fill_db_untrusted: follow untrusted data down the call tree
[smatch.git] / memops.c
blob9eafb722d4c01fc9376ca91f3f8e9d1a45ab4b34
1 /*
2 * memops - try to combine memory ops.
4 * Copyright (C) 2004 Linus Torvalds
5 */
7 #include <string.h>
8 #include <stdarg.h>
9 #include <stdlib.h>
10 #include <stdio.h>
11 #include <stddef.h>
12 #include <assert.h>
14 #include "parse.h"
15 #include "expression.h"
16 #include "linearize.h"
17 #include "flow.h"
19 static int find_dominating_parents(pseudo_t pseudo, struct instruction *insn,
20 struct basic_block *bb, unsigned long generation, struct pseudo_list **dominators,
21 int local, int loads)
23 struct basic_block *parent;
25 if (bb_list_size(bb->parents) > 1)
26 loads = 0;
27 FOR_EACH_PTR(bb->parents, parent) {
28 struct instruction *one;
29 struct instruction *br;
30 pseudo_t phi;
32 FOR_EACH_PTR_REVERSE(parent->insns, one) {
33 int dominance;
34 if (one == insn)
35 goto no_dominance;
36 dominance = dominates(pseudo, insn, one, local);
37 if (dominance < 0) {
38 if (one->opcode == OP_LOAD)
39 continue;
40 return 0;
42 if (!dominance)
43 continue;
44 if (one->opcode == OP_LOAD && !loads)
45 continue;
46 goto found_dominator;
47 } END_FOR_EACH_PTR_REVERSE(one);
48 no_dominance:
49 if (parent->generation == generation)
50 continue;
51 parent->generation = generation;
53 if (!find_dominating_parents(pseudo, insn, parent, generation, dominators, local, loads))
54 return 0;
55 continue;
57 found_dominator:
58 br = delete_last_instruction(&parent->insns);
59 phi = alloc_phi(parent, one->target, one->size);
60 phi->ident = phi->ident ? : one->target->ident;
61 add_instruction(&parent->insns, br);
62 use_pseudo(insn, phi, add_pseudo(dominators, phi));
63 } END_FOR_EACH_PTR(parent);
64 return 1;
67 static int address_taken(pseudo_t pseudo)
69 struct pseudo_user *pu;
70 FOR_EACH_PTR(pseudo->users, pu) {
71 struct instruction *insn = pu->insn;
72 if (insn->bb && (insn->opcode != OP_LOAD || insn->opcode != OP_STORE))
73 return 1;
74 } END_FOR_EACH_PTR(pu);
75 return 0;
78 static int local_pseudo(pseudo_t pseudo)
80 return pseudo->type == PSEUDO_SYM
81 && !(pseudo->sym->ctype.modifiers & (MOD_STATIC | MOD_NONLOCAL))
82 && !address_taken(pseudo);
85 static void simplify_loads(struct basic_block *bb)
87 struct instruction *insn;
89 FOR_EACH_PTR_REVERSE(bb->insns, insn) {
90 if (!insn->bb)
91 continue;
92 if (insn->opcode == OP_LOAD) {
93 struct instruction *dom;
94 pseudo_t pseudo = insn->src;
95 int local = local_pseudo(pseudo);
96 struct pseudo_list *dominators;
97 unsigned long generation;
99 /* Check for illegal offsets.. */
100 check_access(insn);
102 RECURSE_PTR_REVERSE(insn, dom) {
103 int dominance;
104 if (!dom->bb)
105 continue;
106 dominance = dominates(pseudo, insn, dom, local);
107 if (dominance) {
108 /* possible partial dominance? */
109 if (dominance < 0) {
110 if (dom->opcode == OP_LOAD)
111 continue;
112 goto next_load;
114 /* Yeehaa! Found one! */
115 convert_load_instruction(insn, dom->target);
116 goto next_load;
118 } END_FOR_EACH_PTR_REVERSE(dom);
120 /* OK, go find the parents */
121 generation = ++bb_generation;
122 bb->generation = generation;
123 dominators = NULL;
124 if (find_dominating_parents(pseudo, insn, bb, generation, &dominators, local, 1)) {
125 /* This happens with initial assignments to structures etc.. */
126 if (!dominators) {
127 if (local) {
128 assert(pseudo->type != PSEUDO_ARG);
129 convert_load_instruction(insn, value_pseudo(0));
131 goto next_load;
133 rewrite_load_instruction(insn, dominators);
136 next_load:
137 /* Do the next one */;
138 } END_FOR_EACH_PTR_REVERSE(insn);
141 static void kill_store(struct instruction *insn)
143 if (insn) {
144 insn->bb = NULL;
145 insn->opcode = OP_SNOP;
146 kill_use(&insn->target);
150 static void kill_dominated_stores(struct basic_block *bb)
152 struct instruction *insn;
154 FOR_EACH_PTR_REVERSE(bb->insns, insn) {
155 if (!insn->bb)
156 continue;
157 if (insn->opcode == OP_STORE) {
158 struct instruction *dom;
159 pseudo_t pseudo = insn->src;
160 int local = local_pseudo(pseudo);
162 RECURSE_PTR_REVERSE(insn, dom) {
163 int dominance;
164 if (!dom->bb)
165 continue;
166 dominance = dominates(pseudo, insn, dom, local);
167 if (dominance) {
168 /* possible partial dominance? */
169 if (dominance < 0)
170 goto next_store;
171 if (dom->opcode == OP_LOAD)
172 goto next_store;
173 /* Yeehaa! Found one! */
174 kill_store(dom);
176 } END_FOR_EACH_PTR_REVERSE(dom);
178 /* OK, we should check the parents now */
180 next_store:
181 /* Do the next one */;
182 } END_FOR_EACH_PTR_REVERSE(insn);
185 void simplify_memops(struct entrypoint *ep)
187 struct basic_block *bb;
189 FOR_EACH_PTR_REVERSE(ep->bbs, bb) {
190 simplify_loads(bb);
191 } END_FOR_EACH_PTR_REVERSE(bb);
193 FOR_EACH_PTR_REVERSE(ep->bbs, bb) {
194 kill_dominated_stores(bb);
195 } END_FOR_EACH_PTR_REVERSE(bb);