1e440b493SArthur Eubanks //===-- Lint.cpp - Check for common errors in LLVM IR ---------------------===// 2e440b493SArthur Eubanks // 3e440b493SArthur Eubanks // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4e440b493SArthur Eubanks // See https://llvm.org/LICENSE.txt for license information. 5e440b493SArthur Eubanks // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6e440b493SArthur Eubanks // 7e440b493SArthur Eubanks //===----------------------------------------------------------------------===// 8e440b493SArthur Eubanks // 9e440b493SArthur Eubanks // This pass statically checks for common and easily-identified constructs 10e440b493SArthur Eubanks // which produce undefined or likely unintended behavior in LLVM IR. 11e440b493SArthur Eubanks // 12e440b493SArthur Eubanks // It is not a guarantee of correctness, in two ways. First, it isn't 13e440b493SArthur Eubanks // comprehensive. There are checks which could be done statically which are 14e440b493SArthur Eubanks // not yet implemented. Some of these are indicated by TODO comments, but 15e440b493SArthur Eubanks // those aren't comprehensive either. Second, many conditions cannot be 16e440b493SArthur Eubanks // checked statically. This pass does no dynamic instrumentation, so it 17e440b493SArthur Eubanks // can't check for all possible problems. 18e440b493SArthur Eubanks // 19e440b493SArthur Eubanks // Another limitation is that it assumes all code will be executed. A store 20e440b493SArthur Eubanks // through a null pointer in a basic block which is never reached is harmless, 21e440b493SArthur Eubanks // but this pass will warn about it anyway. This is the main reason why most 22e440b493SArthur Eubanks // of these checks live here instead of in the Verifier pass. 23e440b493SArthur Eubanks // 24e440b493SArthur Eubanks // Optimization passes may make conditions that this pass checks for more or 25e440b493SArthur Eubanks // less obvious. If an optimization pass appears to be introducing a warning, 26e440b493SArthur Eubanks // it may be that the optimization pass is merely exposing an existing 27e440b493SArthur Eubanks // condition in the code. 28e440b493SArthur Eubanks // 29e440b493SArthur Eubanks // This code may be run before instcombine. In many cases, instcombine checks 30e440b493SArthur Eubanks // for the same kinds of things and turns instructions with undefined behavior 31e440b493SArthur Eubanks // into unreachable (or equivalent). Because of this, this pass makes some 32e440b493SArthur Eubanks // effort to look through bitcasts and so on. 33e440b493SArthur Eubanks // 34e440b493SArthur Eubanks //===----------------------------------------------------------------------===// 35e440b493SArthur Eubanks 36e440b493SArthur Eubanks #include "llvm/Analysis/Lint.h" 37e440b493SArthur Eubanks #include "llvm/ADT/APInt.h" 38e440b493SArthur Eubanks #include "llvm/ADT/ArrayRef.h" 39e440b493SArthur Eubanks #include "llvm/ADT/SmallPtrSet.h" 40e440b493SArthur Eubanks #include "llvm/ADT/Twine.h" 41e440b493SArthur Eubanks #include "llvm/Analysis/AliasAnalysis.h" 42e440b493SArthur Eubanks #include "llvm/Analysis/AssumptionCache.h" 43acc4abeaSArthur Eubanks #include "llvm/Analysis/BasicAliasAnalysis.h" 44e440b493SArthur Eubanks #include "llvm/Analysis/ConstantFolding.h" 45e440b493SArthur Eubanks #include "llvm/Analysis/InstructionSimplify.h" 46e440b493SArthur Eubanks #include "llvm/Analysis/Loads.h" 47e440b493SArthur Eubanks #include "llvm/Analysis/MemoryLocation.h" 48acc4abeaSArthur Eubanks #include "llvm/Analysis/ScopedNoAliasAA.h" 49e440b493SArthur Eubanks #include "llvm/Analysis/TargetLibraryInfo.h" 50acc4abeaSArthur Eubanks #include "llvm/Analysis/TypeBasedAliasAnalysis.h" 51e440b493SArthur Eubanks #include "llvm/Analysis/ValueTracking.h" 52e440b493SArthur Eubanks #include "llvm/IR/Argument.h" 53e440b493SArthur Eubanks #include "llvm/IR/BasicBlock.h" 54e440b493SArthur Eubanks #include "llvm/IR/Constant.h" 55e440b493SArthur Eubanks #include "llvm/IR/Constants.h" 56e440b493SArthur Eubanks #include "llvm/IR/DataLayout.h" 57e440b493SArthur Eubanks #include "llvm/IR/DerivedTypes.h" 58e440b493SArthur Eubanks #include "llvm/IR/Dominators.h" 59e440b493SArthur Eubanks #include "llvm/IR/Function.h" 60e440b493SArthur Eubanks #include "llvm/IR/GlobalVariable.h" 61e440b493SArthur Eubanks #include "llvm/IR/InstVisitor.h" 62e440b493SArthur Eubanks #include "llvm/IR/InstrTypes.h" 63e440b493SArthur Eubanks #include "llvm/IR/Instruction.h" 64e440b493SArthur Eubanks #include "llvm/IR/Instructions.h" 65e440b493SArthur Eubanks #include "llvm/IR/IntrinsicInst.h" 66e440b493SArthur Eubanks #include "llvm/IR/Module.h" 67c9771391SArthur Eubanks #include "llvm/IR/PassManager.h" 68e440b493SArthur Eubanks #include "llvm/IR/Type.h" 69e440b493SArthur Eubanks #include "llvm/IR/Value.h" 703e65c30eSjofrn #include "llvm/Support/AMDGPUAddrSpace.h" 71e440b493SArthur Eubanks #include "llvm/Support/Casting.h" 72e440b493SArthur Eubanks #include "llvm/Support/KnownBits.h" 73e440b493SArthur Eubanks #include "llvm/Support/raw_ostream.h" 74e440b493SArthur Eubanks #include <cassert> 75e440b493SArthur Eubanks #include <cstdint> 76e440b493SArthur Eubanks #include <iterator> 77e440b493SArthur Eubanks #include <string> 78e440b493SArthur Eubanks 79e440b493SArthur Eubanks using namespace llvm; 80e440b493SArthur Eubanks 81756ff969SJannik Silvanus static const char LintAbortOnErrorArgName[] = "lint-abort-on-error"; 82756ff969SJannik Silvanus static cl::opt<bool> 83756ff969SJannik Silvanus LintAbortOnError(LintAbortOnErrorArgName, cl::init(false), 84756ff969SJannik Silvanus cl::desc("In the Lint pass, abort on errors.")); 85756ff969SJannik Silvanus 86e440b493SArthur Eubanks namespace { 87e440b493SArthur Eubanks namespace MemRef { 88e440b493SArthur Eubanks static const unsigned Read = 1; 89e440b493SArthur Eubanks static const unsigned Write = 2; 90e440b493SArthur Eubanks static const unsigned Callee = 4; 91e440b493SArthur Eubanks static const unsigned