to AS 0.
252 const SCEV *getSCEVAsPointer(Value *Val);
253
254 ConstantRange offsetFrom(Value *Addr, Value *Base);
255 ConstantRange getAccessRange(Value *Addr, Value *Base,
256 const ConstantRange &SizeRange);
257 ConstantRange getAccessRange(Value *Addr, Value *Base, TypeSize Size);
258 ConstantRange getMemIntrinsicAccessRange(const MemIntrinsic *MI, const Use &U,
259 Value *Base);
260
261 void analyzeAllUses(Value *Ptr, UseInfo<GlobalValue> &AS,
262 const StackLifetime &SL);
263
264
265 bool isSafeAccess(const Use &U, AllocaInst *AI, const SCEV *AccessSize);
266 bool isSafeAccess(const Use &U, AllocaInst *AI, Value *V);
267 bool isSafeAccess(const Use &U, AllocaInst *AI, TypeSize AccessSize);
268
269public:
270 StackSafetyLocalAnalysis(Function &F, ScalarEvolution &SE)
271 : F(F), DL(F.getDataLayout()), SE(SE),
272 PointerSize(DL.getPointerSizeInBits()),
273 UnknownRange(PointerSize, true) {}
274
275 // Run the transformation on the associated function.
276 FunctionInfo<GlobalValue> run();
277};
278
279const SCEV *StackSafetyLocalAnalysis::getSCEVAsPointer(Value *Val) {
280 Type *ValTy = Val->getType();
281
282 // We don't handle targets with multiple address spaces.
283 if (!ValTy->isPointerTy()) {
284 auto *PtrTy = PointerType::getUnqual(SE.getContext());
285 return SE.getTruncateOrZeroExtend(SE.getSCEV(Val), PtrTy);
286 }
287
288 if (ValTy->getPointerAddressSpace() != 0)
289 return nullptr;
290 return SE.getSCEV(Val);
291}
292
293ConstantRange StackSafetyLocalAnalysis::offsetFrom(Value *Addr, Value *Base) {
294 if (!SE.isSCEVable(Addr->getType()) || !SE.isSCEVable(Base->getType()))
295 return UnknownRange;
296
297 const SCEV *AddrExp = getSCEVAsPointer(Addr);
298 const SCEV *BaseExp = getSCEVAsPointer(Base);
299 if (!AddrExp || !BaseExp)
300 return UnknownRange;
301
302 const SCEV *Diff = SE.getMinusSCEV(AddrExp, BaseExp);
303 if (isa<SCEVCouldNotCompute>(Diff))
304 return UnknownRange;
305
306 ConstantRange Offset = SE.getSignedRange(Diff);
307 if (isUnsafe(Offset))
308 return UnknownRange;
309 return Offset.sextOrTrunc(PointerSize);
310}
311
312ConstantRange
313StackSafetyLocalAnalysis::getAccessRange(Value *Addr, Value *Base,
314 const ConstantRange &SizeRange) {
315 // Zero-size loads and stores do not access memory.
316 if (SizeRange.isEmptySet())
317 return ConstantRange::getEmpty(PointerSize);
318 assert(!isUnsafe(SizeRange));
319
320 ConstantRange Offsets = offsetFrom(Addr, Base);
321 if (isUnsafe(Offsets))
322 return UnknownRange;
323
324 Offsets = addOverflowNever(Offsets, SizeRange);
325 if (isUnsafe(Offsets))
326 return UnknownRange;
327 return Offsets;
328}
329
330ConstantRange StackSafetyLocalAnalysis::getAccessRange(Value *Addr, Value *Base,
331 TypeSize Size) {
332 if (Size.isScalable())
333 return UnknownRange;
334 APInt APSize(PointerSize, Size.getFixedValue(), true);
335 if (APSize.isNegative())
336 return UnknownRange;
337 return getAccessRange(Addr, Base,
338 ConstantRange(APInt::getZero(PointerSize), APSize));
339}
340
341ConstantRange StackSafetyLocalAnalysis::getMemIntrinsicAccessRange(
342 const MemIntrinsic *MI, const Use &U, Value *Base) {
343 if (const auto *MTI = dyn_cast<MemTransferInst>(MI)) {
344 if (MTI->getRawSource() != U && MTI->getRawDest() != U)
345 return ConstantRange::getEmpty(PointerSize);
346 } else {
347 if (MI->getRawDest() != U)
348 return ConstantRange::getEmpty(PointerSize);
349 }
350
351 auto *CalculationTy = IntegerType::getIntNTy(SE.getContext(), PointerSize);
352 if (!SE.isSCEVable(MI->getLength()->getType()))
353 return UnknownRange;
354
355 const SCEV *Expr =
356 SE.getTruncateOrZeroExtend(SE.getSCEV(MI->getLength()), CalculationTy);
357 ConstantRange Sizes = SE.getSignedRange(Expr);
358 if (!Sizes.getUpper().isStrictlyPositive() || isUnsafe(Sizes))
359 return UnknownRange;
360 Sizes = Sizes.sextOrTrunc(PointerSize);
361 ConstantRange SizeRange(APInt::getZero(PointerSize), Sizes.getUpper() - 1);
362 return getAccessRange(U, Base, SizeRange);
363}
364
365bool StackSafetyLocalAnalysis::isSafeAccess(const Use &U, AllocaInst *AI,
366 Value *V) {
367 return isSafeAccess(U, AI, SE.getSCEV(V));
368}
369
370bool StackSafetyLocalAnalysis::isSafeAccess(const Use &U, AllocaInst *AI,
371 TypeSize TS) {
372 if (TS.isScalable())
373 return false;
374 auto *CalculationTy = IntegerType::getIntNTy(SE.getContext(), PointerSize);
375 const SCEV *SV = SE.getConstant(CalculationTy, TS.getFixedValue());
376 return isSafeAccess(U, AI, SV);
377}
378
379bool StackSafetyLocalAnalysis::isSafeAccess(const Use &U, AllocaInst *AI,
380 const SCEV *AccessSize) {
381
382 if (!AI)
383 return true; // This only judges whether it is a safe *stack* access.
384 if (isa<SCEVCouldNotCompute>(AccessSize))
385 return false;
386
387 const auto *I = cast<Instruction>(U.getUser());
388
389 const SCEV *AddrExp = getSCEVAsPointer(U.get());
390 const SCEV *BaseExp = getSCEVAsPointer(AI);
391 if (!AddrExp || !BaseExp)
392 return false;
393
394 const SCEV *Diff = SE.getMinusSCEV(AddrExp, BaseExp);
395 if (isa<SCEVCouldNotCompute>(Diff))
396 return false;
397
398 auto Size = getStaticAllocaSizeRange(*AI);
399
400 auto *CalculationTy = IntegerType::getIntNTy(SE.getContext(), PointerSize);
401 auto ToDiffTy = [&](const SCEV *V) {
402 return SE.getTruncateOrZeroExtend(V, CalculationTy);
403 };
404 const SCEV *Min = ToDiffTy(SE.getConstant(Size.getLower()));
405 const SCEV *Max = SE.getMinusSCEV(ToDiffTy(SE.getConstant(Size.getUpper())),
406 ToDiffTy(AccessSize));
407 return SE.evaluatePredicateAt(ICmpInst::Predicate::ICMP_SGE, Diff, Min, I)
408 .value_or(false) &&
409 SE.evaluatePredicateAt(ICmpInst::Predicate::ICMP_SLE, Diff, Max, I)
410 .value_or(false);
411}
412
413/// The function analyzes all local uses of Ptr (alloca or argument) and
414/// calculates local access range and all function calls where it was used.
415void StackSafetyLocalAnalysis::analyzeAllUses(Value *Ptr,
416 UseInfo<GlobalValue> &US,
417 const StackLifetime &SL) {
418 SmallPtrSet<const Value *, 16> Visited;
419 SmallVector<const Value *, 8> WorkList;
420 WorkList.push_back(Ptr);
421 AllocaInst *AI = dyn_cast<AllocaInst>(Ptr);
422
423 // A DFS search through all uses of the alloca in bitcasts/PHI/GEPs/etc.
