[llvm-dev] Interprocedural AA

Tue Dec 18 11:21:04 PST 2018

Hi Armin,

For demand-driven pointer analysis, there's cfl-steens-aa and cfl-anders-aa
already in LLVM [1]. Last I've heard, the implementation was good enough to
be used for optimization, but I don't know if it has bit-rotten or not
since then.

For global analysis, you can take a look at the SVF framework [2]. They
have nice documentation that explains how the analysis works.
As for the original DSA, we maintain a port for fairly recent llvm 5.0 as a
part of the SeaHorn verification framework [3]. There's also our custom
flavor of DSA, SeaDsa [4].

But taking a step back, it really depends on what you want to do with it.
If you want to optimize programs, perhaps it'd be best if you relied on
Basic/TB AA and inlined in all the interprocedural contexts you care about.
If that's not feasible, if you don't intend to do many AA queries, try CFL
from LLVM. If you need precise interprocedural AA for whole programs, and
your programs are small, try SVF. To my knowledge, no publicly-available
Andersen-style pointer analysis scales to large programs (say > 500MB
bitcode), and you may have more luck with DSA. The best approach is
probably to take existing implementations, see which one is scalable enough
for the problem you are interested in, and tweak it to gain more precision.
If you are interested in AA, there is a nice overview of the field here [5].

Best,
Kuba

[1] https://github.com/grievejia/GSoC2016/blob/master/writeup.pdf
[2] https://github.com/SVF-tools/SVF
[3] https://github.com/seahorn/llvm-dsa/tree/llvm-5.0
[4] https://github.com/seahorn/sea-dsa
[5] https://yanniss.github.io/points-to-tutorial15.pdf

On Tue, Dec 18, 2018 at 11:21 AM via llvm-dev <llvm-dev at lists.llvm.org>
wrote:

> Hi,
>
> I'm looking for interprocedural AAs and have, of course, found
> https://llvm.org/docs/AliasAnalysis.html.  However, the AAs that come
> bundled with LLVM do not work interprocedurally in a way that I need it
> (on/with stack variables).  The two interesting looking AAs come with the
> optional `poolalloc' module that hasn't been updated in years (I guess
> http://lists.llvm.org/pipermail/llvm-dev/2015-February/082054.html never
> happened).  My question:  is there currently some interprocedural AA that
> LLVM suggests (and/or even uses internally) that can cope with something
> like this (without the need to inline everything for analysis' sake):
>
> void foo(int* x) {
>   *x = 22; // <-- same value
> }
>
> int main(void) {
>   int x; // <-- same value
>   (void) foo(&x);
>   return 0;
> }
>
> Thanks a lot for your thoughts :)
>
> Armin
>
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>

-- 
Jakub Kuderski
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20181218/f96e11af/attachment.html>