Andersen Pointer Analysis#842
Draft
fabianbs96 wants to merge 39 commits into
Draft
Conversation
…ing in AndersenOTFSolver
- grow() may reallocate Nodes; all constraint methods now call every
grow() before indexing Nodes[X], and snapshot pts sets before any
addAssignEdge call that fires inside a foreach callback
- onNewPointee snapshots all four constraint lists upfront for the
same reason
- merge() snapshots NonRep vectors before any addAssignEdge call, and
retroactively fires load/store/memcopy constraints for Rep's merged
pts set (previously those constraints were silently dropped for
already-existing pointees)
- ConnectKnownTargets and checkUnresolvedFPCalls snapshot pts(FPId)
before iterating: connectCallee->propagate() can grow that set
- handleCall now collects all resolved IDs per argument (not just the
last one) via SmallVector<ValueId,2> per slot; FPCallRecord::Args
and connectCallee updated accordingly
- Add dedup guards (LoadDstSet, StoreSrcSet, MemCopyAs{Src,Dst}Set)
to NodeInfo to avoid redundant constraint firing
- Remove unused NoArgId sentinel and <cstdint> include
- Mark rep() [[nodiscard]]
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…o speensgaard sets
- Fix OperandOf::operator< (was comparing R2.Inst instead of R1.Inst) - DeepChainTwoObjectsMerge (context_04_1): three-level id chain with x/y - RecursiveSelfAlias (context_08): SCC collapsing under self-recursion - MutualRecursionAlias (context_10_0): Forth↔Back two-way recursion - ReturnSecondArgContextInsensitive (context_12_1): argretq precision - FuncPtrCallbackIdentity (context_14_1): OTF resolves indirect call - RecursionTwoObjectsMerge (context_09_0): recursive with two objects - MutualRecursionTwoObjects (context_10_1): mutual recursion, two objects - ThreeWayMutualRecursion (context_11_0): Forth↔Back↔Stop recursion - ThreeArgReturnQContextInsensitive (context_13_1): three-param function - FuncPtrCallbackThreeWayMerge (context_14_2): three function pointers Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…dness with extern functions
XXX: Should we allow passing-in an instance of LLVMFunctionDataFlowFacts?
Root-cause was integral stores being found as reaching definition for a ptr-load
…ghtly better precision
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds
AndersenOTFSolver, a context- and field-insensitive Andersen-style points-to analysis that co-refines the call graph and alias sets in a single fixpoint.Unlike the staged pipeline (resolver → PA), the solver owns its own function-worklist loop: direct calls add callees immediately; indirect calls are resolved as
pts(fp)grows.Key features
struct-field vtable calls are all resolved during the fixpoint.
lazily during propagation and merges them via union-find to avoid
redundant work.
PendingPtswaveper node rather than recomputing full set differences, eliminating
per-iteration
posix_memalignallocations.MemorySSA(with BasicAA, TBAA,and ScopedNoAlias) to determine reaching stores for each load, allowing
precise alias edges instead of conservative load constraints where the
def-chain is known.
functions; falls back to treating function-pointer arguments as reachable
callbacks (soundy mode).
once and broadcasts via bitwise OR, replacing an O(N²) nested loop.
LLVMBasedCallGraphis part ofAndersenOTFResultand can be consumed by downstream analyses.The work in this branch has been largely AI generated.
It was an experiment on how autonomous I can use claude code for coding.
I have reviewed each line of code manually. Parts needed to be rewritten by hand.