Branchee = 8; 92e440b493SArthur Eubanks } // end namespace MemRef 93e440b493SArthur Eubanks 94c9771391SArthur Eubanks class Lint : public InstVisitor<Lint> { 95e440b493SArthur Eubanks friend class InstVisitor<Lint>; 96e440b493SArthur Eubanks 97e440b493SArthur Eubanks void visitFunction(Function &F); 98e440b493SArthur Eubanks 99e440b493SArthur Eubanks void visitCallBase(CallBase &CB); 10022ec72f8SNikita Popov void visitMemoryReference(Instruction &I, const MemoryLocation &Loc, 101e440b493SArthur Eubanks MaybeAlign Alignment, Type *Ty, unsigned Flags); 102e440b493SArthur Eubanks 103e440b493SArthur Eubanks void visitReturnInst(ReturnInst &I); 104e440b493SArthur Eubanks void visitLoadInst(LoadInst &I); 105e440b493SArthur Eubanks void visitStoreInst(StoreInst &I); 1063e65c30eSjofrn void visitAtomicCmpXchgInst(AtomicCmpXchgInst &I); 1073e65c30eSjofrn void visitAtomicRMWInst(AtomicRMWInst &I); 108e440b493SArthur Eubanks void visitXor(BinaryOperator &I); 109e440b493SArthur Eubanks void visitSub(BinaryOperator &I); 110e440b493SArthur Eubanks void visitLShr(BinaryOperator &I); 111e440b493SArthur Eubanks void visitAShr(BinaryOperator &I); 112e440b493SArthur Eubanks void visitShl(BinaryOperator &I); 113e440b493SArthur Eubanks void visitSDiv(BinaryOperator &I); 114e440b493SArthur Eubanks void visitUDiv(BinaryOperator &I); 115e440b493SArthur Eubanks void visitSRem(BinaryOperator &I); 116e440b493SArthur Eubanks void visitURem(BinaryOperator &I); 117e440b493SArthur Eubanks void visitAllocaInst(AllocaInst &I); 118e440b493SArthur Eubanks void visitVAArgInst(VAArgInst &I); 119e440b493SArthur Eubanks void visitIndirectBrInst(IndirectBrInst &I); 120e440b493SArthur Eubanks void visitExtractElementInst(ExtractElementInst &I); 121e440b493SArthur Eubanks void visitInsertElementInst(InsertElementInst &I); 122e440b493SArthur Eubanks void visitUnreachableInst(UnreachableInst &I); 123e440b493SArthur Eubanks 124e440b493SArthur Eubanks Value *findValue(Value *V, bool OffsetOk) const; 125e440b493SArthur Eubanks Value *findValueImpl(Value *V, bool OffsetOk, 126e440b493SArthur Eubanks SmallPtrSetImpl<Value *> &Visited) const; 127e440b493SArthur Eubanks 128e440b493SArthur Eubanks public: 129e440b493SArthur Eubanks Module *Mod; 1303e65c30eSjofrn Triple TT; 131e440b493SArthur Eubanks const DataLayout *DL; 132e440b493SArthur Eubanks AliasAnalysis *AA; 133e440b493SArthur Eubanks AssumptionCache *AC; 134e440b493SArthur Eubanks DominatorTree *DT; 135e440b493SArthur Eubanks TargetLibraryInfo *TLI; 136e440b493SArthur Eubanks 137e440b493SArthur Eubanks std::string Messages; 138e440b493SArthur Eubanks raw_string_ostream MessagesStr; 139e440b493SArthur Eubanks 140c9771391SArthur Eubanks Lint(Module *Mod, const DataLayout *DL, AliasAnalysis *AA, 141c9771391SArthur Eubanks AssumptionCache *AC, DominatorTree *DT, TargetLibraryInfo *TLI) 1423e65c30eSjofrn : Mod(Mod), TT(Triple::normalize(Mod->getTargetTriple())), DL(DL), AA(AA), 1433e65c30eSjofrn AC(AC), DT(DT), TLI(TLI), MessagesStr(Messages) {} 144e440b493SArthur Eubanks 145e440b493SArthur Eubanks void WriteValues(ArrayRef<const Value *> Vs) { 146e440b493SArthur Eubanks for (const Value *V : Vs) { 147e440b493SArthur Eubanks if (!V) 148e440b493SArthur Eubanks continue; 149e440b493SArthur Eubanks if (isa<Instruction>(V)) { 150e440b493SArthur Eubanks MessagesStr << *V << '\n'; 151e440b493SArthur Eubanks } else { 152e440b493SArthur Eubanks V->printAsOperand(MessagesStr, true, Mod); 153e440b493SArthur Eubanks MessagesStr << '\n'; 154e440b493SArthur Eubanks } 155e440b493SArthur Eubanks } 156e440b493SArthur Eubanks } 157e440b493SArthur Eubanks 158e440b493SArthur Eubanks /// A check failed, so printout out the condition and the message. 159e440b493SArthur Eubanks /// 160e440b493SArthur Eubanks /// This provides a nice place to put a breakpoint if you want to see why 161e440b493SArthur Eubanks /// something is not correct. 162e440b493SArthur Eubanks void CheckFailed(const Twine &Message) { MessagesStr << Message << '\n'; } 163e440b493SArthur Eubanks 164e440b493SArthur Eubanks /// A check failed (with values to print). 165e440b493SArthur Eubanks /// 166e440b493SArthur Eubanks /// This calls the Message-only version so that the above is easier to set 167e440b493SArthur Eubanks /// a breakpoint on. 168e440b493SArthur Eubanks template <typename T1, typename... Ts> 169e440b493SArthur Eubanks void CheckFailed(const Twine &Message, const T1 &V1, const Ts &... Vs) { 170e440b493SArthur Eubanks CheckFailed(Message); 171e440b493SArthur Eubanks WriteValues({V1, Vs...}); 172e440b493SArthur Eubanks } 173e440b493SArthur Eubanks }; 174e440b493SArthur Eubanks } // end anonymous namespace 175e440b493SArthur Eubanks 176c54ad136STom Honermann // Check - We know that cond should be true, if not print an error message. 177c54ad136STom Honermann #define Check(C, ...) \ 178c9771391SArthur Eubanks do { \ 179c9771391SArthur Eubanks if (!(C)) { \ 180c9771391SArthur Eubanks CheckFailed(__VA_ARGS__); \ 181c9771391SArthur Eubanks return; \ 182c9771391SArthur Eubanks } \ 183c9771391SArthur Eubanks } while (false) 184e440b493SArthur Eubanks 185e440b493SArthur Eubanks void Lint::visitFunction(Function &F) { 186e440b493SArthur Eubanks // This isn't undefined behavior, it's just a little unusual, and it's a 187e440b493SArthur Eubanks // fairly common mistake to neglect to name a function. 