Dear all,
I was wondering if there are some reliable alias analyses build on top of LLVM other than basicaa.
Thank you!
Zhiyuan
Hi Zhiyuan
LLVM has globalsmodref-aa for global variables, TBAA - type based
alias analysis and CFL-AA.
Xin
Hi Xin,
Thank you for your reply!
I have tried the 3 alias analyses you have mentioned on LLVM 3.5:
-
$ opt -globalsmodref-aa -aa-eval < xxx.bc > /dev/null
(May-alias response 100%) -
$ opt -tbaa -aa-eval < xxx.bc > /dev/null
(May-alias response 100%) -
$ opt -cfl-aa -aa-eval < xxx.bc> /dev/null
(Unknown command line argument ‘-cfl-aa’)
It seems that they are not working properly. Could you please give some advice?
And I was wondering if these alias analyses can produce alias results as precise as andersen or steensgaard.
Thank you!
Zhiyuan
There is the DSA points-to analysis in the poolalloc project. It works with an older version of LLVM and will be more difficult to use, but it’s a unification-based analysis. Just be forewarned that it’s not as accurate as it was when originally written (due to reduced field sensitivity due to changes to LLVM over time; it’s a long story explained during another recent thread). That doesn’t look right at all, but I’m not sure what’s causing the issue. That said, since we don’t know how xxx.bc was created (or what it contains), it’ll be hard for anyone to pinpoint the problem. Regards, John Criswell
Hi John,
Thank you for your reply!
- For the DSA points-to analysis, I have tried the DSA code from project smack (https://github.com/smackers/smack).
It is surprising that DSA is less precise than basicaa when running on bzip2.
Which version of DSA will you recommend If I would like to use DSA on llvm 3.5? If no such version, which one will be a good start to do further improvement?
- For other alias analyses, sorry for not attaching the bc file.
Hi John,
Thank you for your reply!1) For the DSA points-to analysis, I have tried the DSA code from project
smack (GitHub - smackers/smack: SMACK Software Verifier and Verification Toolchain).
It is surprising that DSA is less precise than basicaa when running on
bzip2.Which version of DSA will you recommend If I would like to use DSA on llvm
3.5? If no such version, which one will be a good start to do further
improvement?
If you want to play with alias analysis, at least for things like
CFL-AA, you want to use trunk.
2) For other alias analyses, sorry for not attaching the bc file.
--------------------------------------------
Source code 'SimpleGEP.c'
--------------------------------------------
typedef struct {
int *x;
int y[20];
} Foo;int main() {
Foo foo;
int index = 10;
foo.x = &index;
foo.y[2] = 10;
return 0;
}
The only thing that will disambiguate fields right now is basicaa.
CFL-AA will grow this capability over the next year or so.