1.7.6.1Copyright © 2003-2014 University of Illinois at Urbana-Champaign. All Rights Reserved.
LLVM API Documentation
00001 //===-- Lint.cpp - Check for common errors in LLVM IR ---------------------===// 00002 // 00003 // The LLVM Compiler Infrastructure 00004 // 00005 // This file is distributed under the University of Illinois Open Source 00006 // License. See LICENSE.TXT for details. 00007 // 00008 //===----------------------------------------------------------------------===// 00009 // 00010 // This pass statically checks for common and easily-identified constructs 00011 // which produce undefined or likely unintended behavior in LLVM IR. 00012 // 00013 // It is not a guarantee of correctness, in two ways. First, it isn't 00014 // comprehensive. There are checks which could be done statically which are 00015 // not yet implemented. Some of these are indicated by TODO comments, but 00016 // those aren't comprehensive either. Second, many conditions cannot be 00017 // checked statically. This pass does no dynamic instrumentation, so it 00018 // can't check for all possible problems. 00019 // 00020 // Another limitation is that it assumes all code will be executed. A store 00021 // through a null pointer in a basic block which is never reached is harmless, 00022 // but this pass will warn about it anyway. This is the main reason why most 00023 // of these checks live here instead of in the Verifier pass. 00024 // 00025 // Optimization passes may make conditions that this pass checks for more or 00026 // less obvious. If an optimization pass appears to be introducing a warning, 00027 // it may be that the optimization pass is merely exposing an existing 00028 // condition in the code. 00029 // 00030 // This code may be run before instcombine. In many cases, instcombine checks 00031 // for the same kinds of things and turns instructions with undefined behavior 00032 // into unreachable (or equivalent). Because of this, this pass makes some 00033 // effort to look through bitcasts and so on. 00034 // 00035 //===----------------------------------------------------------------------===// 00036 00037 #include "llvm/Analysis/Lint.h" 00038 #include "llvm/ADT/STLExtras.h" 00039 #include "llvm/Analysis/AliasAnalysis.h" 00040 #include "llvm/Analysis/AssumptionTracker.h" 00041 #include "llvm/Analysis/ConstantFolding.h" 00042 #include "llvm/Analysis/InstructionSimplify.h" 00043 #include "llvm/Analysis/Loads.h" 00044 #include "llvm/Analysis/Passes.h" 00045 #include "llvm/Analysis/ValueTracking.h" 00046 #include "llvm/IR/CallSite.h" 00047 #include "llvm/IR/DataLayout.h" 00048 #include "llvm/IR/Dominators.h" 00049 #include "llvm/IR/Function.h" 00050 #include "llvm/IR/InstVisitor.h" 00051 #include "llvm/IR/IntrinsicInst.h" 00052 #include "llvm/Pass.h" 00053 #include "llvm/PassManager.h" 00054 #include "llvm/Support/Debug.h" 00055 #include "llvm/Support/raw_ostream.h" 00056 #include "llvm/Target/TargetLibraryInfo.h" 00057 using namespace llvm; 00058 00059 namespace { 00060 namespace MemRef { 00061 static unsigned Read = 1; 00062 static unsigned Write = 2; 00063 static unsigned Callee = 4; 00064 static unsigned Branchee = 8; 00065 } 00066 00067 class Lint : public FunctionPass, public InstVisitor<Lint> { 00068 friend class InstVisitor<Lint>; 00069 00070 void visitFunction(Function &F); 00071 00072 void visitCallSite(CallSite CS); 00073 void visitMemoryReference(Instruction &I, Value *Ptr, 00074 uint64_t Size, unsigned Align, 00075 Type *Ty, unsigned Flags); 00076 00077 void visitCallInst(CallInst &I); 00078 void visitInvokeInst(InvokeInst &I); 00079 void visitReturnInst(ReturnInst &I); 00080 void