424 while (!WorkList.empty()) {
425 const Value *V = WorkList.pop_back_val();
426 for (const Use &UI : V->uses()) {
427 const auto *I = cast<Instruction>(UI.getUser());
428 if (!SL.isReachable(I))
429 continue;
430
431 assert(V == UI.get());
432
433 auto RecordStore = [&](const Value* StoredVal) {
434 if (V == StoredVal) {
435 // Stored the pointer - conservatively assume it may be unsafe.
436 US.addRange(I, UnknownRange, /*IsSafe=*/false);
437 return;
438 }
439 if (AI && !SL.isAliveAfter(AI, I)) {
440 US.addRange(I, UnknownRange, /*IsSafe=*/false);
441 return;
442 }
443 auto TypeSize = DL.getTypeStoreSize(StoredVal->getType());
444 auto AccessRange = getAccessRange(UI, Ptr, TypeSize);
445 bool Safe = isSafeAccess(UI, AI, TypeSize);
446 US.addRange(I, AccessRange, Safe);
447 return;
448 };
449
450 switch (I->getOpcode()) {
451 case Instruction::Load: {
452 if (AI && !SL.isAliveAfter(AI, I)) {
453 US.addRange(I, UnknownRange, /*IsSafe=*/false);
454 break;
455 }
456 auto TypeSize = DL.getTypeStoreSize(I->getType());
457 auto AccessRange = getAccessRange(UI, Ptr, TypeSize);
458 bool Safe = isSafeAccess(UI, AI, TypeSize);
459 US.addRange(I, AccessRange, Safe);
460 break;
461 }
462
463 case Instruction::VAArg:
464 // "va-arg" from a pointer is safe.
465 break;
466 case Instruction::Store:
467 RecordStore(cast<StoreInst>(I)->getValueOperand());
468 break;
469 case Instruction::AtomicCmpXchg:
470 RecordStore(cast<AtomicCmpXchgInst>(I)->getNewValOperand());
471 break;
472 case Instruction::AtomicRMW:
473 RecordStore(cast<AtomicRMWInst>(I)->getValOperand());
474 break;
475
476 case Instruction::Ret:
477 // Information leak.
478 // FIXME: Process parameters correctly. This is a leak only if we return
479 // alloca.
480 US.addRange(I, UnknownRange, /*IsSafe=*/false);
481 break;
482
483 case Instruction::Call:
484 case Instruction::Invoke: {
485 if (I->isLifetimeStartOrEnd())
486 break;
487
488 if (AI && !SL.isAliveAfter(AI, I)) {
489 US.addRange(I, UnknownRange, /*IsSafe=*/false);
490 break;
491 }
492 if (const MemIntrinsic *MI = dyn_cast<MemIntrinsic>(I)) {
493 auto AccessRange = getMemIntrinsicAccessRange(MI, UI, Ptr);
494 bool Safe = false;
495 if (const auto *MTI = dyn_cast<MemTransferInst>(MI)) {
496 if (MTI->getRawSource() != UI && MTI->getRawDest() != UI)
497 Safe = true;
498 } else if (MI->getRawDest() != UI) {
499 Safe = true;
500 }
501 Safe = Safe || isSafeAccess(UI, AI, MI->getLength());
502 US.addRange(I, AccessRange, Safe);
503 break;
504 }
505
506 const auto &CB = cast<CallBase>(*I);
507 if (CB.getReturnedArgOperand() == V) {
508 if (Visited.insert(I).second)
509 WorkList.push_back(cast<const Instruction>(I));
510 }
511
512 if (!CB.isArgOperand(&UI)) {
513 US.addRange(I, UnknownRange, /*IsSafe=*/false);
514 break;
515 }
516
517 unsigned ArgNo = CB.getArgOperandNo(&UI);
518 if (CB.isByValArgument(ArgNo)) {
519 auto TypeSize = DL.getTypeStoreSize(CB.getParamByValType(ArgNo));
520 auto AccessRange = getAccessRange(UI, Ptr, TypeSize);
521 bool Safe = isSafeAccess(UI, AI, TypeSize);
522 US.addRange(I, AccessRange, Safe);
523 break;
524 }
525
526 // FIXME: consult devirt?
527 // Do not follow aliases, otherwise we could inadvertently follow
528 // dso_preemptable aliases or aliases with interposable linkage.
529 const GlobalValue *Callee =
530 dyn_cast<GlobalValue>(CB.getCalledOperand()->stripPointerCasts());
531 if (!Callee || isa<GlobalIFunc>(Callee)) {
532 US.addRange(I, UnknownRange, /*IsSafe=*/false);
533 break;
534 }
535
536 assert(isa<Function>(Callee) || isa<GlobalAlias>(Callee));
537 ConstantRange Offsets = offsetFrom(UI, Ptr);
538 auto Insert =
539 US.Calls.emplace(CallInfo<GlobalValue>(Callee, ArgNo), Offsets);
540 if (!Insert.second)
541 Insert.first->second = Insert.first->second.unionWith(Offsets);
542 break;
543 }
544
545 default:
546 if (Visited.insert(I).second)
547 WorkList.push_back(cast<const Instruction>(I));
548 }
549 }
550 }
551}
552
553FunctionInfo<GlobalValue> StackSafetyLocalAnalysis::run() {
554 FunctionInfo<GlobalValue> Info;
555 assert(!F.isDeclaration() &&
556 "Can't run StackSafety on a function declaration");
557
558 LLVM_DEBUG(dbgs() << "[StackSafety] " << F.getName() << "\n");
559
560 SmallVector<AllocaInst *, 64> Allocas;
561 for (auto &I : instructions(F))
562 if (auto *AI = dyn_cast<AllocaInst>(&I))
563 Allocas.push_back(AI);
564 StackLifetime SL(F, Allocas, StackLifetime::LivenessType::Must);
565 SL.run();
566
567 for (auto *AI : Allocas) {
568 auto &UI = Info.Allocas.emplace(AI, PointerSize).first->second;
569 analyzeAllUses(AI, UI, SL);
570 }
571
572 for (Argument &A : F.args()) {
573 // Non pointers and bypass arguments are not going to be used in any global
574 // processing.
575 if (A.getType()->isPointerTy() && !A.hasByValAttr()) {
576 auto &UI = Info.Params.emplace(A.getArgNo(), PointerSize).first->second;
577 analyzeAllUses(&A, UI, SL);
578 }
579 }
580
581 LLVM_DEBUG(Info.print(dbgs(), F.getName(), &F));
582 LLVM_DEBUG(dbgs() << "\n[StackSafety] done\n");
583 return Info;
584}
585
586template <typename CalleeTy> class StackSafetyDataFlowAnalysis {
587 using FunctionMap = std::map<const CalleeTy *, FunctionInfo<CalleeTy>>;
588
589 FunctionMap Functions;
590 const ConstantRange UnknownRange;
591
592 // Callee-to-Caller multimap.
593 DenseMap<const CalleeTy *, SmallVector<const CalleeTy *, 4>> Callers;
594 SetVector<const CalleeTy *> WorkList;
595
596 bool updateOneUse(UseInfo<CalleeTy> &US, bool UpdateToFullSet);
597 void updateOneNode(const CalleeTy *Callee, FunctionInfo<CalleeTy> &FS);
598 void updateOneNode(const CalleeTy *Callee) {
599 updateOneNode(Callee, Functions.find(Callee)->second);
600 }
601 void updateAllNodes() {
602 for (auto &F : Functions)
603 updateOneNode(F.first, F.second);
604 }
605 void runDataFlow();
606#ifndef NDEBUG
607 void verifyFixedPoint();
608#endif
609
610public:
611 StackSafetyDataFlowAnalysis(uint32_t PointerBitWidth, FunctionMap Functions)
612 : Functions(std::move(Functions)),
613 UnknownRange(ConstantRange::getFull(PointerBitWidth)) {}
614
615 const FunctionMap &run();
616
617 ConstantRange getArgumentAccessRange(const CalleeTy *Callee, unsigned ParamNo,
618 const ConstantRange &Offsets) const;
619};
620
621template <typename CalleeTy>
622ConstantRange StackSafetyDataFlowAnalysis<CalleeTy>::getArgumentAccessRange(
623 const CalleeTy *Callee, unsigned ParamNo,
624 const ConstantRange &Offsets) const {
625 auto FnIt = Functions.find(Callee);
626 // Unknown callee (outside of LTO domain or an indirect call).
