1 // escape.cc -- Go escape analysis (based on Go compiler algorithm).
2
3 // Copyright 2016 The Go Authors. All rights reserved.
4 // Use of this source code is governed by a BSD-style
5 // license that can be found in the LICENSE file.
6
7 #include "go-system.h"
8
9 #include <limits>
10 #include <stack>
11 #include <sstream>
12
13 #include "gogo.h"
14 #include "types.h"
15 #include "expressions.h"
16 #include "statements.h"
17 #include "escape.h"
18 #include "lex.h"
19 #include "ast-dump.h"
20 #include "go-optimize.h"
21 #include "go-diagnostics.h"
22 #include "go-sha1.h"
23
24 // class Node.
25
26 // Return the node's type, if it makes sense for it to have one.
27
28 Type*
type() const29 Node::type() const
30 {
31 if (this->object() != NULL
32 && this->object()->is_variable())
33 return this->object()->var_value()->type();
34 else if (this->object() != NULL
35 && this->object()->is_function())
36 return this->object()->func_value()->type();
37 else if (this->expr() != NULL)
38 return this->expr()->type();
39 else if (this->is_indirect())
40 {
41 if (this->child()->type()->deref()->is_void_type())
42 // This is a void*. The referred type can be actually any type,
43 // which may also be pointer. We model it as another void*, so
44 // we don't lose pointer-ness.
45 return this->child()->type();
46 else
47 return this->child()->type()->deref();
48 }
49 else if (this->statement() != NULL
50 && this->statement()->temporary_statement() != NULL)
51 return this->statement()->temporary_statement()->type();
52 else
53 return NULL;
54 }
55
56 // A helper for reporting; return this node's location.
57
58 Location
location() const59 Node::location() const
60 {
61 if (this->object() != NULL && !this->object()->is_sink())
62 return this->object()->location();
63 else if (this->expr() != NULL)
64 return this->expr()->location();
65 else if (this->statement() != NULL)
66 return this->statement()->location();
67 else if (this->is_indirect())
68 return this->child()->location();
69 else
70 return Linemap::unknown_location();
71 }
72
73 // A helper for reporting; return the location where the underlying
74 // object is defined.
75
76 Location
definition_location() const77 Node::definition_location() const
78 {
79 if (this->object() != NULL && !this->object()->is_sink())
80 {
81 Named_object* no = this->object();
82 if (no->is_variable() || no->is_result_variable())
83 return no->location();
84 }
85 else if (this->expr() != NULL)
86 {
87 Var_expression* ve = this->expr()->var_expression();
88 if (ve != NULL)
89 {
90 Named_object* no = ve->named_object();
91 if (no->is_variable() || no->is_result_variable())
92 return no->location();
93 }
94 Enclosed_var_expression* eve = this->expr()->enclosed_var_expression();
95 if (eve != NULL)
96 {
97 Named_object* no = eve->variable();
98 if (no->is_variable() || no->is_result_variable())
99 return no->location();
100 }
101 }
102 return this->location();
103 }
104
105 // To match the cmd/gc debug output, strip away the packed prefixes on functions
106 // and variable/expressions.
107
108 std::string
strip_packed_prefix(Gogo * gogo,const std::string & s)109 strip_packed_prefix(Gogo* gogo, const std::string& s)
110 {
111 std::string packed_prefix = "." + gogo->pkgpath() + ".";
112 std::string fmt = s;
113 for (size_t pos = fmt.find(packed_prefix);
114 pos != std::string::npos;
115 pos = fmt.find(packed_prefix))
116 fmt.erase(pos, packed_prefix.length());
117 return fmt;
118 }
119
120 // A helper for debugging; return this node's AST formatted string.
121 // This is an implementation of gc's Nconv with obj.FmtShort.
122
123 std::string
ast_format(Gogo * gogo) const124 Node::ast_format(Gogo* gogo) const
125 {
126 std::ostringstream ss;
127 if (this->is_sink())
128 ss << ".sink";
129 else if (this->object() != NULL)
130 {
131 Named_object* no = this->object();
132 if (no->is_function() && no->func_value()->enclosing() != NULL)
133 return "func literal";
134 ss << no->message_name();
135 }
136 else if (this->expr() != NULL)
137 {
138 Expression* e = this->expr();
139 bool is_call = e->call_expression() != NULL;
140 if (is_call)
141 e->call_expression()->fn();
142 Func_expression* fe = e->func_expression();;
143
144 bool is_closure = fe != NULL && fe->closure() != NULL;
145 if (is_closure)
146 {
147 if (is_call)
148 return "(func literal)()";
149 return "func literal";
150 }
151 Ast_dump_context::dump_to_stream(this->expr(), &ss);
152 }
153 else if (this->statement() != NULL)
154 {
155 Statement* s = this->statement();
156 Goto_unnamed_statement* unnamed = s->goto_unnamed_statement();
157 if (unnamed != NULL)
158 {
159 Statement* derived = unnamed->unnamed_label()->derived_from();
160 if (derived != NULL)
161 {
162 switch (derived->classification())
163 {
164 case Statement::STATEMENT_FOR:
165 case Statement::STATEMENT_FOR_RANGE:
166 return "for loop";
167 break;
168
169 case Statement::STATEMENT_SWITCH:
170 return "switch";
171 break;
172
173 case Statement::STATEMENT_TYPE_SWITCH:
174 return "type switch";
175 break;
176
177 default:
178 break;
179 }
180 }
181 }
182 Temporary_statement* tmp = s->temporary_statement();
183 if (tmp != NULL)
184 {
185 // Temporary's format can never match gc's output, and
186 // temporaries are inserted differently anyway. We just
187 // print something convenient.
188 ss << "tmp." << (uintptr_t) tmp;
189 if (tmp->init() != NULL)
190 {
191 ss << " [ = ";
192 Ast_dump_context::dump_to_stream(tmp->init(), &ss);
193 ss << " ]";
194 }
195 }
196 else
197 Ast_dump_context::dump_to_stream(s, &ss);
198 }
199 else if (this->is_indirect())
200 return "*(" + this->child()->ast_format(gogo) + ")";
201
202 std::string s = strip_packed_prefix(gogo, ss.str());
203
204 // trim trailing space
205 return s.substr(0, s.find_last_not_of(' ') + 1);
206 }
207
208 // A helper for debugging; return this node's detailed format string.
209 // This is an implementation of gc's Jconv with obj.FmtShort.
210
211 std::string
details()212 Node::details()
213 {
214 std::stringstream details;
215
216 if (!this->is_sink())
217 details << " l(" << Linemap::location_to_line(this->location()) << ")";
218
219 bool is_varargs = false;
220 bool is_address_taken = false;
221 bool is_in_heap = false;
222 bool is_assigned = false;
223 std::string class_name;
224
225 Expression* e = this->expr();
226 Named_object* node_object = NULL;
227 if (this->object() != NULL)
228 node_object = this->object();
229 else if (e != NULL && e->var_expression() != NULL)
230 node_object = e->var_expression()->named_object();
231
232 if (node_object)
233 {
234 // TODO(cmang): For named variables and functions, we want to output
235 // the function depth.
