奋翮求飞
2013-Jan-22 15:32 UTC
[LLVMdev] Confusion about Alias Analysis Results -print-no-aliases&&-print-alias-sets
<div>Need help about Alias Analysis.</div><div>I try to detect use-after-free debug in source code. And my analysis is based on LLVM IR.</div><div>I use the following code as a small example. I want to get the result p&&q are alias.</div><div>//uaf.cpp</div><div><div>#include<iostream></div><div>using namespace std;</div><div>class A</div><div>{</div><div>public:</div><div> void virtual foo(){};</div><div>};</div><div>class B:public A</div><div>{</div><div>public:</div><div> void virtual foo(){};</div><div>};</div><div>int main()</div><div>{</div><div> B *p=new B();</div><div> B *q=p;</div><div> p->foo();</div><div> delete (p);</div><div> q->foo();</div><div> return 0;</div><div>}</div></div><div>--------------------------------------------</div><div>$clang++ -emit-llvm -S uaf.cpp -o uaf.ll</div><div>$opt -globalsmodref-aa -basicaa -scev-aa -print-alias-sets uaf.ll</div><div><div>Alias Set Tracker: 4 alias sets for 7 pointer values.</div><div> AliasSet[0x93a80b8, 1] must alias, Mod Pointers: (i32* %retval, 4)</div><div> AliasSet[0x93a80e0, 4] may alias, Mod/Ref Pointers: (void (%class.B*)*** %4, 4), (void (%class.B*)** %vfn, 4), (void (%class.B*)*** %9, 4), (void (%class.B*)** %vfn2, 4)</div><div> 6 Unknown instructions: i8* %call, void <badref>, void <badref>, void <badref>, void <badref>, void <badref></div><div><b><font color="#ff0000"> AliasSet[0x93a9ea8, 1] must alias, Mod/Ref Pointers: (%class.B** %p, 4)</font></b></div><div><b><font color="#ff0000"> AliasSet[0x93a9ef0, 1] must alias, Mod/Ref Pointers: (%class.B** %q, 4)</font></b></div></div><div>$<span style="line-height: 1.5;">opt -globalsmodref-aa -basicaa -scev-aa -aa-eval -print-no-aliases uaf.ll</span></div><div><div>NoAlias:<span class="Apple-tab-span" style="white-space: pre;"> </span>%class.B** %p, i32* %retval</div><div> NoAlias:<span class="Apple-tab-span" style="white-space:pre"> </span>%class.B** %q, i32* %retval</div><div><font color="#ff0000"><b> NoAlias:<span class="Apple-tab-span" style="white-space:pre"> </span>%class.B** %p, %class.B** %q</b></font></div><div> NoAlias:<span class="Apple-tab-span" style="white-space:pre"> </span>i32* %retval, i8* %call</div><div> NoAlias:<span class="Apple-tab-span" style="white-space:pre"> </span>%class.B** %p, i8* %call</div><div> NoAlias:<span class="Apple-tab-span" style="white-space:pre"> </span>%class.B** %q, i8* %call</div><div><br></div><div>How to understand the results?</div><div>Are </div><div><div style="line-height: 21px;"><b><font color="#ff0000"> AliasSet[0x93a9ea8, 1] must alias, Mod/Ref Pointers: (%class.B** %p, 4)</font></b></div><div style="line-height: 21px;"><b><font color="#ff0000"> AliasSet[0x93a9ef0, 1] must alias, Mod/Ref Pointers: (%class.B** %q, 4)</font></b></div></div><div>conflict with </div><div><b style="color: rgb(255, 0, 0);"> NoAlias:<span class="Apple-tab-span" style="white-space: pre;"> </span>%class.B** %p, %class.B** %q?</b></div><div><br></div><div style="line-height: 1.5;"><br></div></div><div><span style="line-height: 1.5;"><br></span></div><div><br></div>
Duncan Sands
2013-Jan-22 15:48 UTC
[LLVMdev] Confusion about Alias Analysis Results -print-no-aliases&&-print-alias-sets
Hi 奋翮求飞, On 22/01/13 16:32, 奋翮求飞 wrote:> Need help about Alias Analysis. > I try to detect use-after-free debug in source code. And my analysis is based on > LLVM IR. > I use the following code as a small example. I want to get the result p&&q are > alias. > //uaf.cpp > #include<iostream> > using namespace std; > class A > { > public: > void virtual foo(){}; > }; > class B:public A > { > public: > void virtual foo(){}; > }; > int main() > { > B *p=new B(); > B *q=p; > p->foo(); > delete (p); > q->foo(); > return 0; > } > -------------------------------------------- > $clang++ -emit-llvm -S uaf.cpp -o uaf.ll > $opt -globalsmodref-aa -basicaa -scev-aa -print-alias-sets uaf.llyou need to run some optimizations if you want alias analysis to be effective (instead of producing correct but useless results). Try adding -O2 to the clang command line. Best wishes, Duncan.> Alias Set Tracker: 4 alias sets for 7 pointer values. > AliasSet[0x93a80b8, 1] must alias, Mod Pointers: (i32* %retval, 4) > AliasSet[0x93a80e0, 4] may alias, Mod/Ref Pointers: (void (%class.B*)*** > %4, 4), (void (%class.B*)** %vfn, 4), (void (%class.B*)*** %9, 4), (void > (%class.B*)** %vfn2, 4) > 6 Unknown instructions: i8* %call, void <badref>, void <badref>, void > <badref>, void <badref>, void <badref> > * AliasSet[0x93a9ea8, 1] must alias, Mod/Ref Pointers: (%class.B** %p, 4)* > * AliasSet[0x93a9ef0, 1] must alias, Mod/Ref Pointers: (%class.B** %q, 4)* > $opt -globalsmodref-aa -basicaa -scev-aa -aa-eval -print-no-aliases uaf.ll > NoAlias:%class.B** %p, i32* %retval > NoAlias:%class.B** %q, i32* %retval > * NoAlias:%class.B** %p, %class.B** %q* > NoAlias:i32* %retval, i8* %call > NoAlias:%class.B** %p, i8* %call > NoAlias:%class.B** %q, i8* %call > > How to understand the results? > Are > * AliasSet[0x93a9ea8, 1] must alias, Mod/Ref Pointers: (%class.B** %p, 4)* > * AliasSet[0x93a9ef0, 1] must alias, Mod/Ref Pointers: (%class.B** %q, 4)* > conflict with > * NoAlias:%class.B** %p, %class.B** %q?* > > > > > > > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >
Maybe Matching Threads
- LLVM Alias Analysis (Load and store from same address is not showed up in same set)
- [LLVMdev] Meaning of the nocapture attribute (possible bug?)
- [LLVMdev] <badref> showed up when duplicating a list of dependent instructions
- [LLVMdev] <badref> showed up when duplicating a list of dependent instructions
- Rmpi on Linux x86_64 GNU/Linux