1 /* Tree based points-to analysis
2 Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010
3 Free Software Foundation, Inc.
4 Contributed by Daniel Berlin <dberlin@dberlin.org>
6 This file is part of GCC.
8 GCC is free software; you can redistribute it and/or modify
9 under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 GCC is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with GCC; see the file COPYING3. If not see
20 <http://www.gnu.org/licenses/>. */
24 #include "coretypes.h"
30 #include "basic-block.h"
33 #include "tree-flow.h"
34 #include "tree-inline.h"
35 #include "diagnostic.h"
41 #include "tree-pass.h"
43 #include "alloc-pool.h"
44 #include "splay-tree.h"
48 #include "pointer-set.h"
50 /* The idea behind this analyzer is to generate set constraints from the
51 program, then solve the resulting constraints in order to generate the
54 Set constraints are a way of modeling program analysis problems that
55 involve sets. They consist of an inclusion constraint language,
56 describing the variables (each variable is a set) and operations that
57 are involved on the variables, and a set of rules that derive facts
58 from these operations. To solve a system of set constraints, you derive
59 all possible facts under the rules, which gives you the correct sets
62 See "Efficient Field-sensitive pointer analysis for C" by "David
63 J. Pearce and Paul H. J. Kelly and Chris Hankin, at
64 http://citeseer.ist.psu.edu/pearce04efficient.html
66 Also see "Ultra-fast Aliasing Analysis using CLA: A Million Lines
67 of C Code in a Second" by ""Nevin Heintze and Olivier Tardieu" at
68 http://citeseer.ist.psu.edu/heintze01ultrafast.html
70 There are three types of real constraint expressions, DEREF,
71 ADDRESSOF, and SCALAR. Each constraint expression consists
72 of a constraint type, a variable, and an offset.
74 SCALAR is a constraint expression type used to represent x, whether
75 it appears on the LHS or the RHS of a statement.
76 DEREF is a constraint expression type used to represent *x, whether
77 it appears on the LHS or the RHS of a statement.
78 ADDRESSOF is a constraint expression used to represent &x, whether
79 it appears on the LHS or the RHS of a statement.
81 Each pointer variable in the program is assigned an integer id, and
82 each field of a structure variable is assigned an integer id as well.
84 Structure variables are linked to their list of fields through a "next
85 field" in each variable that points to the next field in offset
87 Each variable for a structure field has
89 1. "size", that tells the size in bits of that field.
90 2. "fullsize, that tells the size in bits of the entire structure.
91 3. "offset", that tells the offset in bits from the beginning of the
92 structure to this field.
104 foo.a -> id 1, size 32, offset 0, fullsize 64, next foo.b
105 foo.b -> id 2, size 32, offset 32, fullsize 64, next NULL
106 bar -> id 3, size 32, offset 0, fullsize 32, next NULL
109 In order to solve the system of set constraints, the following is
112 1. Each constraint variable x has a solution set associated with it,
115 2. Constraints are separated into direct, copy, and complex.
116 Direct constraints are ADDRESSOF constraints that require no extra
117 processing, such as P = &Q
118 Copy constraints are those of the form P = Q.
119 Complex constraints are all the constraints involving dereferences
120 and offsets (including offsetted copies).
122 3. All direct constraints of the form P = &Q are processed, such
123 that Q is added to Sol(P)
125 4. All complex constraints for a given constraint variable are stored in a
126 linked list attached to that variable's node.
128 5. A directed graph is built out of the copy constraints. Each
129 constraint variable is a node in the graph, and an edge from
130 Q to P is added for each copy constraint of the form P = Q
132 6. The graph is then walked, and solution sets are
133 propagated along the copy edges, such that an edge from Q to P
134 causes Sol(P) <- Sol(P) union Sol(Q).
136 7. As we visit each node, all complex constraints associated with
137 that node are processed by adding appropriate copy edges to the graph, or the
138 appropriate variables to the solution set.
140 8. The process of walking the graph is iterated until no solution
143 Prior to walking the graph in steps 6 and 7, We perform static
144 cycle elimination on the constraint graph, as well
145 as off-line variable substitution.
147 TODO: Adding offsets to pointer-to-structures can be handled (IE not punted
148 on and turned into anything), but isn't. You can just see what offset
149 inside the pointed-to struct it's going to access.
151 TODO: Constant bounded arrays can be handled as if they were structs of the
152 same number of elements.
154 TODO: Modeling heap and incoming pointers becomes much better if we
155 add fields to them as we discover them, which we could do.
157 TODO: We could handle unions, but to be honest, it's probably not
158 worth the pain or slowdown. */
160 /* IPA-PTA optimizations possible.
162 When the indirect function called is ANYTHING we can add disambiguation
163 based on the function signatures (or simply the parameter count which
164 is the varinfo size). We also do not need to consider functions that
165 do not have their address taken.
167 The is_global_var bit which marks escape points is overly conservative
168 in IPA mode. Split it to is_escape_point and is_global_var - only
169 externally visible globals are escape points in IPA mode. This is
170 also needed to fix the pt_solution_includes_global predicate
171 (and thus ptr_deref_may_alias_global_p).
173 The way we introduce DECL_PT_UID to avoid fixing up all points-to
174 sets in the translation unit when we copy a DECL during inlining
175 pessimizes precision. The advantage is that the DECL_PT_UID keeps
176 compile-time and memory usage overhead low - the points-to sets
177 do not grow or get unshared as they would during a fixup phase.
178 An alternative solution is to delay IPA PTA until after all
179 inlining transformations have been applied.
181 The way we propagate clobber/use information isn't optimized.
182 It should use a new complex constraint that properly filters
183 out local variables of the callee (though that would make
184 the sets invalid after inlining). OTOH we might as well
185 admit defeat to WHOPR and simply do all the clobber/use analysis
186 and propagation after PTA finished but before we threw away
187 points-to information for memory variables. WHOPR and PTA
188 do not play along well anyway - the whole constraint solving
189 would need to be done in WPA phase and it will be very interesting
190 to apply the results to local SSA names during LTRANS phase.
192 We probably should compute a per-function unit-ESCAPE solution
193 propagating it simply like the clobber / uses solutions. The
194 solution can go alongside the non-IPA espaced solution and be
195 used to query which vars escape the unit through a function.
197 We never put function decls in points-to sets so we do not
198 keep the set of called functions for indirect calls.
200 And probably more. */
202 static GTY ((if_marked ("tree_map_marked_p"), param_is (struct tree_map)))
203 htab_t heapvar_for_stmt;
205 static bool use_field_sensitive = true;
206 static int in_ipa_mode = 0;
208 /* Used for predecessor bitmaps. */
209 static bitmap_obstack predbitmap_obstack;
211 /* Used for points-to sets. */
212 static bitmap_obstack pta_obstack;
214 /* Used for oldsolution members of variables. */
215 static bitmap_obstack oldpta_obstack;
217 /* Used for per-solver-iteration bitmaps. */
218 static bitmap_obstack iteration_obstack;
220 static unsigned int create_variable_info_for (tree, const char *);
221 typedef struct constraint_graph *constraint_graph_t;
222 static void unify_nodes (constraint_graph_t, unsigned int, unsigned int, bool);
225 typedef struct constraint *constraint_t;
227 DEF_VEC_P(constraint_t);
228 DEF_VEC_ALLOC_P(constraint_t,heap);
230 #define EXECUTE_IF_IN_NONNULL_BITMAP(a, b, c, d) \
232 EXECUTE_IF_SET_IN_BITMAP (a, b, c, d)
234 static struct constraint_stats
236 unsigned int total_vars;
237 unsigned int nonpointer_vars;
238 unsigned int unified_vars_static;
239 unsigned int unified_vars_dynamic;
240 unsigned int iterations;
241 unsigned int num_edges;
242 unsigned int num_implicit_edges;
243 unsigned int points_to_sets_created;
248 /* ID of this variable */
251 /* True if this is a variable created by the constraint analysis, such as
252 heap variables and constraints we had to break up. */
253 unsigned int is_artificial_var : 1;
255 /* True if this is a special variable whose solution set should not be
257 unsigned int is_special_var : 1;
259 /* True for variables whose size is not known or variable. */
260 unsigned int is_unknown_size_var : 1;
262 /* True for (sub-)fields that represent a whole variable. */
263 unsigned int is_full_var : 1;
265 /* True if this is a heap variable. */
266 unsigned int is_heap_var : 1;
268 /* True if this is a variable tracking a restrict pointer source. */
269 unsigned int is_restrict_var : 1;
271 /* True if this field may contain pointers. */
272 unsigned int may_have_pointers : 1;
274 /* True if this field has only restrict qualified pointers. */
275 unsigned int only_restrict_pointers : 1;
277 /* True if this represents a global variable. */
278 unsigned int is_global_var : 1;
280 /* True if this represents a IPA function info. */
281 unsigned int is_fn_info : 1;
283 /* A link to the variable for the next field in this structure. */
284 struct variable_info *next;
286 /* Offset of this variable, in bits, from the base variable */
287 unsigned HOST_WIDE_INT offset;
289 /* Size of the variable, in bits. */
290 unsigned HOST_WIDE_INT size;
292 /* Full size of the base variable, in bits. */
293 unsigned HOST_WIDE_INT fullsize;
295 /* Name of this variable */
298 /* Tree that this variable is associated with. */
301 /* Points-to set for this variable. */
304 /* Old points-to set for this variable. */
307 typedef struct variable_info *varinfo_t;
309 static varinfo_t first_vi_for_offset (varinfo_t, unsigned HOST_WIDE_INT);
310 static varinfo_t first_or_preceding_vi_for_offset (varinfo_t,
311 unsigned HOST_WIDE_INT);
312 static varinfo_t lookup_vi_for_tree (tree);
314 /* Pool of variable info structures. */
315 static alloc_pool variable_info_pool;
317 DEF_VEC_P(varinfo_t);
319 DEF_VEC_ALLOC_P(varinfo_t, heap);
321 /* Table of variable info structures for constraint variables.
322 Indexed directly by variable info id. */
323 static VEC(varinfo_t,heap) *varmap;
325 /* Return the varmap element N */
327 static inline varinfo_t
328 get_varinfo (unsigned int n)
330 return VEC_index (varinfo_t, varmap, n);
333 /* Static IDs for the special variables. */
334 enum { nothing_id = 0, anything_id = 1, readonly_id = 2,
335 escaped_id = 3, nonlocal_id = 4,
336 storedanything_id = 5, integer_id = 6 };
338 struct GTY(()) heapvar_map {
340 unsigned HOST_WIDE_INT offset;
344 heapvar_map_eq (const void *p1, const void *p2)
346 const struct heapvar_map *h1 = (const struct heapvar_map *)p1;
347 const struct heapvar_map *h2 = (const struct heapvar_map *)p2;
348 return (h1->map.base.from == h2->map.base.from
349 && h1->offset == h2->offset);
353 heapvar_map_hash (struct heapvar_map *h)
355 return iterative_hash_host_wide_int (h->offset,
356 htab_hash_pointer (h->map.base.from));
359 /* Lookup a heap var for FROM, and return it if we find one. */
362 heapvar_lookup (tree from, unsigned HOST_WIDE_INT offset)
364 struct heapvar_map *h, in;
365 in.map.base.from = from;
367 h = (struct heapvar_map *) htab_find_with_hash (heapvar_for_stmt, &in,
368 heapvar_map_hash (&in));
374 /* Insert a mapping FROM->TO in the heap var for statement
378 heapvar_insert (tree from, unsigned HOST_WIDE_INT offset, tree to)
380 struct heapvar_map *h;
383 h = GGC_NEW (struct heapvar_map);
384 h->map.base.from = from;
386 h->map.hash = heapvar_map_hash (h);
388 loc = htab_find_slot_with_hash (heapvar_for_stmt, h, h->map.hash, INSERT);
389 gcc_assert (*loc == NULL);
390 *(struct heapvar_map **) loc = h;
393 /* Return a new variable info structure consisting for a variable
394 named NAME, and using constraint graph node NODE. Append it
395 to the vector of variable info structures. */
398 new_var_info (tree t, const char *name)
400 unsigned index = VEC_length (varinfo_t, varmap);
401 varinfo_t ret = (varinfo_t) pool_alloc (variable_info_pool);
406 /* Vars without decl are artificial and do not have sub-variables. */
407 ret->is_artificial_var = (t == NULL_TREE);
408 ret->is_special_var = false;
409 ret->is_unknown_size_var = false;
410 ret->is_full_var = (t == NULL_TREE);
411 ret->is_heap_var = false;
412 ret->is_restrict_var = false;
413 ret->may_have_pointers = true;
414 ret->only_restrict_pointers = false;
415 ret->is_global_var = (t == NULL_TREE);
416 ret->is_fn_info = false;
418 ret->is_global_var = is_global_var (t);
419 ret->solution = BITMAP_ALLOC (&pta_obstack);
420 ret->oldsolution = BITMAP_ALLOC (&oldpta_obstack);
425 VEC_safe_push (varinfo_t, heap, varmap, ret);
431 /* A map mapping call statements to per-stmt variables for uses
432 and clobbers specific to the call. */
433 struct pointer_map_t *call_stmt_vars;
435 /* Lookup or create the variable for the call statement CALL. */
438 get_call_vi (gimple call)
443 slot_p = pointer_map_insert (call_stmt_vars, call);
445 return (varinfo_t) *slot_p;
447 vi = new_var_info (NULL_TREE, "CALLUSED");
451 vi->is_full_var = true;
453 vi->next = vi2 = new_var_info (NULL_TREE, "CALLCLOBBERED");
457 vi2->is_full_var = true;
459 *slot_p = (void *) vi;
463 /* Lookup the variable for the call statement CALL representing
464 the uses. Returns NULL if there is nothing special about this call. */
467 lookup_call_use_vi (gimple call)
471 slot_p = pointer_map_contains (call_stmt_vars, call);
473 return (varinfo_t) *slot_p;
478 /* Lookup the variable for the call statement CALL representing
479 the clobbers. Returns NULL if there is nothing special about this call. */
482 lookup_call_clobber_vi (gimple call)
484 varinfo_t uses = lookup_call_use_vi (call);
491 /* Lookup or create the variable for the call statement CALL representing
495 get_call_use_vi (gimple call)
497 return get_call_vi (call);
500 /* Lookup or create the variable for the call statement CALL representing
503 static varinfo_t ATTRIBUTE_UNUSED
504 get_call_clobber_vi (gimple call)
506 return get_call_vi (call)->next;
510 typedef enum {SCALAR, DEREF, ADDRESSOF} constraint_expr_type;
512 /* An expression that appears in a constraint. */
514 struct constraint_expr
516 /* Constraint type. */
517 constraint_expr_type type;
519 /* Variable we are referring to in the constraint. */
522 /* Offset, in bits, of this constraint from the beginning of
523 variables it ends up referring to.
