I’ve been chatting with a few folks about how the AliasAnalysis class could be extended to allow control-flow-sensitive AA queries. The simplistic notion is that one could ask things like, “In procedure Foo, at the code point immediately following Instruction I1: do the Locations allocated by instructions I2 and I3 alias each other?”
My problem is figuring out what the supported queries’ semantics should be when the CFG has a non-trivial shape. For example, suppose we have code like this (in C):
for (…) {
char* p = malloc(42);
p[0] = ‘x’;
}
Do we consider p[0]=‘x’ to be a strong update, because “p” clearly modifies the memory allocated by “malloc” call that happened in the same loop iteration? Or do we consider this a weak update, because “*p” potentially names more than one chunk of “malloc”-allocated memory, since it’s in a loop?
I suspect that the question of desirable semantics get even more complex in cases where the CFG is more complicated (nested loops, irreducible, etc.), or when the relevant code points for a given query aren’t all in the same basic block.
So my question is this: Is this a well-understood topic, where there’s some agreed-upon list of all reasonable / useful variations on this kind of context-sensitive query? Or is it more chaotic, where various AA consumers have various preferred versions of these query semantics?