627 if (FnIt == Functions.end())
628 return UnknownRange;
629 auto &FS = FnIt->second;
630 auto ParamIt = FS.Params.find(ParamNo);
631 if (ParamIt == FS.Params.end())
632 return UnknownRange;
633 auto &Access = ParamIt->second.Range;
634 if (Access.isEmptySet())
635 return Access;
636 if (Access.isFullSet())
637 return UnknownRange;
638 return addOverflowNever(Access, Offsets);
639}
640
641template <typename CalleeTy>
642bool StackSafetyDataFlowAnalysis<CalleeTy>::updateOneUse(UseInfo<CalleeTy> &US,
643 bool UpdateToFullSet) {
644 bool Changed = false;
645 for (auto &KV : US.Calls) {
646 assert(!KV.second.isEmptySet() &&
647 "Param range can't be empty-set, invalid offset range");
648
649 ConstantRange CalleeRange =
650 getArgumentAccessRange(KV.first.Callee, KV.first.ParamNo, KV.second);
651 if (!US.Range.contains(CalleeRange)) {
652 Changed = true;
653 if (UpdateToFullSet)
654 US.Range = UnknownRange;
655 else
656 US.updateRange(CalleeRange);
657 }
658 }
659 return Changed;
660}
661
662template <typename CalleeTy>
663void StackSafetyDataFlowAnalysis<CalleeTy>::updateOneNode(
664 const CalleeTy *Callee, FunctionInfo<CalleeTy> &FS) {
665 bool UpdateToFullSet = FS.UpdateCount > StackSafetyMaxIterations;
666 bool Changed = false;
667 for (auto &KV : FS.Params)
668 Changed |= updateOneUse(KV.second, UpdateToFullSet);
669
670 if (Changed) {
671 LLVM_DEBUG(dbgs() << "=== update [" << FS.UpdateCount
672 << (UpdateToFullSet ? ", full-set" : "") << "] " << &FS
673 << "\n");
674 // Callers of this function may need updating.
675 for (auto &CallerID : Callers[Callee])
676 WorkList.insert(CallerID);
677
678 ++FS.UpdateCount;
679 }
680}
681
682template <typename CalleeTy>
683void StackSafetyDataFlowAnalysis<CalleeTy>::runDataFlow() {
684 SmallVector<const CalleeTy *, 16> Callees;
685 for (auto &F : Functions) {
686 Callees.clear();
687 auto &FS = F.second;
688 for (auto &KV : FS.Params)
689 for (auto &CS : KV.second.Calls)
690 Callees.push_back(CS.first.Callee);
691
692 llvm::sort(Callees);
693 Callees.erase(llvm::unique(Callees), Callees.end());
694
695 for (auto &Callee : Callees)
696 Callers[Callee].push_back(F.first);
697 }
698
699 updateAllNodes();
700
701 while (!WorkList.empty()) {
702 const CalleeTy *Callee = WorkList.pop_back_val();
703 updateOneNode(Callee);
704 }
705}
706
707#ifndef NDEBUG
708template <typename CalleeTy>
709void StackSafetyDataFlowAnalysis<CalleeTy>::verifyFixedPoint() {
710 WorkList.clear();
711 updateAllNodes();
712 assert(WorkList.empty());
713}
714#endif
715
716template <typename CalleeTy>
717const typename StackSafetyDataFlowAnalysis<CalleeTy>::FunctionMap &
718StackSafetyDataFlowAnalysis<CalleeTy>::run() {
719 runDataFlow();
720 LLVM_DEBUG(verifyFixedPoint());
721 return Functions;
722}
723
724FunctionSummary *findCalleeFunctionSummary(ValueInfo VI, StringRef ModuleId) {
725 if (!VI)
726 return nullptr;
727 auto SummaryList = VI.getSummaryList();
728 GlobalValueSummary* S = nullptr;
729 for (const auto& GVS : SummaryList) {
730 if (!GVS->isLive())
731 continue;
732 if (const AliasSummary *AS = dyn_cast<AliasSummary>(GVS.get()))
733 if (!AS->hasAliasee())
734 continue;
735 if (!isa<FunctionSummary>(GVS->getBaseObject()))
736 continue;
737 if (GlobalValue::isLocalLinkage(GVS->linkage())) {
738 if (GVS->modulePath() == ModuleId) {
739 S = GVS.get();
740 break;
741 }
742 } else if (GlobalValue::isExternalLinkage(GVS->linkage())) {
743 if (S) {
744 ++NumIndexCalleeMultipleExternal;
745 return nullptr;
746 }
747 S = GVS.get();
748 } else if (GlobalValue::isWeakLinkage(GVS->linkage())) {
749 if (S) {
750 ++NumIndexCalleeMultipleWeak;
751 return nullptr;
752 }
753 S = GVS.get();
754 } else if (GlobalValue::isAvailableExternallyLinkage(GVS->linkage()) ||
755 GlobalValue::isLinkOnceLinkage(GVS->linkage())) {
756 if (SummaryList.size() == 1)
757 S = GVS.get();
758 // According thinLTOResolvePrevailingGUID these are unlikely prevailing.
759 } else {
760 ++NumIndexCalleeUnhandled;
761 }
762 };
763 while (S) {
764 if (!S->isLive() || !S->isDSOLocal())
765 return nullptr;
766 if (FunctionSummary *FS = dyn_cast<FunctionSummary>(S))
767 return FS;
768 AliasSummary *AS = dyn_cast<AliasSummary>(S);
769 if (!AS || !AS->hasAliasee())
770 return nullptr;
771 S = AS->getBaseObject();
772 if (S == AS)
773 return nullptr;
774 }
775 return nullptr;
776}
777
778const Function *findCalleeInModule(const GlobalValue *GV) {
779 while (GV) {
780 if (GV->isDeclaration() || GV->isInterposable() || !GV->isDSOLocal())
781 return nullptr;
782 if (const Function *F = dyn_cast<Function>(GV))
783 return F;
784 const GlobalAlias *A = dyn_cast<GlobalAlias>(GV);
785 if (!A)
786 return nullptr;
787 GV = A->getAliaseeObject();
788 if (GV == A)
789 return nullptr;
790 }
791 return nullptr;
792}
793
794const ConstantRange *findParamAccess(const FunctionSummary &FS,
795 uint32_t ParamNo) {
796 assert(FS.isLive());
797 assert(FS.isDSOLocal());
798 for (const auto &PS : FS.paramAccesses())
799 if (ParamNo == PS.ParamNo)
800 return &PS.Use;
801 return nullptr;
802}
803
804void resolveAllCalls(UseInfo<GlobalValue> &Use,
805 const ModuleSummaryIndex *Index) {
806 ConstantRange FullSet(Use.Range.getBitWidth(), true);
807 // Move Use.Calls to a temp storage and repopulate - don't use std::move as it
808 // leaves Use.Calls in an undefined state.
809 UseInfo<GlobalValue>::CallsTy TmpCalls;
810 std::swap(TmpCalls, Use.Calls);
811 for (const auto &C : TmpCalls) {
812 const Function *F = findCalleeInModule(C.first.Callee);
813 if (F) {
814 Use.Calls.emplace(CallInfo<GlobalValue>(F, C.first.ParamNo), C.second);
815 continue;
816 }
817
818 if (!Index)
819 return Use.updateRange(FullSet);
820 FunctionSummary *FS =
821 findCalleeFunctionSummary(Index->getValueInfo(C.first.Callee->getGUID()),
822 C.first.Callee->getParent()->getModuleIdentifier());
823 ++NumModuleCalleeLookupTotal;
824 if (!FS) {
825 ++NumModuleCalleeLookupFailed;
826 return Use.updateRange(FullSet);
827 }
828 const ConstantRange *Found = findParamAccess(*FS, C.first.ParamNo);
829 if (!Found || Found->isFullSet())
830 return Use.updateRange(FullSet);
831 ConstantRange Access = Found->sextOrTrunc(Use.Range.getBitWidth());
832 if (!Access.isEmptySet())
833 Use.updateRange(addOverflowNever(Access, C.second));
834 }
835}
836
837GVToSSI createGlobalStackSafetyInfo(
838 std::map<const GlobalValue *, FunctionInfo<GlobalValue>> Functions,
839 const ModuleSummaryIndex *Index) {
840 GVToSSI SSI;
841 if (Functions.empty())
842 return SSI;
843
844 // FIXME: Simplify printing and remove copying here.