525 IOW, in a deref constraint, we would deref, get the result set,
526 then add OFFSET to each member. */
527 HOST_WIDE_INT offset;
530 /* Use 0x8000... as special unknown offset. */
531 #define UNKNOWN_OFFSET ((HOST_WIDE_INT)-1 << (HOST_BITS_PER_WIDE_INT-1))
533 typedef struct constraint_expr ce_s;
535 DEF_VEC_ALLOC_O(ce_s, heap);
536 static void get_constraint_for_1 (tree, VEC(ce_s, heap) **, bool);
537 static void get_constraint_for (tree, VEC(ce_s, heap) **);
538 static void do_deref (VEC (ce_s, heap) **);
540 /* Our set constraints are made up of two constraint expressions, one
543 As described in the introduction, our set constraints each represent an
544 operation between set valued variables.
548 struct constraint_expr lhs;
549 struct constraint_expr rhs;
552 /* List of constraints that we use to build the constraint graph from. */
554 static VEC(constraint_t,heap) *constraints;
555 static alloc_pool constraint_pool;
557 /* The constraint graph is represented as an array of bitmaps
558 containing successor nodes. */
560 struct constraint_graph
562 /* Size of this graph, which may be different than the number of
563 nodes in the variable map. */
566 /* Explicit successors of each node. */
569 /* Implicit predecessors of each node (Used for variable
571 bitmap *implicit_preds;
573 /* Explicit predecessors of each node (Used for variable substitution). */
576 /* Indirect cycle representatives, or -1 if the node has no indirect
578 int *indirect_cycles;
580 /* Representative node for a node. rep[a] == a unless the node has
584 /* Equivalence class representative for a label. This is used for
585 variable substitution. */
588 /* Pointer equivalence label for a node. All nodes with the same
589 pointer equivalence label can be unified together at some point
590 (either during constraint optimization or after the constraint
594 /* Pointer equivalence representative for a label. This is used to
595 handle nodes that are pointer equivalent but not location
596 equivalent. We can unite these once the addressof constraints
597 are transformed into initial points-to sets. */
600 /* Pointer equivalence label for each node, used during variable
602 unsigned int *pointer_label;
604 /* Location equivalence label for each node, used during location
605 equivalence finding. */
606 unsigned int *loc_label;
608 /* Pointed-by set for each node, used during location equivalence
609 finding. This is pointed-by rather than pointed-to, because it
610 is constructed using the predecessor graph. */
613 /* Points to sets for pointer equivalence. This is *not* the actual
614 points-to sets for nodes. */
617 /* Bitmap of nodes where the bit is set if the node is a direct
618 node. Used for variable substitution. */
619 sbitmap direct_nodes;
621 /* Bitmap of nodes where the bit is set if the node is address
622 taken. Used for variable substitution. */
623 bitmap address_taken;
625 /* Vector of complex constraints for each graph node. Complex
626 constraints are those involving dereferences or offsets that are
628 VEC(constraint_t,heap) **complex;
631 static constraint_graph_t graph;
633 /* During variable substitution and the offline version of indirect
634 cycle finding, we create nodes to represent dereferences and
635 address taken constraints. These represent where these start and
637 #define FIRST_REF_NODE (VEC_length (varinfo_t, varmap))
638 #define LAST_REF_NODE (FIRST_REF_NODE + (FIRST_REF_NODE - 1))
640 /* Return the representative node for NODE, if NODE has been unioned
642 This function performs path compression along the way to finding
643 the representative. */
646 find (unsigned int node)
648 gcc_assert (node < graph->size);
649 if (graph->rep[node] != node)
650 return graph->rep[node] = find (graph->rep[node]);
654 /* Union the TO and FROM nodes to the TO nodes.
655 Note that at some point in the future, we may want to do
656 union-by-rank, in which case we are going to have to return the
657 node we unified to. */
660 unite (unsigned int to, unsigned int from)
662 gcc_assert (to < graph->size && from < graph->size);
663 if (to != from && graph->rep[from] != to)
665 graph->rep[from] = to;
671 /* Create a new constraint consisting of LHS and RHS expressions. */
674 new_constraint (const struct constraint_expr lhs,
675 const struct constraint_expr rhs)
677 constraint_t ret = (constraint_t) pool_alloc (constraint_pool);
683 /* Print out constraint C to FILE. */
686 dump_constraint (FILE *file, constraint_t c)
688 if (c->lhs.type == ADDRESSOF)
690 else if (c->lhs.type == DEREF)
692 fprintf (file, "%s", get_varinfo (c->lhs.var)->name);
693 if (c->lhs.offset == UNKNOWN_OFFSET)
694 fprintf (file, " + UNKNOWN");
695 else if (c->lhs.offset != 0)
696 fprintf (file, " + " HOST_WIDE_INT_PRINT_DEC, c->lhs.offset);
697 fprintf (file, " = ");
698 if (c->rhs.type == ADDRESSOF)
700 else if (c->rhs.type == DEREF)
702 fprintf (file, "%s", get_varinfo (c->rhs.var)->name);
703 if (c->rhs.offset == UNKNOWN_OFFSET)
704 fprintf (file, " + UNKNOWN");
705 else if (c->rhs.offset != 0)
706 fprintf (file, " + " HOST_WIDE_INT_PRINT_DEC, c->rhs.offset);
707 fprintf (file, "\n");
711 void debug_constraint (constraint_t);
712 void debug_constraints (void);
713 void debug_constraint_graph (void);
714 void debug_solution_for_var (unsigned int);
715 void debug_sa_points_to_info (void);
717 /* Print out constraint C to stderr. */
720 debug_constraint (constraint_t c)
722 dump_constraint (stderr, c);
725 /* Print out all constraints to FILE */
728 dump_constraints (FILE *file, int from)
732 for (i = from; VEC_iterate (constraint_t, constraints, i, c); i++)
733 dump_constraint (file, c);
736 /* Print out all constraints to stderr. */
739 debug_constraints (void)
741 dump_constraints (stderr, 0);
744 /* Print out to FILE the edge in the constraint graph that is created by
745 constraint c. The edge may have a label, depending on the type of
746 constraint that it represents. If complex1, e.g: a = *b, then the label
747 is "=*", if complex2, e.g: *a = b, then the label is "*=", if
748 complex with an offset, e.g: a = b + 8, then the label is "+".
749 Otherwise the edge has no label. */
752 dump_constraint_edge (FILE *file, constraint_t c)
754 if (c->rhs.type != ADDRESSOF)
756 const char *src = get_varinfo (c->rhs.var)->name;
757 const char *dst = get_varinfo (c->lhs.var)->name;
758 fprintf (file, " \"%s\" -> \"%s\" ", src, dst);
759 /* Due to preprocessing of constraints, instructions like *a = *b are
760 illegal; thus, we do not have to handle such cases. */
761 if (c->lhs.type == DEREF)
762 fprintf (file, " [ label=\"*=\" ] ;\n");
763 else if (c->rhs.type == DEREF)
764 fprintf (file, " [ label=\"=*\" ] ;\n");
767 /* We must check the case where the constraint is an offset.
768 In this case, it is treated as a complex constraint. */
769 if (c->rhs.offset != c->lhs.offset)
770 fprintf (file, " [ label=\"+\" ] ;\n");
772 fprintf (file, " ;\n");
777 /* Print the constraint graph in dot format. */
780 dump_constraint_graph (FILE *file)
782 unsigned int i=0, size;
785 /* Only print the graph if it has already been initialized: */
789 /* Print the constraints used to produce the constraint graph. The
790 constraints will be printed as comments in the dot file: */
791 fprintf (file, "\n\n/* Constraints used in the constraint graph:\n");
792 dump_constraints (file, 0);
793 fprintf (file, "*/\n");
795 /* Prints the header of the dot file: */
796 fprintf (file, "\n\n// The constraint graph in dot format:\n");
797 fprintf (file, "strict digraph {\n");
798 fprintf (file, " node [\n shape = box\n ]\n");
799 fprintf (file, " edge [\n fontsize = \"12\"\n ]\n");
800 fprintf (file, "\n // List of nodes in the constraint graph:\n");
802 /* The next lines print the nodes in the graph. In order to get the
803 number of nodes in the graph, we must choose the minimum between the
804 vector VEC (varinfo_t, varmap) and graph->size. If the graph has not
805 yet been initialized, then graph->size == 0, otherwise we must only
806 read nodes that have an entry in VEC (varinfo_t, varmap). */
807 size = VEC_length (varinfo_t, varmap);
808 size = size < graph->size ? size : graph->size;
809 for (i = 0; i < size; i++)
811 const char *name = get_varinfo (graph->rep[i])->name;
812 fprintf (file, " \"%s\" ;\n", name);
815 /* Go over the list of constraints printing the edges in the constraint
817 fprintf (file, "\n // The constraint edges:\n");
818 for (i = 0; VEC_iterate (constraint_t, constraints, i, c); i++)
820 dump_constraint_edge (file, c);
822 /* Prints the tail of the dot file. By now, only the closing bracket. */
823 fprintf (file, "}\n\n\n");
826 /* Print out the constraint graph to stderr. */
829 debug_constraint_graph (void)
831 dump_constraint_graph (stderr);
836 The solver is a simple worklist solver, that works on the following
839 sbitmap changed_nodes = all zeroes;
841 For each node that is not already collapsed:
843 set bit in changed nodes
845 while (changed_count > 0)
847 compute topological ordering for constraint graph
849 find and collapse cycles in the constraint graph (updating
850 changed if necessary)
852 for each node (n) in the graph in topological order:
855 Process each complex constraint associated with the node,
856 updating changed if necessary.
858 For each outgoing edge from n, propagate the solution from n to
859 the destination of the edge, updating changed as necessary.
863 /* Return true if two constraint expressions A and B are equal. */
866 constraint_expr_equal (struct constraint_expr a, struct constraint_expr b)
868 return a.type == b.type && a.var == b.var && a.offset == b.offset;
871 /* Return true if constraint expression A is less than constraint expression
872 B. This is just arbitrary, but consistent, in order to give them an
876 constraint_expr_less (struct constraint_expr a, struct constraint_expr b)
878 if (a.type == b.type)
881 return a.offset < b.offset;
883 return a.var < b.var;
886 return a.type < b.type;
889 /* Return true if constraint A is less than constraint B. This is just
890 arbitrary, but consistent, in order to give them an ordering. */
893 constraint_less (const constraint_t a, const constraint_t b)
895 if (constraint_expr_less (a->lhs, b->lhs))
897 else if (constraint_expr_less (b->lhs, a->lhs))
900 return constraint_expr_less (a->rhs, b->rhs);
903 /* Return true if two constraints A and B are equal. */
906 constraint_equal (struct constraint a, struct constraint b)
908 return constraint_expr_equal (a.lhs, b.lhs)
909 && constraint_expr_equal (a.rhs, b.rhs);
913 /* Find a constraint LOOKFOR in the sorted constraint vector VEC */
916 constraint_vec_find (VEC(constraint_t,heap) *vec,
917 struct constraint lookfor)
925 place = VEC_lower_bound (constraint_t, vec, &lookfor, constraint_less);
926 if (place >= VEC_length (constraint_t, vec))
928 found = VEC_index (constraint_t, vec, place);
929 if (!constraint_equal (*found, lookfor))
934 /* Union two constraint vectors, TO and FROM. Put the result in TO. */
937 constraint_set_union (VEC(constraint_t,heap) **to,
938 VEC(constraint_t,heap) **from)
943 for (i = 0; VEC_iterate (constraint_t, *from, i, c); i++)
945 if (constraint_vec_find (*to, *c) == NULL)
947 unsigned int place = VEC_lower_bound (constraint_t, *to, c,
949 VEC_safe_insert (constraint_t, heap, *to, place, c);
954 /* Expands the solution in SET to all sub-fields of variables included.
955 Union the expanded result into RESULT. */
958 solution_set_expand (bitmap result, bitmap set)
964 /* In a first pass record all variables we need to add all
965 sub-fields off. This avoids quadratic behavior. */
966 EXECUTE_IF_SET_IN_BITMAP (set, 0, j, bi)
968 varinfo_t v = get_varinfo (j);
969 if (v->is_artificial_var
972 v = lookup_vi_for_tree (v->decl);
974 vars = BITMAP_ALLOC (NULL);
975 bitmap_set_bit (vars, v->id);
978 /* In the second pass now do the addition to the solution and
979 to speed up solving add it to the delta as well. */
982 EXECUTE_IF_SET_IN_BITMAP (vars, 0, j, bi)
984 varinfo_t v = get_varinfo (j);
985 for (; v != NULL; v = v->next)
986 bitmap_set_bit (result, v->id);
992 /* Take a solution set SET, add OFFSET to each member of the set, and
993 overwrite SET with the result when done. */
996 solution_set_add (bitmap set, HOST_WIDE_INT offset)
998 bitmap result = BITMAP_ALLOC (&iteration_obstack);
1002 /* If the offset is unknown we have to expand the solution to
1004 if (offset == UNKNOWN_OFFSET)
1006 solution_set_expand (set, set);
1010 EXECUTE_IF_SET_IN_BITMAP (set, 0, i, bi)
1012 varinfo_t vi = get_varinfo (i);
1014 /* If this is a variable with just one field just set its bit
1016 if (vi->is_artificial_var
1017 || vi->is_unknown_size_var
1019 bitmap_set_bit (result, i);
1022 unsigned HOST_WIDE_INT fieldoffset = vi->offset + offset;
1024 /* If the offset makes the pointer point to before the
1025 variable use offset zero for the field lookup. */
1027 && fieldoffset > vi->offset)
1031 vi = first_or_preceding_vi_for_offset (vi, fieldoffset);
1033 bitmap_set_bit (result, vi->id);
1034 /* If the result is not exactly at fieldoffset include the next
1035 field as well. See get_constraint_for_ptr_offset for more
1037 if (vi->offset != fieldoffset
1038 && vi->next != NULL)
1039 bitmap_set_bit (result, vi->next->id);
1043 bitmap_copy (set, result);
1044 BITMAP_FREE (result);
1047 /* Union solution sets TO and FROM, and add INC to each member of FROM in the
1051 set_union_with_increment (bitmap to, bitmap from, HOST_WIDE_INT inc)
1054 return bitmap_ior_into (to, from);
1060 tmp = BITMAP_ALLOC (&iteration_obstack);
1061 bitmap_copy (tmp, from);
1062 solution_set_add (tmp, inc);
1063 res = bitmap_ior_into (to, tmp);
1069 /* Insert constraint C into the list of complex constraints for graph
1073 insert_into_complex (constraint_graph_t graph,
1074 unsigned int var, constraint_t c)
1076 VEC (constraint_t, heap) *complex = graph->complex[var];
1077 unsigned int place = VEC_lower_bound (constraint_t, complex, c,
1080 /* Only insert constraints that do not already exist. */
1081 if (place >= VEC_length (constraint_t, complex)
1082 || !constraint_equal (*c, *VEC_index (constraint_t, complex, place)))
1083 VEC_safe_insert (constraint_t, heap, graph->complex[var], place, c);
1087 /* Condense two variable nodes into a single variable node, by moving
1088 all associated info from SRC to TO. */
1091 merge_node_constraints (constraint_graph_t graph, unsigned int to,
1097 gcc_assert (find (from) == to);
1099 /* Move all complex constraints from src node into to node */
1100 for (i = 0; VEC_iterate (constraint_t, graph->complex[from], i, c); i++)
1102 /* In complex constraints for node src, we may have either
1103 a = *src, and *src = a, or an offseted constraint which are
1104 always added to the rhs node's constraints. */
1106 if (c->rhs.type == DEREF)
1108 else if (c->lhs.type == DEREF)
1113 constraint_set_union (&graph->complex[to], &graph->complex[from]);
1114 VEC_free (constraint_t, heap, graph->complex[from]);
1115 graph->complex[from] = NULL;
1119 /* Remove edges involving NODE from GRAPH. */
1122 clear_edges_for_node (constraint_graph_t graph, unsigned int node)
1124 if (graph->succs[node])
1125 BITMAP_FREE (graph->succs[node]);
1128 /* Merge GRAPH nodes FROM and TO into node TO. */
1131 merge_graph_nodes (constraint_graph_t graph, unsigned int to,
1134 if (graph->indirect_cycles[from] != -1)
1136 /* If we have indirect cycles with the from node, and we have
1137 none on the to node, the to node has indirect cycles from the
1138 from node now that they are unified.
