> Yes. The current TBAA implementation is conservative, with the idea that it > can become more aggressive (and with TBAA, this fundamentally means > "more dangerous") with incremental steps.Dan, Could you disclose more details about how to implement the "incremental steps" to handle more complicated alias cases? For example, differentiate different pointers that point to different types. and use this information to improve alias analysis accuracy?> It's interesting to note that clang's own source code is known to violate the TBAA > rules for pointers (it's thought to be unlikely to cause trouble in practice). There > are reasons for caution in this area.I don't get your point here. What "TBAA rules" are violated by "clang's own source code"? Where does this violation happen? and what caution we should have in this area? Thanks for your reply! -- Best Regards Gan
On Nov 7, 2011, at 10:17 PM, Gan wrote:>> Yes. The current TBAA implementation is conservative, with the idea that it >> can become more aggressive (and with TBAA, this fundamentally means >> "more dangerous") with incremental steps. > > Dan, > > Could you disclose more details about how to implement the "incremental steps" > to handle more complicated alias cases? For example, differentiate > different pointers > that point to different types. and use this information to improve > alias analysis accuracy?Yes. It's almost all up to the front-end. Find the place in clang where it emits the "any pointer" metadata, and implement something better.> >> It's interesting to note that clang's own source code is known to violate the TBAA >> rules for pointers (it's thought to be unlikely to cause trouble in practice). There >> are reasons for caution in this area. > > I don't get your point here. What "TBAA rules" are violated by > "clang's own source code"? > Where does this violation happen? and what caution we should have in this area?Clang frequently casts the addresses of Stmt* objects to Expr** before dereferencing them. C++'s TBAA rules don't permit this. Dan
> Yes. It's almost all up to the front-end. Find the place in clang > where it emits the "any pointer" metadata, and implement something > better.Dan, Thanks for replying! I have read the TBAA code in the front-end of clang. I did consider to extend it to handle more complicated pointer cases. For example, assigning different TBAA names to pointers pointing to different types. According to the current design idea of TBAA, all pointers share the same name. Thus there is no need to calculate points-to set for each pointer, because all pointers are in the same points-to set. If we try to split this "all-in-one" points-to set based on the object types that are pointed to by each pointer, we also need to consider pointer assignment and other pointer operations (e.g. address taken) to accurately calculate points-to set for each pointer. Then, the job would become implementing an alias analysis algorithm similar to Steensgaard's or Anderson's. Please correct me if you think I'm wrong. Since both algorithms were already implemented in LLVM, and then remove from LLVM for this or that reason, it is really not necessary to repeat the same work. Again, please correct me if I'm wrong. Thanks again for your reply! Gan