Finding Store Instructions that possibly affect load instruction or func call instruction

Hi,

I want to track StoreInst that affect loadInst/CallInst.

e.g %1 = alloc i32
store 10,%1
foo(%1) -------> %1 should take the value 10 (defined by store ins)

I tried to use MemSSA for this but for situations I can’t find these correct dependencies possibly due to insufficient Alias information

e.g

Consider the C code:``

__attribute__((noinline)) void foo(int i,int j)
{
    printf("%d %d",i,j);
}
int main()
{
    int j;
    int k;
    scanf("%d%d",&j,&k);
    j+=10;
    k-=3;

    //func call to force the stores
    foo(j,k);

    //func call to force the loads
    printf("%d %d",j,k);
}

MemSSA generated:
define dso_local i32 @main() #2 {
%1 = alloca i32, align 4
%2 = alloca i32, align 4
%3 = bitcast i32* %1 to i8*
; 1 = MemoryDef(liveOnEntry)
call void @llvm.lifetime.start.p0i8(i64 4, i8* nonnull %3) #5
%4 = bitcast i32* %2 to i8*
; 2 = MemoryDef(1)
call void @llvm.lifetime.start.p0i8(i64 4, i8* nonnull %4) #5
%5 = getelementptr inbounds [5 x i8], [5 x i8]* @.str.1, i64 0, i64 0
; 3 = MemoryDef(2)
%6 = call i32 (i8*, …) @__isoc99_scanf(i8* %5, i32* nonnull %1, i32* nonnull %2)
; MemoryUse(3) MayAlias
%7 = load i32, i32* %1, align 4, !tbaa !5
%8 = add nsw i32 %7, 10
; 4 = MemoryDef(3)
store i32 %8, i32* %1, align 4, !tbaa !5
; MemoryUse(3) MayAlias
%9 = load i32, i32* %2, align 4, !tbaa !5
%10 = add nsw i32 %9, -3
; 5 = MemoryDef(4)
store i32 %10, i32* %2, align 4, !tbaa !5
; 6 = MemoryDef(5)
call void @foo(i32 %8, i32 %10)
; MemoryUse(6) MayAlias
%11 = load i32, i32* %1, align 4, !tbaa !5
; MemoryUse(6) MayAlias
%12 = load i32, i32* %2, align 4, !tbaa !5
%13 = getelementptr inbounds [6 x i8], [6 x i8]* @.str, i64 0, i64 0
; 7 = MemoryDef(6)
%14 = call i32 (i8*, …) @printf(i8* nonnull dereferenceable(1) %13, i32 %11, i32 %12)

Two issues for me:

  1. I am not able to track from where the values for %11 and %12 are coming. There are coming from 2 store instructions before the foo call. But since both loads have defining ins as 6 = MemoryDef(5), I couldn’t get these stores.

The only way I could find them is traverse back using def chain created in MemSSA

  1. For function foo(), I can’t trace from where parameter values are coming from because MemSSA only gives 1 link up i.e it tracks only 5 = MemoryDef(4)and not the other store. That is to say, its tracking only 1 parameter.

Is there any solution to this?

Regards
Sushant

Hi,