845 auto Copy = Functions;
846
847 for (auto &FnKV : Copy)
848 for (auto &KV : FnKV.second.Params) {
849 resolveAllCalls(KV.second, Index);
850 if (KV.second.Range.isFullSet())
851 KV.second.Calls.clear();
852 }
853
854 uint32_t PointerSize =
855 Copy.begin()->first->getDataLayout().getPointerSizeInBits();
856 StackSafetyDataFlowAnalysis<GlobalValue> SSDFA(PointerSize, std::move(Copy));
857
858 for (const auto &F : SSDFA.run()) {
859 auto FI = F.second;
860 auto &SrcF = Functions[F.first];
861 for (auto &KV : FI.Allocas) {
862 auto &A = KV.second;
863 resolveAllCalls(A, Index);
864 for (auto &C : A.Calls) {
865 A.updateRange(SSDFA.getArgumentAccessRange(C.first.Callee,
866 C.first.ParamNo, C.second));
867 }
868 // FIXME: This is needed only to preserve calls in print() results.
869 A.Calls = SrcF.Allocas.find(KV.first)->second.Calls;
870 }
871 for (auto &KV : FI.Params) {
872 auto &P = KV.second;
873 P.Calls = SrcF.Params.find(KV.first)->second.Calls;
874 }
875 SSI[F.first] = std::move(FI);
876 }
877
878 return SSI;
879}
880
881} // end anonymous namespace
882
883StackSafetyInfo::StackSafetyInfo() = default;
884
885StackSafetyInfo::StackSafetyInfo(Function *F,
886 std::function<ScalarEvolution &()> GetSE)
887 : F(F), GetSE(GetSE) {}
888
889StackSafetyInfo::StackSafetyInfo(StackSafetyInfo &&) = default;
890
891StackSafetyInfo &StackSafetyInfo::operator=(StackSafetyInfo &&) = default;
892
893StackSafetyInfo::~StackSafetyInfo() = default;
894
895const StackSafetyInfo::InfoTy &StackSafetyInfo::getInfo() const {
896 if (!Info) {
897 StackSafetyLocalAnalysis SSLA(*F, GetSE());
898 Info.reset(new InfoTy{SSLA.run()});
899 }
900 return *Info;
901}
902
903void StackSafetyInfo::print(raw_ostream &O) const {
904 getInfo().Info.print(O, F->getName(), dyn_cast<Function>(F));
905 O << "\n";
906}
907
908const StackSafetyGlobalInfo::InfoTy &StackSafetyGlobalInfo::getInfo() const {
909 if (!Info) {
910 std::map<const GlobalValue *, FunctionInfo<GlobalValue>> Functions;
911 for (auto &F : M->functions()) {
912 if (!F.isDeclaration()) {
913 auto FI = GetSSI(F).getInfo().Info;
914 Functions.emplace(&F, std::move(FI));
915 }
916 }
917 Info.reset(new InfoTy{
918 createGlobalStackSafetyInfo(std::move(Functions), Index), {}, {}});
919
920 for (auto &FnKV : Info->Info) {
921 for (auto &KV : FnKV.second.Allocas) {
922 ++NumAllocaTotal;
923 const AllocaInst *AI = KV.first;
924 auto AIRange = getStaticAllocaSizeRange(*AI);
925 if (AIRange.contains(KV.second.Range)) {
926 Info->SafeAllocas.insert(AI);
927 ++NumAllocaStackSafe;
928 }
929 Info->UnsafeAccesses.insert(KV.second.UnsafeAccesses.begin(),
930 KV.second.UnsafeAccesses.end());
931 }
932 }
933
934 if (StackSafetyPrint)
935 print(errs());
936 }
937 return *Info;
938}
939
940std::vector<FunctionSummary::ParamAccess>
941StackSafetyInfo::getParamAccesses(ModuleSummaryIndex &Index) const {
942 // Implementation transforms internal representation of parameter information
943 // into FunctionSummary format.
944 std::vector<FunctionSummary::ParamAccess> ParamAccesses;
945 for (const auto &KV : getInfo().Info.Params) {
946 auto &PS = KV.second;
947 // Parameter accessed by any or unknown offset, represented as FullSet by
948 // StackSafety, is handled as the parameter for which we have no
949 // StackSafety info at all. So drop it to reduce summary size.
950 if (PS.Range.isFullSet())
951 continue;
952
953 ParamAccesses.emplace_back(KV.first, PS.Range);
954 FunctionSummary::ParamAccess &Param = ParamAccesses.back();
955
956 Param.Calls.reserve(PS.Calls.size());
957 for (const auto &C : PS.Calls) {
958 // Parameter forwarded into another function by any or unknown offset
959 // will make ParamAccess::Range as FullSet anyway. So we can drop the
960 // entire parameter like we did above.
961 // TODO(vitalybuka): Return already filtered parameters from getInfo().
962 if (C.second.isFullSet()) {
963 ParamAccesses.pop_back();
964 break;
965 }
966 Param.Calls.emplace_back(C.first.ParamNo,
967 Index.getOrInsertValueInfo(C.first.Callee),
968 C.second);
969 }
970 }
971 for (FunctionSummary::ParamAccess &Param : ParamAccesses) {
972 sort(Param.Calls, [](const FunctionSummary::ParamAccess::Call &L,
973 const FunctionSummary::ParamAccess::Call &R) {
974 return std::tie(L.ParamNo, L.Callee) < std::tie(R.ParamNo, R.Callee);
975 });
976 }
977 return ParamAccesses;
978}
979
980StackSafetyGlobalInfo::StackSafetyGlobalInfo() = default;
981
982StackSafetyGlobalInfo::StackSafetyGlobalInfo(
983 Module *M, std::function<const StackSafetyInfo &(Function &F)> GetSSI,
984 const ModuleSummaryIndex *Index)
985 : M(M), GetSSI(GetSSI), Index(Index) {
986 if (StackSafetyRun)
987 getInfo();
988}
989
990StackSafetyGlobalInfo::StackSafetyGlobalInfo(StackSafetyGlobalInfo &&) =
991 default;
992
993StackSafetyGlobalInfo &
994StackSafetyGlobalInfo::operator=(StackSafetyGlobalInfo &&) = default;
995
996StackSafetyGlobalInfo::~StackSafetyGlobalInfo() = default;
997
998bool StackSafetyGlobalInfo::isSafe(const AllocaInst &AI) const {
999 const auto &Info = getInfo();
1000 return Info.SafeAllocas.count(&AI);
1001}
1002
1003bool StackSafetyGlobalInfo::stackAccessIsSafe(const Instruction &I) const {
1004 const auto &Info = getInfo();
1005 return Info.UnsafeAccesses.find(&I) == Info.UnsafeAccesses.end();
1006}
1007
1008void StackSafetyGlobalInfo::print(raw_ostream &O) const {
1009 auto &SSI = getInfo().Info;
1010 if (SSI.empty())
1011 return;
1012 const Module &M = *SSI.begin()->first->getParent();
1013 for (const auto &F : M.functions()) {
1014 if (!F.isDeclaration()) {
1015 SSI.find(&F)->second.print(O, F.getName(), &F);
1016 O << " safe accesses:"
1017 << "\n";
1018 for (const auto &I : instructions(F)) {
1019 const CallInst *Call = dyn_cast<CallInst>(&I);
1020 if ((isa<StoreInst>(I) || isa<LoadInst>(I) || isa<MemIntrinsic>(I) ||
1021 isa<AtomicCmpXchgInst>(I) || isa<AtomicRMWInst>(I) ||
1022 (Call && Call->hasByValArgument())) &&
1023 stackAccessIsSafe(I)) {
1024 O << " " << I << "\n";
1025 }
1026 }
1027 O << "\n";
1028 }
1029 }
1030}
1031
1032LLVM_DUMP_METHOD void StackSafetyGlobalInfo::dump() const { print(dbgs()); }
1033
1034AnalysisKey StackSafetyAnalysis::Key;
1035
1036StackSafetyInfo StackSafetyAnalysis::run(Function &F,
1037 FunctionAnalysisManager &AM) {
1038 return StackSafetyInfo(&F, [&AM, &F]() -> ScalarEvolution & {
1039 return AM.getResult<ScalarEvolutionAnalysis>(F);
1040 });
1041}
1042
1043PreservedAnalyses StackSafetyPrinterPass::run(Function &F,
1044 FunctionAnalysisManager &AM) {
1045 OS << "'Stack Safety Local Analysis' for function '" << F.getName() << "'\n";
1046 AM.getResult<StackSafetyAnalysis>(F).print(OS);
1047 return PreservedAnalyses::all();
1048}
1049
1050char StackSafetyInfoWrapperPass::ID = 0;
1051
1052StackSafetyInfoWrapperPass::StackSafetyInfoWrapperPass() : FunctionPass(ID) {
1053 initializeStackSafetyInfoWrapperPassPass(*PassRegistry::getPassRegistry());
1054}
1055
1056void StackSafetyInfoWrapperPass::getAnalysisUsage(AnalysisUsage &AU) const {
1057 AU.addRequiredTransitive<ScalarEvolutionWrapperPass>();
1058 AU.setPreservesAll();
1059}
1060
1061void StackSafetyInfoWrapperPass::print(raw_ostream &O, const Module *M) const {
1062 SSI.print(O);
1063}
1064
1065bool StackSafetyInfoWrapperPass::runOnFunction(Function &F) {
1066 auto *SE = &getAnalysis<ScalarEvolutionWrapperPass>().getSE();
1067 SSI = {&F, [SE]() -> ScalarEvolution & { return *SE; }};
1068 return false;
1069}
1070
1071AnalysisKey StackSafetyGlobalAnalysis::Key;
1072
1073StackSafetyGlobalInfo
1074StackSafetyGlobalAnalysis::run(Module &M, ModuleAnalysisManager &AM) {
1075 // FIXME: Lookup Module Summary.