visitLoadInst(LoadInst &I); 00081 void visitStoreInst(StoreInst &I); 00082 void visitXor(BinaryOperator &I); 00083 void visitSub(BinaryOperator &I); 00084 void visitLShr(BinaryOperator &I); 00085 void visitAShr(BinaryOperator &I); 00086 void visitShl(BinaryOperator &I); 00087 void visitSDiv(BinaryOperator &I); 00088 void visitUDiv(BinaryOperator &I); 00089 void visitSRem(BinaryOperator &I); 00090 void visitURem(BinaryOperator &I); 00091 void visitAllocaInst(AllocaInst &I); 00092 void visitVAArgInst(VAArgInst &I); 00093 void visitIndirectBrInst(IndirectBrInst &I); 00094 void visitExtractElementInst(ExtractElementInst &I); 00095 void visitInsertElementInst(InsertElementInst &I); 00096 void visitUnreachableInst(UnreachableInst &I); 00097 00098 Value *findValue(Value *V, bool OffsetOk) const; 00099 Value *findValueImpl(Value *V, bool OffsetOk, 00100 SmallPtrSetImpl<Value *> &Visited) const; 00101 00102 public: 00103 Module *Mod; 00104 AliasAnalysis *AA; 00105 AssumptionTracker *AT; 00106 DominatorTree *DT; 00107 const DataLayout *DL; 00108 TargetLibraryInfo *TLI; 00109 00110 std::string Messages; 00111 raw_string_ostream MessagesStr; 00112 00113 static char ID; // Pass identification, replacement for typeid 00114 Lint() : FunctionPass(ID), MessagesStr(Messages) { 00115 initializeLintPass(*PassRegistry::getPassRegistry()); 00116 } 00117 00118 bool runOnFunction(Function &F) override; 00119 00120 void getAnalysisUsage(AnalysisUsage &AU) const override { 00121 AU.setPreservesAll(); 00122 AU.addRequired<AliasAnalysis>(); 00123 AU.addRequired<AssumptionTracker>(); 00124 AU.addRequired<TargetLibraryInfo>(); 00125 AU.addRequired<DominatorTreeWrapperPass>(); 00126 } 00127 void print(raw_ostream &O, const Module *M) const override {} 00128 00129 void WriteValue(const Value *V) { 00130 if (!V) return; 00131 if (isa<Instruction>(V)) { 00132 MessagesStr << *V << '\n'; 00133 } else { 00134 V->printAsOperand(MessagesStr, true, Mod); 00135 MessagesStr << '\n'; 00136 } 00137 } 00138 00139 // CheckFailed - A check failed, so print out the condition and the message 00140 // that failed. This provides a nice place to put a breakpoint if you want 00141 // to see why something is not correct. 00142 void CheckFailed(const Twine &Message, 00143 const Value *V1 = nullptr, const Value *V2 = nullptr, 00144 const Value *V3 = nullptr, const Value *V4 = nullptr) { 00145 MessagesStr << Message.str() << "\n"; 00146 WriteValue(V1); 00147 WriteValue(V2); 00148 WriteValue(V3); 00149 WriteValue(V4); 00150 } 00151 }; 00152 } 00153 00154 char Lint::ID = 0; 00155 INITIALIZE_PASS_BEGIN(Lint, "lint", "Statically lint-checks LLVM IR", 00156 false, true) 00157 INITIALIZE_PASS_DEPENDENCY(AssumptionTracker) 00158 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfo) 00159 INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass) 00160 INITIALIZE_AG_DEPENDENCY(AliasAnalysis) 00161 INITIALIZE_PASS_END(Lint, "lint", "Statically lint-checks LLVM IR", 00162 false, true) 00163 00164 // Assert - We know that cond should be true, if not print an error message. 00165 #define Assert(C, M) \ 00166 do { if (!(C)) { CheckFailed(M); return; } } while (0) 00167 #define Assert1(C, M, V1) \ 00168 do { if (!(C)) { CheckFailed(M, V1); return; } } while (0) 00169 #define Assert2(C, M, V1, V2) \ 00170 do { if (!(C)) { CheckFailed(M, V1, V2); return; } } while (0) 00171 #define Assert3(C, M, V1, V2, V3) \ 00172 do { if (!(C)) { CheckFailed(M, V1, V2, V3); return; } } while (0) 00173 #define Assert4(C, M, V1, V2, V3, V4) \ 00174 do { if (!(C)) { CheckFailed(M, V1, V2, V3, V4); return; } } while (0) 00175 00176 // Lint::run - This is the main Analysis entry point for a 00177 // function. 