1139 If indirect cycles exist on both, unify the nodes that they
1140 are in a cycle with, since we know they are in a cycle with
1142 if (graph->indirect_cycles[to] == -1)
1143 graph->indirect_cycles[to] = graph->indirect_cycles[from];
1146 /* Merge all the successor edges. */
1147 if (graph->succs[from])
1149 if (!graph->succs[to])
1150 graph->succs[to] = BITMAP_ALLOC (&pta_obstack);
1151 bitmap_ior_into (graph->succs[to],
1152 graph->succs[from]);
1155 clear_edges_for_node (graph, from);
1159 /* Add an indirect graph edge to GRAPH, going from TO to FROM if
1160 it doesn't exist in the graph already. */
1163 add_implicit_graph_edge (constraint_graph_t graph, unsigned int to,
1169 if (!graph->implicit_preds[to])
1170 graph->implicit_preds[to] = BITMAP_ALLOC (&predbitmap_obstack);
1172 if (bitmap_set_bit (graph->implicit_preds[to], from))
1173 stats.num_implicit_edges++;
1176 /* Add a predecessor graph edge to GRAPH, going from TO to FROM if
1177 it doesn't exist in the graph already.
1178 Return false if the edge already existed, true otherwise. */
1181 add_pred_graph_edge (constraint_graph_t graph, unsigned int to,
1184 if (!graph->preds[to])
1185 graph->preds[to] = BITMAP_ALLOC (&predbitmap_obstack);
1186 bitmap_set_bit (graph->preds[to], from);
1189 /* Add a graph edge to GRAPH, going from FROM to TO if
1190 it doesn't exist in the graph already.
1191 Return false if the edge already existed, true otherwise. */
1194 add_graph_edge (constraint_graph_t graph, unsigned int to,
1205 if (!graph->succs[from])
1206 graph->succs[from] = BITMAP_ALLOC (&pta_obstack);
1207 if (bitmap_set_bit (graph->succs[from], to))
1210 if (to < FIRST_REF_NODE && from < FIRST_REF_NODE)
1218 /* Return true if {DEST.SRC} is an existing graph edge in GRAPH. */
1221 valid_graph_edge (constraint_graph_t graph, unsigned int src,
1224 return (graph->succs[dest]
1225 && bitmap_bit_p (graph->succs[dest], src));
1228 /* Initialize the constraint graph structure to contain SIZE nodes. */
1231 init_graph (unsigned int size)
1235 graph = XCNEW (struct constraint_graph);
1237 graph->succs = XCNEWVEC (bitmap, graph->size);
1238 graph->indirect_cycles = XNEWVEC (int, graph->size);
1239 graph->rep = XNEWVEC (unsigned int, graph->size);
1240 graph->complex = XCNEWVEC (VEC(constraint_t, heap) *, size);
1241 graph->pe = XCNEWVEC (unsigned int, graph->size);
1242 graph->pe_rep = XNEWVEC (int, graph->size);
1244 for (j = 0; j < graph->size; j++)
1247 graph->pe_rep[j] = -1;
1248 graph->indirect_cycles[j] = -1;
1252 /* Build the constraint graph, adding only predecessor edges right now. */
1255 build_pred_graph (void)
1261 graph->implicit_preds = XCNEWVEC (bitmap, graph->size);
1262 graph->preds = XCNEWVEC (bitmap, graph->size);
1263 graph->pointer_label = XCNEWVEC (unsigned int, graph->size);
1264 graph->loc_label = XCNEWVEC (unsigned int, graph->size);
1265 graph->pointed_by = XCNEWVEC (bitmap, graph->size);
1266 graph->points_to = XCNEWVEC (bitmap, graph->size);
1267 graph->eq_rep = XNEWVEC (int, graph->size);
1268 graph->direct_nodes = sbitmap_alloc (graph->size);
1269 graph->address_taken = BITMAP_ALLOC (&predbitmap_obstack);
1270 sbitmap_zero (graph->direct_nodes);
1272 for (j = 0; j < FIRST_REF_NODE; j++)
1274 if (!get_varinfo (j)->is_special_var)
1275 SET_BIT (graph->direct_nodes, j);
1278 for (j = 0; j < graph->size; j++)
1279 graph->eq_rep[j] = -1;
1281 for (j = 0; j < VEC_length (varinfo_t, varmap); j++)
1282 graph->indirect_cycles[j] = -1;
1284 for (i = 0; VEC_iterate (constraint_t, constraints, i, c); i++)
1286 struct constraint_expr lhs = c->lhs;
1287 struct constraint_expr rhs = c->rhs;
1288 unsigned int lhsvar = lhs.var;
1289 unsigned int rhsvar = rhs.var;
1291 if (lhs.type == DEREF)
1294 if (rhs.offset == 0 && lhs.offset == 0 && rhs.type == SCALAR)
1295 add_pred_graph_edge (graph, FIRST_REF_NODE + lhsvar, rhsvar);
1297 else if (rhs.type == DEREF)
1300 if (rhs.offset == 0 && lhs.offset == 0 && lhs.type == SCALAR)
1301 add_pred_graph_edge (graph, lhsvar, FIRST_REF_NODE + rhsvar);
1303 RESET_BIT (graph->direct_nodes, lhsvar);
1305 else if (rhs.type == ADDRESSOF)
1310 if (graph->points_to[lhsvar] == NULL)
1311 graph->points_to[lhsvar] = BITMAP_ALLOC (&predbitmap_obstack);
1312 bitmap_set_bit (graph->points_to[lhsvar], rhsvar);
1314 if (graph->pointed_by[rhsvar] == NULL)
1315 graph->pointed_by[rhsvar] = BITMAP_ALLOC (&predbitmap_obstack);
1316 bitmap_set_bit (graph->pointed_by[rhsvar], lhsvar);
1318 /* Implicitly, *x = y */
1319 add_implicit_graph_edge (graph, FIRST_REF_NODE + lhsvar, rhsvar);
1321 /* All related variables are no longer direct nodes. */
1322 RESET_BIT (graph->direct_nodes, rhsvar);
1323 v = get_varinfo (rhsvar);
1324 if (!v->is_full_var)
1326 v = lookup_vi_for_tree (v->decl);
1329 RESET_BIT (graph->direct_nodes, v->id);
1334 bitmap_set_bit (graph->address_taken, rhsvar);
1336 else if (lhsvar > anything_id
1337 && lhsvar != rhsvar && lhs.offset == 0 && rhs.offset == 0)
1340 add_pred_graph_edge (graph, lhsvar, rhsvar);
1341 /* Implicitly, *x = *y */
1342 add_implicit_graph_edge (graph, FIRST_REF_NODE + lhsvar,
1343 FIRST_REF_NODE + rhsvar);
1345 else if (lhs.offset != 0 || rhs.offset != 0)
1347 if (rhs.offset != 0)
1348 RESET_BIT (graph->direct_nodes, lhs.var);
1349 else if (lhs.offset != 0)
1350 RESET_BIT (graph->direct_nodes, rhs.var);
1355 /* Build the constraint graph, adding successor edges. */
1358 build_succ_graph (void)
1363 for (i = 0; VEC_iterate (constraint_t, constraints, i, c); i++)
1365 struct constraint_expr lhs;
1366 struct constraint_expr rhs;
1367 unsigned int lhsvar;
1368 unsigned int rhsvar;
1375 lhsvar = find (lhs.var);
1376 rhsvar = find (rhs.var);
1378 if (lhs.type == DEREF)
1380 if (rhs.offset == 0 && lhs.offset == 0 && rhs.type == SCALAR)
1381 add_graph_edge (graph, FIRST_REF_NODE + lhsvar, rhsvar);
1383 else if (rhs.type == DEREF)
1385 if (rhs.offset == 0 && lhs.offset == 0 && lhs.type == SCALAR)
1386 add_graph_edge (graph, lhsvar, FIRST_REF_NODE + rhsvar);
1388 else if (rhs.type == ADDRESSOF)
1391 gcc_assert (find (rhs.var) == rhs.var);
1392 bitmap_set_bit (get_varinfo (lhsvar)->solution, rhsvar);
1394 else if (lhsvar > anything_id
1395 && lhsvar != rhsvar && lhs.offset == 0 && rhs.offset == 0)
1397 add_graph_edge (graph, lhsvar, rhsvar);
1401 /* Add edges from STOREDANYTHING to all non-direct nodes that can
1402 receive pointers. */
1403 t = find (storedanything_id);
1404 for (i = integer_id + 1; i < FIRST_REF_NODE; ++i)
1406 if (!TEST_BIT (graph->direct_nodes, i)
1407 && get_varinfo (i)->may_have_pointers)
1408 add_graph_edge (graph, find (i), t);
1411 /* Everything stored to ANYTHING also potentially escapes. */
1412 add_graph_edge (graph, find (escaped_id), t);
1416 /* Changed variables on the last iteration. */
1417 static unsigned int changed_count;
1418 static sbitmap changed;
1420 /* Strongly Connected Component visitation info. */
1427 unsigned int *node_mapping;
1429 VEC(unsigned,heap) *scc_stack;
1433 /* Recursive routine to find strongly connected components in GRAPH.
1434 SI is the SCC info to store the information in, and N is the id of current
1435 graph node we are processing.
1437 This is Tarjan's strongly connected component finding algorithm, as
1438 modified by Nuutila to keep only non-root nodes on the stack.
