I'm looking for interprocedural AAs and have, of course, found https://llvm.org/docs/AliasAnalysis.html. However, the AAs that come
bundled with LLVM do not work interprocedurally in a way that I need it
(on/with stack variables). The two interesting looking AAs come with the
optional `poolalloc' module that hasn't been updated in years (I guess http://lists.llvm.org/pipermail/llvm-dev/2015-February/082054.html never
happened). My question: is there currently some interprocedural AA that
LLVM suggests (and/or even uses internally) that can cope with something
like this (without the need to inline everything for analysis' sake):
void foo(int* x) {
*x = 22; // <-- same value
}
int main(void) {
int x; // <-- same value
(void) foo(&x);
return 0;
}
For demand-driven pointer analysis, there’s cfl-steens-aa and cfl-anders-aa already in LLVM [1]. Last I’ve heard, the implementation was good enough to be used for optimization, but I don’t know if it has bit-rotten or not since then.
For global analysis, you can take a look at the SVF framework [2]. They have nice documentation that explains how the analysis works.
As for the original DSA, we maintain a port for fairly recent llvm 5.0 as a part of the SeaHorn verification framework [3]. There’s also our custom flavor of DSA, SeaDsa [4].
But taking a step back, it really depends on what you want to do with it. If you want to optimize programs, perhaps it’d be best if you relied on Basic/TB AA and inlined in all the interprocedural contexts you care about. If that’s not feasible, if you don’t intend to do many AA queries, try CFL from LLVM. If you need precise interprocedural AA for whole programs, and your programs are small, try SVF. To my knowledge, no publicly-available Andersen-style pointer analysis scales to large programs (say > 500MB bitcode), and you may have more luck with DSA. The best approach is probably to take existing implementations, see which one is scalable enough for the problem you are interested in, and tweak it to gain more precision. If you are interested in AA, there is a nice overview of the field here [5].
wow – thank you SO much for taking the time to answer in such detail!
These are lots of hints, I will gladly + thoroughly check them all I am currently researching different ways of tackling static data race detection on instruction level (LLVM IR) without the need of source code annotations incl. different trade-offs on different programs (I will narrow the topic down a bit as I go and have an understanding of what’s currently possible).