00178 // 00179 bool Lint::runOnFunction(Function &F) { 00180 Mod = F.getParent(); 00181 AA = &getAnalysis<AliasAnalysis>(); 00182 AT = &getAnalysis<AssumptionTracker>(); 00183 DT = &getAnalysis<DominatorTreeWrapperPass>().getDomTree(); 00184 DataLayoutPass *DLP = getAnalysisIfAvailable<DataLayoutPass>(); 00185 DL = DLP ? &DLP->getDataLayout() : nullptr; 00186 TLI = &getAnalysis<TargetLibraryInfo>(); 00187 visit(F); 00188 dbgs() << MessagesStr.str(); 00189 Messages.clear(); 00190 return false; 00191 } 00192 00193 void Lint::visitFunction(Function &F) { 00194 // This isn't undefined behavior, it's just a little unusual, and it's a 00195 // fairly common mistake to neglect to name a function. 00196 Assert1(F.hasName() || F.hasLocalLinkage(), 00197 "Unusual: Unnamed function with non-local linkage", &F); 00198 00199 // TODO: Check for irreducible control flow. 00200 } 00201 00202 void Lint::visitCallSite(CallSite CS) { 00203 Instruction &I = *CS.getInstruction(); 00204 Value *Callee = CS.getCalledValue(); 00205 00206 visitMemoryReference(I, Callee, AliasAnalysis::UnknownSize, 00207 0, nullptr, MemRef::Callee); 00208 00209 if (Function *F = dyn_cast<Function>(findValue(Callee, /*OffsetOk=*/false))) { 00210 Assert1(CS.getCallingConv() == F->getCallingConv(), 00211 "Undefined behavior: Caller and callee calling convention differ", 00212 &I); 00213 00214 FunctionType *FT = F->getFunctionType(); 00215 unsigned NumActualArgs = CS.arg_size(); 00216 00217 Assert1(FT->isVarArg() ? 00218 FT->getNumParams() <= NumActualArgs : 00219 FT->getNumParams() == NumActualArgs, 00220 "Undefined behavior: Call argument count mismatches callee " 00221 "argument count", &I); 00222 00223 Assert1(FT->getReturnType() == I.getType(), 00224 "Undefined behavior: Call return type mismatches " 00225 "callee return type", &I); 00226 00227 // Check argument types (in case the callee was casted) and attributes. 00228 // TODO: Verify that caller and callee attributes are compatible. 00229 Function::arg_iterator PI = F->arg_begin(), PE = F->arg_end(); 00230 CallSite::arg_iterator AI = CS.arg_begin(), AE = CS.arg_end(); 00231 for (; AI != AE; ++AI) { 00232 Value *Actual = *AI; 00233 if (PI != PE) { 00234 Argument *Formal = PI++; 00235 Assert1(Formal->getType() == Actual->getType(), 00236 "Undefined behavior: Call argument type mismatches " 00237 "callee parameter type", &I); 00238 00239 // Check that noalias arguments don't alias other arguments. This is 00240 // not fully precise because we don't know the sizes of the dereferenced 00241 // memory regions. 00242 if (Formal->hasNoAliasAttr() && Actual->getType()->isPointerTy()) 00243 for (CallSite::arg_iterator BI = CS.arg_begin(); BI != AE; ++BI) 00244 if (AI != BI && (*BI)->getType()->isPointerTy()) { 00245 AliasAnalysis::AliasResult Result = AA->alias(*AI, *BI); 00246 Assert1(Result != AliasAnalysis::MustAlias && 00247 Result != AliasAnalysis::PartialAlias, 00248 "Unusual: noalias argument aliases another argument", &I); 00249 } 00250 00251 // Check that an sret argument points to valid memory. 00252 if (Formal->hasStructRetAttr() && Actual->getType()->isPointerTy()) { 00253 Type *Ty = 00254 cast<PointerType>(Formal->getType())->getElementType(); 00255 visitMemoryReference(I, Actual, AA->getTypeStoreSize(Ty), 00256 DL ? DL->getABITypeAlignment(Ty) : 0, 00257 Ty, MemRef::Read | MemRef::Write); 00258 } 00259 } 00260 } 00261 } 00262 00263 if (CS.isCall() && cast<CallInst>(CS.getInstruction())->isTailCall()) 00264 for (CallSite::arg_iterator AI = CS.arg_begin(), AE = CS.arg_end(); 00265 AI != AE; ++AI) { 00266 Value *Obj = findValue(*AI, /*OffsetOk=*/true); 