1 //==- llvm/Analysis/MemoryBuiltins.h - Calls to memory builtins --*- C++ -*-==// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This family of functions identifies calls to builtin functions that allocate 10 // or free memory. 11 // 12 //===----------------------------------------------------------------------===// 13 14 #ifndef LLVM_ANALYSIS_MEMORYBUILTINS_H 15 #define LLVM_ANALYSIS_MEMORYBUILTINS_H 16 17 #include "llvm/ADT/APInt.h" 18 #include "llvm/ADT/DenseMap.h" 19 #include "llvm/ADT/SmallPtrSet.h" 20 #include "llvm/Analysis/TargetFolder.h" 21 #include "llvm/Analysis/TargetLibraryInfo.h" 22 #include "llvm/IR/IRBuilder.h" 23 #include "llvm/IR/InstVisitor.h" 24 #include "llvm/IR/ValueHandle.h" 25 #include <cstdint> 26 #include <utility> 27 28 namespace llvm { 29 30 class AllocaInst; 31 class Argument; 32 class CallInst; 33 class ConstantInt; 34 class ConstantPointerNull; 35 class DataLayout; 36 class ExtractElementInst; 37 class ExtractValueInst; 38 class GEPOperator; 39 class GlobalAlias; 40 class GlobalVariable; 41 class Instruction; 42 class IntegerType; 43 class IntrinsicInst; 44 class IntToPtrInst; 45 class LLVMContext; 46 class LoadInst; 47 class PHINode; 48 class PointerType; 49 class SelectInst; 50 class Type; 51 class UndefValue; 52 class Value; 53 54 /// Tests if a value is a call or invoke to a library function that 55 /// allocates or reallocates memory (either malloc, calloc, realloc, or strdup 56 /// like). 57 bool isAllocationFn(const Value *V, const TargetLibraryInfo *TLI, 58 bool LookThroughBitCast = false); 59 bool isAllocationFn(const Value *V, 60 function_ref<const TargetLibraryInfo &(Function &)> GetTLI, 61 bool LookThroughBitCast = false); 62 63 /// Tests if a value is a call or invoke to a function that returns a 64 /// NoAlias pointer (including malloc/calloc/realloc/strdup-like functions). 65 bool isNoAliasFn(const Value *V, const TargetLibraryInfo *TLI, 66 bool LookThroughBitCast = false); 67 68 /// Tests if a value is a call or invoke to a library function that 69 /// allocates uninitialized memory (such as malloc). 70 bool isMallocLikeFn(const Value *V, const TargetLibraryInfo *TLI, 71 bool LookThroughBitCast = false); 72 bool isMallocLikeFn(const Value *V, 73 function_ref<const TargetLibraryInfo &(Function &)> GetTLI, 74 bool LookThroughBitCast = false); 75 76 /// Tests if a value is a call or invoke to a library function that 77 /// allocates uninitialized memory with alignment (such as aligned_alloc). 78 bool isAlignedAllocLikeFn(const Value *V, const TargetLibraryInfo *TLI, 79 bool LookThroughBitCast = false); 80 bool isAlignedAllocLikeFn( 81 const Value *V, function_ref<const TargetLibraryInfo &(Function &)> GetTLI, 82 bool LookThroughBitCast = false); 83 84 /// Tests if a value is a call or invoke to a library function that 85 /// allocates zero-filled memory (such as calloc). 86 bool isCallocLikeFn(const Value *V, const TargetLibraryInfo *TLI, 87 bool LookThroughBitCast = false); 88 89 /// Tests if a value is a call or invoke to a library function that 90 /// allocates memory similar to malloc or calloc. 91 bool isMallocOrCallocLikeFn(const Value *V, const TargetLibraryInfo *TLI, 92 bool LookThroughBitCast = false); 93 94 /// Tests if a value is a call or invoke to a library function that 95 /// allocates memory (either malloc, calloc, or strdup like). 96 bool isAllocLikeFn(const Value *V, const TargetLibraryInfo *TLI, 97 bool LookThroughBitCast = false); 98 99 /// Tests if a value is a call or invoke to a library function that 100 /// reallocates memory (e.g., realloc). 