236 if (node_object->is_variable())
237 {
238 Variable* var = node_object->var_value();
239 is_varargs = var->is_varargs_parameter();
240 is_address_taken = (var->is_address_taken()
241 || var->is_non_escaping_address_taken());
242 is_in_heap = var->is_in_heap();
243 is_assigned = var->init() != NULL;
244
245 if (var->is_global())
246 class_name = "PEXTERN";
247 else if (var->is_parameter())
248 class_name = "PPARAM";
249 else if (var->is_closure())
250 class_name = "PPARAMREF";
251 else
252 class_name = "PAUTO";
253 }
254 else if (node_object->is_result_variable())
255 class_name = "PPARAMOUT";
256 else if (node_object->is_function()
257 || node_object->is_function_declaration())
258 class_name = "PFUNC";
259 }
260 else if (e != NULL && e->enclosed_var_expression() != NULL)
261 {
262 Named_object* enclosed = e->enclosed_var_expression()->variable();
263 if (enclosed->is_variable())
264 {
265 Variable* var = enclosed->var_value();
266 is_address_taken = (var->is_address_taken()
267 || var->is_non_escaping_address_taken());
268 }
269 else
270 {
271 Result_variable* var = enclosed->result_var_value();
272 is_address_taken = (var->is_address_taken()
273 || var->is_non_escaping_address_taken());
274 }
275 class_name = "PPARAMREF";
276 }
277
278 if (!class_name.empty())
279 {
280 details << " class(" << class_name;
281 if (is_in_heap)
282 details << ",heap";
283 details << ")";
284 }
285
286 switch ((this->encoding() & ESCAPE_MASK))
287 {
288 case Node::ESCAPE_UNKNOWN:
289 break;
290
291 case Node::ESCAPE_HEAP:
292 details << " esc(h)";
293 break;
294
295 case Node::ESCAPE_NONE:
296 details << " esc(no)";
297 break;
298
299 case Node::ESCAPE_NEVER:
300 details << " esc(N)";
301 break;
302
303 default:
304 details << " esc(" << this->encoding() << ")";
305 break;
306 }
307
308 if (this->state_ != NULL && this->state_->loop_depth != 0)
309 details << " ld(" << this->state_->loop_depth << ")";
310
311 if (is_varargs)
312 details << " isddd(1)";
313 if (is_address_taken)
314 details << " addrtaken";
315 if (is_assigned)
316 details << " assigned";
317
318 return details.str();
319 }
320
321 std::string
op_format() const322 Node::op_format() const
323 {
324 std::stringstream op;
325 Ast_dump_context adc(&op, false);
326 if (this->expr() != NULL)
327 {
328 Expression* e = this->expr();
329 switch (e->classification())
330 {
331 case Expression::EXPRESSION_UNARY:
332 adc.dump_operator(e->unary_expression()->op());
333 break;
334
335 case Expression::EXPRESSION_BINARY:
336 adc.dump_operator(e->binary_expression()->op());
337 break;
338
339 case Expression::EXPRESSION_CALL:
340 op << "function call";
341 break;
342
343 case Expression::EXPRESSION_FUNC_REFERENCE:
344 if (e->func_expression()->is_runtime_function())
345 {
346 switch (e->func_expression()->runtime_code())
347 {
348 case Runtime::GOPANIC:
349 op << "panic";
350 break;
351
352 case Runtime::GROWSLICE:
353 op << "append";
354 break;
355
356 case Runtime::SLICECOPY:
357 case Runtime::SLICESTRINGCOPY:
358 case Runtime::TYPEDSLICECOPY:
359 op << "copy";
360 break;
361
362 case Runtime::MAKECHAN:
363 case Runtime::MAKECHAN64:
364 case Runtime::MAKEMAP:
365 case Runtime::MAKESLICE:
366 case Runtime::MAKESLICE64:
367 op << "make";
368 break;
369
370 case Runtime::DEFERPROC:
371 op << "defer";
372 break;
373
374 case Runtime::GORECOVER:
375 op << "recover";
376 break;
377
378 case Runtime::CLOSE:
379 op << "close";
380 break;
381
382 default:
383 break;
384 }
385 }
386 break;
387
388 case Expression::EXPRESSION_ALLOCATION:
389 op << "new";
390 break;
391
392 case Expression::EXPRESSION_RECEIVE:
393 op << "<-";
394 break;
395
396 default:
397 break;
398 }
399 }
400
401 if (this->statement() != NULL)
402 {
403 switch (this->statement()->classification())
404 {
405 case Statement::STATEMENT_DEFER:
406 op << "defer";
407 break;
408
409 case Statement::STATEMENT_RETURN:
410 op << "return";
411 break;
412
413 default:
414 break;
415 }
416 }
417 if (this->is_indirect())
418 op << "*";
419 return op.str();
420 }
421
422 // Return this node's state, creating it if has not been initialized.
423
424 Node::Escape_state*
state(Escape_context * context,Named_object * fn)425 Node::state(Escape_context* context, Named_object* fn)
426 {
427 if (this->state_ == NULL)
428 {
429 if (this->expr() != NULL && this->expr()->var_expression() != NULL)
430 {
431 // Tie state of variable references to underlying variables.
432 Named_object* var_no = this->expr()->var_expression()->named_object();
433 Node* var_node = Node::make_node(var_no);
434 this->state_ = var_node->state(context, fn);
435 }
436 else
437 {
438 this->state_ = new Node::Escape_state;
439 if (fn == NULL)
440 fn = context->current_function();
441
442 this->state_->fn = fn;
443 }
444 }
445 go_assert(this->state_ != NULL);
446 return this->state_;
447 }
448
~Node()449 Node::~Node()
450 {
451 if (this->state_ != NULL)
452 {
453 if (this->expr() == NULL || this->expr()->var_expression() == NULL)
454 // Var expression Node is excluded since it shares state with the
455 // underlying var Node.
456 delete this->state_;
457 }
458 }
459
460 int
encoding()461 Node::encoding()
462 {
463 if (this->expr() != NULL
464 && this->expr()->var_expression() != NULL)
465 {
466 // Get the underlying object's encoding.
467 Named_object* no = this->expr()->var_expression()->named_object();
468 int enc = Node::make_node(no)->encoding();
469 this->encoding_ = enc;
470 }
471 return this->encoding_;
472 }
473
474 void
set_encoding(int enc)475 Node::set_encoding(int enc)
476 {
477 this->encoding_ = enc;
478 if (this->expr() != NULL)
479 {
480 if (this->expr()->var_expression() != NULL)
481 {
482 // Set underlying object as well.
483 Named_object* no = this->expr()->var_expression()->named_object();
484 Node::make_node(no)->set_encoding(enc);
485 }
486 else if (this->expr()->func_expression() != NULL)
487 {
488 // Propagate the escape state to the underlying
489 // closure (heap expression).
490 Expression* closure = this->expr()->func_expression()->closure();
491 if (closure != NULL)
492 Node::make_node(closure)->set_encoding(enc);
493 }
494 }
495 }
496
497 bool
is_big(Escape_context * context) const498 Node::is_big(Escape_context* context) const
499 {
500 Type* t = this->type();
501 if (t == NULL
502 || t->is_call_multiple_result_type()
503 || t->is_sink_type()
504 || t->is_void_type()
505 || t->is_abstract())
506 return false;
507
508 int64_t size;
509 bool ok = t->backend_type_size(context->gogo(), &size);
510 bool big = ok && (size < 0 || size > 10 * 1024 * 1024);
511
512 if (this->expr() != NULL)
513 {
514 if (this->expr()->allocation_expression() != NULL)
515 {
516 ok = t->deref()->backend_type_size(context->gogo(), &size);
517 big = big || size <= 0 || size >= (1 << 16);
518 }
519 else if (this->expr()->call_expression() != NULL)
520 {
521 Call_expression* call = this->expr()->call_expression();
522 Func_expression* fn = call->fn()->func_expression();
523 if (fn != NULL
524 && fn->is_runtime_function()
525 && (fn->runtime_code() == Runtime::MAKESLICE
526 || fn->runtime_code() == Runtime::MAKESLICE64))
527 {
528 // Second argument is length.
529 Expression_list::iterator p = call->args()->begin();
530 ++p;
531
532 Expression* e = *p;
533 if (e->temporary_reference_expression() != NULL)
534 {
535 Temporary_reference_expression* tre = e->temporary_reference_expression();
536 if (tre->statement() != NULL && tre->statement()->init() != NULL)
537 e = tre->statement()->init();
538 }
539
540 Numeric_constant nc;
541 unsigned long v;
542 if (e->numeric_constant_value(&nc)
543 && nc.to_unsigned_long(&v) == Numeric_constant::NC_UL_VALID)
544 big = big || v >= (1 << 16);
545 }
546 }
547 }
548
549 return big;
550 }
551
552 bool
is_sink() const553 Node::is_sink() const
554 {
555 if (this->object() != NULL
556 && this->object()->is_sink())
557 return true;
558 else if (this->expr() != NULL
559 && this->expr()->is_sink_expression())
560 return true;
561 return false;
562 }
563
564 std::map<Named_object*, Node*> Node::objects;
565 std::map<Expression*, Node*> Node::expressions;
566 std::map<Statement*, Node*> Node::statements;
567 std::vector<Node*> Node::indirects;
568
569 // Make a object node or return a cached node for this object.
570
571 Node*
make_node(Named_object * no)572 Node::make_node(Named_object* no)
573 {
574 if (Node::objects.find(no) != Node::objects.end())
575 return Node::objects[no];
576
577 Node* n = new Node(no);
578 std::pair<Named_object*, Node*> val(no, n);
579 Node::objects.insert(val);
580 return n;
581 }
582
583 // Make an expression node or return a cached node for this expression.
584
585 Node*
make_node(Expression * e)586 Node::make_node(Expression* e)
587 {
588 if (Node::expressions.find(e) != Node::expressions.end())
589 return Node::expressions[e];
590
591 Node* n = new Node(e);
592 std::pair<Expression*, Node*> val(e, n);
593 Node::expressions.insert(val);
594 return n;
595 }
596
597 // Make a statement node or return a cached node for this statement.
598
599 Node*
make_node(Statement * s)600 Node::make_node(Statement* s)
601 {
602 if (Node::statements.find(s) != Node::statements.end())
603 return Node::statements[s];
604
605 Node* n = new Node(s);
606 std::pair<Statement*, Node*> val(s, n);
607 Node::statements.insert(val);
608 return n;
609 }
610
611 // Make an indirect node with given child.
612
613 Node*
make_indirect_node(Node * child)614 Node::make_indirect_node(Node* child)
615 {
616 Node* n = new Node(child);
617 Node::indirects.push_back(n);
618 return n;
619 }
620
621 // Returns the maximum of an exisiting escape value
622 // (and its additional parameter flow flags) and a new escape type.
623
624 int
max_encoding(int e,int etype)625 Node::max_encoding(int e, int etype)
626 {
627 if ((e & ESCAPE_MASK) > etype)
628 return e;
629 if (etype == Node::ESCAPE_NONE || etype == Node::ESCAPE_RETURN)
630 return (e & ~ESCAPE_MASK) | etype;
631 return etype;
632 }
633
634 // Return a modified encoding for an input parameter that flows into an
635 // output parameter.
636
637 int
note_inout_flows(int e,int index,Level level)638 Node::note_inout_flows(int e, int index, Level level)
639 {
640 // Flow+level is encoded in two bits.
641 // 00 = not flow, xx = level+1 for 0 <= level <= maxEncodedLevel.
642 // 16 bits for Esc allows 6x2bits or 4x3bits or 3x4bits if additional
643 // information would be useful.
