diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2020-11-17 20:11:09 +0100 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-11-26 18:39:55 +0100 |
| commit | 4df8efce80e373dd1e05bd4910c796a0c91383e7 (patch) | |
| tree | e0a4f36abcfcdfe8740130a4a55488648cd1800e /llvm/lib/Analysis/Lint.cpp | |
| parent | 668da8c361fef5ada092534d4d20ea450831f6f6 (diff) | |
| download | llvm-4df8efce80e373dd1e05bd4910c796a0c91383e7.zip llvm-4df8efce80e373dd1e05bd4910c796a0c91383e7.tar.gz llvm-4df8efce80e373dd1e05bd4910c796a0c91383e7.tar.bz2 | |
[AA] Split up LocationSize::unknown()
Currently, we have some confusion in the codebase regarding the
meaning of LocationSize::unknown(): Some parts (including most of
BasicAA) assume that LocationSize::unknown() only allows accesses
after the base pointer. Some parts (various callers of AA) assume
that LocationSize::unknown() allows accesses both before and after
the base pointer (but within the underlying object).
This patch splits up LocationSize::unknown() into
LocationSize::afterPointer() and LocationSize::beforeOrAfterPointer()
to make this completely unambiguous. I tried my best to determine
which one is appropriate for all the existing uses.
The test changes in cs-cs.ll in particular illustrate a previously
clearly incorrect AA result: We were effectively assuming that
argmemonly functions were only allowed to access their arguments
after the passed pointer, but not before it. I'm pretty sure that
this was not intentional, and it's certainly not specified by
LangRef that way.
Differential Revision: https://reviews.llvm.org/D91649
Diffstat (limited to 'llvm/lib/Analysis/Lint.cpp')
| -rw-r--r-- | llvm/lib/Analysis/Lint.cpp | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/llvm/lib/Analysis/Lint.cpp b/llvm/lib/Analysis/Lint.cpp index 002ac16..e188c23 100644 --- a/llvm/lib/Analysis/Lint.cpp +++ b/llvm/lib/Analysis/Lint.cpp @@ -190,8 +190,8 @@ void Lint::visitFunction(Function &F) { void Lint::visitCallBase(CallBase &I) { Value *Callee = I.getCalledOperand(); - visitMemoryReference(I, MemoryLocation(Callee, LocationSize::unknown()), - None, nullptr, MemRef::Callee); + visitMemoryReference(I, MemoryLocation::getAfter(Callee), None, nullptr, + MemRef::Callee); if (Function *F = dyn_cast<Function>(findValue(Callee, /*OffsetOk=*/false))) { @@ -295,7 +295,7 @@ void Lint::visitCallBase(CallBase &I) { // Check that the memcpy arguments don't overlap. The AliasAnalysis API // isn't expressive enough for what we really want to do. Known partial // overlap is not distinguished from the case where nothing is known. - auto Size = LocationSize::unknown(); + auto Size = LocationSize::afterPointer(); if (const ConstantInt *Len = dyn_cast<ConstantInt>(findValue(MCI->getLength(), /*OffsetOk=*/false))) @@ -586,9 +586,8 @@ void Lint::visitVAArgInst(VAArgInst &I) { } void Lint::visitIndirectBrInst(IndirectBrInst &I) { - visitMemoryReference( - I, MemoryLocation(I.getAddress(), LocationSize::unknown()), - None, nullptr, MemRef::Branchee); + visitMemoryReference(I, MemoryLocation::getAfter(I.getAddress()), None, + nullptr, MemRef::Branchee); Assert(I.getNumDestinations() != 0, "Undefined behavior: indirectbr with no destinations", &I); |