188c54ad136STom Honermann Check(F.hasName() || F.hasLocalLinkage(), 189e440b493SArthur Eubanks "Unusual: Unnamed function with non-local linkage", &F); 190e440b493SArthur Eubanks 191e440b493SArthur Eubanks // TODO: Check for irreducible control flow. 192e440b493SArthur Eubanks } 193e440b493SArthur Eubanks 194e440b493SArthur Eubanks void Lint::visitCallBase(CallBase &I) { 195e440b493SArthur Eubanks Value *Callee = I.getCalledOperand(); 196e440b493SArthur Eubanks 19719aff0f3SKazu Hirata visitMemoryReference(I, MemoryLocation::getAfter(Callee), std::nullopt, 19819aff0f3SKazu Hirata nullptr, MemRef::Callee); 199e440b493SArthur Eubanks 200e440b493SArthur Eubanks if (Function *F = dyn_cast<Function>(findValue(Callee, 201e440b493SArthur Eubanks /*OffsetOk=*/false))) { 202c54ad136STom Honermann Check(I.getCallingConv() == F->getCallingConv(), 203e440b493SArthur Eubanks "Undefined behavior: Caller and callee calling convention differ", 204e440b493SArthur Eubanks &I); 205e440b493SArthur Eubanks 206e440b493SArthur Eubanks FunctionType *FT = F->getFunctionType(); 207e440b493SArthur Eubanks unsigned NumActualArgs = I.arg_size(); 208e440b493SArthur Eubanks 209c54ad136STom Honermann Check(FT->isVarArg() ? FT->getNumParams() <= NumActualArgs 210e440b493SArthur Eubanks : FT->getNumParams() == NumActualArgs, 211e440b493SArthur Eubanks "Undefined behavior: Call argument count mismatches callee " 212e440b493SArthur Eubanks "argument count", 213e440b493SArthur Eubanks &I); 214e440b493SArthur Eubanks 215c54ad136STom Honermann Check(FT->getReturnType() == I.getType(), 216e440b493SArthur Eubanks "Undefined behavior: Call return type mismatches " 217e440b493SArthur Eubanks "callee return type", 218e440b493SArthur Eubanks &I); 219e440b493SArthur Eubanks 220e440b493SArthur Eubanks // Check argument types (in case the callee was casted) and attributes. 221e440b493SArthur Eubanks // TODO: Verify that caller and callee attributes are compatible. 222e440b493SArthur Eubanks Function::arg_iterator PI = F->arg_begin(), PE = F->arg_end(); 223e440b493SArthur Eubanks auto AI = I.arg_begin(), AE = I.arg_end(); 224e440b493SArthur Eubanks for (; AI != AE; ++AI) { 225e440b493SArthur Eubanks Value *Actual = *AI; 226e440b493SArthur Eubanks if (PI != PE) { 227e440b493SArthur Eubanks Argument *Formal = &*PI++; 228c54ad136STom Honermann Check(Formal->getType() == Actual->getType(), 229e440b493SArthur Eubanks "Undefined behavior: Call argument type mismatches " 230e440b493SArthur Eubanks "callee parameter type", 231e440b493SArthur Eubanks &I); 232e440b493SArthur Eubanks 233e440b493SArthur Eubanks // Check that noalias arguments don't alias other arguments. This is 234e440b493SArthur Eubanks // not fully precise because we don't know the sizes of the dereferenced 235e440b493SArthur Eubanks // memory regions. 236e440b493SArthur Eubanks if (Formal->hasNoAliasAttr() && Actual->getType()->isPointerTy()) { 237e440b493SArthur Eubanks AttributeList PAL = I.getAttributes(); 238e440b493SArthur Eubanks unsigned ArgNo = 0; 239601b3a13SKazu Hirata for (auto *BI = I.arg_begin(); BI != AE; ++BI, ++ArgNo) { 240e440b493SArthur Eubanks // Skip ByVal arguments since they will be memcpy'd to the callee's 241e440b493SArthur Eubanks // stack so we're not really passing the pointer anyway. 242a0c42ca5SArthur Eubanks if (PAL.hasParamAttr(ArgNo, Attribute::ByVal)) 243e440b493SArthur Eubanks continue; 244e440b493SArthur Eubanks // If both arguments are readonly, they have no dependence. 245e440b493SArthur Eubanks if (Formal->onlyReadsMemory() && I.onlyReadsMemory(ArgNo)) 246e440b493SArthur Eubanks continue; 247c0682840SBjorn Pettersson // Skip readnone arguments since those are guaranteed not to be 248c0682840SBjorn Pettersson // dereferenced anyway. 249c0682840SBjorn Pettersson if (I.doesNotAccessMemory(ArgNo)) 250c0682840SBjorn Pettersson continue; 251205f7ee7SNikita Popov if (AI != BI && (*BI)->getType()->isPointerTy() && 252205f7ee7SNikita Popov !isa<ConstantPointerNull>(*BI)) { 253e440b493SArthur Eubanks AliasResult Result = AA->alias(*AI, *BI); 254c54ad136STom Honermann Check(Result != AliasResult::MustAlias && 255d0660797Sdfukalov Result != AliasResult::PartialAlias, 256e440b493SArthur Eubanks "Unusual: noalias argument aliases another argument", &I); 257e440b493SArthur Eubanks } 258e440b493SArthur Eubanks } 259e440b493SArthur Eubanks } 260e440b493SArthur Eubanks 261e440b493SArthur Eubanks // Check that an sret argument points to valid memory. 262e440b493SArthur Eubanks if (Formal->hasStructRetAttr() && Actual->getType()->isPointerTy()) { 263d65a7003SMatt Arsenault Type *Ty = Formal->getParamStructRetType(); 26422ec72f8SNikita Popov MemoryLocation Loc( 26522ec72f8SNikita Popov Actual, LocationSize::precise(DL->getTypeStoreSize(Ty))); 26622ec72f8SNikita Popov visitMemoryReference(I, Loc, DL->getABITypeAlign(Ty), Ty, 267e440b493SArthur Eubanks MemRef::Read | MemRef::Write); 268e440b493SArthur Eubanks } 269*f993a8baSNikita Popov 270*f993a8baSNikita Popov // Check that ABI attributes for the function and call-site match. 271*f993a8baSNikita Popov unsigned ArgNo = AI->getOperandNo(); 272*f993a8baSNikita Popov Attribute::AttrKind ABIAttributes[] = { 273*f993a8baSNikita Popov Attribute::ZExt, Attribute::SExt, Attribute::InReg, 274*f993a8baSNikita Popov Attribute::ByVal, Attribute::ByRef, Attribute::InAlloca, 275*f993a8baSNikita Popov Attribute::Preallocated, Attribute::StructRet}; 276*f993a8baSNikita Popov AttributeList CallAttrs = I.getAttributes(); 277*f993a8baSNikita Popov for (Attribute::AttrKind Attr : ABIAttributes) { 278*f993a8baSNikita Popov Attribute CallAttr = CallAttrs.getParamAttr(ArgNo, Attr); 279*f993a8baSNikita Popov Attribute FnAttr = F->getParamAttribute(ArgNo, Attr); 280*f993a8baSNikita Popov Check(CallAttr.isValid() == FnAttr.isValid(), 281*f993a8baSNikita Popov Twine("Undefined behavior: ABI attribute ") + 282*f993a8baSNikita Popov Attribute::getNameFromAttrKind(Attr) + 283*f993a8baSNikita Popov " not present on both function and call-site", 284*f993a8baSNikita Popov &I); 285*f993a8baSNikita Popov if (CallAttr.isValid() && FnAttr.isValid()) { 286*f993a8baSNikita Popov Check(CallAttr == FnAttr, 287*f993a8baSNikita Popov Twine("Undefined behavior: ABI attribute ") + 288*f993a8baSNikita Popov Attribute::getNameFromAttrKind(Attr) + 289*f993a8baSNikita Popov " does not have same argument for function and call-site", 290*f993a8baSNikita Popov &I); 291*f993a8baSNikita Popov } 292*f993a8baSNikita Popov } 293e440b493SArthur Eubanks } 294e440b493SArthur Eubanks } 295e440b493SArthur Eubanks } 296e440b493SArthur Eubanks 297e440b493SArthur Eubanks if (const auto *CI = dyn_cast<CallInst>(&I)) { 298e440b493SArthur Eubanks if (CI->isTailCall()) { 299e440b493SArthur Eubanks const AttributeList &PAL = CI->getAttributes(); 300e440b493SArthur Eubanks unsigned ArgNo = 0; 301e440b493SArthur Eubanks for (Value *Arg : I.args()) { 302e440b493SArthur Eubanks // Skip ByVal arguments since they will be memcpy'd to the callee's 303e440b493SArthur Eubanks // stack anyway. 