Hi,
I'm looking for interprocedural AAs and have, of course, found
https://llvm.org/docs/AliasAnalysis.html. However, the AAs that come
bundled with LLVM do not work interprocedurally in a way that I need it
(on/with stack variables). The two interesting looking AAs come with the
optional `poolalloc' module that hasn't been updated in years (I guess
http://lists.llvm.org/pipermail/llvm-dev/2015-February/082054.html never
happened). My question: is there currently some interprocedural AA that
LLVM suggests (and/or even uses internally) that can cope with something
like this (without the need to inline everything for analysis' sake):
void foo(int* x) {
*x = 22; // <-- same value
}
int main(void) {
int x; // <-- same value
(void) foo(&x);
return 0;
}
Thanks a lot for your thoughts :)
Armin
Hi Armin, For demand-driven pointer analysis, there's cfl-steens-aa and cfl-anders-aa already in LLVM [1]. Last I've heard, the implementation was good enough to be used for optimization, but I don't know if it has bit-rotten or not since then. For global analysis, you can take a look at the SVF framework [2]. They have nice documentation that explains how the analysis works. As for the original DSA, we maintain a port for fairly recent llvm 5.0 as a part of the SeaHorn verification framework [3]. There's also our custom flavor of DSA, SeaDsa [4]. But taking a step back, it really depends on what you want to do with it. If you want to optimize programs, perhaps it'd be best if you relied on Basic/TB AA and inlined in all the interprocedural contexts you care about. If that's not feasible, if you don't intend to do many AA queries, try CFL from LLVM. If you need precise interprocedural AA for whole programs, and your programs are small, try SVF. To my knowledge, no publicly-available Andersen-style pointer analysis scales to large programs (say > 500MB bitcode), and you may have more luck with DSA. The best approach is probably to take existing implementations, see which one is scalable enough for the problem you are interested in, and tweak it to gain more precision. If you are interested in AA, there is a nice overview of the field here [5]. Best, Kuba [1] https://github.com/grievejia/GSoC2016/blob/master/writeup.pdf [2] https://github.com/SVF-tools/SVF [3] https://github.com/seahorn/llvm-dsa/tree/llvm-5.0 [4] https://github.com/seahorn/sea-dsa [5] https://yanniss.github.io/points-to-tutorial15.pdf On Tue, Dec 18, 2018 at 11:21 AM via llvm-dev <llvm-dev at lists.llvm.org> wrote:> Hi, > > I'm looking for interprocedural AAs and have, of course, found > https://llvm.org/docs/AliasAnalysis.html. However, the AAs that come > bundled with LLVM do not work interprocedurally in a way that I need it > (on/with stack variables). The two interesting looking AAs come with the > optional `poolalloc' module that hasn't been updated in years (I guess > http://lists.llvm.org/pipermail/llvm-dev/2015-February/082054.html never > happened). My question: is there currently some interprocedural AA that > LLVM suggests (and/or even uses internally) that can cope with something > like this (without the need to inline everything for analysis' sake): > > void foo(int* x) { > *x = 22; // <-- same value > } > > int main(void) { > int x; // <-- same value > (void) foo(&x); > return 0; > } > > Thanks a lot for your thoughts :) > > Armin > > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev >-- Jakub Kuderski -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20181218/f96e11af/attachment.html>
Hi Kuba,
wow – thank you SO much for taking the time to answer in such detail!
These are lots of hints, I will gladly + thoroughly check them all :) I am
currently researching different ways of tackling _static_ data race detection on
instruction level (LLVM IR) _without_ the need of source code annotations incl.
different trade-offs on different programs (I will narrow the topic down a bit
as I go and have an understanding of what’s currently possible).
Thanks again for pointing me directions,
Cheers
Armin
From: Jakub (Kuba) Kuderski <kubakuderski at gmail.com>
Sent: 18 December 2018 19:21
To: armin at hasitzka.com
Cc: llvm-dev <llvm-dev at lists.llvm.org>
Subject: Re: [llvm-dev] Interprocedural AA
Hi Armin,
For demand-driven pointer analysis, there's cfl-steens-aa and cfl-anders-aa
already in LLVM [1]. Last I've heard, the implementation was good enough to
be used for optimization, but I don't know if it has bit-rotten or not since
then.
For global analysis, you can take a look at the SVF framework [2]. They have
nice documentation that explains how the analysis works.
As for the original DSA, we maintain a port for fairly recent llvm 5.0 as a part
of the SeaHorn verification framework [3]. There's also our custom flavor of
DSA, SeaDsa [4].
But taking a step back, it really depends on what you want to do with it. If you
want to optimize programs, perhaps it'd be best if you relied on Basic/TB AA
and inlined in all the interprocedural contexts you care about. If that's
not feasible, if you don't intend to do many AA queries, try CFL from LLVM.
If you need precise interprocedural AA for whole programs, and your programs are
small, try SVF. To my knowledge, no publicly-available Andersen-style pointer
analysis scales to large programs (say > 500MB bitcode), and you may have
more luck with DSA. The best approach is probably to take existing
implementations, see which one is scalable enough for the problem you are
interested in, and tweak it to gain more precision. If you are interested in AA,
there is a nice overview of the field here [5].
Best,
Kuba
[1] https://github.com/grievejia/GSoC2016/blob/master/writeup.pdf
[2] https://github.com/SVF-tools/SVF
[3] https://github.com/seahorn/llvm-dsa/tree/llvm-5.0
[4] https://github.com/seahorn/sea-dsa
[5] https://yanniss.github.io/points-to-tutorial15.pdf
On Tue, Dec 18, 2018 at 11:21 AM via llvm-dev <llvm-dev at lists.llvm.org
<mailto:llvm-dev at lists.llvm.org> > wrote:
Hi,
I'm looking for interprocedural AAs and have, of course, found
https://llvm.org/docs/AliasAnalysis.html. However, the AAs that come
bundled with LLVM do not work interprocedurally in a way that I need it
(on/with stack variables). The two interesting looking AAs come with the
optional `poolalloc' module that hasn't been updated in years (I guess
http://lists.llvm.org/pipermail/llvm-dev/2015-February/082054.html never
happened). My question: is there currently some interprocedural AA that
LLVM suggests (and/or even uses internally) that can cope with something
like this (without the need to inline everything for analysis' sake):
void foo(int* x) {
*x = 22; // <-- same value
}
int main(void) {
int x; // <-- same value
(void) foo(&x);
return 0;
}
Thanks a lot for your thoughts :)
Armin
_______________________________________________
LLVM Developers mailing list
llvm-dev at lists.llvm.org <mailto:llvm-dev at lists.llvm.org>
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
--
Jakub Kuderski
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20181218/1305fa18/attachment.html>