644 if (level.value() <= 0 && level.suffix_value() > 0)
645 return Node::max_encoding(e|ESCAPE_CONTENT_ESCAPES, Node::ESCAPE_NONE);
646 if (level.value() < 0)
647 return Node::ESCAPE_HEAP;
648 if (level.value() > ESCAPE_MAX_ENCODED_LEVEL)
649 level = Level::From(ESCAPE_MAX_ENCODED_LEVEL);
650
651 int encoded = level.value() + 1;
652 int shift = ESCAPE_BITS_PER_OUTPUT_IN_TAG * index + ESCAPE_RETURN_BITS;
653 int old = (e >> shift) & ESCAPE_BITS_MASK_FOR_TAG;
654 if (old == 0
655 || (encoded != 0 && encoded < old))
656 old = encoded;
657
658 int encoded_flow = old << shift;
659 if (((encoded_flow >> shift) & ESCAPE_BITS_MASK_FOR_TAG) != old)
660 {
661 // Failed to encode. Put this on the heap.
662 return Node::ESCAPE_HEAP;
663 }
664
665 return (e & ~(ESCAPE_BITS_MASK_FOR_TAG << shift)) | encoded_flow;
666 }
667
668 // Class Escape_context.
669
Escape_context(Gogo * gogo,bool recursive)670 Escape_context::Escape_context(Gogo* gogo, bool recursive)
671 : gogo_(gogo), current_function_(NULL), recursive_(recursive),
672 sink_(Node::make_node(Named_object::make_sink())), loop_depth_(0),
673 flood_id_(0), pdepth_(0)
674 {
675 // The sink always escapes to heap and strictly lives outside of the
676 // current function i.e. loop_depth == -1.
677 Node::Escape_state* state = this->sink_->state(this, NULL);
678 state->loop_depth = -1;
679 }
680
681 std::string
debug_function_name(Named_object * fn)682 debug_function_name(Named_object* fn)
683 {
684 if (fn == NULL)
685 return "<S>";
686
687 if (!fn->is_function())
688 return Gogo::unpack_hidden_name(fn->name());
689
690 std::string fnname = Gogo::unpack_hidden_name(fn->name());
691 if (fn->func_value()->is_method())
692 {
693 // Methods in gc compiler are named "T.m" or "(*T).m" where
694 // T is the receiver type. Add the receiver here.
695 Type* rt = fn->func_value()->type()->receiver()->type();
696 switch (rt->classification())
697 {
698 case Type::TYPE_NAMED:
699 fnname = rt->named_type()->name() + "." + fnname;
700 break;
701
702 case Type::TYPE_POINTER:
703 {
704 Named_type* nt = rt->points_to()->named_type();
705 if (nt != NULL)
706 fnname = "(*" + nt->name() + ")." + fnname;
707 break;
708 }
709
710 default:
711 break;
712 }
713 }
714
715 return fnname;
716 }
717
718 // Return the name of the current function.
719
720 std::string
current_function_name() const721 Escape_context::current_function_name() const
722 {
723 return debug_function_name(this->current_function_);
724 }
725
726 // Initialize the dummy return values for this Node N using the results
727 // in FNTYPE.
728
729 void
init_retvals(Node * n,Function_type * fntype)730 Escape_context::init_retvals(Node* n, Function_type* fntype)
731 {
732 if (fntype == NULL || fntype->results() == NULL)
733 return;
734
735 Node::Escape_state* state = n->state(this, NULL);
736 state->retvals.clear();
737 Location loc = n->location();
738
739 int i = 0;
740 char buf[50];
741 for (Typed_identifier_list::const_iterator p = fntype->results()->begin();
742 p != fntype->results()->end();
743 ++p, ++i)
744 {
745 snprintf(buf, sizeof buf, ".out%d", i);
746 Variable* dummy_var = new Variable(p->type(), NULL, false, false,
747 false, loc);
748 dummy_var->set_is_used();
749 Named_object* dummy_no =
750 Named_object::make_variable(buf, NULL, dummy_var);
751 Node* dummy_node = Node::make_node(dummy_no);
752 // Initialize the state of the dummy output node.
753 Node::Escape_state* dummy_node_state = dummy_node->state(this, NULL);
754 dummy_node_state->loop_depth = this->loop_depth_;
755
756 // Add dummy node to the retvals of n.
757 state->retvals.push_back(dummy_node);
758 }
759 }
760
761
762 // Apply an indirection to N and return the result.
763
764 Node*
add_dereference(Node * n)765 Escape_context::add_dereference(Node* n)
766 {
767 Expression* e = n->expr();
768 Location loc = n->location();
769 Node* ind;
770 if (e != NULL
771 && e->type()->points_to() != NULL
772 && !e->type()->points_to()->is_void_type())
773 {
774 // We don't dereference void*, which can be actually any pointer type.
775 Expression* deref_expr = Expression::make_unary(OPERATOR_MULT, e, loc);
776 ind = Node::make_node(deref_expr);
777 }
778 else
779 // The gc compiler simply makes an OIND node. We can't do it
780 // for non-pointer type because that will result in a type error.
781 // Instead, we model this by making a node with a special flavor.
782 ind = Node::make_indirect_node(n);
783
784 // Initialize the state.
785 Node::Escape_state* state = ind->state(this, NULL);
786 state->loop_depth = n->state(this, NULL)->loop_depth;
787 return ind;
788 }
789
790 void
track(Node * n)791 Escape_context::track(Node* n)
792 {
793 n->set_encoding(Node::ESCAPE_NONE);
794 // Initialize this node's state if it hasn't been encountered
795 // before.
796 Node::Escape_state* state = n->state(this, NULL);
797 state->loop_depth = this->loop_depth_;
798
799 this->noesc_.push_back(n);
800 }
801
802 // Return the string representation of an escapement encoding.
803
804 std::string
make_tag(int encoding)805 Escape_note::make_tag(int encoding)
806 {
807 char buf[50];
808 snprintf(buf, sizeof buf, "esc:0x%x", encoding);
809 return buf;
810 }
811
812 // Return the escapement encoding for a string tag.
813
814 int
parse_tag(std::string * tag)815 Escape_note::parse_tag(std::string* tag)
816 {
817 if (tag == NULL || tag->substr(0, 4) != "esc:")
818 return Node::ESCAPE_UNKNOWN;
819 int encoding = (int)strtol(tag->substr(4).c_str(), NULL, 0);
820 if (encoding == 0)
821 return Node::ESCAPE_UNKNOWN;
822 return encoding;
823 }
824
825
826 // The -fgo-optimize-alloc flag activates this escape analysis.
827
828 Go_optimize optimize_allocation_flag("allocs", true);
829
830 // A helper function to compute whether a function name has a
831 // matching hash value.
832
833 static bool
escape_hash_match(std::string suffix,std::string name)834 escape_hash_match(std::string suffix, std::string name)
835 {
836 if (suffix.empty())
837 return true;
838 if (suffix.at(0) == '-')
839 return !escape_hash_match(suffix.substr(1), name);
840
841 const char* p = name.c_str();
842 Go_sha1_helper* sha1_helper = go_create_sha1_helper();
843 sha1_helper->process_bytes(p, strlen(p));
844 std::string s = sha1_helper->finish();
845 delete sha1_helper;
846
847 int j = suffix.size() - 1;
848 for (int i = s.size() - 1; i >= 0; i--)
849 {
850 char c = s.at(i);
851 for (int k = 0; k < 8; k++, j--, c>>=1)
852 {
853 if (j < 0)
854 return true;
855 char bit = suffix.at(j) - '0';
856 if ((c&1) != bit)
857 return false;
858 }
859 }
860 return false;
861 }
862
863 // Analyze the program flow for escape information.
864
865 void
analyze_escape()866 Gogo::analyze_escape()
867 {
868 if (saw_errors())
869 return;
870
871 if (!optimize_allocation_flag.is_enabled()
872 && !this->compiling_runtime())
873 // We always run escape analysis when compiling runtime.
874 return;
875
876 // Discover strongly connected groups of functions to analyze for escape
877 // information in this package.
878 this->discover_analysis_sets();
879
880 if (!this->debug_escape_hash().empty())
881 std::cerr << "debug-escape-hash " << this->debug_escape_hash() << "\n";
882
883 for (std::vector<Analysis_set>::iterator p = this->analysis_sets_.begin();
884 p != this->analysis_sets_.end();
885 ++p)
886 {
887 std::vector<Named_object*> stack = p->first;
888
889 if (!this->debug_escape_hash().empty())
890 {
891 bool match = false;
892 for (std::vector<Named_object*>::const_iterator fn = stack.begin();
893 fn != stack.end();
894 ++fn)
895 match = match || escape_hash_match(this->debug_escape_hash(), (*fn)->message_name());
896 if (!match)
897 {
898 // Escape analysis won't run on these functions, but still
899 // need to tag them, so the caller knows.
900 for (std::vector<Named_object*>::iterator fn = stack.begin();
901 fn != stack.end();
902 ++fn)
903 if ((*fn)->is_function())
904 {
905 Function_type* fntype = (*fn)->func_value()->type();
906 fntype->set_is_tagged();
907
908 std::cerr << "debug-escape-hash disables " << debug_function_name(*fn) << "\n";
909 }
910
911 continue;
912 }
913 for (std::vector<Named_object*>::const_iterator fn = stack.begin();
914 fn != stack.end();
915 ++fn)
916 if ((*fn)->is_function())
917 std::cerr << "debug-escape-hash triggers " << debug_function_name(*fn) << "\n";
918 }
919
920 Escape_context* context = new Escape_context(this, p->second);
921
922 // Analyze the flow of each function; build the connection graph.