1076 FunctionAnalysisManager &FAM =
1077 AM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager();
1078 return {&M,
1079 [&FAM](Function &F) -> const StackSafetyInfo & {
1080 return FAM.getResult<StackSafetyAnalysis>(F);
1081 },
1082 nullptr};
1083}
1084
1085PreservedAnalyses StackSafetyGlobalPrinterPass::run(Module &M,
1086 ModuleAnalysisManager &AM) {
1087 OS << "'Stack Safety Analysis' for module '" << M.getName() << "'\n";
1088 AM.getResult<StackSafetyGlobalAnalysis>(M).print(OS);
1089 return PreservedAnalyses::all();
1090}
1091
1092char StackSafetyGlobalInfoWrapperPass::ID = 0;
1093
1094StackSafetyGlobalInfoWrapperPass::StackSafetyGlobalInfoWrapperPass()
1095 : ModulePass(ID) {
1096 initializeStackSafetyGlobalInfoWrapperPassPass(
1097 *PassRegistry::getPassRegistry());
1098}
1099
1100StackSafetyGlobalInfoWrapperPass::~StackSafetyGlobalInfoWrapperPass() = default;
1101
1102void StackSafetyGlobalInfoWrapperPass::print(raw_ostream &O,
1103 const Module *M) const {
1104 SSGI.print(O);
1105}
1106
1107void StackSafetyGlobalInfoWrapperPass::getAnalysisUsage(
1108 AnalysisUsage &AU) const {
1109 AU.setPreservesAll();
1110 AU.addRequired<StackSafetyInfoWrapperPass>();
1111}
1112
1113bool StackSafetyGlobalInfoWrapperPass::runOnModule(Module &M) {
1114 const ModuleSummaryIndex *ImportSummary = nullptr;
1115 if (auto *IndexWrapperPass =
1116 getAnalysisIfAvailable<ImmutableModuleSummaryIndexWrapperPass>())
1117 ImportSummary = IndexWrapperPass->getIndex();
1118
1119 SSGI = {&M,
1120 [this](Function &F) -> const StackSafetyInfo & {
1121 return getAnalysis<StackSafetyInfoWrapperPass>(F).getResult();
1122 },
1123 ImportSummary};
1124 return false;
1125}
1126
1127bool llvm::needsParamAccessSummary(const Module &M) {
1128 if (StackSafetyRun)
1129 return true;
1130 for (const auto &F : M.functions())
1131 if (F.hasFnAttribute(Attribute::SanitizeMemTag))
1132 return true;
1133 return false;
1134}
1135
1136void llvm::generateParamAccessSummary(ModuleSummaryIndex &Index) {
1137 if (!Index.hasParamAccess())
1138 return;
1139 const ConstantRange FullSet(FunctionSummary::ParamAccess::RangeWidth, true);
1140
1141 auto CountParamAccesses = [&](auto &Stat) {
1142 if (!AreStatisticsEnabled())
1143 return;
1144 for (auto &GVS : Index)
1145 for (auto &GV : GVS.second.SummaryList)
1146 if (FunctionSummary *FS = dyn_cast<FunctionSummary>(GV.get()))
1147 Stat += FS->paramAccesses().size();
1148 };
1149
1150 CountParamAccesses(NumCombinedParamAccessesBefore);
1151
1152 std::map<const FunctionSummary *, FunctionInfo<FunctionSummary>> Functions;
1153
1154 // Convert the ModuleSummaryIndex to a FunctionMap
1155 for (auto &GVS : Index) {
1156 for (auto &GV : GVS.second.SummaryList) {
1157 FunctionSummary *FS = dyn_cast<FunctionSummary>(GV.get());
1158 if (!FS || FS->paramAccesses().empty())
1159 continue;
1160 if (FS->isLive() && FS->isDSOLocal()) {
1161 FunctionInfo<FunctionSummary> FI;
1162 for (const auto &PS : FS->paramAccesses()) {
1163 auto &US =
1164 FI.Params
1165 .emplace(PS.ParamNo, FunctionSummary::ParamAccess::RangeWidth)
1166 .first->second;
1167 US.Range = PS.Use;
1168 for (const auto &Call : PS.Calls) {
1169 assert(!Call.Offsets.isFullSet());
1170 FunctionSummary *S =
1171 findCalleeFunctionSummary(Call.Callee, FS->modulePath());
1172 ++NumCombinedCalleeLookupTotal;
1173 if (!S) {
1174 ++NumCombinedCalleeLookupFailed;
1175 US.Range = FullSet;
1176 US.Calls.clear();
1177 break;
1178 }
1179 US.Calls.emplace(CallInfo<FunctionSummary>(S, Call.ParamNo),
1180 Call.Offsets);
1181 }
1182 }
1183 Functions.emplace(FS, std::move(FI));
1184 }
1185 // Reset data for all summaries. Alive and DSO local will be set back from
1186 // of data flow results below. Anything else will not be accessed
1187 // by ThinLTO backend, so we can save on bitcode size.
1188 FS->setParamAccesses({});
1189 }
1190 }
1191 NumCombinedDataFlowNodes += Functions.size();
1192 StackSafetyDataFlowAnalysis<FunctionSummary> SSDFA(
1193 FunctionSummary::ParamAccess::RangeWidth, std::move(Functions));
1194 for (const auto &KV : SSDFA.run()) {
1195 std::vector<FunctionSummary::ParamAccess> NewParams;
1196 NewParams.reserve(KV.second.Params.size());
1197 for (const auto &Param : KV.second.Params) {
1198 // It's not needed as FullSet is processed the same as a missing value.