1439 The algorithm can be found in "On finding the strongly connected
1440 connected components in a directed graph" by Esko Nuutila and Eljas
1441 Soisalon-Soininen, in Information Processing Letters volume 49,
1442 number 1, pages 9-14. */
1445 scc_visit (constraint_graph_t graph, struct scc_info *si, unsigned int n)
1449 unsigned int my_dfs;
1451 SET_BIT (si->visited, n);
1452 si->dfs[n] = si->current_index ++;
1453 my_dfs = si->dfs[n];
1455 /* Visit all the successors. */
1456 EXECUTE_IF_IN_NONNULL_BITMAP (graph->succs[n], 0, i, bi)
1460 if (i > LAST_REF_NODE)
1464 if (TEST_BIT (si->deleted, w))
1467 if (!TEST_BIT (si->visited, w))
1468 scc_visit (graph, si, w);
1470 unsigned int t = find (w);
1471 unsigned int nnode = find (n);
1472 gcc_assert (nnode == n);
1474 if (si->dfs[t] < si->dfs[nnode])
1475 si->dfs[n] = si->dfs[t];
1479 /* See if any components have been identified. */
1480 if (si->dfs[n] == my_dfs)
1482 if (VEC_length (unsigned, si->scc_stack) > 0
1483 && si->dfs[VEC_last (unsigned, si->scc_stack)] >= my_dfs)
1485 bitmap scc = BITMAP_ALLOC (NULL);
1486 unsigned int lowest_node;
1489 bitmap_set_bit (scc, n);
1491 while (VEC_length (unsigned, si->scc_stack) != 0
1492 && si->dfs[VEC_last (unsigned, si->scc_stack)] >= my_dfs)
1494 unsigned int w = VEC_pop (unsigned, si->scc_stack);
1496 bitmap_set_bit (scc, w);
1499 lowest_node = bitmap_first_set_bit (scc);
1500 gcc_assert (lowest_node < FIRST_REF_NODE);
1502 /* Collapse the SCC nodes into a single node, and mark the
1504 EXECUTE_IF_SET_IN_BITMAP (scc, 0, i, bi)
1506 if (i < FIRST_REF_NODE)
1508 if (unite (lowest_node, i))
1509 unify_nodes (graph, lowest_node, i, false);
1513 unite (lowest_node, i);
1514 graph->indirect_cycles[i - FIRST_REF_NODE] = lowest_node;
1518 SET_BIT (si->deleted, n);
1521 VEC_safe_push (unsigned, heap, si->scc_stack, n);
1524 /* Unify node FROM into node TO, updating the changed count if
1525 necessary when UPDATE_CHANGED is true. */
1528 unify_nodes (constraint_graph_t graph, unsigned int to, unsigned int from,
1529 bool update_changed)
1532 gcc_assert (to != from && find (to) == to);
1533 if (dump_file && (dump_flags & TDF_DETAILS))
1534 fprintf (dump_file, "Unifying %s to %s\n",
1535 get_varinfo (from)->name,
1536 get_varinfo (to)->name);
1539 stats.unified_vars_dynamic++;
1541 stats.unified_vars_static++;
1543 merge_graph_nodes (graph, to, from);
1544 merge_node_constraints (graph, to, from);
1546 /* Mark TO as changed if FROM was changed. If TO was already marked
1547 as changed, decrease the changed count. */
1549 if (update_changed && TEST_BIT (changed, from))
1551 RESET_BIT (changed, from);
1552 if (!TEST_BIT (changed, to))
1553 SET_BIT (changed, to);
1556 gcc_assert (changed_count > 0);
1560 if (get_varinfo (from)->solution)
1562 /* If the solution changes because of the merging, we need to mark
1563 the variable as changed. */
1564 if (bitmap_ior_into (get_varinfo (to)->solution,
1565 get_varinfo (from)->solution))
1567 if (update_changed && !TEST_BIT (changed, to))
1569 SET_BIT (changed, to);
1574 BITMAP_FREE (get_varinfo (from)->solution);
1575 BITMAP_FREE (get_varinfo (from)->oldsolution);
1577 if (stats.iterations > 0)
1579 BITMAP_FREE (get_varinfo (to)->oldsolution);
1580 get_varinfo (to)->oldsolution = BITMAP_ALLOC (&oldpta_obstack);
1583 if (valid_graph_edge (graph, to, to))
1585 if (graph->succs[to])
1586 bitmap_clear_bit (graph->succs[to], to);
1590 /* Information needed to compute the topological ordering of a graph. */
1594 /* sbitmap of visited nodes. */
1596 /* Array that stores the topological order of the graph, *in
1598 VEC(unsigned,heap) *topo_order;
1602 /* Initialize and return a topological info structure. */
1604 static struct topo_info *
1605 init_topo_info (void)
1607 size_t size = graph->size;
1608 struct topo_info *ti = XNEW (struct topo_info);
1609 ti->visited = sbitmap_alloc (size);
1610 sbitmap_zero (ti->visited);
1611 ti->topo_order = VEC_alloc (unsigned, heap, 1);
1616 /* Free the topological sort info pointed to by TI. */
1619 free_topo_info (struct topo_info *ti)
1621 sbitmap_free (ti->visited);
1622 VEC_free (unsigned, heap, ti->topo_order);
1626 /* Visit the graph in topological order, and store the order in the
1627 topo_info structure. */
1630 topo_visit (constraint_graph_t graph, struct topo_info *ti,
1636 SET_BIT (ti->visited, n);
1638 if (graph->succs[n])
1639 EXECUTE_IF_SET_IN_BITMAP (graph->succs[n], 0, j, bi)
1641 if (!TEST_BIT (ti->visited, j))
1642 topo_visit (graph, ti, j);
1645 VEC_safe_push (unsigned, heap, ti->topo_order, n);
1648 /* Process a constraint C that represents x = *(y + off), using DELTA as the
1649 starting solution for y. */
1652 do_sd_constraint (constraint_graph_t graph, constraint_t c,
1655 unsigned int lhs = c->lhs.var;
1657 bitmap sol = get_varinfo (lhs)->solution;
1660 HOST_WIDE_INT roffset = c->rhs.offset;
1662 /* Our IL does not allow this. */
1663 gcc_assert (c->lhs.offset == 0);
1665 /* If the solution of Y contains anything it is good enough to transfer
1667 if (bitmap_bit_p (delta, anything_id))
1669 flag |= bitmap_set_bit (sol, anything_id);
1673 /* If we do not know at with offset the rhs is dereferenced compute
1674 the reachability set of DELTA, conservatively assuming it is
1675 dereferenced at all valid offsets. */
1676 if (roffset == UNKNOWN_OFFSET)
1678 solution_set_expand (delta, delta);
1679 /* No further offset processing is necessary. */
1683 /* For each variable j in delta (Sol(y)), add
1684 an edge in the graph from j to x, and union Sol(j) into Sol(x). */
1685 EXECUTE_IF_SET_IN_BITMAP (delta, 0, j, bi)
1687 varinfo_t v = get_varinfo (j);
1688 HOST_WIDE_INT fieldoffset = v->offset + roffset;
1692 fieldoffset = v->offset;
1693 else if (roffset != 0)
1694 v = first_vi_for_offset (v, fieldoffset);
1695 /* If the access is outside of the variable we can ignore it. */
1703 /* Adding edges from the special vars is pointless.
1704 They don't have sets that can change. */
1705 if (get_varinfo (t)->is_special_var)
1706 flag |= bitmap_ior_into (sol, get_varinfo (t)->solution);
1707 /* Merging the solution from ESCAPED needlessly increases
1708 the set. Use ESCAPED as representative instead. */
1709 else if (v->id == escaped_id)
1710 flag |= bitmap_set_bit (sol, escaped_id);
1711 else if (v->may_have_pointers
1712 && add_graph_edge (graph, lhs, t))
1713 flag |= bitmap_ior_into (sol, get_varinfo (t)->solution);
1715 /* If the variable is not exactly at the requested offset
1716 we have to include the next one. */
1717 if (v->offset == (unsigned HOST_WIDE_INT)fieldoffset
1722 fieldoffset = v->offset;
1728 /* If the LHS solution changed, mark the var as changed. */
1731 get_varinfo (lhs)->solution = sol;
1732 if (!TEST_BIT (changed, lhs))
1734 SET_BIT (changed, lhs);
1740 /* Process a constraint C that represents *(x + off) = y using DELTA
1741 as the starting solution for x. */
1744 do_ds_constraint (constraint_t c, bitmap delta)
1746 unsigned int rhs = c->rhs.var;
1747 bitmap sol = get_varinfo (rhs)->solution;
1750 HOST_WIDE_INT loff = c->lhs.offset;
1751 bool escaped_p = false;
1753 /* Our IL does not allow this. */
1754 gcc_assert (c->rhs.offset == 0);
1756 /* If the solution of y contains ANYTHING simply use the ANYTHING
1757 solution. This avoids needlessly increasing the points-to sets. */
1758 if (bitmap_bit_p (sol, anything_id))
1759 sol = get_varinfo (find (anything_id))->solution;
1761 /* If the solution for x contains ANYTHING we have to merge the
1762 solution of y into all pointer variables which we do via
1764 if (bitmap_bit_p (delta, anything_id))
1766 unsigned t = find (storedanything_id);
1767 if (add_graph_edge (graph, t, rhs))
1769 if (bitmap_ior_into (get_varinfo (t)->solution, sol))
1771 if (!TEST_BIT (changed, t))
1773 SET_BIT (changed, t);
1781 /* If we do not know at with offset the rhs is dereferenced compute
1782 the reachability set of DELTA, conservatively assuming it is
1783 dereferenced at all valid offsets. */
1784 if (loff == UNKNOWN_OFFSET)
1786 solution_set_expand (delta, delta);
1790 /* For each member j of delta (Sol(x)), add an edge from y to j and
1791 union Sol(y) into Sol(j) */
1792 EXECUTE_IF_SET_IN_BITMAP (delta, 0, j, bi)
1794 varinfo_t v = get_varinfo (j);
1796 HOST_WIDE_INT fieldoffset = v->offset + loff;
1799 fieldoffset = v->offset;
1801 v = first_vi_for_offset (v, fieldoffset);
1802 /* If the access is outside of the variable we can ignore it. */
1808 if (v->may_have_pointers)
1810 /* If v is a global variable then this is an escape point. */
1811 if (v->is_global_var
1814 t = find (escaped_id);
1815 if (add_graph_edge (graph, t, rhs)
1816 && bitmap_ior_into (get_varinfo (t)->solution, sol)
1817 && !TEST_BIT (changed, t))
1819 SET_BIT (changed, t);
1822 /* Enough to let rhs escape once. */
1826 if (v->is_special_var)
1830 if (add_graph_edge (graph, t, rhs)
1831 && bitmap_ior_into (get_varinfo (t)->solution, sol)
1832 && !TEST_BIT (changed, t))
1834 SET_BIT (changed, t);
1839 /* If the variable is not exactly at the requested offset
1840 we have to include the next one. */
1841 if (v->offset == (unsigned HOST_WIDE_INT)fieldoffset
1846 fieldoffset = v->offset;
1852 /* Handle a non-simple (simple meaning requires no iteration),
1853 constraint (IE *x = &y, x = *y, *x = y, and x = y with offsets involved). */
1856 do_complex_constraint (constraint_graph_t graph, constraint_t c, bitmap delta)
1858 if (c->lhs.type == DEREF)
1860 if (c->rhs.type == ADDRESSOF)
1867 do_ds_constraint (c, delta);
1870 else if (c->rhs.type == DEREF)
1873 if (!(get_varinfo (c->lhs.var)->is_special_var))
1874 do_sd_constraint (graph, c, delta);
1882 gcc_assert (c->rhs.type == SCALAR && c->lhs.type == SCALAR);
1883 solution = get_varinfo (c->rhs.var)->solution;
1884 tmp = get_varinfo (c->lhs.var)->solution;
1886 flag = set_union_with_increment (tmp, solution, c->rhs.offset);
1890 get_varinfo (c->lhs.var)->solution = tmp;
1891 if (!TEST_BIT (changed, c->lhs.var))
1893 SET_BIT (changed, c->lhs.var);
1900 /* Initialize and return a new SCC info structure. */
1902 static struct scc_info *
1903 init_scc_info (size_t size)
1905 struct scc_info *si = XNEW (struct scc_info);
1908 si->current_index = 0;
1909 si->visited = sbitmap_alloc (size);
1910 sbitmap_zero (si->visited);
1911 si->deleted = sbitmap_alloc (size);
1912 sbitmap_zero (si->deleted);
1913 si->node_mapping = XNEWVEC (unsigned int, size);
1914 si->dfs = XCNEWVEC (unsigned int, size);
1916 for (i = 0; i < size; i++)
1917 si->node_mapping[i] = i;
1919 si->scc_stack = VEC_alloc (unsigned, heap, 1);
1923 /* Free an SCC info structure pointed to by SI */
1926 free_scc_info (struct scc_info *si)
1928 sbitmap_free (si->visited);
1929 sbitmap_free (si->deleted);
1930 free (si->node_mapping);
1932 VEC_free (unsigned, heap, si->scc_stack);
1937 /* Find indirect cycles in GRAPH that occur, using strongly connected
1938 components, and note them in the indirect cycles map.
1940 This technique comes from Ben Hardekopf and Calvin Lin,
1941 "It Pays to be Lazy: Fast and Accurate Pointer Analysis for Millions of
1942 Lines of Code", submitted to PLDI 2007. */
1945 find_indirect_cycles (constraint_graph_t graph)
1948 unsigned int size = graph->size;
1949 struct scc_info *si = init_scc_info (size);
1951 for (i = 0; i < MIN (LAST_REF_NODE, size); i ++ )
1952 if (!TEST_BIT (si->visited, i) && find (i) == i)
1953 scc_visit (graph, si, i);
1958 /* Compute a topological ordering for GRAPH, and store the result in the
1959 topo_info structure TI. */
1962 compute_topo_order (constraint_graph_t graph,
1963 struct topo_info *ti)
1966 unsigned int size = graph->size;
1968 for (i = 0; i != size; ++i)
1969 if (!TEST_BIT (ti->visited, i) && find (i) == i)
1970 topo_visit (graph, ti, i);
1973 /* Structure used to for hash value numbering of pointer equivalence
1976 typedef struct equiv_class_label
1979 unsigned int equivalence_class;
1981 } *equiv_class_label_t;
1982 typedef const struct equiv_class_label *const_equiv_class_label_t;
1984 /* A hashtable for mapping a bitmap of labels->pointer equivalence
1986 static htab_t pointer_equiv_class_table;
1988 /* A hashtable for mapping a bitmap of labels->location equivalence
1990 static htab_t location_equiv_class_table;
1992 /* Hash function for a equiv_class_label_t */
1995 equiv_class_label_hash (const void *p)
1997 const_equiv_class_label_t const ecl = (const_equiv_class_label_t) p;
1998 return ecl->hashcode;
2001 /* Equality function for two equiv_class_label_t's. */
2004 equiv_class_label_eq (const void *p1, const void *p2)
2006 const_equiv_class_label_t const eql1 = (const_equiv_class_label_t) p1;
2007 const_equiv_class_label_t const eql2 = (const_equiv_class_label_t) p2;
2008 return (eql1->hashcode == eql2->hashcode
2009 && bitmap_equal_p (eql1->labels, eql2->labels));
2012 /* Lookup a equivalence class in TABLE by the bitmap of LABELS it
2016 equiv_class_lookup (htab_t table, bitmap labels)
2019 struct equiv_class_label ecl;
2021 ecl.labels = labels;
2022 ecl.hashcode = bitmap_hash (labels);
2024 slot = htab_find_slot_with_hash (table, &ecl,
2025 ecl.hashcode, NO_INSERT);
2029 return ((equiv_class_label_t) *slot)->equivalence_class;
2033 /* Add an equivalence class named EQUIVALENCE_CLASS with labels LABELS
2037 equiv_class_add (htab_t table, unsigned int equivalence_class,
2041 equiv_class_label_t ecl = XNEW (struct equiv_class_label);
2043 ecl->labels = labels;
2044 ecl->equivalence_class = equivalence_class;
2045 ecl->hashcode = bitmap_hash (labels);
2047 slot = htab_find_slot_with_hash (table, ecl,
2048 ecl->hashcode, INSERT);
2049 gcc_assert (!*slot);
2050 *slot = (void *) ecl;
2053 /* Perform offline variable substitution.
2055 This is a worst case quadratic time way of identifying variables
2056 that must have equivalent points-to sets, including those caused by
2057 static cycles, and single entry subgraphs, in the constraint graph.
2059 The technique is described in "Exploiting Pointer and Location
2060 Equivalence to Optimize Pointer Analysis. In the 14th International
2061 Static Analysis Symposium (SAS), August 2007." It is known as the
2062 "HU" algorithm, and is equivalent to value numbering the collapsed
2063 constraint graph including evaluating unions.
2065 The general method of finding equivalence classes is as follows:
2066 Add fake nodes (REF nodes) and edges for *a = b and a = *b constraints.
2067 Initialize all non-REF nodes to be direct nodes.
2068 For each constraint a = a U {b}, we set pts(a) = pts(a) u {fresh
2070 For each constraint containing the dereference, we also do the same
2073 We then compute SCC's in the graph and unify nodes in the same SCC,
2076 For each non-collapsed node x:
2077 Visit all unvisited explicit incoming edges.
2078 Ignoring all non-pointers, set pts(x) = Union of pts(a) for y
2080 Lookup the equivalence class for pts(x).
2081 If we found one, equivalence_class(x) = found class.
2082 Otherwise, equivalence_class(x) = new class, and new_class is
2083 added to the lookup table.
2085 All direct nodes with the same equivalence class can be replaced
2086 with a single representative node.
2087 All unlabeled nodes (label == 0) are not pointers and all edges
2088 involving them can be eliminated.