304a0c42ca5SArthur Eubanks if (PAL.hasParamAttr(ArgNo++, Attribute::ByVal)) 305e440b493SArthur Eubanks continue; 306e440b493SArthur Eubanks Value *Obj = findValue(Arg, /*OffsetOk=*/true); 307c54ad136STom Honermann Check(!isa<AllocaInst>(Obj), 308e440b493SArthur Eubanks "Undefined behavior: Call with \"tail\" keyword references " 309e440b493SArthur Eubanks "alloca", 310e440b493SArthur Eubanks &I); 311e440b493SArthur Eubanks } 312e440b493SArthur Eubanks } 313e440b493SArthur Eubanks } 314e440b493SArthur Eubanks 315e440b493SArthur Eubanks if (IntrinsicInst *II = dyn_cast<IntrinsicInst>(&I)) 316e440b493SArthur Eubanks switch (II->getIntrinsicID()) { 317c9771391SArthur Eubanks default: 318c9771391SArthur Eubanks break; 319e440b493SArthur Eubanks 320e440b493SArthur Eubanks // TODO: Check more intrinsics 321e440b493SArthur Eubanks 322fdf94e16SAlex Bradbury case Intrinsic::memcpy: 323fdf94e16SAlex Bradbury case Intrinsic::memcpy_inline: { 324e440b493SArthur Eubanks MemCpyInst *MCI = cast<MemCpyInst>(&I); 32522ec72f8SNikita Popov visitMemoryReference(I, MemoryLocation::getForDest(MCI), 326e440b493SArthur Eubanks MCI->getDestAlign(), nullptr, MemRef::Write); 32722ec72f8SNikita Popov visitMemoryReference(I, MemoryLocation::getForSource(MCI), 328e440b493SArthur Eubanks MCI->getSourceAlign(), nullptr, MemRef::Read); 329e440b493SArthur Eubanks 330e440b493SArthur Eubanks // Check that the memcpy arguments don't overlap. The AliasAnalysis API 331e440b493SArthur Eubanks // isn't expressive enough for what we really want to do. Known partial 332e440b493SArthur Eubanks // overlap is not distinguished from the case where nothing is known. 3334df8efceSNikita Popov auto Size = LocationSize::afterPointer(); 334e440b493SArthur Eubanks if (const ConstantInt *Len = 335e440b493SArthur Eubanks dyn_cast<ConstantInt>(findValue(MCI->getLength(), 336e440b493SArthur Eubanks /*OffsetOk=*/false))) 337e440b493SArthur Eubanks if (Len->getValue().isIntN(32)) 338e440b493SArthur Eubanks Size = LocationSize::precise(Len->getValue().getZExtValue()); 339c54ad136STom Honermann Check(AA->alias(MCI->getSource(), Size, MCI->getDest(), Size) != 340d0660797Sdfukalov AliasResult::MustAlias, 341e440b493SArthur Eubanks "Undefined behavior: memcpy source and destination overlap", &I); 342e440b493SArthur Eubanks break; 343e440b493SArthur Eubanks } 344e440b493SArthur Eubanks case Intrinsic::memmove: { 345e440b493SArthur Eubanks MemMoveInst *MMI = cast<MemMoveInst>(&I); 34622ec72f8SNikita Popov visitMemoryReference(I, MemoryLocation::getForDest(MMI), 347e440b493SArthur Eubanks MMI->getDestAlign(), nullptr, MemRef::Write); 34822ec72f8SNikita Popov visitMemoryReference(I, MemoryLocation::getForSource(MMI), 349e440b493SArthur Eubanks MMI->getSourceAlign(), nullptr, MemRef::Read); 350e440b493SArthur Eubanks break; 351e440b493SArthur Eubanks } 352e440b493SArthur Eubanks case Intrinsic::memset: { 353e440b493SArthur Eubanks MemSetInst *MSI = cast<MemSetInst>(&I); 35422ec72f8SNikita Popov visitMemoryReference(I, MemoryLocation::getForDest(MSI), 355e440b493SArthur Eubanks MSI->getDestAlign(), nullptr, MemRef::Write); 356e440b493SArthur Eubanks break; 357e440b493SArthur Eubanks } 35838637ee4SGuillaume Chatelet case Intrinsic::memset_inline: { 35938637ee4SGuillaume Chatelet MemSetInlineInst *MSII = cast<MemSetInlineInst>(&I); 36038637ee4SGuillaume Chatelet visitMemoryReference(I, MemoryLocation::getForDest(MSII), 36138637ee4SGuillaume Chatelet MSII->getDestAlign(), nullptr, MemRef::Write); 36238637ee4SGuillaume Chatelet break; 36338637ee4SGuillaume Chatelet } 364e440b493SArthur Eubanks 365e440b493SArthur Eubanks case Intrinsic::vastart: 366ac6b4c61SJon Chesterfield // vastart in non-varargs function is rejected by the verifier 36719aff0f3SKazu Hirata visitMemoryReference(I, MemoryLocation::getForArgument(&I, 0, TLI), 36819aff0f3SKazu Hirata std::nullopt, nullptr, MemRef::Read | MemRef::Write); 369e440b493SArthur Eubanks break; 370e440b493SArthur Eubanks case Intrinsic::vacopy: 37119aff0f3SKazu Hirata visitMemoryReference(I, MemoryLocation::getForArgument(&I, 0, TLI), 37219aff0f3SKazu Hirata std::nullopt, nullptr, MemRef::Write); 37319aff0f3SKazu Hirata visitMemoryReference(I, MemoryLocation::getForArgument(&I, 1, TLI), 37419aff0f3SKazu Hirata std::nullopt, nullptr, MemRef::Read); 375e440b493SArthur Eubanks break; 376e440b493SArthur Eubanks case Intrinsic::vaend: 37719aff0f3SKazu Hirata visitMemoryReference(I, MemoryLocation::getForArgument(&I, 0, TLI), 37819aff0f3SKazu Hirata std::nullopt, nullptr, MemRef::Read | MemRef::Write); 379e440b493SArthur Eubanks break; 380e440b493SArthur Eubanks 381e440b493SArthur Eubanks case Intrinsic::stackrestore: 382e440b493SArthur Eubanks // Stackrestore doesn't read or write memory, but it sets the 383e440b493SArthur Eubanks // stack pointer, which the compiler may read from or write to 384e440b493SArthur Eubanks // at any time, so check it for both readability and writeability. 