1199 if (Param.second.Range.isFullSet())
1200 continue;
1201 NewParams.emplace_back();
1202 FunctionSummary::ParamAccess &New = NewParams.back();
1203 New.ParamNo = Param.first;
1204 New.Use = Param.second.Range; // Only range is needed.
1205 }
1206 const_cast<FunctionSummary *>(KV.first)->setParamAccesses(
1207 std::move(NewParams));
1208 }
1209
1210 CountParamAccesses(NumCombinedParamAccessesAfter);
1211}
1212
1213static const char LocalPassArg[] = "stack-safety-local";
1214static const char LocalPassName[] = "Stack Safety Local Analysis";
1215INITIALIZE_PASS_BEGIN(StackSafetyInfoWrapperPass, LocalPassArg, LocalPassName,
1216 false, true)
1217INITIALIZE_PASS_DEPENDENCY(ScalarEvolutionWrapperPass)
1218INITIALIZE_PASS_END(StackSafetyInfoWrapperPass, LocalPassArg, LocalPassName,
1219 false, true)
1220
1221static const char GlobalPassName[] = "Stack Safety Analysis";
1222INITIALIZE_PASS_BEGIN(StackSafetyGlobalInfoWrapperPass, DEBUG_TYPE,
1223 GlobalPassName, false, true)
1224INITIALIZE_PASS_DEPENDENCY(StackSafetyInfoWrapperPass)
1225INITIALIZE_PASS_DEPENDENCY(ImmutableModuleSummaryIndexWrapperPass)
1226INITIALIZE_PASS_END(StackSafetyGlobalInfoWrapperPass, DEBUG_TYPE,
1227 GlobalPassName, false, true)
const
aarch64 promote const
Definition: AArch64PromoteConstant.cpp:230
APInt.h
This file implements a class to represent arbitrary precision integral constant values and operations...
DL
MachineBasicBlock MachineBasicBlock::iterator DebugLoc DL
Definition: ARMSLSHardening.cpp:73
print
static void print(raw_ostream &Out, object::Archive::Kind Kind, T Val)
Definition: ArchiveWriter.cpp:205
instructions
Expand Atomic instructions
Definition: AtomicExpandPass.cpp:172
true
basic Basic Alias true
Definition: BasicAliasAnalysis.cpp:1981
Analysis
block Block Frequency Analysis
Definition: BlockFrequencyInfo.cpp:300
A
static GCRegistry::Add< ErlangGC > A("erlang", "erlang-compatible garbage collector")
Info
Analysis containing CSE Info
Definition: CSEInfo.cpp:27
LLVM_DUMP_METHOD
#define LLVM_DUMP_METHOD
Mark debug helper function definitions like dump() that should not be stripped from debug builds.
Definition: Compiler.h:622
Access
DXIL Resource Access
Definition: DXILResourceAccess.cpp:195
LLVM_DEBUG
#define LLVM_DEBUG(...)
Definition: Debug.h:106
Addr
uint64_t Addr
Definition: ELFObjHandler.cpp:79
Name
std::string Name
Definition: ELFObjHandler.cpp:77
Size
uint64_t Size
Definition: ELFObjHandler.cpp:81
DEBUG_TYPE
#define DEBUG_TYPE
Definition: GenericCycleImpl.h:31
MI
IRTranslator LLVM IR MI
Definition: IRTranslator.cpp:112
F
#define F(x, y, z)
Definition: MD5.cpp:55
I
#define I(x, y, z)
Definition: MD5.cpp:58
addRange
static void addRange(SmallVectorImpl< ConstantInt * > &EndPoints, ConstantInt *Low, ConstantInt *High)
Definition: Metadata.cpp:1274
ModuleSummaryAnalysis.h
This is the interface to build a ModuleSummaryIndex for a module.
ModuleSummaryIndex.h
ModuleSummaryIndex.h This file contains the declarations the classes that hold the module index and s...
Range
ConstantRange Range(APInt(BitWidth, Low), APInt(BitWidth, High))
P
#define P(N)
FAM
FunctionAnalysisManager FAM
Definition: PassBuilderBindings.cpp:61
INITIALIZE_PASS_DEPENDENCY
#define INITIALIZE_PASS_DEPENDENCY(depName)
Definition: PassSupport.h:55
INITIALIZE_PASS_END
#define INITIALIZE_PASS_END(passName, arg, name, cfg, analysis)
Definition: PassSupport.h:57
INITIALIZE_PASS_BEGIN
#define INITIALIZE_PASS_BEGIN(passName, arg, name, cfg, analysis)
Definition: PassSupport.h:52
assert
assert(ImpDefSCC.getReg()==AMDGPU::SCC &&ImpDefSCC.isDef())
OS
raw_pwrite_stream & OS
Definition: SampleProfWriter.cpp:51
SmallPtrSet.h
This file defines the SmallPtrSet class.
SmallVector.h
This file defines the SmallVector class.
LocalPassArg
static const char LocalPassArg[]
Definition: StackSafetyAnalysis.cpp:1213
LocalPassName
static const char LocalPassName[]
Definition: StackSafetyAnalysis.cpp:1214
GlobalPassName
static true const char GlobalPassName[]
Definition: StackSafetyAnalysis.cpp:1221
StackSafetyMaxIterations
static cl::opt< int > StackSafetyMaxIterations("stack-safety-max-iterations", cl::init(20), cl::Hidden)
StackSafetyRun
static cl::opt< bool > StackSafetyRun("stack-safety-run", cl::init(false), cl::Hidden)
StackSafetyPrint
static cl::opt< bool > StackSafetyPrint("stack-safety-print", cl::init(false), cl::Hidden)
Statistic.h
This file defines the 'Statistic' class, which is designed to be an easy way to expose various metric...
STATISTIC
#define STATISTIC(VARNAME, DESC)
Definition: Statistic.h:166
Mul
BinaryOperator * Mul
Definition: X86PartialReduction.cpp:68
llvm::APInt
Class for arbitrary precision integers.
Definition: APInt.h:78
llvm::APInt::getZero
static APInt getZero(unsigned numBits)
Get the '0' value for the specified bit-width.
Definition: APInt.h:200
llvm::AliasSummary
Alias summary information.
Definition: ModuleSummaryIndex.h:657
llvm::AllocaInst
an instruction to allocate memory on the stack
Definition: Instructions.h:63
llvm::AllocaInst::getType
PointerType * getType() const
Overload to return most specific pointer type.
Definition: Instructions.h:99
llvm::AllocaInst::getAllocatedType
Type * getAllocatedType() const
Return the type that is being allocated by the instruction.
Definition: Instructions.h:117
llvm::AllocaInst::isArrayAllocation
bool isArrayAllocation() const
Return true if there is an allocation size parameter to the allocation instruction that is not 1.
Definition: Instructions.cpp:1225
llvm::AllocaInst::getArraySize
const Value * getArraySize() const
Get the number of elements allocated.
Definition: Instructions.h:95
llvm::AnalysisManager
A container for analyses that lazily runs them and caches their results.
Definition: PassManager.h:253
llvm::AnalysisManager::getResult
PassT::Result & getResult(IRUnitT &IR, ExtraArgTs... ExtraArgs)
Get the result of an analysis pass for a given IR unit.
Definition: PassManager.h:410
llvm::AnalysisUsage
Represent the analysis usage information of a pass.
Definition: PassAnalysisSupport.h:47
llvm::AnalysisUsage::addRequired
AnalysisUsage & addRequired()
Definition: PassAnalysisSupport.h:75
llvm::AnalysisUsage::setPreservesAll
void setPreservesAll()
Set by analyses that do not transform their input at all.
Definition: PassAnalysisSupport.h:130
llvm::AnalysisUsage::addRequiredTransitive
AnalysisUsage & addRequiredTransitive()
Definition: PassAnalysisSupport.h:81
llvm::Argument
This class represents an incoming formal argument to a Function.
Definition: Argument.h:31
llvm::CallInst
This class represents a function call, abstracting a target machine's calling convention.
Definition: Instructions.h:1479
llvm::ConstantRange
This class represents a range of values.
Definition: ConstantRange.h:47
llvm::ConstantRange::isFullSet
bool isFullSet() const
Return true if this set contains all of the elements possible for this data-type.