101 bool isReallocLikeFn(const Value *V, const TargetLibraryInfo *TLI, 102 bool LookThroughBitCast = false); 103 104 /// Tests if a function is a call or invoke to a library function that 105 /// reallocates memory (e.g., realloc). 106 bool isReallocLikeFn(const Function *F, const TargetLibraryInfo *TLI); 107 108 /// Tests if a value is a call or invoke to a library function that 109 /// allocates memory and throws if an allocation failed (e.g., new). 110 bool isOpNewLikeFn(const Value *V, const TargetLibraryInfo *TLI, 111 bool LookThroughBitCast = false); 112 113 /// Tests if a value is a call or invoke to a library function that 114 /// allocates memory (strdup, strndup). 115 bool isStrdupLikeFn(const Value *V, const TargetLibraryInfo *TLI, 116 bool LookThroughBitCast = false); 117 118 //===----------------------------------------------------------------------===// 119 // malloc Call Utility Functions. 120 // 121 122 /// extractMallocCall - Returns the corresponding CallInst if the instruction 123 /// is a malloc call. Since CallInst::CreateMalloc() only creates calls, we 124 /// ignore InvokeInst here. 125 const CallInst * 126 extractMallocCall(const Value *I, 127 function_ref<const TargetLibraryInfo &(Function &)> GetTLI); 128 inline CallInst * 129 extractMallocCall(Value *I, 130 function_ref<const TargetLibraryInfo &(Function &)> GetTLI) { 131 return const_cast<CallInst *>(extractMallocCall((const Value *)I, GetTLI)); 132 } 133 134 /// getMallocType - Returns the PointerType resulting from the malloc call. 135 /// The PointerType depends on the number of bitcast uses of the malloc call: 136 /// 0: PointerType is the malloc calls' return type. 137 /// 1: PointerType is the bitcast's result type. 138 /// >1: Unique PointerType cannot be determined, return NULL. 139 PointerType *getMallocType(const CallInst *CI, const TargetLibraryInfo *TLI); 140 141 /// getMallocAllocatedType - Returns the Type allocated by malloc call. 142 /// The Type depends on the number of bitcast uses of the malloc call: 143 /// 0: PointerType is the malloc calls' return type. 144 /// 1: PointerType is the bitcast's result type. 145 /// >1: Unique PointerType cannot be determined, return NULL. 146 Type *getMallocAllocatedType(const CallInst *CI, const TargetLibraryInfo *TLI); 147 148 /// getMallocArraySize - Returns the array size of a malloc call. If the 149 /// argument passed to malloc is a multiple of the size of the malloced type, 150 /// then return that multiple. For non-array mallocs, the multiple is 151 /// constant 1. Otherwise, return NULL for mallocs whose array size cannot be 152 /// determined. 153 Value *getMallocArraySize(CallInst *CI, const DataLayout &DL, 154 const TargetLibraryInfo *TLI, 155 bool LookThroughSExt = false); 156 157 //===----------------------------------------------------------------------===// 158 // calloc Call Utility Functions. 159 // 160 161 /// extractCallocCall - Returns the corresponding CallInst if the instruction 162 /// is a calloc call. 163 const CallInst *extractCallocCall(const Value *I, const TargetLibraryInfo *TLI); 164 inline CallInst *extractCallocCall(Value *I, const TargetLibraryInfo *TLI) { 165 return const_cast<CallInst*>(extractCallocCall((const Value*)I, TLI)); 166 } 167 168 169 //===----------------------------------------------------------------------===// 170 // free Call Utility Functions. 