00267 Assert1(!isa<AllocaInst>(Obj), 00268 "Undefined behavior: Call with \"tail\" keyword references " 00269 "alloca", &I); 00270 } 00271 00272 00273 if (IntrinsicInst *II = dyn_cast<IntrinsicInst>(&I)) 00274 switch (II->getIntrinsicID()) { 00275 default: break; 00276 00277 // TODO: Check more intrinsics 00278 00279 case Intrinsic::memcpy: { 00280 MemCpyInst *MCI = cast<MemCpyInst>(&I); 00281 // TODO: If the size is known, use it. 00282 visitMemoryReference(I, MCI->getDest(), AliasAnalysis::UnknownSize, 00283 MCI->getAlignment(), nullptr, 00284 MemRef::Write); 00285 visitMemoryReference(I, MCI->getSource(), AliasAnalysis::UnknownSize, 00286 MCI->getAlignment(), nullptr, 00287 MemRef::Read); 00288 00289 // Check that the memcpy arguments don't overlap. The AliasAnalysis API 00290 // isn't expressive enough for what we really want to do. Known partial 00291 // overlap is not distinguished from the case where nothing is known. 00292 uint64_t Size = 0; 00293 if (const ConstantInt *Len = 00294 dyn_cast<ConstantInt>(findValue(MCI->getLength(), 00295 /*OffsetOk=*/false))) 00296 if (Len->getValue().isIntN(32)) 00297 Size = Len->getValue().getZExtValue(); 00298 Assert1(AA->alias(MCI->getSource(), Size, MCI->getDest(), Size) != 00299 AliasAnalysis::MustAlias, 00300 "Undefined behavior: memcpy source and destination overlap", &I); 00301 break; 00302 } 00303 case Intrinsic::memmove: { 00304 MemMoveInst *MMI = cast<MemMoveInst>(&I); 00305 // TODO: If the size is known, use it. 00306 visitMemoryReference(I, MMI->getDest(), AliasAnalysis::UnknownSize, 00307 MMI->getAlignment(), nullptr, 00308 MemRef::Write); 00309 visitMemoryReference(I, MMI->getSource(), AliasAnalysis::UnknownSize, 00310 MMI->getAlignment(), nullptr, 00311 MemRef::Read); 00312 break; 00313 } 00314 case Intrinsic::memset: { 00315 MemSetInst *MSI = cast<MemSetInst>(&I); 00316 // TODO: If the size is known, use it. 00317 visitMemoryReference(I, MSI->getDest(), AliasAnalysis::UnknownSize, 00318 MSI->getAlignment(), nullptr, 00319 MemRef::Write); 00320 break; 00321 } 00322 00323 case Intrinsic::vastart: 00324 Assert1(I.getParent()->getParent()->isVarArg(), 00325 "Undefined behavior: va_start called in a non-varargs function", 00326 &I); 00327 00328 visitMemoryReference(I, CS.getArgument(0), AliasAnalysis::UnknownSize, 00329 0, nullptr, MemRef::Read | MemRef::Write); 00330 break; 00331 case Intrinsic::vacopy: 00332 visitMemoryReference(I, CS.getArgument(0), AliasAnalysis::UnknownSize, 00333 0, nullptr, MemRef::Write); 00334 visitMemoryReference(I, CS.getArgument(1), AliasAnalysis::UnknownSize, 00335 0, nullptr, MemRef::Read); 00336 break; 00337 case Intrinsic::vaend: 00338 visitMemoryReference(I, CS.getArgument(0), AliasAnalysis::UnknownSize, 00339 0, nullptr, MemRef::Read | MemRef::Write); 00340 break; 00341 00342 case Intrinsic::stackrestore: 00343 // Stackrestore doesn't read or write memory, but it sets the 00344 // stack pointer, which the compiler may read from or write to 00345 // at any time, so check it for both readability and writeability. 00346 visitMemoryReference(I, CS.getArgument(0), AliasAnalysis::UnknownSize, 00347 0, nullptr, MemRef::Read | MemRef::Write); 00348 break; 00349 } 00350 } 00351 00352 void Lint::visitCallInst(CallInst &I) { 00353 return visitCallSite(&I); 00354 } 00355 00356 void Lint::visitInvokeInst(InvokeInst &I) { 00357 return visitCallSite(&I); 00358 } 00359 00360 void Lint::visitReturnInst(ReturnInst &I) { 00361 Function *F = I.getParent()->getParent(); 00362 Assert1(!F->doesNotReturn(), 00363 "Unusual: Return statement in function with noreturn attribute", 00364 &I); 00365 00366 if (Value *V = I.getReturnValue()) { 00367 Value *Obj = findValue(V, /*OffsetOk=*/true); 00368 Assert1(!isa<AllocaInst>(Obj), 00369 "Unusual: Returning alloca value", &I); 00370 } 00371 } 00372 00373 // TODO: Check that the reference is in bounds. 