2089 We perform these optimizations during rewrite_constraints
2091 In addition to pointer equivalence class finding, we also perform
2092 location equivalence class finding. This is the set of variables
2093 that always appear together in points-to sets. We use this to
2094 compress the size of the points-to sets. */
2096 /* Current maximum pointer equivalence class id. */
2097 static int pointer_equiv_class;
2099 /* Current maximum location equivalence class id. */
2100 static int location_equiv_class;
2102 /* Recursive routine to find strongly connected components in GRAPH,
2103 and label it's nodes with DFS numbers. */
2106 condense_visit (constraint_graph_t graph, struct scc_info *si, unsigned int n)
2110 unsigned int my_dfs;
2112 gcc_assert (si->node_mapping[n] == n);
2113 SET_BIT (si->visited, n);
2114 si->dfs[n] = si->current_index ++;
2115 my_dfs = si->dfs[n];
2117 /* Visit all the successors. */
2118 EXECUTE_IF_IN_NONNULL_BITMAP (graph->preds[n], 0, i, bi)
2120 unsigned int w = si->node_mapping[i];
2122 if (TEST_BIT (si->deleted, w))
2125 if (!TEST_BIT (si->visited, w))
2126 condense_visit (graph, si, w);
2128 unsigned int t = si->node_mapping[w];
2129 unsigned int nnode = si->node_mapping[n];
2130 gcc_assert (nnode == n);
2132 if (si->dfs[t] < si->dfs[nnode])
2133 si->dfs[n] = si->dfs[t];
2137 /* Visit all the implicit predecessors. */
2138 EXECUTE_IF_IN_NONNULL_BITMAP (graph->implicit_preds[n], 0, i, bi)
2140 unsigned int w = si->node_mapping[i];
2142 if (TEST_BIT (si->deleted, w))
2145 if (!TEST_BIT (si->visited, w))
2146 condense_visit (graph, si, w);
2148 unsigned int t = si->node_mapping[w];
2149 unsigned int nnode = si->node_mapping[n];
2150 gcc_assert (nnode == n);
2152 if (si->dfs[t] < si->dfs[nnode])
2153 si->dfs[n] = si->dfs[t];
2157 /* See if any components have been identified. */
2158 if (si->dfs[n] == my_dfs)
2160 while (VEC_length (unsigned, si->scc_stack) != 0
2161 && si->dfs[VEC_last (unsigned, si->scc_stack)] >= my_dfs)
2163 unsigned int w = VEC_pop (unsigned, si->scc_stack);
2164 si->node_mapping[w] = n;
2166 if (!TEST_BIT (graph->direct_nodes, w))
2167 RESET_BIT (graph->direct_nodes, n);
2169 /* Unify our nodes. */
2170 if (graph->preds[w])
2172 if (!graph->preds[n])
2173 graph->preds[n] = BITMAP_ALLOC (&predbitmap_obstack);
2174 bitmap_ior_into (graph->preds[n], graph->preds[w]);
2176 if (graph->implicit_preds[w])
2178 if (!graph->implicit_preds[n])
2179 graph->implicit_preds[n] = BITMAP_ALLOC (&predbitmap_obstack);
2180 bitmap_ior_into (graph->implicit_preds[n],
2181 graph->implicit_preds[w]);
2183 if (graph->points_to[w])
2185 if (!graph->points_to[n])
2186 graph->points_to[n] = BITMAP_ALLOC (&predbitmap_obstack);
2187 bitmap_ior_into (graph->points_to[n],
2188 graph->points_to[w]);
2191 SET_BIT (si->deleted, n);
2194 VEC_safe_push (unsigned, heap, si->scc_stack, n);
2197 /* Label pointer equivalences. */
2200 label_visit (constraint_graph_t graph, struct scc_info *si, unsigned int n)
2204 SET_BIT (si->visited, n);
2206 if (!graph->points_to[n])
2207 graph->points_to[n] = BITMAP_ALLOC (&predbitmap_obstack);
2209 /* Label and union our incoming edges's points to sets. */
2210 EXECUTE_IF_IN_NONNULL_BITMAP (graph->preds[n], 0, i, bi)
2212 unsigned int w = si->node_mapping[i];
2213 if (!TEST_BIT (si->visited, w))
2214 label_visit (graph, si, w);
2216 /* Skip unused edges */
2217 if (w == n || graph->pointer_label[w] == 0)
2220 if (graph->points_to[w])
2221 bitmap_ior_into(graph->points_to[n], graph->points_to[w]);
2223 /* Indirect nodes get fresh variables. */
2224 if (!TEST_BIT (graph->direct_nodes, n))
2225 bitmap_set_bit (graph->points_to[n], FIRST_REF_NODE + n);
2227 if (!bitmap_empty_p (graph->points_to[n]))
2229 unsigned int label = equiv_class_lookup (pointer_equiv_class_table,
2230 graph->points_to[n]);
2233 label = pointer_equiv_class++;
2234 equiv_class_add (pointer_equiv_class_table,
2235 label, graph->points_to[n]);
2237 graph->pointer_label[n] = label;
2241 /* Perform offline variable substitution, discovering equivalence
2242 classes, and eliminating non-pointer variables. */
2244 static struct scc_info *
2245 perform_var_substitution (constraint_graph_t graph)
2248 unsigned int size = graph->size;
2249 struct scc_info *si = init_scc_info (size);
2251 bitmap_obstack_initialize (&iteration_obstack);
2252 pointer_equiv_class_table = htab_create (511, equiv_class_label_hash,
2253 equiv_class_label_eq, free);
2254 location_equiv_class_table = htab_create (511, equiv_class_label_hash,
2255 equiv_class_label_eq, free);
2256 pointer_equiv_class = 1;
2257 location_equiv_class = 1;
2259 /* Condense the nodes, which means to find SCC's, count incoming
2260 predecessors, and unite nodes in SCC's. */
2261 for (i = 0; i < FIRST_REF_NODE; i++)
2262 if (!TEST_BIT (si->visited, si->node_mapping[i]))
2263 condense_visit (graph, si, si->node_mapping[i]);
2265 sbitmap_zero (si->visited);
2266 /* Actually the label the nodes for pointer equivalences */
2267 for (i = 0; i < FIRST_REF_NODE; i++)
2268 if (!TEST_BIT (si->visited, si->node_mapping[i]))
2269 label_visit (graph, si, si->node_mapping[i]);
2271 /* Calculate location equivalence labels. */
2272 for (i = 0; i < FIRST_REF_NODE; i++)
2279 if (!graph->pointed_by[i])
2281 pointed_by = BITMAP_ALLOC (&iteration_obstack);
2283 /* Translate the pointed-by mapping for pointer equivalence
2285 EXECUTE_IF_SET_IN_BITMAP (graph->pointed_by[i], 0, j, bi)
2287 bitmap_set_bit (pointed_by,
2288 graph->pointer_label[si->node_mapping[j]]);
2290 /* The original pointed_by is now dead. */
2291 BITMAP_FREE (graph->pointed_by[i]);
2293 /* Look up the location equivalence label if one exists, or make
2295 label = equiv_class_lookup (location_equiv_class_table,
2299 label = location_equiv_class++;
2300 equiv_class_add (location_equiv_class_table,
2305 if (dump_file && (dump_flags & TDF_DETAILS))
2306 fprintf (dump_file, "Found location equivalence for node %s\n",
2307 get_varinfo (i)->name);
2308 BITMAP_FREE (pointed_by);
2310 graph->loc_label[i] = label;
2314 if (dump_file && (dump_flags & TDF_DETAILS))
2315 for (i = 0; i < FIRST_REF_NODE; i++)
2317 bool direct_node = TEST_BIT (graph->direct_nodes, i);
2319 "Equivalence classes for %s node id %d:%s are pointer: %d"
2321 direct_node ? "Direct node" : "Indirect node", i,
2322 get_varinfo (i)->name,
2323 graph->pointer_label[si->node_mapping[i]],
2324 graph->loc_label[si->node_mapping[i]]);
2327 /* Quickly eliminate our non-pointer variables. */
2329 for (i = 0; i < FIRST_REF_NODE; i++)
2331 unsigned int node = si->node_mapping[i];
2333 if (graph->pointer_label[node] == 0)
2335 if (dump_file && (dump_flags & TDF_DETAILS))
2337 "%s is a non-pointer variable, eliminating edges.\n",
2338 get_varinfo (node)->name);
2339 stats.nonpointer_vars++;
2340 clear_edges_for_node (graph, node);
2347 /* Free information that was only necessary for variable
2351 free_var_substitution_info (struct scc_info *si)
2354 free (graph->pointer_label);
2355 free (graph->loc_label);
2356 free (graph->pointed_by);
2357 free (graph->points_to);
2358 free (graph->eq_rep);
2359 sbitmap_free (graph->direct_nodes);
2360 htab_delete (pointer_equiv_class_table);
2361 htab_delete (location_equiv_class_table);
2362 bitmap_obstack_release (&iteration_obstack);
2365 /* Return an existing node that is equivalent to NODE, which has
2366 equivalence class LABEL, if one exists. Return NODE otherwise. */
2369 find_equivalent_node (constraint_graph_t graph,
2370 unsigned int node, unsigned int label)
2372 /* If the address version of this variable is unused, we can
2373 substitute it for anything else with the same label.
2374 Otherwise, we know the pointers are equivalent, but not the
2375 locations, and we can unite them later. */
2377 if (!bitmap_bit_p (graph->address_taken, node))
2379 gcc_assert (label < graph->size);
2381 if (graph->eq_rep[label] != -1)
2383 /* Unify the two variables since we know they are equivalent. */
2384 if (unite (graph->eq_rep[label], node))
2385 unify_nodes (graph, graph->eq_rep[label], node, false);
2386 return graph->eq_rep[label];
2390 graph->eq_rep[label] = node;
2391 graph->pe_rep[label] = node;
2396 gcc_assert (label < graph->size);
2397 graph->pe[node] = label;
2398 if (graph->pe_rep[label] == -1)
2399 graph->pe_rep[label] = node;
2405 /* Unite pointer equivalent but not location equivalent nodes in
2406 GRAPH. This may only be performed once variable substitution is
2410 unite_pointer_equivalences (constraint_graph_t graph)
2414 /* Go through the pointer equivalences and unite them to their
2415 representative, if they aren't already. */
2416 for (i = 0; i < FIRST_REF_NODE; i++)
2418 unsigned int label = graph->pe[i];
2421 int label_rep = graph->pe_rep[label];
2423 if (label_rep == -1)
2426 label_rep = find (label_rep);
2427 if (label_rep >= 0 && unite (label_rep, find (i)))
2428 unify_nodes (graph, label_rep, i, false);
2433 /* Move complex constraints to the GRAPH nodes they belong to. */
2436 move_complex_constraints (constraint_graph_t graph)
2441 for (i = 0; VEC_iterate (constraint_t, constraints, i, c); i++)
2445 struct constraint_expr lhs = c->lhs;
2446 struct constraint_expr rhs = c->rhs;
2448 if (lhs.type == DEREF)
2450 insert_into_complex (graph, lhs.var, c);
2452 else if (rhs.type == DEREF)
2454 if (!(get_varinfo (lhs.var)->is_special_var))
2455 insert_into_complex (graph, rhs.var, c);
2457 else if (rhs.type != ADDRESSOF && lhs.var > anything_id
2458 && (lhs.offset != 0 || rhs.offset != 0))
2460 insert_into_complex (graph, rhs.var, c);
2467 /* Optimize and rewrite complex constraints while performing
2468 collapsing of equivalent nodes. SI is the SCC_INFO that is the
2469 result of perform_variable_substitution. */
2472 rewrite_constraints (constraint_graph_t graph,
2473 struct scc_info *si)
2479 for (j = 0; j < graph->size; j++)
2480 gcc_assert (find (j) == j);
2482 for (i = 0; VEC_iterate (constraint_t, constraints, i, c); i++)
2484 struct constraint_expr lhs = c->lhs;
2485 struct constraint_expr rhs = c->rhs;
2486 unsigned int lhsvar = find (lhs.var);
2487 unsigned int rhsvar = find (rhs.var);
2488 unsigned int lhsnode, rhsnode;
2489 unsigned int lhslabel, rhslabel;
2491 lhsnode = si->node_mapping[lhsvar];
2492 rhsnode = si->node_mapping[rhsvar];
2493 lhslabel = graph->pointer_label[lhsnode];
2494 rhslabel = graph->pointer_label[rhsnode];
2496 /* See if it is really a non-pointer variable, and if so, ignore
2500 if (dump_file && (dump_flags & TDF_DETAILS))
2503 fprintf (dump_file, "%s is a non-pointer variable,"
2504 "ignoring constraint:",
2505 get_varinfo (lhs.var)->name);
2506 dump_constraint (dump_file, c);
2508 VEC_replace (constraint_t, constraints, i, NULL);
2514 if (dump_file && (dump_flags & TDF_DETAILS))
2517 fprintf (dump_file, "%s is a non-pointer variable,"
2518 "ignoring constraint:",
2519 get_varinfo (rhs.var)->name);
2520 dump_constraint (dump_file, c);
2522 VEC_replace (constraint_t, constraints, i, NULL);
2526 lhsvar = find_equivalent_node (graph, lhsvar, lhslabel);
2527 rhsvar = find_equivalent_node (graph, rhsvar, rhslabel);
2528 c->lhs.var = lhsvar;
2529 c->rhs.var = rhsvar;
2534 /* Eliminate indirect cycles involving NODE. Return true if NODE was
2535 part of an SCC, false otherwise. */
2538 eliminate_indirect_cycles (unsigned int node)
2540 if (graph->indirect_cycles[node] != -1
2541 && !bitmap_empty_p (get_varinfo (node)->solution))
2544 VEC(unsigned,heap) *queue = NULL;
2546 unsigned int to = find (graph->indirect_cycles[node]);
2549 /* We can't touch the solution set and call unify_nodes
2550 at the same time, because unify_nodes is going to do
2551 bitmap unions into it. */
2553 EXECUTE_IF_SET_IN_BITMAP (get_varinfo (node)->solution, 0, i, bi)
2555 if (find (i) == i && i != to)
2558 VEC_safe_push (unsigned, heap, queue, i);
2563 VEC_iterate (unsigned, queue, queuepos, i);
2566 unify_nodes (graph, to, i, true);
2568 VEC_free (unsigned, heap, queue);
2574 /* Solve the constraint graph GRAPH using our worklist solver.