923 // This is the assign phase.
924 for (std::vector<Named_object*>::reverse_iterator fn = stack.rbegin();
925 fn != stack.rend();
926 ++fn)
927 {
928 context->set_current_function(*fn);
929 this->assign_connectivity(context, *fn);
930 }
931
932 // Propagate levels across each dst. This is the flood phase.
933 std::set<Node*> dsts = context->dsts();
934 Unordered_map(Node*, int) escapes;
935 for (std::set<Node*>::iterator n = dsts.begin();
936 n != dsts.end();
937 ++n)
938 {
939 escapes[*n] = (*n)->encoding();
940 this->propagate_escape(context, *n);
941 }
942 for (;;)
943 {
944 // Reflood if the roots' escape states increase. Run until fix point.
945 // This is rare.
946 bool done = true;
947 for (std::set<Node*>::iterator n = dsts.begin();
948 n != dsts.end();
949 ++n)
950 {
951 if ((*n)->object() == NULL
952 && ((*n)->expr() == NULL
953 || ((*n)->expr()->var_expression() == NULL
954 && (*n)->expr()->enclosed_var_expression() == NULL
955 && (*n)->expr()->func_expression() == NULL)))
956 continue;
957 if (escapes[*n] != (*n)->encoding())
958 {
959 done = false;
960 if (this->debug_escape_level() > 2)
961 go_inform((*n)->location(), "Reflooding %s %s",
962 debug_function_name((*n)->state(context, NULL)->fn).c_str(),
963 (*n)->ast_format(this).c_str());
964 escapes[*n] = (*n)->encoding();
965 this->propagate_escape(context, *n);
966 }
967 }
968 if (done)
969 break;
970 }
971
972 // Tag each exported function's parameters with escape information.
973 for (std::vector<Named_object*>::iterator fn = stack.begin();
974 fn != stack.end();
975 ++fn)
976 this->tag_function(context, *fn);
977
978 if (this->debug_escape_level() != 0)
979 {
980 std::vector<Node*> noesc = context->non_escaping_nodes();
981 for (std::vector<Node*>::const_iterator n = noesc.begin();
982 n != noesc.end();
983 ++n)
984 {
985 Node::Escape_state* state = (*n)->state(context, NULL);
986 if ((*n)->encoding() == Node::ESCAPE_NONE)
987 go_inform((*n)->location(), "%s %s does not escape",
988 strip_packed_prefix(this, debug_function_name(state->fn)).c_str(),
989 (*n)->ast_format(this).c_str());
990 }
991 }
992 delete context;
993 }
994 }
995
996 // Traverse the program, discovering the functions that are roots of strongly
997 // connected components. The goal of this phase to produce a set of functions
998 // that must be analyzed in order.
999
1000 class Escape_analysis_discover : public Traverse
1001 {
1002 public:
Escape_analysis_discover(Gogo * gogo)1003 Escape_analysis_discover(Gogo* gogo)
1004 : Traverse(traverse_functions | traverse_func_declarations),
1005 gogo_(gogo), component_ids_()
1006 { }
1007
1008 int
1009 function(Named_object*);
1010
1011 int
1012 function_declaration(Named_object*);
1013
1014 int
1015 visit(Named_object*);
1016
1017 int
1018 visit_code(Named_object*, int);
1019
1020 private:
1021 // A counter used to generate the ID for the function node in the graph.
1022 static int id;
1023
1024 // Type used to map functions to an ID in a graph of connected components.
1025 typedef Unordered_map(Named_object*, int) Component_ids;
1026
1027 // The Go IR.
1028 Gogo* gogo_;
1029 // The list of functions encountered during connected component discovery.
1030 Component_ids component_ids_;
1031 // The stack of functions that this component consists of.
1032 std::stack<Named_object*> stack_;
1033 };
1034
1035 int Escape_analysis_discover::id = 0;
1036
1037 // Visit each function.
1038
1039 int
function(Named_object * fn)1040 Escape_analysis_discover::function(Named_object* fn)
1041 {
1042 this->visit(fn);
1043 return TRAVERSE_CONTINUE;
1044 }
1045
1046 int
function_declaration(Named_object * fn)1047 Escape_analysis_discover::function_declaration(Named_object* fn)
1048 {
1049 this->visit(fn);
1050 return TRAVERSE_CONTINUE;
1051 }
1052
1053 // Visit a function FN, adding it to the current stack of functions
1054 // in this connected component. If this is the root of the component,
1055 // create a set of functions to be analyzed later.
1056 //
1057 // Finding these sets is finding strongly connected components
1058 // in the static call graph. The algorithm for doing that is taken
1059 // from Sedgewick, Algorithms, Second Edition, p. 482, with two
1060 // adaptations.
1061 //
1062 // First, a closure (fn->func_value()->enclosing() == NULL) cannot be the
1063 // root of a connected component. Refusing to use it as a root
1064 // forces it into the component of the function in which it appears.
1065 // This is more convenient for escape analysis.
1066 //
1067 // Second, each function becomes two virtual nodes in the graph,
1068 // with numbers n and n+1. We record the function's node number as n
1069 // but search from node n+1. If the search tells us that the component
1070 // number (min) is n+1, we know that this is a trivial component: one function
1071 // plus its closures. If the search tells us that the component number is
1072 // n, then there was a path from node n+1 back to node n, meaning that
1073 // the function set is mutually recursive. The escape analysis can be
1074 // more precise when analyzing a single non-recursive function than
1075 // when analyzing a set of mutually recursive functions.
1076
1077 int
visit(Named_object * fn)1078 Escape_analysis_discover::visit(Named_object* fn)
1079 {
1080 Component_ids::const_iterator p = this->component_ids_.find(fn);
1081 if (p != this->component_ids_.end())
1082 // Already visited.
1083 return p->second;
1084
1085 this->id++;
1086 int id = this->id;
1087 this->component_ids_[fn] = id;
1088 this->id++;
1089 int min = this->id;
1090
1091 this->stack_.push(fn);
1092 min = this->visit_code(fn, min);
1093 if ((min == id || min == id + 1)
1094 && ((fn->is_function() && fn->func_value()->enclosing() == NULL)
1095 || fn->is_function_declaration()))
1096 {
1097 bool recursive = min == id;
1098 std::vector<Named_object*> group;
1099
1100 for (; !this->stack_.empty(); this->stack_.pop())
1101 {
1102 Named_object* n = this->stack_.top();
1103 if (n == fn)
1104 {
1105 this->stack_.pop();
1106 break;
1107 }
1108
1109 group.push_back(n);
1110 this->component_ids_[n] = std::numeric_limits<int>::max();
1111 }
1112 group.push_back(fn);
1113 this->component_ids_[fn] = std::numeric_limits<int>::max();
1114
1115 std::reverse(group.begin(), group.end());
1116 this->gogo_->add_analysis_set(group, recursive);
1117 }
1118
1119 return min;
1120 }
1121
1122 // Helper class for discovery step. Traverse expressions looking for
1123 // function calls and closures to visit during the discovery step.
1124
1125 class Escape_discover_expr : public Traverse
1126 {
1127 public:
Escape_discover_expr(Escape_analysis_discover * ead,int min)1128 Escape_discover_expr(Escape_analysis_discover* ead, int min)
1129 : Traverse(traverse_expressions),
1130 ead_(ead), min_(min)
1131 { }
1132
1133 int
min()1134 min()
1135 { return this->min_; }
1136
1137 int
1138 expression(Expression** pexpr);
1139
1140 private:
1141 // The original discovery analysis.
1142 Escape_analysis_discover* ead_;
1143 // The minimum component ID in this group.
1144 int min_;
1145 };
1146
1147 // Visit any calls or closures found when discovering expressions.
1148
1149 int
expression(Expression ** pexpr)1150 Escape_discover_expr::expression(Expression** pexpr)
1151 {
1152 Expression* e = *pexpr;
1153 Named_object* fn = NULL;
1154 if (e->call_expression() != NULL
1155 && e->call_expression()->fn()->func_expression() != NULL)
1156 {
1157 // Method call or function call.
1158 fn = e->call_expression()->fn()->func_expression()->named_object();
1159 }
1160 else if (e->func_expression() != NULL
1161 && e->func_expression()->closure() != NULL)
1162 {
1163 // Closure.
1164 fn = e->func_expression()->named_object();
1165 }
1166
1167 if (fn != NULL)
1168 this->min_ = std::min(this->min_, this->ead_->visit(fn));
1169 return TRAVERSE_CONTINUE;
1170 }
1171
1172 // Visit the body of each function, returns ID of the minimum connected
1173 // component found in the body.
1174
1175 int
visit_code(Named_object * fn,int min)1176 Escape_analysis_discover::visit_code(Named_object* fn, int min)
1177 {
1178 if (!fn->is_function())
1179 return min;
1180
1181 Escape_discover_expr ede(this, min);
1182 fn->func_value()->traverse(&ede);
1183 return ede.min();
1184 }
1185
1186 // Discover strongly connected groups of functions to analyze.
1187
1188 void
discover_analysis_sets()1189 Gogo::discover_analysis_sets()
1190 {
1191 Escape_analysis_discover ead(this);
1192 this->traverse(&ead);
1193 }
1194
1195 // Traverse all label and goto statements and mark the underlying label
1196 // as looping or not looping.
