1 //===-- MallocHelper.cpp - Functions to identify malloc calls -------------===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This family of functions identifies calls to malloc, bitcasts of malloc
11 // calls, and the types and array sizes associated with them.
13 //===----------------------------------------------------------------------===//
15 #include "llvm/Analysis/MallocHelper.h"
16 #include "llvm/Constants.h"
17 #include "llvm/Instructions.h"
18 #include "llvm/Module.h"
19 #include "llvm/Analysis/ConstantFolding.h"
22 //===----------------------------------------------------------------------===//
23 // malloc Call Utility Functions.
26 /// isMalloc - Returns true if the the value is either a malloc call or a
27 /// bitcast of the result of a malloc call.
28 bool llvm::isMalloc(const Value* I) {
29 return extractMallocCall(I) || extractMallocCallFromBitCast(I);
32 static bool isMallocCall(const CallInst *CI) {
36 const Module* M = CI->getParent()->getParent()->getParent();
37 Function *MallocFunc = M->getFunction("malloc");
39 if (CI->getOperand(0) != MallocFunc)
42 // Check malloc prototype.
43 // FIXME: workaround for PR5130, this will be obsolete when a nobuiltin
44 // attribute will exist.
45 const FunctionType *FTy = MallocFunc->getFunctionType();
46 if (FTy->getNumParams() != 1)
48 if (IntegerType *ITy = dyn_cast<IntegerType>(FTy->param_begin()->get())) {
49 if (ITy->getBitWidth() != 32 && ITy->getBitWidth() != 64)
57 /// extractMallocCall - Returns the corresponding CallInst if the instruction
58 /// is a malloc call. Since CallInst::CreateMalloc() only creates calls, we
59 /// ignore InvokeInst here.
60 const CallInst* llvm::extractMallocCall(const Value* I) {
61 const CallInst *CI = dyn_cast<CallInst>(I);
62 return (isMallocCall(CI)) ? CI : NULL;
65 CallInst* llvm::extractMallocCall(Value* I) {
66 CallInst *CI = dyn_cast<CallInst>(I);
67 return (isMallocCall(CI)) ? CI : NULL;
70 static bool isBitCastOfMallocCall(const BitCastInst* BCI) {
74 return isMallocCall(dyn_cast<CallInst>(BCI->getOperand(0)));
77 /// extractMallocCallFromBitCast - Returns the corresponding CallInst if the
78 /// instruction is a bitcast of the result of a malloc call.
79 CallInst* llvm::extractMallocCallFromBitCast(Value* I) {
80 BitCastInst *BCI = dyn_cast<BitCastInst>(I);
81 return (isBitCastOfMallocCall(BCI)) ? cast<CallInst>(BCI->getOperand(0))
85 const CallInst* llvm::extractMallocCallFromBitCast(const Value* I) {
86 const BitCastInst *BCI = dyn_cast<BitCastInst>(I);
87 return (isBitCastOfMallocCall(BCI)) ? cast<CallInst>(BCI->getOperand(0))
91 static bool isArrayMallocHelper(const CallInst *CI, LLVMContext &Context,
92 const TargetData* TD) {
96 const Type* T = getMallocAllocatedType(CI);
98 // We can only indentify an array malloc if we know the type of the malloc
100 if (!T) return false;
102 Value* MallocArg = CI->getOperand(1);
103 Constant *ElementSize = ConstantExpr::getSizeOf(T);
104 ElementSize = ConstantExpr::getTruncOrBitCast(ElementSize,
105 MallocArg->getType());
106 Constant *FoldedElementSize = ConstantFoldConstantExpression(
107 cast<ConstantExpr>(ElementSize),
111 if (isa<ConstantExpr>(MallocArg))
112 return (MallocArg != ElementSize);
114 BinaryOperator *BI = dyn_cast<BinaryOperator>(MallocArg);
118 if (BI->getOpcode() == Instruction::Mul)
119 // ArraySize * ElementSize
120 if (BI->getOperand(1) == ElementSize ||
121 (FoldedElementSize && BI->getOperand(1) == FoldedElementSize))
124 // TODO: Detect case where MallocArg mul has been transformed to shl.