2575 This is based on the PW* family of solvers from the "Efficient Field
2576 Sensitive Pointer Analysis for C" paper.
2577 It works by iterating over all the graph nodes, processing the complex
2578 constraints and propagating the copy constraints, until everything stops
2579 changed. This corresponds to steps 6-8 in the solving list given above. */
2582 solve_graph (constraint_graph_t graph)
2584 unsigned int size = graph->size;
2589 changed = sbitmap_alloc (size);
2590 sbitmap_zero (changed);
2592 /* Mark all initial non-collapsed nodes as changed. */
2593 for (i = 0; i < size; i++)
2595 varinfo_t ivi = get_varinfo (i);
2596 if (find (i) == i && !bitmap_empty_p (ivi->solution)
2597 && ((graph->succs[i] && !bitmap_empty_p (graph->succs[i]))
2598 || VEC_length (constraint_t, graph->complex[i]) > 0))
2600 SET_BIT (changed, i);
2605 /* Allocate a bitmap to be used to store the changed bits. */
2606 pts = BITMAP_ALLOC (&pta_obstack);
2608 while (changed_count > 0)
2611 struct topo_info *ti = init_topo_info ();
2614 bitmap_obstack_initialize (&iteration_obstack);
2616 compute_topo_order (graph, ti);
2618 while (VEC_length (unsigned, ti->topo_order) != 0)
2621 i = VEC_pop (unsigned, ti->topo_order);
2623 /* If this variable is not a representative, skip it. */
2627 /* In certain indirect cycle cases, we may merge this
2628 variable to another. */
2629 if (eliminate_indirect_cycles (i) && find (i) != i)
2632 /* If the node has changed, we need to process the
2633 complex constraints and outgoing edges again. */
2634 if (TEST_BIT (changed, i))
2639 VEC(constraint_t,heap) *complex = graph->complex[i];
2640 bool solution_empty;
2642 RESET_BIT (changed, i);
2645 /* Compute the changed set of solution bits. */
2646 bitmap_and_compl (pts, get_varinfo (i)->solution,
2647 get_varinfo (i)->oldsolution);
2649 if (bitmap_empty_p (pts))
2652 bitmap_ior_into (get_varinfo (i)->oldsolution, pts);
2654 solution = get_varinfo (i)->solution;
2655 solution_empty = bitmap_empty_p (solution);
2657 /* Process the complex constraints */
2658 for (j = 0; VEC_iterate (constraint_t, complex, j, c); j++)
2660 /* XXX: This is going to unsort the constraints in
2661 some cases, which will occasionally add duplicate
2662 constraints during unification. This does not
2663 affect correctness. */
2664 c->lhs.var = find (c->lhs.var);
2665 c->rhs.var = find (c->rhs.var);
2667 /* The only complex constraint that can change our
2668 solution to non-empty, given an empty solution,
2669 is a constraint where the lhs side is receiving
2670 some set from elsewhere. */
2671 if (!solution_empty || c->lhs.type != DEREF)
2672 do_complex_constraint (graph, c, pts);
2675 solution_empty = bitmap_empty_p (solution);
2677 if (!solution_empty)
2680 unsigned eff_escaped_id = find (escaped_id);
2682 /* Propagate solution to all successors. */
2683 EXECUTE_IF_IN_NONNULL_BITMAP (graph->succs[i],
2689 unsigned int to = find (j);
2690 tmp = get_varinfo (to)->solution;
2693 /* Don't try to propagate to ourselves. */
2697 /* If we propagate from ESCAPED use ESCAPED as
2699 if (i == eff_escaped_id)
2700 flag = bitmap_set_bit (tmp, escaped_id);
2702 flag = set_union_with_increment (tmp, pts, 0);
2706 get_varinfo (to)->solution = tmp;
2707 if (!TEST_BIT (changed, to))
2709 SET_BIT (changed, to);
2717 free_topo_info (ti);
2718 bitmap_obstack_release (&iteration_obstack);
2722 sbitmap_free (changed);
2723 bitmap_obstack_release (&oldpta_obstack);
2726 /* Map from trees to variable infos. */
2727 static struct pointer_map_t *vi_for_tree;
2730 /* Insert ID as the variable id for tree T in the vi_for_tree map. */
2733 insert_vi_for_tree (tree t, varinfo_t vi)
2735 void **slot = pointer_map_insert (vi_for_tree, t);
2737 gcc_assert (*slot == NULL);
2741 /* Find the variable info for tree T in VI_FOR_TREE. If T does not
2742 exist in the map, return NULL, otherwise, return the varinfo we found. */
2745 lookup_vi_for_tree (tree t)
2747 void **slot = pointer_map_contains (vi_for_tree, t);
2751 return (varinfo_t) *slot;
2754 /* Return a printable name for DECL */
2757 alias_get_name (tree decl)
2761 int num_printed = 0;
2763 if (DECL_ASSEMBLER_NAME_SET_P (decl))
2764 res = IDENTIFIER_POINTER (DECL_ASSEMBLER_NAME (decl));
2766 res= get_name (decl);
2774 if (TREE_CODE (decl) == SSA_NAME)
2776 num_printed = asprintf (&temp, "%s_%u",
2777 alias_get_name (SSA_NAME_VAR (decl)),
2778 SSA_NAME_VERSION (decl));
2780 else if (DECL_P (decl))
2782 num_printed = asprintf (&temp, "D.%u", DECL_UID (decl));
2784 if (num_printed > 0)
2786 res = ggc_strdup (temp);
2792 /* Find the variable id for tree T in the map.
2793 If T doesn't exist in the map, create an entry for it and return it. */
2796 get_vi_for_tree (tree t)
2798 void **slot = pointer_map_contains (vi_for_tree, t);
2800 return get_varinfo (create_variable_info_for (t, alias_get_name (t)));
2802 return (varinfo_t) *slot;
2805 /* Get a scalar constraint expression for a new temporary variable. */
2807 static struct constraint_expr
2808 new_scalar_tmp_constraint_exp (const char *name)
2810 struct constraint_expr tmp;
2813 vi = new_var_info (NULL_TREE, name);
2817 vi->is_full_var = 1;
2826 /* Get a constraint expression vector from an SSA_VAR_P node.
2827 If address_p is true, the result will be taken its address of. */
2830 get_constraint_for_ssa_var (tree t, VEC(ce_s, heap) **results, bool address_p)
2832 struct constraint_expr cexpr;
2835 /* We allow FUNCTION_DECLs here even though it doesn't make much sense. */
2836 gcc_assert (SSA_VAR_P (t) || DECL_P (t));
2838 /* For parameters, get at the points-to set for the actual parm
2840 if (TREE_CODE (t) == SSA_NAME
2841 && TREE_CODE (SSA_NAME_VAR (t)) == PARM_DECL
2842 && SSA_NAME_IS_DEFAULT_DEF (t))
2844 get_constraint_for_ssa_var (SSA_NAME_VAR (t), results, address_p);
2848 vi = get_vi_for_tree (t);
2850 cexpr.type = SCALAR;
2852 /* If we determine the result is "anything", and we know this is readonly,
2853 say it points to readonly memory instead. */
2854 if (cexpr.var == anything_id && TREE_READONLY (t))
2857 cexpr.type = ADDRESSOF;
2858 cexpr.var = readonly_id;
2861 /* If we are not taking the address of the constraint expr, add all
2862 sub-fiels of the variable as well. */
2864 && !vi->is_full_var)
2866 for (; vi; vi = vi->next)
2869 VEC_safe_push (ce_s, heap, *results, &cexpr);
2874 VEC_safe_push (ce_s, heap, *results, &cexpr);
2877 /* Process constraint T, performing various simplifications and then
2878 adding it to our list of overall constraints. */
2881 process_constraint (constraint_t t)
2883 struct constraint_expr rhs = t->rhs;
2884 struct constraint_expr lhs = t->lhs;
2886 gcc_assert (rhs.var < VEC_length (varinfo_t, varmap));
2887 gcc_assert (lhs.var < VEC_length (varinfo_t, varmap));
2889 /* If we didn't get any useful constraint from the lhs we get
2890 &ANYTHING as fallback from get_constraint_for. Deal with
2891 it here by turning it into *ANYTHING. */
2892 if (lhs.type == ADDRESSOF
2893 && lhs.var == anything_id)
2896 /* ADDRESSOF on the lhs is invalid. */
2897 gcc_assert (lhs.type != ADDRESSOF);
2899 /* We shouldn't add constraints from things that cannot have pointers.
2900 It's not completely trivial to avoid in the callers, so do it here. */
2901 if (rhs.type != ADDRESSOF
2902 && !get_varinfo (rhs.var)->may_have_pointers)
2905 /* Likewise adding to the solution of a non-pointer var isn't useful. */
2906 if (!get_varinfo (lhs.var)->may_have_pointers)
2909 /* This can happen in our IR with things like n->a = *p */
2910 if (rhs.type == DEREF && lhs.type == DEREF && rhs.var != anything_id)
2912 /* Split into tmp = *rhs, *lhs = tmp */
2913 struct constraint_expr tmplhs;
2914 tmplhs = new_scalar_tmp_constraint_exp ("doubledereftmp");
2915 process_constraint (new_constraint (tmplhs, rhs));
2916 process_constraint (new_constraint (lhs, tmplhs));
2918 else if (rhs.type == ADDRESSOF && lhs.type == DEREF)
2920 /* Split into tmp = &rhs, *lhs = tmp */
2921 struct constraint_expr tmplhs;
2922 tmplhs = new_scalar_tmp_constraint_exp ("derefaddrtmp");
2923 process_constraint (new_constraint (tmplhs, rhs));
2924 process_constraint (new_constraint (lhs, tmplhs));
2928 gcc_assert (rhs.type != ADDRESSOF || rhs.offset == 0);
2929 VEC_safe_push (constraint_t, heap, constraints, t);
2933 /* Return true if T is a type that could contain pointers. */
2936 type_could_have_pointers (tree type)
2938 if (POINTER_TYPE_P (type))
2941 if (TREE_CODE (type) == ARRAY_TYPE)
2942 return type_could_have_pointers (TREE_TYPE (type));
2944 /* A function or method can consume pointers.
2945 ??? We could be more precise here. */
2946 if (TREE_CODE (type) == FUNCTION_TYPE
2947 || TREE_CODE (type) == METHOD_TYPE)
2950 return AGGREGATE_TYPE_P (type);
2953 /* Return true if T is a variable of a type that could contain
2957 could_have_pointers (tree t)
2959 return (((TREE_CODE (t) == VAR_DECL
2960 || TREE_CODE (t) == PARM_DECL
2961 || TREE_CODE (t) == RESULT_DECL)
2962 && (TREE_PUBLIC (t) || DECL_EXTERNAL (t) || TREE_ADDRESSABLE (t)))
2963 || type_could_have_pointers (TREE_TYPE (t)));
2966 /* Return the position, in bits, of FIELD_DECL from the beginning of its
2969 static HOST_WIDE_INT
2970 bitpos_of_field (const tree fdecl)
2973 if (!host_integerp (DECL_FIELD_OFFSET (fdecl), 0)
2974 || !host_integerp (DECL_FIELD_BIT_OFFSET (fdecl), 0))
2977 return (TREE_INT_CST_LOW (DECL_FIELD_OFFSET (fdecl)) * 8
2978 + TREE_INT_CST_LOW (DECL_FIELD_BIT_OFFSET (fdecl)));
2982 /* Get constraint expressions for offsetting PTR by OFFSET. Stores the
2983 resulting constraint expressions in *RESULTS. */
2986 get_constraint_for_ptr_offset (tree ptr, tree offset,
2987 VEC (ce_s, heap) **results)
2989 struct constraint_expr c;
2991 HOST_WIDE_INT rhsunitoffset, rhsoffset;
2993 /* If we do not do field-sensitive PTA adding offsets to pointers
2994 does not change the points-to solution. */
2995 if (!use_field_sensitive)
2997 get_constraint_for (ptr, results);
3001 /* If the offset is not a non-negative integer constant that fits
3002 in a HOST_WIDE_INT, we have to fall back to a conservative
3003 solution which includes all sub-fields of all pointed-to
3004 variables of ptr. */
3005 if (offset == NULL_TREE
3006 || !host_integerp (offset, 0))
3007 rhsoffset = UNKNOWN_OFFSET;
3010 /* Make sure the bit-offset also fits. */
3011 rhsunitoffset = TREE_INT_CST_LOW (offset);
3012 rhsoffset = rhsunitoffset * BITS_PER_UNIT;
3013 if (rhsunitoffset != rhsoffset / BITS_PER_UNIT)
3014 rhsoffset = UNKNOWN_OFFSET;
3017 get_constraint_for (ptr, results);
3021 /* As we are eventually appending to the solution do not use
3022 VEC_iterate here. */
3023 n = VEC_length (ce_s, *results);
3024 for (j = 0; j < n; j++)
3027 c = *VEC_index (ce_s, *results, j);
3028 curr = get_varinfo (c.var);
3030 if (c.type == ADDRESSOF
3031 /* If this varinfo represents a full variable just use it. */
3032 && curr->is_full_var)
3034 else if (c.type == ADDRESSOF
3035 /* If we do not know the offset add all subfields. */
3036 && rhsoffset == UNKNOWN_OFFSET)
3038 varinfo_t temp = lookup_vi_for_tree (curr->decl);
3041 struct constraint_expr c2;
3043 c2.type = ADDRESSOF;
3045 if (c2.var != c.var)
3046 VEC_safe_push (ce_s, heap, *results, &c2);
3051 else if (c.type == ADDRESSOF)
3054 unsigned HOST_WIDE_INT offset = curr->offset + rhsoffset;
3056 /* Search the sub-field which overlaps with the
3057 pointed-to offset. If the result is outside of the variable
3058 we have to provide a conservative result, as the variable is
3059 still reachable from the resulting pointer (even though it
3060 technically cannot point to anything). The last and first
3061 sub-fields are such conservative results.
3062 ??? If we always had a sub-field for &object + 1 then
3063 we could represent this in a more precise way. */
3065 && curr->offset < offset)
3067 temp = first_or_preceding_vi_for_offset (curr, offset);
3069 /* If the found variable is not exactly at the pointed to
3070 result, we have to include the next variable in the
3071 solution as well. Otherwise two increments by offset / 2
3072 do not result in the same or a conservative superset
3074 if (temp->offset != offset
3075 && temp->next != NULL)
3077 struct constraint_expr c2;
3078 c2.var = temp->next->id;
3079 c2.type = ADDRESSOF;
3081 VEC_safe_push (ce_s, heap, *results, &c2);
3087 c.offset = rhsoffset;
3089 VEC_replace (ce_s, *results, j, &c);
3094 /* Given a COMPONENT_REF T, return the constraint_expr vector for it.