38519aff0f3SKazu Hirata visitMemoryReference(I, MemoryLocation::getForArgument(&I, 0, TLI), 38619aff0f3SKazu Hirata std::nullopt, nullptr, MemRef::Read | MemRef::Write); 387e440b493SArthur Eubanks break; 3886637d72dSSjoerd Meijer case Intrinsic::get_active_lane_mask: 3896637d72dSSjoerd Meijer if (auto *TripCount = dyn_cast<ConstantInt>(I.getArgOperand(1))) 390c54ad136STom Honermann Check(!TripCount->isZero(), 391c54ad136STom Honermann "get_active_lane_mask: operand #2 " 392c54ad136STom Honermann "must be greater than 0", 393c54ad136STom Honermann &I); 3946637d72dSSjoerd Meijer break; 395e440b493SArthur Eubanks } 396e440b493SArthur Eubanks } 397e440b493SArthur Eubanks 398e440b493SArthur Eubanks void Lint::visitReturnInst(ReturnInst &I) { 399e440b493SArthur Eubanks Function *F = I.getParent()->getParent(); 400c54ad136STom Honermann Check(!F->doesNotReturn(), 401e440b493SArthur Eubanks "Unusual: Return statement in function with noreturn attribute", &I); 402e440b493SArthur Eubanks 403e440b493SArthur Eubanks if (Value *V = I.getReturnValue()) { 404e440b493SArthur Eubanks Value *Obj = findValue(V, /*OffsetOk=*/true); 405c54ad136STom Honermann Check(!isa<AllocaInst>(Obj), "Unusual: Returning alloca value", &I); 406e440b493SArthur Eubanks } 407e440b493SArthur Eubanks } 408e440b493SArthur Eubanks 409e440b493SArthur Eubanks // TODO: Check that the reference is in bounds. 410e440b493SArthur Eubanks // TODO: Check readnone/readonly function attributes. 41122ec72f8SNikita Popov void Lint::visitMemoryReference(Instruction &I, const MemoryLocation &Loc, 412e440b493SArthur Eubanks MaybeAlign Align, Type *Ty, unsigned Flags) { 413e440b493SArthur Eubanks // If no memory is being referenced, it doesn't matter if the pointer 414e440b493SArthur Eubanks // is valid. 41522ec72f8SNikita Popov if (Loc.Size.isZero()) 416e440b493SArthur Eubanks return; 417e440b493SArthur Eubanks 41822ec72f8SNikita Popov Value *Ptr = const_cast<Value *>(Loc.Ptr); 419e440b493SArthur Eubanks Value *UnderlyingObject = findValue(Ptr, /*OffsetOk=*/true); 420c54ad136STom Honermann Check(!isa<ConstantPointerNull>(UnderlyingObject), 421e440b493SArthur Eubanks "Undefined behavior: Null pointer dereference", &I); 422c54ad136STom Honermann Check(!isa<UndefValue>(UnderlyingObject), 423e440b493SArthur Eubanks "Undefined behavior: Undef pointer dereference", &I); 424c54ad136STom Honermann Check(!isa<ConstantInt>(UnderlyingObject) || 425e440b493SArthur Eubanks !cast<ConstantInt>(UnderlyingObject)->isMinusOne(), 426e440b493SArthur Eubanks "Unusual: All-ones pointer dereference", &I); 427c54ad136STom Honermann Check(!isa<ConstantInt>(UnderlyingObject) || 428e440b493SArthur Eubanks !cast<ConstantInt>(UnderlyingObject)->isOne(), 429e440b493SArthur Eubanks "Unusual: Address one pointer dereference", &I); 430e440b493SArthur Eubanks 431e440b493SArthur Eubanks if (Flags & MemRef::Write) { 4323e65c30eSjofrn if (TT.isAMDGPU()) 4333e65c30eSjofrn Check(!AMDGPU::isConstantAddressSpace( 4343e65c30eSjofrn UnderlyingObject->getType()->getPointerAddressSpace()), 4353e65c30eSjofrn "Undefined behavior: Write to memory in const addrspace", &I); 4363e65c30eSjofrn 437e440b493SArthur Eubanks if (const GlobalVariable *GV = dyn_cast<GlobalVariable>(UnderlyingObject)) 438c54ad136STom Honermann Check(!GV->isConstant(), "Undefined behavior: Write to read-only memory", 439e440b493SArthur Eubanks &I); 440c54ad136STom Honermann Check(!isa<Function>(UnderlyingObject) && 441e440b493SArthur Eubanks !isa<BlockAddress>(UnderlyingObject), 442e440b493SArthur Eubanks "Undefined behavior: Write to text section", &I); 443e440b493SArthur Eubanks } 444e440b493SArthur Eubanks if (Flags & MemRef::Read) { 445c54ad136STom Honermann Check(!isa<Function>(UnderlyingObject), "Unusual: Load from function body", 446e440b493SArthur Eubanks &I); 447c54ad136STom Honermann Check(!isa<BlockAddress>(UnderlyingObject), 448e440b493SArthur Eubanks "Undefined behavior: Load from block address", &I); 449e440b493SArthur Eubanks } 450e440b493SArthur Eubanks if (Flags & MemRef::Callee) { 451c54ad136STom Honermann Check(!isa<BlockAddress>(UnderlyingObject), 452e440b493SArthur Eubanks "Undefined behavior: Call to block address", &I); 453e440b493SArthur Eubanks } 454e440b493SArthur Eubanks if (Flags & MemRef::Branchee) { 455c54ad136STom Honermann Check(!isa<Constant>(UnderlyingObject) || 456e440b493SArthur Eubanks isa<BlockAddress>(UnderlyingObject), 457e440b493SArthur Eubanks "Undefined behavior: Branch to non-blockaddress", &I); 458e440b493SArthur Eubanks } 459e440b493SArthur Eubanks 460e440b493SArthur Eubanks // Check for buffer overflows and misalignment. 461e440b493SArthur Eubanks // Only handles memory references that read/write something simple like an 462e440b493SArthur Eubanks // alloca instruction or a global variable. 463e440b493SArthur Eubanks int64_t Offset = 0; 464e440b493SArthur Eubanks if (Value *Base = GetPointerBaseWithConstantOffset(Ptr, Offset, *DL)) { 465e440b493SArthur Eubanks // OK, so the access is to a constant offset from Ptr. Check that Ptr is 466e440b493SArthur Eubanks // something we can handle and if so extract the size of this base object 467e440b493SArthur Eubanks // along with its alignment. 468e440b493SArthur Eubanks uint64_t BaseSize = MemoryLocation::UnknownSize; 469e440b493SArthur Eubanks MaybeAlign BaseAlign; 470e440b493SArthur Eubanks 471e440b493SArthur Eubanks if (AllocaInst *AI = dyn_cast<AllocaInst>(Base)) { 472e440b493SArthur Eubanks Type *ATy = AI->getAllocatedType(); 47329c076b8SNikita Popov if (!AI->isArrayAllocation() && ATy->isSized() && !ATy->isScalableTy()) 47429c076b8SNikita Popov BaseSize = DL->getTypeAllocSize(ATy).getFixedValue(); 475e440b493SArthur Eubanks BaseAlign = AI->getAlign(); 476e440b493SArthur Eubanks } else if (GlobalVariable *GV = dyn_cast<GlobalVariable>(Base)) { 477e440b493SArthur Eubanks // If the global may be defined differently in another compilation unit 478e440b493SArthur Eubanks // then don't warn about funky memory accesses. 479e440b493SArthur Eubanks if (GV->hasDefinitiveInitializer()) { 480e440b493SArthur Eubanks Type *GTy = GV->getValueType(); 481e440b493SArthur Eubanks if (GTy->isSized()) 482e440b493SArthur Eubanks BaseSize = DL->getTypeAllocSize(GTy); 483e440b493SArthur Eubanks BaseAlign = GV->getAlign(); 484e440b493SArthur Eubanks if (!BaseAlign && GTy->isSized()) 485e440b493SArthur Eubanks BaseAlign = DL->getABITypeAlign(GTy); 486e440b493SArthur Eubanks } 487e440b493SArthur Eubanks } 488e440b493SArthur Eubanks 489e440b493SArthur Eubanks // Accesses from before the start or after the end of the object are not 490e440b493SArthur Eubanks // defined. 