129 /// isArrayMalloc - Returns the corresponding CallInst if the instruction
130 /// matches the malloc call IR generated by CallInst::CreateMalloc(). This
131 /// means that it is a malloc call with one bitcast use AND the malloc call's
132 /// size argument is:
133 /// 1. a constant not equal to the malloc's allocated type
135 /// 2. the result of a multiplication by the malloc's allocated type
136 /// Otherwise it returns NULL.
137 /// The unique bitcast is needed to determine the type/size of the array
139 CallInst* llvm::isArrayMalloc(Value* I, LLVMContext &Context,
140 const TargetData* TD) {
141 CallInst *CI = extractMallocCall(I);
142 return (isArrayMallocHelper(CI, Context, TD)) ? CI : NULL;
145 const CallInst* llvm::isArrayMalloc(const Value* I, LLVMContext &Context,
146 const TargetData* TD) {
147 const CallInst *CI = extractMallocCall(I);
148 return (isArrayMallocHelper(CI, Context, TD)) ? CI : NULL;
151 /// getMallocType - Returns the PointerType resulting from the malloc call.
152 /// This PointerType is the result type of the call's only bitcast use.
153 /// If there is no unique bitcast use, then return NULL.
154 const PointerType* llvm::getMallocType(const CallInst* CI) {
155 assert(isMalloc(CI) && "GetMallocType and not malloc call");
157 const BitCastInst* BCI = NULL;
159 // Determine if CallInst has a bitcast use.
160 for (Value::use_const_iterator UI = CI->use_begin(), E = CI->use_end();
162 if ((BCI = dyn_cast<BitCastInst>(cast<Instruction>(*UI++))))
165 // Malloc call has 1 bitcast use and no other uses, so type is the bitcast's
167 if (BCI && CI->hasOneUse())
168 return cast<PointerType>(BCI->getDestTy());
170 // Malloc call was not bitcast, so type is the malloc function's return type.
172 return cast<PointerType>(CI->getType());
174 // Type could not be determined.
178 /// getMallocAllocatedType - Returns the Type allocated by malloc call. This
179 /// Type is the result type of the call's only bitcast use. If there is no
180 /// unique bitcast use, then return NULL.
181 const Type* llvm::getMallocAllocatedType(const CallInst* CI) {
182 const PointerType* PT = getMallocType(CI);
183 return PT ? PT->getElementType() : NULL;
186 /// isConstantOne - Return true only if val is constant int 1.
187 static bool isConstantOne(Value *val) {
188 return isa<ConstantInt>(val) && cast<ConstantInt>(val)->isOne();
191 /// getMallocArraySize - Returns the array size of a malloc call. The array
192 /// size is computated in 1 of 3 ways:
193 /// 1. If the element type if of size 1, then array size is the argument to
195 /// 2. Else if the malloc's argument is a constant, the array size is that
196 /// argument divided by the element type's size.
197 /// 3. Else the malloc argument must be a multiplication and the array size is
198 /// the first operand of the multiplication.
199 /// This function returns constant 1 if:
200 /// 1. The malloc call's allocated type cannot be determined.
201 /// 2. IR wasn't created by a call to CallInst::CreateMalloc() with a non-NULL
203 Value* llvm::getMallocArraySize(CallInst* CI, LLVMContext &Context,
204 const TargetData* TD) {
205 // Match CreateMalloc's use of constant 1 array-size for non-array mallocs.
206 if (!isArrayMalloc(CI, Context, TD))
207 return ConstantInt::get(CI->getOperand(1)->getType(), 1);
209 Value* MallocArg = CI->getOperand(1);
210 assert(getMallocAllocatedType(CI) && "getMallocArraySize and no type");
211 Constant *ElementSize = ConstantExpr::getSizeOf(getMallocAllocatedType(CI));
212 ElementSize = ConstantExpr::getTruncOrBitCast(ElementSize,
213 MallocArg->getType());
215 Constant* CO = dyn_cast<Constant>(MallocArg);
216 BinaryOperator* BO = dyn_cast<BinaryOperator>(MallocArg);
217 assert((isConstantOne(ElementSize) || CO || BO) &&
218 "getMallocArraySize and malformed malloc IR");
220 if (isConstantOne(ElementSize))
224 return CO->getOperand(0);
226 // TODO: Detect case where MallocArg mul has been transformed to shl.
228 assert(BO && "getMallocArraySize not constant but not multiplication either");
229 return BO->getOperand(0);