<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Mar 25, 2016, at 9:04 PM, Jia Chen <<a href="mailto:jchen@cs.utexas.edu" class="">jchen@cs.utexas.edu</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" class="">
<div bgcolor="#FFFFFF" text="#000000" class="">
On 03/25/2016 08:08 PM, Chris Lattner wrote:<br class="">
<blockquote cite="mid:160DB5EF-5DA1-4446-A444-E50F51C02BE1@apple.com" type="cite" class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div class="">I’m still a big fan of context sensitive, flow insensitive,
unification based models. <br class="">
</div>
</blockquote>
<br class="">
Interestingly I find the unification approach quite unsatisfactory
sometime. What happens there is pointers with the same "depth" are
too often clobbered together unless they are really unrelated to
each other. <br class="">
<br class="">
<blockquote cite="mid:160DB5EF-5DA1-4446-A444-E50F51C02BE1@apple.com" type="cite" class="">
<div class="">Contrary to your claim, context sensitivity *is* useful for
mod-ref analysis, e.g. “can I hoist a load across this call”?
Context sensitivity improves the precision of the mod/ref set
of the call.</div>
<br class="">
</blockquote>
I'm not sure about that. How often does mod-ref information change
across callsites? Isn't a good context-insensitive function summary
good enough?<br class=""></div></div></blockquote><br class=""></div><div>It changes all the time. Here’s a trivial example, assume no inlining and no AA other than the one in question:</div><div class=""><br class=""></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;" class=""><div class="">std::vector<int> V1 = { 1, 2, 3 };</div><div class=""><div class="">std::vector<int> V2 = { 4, 5, 6 };</div></div><div class=""><br class=""></div><div class="">V1.pop_back(); // Mutates *this</div><div class=""><br class=""></div><div class="">auto length = V1.size();</div><div class=""><br class=""></div><div class=""><div class="">V2.pop_back(); // Mutates *this</div></div><div class=""><br class=""></div><div class="">auto zero = length - V1.size()</div></blockquote><div class=""><br class=""></div><div class="">In this case, the compiler should “obviously” be able to CSE length, allowing further simplification to substitute zero with 0.</div><div class=""><br class=""></div><div class="">However, with a context sensitive AA, both &V1 and &V2 end up aliasing the “this” pointer in std::vector::pop_back. As such, without context sensitivity, you would falsely assume that “V2.pop_back();” could modify “V1”. This is unfortunate, particularly for OO languages that frequently use static dispatch (like C++, Swift, and others).</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">That said, I have no idea what you’re referring to by "context-insensitive function summary”. If you’re talking about something context sensitive, then ya, it can handle this. :-)</div><div class=""><br class=""></div><div class="">-Chris</div></body></html>