4918d4235d9SNikita Popov Check(!Loc.Size.hasValue() || Loc.Size.isScalable() || 4928d4235d9SNikita Popov BaseSize == MemoryLocation::UnknownSize || 49322ec72f8SNikita Popov (Offset >= 0 && Offset + Loc.Size.getValue() <= BaseSize), 494e440b493SArthur Eubanks "Undefined behavior: Buffer overflow", &I); 495e440b493SArthur Eubanks 496e440b493SArthur Eubanks // Accesses that say that the memory is more aligned than it is are not 497e440b493SArthur Eubanks // defined. 498e440b493SArthur Eubanks if (!Align && Ty && Ty->isSized()) 499e440b493SArthur Eubanks Align = DL->getABITypeAlign(Ty); 500e440b493SArthur Eubanks if (BaseAlign && Align) 501c54ad136STom Honermann Check(*Align <= commonAlignment(*BaseAlign, Offset), 502e440b493SArthur Eubanks "Undefined behavior: Memory reference address is misaligned", &I); 503e440b493SArthur Eubanks } 504e440b493SArthur Eubanks } 505e440b493SArthur Eubanks 506e440b493SArthur Eubanks void Lint::visitLoadInst(LoadInst &I) { 50722ec72f8SNikita Popov visitMemoryReference(I, MemoryLocation::get(&I), I.getAlign(), I.getType(), 50822ec72f8SNikita Popov MemRef::Read); 509e440b493SArthur Eubanks } 510e440b493SArthur Eubanks 511e440b493SArthur Eubanks void Lint::visitStoreInst(StoreInst &I) { 51222ec72f8SNikita Popov visitMemoryReference(I, MemoryLocation::get(&I), I.getAlign(), 51322ec72f8SNikita Popov I.getOperand(0)->getType(), MemRef::Write); 514e440b493SArthur Eubanks } 515e440b493SArthur Eubanks 5163e65c30eSjofrn void Lint::visitAtomicCmpXchgInst(AtomicCmpXchgInst &I) { 5173e65c30eSjofrn visitMemoryReference(I, MemoryLocation::get(&I), I.getAlign(), 5183e65c30eSjofrn I.getOperand(0)->getType(), MemRef::Write); 5193e65c30eSjofrn } 5203e65c30eSjofrn 5213e65c30eSjofrn void Lint::visitAtomicRMWInst(AtomicRMWInst &I) { 5223e65c30eSjofrn visitMemoryReference(I, MemoryLocation::get(&I), I.getAlign(), 5233e65c30eSjofrn I.getOperand(0)->getType(), MemRef::Write); 5243e65c30eSjofrn } 5253e65c30eSjofrn 526e440b493SArthur Eubanks void Lint::visitXor(BinaryOperator &I) { 527c54ad136STom Honermann Check(!isa<UndefValue>(I.getOperand(0)) || !isa<UndefValue>(I.getOperand(1)), 528e440b493SArthur Eubanks "Undefined result: xor(undef, undef)", &I); 529e440b493SArthur Eubanks } 530e440b493SArthur Eubanks 531e440b493SArthur Eubanks void Lint::visitSub(BinaryOperator &I) { 532c54ad136STom Honermann Check(!isa<UndefValue>(I.getOperand(0)) || !isa<UndefValue>(I.getOperand(1)), 533e440b493SArthur Eubanks "Undefined result: sub(undef, undef)", &I); 534e440b493SArthur Eubanks } 535e440b493SArthur Eubanks 536e440b493SArthur Eubanks void Lint::visitLShr(BinaryOperator &I) { 537e440b493SArthur Eubanks if (ConstantInt *CI = dyn_cast<ConstantInt>(findValue(I.getOperand(1), 538e440b493SArthur Eubanks /*OffsetOk=*/false))) 539c54ad136STom Honermann Check(CI->getValue().ult(cast<IntegerType>(I.getType())->getBitWidth()), 540e440b493SArthur Eubanks "Undefined result: Shift count out of range", &I); 541e440b493SArthur Eubanks } 542e440b493SArthur Eubanks 543e440b493SArthur Eubanks void Lint::visitAShr(BinaryOperator &I) { 544e440b493SArthur Eubanks if (ConstantInt *CI = 545e440b493SArthur Eubanks dyn_cast<ConstantInt>(findValue(I.getOperand(1), /*OffsetOk=*/false))) 546c54ad136STom Honermann Check(CI->getValue().ult(cast<IntegerType>(I.getType())->getBitWidth()), 547e440b493SArthur Eubanks "Undefined result: Shift count out of range", &I); 548e440b493SArthur Eubanks } 549e440b493SArthur Eubanks 550e440b493SArthur Eubanks void Lint::visitShl(BinaryOperator &I) { 551e440b493SArthur Eubanks if (ConstantInt *CI = 552e440b493SArthur Eubanks dyn_cast<ConstantInt>(findValue(I.getOperand(1), /*OffsetOk=*/false))) 553c54ad136STom Honermann Check(CI->getValue().ult(cast<IntegerType>(I.getType())->getBitWidth()), 554e440b493SArthur Eubanks "Undefined result: Shift count out of range", &I); 555e440b493SArthur Eubanks } 556e440b493SArthur Eubanks 557e440b493SArthur Eubanks static bool isZero(Value *V, const DataLayout &DL, DominatorTree *DT, 558e440b493SArthur Eubanks AssumptionCache *AC) { 559e440b493SArthur Eubanks // Assume undef could be zero. 560e440b493SArthur Eubanks if (isa<UndefValue>(V)) 561e440b493SArthur Eubanks return true; 562e440b493SArthur Eubanks 563e440b493SArthur Eubanks VectorType *VecTy = dyn_cast<VectorType>(V->getType()); 564e440b493SArthur Eubanks if (!VecTy) { 565c9771391SArthur Eubanks KnownBits Known = 566c9771391SArthur Eubanks computeKnownBits(V, DL, 0, AC, dyn_cast<Instruction>(V), DT); 567e440b493SArthur Eubanks return Known.isZero(); 568e440b493SArthur Eubanks } 569e440b493SArthur Eubanks 570e440b493SArthur Eubanks // Per-component check doesn't work with zeroinitializer 571e440b493SArthur Eubanks Constant *C = dyn_cast<Constant>(V); 572e440b493SArthur Eubanks if (!C) 573e440b493SArthur Eubanks return false; 574e440b493SArthur Eubanks 575e440b493SArthur Eubanks if (C->isZeroValue()) 576e440b493SArthur Eubanks return true; 577e440b493SArthur Eubanks 578e440b493SArthur Eubanks // For a vector, KnownZero will only be true if all values are zero, so check 579e440b493SArthur Eubanks // this per component 580e440b493SArthur Eubanks for (unsigned I = 0, N = cast<FixedVectorType>(VecTy)->getNumElements(); 581e440b493SArthur Eubanks I != N; ++I) { 582e440b493SArthur Eubanks Constant *Elem = C->getAggregateElement(I); 583e440b493SArthur Eubanks if (isa<UndefValue>(Elem)) 584e440b493SArthur Eubanks return true; 585e440b493SArthur Eubanks 586e440b493SArthur Eubanks KnownBits Known = computeKnownBits(Elem, DL); 587e440b493SArthur Eubanks if (Known.isZero()) 588e440b493SArthur Eubanks return true; 589e440b493SArthur Eubanks } 590e440b493SArthur Eubanks 591e440b493SArthur Eubanks return false; 592e440b493SArthur Eubanks } 593e440b493SArthur Eubanks 594e440b493SArthur Eubanks void Lint::visitSDiv(BinaryOperator &I) { 5952d209d96SNikita Popov