[llvm-dev] RFC: Resolving TBAA issues

Ivan A. Kosarev via llvm-dev llvm-dev at lists.llvm.org
Sat Aug 19 06:29:31 PDT 2017 

Daniel, Hal,

I'm trying to figure out what we would need to do in terms of the 
current approach, accepting its limitations, to support unions, member 
arrays, aggregate accesses and type identifiers and what I get looks 
suspiciously simple. Can you please check it out and let me know if I'm 
missing something?


For unions:

TBAA, regardless of a specific approach, cannot guarantee correct 
answers for couples of accesses that involve pointers to union members.

This means that in terms of TBAA two access paths that come through 
unions may overlap only if the most-enclosing unions in these paths are 
the same union.

Furthermore, two accesses with the same base union type overlap if their 
offset ranges overlap. The access types do not matter. Otherwise, they 
are considered not to overlap and with the current approach we can't say 
better.

This sounds like during scanning through type trees in 
TypeBasedAAResult::Aliases() we should just stop at the first union type 
we have run into and see if:
   a) that union is the base type of the other access and
   b) the offset ranges overlap.

No need to traverse through any union members.

Similarly, in MDNode::getMostGenericTBAA() we do not consider nodes that 
represent union-enclosed types. This means the most generic type may be 
an aggregate or a union, in which case we return null node unless 
aggreagte accesses are supported.

To distinct unions from other types we can have a special group for 
them. Alternatively, we can use type identification nodes, see below.


For aggregate accesses:

The comment in TypeBasedAliasAnalysis.cpp suggests:

   // TODO: We need to check if AccessType of TagA encloses AccessType of
   // TagB to support aggregate AccessType. If yes, return true.

Consider these two accesses:

     struct A { int i; };
     struct B { struct A a; } *b;

     struct X { int i; } *x;

     b->a
     x->i

Following the rule in the comment, the accesses are allowed to overlap, 
which is wrong.

Instead, we should check if the access type of one access encloses the 
base type of the other. And we should only check this if neither base 
type encloses the other.

This relies on traversing through types, but again, we shall never 
follow union-enclosed type nodes as for them to potentially overlap we 
require explicit base specification.


For member arrays:

There are no accesses to arrays, only accesses to array elements. In 
terms of TBAA, an access to an array element is no different than an 
access to an object of the element type. And an access to a member array 
element is no different than an access to a member of the element type. 
All this provided offsets remain the same.

The overall array size does not matter because structure members are 
known not to overlap and we never differentiate between union members.


For type identifiers:

We can add a language-specific node to type metadata tuples that 
guarantees uniqueness of type nodes that are not interchangeable in 
terms of TBAA.

This is supposed to resolve issues like this one:
https://bugs.llvm.org/show_bug.cgi?id=8572

Thanks,

--

More information about the llvm-dev mailing list