3095 If address_p is true the result will be taken its address of. */
3098 get_constraint_for_component_ref (tree t, VEC(ce_s, heap) **results,
3102 HOST_WIDE_INT bitsize = -1;
3103 HOST_WIDE_INT bitmaxsize = -1;
3104 HOST_WIDE_INT bitpos;
3106 struct constraint_expr *result;
3108 /* Some people like to do cute things like take the address of
3111 while (handled_component_p (forzero)
3112 || INDIRECT_REF_P (forzero))
3113 forzero = TREE_OPERAND (forzero, 0);
3115 if (CONSTANT_CLASS_P (forzero) && integer_zerop (forzero))
3117 struct constraint_expr temp;
3120 temp.var = integer_id;
3122 VEC_safe_push (ce_s, heap, *results, &temp);
3126 t = get_ref_base_and_extent (t, &bitpos, &bitsize, &bitmaxsize);
3128 /* Pretend to take the address of the base, we'll take care of
3129 adding the required subset of sub-fields below. */
3130 get_constraint_for_1 (t, results, true);
3131 gcc_assert (VEC_length (ce_s, *results) == 1);
3132 result = VEC_last (ce_s, *results);
3134 if (result->type == SCALAR
3135 && get_varinfo (result->var)->is_full_var)
3136 /* For single-field vars do not bother about the offset. */
3138 else if (result->type == SCALAR)
3140 /* In languages like C, you can access one past the end of an
3141 array. You aren't allowed to dereference it, so we can
3142 ignore this constraint. When we handle pointer subtraction,
3143 we may have to do something cute here. */
3145 if ((unsigned HOST_WIDE_INT)bitpos < get_varinfo (result->var)->fullsize
3148 /* It's also not true that the constraint will actually start at the
3149 right offset, it may start in some padding. We only care about
3150 setting the constraint to the first actual field it touches, so
3152 struct constraint_expr cexpr = *result;
3154 VEC_pop (ce_s, *results);
3156 for (curr = get_varinfo (cexpr.var); curr; curr = curr->next)
3158 if (ranges_overlap_p (curr->offset, curr->size,
3159 bitpos, bitmaxsize))
3161 cexpr.var = curr->id;
3162 VEC_safe_push (ce_s, heap, *results, &cexpr);
3167 /* If we are going to take the address of this field then
3168 to be able to compute reachability correctly add at least
3169 the last field of the variable. */
3171 && VEC_length (ce_s, *results) == 0)
3173 curr = get_varinfo (cexpr.var);
3174 while (curr->next != NULL)
3176 cexpr.var = curr->id;
3177 VEC_safe_push (ce_s, heap, *results, &cexpr);
3180 /* Assert that we found *some* field there. The user couldn't be
3181 accessing *only* padding. */
3182 /* Still the user could access one past the end of an array
3183 embedded in a struct resulting in accessing *only* padding. */
3184 gcc_assert (VEC_length (ce_s, *results) >= 1
3185 || ref_contains_array_ref (orig_t));
3187 else if (bitmaxsize == 0)
3189 if (dump_file && (dump_flags & TDF_DETAILS))
3190 fprintf (dump_file, "Access to zero-sized part of variable,"
3194 if (dump_file && (dump_flags & TDF_DETAILS))
3195 fprintf (dump_file, "Access to past the end of variable, ignoring\n");
3197 else if (result->type == DEREF)
3199 /* If we do not know exactly where the access goes say so. Note
3200 that only for non-structure accesses we know that we access
3201 at most one subfiled of any variable. */
3203 || bitsize != bitmaxsize
3204 || AGGREGATE_TYPE_P (TREE_TYPE (orig_t)))
3205 result->offset = UNKNOWN_OFFSET;
3207 result->offset = bitpos;
3209 else if (result->type == ADDRESSOF)
3211 /* We can end up here for component references on a
3212 VIEW_CONVERT_EXPR <>(&foobar). */
3213 result->type = SCALAR;
3214 result->var = anything_id;
3222 /* Dereference the constraint expression CONS, and return the result.
3223 DEREF (ADDRESSOF) = SCALAR
3224 DEREF (SCALAR) = DEREF
3225 DEREF (DEREF) = (temp = DEREF1; result = DEREF(temp))
3226 This is needed so that we can handle dereferencing DEREF constraints. */
3229 do_deref (VEC (ce_s, heap) **constraints)
3231 struct constraint_expr *c;
3234 for (i = 0; VEC_iterate (ce_s, *constraints, i, c); i++)
3236 if (c->type == SCALAR)
3238 else if (c->type == ADDRESSOF)
3240 else if (c->type == DEREF)
3242 struct constraint_expr tmplhs;
3243 tmplhs = new_scalar_tmp_constraint_exp ("dereftmp");
3244 process_constraint (new_constraint (tmplhs, *c));
3245 c->var = tmplhs.var;
3252 static void get_constraint_for_1 (tree, VEC (ce_s, heap) **, bool);
3254 /* Given a tree T, return the constraint expression for taking the
3258 get_constraint_for_address_of (tree t, VEC (ce_s, heap) **results)
3260 struct constraint_expr *c;
3263 get_constraint_for_1 (t, results, true);
3265 for (i = 0; VEC_iterate (ce_s, *results, i, c); i++)
3267 if (c->type == DEREF)
3270 c->type = ADDRESSOF;
3274 /* Given a tree T, return the constraint expression for it. */
3277 get_constraint_for_1 (tree t, VEC (ce_s, heap) **results, bool address_p)
3279 struct constraint_expr temp;
3281 /* x = integer is all glommed to a single variable, which doesn't
3282 point to anything by itself. That is, of course, unless it is an
3283 integer constant being treated as a pointer, in which case, we
3284 will return that this is really the addressof anything. This
3285 happens below, since it will fall into the default case. The only
3286 case we know something about an integer treated like a pointer is
3287 when it is the NULL pointer, and then we just say it points to
3290 Do not do that if -fno-delete-null-pointer-checks though, because
3291 in that case *NULL does not fail, so it _should_ alias *anything.
3292 It is not worth adding a new option or renaming the existing one,
3293 since this case is relatively obscure. */
3294 if ((TREE_CODE (t) == INTEGER_CST
3295 && integer_zerop (t))
3296 /* The only valid CONSTRUCTORs in gimple with pointer typed
3297 elements are zero-initializer. But in IPA mode we also
3298 process global initializers, so verify at least. */
3299 || (TREE_CODE (t) == CONSTRUCTOR
3300 && CONSTRUCTOR_NELTS (t) == 0))
3302 if (flag_delete_null_pointer_checks)
3303 temp.var = nothing_id;
3305 temp.var = anything_id;
3306 temp.type = ADDRESSOF;
3308 VEC_safe_push (ce_s, heap, *results, &temp);
3312 /* String constants are read-only. */
3313 if (TREE_CODE (t) == STRING_CST)
3315 temp.var = readonly_id;
3318 VEC_safe_push (ce_s, heap, *results, &temp);
3322 switch (TREE_CODE_CLASS (TREE_CODE (t)))
3324 case tcc_expression:
3326 switch (TREE_CODE (t))
3329 get_constraint_for_address_of (TREE_OPERAND (t, 0), results);
3337 switch (TREE_CODE (t))
3341 get_constraint_for_1 (TREE_OPERAND (t, 0), results, address_p);
3346 case ARRAY_RANGE_REF:
3348 get_constraint_for_component_ref (t, results, address_p);
3350 case VIEW_CONVERT_EXPR:
3351 get_constraint_for_1 (TREE_OPERAND (t, 0), results, address_p);
3353 /* We are missing handling for TARGET_MEM_REF here. */
3358 case tcc_exceptional:
3360 switch (TREE_CODE (t))
3364 get_constraint_for_ssa_var (t, results, address_p);
3371 VEC (ce_s, heap) *tmp = NULL;
3372 FOR_EACH_CONSTRUCTOR_VALUE (CONSTRUCTOR_ELTS (t), i, val)
3374 struct constraint_expr *rhsp;
3376 get_constraint_for_1 (val, &tmp, address_p);
3377 for (j = 0; VEC_iterate (ce_s, tmp, j, rhsp); ++j)
3378 VEC_safe_push (ce_s, heap, *results, rhsp);
3379 VEC_truncate (ce_s, tmp, 0);
3381 VEC_free (ce_s, heap, tmp);
3382 /* We do not know whether the constructor was complete,
3383 so technically we have to add &NOTHING or &ANYTHING
3384 like we do for an empty constructor as well. */
3391 case tcc_declaration:
3393 get_constraint_for_ssa_var (t, results, address_p);
3399 /* The default fallback is a constraint from anything. */
3400 temp.type = ADDRESSOF;
3401 temp.var = anything_id;
3403 VEC_safe_push (ce_s, heap, *results, &temp);
3406 /* Given a gimple tree T, return the constraint expression vector for it. */
3409 get_constraint_for (tree t, VEC (ce_s, heap) **results)
3411 gcc_assert (VEC_length (ce_s, *results) == 0);
3413 get_constraint_for_1 (t, results, false);
3417 /* Efficiently generates constraints from all entries in *RHSC to all
3418 entries in *LHSC. */
3421 process_all_all_constraints (VEC (ce_s, heap) *lhsc, VEC (ce_s, heap) *rhsc)
3423 struct constraint_expr *lhsp, *rhsp;
3426 if (VEC_length (ce_s, lhsc) <= 1
3427 || VEC_length (ce_s, rhsc) <= 1)
3429 for (i = 0; VEC_iterate (ce_s, lhsc, i, lhsp); ++i)
3430 for (j = 0; VEC_iterate (ce_s, rhsc, j, rhsp); ++j)
3431 process_constraint (new_constraint (*lhsp, *rhsp));
3435 struct constraint_expr tmp;
3436 tmp = new_scalar_tmp_constraint_exp ("allalltmp");
3437 for (i = 0; VEC_iterate (ce_s, rhsc, i, rhsp); ++i)
3438 process_constraint (new_constraint (tmp, *rhsp));
3439 for (i = 0; VEC_iterate (ce_s, lhsc, i, lhsp); ++i)
3440 process_constraint (new_constraint (*lhsp, tmp));
3444 /* Handle aggregate copies by expanding into copies of the respective
3445 fields of the structures. */
3448 do_structure_copy (tree lhsop, tree rhsop)
3450 struct constraint_expr *lhsp, *rhsp;
3451 VEC (ce_s, heap) *lhsc = NULL, *rhsc = NULL;
3454 get_constraint_for (lhsop, &lhsc);
3455 get_constraint_for (rhsop, &rhsc);
3456 lhsp = VEC_index (ce_s, lhsc, 0);
3457 rhsp = VEC_index (ce_s, rhsc, 0);
3458 if (lhsp->type == DEREF
3459 || (lhsp->type == ADDRESSOF && lhsp->var == anything_id)
3460 || rhsp->type == DEREF)
3462 if (lhsp->type == DEREF)
3464 gcc_assert (VEC_length (ce_s, lhsc) == 1);
3465 lhsp->offset = UNKNOWN_OFFSET;
3467 if (rhsp->type == DEREF)
3469 gcc_assert (VEC_length (ce_s, rhsc) == 1);
3470 rhsp->offset = UNKNOWN_OFFSET;
3472 process_all_all_constraints (lhsc, rhsc);
3474 else if (lhsp->type == SCALAR
3475 && (rhsp->type == SCALAR
3476 || rhsp->type == ADDRESSOF))
3478 HOST_WIDE_INT lhssize, lhsmaxsize, lhsoffset;
3479 HOST_WIDE_INT rhssize, rhsmaxsize, rhsoffset;
3481 get_ref_base_and_extent (lhsop, &lhsoffset, &lhssize, &lhsmaxsize);
3482 get_ref_base_and_extent (rhsop, &rhsoffset, &rhssize, &rhsmaxsize);
3483 for (j = 0; VEC_iterate (ce_s, lhsc, j, lhsp);)
3485 varinfo_t lhsv, rhsv;
3486 rhsp = VEC_index (ce_s, rhsc, k);
3487 lhsv = get_varinfo (lhsp->var);
3488 rhsv = get_varinfo (rhsp->var);
3489 if (lhsv->may_have_pointers
3490 && ranges_overlap_p (lhsv->offset + rhsoffset, lhsv->size,
3491 rhsv->offset + lhsoffset, rhsv->size))
3492 process_constraint (new_constraint (*lhsp, *rhsp));
3493 if (lhsv->offset + rhsoffset + lhsv->size
3494 > rhsv->offset + lhsoffset + rhsv->size)
3497 if (k >= VEC_length (ce_s, rhsc))
3507 VEC_free (ce_s, heap, lhsc);
3508 VEC_free (ce_s, heap, rhsc);
3511 /* Create a constraint ID = OP. */
3514 make_constraint_to (unsigned id, tree op)
3516 VEC(ce_s, heap) *rhsc = NULL;
3517 struct constraint_expr *c;
3518 struct constraint_expr includes;
3522 includes.offset = 0;
3523 includes.type = SCALAR;
3525 get_constraint_for (op, &rhsc);
3526 for (j = 0; VEC_iterate (ce_s, rhsc, j, c); j++)
3527 process_constraint (new_constraint (includes, *c));
3528 VEC_free (ce_s, heap, rhsc);
3531 /* Create a constraint ID = &FROM. */
3534 make_constraint_from (varinfo_t vi, int from)
3536 struct constraint_expr lhs, rhs;
3544 rhs.type = ADDRESSOF;
3545 process_constraint (new_constraint (lhs, rhs));
3548 /* Create a constraint ID = FROM. */
3551 make_copy_constraint (varinfo_t vi, int from)
3553 struct constraint_expr lhs, rhs;
3562 process_constraint (new_constraint (lhs, rhs));
3565 /* Make constraints necessary to make OP escape. */
3568 make_escape_constraint (tree op)
3570 make_constraint_to (escaped_id, op);
3573 /* Add constraints to that the solution of VI is transitively closed. */
3576 make_transitive_closure_constraints (varinfo_t vi)
3578 struct constraint_expr lhs, rhs;
3587 process_constraint (new_constraint (lhs, rhs));
3589 /* VAR = VAR + UNKNOWN; */
3595 rhs.offset = UNKNOWN_OFFSET;
3596 process_constraint (new_constraint (lhs, rhs));
3599 /* Create a new artificial heap variable with NAME.