Definition: ConstantRange.cpp:414
llvm::ConstantRange::isEmptySet
bool isEmptySet() const
Return true if this set contains no members.
Definition: ConstantRange.cpp:418
llvm::ConstantRange::sextOrTrunc
ConstantRange sextOrTrunc(uint32_t BitWidth) const
Make this range have the bit width given by BitWidth.
Definition: ConstantRange.cpp:926
llvm::DataLayout
A parsed version of the target data layout string in and methods for querying it.
Definition: DataLayout.h:63
llvm::FunctionPass
FunctionPass class - This class is used to implement most global optimizations.
Definition: Pass.h:310
llvm::FunctionSummary
Function summary information to aid decisions and implementation of importing.
Definition: ModuleSummaryIndex.h:720
llvm::GlobalValueSummary
Function and variable summary information to aid decisions and implementation of importing.
Definition: ModuleSummaryIndex.h:466
llvm::GlobalValueSummary::getBaseObject
GlobalValueSummary * getBaseObject()
If this is an alias summary, returns the summary of the aliased object (a global variable or function...
Definition: ModuleSummaryIndex.h:712
llvm::GlobalValue::isDSOLocal
bool isDSOLocal() const
Definition: GlobalValue.h:305
llvm::GlobalValue::isLocalLinkage
static bool isLocalLinkage(LinkageTypes Linkage)
Definition: GlobalValue.h:409
llvm::GlobalValue::isDeclaration
bool isDeclaration() const
Return true if the primary definition of this global value is outside of the current translation unit...
Definition: Globals.cpp:296
llvm::GlobalValue::isLinkOnceLinkage
static bool isLinkOnceLinkage(LinkageTypes Linkage)
Definition: GlobalValue.h:388
llvm::GlobalValue::isAvailableExternallyLinkage
static bool isAvailableExternallyLinkage(LinkageTypes Linkage)
Definition: GlobalValue.h:379
llvm::GlobalValue::isExternalLinkage
static bool isExternalLinkage(LinkageTypes Linkage)
Definition: GlobalValue.h:376
llvm::GlobalValue::isInterposable
bool isInterposable() const
Return true if this global's definition can be substituted with an arbitrary definition at link time ...
Definition: Globals.cpp:105
llvm::GlobalValue::isWeakLinkage
static bool isWeakLinkage(LinkageTypes Linkage)
Definition: GlobalValue.h:397
llvm::ImmutableModuleSummaryIndexWrapperPass
Legacy wrapper pass to provide the ModuleSummaryIndex object.
Definition: ModuleSummaryAnalysis.h:82
llvm::InnerAnalysisManagerProxy
An analysis over an "outer" IR unit that provides access to an analysis manager over an "inner" IR un...
Definition: PassManager.h:567
llvm::Instruction::getDataLayout
const DataLayout & getDataLayout() const
Get the data layout of the module this instruction belongs to.
Definition: Instruction.cpp:76
llvm::MemIntrinsic
This is the common base class for memset/memcpy/memmove.
Definition: IntrinsicInst.h:1205
llvm::ModulePass
ModulePass class - This class is used to implement unstructured interprocedural optimizations and ana...
Definition: Pass.h:251
llvm::ModuleSummaryIndex
Class to hold module path string table and global value map, and encapsulate methods for operating on...
Definition: ModuleSummaryIndex.h:1345
llvm::Module
A Module instance is used to store all the information related to an LLVM module.
Definition: Module.h:65
llvm::Module::functions
iterator_range< iterator > functions()
Definition: Module.h:724
llvm::PassRegistry::getPassRegistry
static PassRegistry * getPassRegistry()
getPassRegistry - Access the global registry object, which is automatically initialized at applicatio...
Definition: PassRegistry.cpp:24
llvm::PreservedAnalyses
A set of analyses that are preserved following a run of a transformation pass.
Definition: Analysis.h:111
llvm::PreservedAnalyses::all
static PreservedAnalyses all()
Construct a special preserved set that preserves all passes.
Definition: Analysis.h:117
llvm::SCEV
This class represents an analyzed expression in the program.
Definition: ScalarEvolution.h:71
llvm::ScalarEvolutionAnalysis
Analysis pass that exposes the ScalarEvolution for a function.
Definition: ScalarEvolution.h:2320
llvm::ScalarEvolution
The main scalar evolution driver.
Definition: ScalarEvolution.h:447
llvm::SetVector
A vector that has set insertion semantics.
Definition: SetVector.h:57
llvm::SetVector::clear
void clear()
Completely clear the SetVector.
Definition: SetVector.h:273
llvm::SetVector::empty
bool empty() const
Determine if the SetVector is empty or not.
Definition: SetVector.h:93
llvm::SetVector::insert
bool insert(const value_type &X)
Insert a new element into the SetVector.
Definition: SetVector.h:162
llvm::SetVector::pop_back_val
value_type pop_back_val()
Definition: SetVector.h:285
llvm::SmallPtrSetImpl::insert
std::pair< iterator, bool > insert(PtrType Ptr)
Inserts Ptr if and only if there is no element in the container equal to Ptr.
Definition: SmallPtrSet.h:384
llvm::SmallPtrSet
SmallPtrSet - This class implements a set which is optimized for holding SmallSize or less elements.
Definition: SmallPtrSet.h:519
llvm::SmallVectorBase::empty
bool empty() const
Definition: SmallVector.h:81
llvm::SmallVectorImpl::erase
iterator erase(const_iterator CI)
Definition: SmallVector.h:737
llvm::SmallVectorTemplateBase::push_back
void push_back(const T &Elt)
Definition: SmallVector.h:413
llvm::SmallVector
This is a 'vector' (really, a variable-sized array), optimized for the case when the array is small.
Definition: SmallVector.h:1196
llvm::StackLifetime
Compute live ranges of allocas.
Definition: StackLifetime.h:37
llvm::StackLifetime::isReachable
bool isReachable(const Instruction *I) const
Returns true if instruction is reachable from entry.
Definition: StackLifetime.cpp:41
llvm::StackLifetime::isAliveAfter
bool isAliveAfter(const AllocaInst *AI, const Instruction *I) const
Returns true if the alloca is alive after the instruction.
Definition: StackLifetime.cpp:45
llvm::StackSafetyAnalysis
StackSafetyInfo wrapper for the new pass manager.
Definition: StackSafetyAnalysis.h:92
llvm::StackSafetyAnalysis::run
StackSafetyInfo run(Function &F, FunctionAnalysisManager &AM)
Definition: StackSafetyAnalysis.cpp:1036
llvm::StackSafetyGlobalAnalysis
This pass performs the global (interprocedural) stack safety analysis (new pass manager).
Definition: StackSafetyAnalysis.h:130
llvm::StackSafetyGlobalAnalysis::run
Result run(Module &M, ModuleAnalysisManager &AM)
Definition: StackSafetyAnalysis.cpp:1074
llvm::StackSafetyGlobalInfoWrapperPass
This pass performs the global (interprocedural) stack safety analysis (legacy pass manager).
Definition: StackSafetyAnalysis.h:152
llvm::StackSafetyGlobalInfoWrapperPass::runOnModule
bool runOnModule(Module &M) override
runOnModule - Virtual method overriden by subclasses to process the module being operated on.
Definition: StackSafetyAnalysis.cpp:1113
llvm::StackSafetyGlobalInfoWrapperPass::getAnalysisUsage
void getAnalysisUsage(AnalysisUsage &AU) const override
getAnalysisUsage - This function should be overriden by passes that need analysis information to do t...
Definition: StackSafetyAnalysis.cpp:1107
llvm::StackSafetyGlobalInfoWrapperPass::print
void print(raw_ostream &O, const Module *M) const override
print - Print out the internal state of the pass.