1197
1198 class Escape_analysis_loop : public Traverse
1199 {
1200 public:
Escape_analysis_loop()1201 Escape_analysis_loop()
1202 : Traverse(traverse_statements)
1203 { }
1204
1205 int
1206 statement(Block*, size_t*, Statement*);
1207 };
1208
1209 int
statement(Block *,size_t *,Statement * s)1210 Escape_analysis_loop::statement(Block*, size_t*, Statement* s)
1211 {
1212 if (s->label_statement() != NULL)
1213 s->label_statement()->label()->set_nonlooping();
1214 else if (s->goto_statement() != NULL)
1215 {
1216 if (s->goto_statement()->label()->nonlooping())
1217 s->goto_statement()->label()->set_looping();
1218 }
1219 return TRAVERSE_CONTINUE;
1220 }
1221
1222 // Traversal class used to look at all interesting statements within a function
1223 // in order to build a connectivity graph between all nodes within a context's
1224 // scope.
1225
1226 class Escape_analysis_assign : public Traverse
1227 {
1228 public:
Escape_analysis_assign(Escape_context * context,Named_object * fn)1229 Escape_analysis_assign(Escape_context* context, Named_object* fn)
1230 : Traverse(traverse_statements
1231 | traverse_expressions),
1232 context_(context), fn_(fn)
1233 { }
1234
1235 // Model statements within a function as assignments and flows between nodes.
1236 int
1237 statement(Block*, size_t*, Statement*);
1238
1239 // Model expressions within a function as assignments and flows between nodes.
1240 int
1241 expression(Expression**);
1242
1243 // Model calls within a function as assignments and flows between arguments
1244 // and results.
1245 void
1246 call(Call_expression* call);
1247
1248 // Model the assignment of DST to SRC.
1249 void
1250 assign(Node* dst, Node* src);
1251
1252 // Model the assignment of DST to dereference of SRC.
1253 void
1254 assign_deref(Node* dst, Node* src);
1255
1256 // Model the input-to-output assignment flow of one of a function call's
1257 // arguments, where the flow is encoding in NOTE.
1258 int
1259 assign_from_note(std::string* note, const std::vector<Node*>& dsts,
1260 Node* src);
1261
1262 // Record the flow of SRC to DST in DST.
1263 void
1264 flows(Node* dst, Node* src);
1265
1266 private:
1267 // The escape context for this set of functions.
1268 Escape_context* context_;
1269 // The current function being analyzed.
1270 Named_object* fn_;
1271 };
1272
1273 // Helper function to detect self assignment like the following.
1274 //
1275 // func (b *Buffer) Foo() {
1276 // n, m := ...
1277 // b.buf = b.buf[n:m]
1278 // }
1279
1280 static bool
is_self_assignment(Expression * lhs,Expression * rhs)1281 is_self_assignment(Expression* lhs, Expression* rhs)
1282 {
1283 Unary_expression* lue =
1284 (lhs->field_reference_expression() != NULL
1285 ? lhs->field_reference_expression()->expr()->unary_expression()
1286 : lhs->unary_expression());
1287 Var_expression* lve =
1288 (lue != NULL && lue->op() == OPERATOR_MULT ? lue->operand()->var_expression() : NULL);
1289 Array_index_expression* raie = rhs->array_index_expression();
1290 String_index_expression* rsie = rhs->string_index_expression();
1291 Expression* rarray =
1292 (raie != NULL && raie->end() != NULL && raie->array()->type()->is_slice_type()
1293 ? raie->array()
1294 : (rsie != NULL && rsie->type()->is_string_type() ? rsie->string() : NULL));
1295 Unary_expression* rue =
1296 (rarray != NULL && rarray->field_reference_expression() != NULL
1297 ? rarray->field_reference_expression()->expr()->unary_expression()
1298 : (rarray != NULL ? rarray->unary_expression() : NULL));
1299 Var_expression* rve =
1300 (rue != NULL && rue->op() == OPERATOR_MULT ? rue->operand()->var_expression() : NULL);
1301 return lve != NULL && rve != NULL
1302 && lve->named_object() == rve->named_object();
1303 }
1304
1305 // Model statements within a function as assignments and flows between nodes.
1306
1307 int
statement(Block *,size_t *,Statement * s)1308 Escape_analysis_assign::statement(Block*, size_t*, Statement* s)
1309 {
1310 // Adjust the loop depth as we enter/exit blocks related to for statements.
1311 bool is_for_statement = (s->is_block_statement()
1312 && s->block_statement()->is_lowered_for_statement());
1313 if (is_for_statement)
1314 this->context_->increase_loop_depth();
1315
1316 s->traverse_contents(this);
1317
1318 if (is_for_statement)
1319 this->context_->decrease_loop_depth();
1320
1321 Gogo* gogo = this->context_->gogo();
1322 int debug_level = gogo->debug_escape_level();
1323 if (debug_level > 1
1324 && s->unnamed_label_statement() == NULL
1325 && s->expression_statement() == NULL
1326 && !s->is_block_statement())
1327 {
1328 Node* n = Node::make_node(s);
1329 std::string fn_name = this->context_->current_function_name();
1330 go_inform(s->location(), "[%d] %s esc: %s",
1331 this->context_->loop_depth(), fn_name.c_str(),
1332 n->ast_format(gogo).c_str());
1333 }
1334
1335 switch (s->classification())
1336 {
1337 case Statement::STATEMENT_VARIABLE_DECLARATION:
1338 {
1339 Named_object* var = s->variable_declaration_statement()->var();
1340 Node* var_node = Node::make_node(var);
1341 Node::Escape_state* state = var_node->state(this->context_, NULL);
1342 state->loop_depth = this->context_->loop_depth();
1343
1344 // Set the loop depth for this declaration.
1345 if (var->is_variable()
1346 && var->var_value()->init() != NULL)
1347 {
1348 Node* init_node = Node::make_node(var->var_value()->init());
1349 this->assign(var_node, init_node);
1350 }
1351 }
1352 break;
1353
1354 case Statement::STATEMENT_TEMPORARY:
1355 {
1356 Expression* init = s->temporary_statement()->init();
1357 if (init != NULL)
1358 this->assign(Node::make_node(s), Node::make_node(init));
1359 }
1360 break;
1361
1362 case Statement::STATEMENT_LABEL:
1363 {
1364 Label_statement* label_stmt = s->label_statement();
1365 if (label_stmt->label()->looping())
1366 this->context_->increase_loop_depth();
1367
1368 if (debug_level > 1)
1369 {
1370 std::string label_type = (label_stmt->label()->looping()
1371 ? "looping"
1372 : "nonlooping");
1373 go_inform(s->location(), "%s %s label",
1374 label_stmt->label()->name().c_str(),
1375 label_type.c_str());
1376 }
1377 }
1378 break;
1379
1380 case Statement::STATEMENT_SWITCH:
1381 case Statement::STATEMENT_TYPE_SWITCH:
1382 // Want to model the assignment of each case variable to the switched upon
1383 // variable. This should be lowered into assignment statements; nothing
1384 // to here if that's the case.
1385 break;
1386
1387 case Statement::STATEMENT_ASSIGNMENT:
1388 {
1389 Assignment_statement* assn = s->assignment_statement();
1390 Expression* lhs = assn->lhs();
1391 Expression* rhs = assn->rhs();
1392 Node* lhs_node = Node::make_node(lhs);
1393 Node* rhs_node = Node::make_node(rhs);
1394
1395 // Filter out the following special case.
1396 //
1397 // func (b *Buffer) Foo() {
1398 // n, m := ...
1399 // b.buf = b.buf[n:m]
1400 // }
1401 //
1402 // This assignment is a no-op for escape analysis,
1403 // it does not store any new pointers into b that were not already there.
1404 // However, without this special case b will escape.
1405 if (is_self_assignment(lhs, rhs))
1406 {
1407 if (debug_level != 0)
1408 go_inform(s->location(), "%s ignoring self-assignment to %s",
1409 strip_packed_prefix(gogo, this->context_->current_function_name()).c_str(),
1410 lhs_node->ast_format(gogo).c_str());
1411 break;
1412 }
1413
1414 this->assign(lhs_node, rhs_node);
1415 }
1416 break;
1417
1418 case Statement::STATEMENT_SEND:
1419 {
1420 Node* sent_node = Node::make_node(s->send_statement()->val());
1421 this->assign(this->context_->sink(), sent_node);
1422 }
1423 break;
1424
1425 case Statement::STATEMENT_DEFER:
1426 if (this->context_->loop_depth() == 1)
1427 {
1428 // Defer statement may need to allocate a thunk. When it is
1429 // not inside a loop, this can be stack allocated, as it
1430 // runs before the function finishes.
1431 Node* n = Node::make_node(s);
1432 n->set_encoding(Node::ESCAPE_NONE);
1433 break;
1434 }
1435 // fallthrough
1436
1437 case Statement::STATEMENT_GO:
1438 {
1439 // Defer f(x) or go f(x).
1440 // Both f and x escape to the heap.