171 // 172 173 /// isLibFreeFunction - Returns true if the function is a builtin free() 174 bool isLibFreeFunction(const Function *F, const LibFunc TLIFn); 175 176 /// isFreeCall - Returns non-null if the value is a call to the builtin free() 177 const CallInst *isFreeCall(const Value *I, const TargetLibraryInfo *TLI); 178 179 inline CallInst *isFreeCall(Value *I, const TargetLibraryInfo *TLI) { 180 return const_cast<CallInst*>(isFreeCall((const Value*)I, TLI)); 181 } 182 183 //===----------------------------------------------------------------------===// 184 // Utility functions to compute size of objects. 185 // 186 187 /// Various options to control the behavior of getObjectSize. 188 struct ObjectSizeOpts { 189 /// Controls how we handle conditional statements with unknown conditions. 190 enum class Mode : uint8_t { 191 /// Fail to evaluate an unknown condition. 192 Exact, 193 /// Evaluate all branches of an unknown condition. If all evaluations 194 /// succeed, pick the minimum size. 195 Min, 196 /// Same as Min, except we pick the maximum size of all of the branches. 197 Max 198 }; 199 200 /// How we want to evaluate this object's size. 201 Mode EvalMode = Mode::Exact; 202 /// Whether to round the result up to the alignment of allocas, byval 203 /// arguments, and global variables. 204 bool RoundToAlign = false; 205 /// If this is true, null pointers in address space 0 will be treated as 206 /// though they can't be evaluated. Otherwise, null is always considered to 207 /// point to a 0 byte region of memory. 208 bool NullIsUnknownSize = false; 209 }; 210 211 /// Compute the size of the object pointed by Ptr. Returns true and the 212 /// object size in Size if successful, and false otherwise. In this context, by 213 /// object we mean the region of memory starting at Ptr to the end of the 214 /// underlying object pointed to by Ptr. 215 /// 216 /// WARNING: The object size returned is the allocation size. This does not 217 /// imply dereferenceability at site of use since the object may be freeed in 218 /// between. 219 bool getObjectSize(const Value *Ptr, uint64_t &Size, const DataLayout &DL, 220 const TargetLibraryInfo *TLI, ObjectSizeOpts Opts = {}); 221 222 /// Try to turn a call to \@llvm.objectsize into an integer value of the given 223 /// Type. Returns null on failure. If MustSucceed is true, this function will 224 /// not return null, and may return conservative values governed by the second 225 /// argument of the call to objectsize. 226 Value *lowerObjectSizeCall(IntrinsicInst *ObjectSize, const DataLayout &DL, 227 const TargetLibraryInfo *TLI, bool MustSucceed); 228 229 230 231 using SizeOffsetType = std::pair<APInt, APInt>; 232 233 /// Evaluate the size and offset of an object pointed to by a Value* 234 /// statically. Fails if size or offset are not known at compile time. 235 class ObjectSizeOffsetVisitor 236 : public InstVisitor<ObjectSizeOffsetVisitor, SizeOffsetType> { 237 const DataLayout &DL; 238 const TargetLibraryInfo *TLI; 239 ObjectSizeOpts Options; 240 unsigned IntTyBits; 241 APInt Zero; 242 SmallPtrSet<Instruction *, 8> SeenInsts; 243 244 APInt align(APInt Size, uint64_t Align); 245 246 SizeOffsetType unknown() { 247 return std::make_pair(APInt(), APInt()); 248 } 249 250 public: 251 ObjectSizeOffsetVisitor(const DataLayout &DL, const TargetLibraryInfo *TLI, 252 LLVMContext &Context, ObjectSizeOpts Options = {}); 253 254 SizeOffsetType compute(Value *V); 255 256 static bool knownSize(const SizeOffsetType &SizeOffset) { 257 return SizeOffset.first.getBitWidth() > 1; 258 } 259 260 static bool knownOffset(const SizeOffsetType &SizeOffset) { 261 return SizeOffset.second.getBitWidth() > 1; 262 } 263 264 static bool bothKnown(const SizeOffsetType &SizeOffset) { 265 return knownSize(SizeOffset) && knownOffset(SizeOffset); 266 } 267 268 // These are "private", except they can't actually be made private. Only 269 // compute() should be used by external users. 