00374 // TODO: Check readnone/readonly function attributes. 00375 void Lint::visitMemoryReference(Instruction &I, 00376 Value *Ptr, uint64_t Size, unsigned Align, 00377 Type *Ty, unsigned Flags) { 00378 // If no memory is being referenced, it doesn't matter if the pointer 00379 // is valid. 00380 if (Size == 0) 00381 return; 00382 00383 Value *UnderlyingObject = findValue(Ptr, /*OffsetOk=*/true); 00384 Assert1(!isa<ConstantPointerNull>(UnderlyingObject), 00385 "Undefined behavior: Null pointer dereference", &I); 00386 Assert1(!isa<UndefValue>(UnderlyingObject), 00387 "Undefined behavior: Undef pointer dereference", &I); 00388 Assert1(!isa<ConstantInt>(UnderlyingObject) || 00389 !cast<ConstantInt>(UnderlyingObject)->isAllOnesValue(), 00390 "Unusual: All-ones pointer dereference", &I); 00391 Assert1(!isa<ConstantInt>(UnderlyingObject) || 00392 !cast<ConstantInt>(UnderlyingObject)->isOne(), 00393 "Unusual: Address one pointer dereference", &I); 00394 00395 if (Flags & MemRef::Write) { 00396 if (const GlobalVariable *GV = dyn_cast<GlobalVariable>(UnderlyingObject)) 00397 Assert1(!GV->isConstant(), 00398 "Undefined behavior: Write to read-only memory", &I); 00399 Assert1(!isa<Function>(UnderlyingObject) && 00400 !isa<BlockAddress>(UnderlyingObject), 00401 "Undefined behavior: Write to text section", &I); 00402 } 00403 if (Flags & MemRef::Read) { 00404 Assert1(!isa<Function>(UnderlyingObject), 00405 "Unusual: Load from function body", &I); 00406 Assert1(!isa<BlockAddress>(UnderlyingObject), 00407 "Undefined behavior: Load from block address", &I); 00408 } 00409 if (Flags & MemRef::Callee) { 00410 Assert1(!isa<BlockAddress>(UnderlyingObject), 00411 "Undefined behavior: Call to block address", &I); 00412 } 00413 if (Flags & MemRef::Branchee) { 00414 Assert1(!isa<Constant>(UnderlyingObject) || 00415 isa<BlockAddress>(UnderlyingObject), 00416 "Undefined behavior: Branch to non-blockaddress", &I); 00417 } 00418 00419 // Check for buffer overflows and misalignment. 00420 // Only handles memory references that read/write something simple like an 00421 // alloca instruction or a global variable. 00422 int64_t Offset = 0; 00423 if (Value *Base = GetPointerBaseWithConstantOffset(Ptr, Offset, DL)) { 00424 // OK, so the access is to a constant offset from Ptr. Check that Ptr is 00425 // something we can handle and if so extract the size of this base object 00426 // along with its alignment. 00427 uint64_t BaseSize = AliasAnalysis::UnknownSize; 00428 unsigned BaseAlign = 0; 00429 00430 if (AllocaInst *AI = dyn_cast<AllocaInst>(Base)) { 00431 Type *ATy = AI->getAllocatedType(); 00432 if (DL && !AI->isArrayAllocation() && ATy->isSized()) 00433 BaseSize = DL->getTypeAllocSize(ATy); 00434 BaseAlign = AI->getAlignment(); 00435 if (DL && BaseAlign == 0 && ATy->isSized()) 00436 BaseAlign = DL->getABITypeAlignment(ATy); 00437 } else if (GlobalVariable *GV = dyn_cast<GlobalVariable>(Base)) { 00438 // If the global may be defined differently in another compilation unit 00439 // then don't warn about funky memory accesses. 00440 if (GV->hasDefinitiveInitializer()) { 00441 Type *GTy = GV->getType()->getElementType(); 00442 if (DL && GTy->isSized()) 00443 BaseSize = DL->getTypeAllocSize(GTy); 00444 BaseAlign = GV->getAlignment(); 00445 if (DL && BaseAlign == 0 && GTy->isSized()) 00446 BaseAlign = DL->getABITypeAlignment(GTy); 00447 } 00448 } 00449 00450 // Accesses from before the start or after the end of the object are not 00451 // defined. 