1441 Thunk_statement* thunk = s->thunk_statement();
1442 if (thunk->call()->call_expression() == NULL)
1443 break;
1444
1445 Call_expression* call = thunk->call()->call_expression();
1446 Node* func_node = Node::make_node(call->fn());
1447 this->assign(this->context_->sink(), func_node);
1448 if (call->args() != NULL)
1449 {
1450 for (Expression_list::const_iterator p = call->args()->begin();
1451 p != call->args()->end();
1452 ++p)
1453 {
1454 Node* arg_node = Node::make_node(*p);
1455 this->assign(this->context_->sink(), arg_node);
1456 }
1457 }
1458 }
1459 break;
1460
1461 default:
1462 break;
1463 }
1464 return TRAVERSE_SKIP_COMPONENTS;
1465 }
1466
1467 // Helper function to emit moved-to-heap diagnostics.
1468
1469 static void
move_to_heap(Gogo * gogo,Expression * expr)1470 move_to_heap(Gogo* gogo, Expression *expr)
1471 {
1472 Named_object* no;
1473 if (expr->var_expression() != NULL)
1474 no = expr->var_expression()->named_object();
1475 else if (expr->enclosed_var_expression() != NULL)
1476 no = expr->enclosed_var_expression()->variable();
1477 else
1478 return;
1479
1480 if ((no->is_variable()
1481 && !no->var_value()->is_global())
1482 || no->is_result_variable())
1483 {
1484 Node* n = Node::make_node(expr);
1485 if (gogo->debug_escape_level() != 0)
1486 go_inform(n->definition_location(),
1487 "moved to heap: %s",
1488 n->ast_format(gogo).c_str());
1489 if (gogo->compiling_runtime() && gogo->package_name() == "runtime")
1490 go_error_at(expr->location(),
1491 "%s escapes to heap, not allowed in runtime",
1492 n->ast_format(gogo).c_str());
1493 }
1494 }
1495
1496 // Model expressions within a function as assignments and flows between nodes.
1497
1498 int
expression(Expression ** pexpr)1499 Escape_analysis_assign::expression(Expression** pexpr)
1500 {
1501 Gogo* gogo = this->context_->gogo();
1502 int debug_level = gogo->debug_escape_level();
1503
1504 // Big stuff escapes unconditionally.
1505 Node* n = Node::make_node(*pexpr);
1506 if ((n->encoding() & ESCAPE_MASK) != int(Node::ESCAPE_HEAP)
1507 && n->is_big(this->context_))
1508 {
1509 if (debug_level > 1)
1510 go_inform((*pexpr)->location(), "%s too large for stack",
1511 n->ast_format(gogo).c_str());
1512 move_to_heap(gogo, *pexpr);
1513 n->set_encoding(Node::ESCAPE_HEAP);
1514 (*pexpr)->address_taken(true);
1515 this->assign(this->context_->sink(), n);
1516 }
1517
1518 if ((*pexpr)->func_expression() == NULL)
1519 (*pexpr)->traverse_subexpressions(this);
1520
1521 if (debug_level > 1)
1522 {
1523 Node* n = Node::make_node(*pexpr);
1524 std::string fn_name = this->context_->current_function_name();
1525 go_inform((*pexpr)->location(), "[%d] %s esc: %s",
1526 this->context_->loop_depth(), fn_name.c_str(),
1527 n->ast_format(gogo).c_str());
1528 }
1529
1530 switch ((*pexpr)->classification())
1531 {
1532 case Expression::EXPRESSION_CALL:
1533 {
1534 Call_expression* call = (*pexpr)->call_expression();
1535 if (call->is_builtin())
1536 {
1537 Builtin_call_expression* bce = call->builtin_call_expression();
1538 switch (bce->code())
1539 {
1540 case Builtin_call_expression::BUILTIN_PANIC:
1541 {
1542 // Argument could leak through recover.
1543 Node* panic_arg = Node::make_node(call->args()->front());
1544 this->assign(this->context_->sink(), panic_arg);
1545 }
1546 break;
1547
1548 case Builtin_call_expression::BUILTIN_APPEND:
1549 {
1550 // The contents being appended leak.
1551 if (call->is_varargs())
1552 {
1553 // append(slice1, slice2...) -- slice2 itself does not escape, but contents do
1554 Node* appended = Node::make_node(call->args()->back());
1555 this->assign_deref(this->context_->sink(), appended);
1556 if (debug_level > 2)
1557 go_inform((*pexpr)->location(),
1558 "special treatment of append(slice1, slice2...)");
1559 }
1560 else
1561 {
1562 for (Expression_list::const_iterator pa =
1563 call->args()->begin() + 1;
1564 pa != call->args()->end();
1565 ++pa)
1566 {
1567 Node* arg = Node::make_node(*pa);
1568 this->assign(this->context_->sink(), arg);
1569 }
1570 }
1571
1572 // The content of the original slice leaks as well.
1573 Node* appendee = Node::make_node(call->args()->front());
1574 this->assign_deref(this->context_->sink(), appendee);
1575 }
1576 break;
1577
1578 case Builtin_call_expression::BUILTIN_COPY:
1579 {
1580 // Lose track of the copied content.
1581 Node* copied = Node::make_node(call->args()->back());
1582 this->assign_deref(this->context_->sink(), copied);
1583 }
1584 break;
1585
1586 default:
1587 break;
1588 }
1589 break;
1590 }
1591 Func_expression* fe = call->fn()->func_expression();
1592 if (fe != NULL && fe->is_runtime_function())
1593 {
1594 switch (fe->runtime_code())
1595 {
1596 case Runtime::MAKECHAN:
1597 case Runtime::MAKECHAN64:
1598 case Runtime::MAKEMAP:
1599 case Runtime::MAKESLICE:
1600 case Runtime::MAKESLICE64:
1601 this->context_->track(n);
1602 break;
1603
1604 case Runtime::MAPASSIGN:
1605 {
1606 // Map key escapes. The last argument is the address
1607 // of the key.
1608 Node* key_node = Node::make_node(call->args()->back());
1609 this->assign_deref(this->context_->sink(), key_node);
1610 }
1611 break;
1612
1613 case Runtime::SELECTSEND:
1614 {
1615 // Send to a channel, lose track. The last argument is
1616 // the address of the value to send.
1617 Node* arg_node = Node::make_node(call->args()->back());
1618 this->assign_deref(this->context_->sink(), arg_node);
1619 }
1620 break;
1621
1622 case Runtime::IFACEE2T2:
1623 case Runtime::IFACEI2T2:
1624 {
1625 // x, ok = v.(T), where T is non-pointer non-interface,
1626 // is lowered to
1627 // ok = IFACEI2T2(type, v, (void*)&tmp_x)
1628 // Here v flows to tmp_x.
1629 // Note: other IFACEX2Y2 returns the conversion result.
1630 // Those are handled in ::assign.
1631 Node* src_node = Node::make_node(call->args()->at(1));
1632 Node* dst_node;
1633 Expression* arg2 = call->args()->at(2);
1634 // Try to pull tmp_x out of the arg2 expression, and let v
1635 // flows into it, instead of simply dereference arg2,
1636 // which looks like dereference of an arbitrary pointer
1637 // and causes v immediately escape.
1638 // The expression form matches statement.cc,
1639 // Tuple_type_guard_assignment_statement::lower_to_object_type.
1640 Unary_expression* ue =
1641 (arg2->conversion_expression() != NULL
1642 ? arg2->conversion_expression()->expr()->unary_expression()
1643 : arg2->unary_expression());
1644 if (ue != NULL && ue->op() == OPERATOR_AND)
1645 {
1646 if (!ue->operand()->type()->has_pointer())
1647 // Don't bother flowing non-pointer.
1648 break;
1649 dst_node = Node::make_node(ue->operand());
1650 }
1651 else
1652 dst_node = this->context_->add_dereference(Node::make_node(arg2));
1653 this->assign(dst_node, src_node);
1654 }
1655 break;
1656
1657 default:
1658 break;
1659 }
1660 }
1661 else
1662 this->call(call);
1663 }
1664 break;
1665
1666 case Expression::EXPRESSION_ALLOCATION:
1667 // This is Runtime::NEW.
1668 this->context_->track(n);
1669 break;
1670
1671 case Expression::EXPRESSION_STRING_CONCAT:
1672 this->context_->track(n);
1673 break;
1674
1675 case Expression::EXPRESSION_CONVERSION:
1676 {
1677 Type_conversion_expression* tce = (*pexpr)->conversion_expression();
1678 Type* ft = tce->expr()->type();
1679 Type* tt = tce->type();
1680 if ((ft->is_string_type() && tt->is_slice_type())
1681 || (ft->is_slice_type() && tt->is_string_type())
1682 || (ft->integer_type() != NULL && tt->is_string_type()))
1683 {
1684 // string([]byte), string([]rune), []byte(string), []rune(string), string(rune)
1685 this->context_->track(n);
1686 break;
1687 }
1688 Node* tce_node = Node::make_node(tce);
1689 Node* converted = Node::make_node(tce->expr());
1690 this->context_->track(tce_node);
1691
1692 this->assign(tce_node, converted);
1693 }
1694 break;
1695
1696 case Expression::EXPRESSION_FIXED_ARRAY_CONSTRUCTION:
1697 case Expression::EXPRESSION_SLICE_CONSTRUCTION:
1698 {
1699 Node* array_node = Node::make_node(*pexpr);
1700 if ((*pexpr)->slice_literal() != NULL)
1701 this->context_->track(array_node);
1702
1703 Expression_list* vals = ((*pexpr)->slice_literal() != NULL
1704 ? (*pexpr)->slice_literal()->vals()
1705 : (*pexpr)->array_literal()->vals());
1706
1707 if (vals != NULL)
1708 {
1709 // Connect the array to its values.
