[LLVMdev] semantics for control-flow-sensitive AA queries?

[Christian Convey]

I've been chatting with a few folks about how the AliasAnalysis class could
be extended to allow control-flow-sensitive AA queries.  The simplistic
notion is that one could ask things like, "In procedure Foo, at the code
point immediately following Instruction I1: do the Locations allocated by
instructions I2 and I3 alias each other?"

My problem is figuring out what the supported queries' semantics should be
when the CFG has a non-trivial shape.  For example, suppose we have code
like this (in C):

for (...) {

char* p = malloc(42);

p[0] = 'x';

}

Do we consider p[0]='x' to be a strong update, because "p" clearly modifies
the memory allocated by "malloc" call that happened in the *same loop
iteration*?  Or do we consider this a weak update, because "*p" potentially
names more than one chunk of "malloc"-allocated memory, since it's in a
loop?

I suspect that the question of desirable semantics get even more complex in
cases where the CFG is more complicated (nested loops, irreducible, etc.),
or when the relevant code points for a given query aren't all in the same
basic block.

So my question is this:  Is this a well-understood topic, where there's
some agreed-upon list of all reasonable / useful variations on this kind of
context-sensitive query?  Or is it more chaotic, where various AA consumers
have various preferred versions of these query semantics?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150601/4782e9f9/attachment.html>