00452 Assert1(Size == AliasAnalysis::UnknownSize || 00453 BaseSize == AliasAnalysis::UnknownSize || 00454 (Offset >= 0 && Offset + Size <= BaseSize), 00455 "Undefined behavior: Buffer overflow", &I); 00456 00457 // Accesses that say that the memory is more aligned than it is are not 00458 // defined. 00459 if (DL && Align == 0 && Ty && Ty->isSized()) 00460 Align = DL->getABITypeAlignment(Ty); 00461 Assert1(!BaseAlign || Align <= MinAlign(BaseAlign, Offset), 00462 "Undefined behavior: Memory reference address is misaligned", &I); 00463 } 00464 } 00465 00466 void Lint::visitLoadInst(LoadInst &I) { 00467 visitMemoryReference(I, I.getPointerOperand(), 00468 AA->getTypeStoreSize(I.getType()), I.getAlignment(), 00469 I.getType(), MemRef::Read); 00470 } 00471 00472 void Lint::visitStoreInst(StoreInst &I) { 00473 visitMemoryReference(I, I.getPointerOperand(), 00474 AA->getTypeStoreSize(I.getOperand(0)->getType()), 00475 I.getAlignment(), 00476 I.getOperand(0)->getType(), MemRef::Write); 00477 } 00478 00479 void Lint::visitXor(BinaryOperator &I) { 00480 Assert1(!isa<UndefValue>(I.getOperand(0)) || 00481 !isa<UndefValue>(I.getOperand(1)), 00482 "Undefined result: xor(undef, undef)", &I); 00483 } 00484 00485 void Lint::visitSub(BinaryOperator &I) { 00486 Assert1(!isa<UndefValue>(I.getOperand(0)) || 00487 !isa<UndefValue>(I.getOperand(1)), 00488 "Undefined result: sub(undef, undef)", &I); 00489 } 00490 00491 void Lint::visitLShr(BinaryOperator &I) { 00492 if (ConstantInt *CI = 00493 dyn_cast<ConstantInt>(findValue(I.getOperand(1), /*OffsetOk=*/false))) 00494 Assert1(CI->getValue().ult(cast<IntegerType>(I.getType())->getBitWidth()), 00495 "Undefined result: Shift count out of range", &I); 00496 } 00497 00498 void Lint::visitAShr(BinaryOperator &I) { 00499 if (ConstantInt *CI = 00500 dyn_cast<ConstantInt>(findValue(I.getOperand(1), /*OffsetOk=*/false))) 00501 Assert1(CI->getValue().ult(cast<IntegerType>(I.getType())->getBitWidth()), 00502 "Undefined result: Shift count out of range", &I); 00503 } 00504 00505 void Lint::visitShl(BinaryOperator &I) { 00506 if (ConstantInt *CI = 00507 dyn_cast<ConstantInt>(findValue(I.getOperand(1), /*OffsetOk=*/false))) 00508 Assert1(CI->getValue().ult(cast<IntegerType>(I.getType())->getBitWidth()), 00509 "Undefined result: Shift count out of range", &I); 00510 } 00511 00512 static bool isZero(Value *V, const DataLayout *DL, DominatorTree *DT, 00513 AssumptionTracker *AT) { 00514 // Assume undef could be zero. 00515 if (isa<UndefValue>(V)) 00516 return true; 00517 00518 VectorType *VecTy = dyn_cast<VectorType>(V->getType()); 00519 if (!VecTy) { 00520 unsigned BitWidth = V->getType()->getIntegerBitWidth(); 00521 APInt KnownZero(BitWidth, 0), KnownOne(BitWidth, 0); 00522 computeKnownBits(V, KnownZero, KnownOne, DL, 00523 0, AT, dyn_cast<Instruction>(V), DT); 00524 return KnownZero.isAllOnesValue(); 00525 } 00526 00527 // Per-component check doesn't work with zeroinitializer 00528 Constant *C = dyn_cast<Constant>(V); 00529 if (!C) 00530 return false; 00531 00532 if (C->isZeroValue()) 00533 return true; 00534 00535 // For a vector, KnownZero will only be true if all values are zero, so check 00536 // this per component 00537 unsigned BitWidth = VecTy->getElementType()->getIntegerBitWidth(); 00538 for (unsigned I = 0, N = VecTy->getNumElements(); I != N; ++I) { 00539 Constant *Elem = C->getAggregateElement(I); 00540 if (isa<UndefValue>(Elem)) 00541 return true; 00542 00543 APInt KnownZero(BitWidth, 0), KnownOne(BitWidth, 0); 00544 computeKnownBits(Elem, KnownZero, KnownOne, DL); 00545 if (KnownZero.isAllOnesValue()) 