Definition: StackSafetyAnalysis.cpp:1102
llvm::StackSafetyGlobalInfo::print
void print(raw_ostream &O) const
Definition: StackSafetyAnalysis.cpp:1008
llvm::StackSafetyGlobalInfo::stackAccessIsSafe
bool stackAccessIsSafe(const Instruction &I) const
Definition: StackSafetyAnalysis.cpp:1003
llvm::StackSafetyGlobalInfo::isSafe
bool isSafe(const AllocaInst &AI) const
Definition: StackSafetyAnalysis.cpp:998
llvm::StackSafetyGlobalInfo::operator=
StackSafetyGlobalInfo & operator=(StackSafetyGlobalInfo &&)
llvm::StackSafetyGlobalPrinterPass::run
PreservedAnalyses run(Module &M, ModuleAnalysisManager &AM)
Definition: StackSafetyAnalysis.cpp:1085
llvm::StackSafetyInfoWrapperPass
StackSafetyInfo wrapper for the legacy pass manager.
Definition: StackSafetyAnalysis.h:112
llvm::StackSafetyInfoWrapperPass::print
void print(raw_ostream &O, const Module *M) const override
print - Print out the internal state of the pass.
Definition: StackSafetyAnalysis.cpp:1061
llvm::StackSafetyInfoWrapperPass::runOnFunction
bool runOnFunction(Function &F) override
runOnFunction - Virtual method overriden by subclasses to do the per-function processing of the pass.
Definition: StackSafetyAnalysis.cpp:1065
llvm::StackSafetyInfoWrapperPass::getAnalysisUsage
void getAnalysisUsage(AnalysisUsage &AU) const override
getAnalysisUsage - This function should be overriden by passes that need analysis information to do t...
Definition: StackSafetyAnalysis.cpp:1056
llvm::StackSafetyInfo
Interface to access stack safety analysis results for single function.
Definition: StackSafetyAnalysis.h:26
llvm::StackSafetyInfo::print
void print(raw_ostream &O) const
Definition: StackSafetyAnalysis.cpp:903
llvm::StackSafetyInfo::getInfo
const InfoTy & getInfo() const
Definition: StackSafetyAnalysis.cpp:895
llvm::StackSafetyInfo::operator=
StackSafetyInfo & operator=(StackSafetyInfo &&)
llvm::StackSafetyInfo::getParamAccesses
std::vector< FunctionSummary::ParamAccess > getParamAccesses(ModuleSummaryIndex &Index) const
Parameters use for a FunctionSummary.
Definition: StackSafetyAnalysis.cpp:941
llvm::StackSafetyPrinterPass::run
PreservedAnalyses run(Function &F, FunctionAnalysisManager &AM)
Definition: StackSafetyAnalysis.cpp:1043
llvm::StringRef
StringRef - Represent a constant reference to a string, i.e.
Definition: StringRef.h:51
llvm::Type
The instances of the Type class are immutable: once they are created, they are never changed.
Definition: Type.h:45
llvm::Type::isPointerTy
bool isPointerTy() const
True if this is an instance of PointerType.
Definition: Type.h:264
llvm::Type::getPointerAddressSpace
unsigned getPointerAddressSpace() const
Get the address space of this pointer or pointer vector type.
llvm::Use
A Use represents the edge between a Value definition and its users.
Definition: Use.h:43
llvm::Value
LLVM Value Representation.
Definition: Value.h:74
llvm::Value::getType
Type * getType() const
All values are typed, get the type of this value.
Definition: Value.h:255
llvm::Value::getName
StringRef getName() const
Return a constant reference to the value's name.
Definition: Value.cpp:309
llvm::details::FixedOrScalableQuantity::getFixedValue
constexpr ScalarTy getFixedValue() const
Definition: TypeSize.h:202
llvm::details::FixedOrScalableQuantity::isScalable
constexpr bool isScalable() const
Returns whether the quantity is scaled by a runtime quantity (vscale).
Definition: TypeSize.h:171
llvm::raw_ostream
This class implements an extremely fast bulk output stream that can only output to a stream.
Definition: raw_ostream.h:52
uint32_t
llvm::CallingConv::C
@ C
The default llvm calling convention, compatible with C.
Definition: CallingConv.h:34
llvm::SI::KernelInputOffsets::Offsets
Offsets
Offsets in bytes from the start of the input buffer.
Definition: SIInstrInfo.h:1609
llvm::X86AS::FS
@ FS
Definition: X86.h:211
llvm::cl::init
initializer< Ty > init(const Ty &Val)
Definition: CommandLine.h:443
llvm::dxil::PointerTypeAnalysis::run
PointerTypeMap run(const Module &M)
Compute the PointerTypeMap for the module M.
Definition: PointerTypeAnalysis.cpp:191
llvm::ms_demangle::QualifierMangleMode::Result
@ Result
llvm
This is an optimization pass for GlobalISel generic memory operations.
Definition: AddressRanges.h:18
llvm::Offset
@ Offset
Definition: DWP.cpp:480
llvm::generateParamAccessSummary
void generateParamAccessSummary(ModuleSummaryIndex &Index)
Definition: StackSafetyAnalysis.cpp:1136
llvm::needsParamAccessSummary
bool needsParamAccessSummary(const Module &M)
Definition: StackSafetyAnalysis.cpp:1127
llvm::unique
auto unique(Range &&R, Predicate P)
Definition: STLExtras.h:2055
llvm::print
Printable print(const GCNRegPressure &RP, const GCNSubtarget *ST=nullptr)
Definition: GCNRegPressure.cpp:227
llvm::formatv
auto formatv(bool Validate, const char *Fmt, Ts &&...Vals)
Definition: FormatVariadic.h:252
llvm::sort
void sort(IteratorTy Start, IteratorTy End)
Definition: STLExtras.h:1664
llvm::dbgs
raw_ostream & dbgs()
dbgs() - This returns a reference to a raw_ostream for debugging messages.
Definition: Debug.cpp:163
llvm::AreStatisticsEnabled
bool AreStatisticsEnabled()
Check if statistics are enabled.
Definition: Statistic.cpp:139
llvm::errs
raw_fd_ostream & errs()
This returns a reference to a raw_ostream for standard error.
Definition: raw_ostream.cpp:907
llvm::initializeStackSafetyGlobalInfoWrapperPassPass
void initializeStackSafetyGlobalInfoWrapperPassPass(PassRegistry &)
llvm::initializeStackSafetyInfoWrapperPassPass
void initializeStackSafetyInfoWrapperPassPass(PassRegistry &)
llvm::operator<<
raw_ostream & operator<<(raw_ostream &OS, const APFixedPoint &FX)
Definition: APFixedPoint.h:303
llvm::move
OutputIt move(R &&Range, OutputIt Out)
Provide wrappers to std::move which take ranges instead of having to pass begin/end explicitly.
Definition: STLExtras.h:1873
std
Implement std::hash so that hash_code can be used in STL containers.
Definition: BitVector.h:858
std::swap
void swap(llvm::BitVector &LHS, llvm::BitVector &RHS)
Implement std::swap in terms of BitVector swap.
Definition: BitVector.h:860
raw_ostream.h
llvm::StackSafetyGlobalInfo::InfoTy::UnsafeAccesses
std::set< const Instruction * > UnsafeAccesses
Definition: StackSafetyAnalysis.cpp:233
llvm::StackSafetyGlobalInfo::InfoTy::SafeAllocas
SmallPtrSet< const AllocaInst *, 8 > SafeAllocas
Definition: StackSafetyAnalysis.cpp:232
llvm::StackSafetyInfo::InfoTy::Info
FunctionInfo< GlobalValue > Info
Definition: StackSafetyAnalysis.cpp:227
llvm::AnalysisKey
A special type used by analysis passes to provide an address that identifies that particular analysis...
Definition: Analysis.h:28
llvm::FunctionSummary::ParamAccess::Call
Describes the use of a value in a call instruction, specifying the call's target, the value's paramet...
Definition: ModuleSummaryIndex.h:845
llvm::FunctionSummary::ParamAccess
Describes the uses of a parameter by the function.
Definition: ModuleSummaryIndex.h:839
llvm::FunctionSummary::ParamAccess::RangeWidth
static constexpr uint32_t RangeWidth
Definition: ModuleSummaryIndex.h:840
llvm::ValueInfo
Struct that holds a reference to a particular GUID in a global value summary.
Definition: ModuleSummaryIndex.h:180
Generated on Fri May 16 2025 09:02:48 for LLVM by doxygen 1.9.6