1710 for (Expression_list::const_iterator p = vals->begin();
1711 p != vals->end();
1712 ++p)
1713 if ((*p) != NULL)
1714 this->assign(array_node, Node::make_node(*p));
1715 }
1716 }
1717 break;
1718
1719 case Expression::EXPRESSION_STRUCT_CONSTRUCTION:
1720 {
1721 Node* struct_node = Node::make_node(*pexpr);
1722 Expression_list* vals = (*pexpr)->struct_literal()->vals();
1723 if (vals != NULL)
1724 {
1725 // Connect the struct to its values.
1726 for (Expression_list::const_iterator p = vals->begin();
1727 p != vals->end();
1728 ++p)
1729 {
1730 if ((*p) != NULL)
1731 this->assign(struct_node, Node::make_node(*p));
1732 }
1733 }
1734 }
1735 break;
1736
1737 case Expression::EXPRESSION_HEAP:
1738 {
1739 Node* pointer_node = Node::make_node(*pexpr);
1740 Node* lit_node = Node::make_node((*pexpr)->heap_expression()->expr());
1741 this->context_->track(pointer_node);
1742
1743 // Connect pointer node to literal node; if the pointer node escapes, so
1744 // does the literal node.
1745 this->assign(pointer_node, lit_node);
1746 }
1747 break;
1748
1749 case Expression::EXPRESSION_BOUND_METHOD:
1750 {
1751 Node* bound_node = Node::make_node(*pexpr);
1752 this->context_->track(bound_node);
1753
1754 Expression* obj = (*pexpr)->bound_method_expression()->first_argument();
1755 Node* obj_node = Node::make_node(obj);
1756
1757 // A bound method implies the receiver will be used outside of the
1758 // lifetime of the method in some way. We lose track of the receiver.
1759 this->assign(this->context_->sink(), obj_node);
1760 }
1761 break;
1762
1763 case Expression::EXPRESSION_MAP_CONSTRUCTION:
1764 {
1765 Map_construction_expression* mce = (*pexpr)->map_literal();
1766 Node* map_node = Node::make_node(mce);
1767 this->context_->track(map_node);
1768
1769 // All keys and values escape to memory.
1770 if (mce->vals() != NULL)
1771 {
1772 for (Expression_list::const_iterator p = mce->vals()->begin();
1773 p != mce->vals()->end();
1774 ++p)
1775 {
1776 if ((*p) != NULL)
1777 this->assign(this->context_->sink(), Node::make_node(*p));
1778 }
1779 }
1780 }
1781 break;
1782
1783 case Expression::EXPRESSION_FUNC_REFERENCE:
1784 {
1785 Func_expression* fe = (*pexpr)->func_expression();
1786 if (fe->closure() != NULL)
1787 {
1788 // Connect captured variables to the closure.
1789 Node* closure_node = Node::make_node(fe);
1790 this->context_->track(closure_node);
1791
1792 // A closure expression already exists as the heap expression:
1793 // &struct{f func_code, v []*Variable}{...}.
1794 // Link closure to the addresses of the variables enclosed.
1795 Heap_expression* he = fe->closure()->heap_expression();
1796 Struct_construction_expression* sce = he->expr()->struct_literal();
1797
1798 // First field is function code, other fields are variable
1799 // references.
1800 Expression_list::const_iterator p = sce->vals()->begin();
1801 ++p;
1802 for (; p != sce->vals()->end(); ++p)
1803 {
1804 Node* enclosed_node = Node::make_node(*p);
1805 this->context_->track(enclosed_node);
1806 this->assign(closure_node, enclosed_node);
1807 }
1808 }
1809 }
1810 break;
1811
1812 case Expression::EXPRESSION_UNARY:
1813 {
1814 if ((*pexpr)->unary_expression()->op() != OPERATOR_AND)
1815 break;
1816
1817 Node* addr_node = Node::make_node(*pexpr);
1818 this->context_->track(addr_node);
1819
1820 Expression* operand = (*pexpr)->unary_expression()->operand();
1821 Named_object* var = NULL;
1822 if (operand->var_expression() != NULL)
1823 var = operand->var_expression()->named_object();
1824 else if (operand->enclosed_var_expression() != NULL)
1825 var = operand->enclosed_var_expression()->variable();
1826
1827 if (var == NULL)
1828 break;
1829
1830 if (var->is_variable()
1831 && !var->var_value()->is_parameter())
1832 {
1833 // For &x, use the loop depth of x if known.
1834 Node::Escape_state* addr_state =
1835 addr_node->state(this->context_, NULL);
1836 Node* operand_node = Node::make_node(operand);
1837 Node::Escape_state* operand_state =
1838 operand_node->state(this->context_, NULL);
1839 if (operand_state->loop_depth != 0)
1840 addr_state->loop_depth = operand_state->loop_depth;
1841 }
1842 else if ((var->is_variable()
1843 && var->var_value()->is_parameter())
1844 || var->is_result_variable())
1845 {
1846 Node::Escape_state* addr_state =
1847 addr_node->state(this->context_, NULL);
1848 addr_state->loop_depth = 1;
1849 }
1850 }
1851 break;
1852
1853 case Expression::EXPRESSION_ARRAY_INDEX:
1854 {
1855 Array_index_expression* aie = (*pexpr)->array_index_expression();
1856 if (aie->end() != NULL && !aie->array()->type()->is_slice_type())
1857 {
1858 // Slicing an array.
1859 Expression* addr = Expression::make_unary(OPERATOR_AND, aie->array(),
1860 aie->location());
1861 Node* addr_node = Node::make_node(addr);
1862 n->set_child(addr_node);
1863 this->context_->track(addr_node);
1864 }
1865 }
1866 break;
1867
1868 default:
1869 break;
1870 }
1871 return TRAVERSE_SKIP_COMPONENTS;
1872 }
1873
1874 // Model calls within a function as assignments and flows between arguments
1875 // and results.
1876
1877 void
call(Call_expression * call)1878 Escape_analysis_assign::call(Call_expression* call)
1879 {
1880 Gogo* gogo = this->context_->gogo();
1881 int debug_level = gogo->debug_escape_level();
1882
1883 Func_expression* fn = call->fn()->func_expression();
1884 Function_type* fntype = call->get_function_type();
1885 bool indirect = false;
1886
1887 // Interface method calls or closure calls are indirect calls.
1888 if (fntype == NULL
1889 || (fntype->is_method()
1890 && fntype->receiver()->type()->interface_type() != NULL)
1891 || fn == NULL
1892 || (fn->named_object()->is_function()
1893 && fn->named_object()->func_value()->enclosing() != NULL))
1894 indirect = true;
1895
1896 Node* call_node = Node::make_node(call);
1897 std::vector<Node*> arg_nodes;
1898 if (call->fn()->interface_field_reference_expression() != NULL)
1899 {
1900 Interface_field_reference_expression* ifre =
1901 call->fn()->interface_field_reference_expression();
1902 Node* field_node = Node::make_node(ifre->expr());
1903 arg_nodes.push_back(field_node);
1904 }
1905
1906 if (call->args() != NULL)
1907 {
1908 for (Expression_list::const_iterator p = call->args()->begin();
1909 p != call->args()->end();
1910 ++p)
1911 arg_nodes.push_back(Node::make_node(*p));
1912 }
1913
1914 if (indirect)
1915 {
1916 // We don't know what happens to the parameters through indirect calls.
1917 // Be conservative and assume they all flow to theSink.
1918 for (std::vector<Node*>::iterator p = arg_nodes.begin();
1919 p != arg_nodes.end();
1920 ++p)
1921 {
1922 if (debug_level > 2)
1923 go_inform(call->location(),
1924 "esccall:: indirect call <- %s, untracked",
1925 (*p)->ast_format(gogo).c_str());
1926 this->assign(this->context_->sink(), *p);
1927 }
1928
1929 this->context_->init_retvals(call_node, fntype);
1930
1931 // It could be a closure call that returns captured variable.
1932 // Model this by flowing the func expression to result.
1933 // See issue #14409.
1934 Node* fn_node = Node::make_node(call->fn());
1935 std::vector<Node*> retvals = call_node->state(this->context_, NULL)->retvals;
1936 for (std::vector<Node*>::const_iterator p = retvals.begin();
1937 p != retvals.end();
1938 ++p)
1939 this->assign_deref(*p, fn_node);
1940
1941 return;
1942 }
1943
1944 // If FN is an untagged function.
1945 if (fn != NULL
1946 && fn->named_object()->is_function()
1947 && !fntype->is_tagged())
1948 {
1949 if (debug_level > 2)
1950 go_inform(call->location(), "esccall:: %s in recursive group",
1951 call_node->ast_format(gogo).c_str());
1952
1953 Function* f = fn->named_object()->func_value();
1954 const Bindings* callee_bindings = f->block()->bindings();
1955 Function::Results* results = f->result_variables();
1956 if (results != NULL)
1957 {
1958 // Setup output list on this call node.