00546 return true; 00547 } 00548 00549 return false; 00550 } 00551 00552 void Lint::visitSDiv(BinaryOperator &I) { 00553 Assert1(!isZero(I.getOperand(1), DL, DT, AT), 00554 "Undefined behavior: Division by zero", &I); 00555 } 00556 00557 void Lint::visitUDiv(BinaryOperator &I) { 00558 Assert1(!isZero(I.getOperand(1), DL, DT, AT), 00559 "Undefined behavior: Division by zero", &I); 00560 } 00561 00562 void Lint::visitSRem(BinaryOperator &I) { 00563 Assert1(!isZero(I.getOperand(1), DL, DT, AT), 00564 "Undefined behavior: Division by zero", &I); 00565 } 00566 00567 void Lint::visitURem(BinaryOperator &I) { 00568 Assert1(!isZero(I.getOperand(1), DL, DT, AT), 00569 "Undefined behavior: Division by zero", &I); 00570 } 00571 00572 void Lint::visitAllocaInst(AllocaInst &I) { 00573 if (isa<ConstantInt>(I.getArraySize())) 00574 // This isn't undefined behavior, it's just an obvious pessimization. 00575 Assert1(&I.getParent()->getParent()->getEntryBlock() == I.getParent(), 00576 "Pessimization: Static alloca outside of entry block", &I); 00577 00578 // TODO: Check for an unusual size (MSB set?) 00579 } 00580 00581 void Lint::visitVAArgInst(VAArgInst &I) { 00582 visitMemoryReference(I, I.getOperand(0), AliasAnalysis::UnknownSize, 0, 00583 nullptr, MemRef::Read | MemRef::Write); 00584 } 00585 00586 void Lint::visitIndirectBrInst(IndirectBrInst &I) { 00587 visitMemoryReference(I, I.getAddress(), AliasAnalysis::UnknownSize, 0, 00588 nullptr, MemRef::Branchee); 00589 00590 Assert1(I.getNumDestinations() != 0, 00591 "Undefined behavior: indirectbr with no destinations", &I); 00592 } 00593 00594 void Lint::visitExtractElementInst(ExtractElementInst &I) { 00595 if (ConstantInt *CI = 00596 dyn_cast<ConstantInt>(findValue(I.getIndexOperand(), 00597 /*OffsetOk=*/false))) 00598 Assert1(CI->getValue().ult(I.getVectorOperandType()->getNumElements()), 00599 "Undefined result: extractelement index out of range", &I); 00600 } 00601 00602 void Lint::visitInsertElementInst(InsertElementInst &I) { 00603 if (ConstantInt *CI = 00604 dyn_cast<ConstantInt>(findValue(I.getOperand(2), 00605 /*OffsetOk=*/false))) 00606 Assert1(CI->getValue().ult(I.getType()->getNumElements()), 00607 "Undefined result: insertelement index out of range", &I); 00608 } 00609 00610 void Lint::visitUnreachableInst(UnreachableInst &I) { 00611 // This isn't undefined behavior, it's merely suspicious. 00612 Assert1(&I == I.getParent()->begin() || 00613 std::prev(BasicBlock::iterator(&I))->mayHaveSideEffects(), 00614 "Unusual: unreachable immediately preceded by instruction without " 00615 "side effects", &I); 00616 } 00617 00618 /// findValue - Look through bitcasts and simple memory reference patterns 00619 /// to identify an equivalent, but more informative, value. If OffsetOk 00620 /// is true, look through getelementptrs with non-zero offsets too. 00621 /// 00622 /// Most analysis passes don't require this logic, because instcombine 00623 /// will simplify most of these kinds of things away. But it's a goal of 00624 /// this Lint pass to be useful even on non-optimized IR. 00625 Value *Lint::findValue(Value *V, bool OffsetOk) const { 00626 SmallPtrSet<Value *, 4> Visited; 00627 return findValueImpl(V, OffsetOk, Visited); 00628 } 00629 00630 /// findValueImpl - Implementation helper for findValue. 00631 Value *Lint::findValueImpl(Value *V, bool OffsetOk, 00632 SmallPtrSetImpl<Value *> &Visited) const { 00633 // Detect self-referential values. 00634 if (!Visited.insert(V)) 00635 return UndefValue::get(V->getType()); 00636 00637 // TODO: Look through sext or zext cast, when the result is known to 00638 // be interpreted as signed or unsigned, respectively. 