270 SizeOffsetType visitAllocaInst(AllocaInst &I); 271 SizeOffsetType visitArgument(Argument &A); 272 SizeOffsetType visitCallBase(CallBase &CB); 273 SizeOffsetType visitConstantPointerNull(ConstantPointerNull&); 274 SizeOffsetType visitExtractElementInst(ExtractElementInst &I); 275 SizeOffsetType visitExtractValueInst(ExtractValueInst &I); 276 SizeOffsetType visitGEPOperator(GEPOperator &GEP); 277 SizeOffsetType visitGlobalAlias(GlobalAlias &GA); 278 SizeOffsetType visitGlobalVariable(GlobalVariable &GV); 279 SizeOffsetType visitIntToPtrInst(IntToPtrInst&); 280 SizeOffsetType visitLoadInst(LoadInst &I); 281 SizeOffsetType visitPHINode(PHINode&); 282 SizeOffsetType visitSelectInst(SelectInst &I); 283 SizeOffsetType visitUndefValue(UndefValue&); 284 SizeOffsetType visitInstruction(Instruction &I); 285 286 private: 287 bool CheckedZextOrTrunc(APInt &I); 288 }; 289 290 using SizeOffsetEvalType = std::pair<Value *, Value *>; 291 292 /// Evaluate the size and offset of an object pointed to by a Value*. 293 /// May create code to compute the result at run-time. 294 class ObjectSizeOffsetEvaluator 295 : public InstVisitor<ObjectSizeOffsetEvaluator, SizeOffsetEvalType> { 296 using BuilderTy = IRBuilder<TargetFolder, IRBuilderCallbackInserter>; 297 using WeakEvalType = std::pair<WeakTrackingVH, WeakTrackingVH>; 298 using CacheMapTy = DenseMap<const Value *, WeakEvalType>; 299 using PtrSetTy = SmallPtrSet<const Value *, 8>; 300 301 const DataLayout &DL; 302 const TargetLibraryInfo *TLI; 303 LLVMContext &Context; 304 BuilderTy Builder; 305 IntegerType *IntTy; 306 Value *Zero; 307 CacheMapTy CacheMap; 308 PtrSetTy SeenVals; 309 ObjectSizeOpts EvalOpts; 310 SmallPtrSet<Instruction *, 8> InsertedInstructions; 311 312 SizeOffsetEvalType compute_(Value *V); 313 314 public: 315 static SizeOffsetEvalType unknown() { 316 return std::make_pair(nullptr, nullptr); 317 } 318 319 ObjectSizeOffsetEvaluator(const DataLayout &DL, const TargetLibraryInfo *TLI, 320 LLVMContext &Context, ObjectSizeOpts EvalOpts = {}); 321 322 SizeOffsetEvalType compute(Value *V); 323 324 bool knownSize(SizeOffsetEvalType SizeOffset) { 325 return SizeOffset.first; 326 } 327 328 bool knownOffset(SizeOffsetEvalType SizeOffset) { 329 return SizeOffset.second; 330 } 331 332 bool anyKnown(SizeOffsetEvalType SizeOffset) { 333 return knownSize(SizeOffset) || knownOffset(SizeOffset); 334 } 335 336 bool bothKnown(SizeOffsetEvalType SizeOffset) { 337 return knownSize(SizeOffset) && knownOffset(SizeOffset); 338 } 339 340 // The individual instruction visitors should be treated as private. 341 SizeOffsetEvalType visitAllocaInst(AllocaInst &I); 342 SizeOffsetEvalType visitCallBase(CallBase &CB); 343 SizeOffsetEvalType visitExtractElementInst(ExtractElementInst &I); 344 SizeOffsetEvalType visitExtractValueInst(ExtractValueInst &I); 345 SizeOffsetEvalType visitGEPOperator(GEPOperator &GEP); 346 SizeOffsetEvalType visitIntToPtrInst(IntToPtrInst&); 347 SizeOffsetEvalType visitLoadInst(LoadInst &I); 348 SizeOffsetEvalType visitPHINode(PHINode &PHI); 349 SizeOffsetEvalType visitSelectInst(SelectInst &I); 350 SizeOffsetEvalType visitInstruction(Instruction &I); 351 }; 352 353 } // end namespace llvm 354 355 #endif // LLVM_ANALYSIS_MEMORYBUILTINS_H 356
Indexes created Sun Jun 14 00:25:39 UTC 2026