Check(!isZero(I.getOperand(1), I.getDataLayout(), DT, AC), 596e440b493SArthur Eubanks "Undefined behavior: Division by zero", &I); 597e440b493SArthur Eubanks } 598e440b493SArthur Eubanks 599e440b493SArthur Eubanks void Lint::visitUDiv(BinaryOperator &I) { 6002d209d96SNikita Popov Check(!isZero(I.getOperand(1), I.getDataLayout(), DT, AC), 601e440b493SArthur Eubanks "Undefined behavior: Division by zero", &I); 602e440b493SArthur Eubanks } 603e440b493SArthur Eubanks 604e440b493SArthur Eubanks void Lint::visitSRem(BinaryOperator &I) { 6052d209d96SNikita Popov Check(!isZero(I.getOperand(1), I.getDataLayout(), DT, AC), 606e440b493SArthur Eubanks "Undefined behavior: Division by zero", &I); 607e440b493SArthur Eubanks } 608e440b493SArthur Eubanks 609e440b493SArthur Eubanks void Lint::visitURem(BinaryOperator &I) { 6102d209d96SNikita Popov Check(!isZero(I.getOperand(1), I.getDataLayout(), DT, AC), 611e440b493SArthur Eubanks "Undefined behavior: Division by zero", &I); 612e440b493SArthur Eubanks } 613e440b493SArthur Eubanks 614e440b493SArthur Eubanks void Lint::visitAllocaInst(AllocaInst &I) { 615e440b493SArthur Eubanks if (isa<ConstantInt>(I.getArraySize())) 616e440b493SArthur Eubanks // This isn't undefined behavior, it's just an obvious pessimization. 617c54ad136STom Honermann Check(&I.getParent()->getParent()->getEntryBlock() == I.getParent(), 618e440b493SArthur Eubanks "Pessimization: Static alloca outside of entry block", &I); 619e440b493SArthur Eubanks 620e440b493SArthur Eubanks // TODO: Check for an unusual size (MSB set?) 621e440b493SArthur Eubanks } 622e440b493SArthur Eubanks 623e440b493SArthur Eubanks void Lint::visitVAArgInst(VAArgInst &I) { 62419aff0f3SKazu Hirata visitMemoryReference(I, MemoryLocation::get(&I), std::nullopt, nullptr, 62522ec72f8SNikita Popov MemRef::Read | MemRef::Write); 626e440b493SArthur Eubanks } 627e440b493SArthur Eubanks 628e440b493SArthur Eubanks void Lint::visitIndirectBrInst(IndirectBrInst &I) { 62919aff0f3SKazu Hirata visitMemoryReference(I, MemoryLocation::getAfter(I.getAddress()), 63019aff0f3SKazu Hirata std::nullopt, nullptr, MemRef::Branchee); 631e440b493SArthur Eubanks 632c54ad136STom Honermann Check(I.getNumDestinations() != 0, 633e440b493SArthur Eubanks "Undefined behavior: indirectbr with no destinations", &I); 634e440b493SArthur Eubanks } 635e440b493SArthur Eubanks 636e440b493SArthur Eubanks void Lint::visitExtractElementInst(ExtractElementInst &I) { 637e440b493SArthur Eubanks if (ConstantInt *CI = dyn_cast<ConstantInt>(findValue(I.getIndexOperand(), 638360f82f3SNikita Popov /*OffsetOk=*/false))) { 639360f82f3SNikita Popov ElementCount EC = I.getVectorOperandType()->getElementCount(); 640360f82f3SNikita Popov Check(EC.isScalable() || CI->getValue().ult(EC.getFixedValue()), 641e440b493SArthur Eubanks "Undefined result: extractelement index out of range", &I); 642e440b493SArthur Eubanks } 643360f82f3SNikita Popov } 644e440b493SArthur Eubanks 645e440b493SArthur Eubanks void Lint::visitInsertElementInst(InsertElementInst &I) { 646e440b493SArthur Eubanks if (ConstantInt *CI = dyn_cast<ConstantInt>(findValue(I.getOperand(2), 647360f82f3SNikita Popov /*OffsetOk=*/false))) { 648360f82f3SNikita Popov ElementCount EC = I.getType()->getElementCount(); 649360f82f3SNikita Popov Check(EC.isScalable() || CI->getValue().ult(EC.getFixedValue()), 650e440b493SArthur Eubanks "Undefined result: insertelement index out of range", &I); 651e440b493SArthur Eubanks } 652360f82f3SNikita Popov } 653e440b493SArthur Eubanks 654e440b493SArthur Eubanks void Lint::visitUnreachableInst(UnreachableInst &I) { 655e440b493SArthur Eubanks // This isn't undefined behavior, it's merely suspicious. 656c54ad136STom Honermann Check(&I == &I.getParent()->front() || 657e440b493SArthur Eubanks std::prev(I.getIterator())->mayHaveSideEffects(), 658e440b493SArthur Eubanks "Unusual: unreachable immediately preceded by instruction without " 659e440b493SArthur Eubanks "side effects", 660e440b493SArthur Eubanks &I); 661e440b493SArthur Eubanks } 662e440b493SArthur Eubanks 663e440b493SArthur Eubanks /// findValue - Look through bitcasts and simple memory reference patterns 664e440b493SArthur Eubanks /// to identify an equivalent, but more informative, value. If OffsetOk 665e440b493SArthur Eubanks /// is true, look through getelementptrs with non-zero offsets too. 666e440b493SArthur Eubanks /// 667e440b493SArthur Eubanks /// Most analysis passes don't require this logic, because instcombine 668e440b493SArthur Eubanks /// will simplify most of these kinds of things away. But it's a goal of 669e440b493SArthur Eubanks /// this Lint pass to be useful even on non-optimized IR. 670e440b493SArthur Eubanks Value *Lint::findValue(Value *V, bool OffsetOk) const { 671e440b493SArthur Eubanks SmallPtrSet<Value *, 4> Visited; 672e440b493SArthur Eubanks return findValueImpl(V, OffsetOk, Visited); 673e440b493SArthur Eubanks } 674e440b493SArthur Eubanks 675e440b493SArthur Eubanks /// findValueImpl - Implementation helper for findValue. 676e440b493SArthur Eubanks Value *Lint::findValueImpl(Value *V, bool OffsetOk, 677e440b493SArthur Eubanks SmallPtrSetImpl<Value *> &Visited) const { 678e440b493SArthur Eubanks // Detect self-referential values. 679e440b493SArthur Eubanks if (!Visited.insert(V).second) 68069d07465SNikita Popov return PoisonValue::get(V->getType()); 681e440b493SArthur Eubanks 682e440b493SArthur Eubanks // TODO: Look through sext or zext cast, when the result is known to 683e440b493SArthur Eubanks // be interpreted as signed or unsigned, respectively. 684e440b493SArthur Eubanks // TODO: Look through eliminable cast pairs. 685e440b493SArthur Eubanks // TODO: Look through calls with unique return values. 686e440b493SArthur Eubanks // TODO: Look through vector insert/extract/shuffle. 