00639 // TODO: Look through eliminable cast pairs. 00640 // TODO: Look through calls with unique return values. 00641 // TODO: Look through vector insert/extract/shuffle. 00642 V = OffsetOk ? GetUnderlyingObject(V, DL) : V->stripPointerCasts(); 00643 if (LoadInst *L = dyn_cast<LoadInst>(V)) { 00644 BasicBlock::iterator BBI = L; 00645 BasicBlock *BB = L->getParent(); 00646 SmallPtrSet<BasicBlock *, 4> VisitedBlocks; 00647 for (;;) { 00648 if (!VisitedBlocks.insert(BB)) break; 00649 if (Value *U = FindAvailableLoadedValue(L->getPointerOperand(), 00650 BB, BBI, 6, AA)) 00651 return findValueImpl(U, OffsetOk, Visited); 00652 if (BBI != BB->begin()) break; 00653 BB = BB->getUniquePredecessor(); 00654 if (!BB) break; 00655 BBI = BB->end(); 00656 } 00657 } else if (PHINode *PN = dyn_cast<PHINode>(V)) { 00658 if (Value *W = PN->hasConstantValue()) 00659 if (W != V) 00660 return findValueImpl(W, OffsetOk, Visited); 00661 } else if (CastInst *CI = dyn_cast<CastInst>(V)) { 00662 if (CI->isNoopCast(DL)) 00663 return findValueImpl(CI->getOperand(0), OffsetOk, Visited); 00664 } else if (ExtractValueInst *Ex = dyn_cast<ExtractValueInst>(V)) { 00665 if (Value *W = FindInsertedValue(Ex->getAggregateOperand(), 00666 Ex->getIndices())) 00667 if (W != V) 00668 return findValueImpl(W, OffsetOk, Visited); 00669 } else if (ConstantExpr *CE = dyn_cast<ConstantExpr>(V)) { 00670 // Same as above, but for ConstantExpr instead of Instruction. 00671 if (Instruction::isCast(CE->getOpcode())) { 00672 if (CastInst::isNoopCast(Instruction::CastOps(CE->getOpcode()), 00673 CE->getOperand(0)->getType(), 00674 CE->getType(), 00675 DL ? DL->getIntPtrType(V->getType()) : 00676 Type::getInt64Ty(V->getContext()))) 00677 return findValueImpl(CE->getOperand(0), OffsetOk, Visited); 00678 } else if (CE->getOpcode() == Instruction::ExtractValue) { 00679 ArrayRef<unsigned> Indices = CE->getIndices(); 00680 if (Value *W = FindInsertedValue(CE->getOperand(0), Indices)) 00681 if (W != V) 00682 return findValueImpl(W, OffsetOk, Visited); 00683 } 00684 } 00685 00686 // As a last resort, try SimplifyInstruction or constant folding. 00687 if (Instruction *Inst = dyn_cast<Instruction>(V)) { 00688 if (Value *W = SimplifyInstruction(Inst, DL, TLI, DT, AT)) 00689 return findValueImpl(W, OffsetOk, Visited); 00690 } else if (ConstantExpr *CE = dyn_cast<ConstantExpr>(V)) { 00691 if (Value *W = ConstantFoldConstantExpression(CE, DL, TLI)) 00692 if (W != V) 00693 return findValueImpl(W, OffsetOk, Visited); 00694 } 00695 00696 return V; 00697 } 00698 00699 //===----------------------------------------------------------------------===// 00700 // Implement the public interfaces to this file... 00701 //===----------------------------------------------------------------------===// 00702 00703 FunctionPass *llvm::createLintPass() { 00704 return new Lint(); 00705 } 00706 00707 /// lintFunction - Check a function for errors, printing messages on stderr. 00708 /// 00709 void llvm::lintFunction(const Function &f) { 00710 Function &F = const_cast<Function&>(f); 00711 assert(!F.isDeclaration() && "Cannot lint external functions"); 00712 00713 FunctionPassManager FPM(F.getParent()); 00714 Lint *V = new Lint(); 00715 FPM.add(V); 00716 FPM.run(F); 00717 } 00718 00719 /// lintModule - Check a module for errors, printing messages on stderr. 00720 /// 00721 void llvm::lintModule(const Module &M) { 00722 PassManager PM; 00723 Lint *V = new Lint(); 00724 PM.add(V); 00725 PM.run(const_cast<Module&>(M)); 00726 }
Generated on Thu Sep 18 2014 03:02:31 for LLVM by
1.7.6.1
Copyright © 2003-2014 University of Illinois at Urbana-Champaign.
All Rights Reserved.