3600 Return the created variable. */
3603 make_heapvar_for (varinfo_t lhs, const char *name)
3606 tree heapvar = heapvar_lookup (lhs->decl, lhs->offset);
3608 if (heapvar == NULL_TREE)
3611 heapvar = create_tmp_var_raw (ptr_type_node, name);
3612 DECL_EXTERNAL (heapvar) = 1;
3614 heapvar_insert (lhs->decl, lhs->offset, heapvar);
3616 ann = get_var_ann (heapvar);
3617 ann->is_heapvar = 1;
3620 /* For global vars we need to add a heapvar to the list of referenced
3621 vars of a different function than it was created for originally. */
3622 if (cfun && gimple_referenced_vars (cfun))
3623 add_referenced_var (heapvar);
3625 vi = new_var_info (heapvar, name);
3626 vi->is_artificial_var = true;
3627 vi->is_heap_var = true;
3628 vi->is_unknown_size_var = true;
3632 vi->is_full_var = true;
3633 insert_vi_for_tree (heapvar, vi);
3638 /* Create a new artificial heap variable with NAME and make a
3639 constraint from it to LHS. Return the created variable. */
3642 make_constraint_from_heapvar (varinfo_t lhs, const char *name)
3644 varinfo_t vi = make_heapvar_for (lhs, name);
3645 make_constraint_from (lhs, vi->id);
3650 /* Create a new artificial heap variable with NAME and make a
3651 constraint from it to LHS. Set flags according to a tag used
3652 for tracking restrict pointers. */
3655 make_constraint_from_restrict (varinfo_t lhs, const char *name)
3658 vi = make_constraint_from_heapvar (lhs, name);
3659 vi->is_restrict_var = 1;
3660 vi->is_global_var = 0;
3661 vi->is_special_var = 1;
3662 vi->may_have_pointers = 0;
3665 /* In IPA mode there are varinfos for different aspects of reach
3666 function designator. One for the points-to set of the return
3667 value, one for the variables that are clobbered by the function,
3668 one for its uses and one for each parameter (including a single
3669 glob for remaining variadic arguments). */
3671 enum { fi_clobbers = 1, fi_uses = 2,
3672 fi_static_chain = 3, fi_result = 4, fi_parm_base = 5 };
3674 /* Get a constraint for the requested part of a function designator FI
3675 when operating in IPA mode. */
3677 static struct constraint_expr
3678 get_function_part_constraint (varinfo_t fi, unsigned part)
3680 struct constraint_expr c;
3682 gcc_assert (in_ipa_mode);
3684 if (fi->id == anything_id)
3686 /* ??? We probably should have a ANYFN special variable. */
3687 c.var = anything_id;
3691 else if (TREE_CODE (fi->decl) == FUNCTION_DECL)
3693 varinfo_t ai = first_vi_for_offset (fi, part);
3697 c.var = anything_id;
3711 /* For non-IPA mode, generate constraints necessary for a call on the
3715 handle_rhs_call (gimple stmt, VEC(ce_s, heap) **results)
3717 struct constraint_expr rhsc;
3719 bool returns_uses = false;
3721 for (i = 0; i < gimple_call_num_args (stmt); ++i)
3723 tree arg = gimple_call_arg (stmt, i);
3724 int flags = gimple_call_arg_flags (stmt, i);
3726 /* If the argument is not used or it does not contain pointers
3727 we can ignore it. */
3728 if ((flags & EAF_UNUSED)
3729 || !could_have_pointers (arg))
3732 /* As we compute ESCAPED context-insensitive we do not gain
3733 any precision with just EAF_NOCLOBBER but not EAF_NOESCAPE
3734 set. The argument would still get clobbered through the
3736 ??? We might get away with less (and more precise) constraints
3737 if using a temporary for transitively closing things. */
3738 if ((flags & EAF_NOCLOBBER)
3739 && (flags & EAF_NOESCAPE))
3741 varinfo_t uses = get_call_use_vi (stmt);
3742 if (!(flags & EAF_DIRECT))
3743 make_transitive_closure_constraints (uses);
3744 make_constraint_to (uses->id, arg);
3745 returns_uses = true;
3747 else if (flags & EAF_NOESCAPE)
3749 varinfo_t uses = get_call_use_vi (stmt);
3750 varinfo_t clobbers = get_call_clobber_vi (stmt);
3751 if (!(flags & EAF_DIRECT))
3753 make_transitive_closure_constraints (uses);
3754 make_transitive_closure_constraints (clobbers);
3756 make_constraint_to (uses->id, arg);
3757 make_constraint_to (clobbers->id, arg);
3758 returns_uses = true;
3761 make_escape_constraint (arg);
3764 /* If we added to the calls uses solution make sure we account for
3765 pointers to it to be returned. */
3768 rhsc.var = get_call_use_vi (stmt)->id;
3771 VEC_safe_push (ce_s, heap, *results, &rhsc);
3774 /* The static chain escapes as well. */
3775 if (gimple_call_chain (stmt))
3776 make_escape_constraint (gimple_call_chain (stmt));
3778 /* And if we applied NRV the address of the return slot escapes as well. */
3779 if (gimple_call_return_slot_opt_p (stmt)
3780 && gimple_call_lhs (stmt) != NULL_TREE
3781 && TREE_ADDRESSABLE (TREE_TYPE (gimple_call_lhs (stmt))))
3783 VEC(ce_s, heap) *tmpc = NULL;
3784 struct constraint_expr lhsc, *c;
3785 get_constraint_for_address_of (gimple_call_lhs (stmt), &tmpc);
3786 lhsc.var = escaped_id;
3789 for (i = 0; VEC_iterate (ce_s, tmpc, i, c); ++i)
3790 process_constraint (new_constraint (lhsc, *c));
3791 VEC_free(ce_s, heap, tmpc);
3794 /* Regular functions return nonlocal memory. */
3795 rhsc.var = nonlocal_id;
3798 VEC_safe_push (ce_s, heap, *results, &rhsc);
3801 /* For non-IPA mode, generate constraints necessary for a call
3802 that returns a pointer and assigns it to LHS. This simply makes
3803 the LHS point to global and escaped variables. */
3806 handle_lhs_call (gimple stmt, tree lhs, int flags, VEC(ce_s, heap) *rhsc,
3809 VEC(ce_s, heap) *lhsc = NULL;
3811 get_constraint_for (lhs, &lhsc);
3812 /* If the store is to a global decl make sure to
3813 add proper escape constraints. */
3814 lhs = get_base_address (lhs);
3817 && is_global_var (lhs))
3819 struct constraint_expr tmpc;
3820 tmpc.var = escaped_id;
3823 VEC_safe_push (ce_s, heap, lhsc, &tmpc);
3826 /* If the call returns an argument unmodified override the rhs
3828 flags = gimple_call_return_flags (stmt);
3829 if (flags & ERF_RETURNS_ARG
3830 && (flags & ERF_RETURN_ARG_MASK) < gimple_call_num_args (stmt))
3834 arg = gimple_call_arg (stmt, flags & ERF_RETURN_ARG_MASK);
3835 get_constraint_for (arg, &rhsc);
3836 process_all_all_constraints (lhsc, rhsc);
3837 VEC_free (ce_s, heap, rhsc);
3839 else if (flags & ERF_NOALIAS)
3842 struct constraint_expr tmpc;
3844 vi = make_heapvar_for (get_vi_for_tree (lhs), "HEAP");
3845 /* We delay marking allocated storage global until we know if
3847 DECL_EXTERNAL (vi->decl) = 0;
3848 vi->is_global_var = 0;
3849 /* If this is not a real malloc call assume the memory was
3850 initialized and thus may point to global memory. All
3851 builtin functions with the malloc attribute behave in a sane way. */
3853 || DECL_BUILT_IN_CLASS (fndecl) != BUILT_IN_NORMAL)
3854 make_constraint_from (vi, nonlocal_id);
3857 tmpc.type = ADDRESSOF;
3858 VEC_safe_push (ce_s, heap, rhsc, &tmpc);
3861 process_all_all_constraints (lhsc, rhsc);
3863 VEC_free (ce_s, heap, lhsc);
3866 /* For non-IPA mode, generate constraints necessary for a call of a
3867 const function that returns a pointer in the statement STMT. */
3870 handle_const_call (gimple stmt, VEC(ce_s, heap) **results)
3872 struct constraint_expr rhsc;
3875 /* Treat nested const functions the same as pure functions as far
3876 as the static chain is concerned. */
3877 if (gimple_call_chain (stmt))
3879 varinfo_t uses = get_call_use_vi (stmt);
3880 make_transitive_closure_constraints (uses);
3881 make_constraint_to (uses->id, gimple_call_chain (stmt));
3882 rhsc.var = uses->id;
3885 VEC_safe_push (ce_s, heap, *results, &rhsc);
3888 /* May return arguments. */
3889 for (k = 0; k < gimple_call_num_args (stmt); ++k)
3891 tree arg = gimple_call_arg (stmt, k);
3893 if (could_have_pointers (arg))
3895 VEC(ce_s, heap) *argc = NULL;
3897 struct constraint_expr *argp;
3898 get_constraint_for (arg, &argc);
3899 for (i = 0; VEC_iterate (ce_s, argc, i, argp); ++i)
3900 VEC_safe_push (ce_s, heap, *results, argp);
3901 VEC_free(ce_s, heap, argc);
3905 /* May return addresses of globals. */
3906 rhsc.var = nonlocal_id;
3908 rhsc.type = ADDRESSOF;
3909 VEC_safe_push (ce_s, heap, *results, &rhsc);
3912 /* For non-IPA mode, generate constraints necessary for a call to a
3913 pure function in statement STMT. */
3916 handle_pure_call (gimple stmt, VEC(ce_s, heap) **results)
3918 struct constraint_expr rhsc;
3920 varinfo_t uses = NULL;
3922 /* Memory reached from pointer arguments is call-used. */
3923 for (i = 0; i < gimple_call_num_args (stmt); ++i)
3925 tree arg = gimple_call_arg (stmt, i);
3927 if (could_have_pointers (arg))
3931 uses = get_call_use_vi (stmt);
3932 make_transitive_closure_constraints (uses);
3934 make_constraint_to (uses->id, arg);
3938 /* The static chain is used as well. */
3939 if (gimple_call_chain (stmt))
3943 uses = get_call_use_vi (stmt);
3944 make_transitive_closure_constraints (uses);
3946 make_constraint_to (uses->id, gimple_call_chain (stmt));
3949 /* Pure functions may return call-used and nonlocal memory. */
3952 rhsc.var = uses->id;
3955 VEC_safe_push (ce_s, heap, *results, &rhsc);
3957 rhsc.var = nonlocal_id;
3960 VEC_safe_push (ce_s, heap, *results, &rhsc);
3964 /* Return the varinfo for the callee of CALL. */
3967 get_fi_for_callee (gimple call)
3971 /* If we can directly resolve the function being called, do so.
3972 Otherwise, it must be some sort of indirect expression that
3973 we should still be able to handle. */
3974 decl = gimple_call_fndecl (call);
3976 return get_vi_for_tree (decl);
3978 decl = gimple_call_fn (call);
3979 /* The function can be either an SSA name pointer or,
3980 worse, an OBJ_TYPE_REF. In this case we have no
3981 clue and should be getting ANYFN (well, ANYTHING for now). */
3982 if (TREE_CODE (decl) == SSA_NAME)
3984 if (TREE_CODE (decl) == SSA_NAME
3985 && TREE_CODE (SSA_NAME_VAR (decl)) == PARM_DECL
3986 && SSA_NAME_IS_DEFAULT_DEF (decl))
3987 decl = SSA_NAME_VAR (decl);
3988 return get_vi_for_tree (decl);
3990 else if (TREE_CODE (decl) == INTEGER_CST
3991 || TREE_CODE (decl) == OBJ_TYPE_REF)
3992 return get_varinfo (anything_id);
3997 /* Walk statement T setting up aliasing constraints according to the
3998 references found in T. This function is the main part of the
3999 constraint builder. AI points to auxiliary alias information used
4000 when building alias sets and computing alias grouping heuristics. */
4003 find_func_aliases (gimple origt)
4006 VEC(ce_s, heap) *lhsc = NULL;
4007 VEC(ce_s, heap) *rhsc = NULL;
4008 struct constraint_expr *c;
4011 /* Now build constraints expressions. */
4012 if (gimple_code (t) == GIMPLE_PHI)
4014 gcc_assert (!AGGREGATE_TYPE_P (TREE_TYPE (gimple_phi_result (t))));
4016 /* Only care about pointers and structures containing
4018 if (could_have_pointers (gimple_phi_result (t)))
4023 /* For a phi node, assign all the arguments to
4025 get_constraint_for (gimple_phi_result (t), &lhsc);
4026 for (i = 0; i < gimple_phi_num_args (t); i++)
4028 tree strippedrhs = PHI_ARG_DEF (t, i);
4030 STRIP_NOPS (strippedrhs);
4031 get_constraint_for (gimple_phi_arg_def (t, i), &rhsc);
4033 for (j = 0; VEC_iterate (ce_s, lhsc, j, c); j++)
4035 struct constraint_expr *c2;
4036 while (VEC_length (ce_s, rhsc) > 0)
4038 c2 = VEC_last (ce_s, rhsc);
4039 process_constraint (new_constraint (*c, *c2));
4040 VEC_pop (ce_s, rhsc);
4046 /* In IPA mode, we need to generate constraints to pass call
4047 arguments through their calls. There are two cases,
4048 either a GIMPLE_CALL returning a value, or just a plain
4049 GIMPLE_CALL when we are not.
4051 In non-ipa mode, we need to generate constraints for each
4052 pointer passed by address. */
4053 else if (is_gimple_call (t))
4055 tree fndecl = gimple_call_fndecl (t);
4056 if (fndecl != NULL_TREE
4057 && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL)
4058 /* ??? All builtins that are handled here need to be handled
4059 in the alias-oracle query functions explicitly! */
4060 switch (DECL_FUNCTION_CODE (fndecl))
4062 /* All the following functions return a pointer to the same object
4063 as their first argument points to. The functions do not add
4064 to the ESCAPED solution. The functions make the first argument
4065 pointed to memory point to what the second argument pointed to
4066 memory points to. */
4067 case BUILT_IN_STRCPY:
4068 case BUILT_IN_STRNCPY:
4069 case BUILT_IN_BCOPY:
4070 case BUILT_IN_MEMCPY:
4071 case BUILT_IN_MEMMOVE:
4072 case BUILT_IN_MEMPCPY:
4073 case BUILT_IN_STPCPY:
4074 case BUILT_IN_STPNCPY:
4075 case BUILT_IN_STRCAT:
4076 case BUILT_IN_STRNCAT:
4078 tree res = gimple_call_lhs (t);
4079 tree dest = gimple_call_arg (t, (DECL_FUNCTION_CODE (fndecl)
4080 == BUILT_IN_BCOPY ? 1 : 0));
4081 tree src = gimple_call_arg (t, (DECL_FUNCTION_CODE (fndecl)
4082 == BUILT_IN_BCOPY ? 0 : 1));
4083 if (res != NULL_TREE)
4085 get_constraint_for (res, &lhsc);
4086 if (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_MEMPCPY
4087 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_STPCPY
4088 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_STPNCPY)
4089 get_constraint_for_ptr_offset (dest, NULL_TREE, &rhsc);
4091 get_constraint_for (dest, &rhsc);
4092 process_all_all_constraints (lhsc, rhsc);
4093 VEC_free (ce_s, heap, lhsc);
4094 VEC_free (ce_s, heap, rhsc);
OSDN Git Service