687e440b493SArthur Eubanks V = OffsetOk ? getUnderlyingObject(V) : V->stripPointerCasts(); 688e440b493SArthur Eubanks if (LoadInst *L = dyn_cast<LoadInst>(V)) { 689e440b493SArthur Eubanks BasicBlock::iterator BBI = L->getIterator(); 690e440b493SArthur Eubanks BasicBlock *BB = L->getParent(); 691e440b493SArthur Eubanks SmallPtrSet<BasicBlock *, 4> VisitedBlocks; 69289dae798SNikita Popov BatchAAResults BatchAA(*AA); 693e440b493SArthur Eubanks for (;;) { 694e440b493SArthur Eubanks if (!VisitedBlocks.insert(BB).second) 695e440b493SArthur Eubanks break; 696e440b493SArthur Eubanks if (Value *U = 69789dae798SNikita Popov FindAvailableLoadedValue(L, BB, BBI, DefMaxInstsToScan, &BatchAA)) 698e440b493SArthur Eubanks return findValueImpl(U, OffsetOk, Visited); 699c9771391SArthur Eubanks if (BBI != BB->begin()) 700c9771391SArthur Eubanks break; 701e440b493SArthur Eubanks BB = BB->getUniquePredecessor(); 702c9771391SArthur Eubanks if (!BB) 703c9771391SArthur Eubanks break; 704e440b493SArthur Eubanks BBI = BB->end(); 705e440b493SArthur Eubanks } 706e440b493SArthur Eubanks } else if (PHINode *PN = dyn_cast<PHINode>(V)) { 707e440b493SArthur Eubanks if (Value *W = PN->hasConstantValue()) 708e440b493SArthur Eubanks return findValueImpl(W, OffsetOk, Visited); 709e440b493SArthur Eubanks } else if (CastInst *CI = dyn_cast<CastInst>(V)) { 710e440b493SArthur Eubanks if (CI->isNoopCast(*DL)) 711e440b493SArthur Eubanks return findValueImpl(CI->getOperand(0), OffsetOk, Visited); 712e440b493SArthur Eubanks } else if (ExtractValueInst *Ex = dyn_cast<ExtractValueInst>(V)) { 713c9771391SArthur Eubanks if (Value *W = 714c9771391SArthur Eubanks FindInsertedValue(Ex->getAggregateOperand(), Ex->getIndices())) 715e440b493SArthur Eubanks if (W != V) 716e440b493SArthur Eubanks return findValueImpl(W, OffsetOk, Visited); 717e440b493SArthur Eubanks } else if (ConstantExpr *CE = dyn_cast<ConstantExpr>(V)) { 718e440b493SArthur Eubanks // Same as above, but for ConstantExpr instead of Instruction. 719e440b493SArthur Eubanks if (Instruction::isCast(CE->getOpcode())) { 720e440b493SArthur Eubanks if (CastInst::isNoopCast(Instruction::CastOps(CE->getOpcode()), 721e440b493SArthur Eubanks CE->getOperand(0)->getType(), CE->getType(), 722e440b493SArthur Eubanks *DL)) 723e440b493SArthur Eubanks return findValueImpl(CE->getOperand(0), OffsetOk, Visited); 724e440b493SArthur Eubanks } 725e440b493SArthur Eubanks } 726e440b493SArthur Eubanks 727e440b493SArthur Eubanks // As a last resort, try SimplifyInstruction or constant folding. 728e440b493SArthur Eubanks if (Instruction *Inst = dyn_cast<Instruction>(V)) { 729b8c2781fSSimon Moll if (Value *W = simplifyInstruction(Inst, {*DL, TLI, DT, AC})) 730e440b493SArthur Eubanks return findValueImpl(W, OffsetOk, Visited); 731e440b493SArthur Eubanks } else if (auto *C = dyn_cast<Constant>(V)) { 732e440b493SArthur Eubanks Value *W = ConstantFoldConstant(C, *DL, TLI); 733e440b493SArthur Eubanks if (W != V) 734e440b493SArthur Eubanks return findValueImpl(W, OffsetOk, Visited); 735e440b493SArthur Eubanks } 736e440b493SArthur Eubanks 737e440b493SArthur Eubanks return V; 738e440b493SArthur Eubanks } 739e440b493SArthur Eubanks 740c9771391SArthur Eubanks PreservedAnalyses LintPass::run(Function &F, FunctionAnalysisManager &AM) { 741c9771391SArthur Eubanks auto *Mod = F.getParent(); 7429df71d76SNikita Popov auto *DL = &F.getDataLayout(); 743c9771391SArthur Eubanks auto *AA = &AM.getResult<AAManager>(F); 744c9771391SArthur Eubanks auto *AC = &AM.getResult<AssumptionAnalysis>(F); 745c9771391SArthur Eubanks auto *DT = &AM.getResult<DominatorTreeAnalysis>(F); 746c9771391SArthur Eubanks auto *TLI = &AM.getResult<TargetLibraryAnalysis>(F); 747c9771391SArthur Eubanks Lint L(Mod, DL, AA, AC, DT, TLI); 748c9771391SArthur Eubanks L.visit(F); 749c9771391SArthur Eubanks dbgs() << L.MessagesStr.str(); 750756ff969SJannik Silvanus if (LintAbortOnError && !L.MessagesStr.str().empty()) 751756ff969SJannik Silvanus report_fatal_error(Twine("Linter found errors, aborting. (enabled by --") + 752756ff969SJannik Silvanus LintAbortOnErrorArgName + ")", 753756ff969SJannik Silvanus false); 754c9771391SArthur Eubanks return PreservedAnalyses::all(); 755c9771391SArthur Eubanks } 756c9771391SArthur Eubanks 757e440b493SArthur Eubanks //===----------------------------------------------------------------------===// 758e440b493SArthur Eubanks // Implement the public interfaces to this file... 759e440b493SArthur Eubanks //===----------------------------------------------------------------------===// 760e440b493SArthur Eubanks 761e440b493SArthur Eubanks /// lintFunction - Check a function for errors, printing messages on stderr. 762e440b493SArthur Eubanks /// 763e440b493SArthur Eubanks void llvm::lintFunction(const Function &f) { 764e440b493SArthur Eubanks Function &F = const_cast<Function &>(f); 765e440b493SArthur Eubanks assert(!F.isDeclaration() && "Cannot lint external functions"); 766e440b493SArthur Eubanks 767acc4abeaSArthur Eubanks FunctionAnalysisManager FAM; 768acc4abeaSArthur Eubanks FAM.registerPass([&] { return TargetLibraryAnalysis(); }); 769acc4abeaSArthur Eubanks FAM.registerPass([&] { return DominatorTreeAnalysis(); }); 770acc4abeaSArthur Eubanks FAM.registerPass([&] { return AssumptionAnalysis(); }); 771acc4abeaSArthur Eubanks FAM.registerPass([&] { 772acc4abeaSArthur Eubanks AAManager AA; 773acc4abeaSArthur Eubanks AA.registerFunctionAnalysis<BasicAA>(); 774acc4abeaSArthur Eubanks AA.registerFunctionAnalysis<ScopedNoAliasAA>(); 775acc4abeaSArthur Eubanks AA.registerFunctionAnalysis<TypeBasedAA>(); 776acc4abeaSArthur Eubanks return AA; 777acc4abeaSArthur Eubanks }); 778acc4abeaSArthur Eubanks LintPass().run(F, FAM); 779e440b493SArthur Eubanks } 780e440b493SArthur Eubanks 781e440b493SArthur Eubanks /// lintModule - Check a module for errors, printing messages on stderr. 782e440b493SArthur Eubanks /// 783e440b493SArthur Eubanks void llvm::lintModule(const Module &M) { 784acc4abeaSArthur Eubanks for (const Function &F : M) { 785acc4abeaSArthur Eubanks if (!F.isDeclaration()) 786acc4abeaSArthur Eubanks lintFunction(F); 787acc4abeaSArthur Eubanks } 788e440b493SArthur Eubanks } 789