1959 Node::Escape_state* state = call_node->state(this->context_, NULL);
1960 for (Function::Results::const_iterator p1 = results->begin();
1961 p1 != results->end();
1962 ++p1)
1963 {
1964 Node* result_node = Node::make_node(*p1);
1965 state->retvals.push_back(result_node);
1966 }
1967 }
1968
1969 std::vector<Node*>::iterator p = arg_nodes.begin();
1970 if (fntype->is_method())
1971 {
1972 std::string rcvr_name = fntype->receiver()->name();
1973 if (rcvr_name.empty() || Gogo::is_sink_name(rcvr_name)
1974 || !fntype->receiver()->type()->has_pointer())
1975 ;
1976 else
1977 {
1978 Named_object* rcvr_no =
1979 callee_bindings->lookup_local(fntype->receiver()->name());
1980 go_assert(rcvr_no != NULL);
1981 Node* rcvr_node = Node::make_node(rcvr_no);
1982 if (fntype->receiver()->type()->points_to() == NULL
1983 && (*p)->expr()->type()->points_to() != NULL)
1984 // This is a call to a value method that has been lowered into a call
1985 // to a pointer method. Gccgo generates a pointer method for all
1986 // method calls and takes the address of the value passed as the
1987 // receiver then immediately dereferences it within the function.
1988 // In this case, the receiver address does not escape; its content
1989 // flows to the call.
1990 this->assign_deref(rcvr_node, *p);
1991 else
1992 this->assign(rcvr_node, *p);
1993 }
1994 ++p;
1995 }
1996
1997 const Typed_identifier_list* til = fntype->parameters();
1998 if (til != NULL)
1999 {
2000 for (Typed_identifier_list::const_iterator p1 = til->begin();
2001 p1 != til->end();
2002 ++p1, ++p)
2003 {
2004 if (p1->name().empty() || Gogo::is_sink_name(p1->name()))
2005 continue;
2006
2007 Named_object* param_no =
2008 callee_bindings->lookup_local(p1->name());
2009 go_assert(param_no != NULL);
2010 Expression* arg = (*p)->expr();
2011 if (arg->var_expression() != NULL
2012 && arg->var_expression()->named_object() == param_no)
2013 continue;
2014
2015 Node* param_node = Node::make_node(param_no);
2016 this->assign(param_node, *p);
2017 }
2018
2019 for (; p != arg_nodes.end(); ++p)
2020 {
2021 if (debug_level > 2)
2022 go_inform(call->location(), "esccall:: ... <- %s, untracked",
2023 (*p)->ast_format(gogo).c_str());
2024 this->assign(this->context_->sink(), *p);
2025 }
2026 }
2027
2028 return;
2029 }
2030
2031 if (debug_level > 2)
2032 go_inform(call->location(), "esccall:: %s not recursive",
2033 call_node->ast_format(gogo).c_str());
2034
2035 Node::Escape_state* call_state = call_node->state(this->context_, NULL);
2036 if (!call_state->retvals.empty())
2037 go_error_at(Linemap::unknown_location(),
2038 "esc already decorated call %s",
2039 call_node->ast_format(gogo).c_str());
2040 this->context_->init_retvals(call_node, fntype);
2041
2042 // Receiver.
2043 std::vector<Node*>::iterator p = arg_nodes.begin();
2044 if (fntype->is_method()
2045 && p != arg_nodes.end())
2046 {
2047 // First argument to call will be the receiver.
2048 std::string* note = fntype->receiver()->note();
2049 if (fntype->receiver()->type()->points_to() == NULL
2050 && (*p)->expr()->type()->points_to() != NULL)
2051 // This is a call to a value method that has been lowered into a call
2052 // to a pointer method. Gccgo generates a pointer method for all
2053 // method calls and takes the address of the value passed as the
2054 // receiver then immediately dereferences it within the function.
2055 // In this case, the receiver address does not escape; its content
2056 // flows to the call.
2057 this->assign_from_note(note, call_state->retvals,
2058 this->context_->add_dereference(*p));
2059 else
2060 {
2061 if (!Type::are_identical(fntype->receiver()->type(),
2062 (*p)->expr()->type(), true, NULL))
2063 {
2064 // This will be converted later, preemptively track it instead
2065 // of its conversion expression which will show up in a later pass.
2066 this->context_->track(*p);
2067 }
2068 this->assign_from_note(note, call_state->retvals, *p);
2069 }
2070 p++;
2071 }
2072
2073 const Typed_identifier_list* til = fntype->parameters();
2074 if (til != NULL)
2075 {
2076 for (Typed_identifier_list::const_iterator pn = til->begin();
2077 pn != til->end() && p != arg_nodes.end();
2078 ++pn, ++p)
2079 {
2080 if (!Type::are_identical(pn->type(), (*p)->expr()->type(),
2081 true, NULL))
2082 {
2083 // This will be converted later, preemptively track it instead
2084 // of its conversion expression which will show up in a later pass.
2085 this->context_->track(*p);
2086 }
2087
2088 Type* t = pn->type();
2089 if (t != NULL
2090 && t->has_pointer())
2091 {
2092 std::string* note = pn->note();
2093 int enc = this->assign_from_note(note, call_state->retvals, *p);
2094 if (enc == Node::ESCAPE_NONE
2095 && !call->is_deferred()
2096 && !call->is_concurrent())
2097 {
2098 // TODO(cmang): Mark the argument as strictly non-escaping?
2099 // In the gc compiler this is for limiting the lifetime of
2100 // temporaries. We probably don't need this?
2101 }
2102 }
2103 }
2104
2105 for (; p != arg_nodes.end(); ++p)
2106 {
2107 if (debug_level > 2)
2108 go_inform(call->location(), "esccall:: ... <- %s, untracked",
2109 (*p)->ast_format(gogo).c_str());
2110 this->assign(this->context_->sink(), *p);
2111 }
2112 }
2113 }
2114
2115 // Model the assignment of DST to SRC.
2116 // Assert that SRC somehow gets assigned to DST.
2117 // DST might need to be examined for evaluations that happen inside of it.
2118 // For example, in [DST]*f(x) = [SRC]y, we lose track of the indirection and
2119 // DST becomes the sink in our model.
2120
2121 void
assign(Node * dst,Node * src)2122 Escape_analysis_assign::assign(Node* dst, Node* src)
2123 {
2124 Gogo* gogo = this->context_->gogo();
2125 int debug_level = gogo->debug_escape_level();
2126 if (debug_level > 1)
2127 go_inform(dst->location(), "[%d] %s escassign: %s(%s)[%s] = %s(%s)[%s]",
2128 this->context_->loop_depth(),
2129 strip_packed_prefix(gogo, this->context_->current_function_name()).c_str(),
2130 dst->ast_format(gogo).c_str(), dst->details().c_str(),
2131 dst->op_format().c_str(),
2132 src->ast_format(gogo).c_str(), src->details().c_str(),
2133 src->op_format().c_str());
2134
2135 if (dst->is_indirect())
2136 // Lose track of the dereference.
2137 dst = this->context_->sink();
2138 else if (dst->expr() != NULL)
2139 {
2140 // Analyze the lhs of the assignment.
2141 // Replace DST with this->context_->sink() if we can't track it.
2142 Expression* e = dst->expr();
2143 switch (e->classification())
2144 {
2145 case Expression::EXPRESSION_VAR_REFERENCE:
2146 {
2147 // If DST is a global variable, we have no way to track it.
2148 Named_object* var = e->var_expression()->named_object();
2149 if (var->is_variable() && var->var_value()->is_global())
2150 dst = this->context_->sink();
2151 }
2152 break;
2153
2154 case Expression::EXPRESSION_FIELD_REFERENCE:
2155 {
2156 Expression* strct = e->field_reference_expression()->expr();
2157 if (strct->heap_expression() != NULL)
2158 {
2159 // When accessing the field of a struct reference, we lose
2160 // track of the indirection.
2161 dst = this->context_->sink();
2162 break;
2163 }
2164
2165 // Treat DST.x = SRC as if it were DST = SRC.
2166 Node* struct_node = Node::make_node(strct);
2167 this->assign(struct_node, src);
2168 return;
2169 }
2170
2171 case Expression::EXPRESSION_ARRAY_INDEX:
2172 {
2173 Array_index_expression* are = e->array_index_expression();
2174 if (!are->array()->type()->is_slice_type())
2175 {
2176 // Treat DST[i] = SRC as if it were DST = SRC if DST if a fixed
2177 // array.
2178 Node* array_node = Node::make_node(are->array());
2179 this->assign(array_node, src);
2180 return;
2181 }
2182
2183 // Lose track of the slice dereference.
2184 dst = this->context_->sink();
2185 }
2186 break;
2187
2188 case Expression::EXPRESSION_UNARY:
2189 // Lose track of the dereference.
2190 if (e->unary_expression()->op() == OPERATOR_MULT)
2191 dst = this->context_->sink();
2192 break;
2193
2194 case Expression::EXPRESSION_MAP_INDEX:
2195 {
2196 // Lose track of the map's key and value.
2197 Expression* index = e->map_index_expression()->index();
2198 Node* index_node = Node::make_node(index);
2199 this->assign(this->context_->sink(), index_node);
2200
2201 dst = this->context_->sink();
2202 }
2203 break;
2204
2205 case Expression::EXPRESSION_TEMPORARY_REFERENCE:
2206 {
2207 // Temporary is tracked through the underlying Temporary_statement.
2208 Statement* t = dst->expr()->temporary_reference_expression()->statement();
2209 dst = Node::make_node(t);
2210 }
2211 break;
2212
2213 default:
2214 // TODO(cmang): Add debugging info here: only a few expressions
2215 // should leave DST unmodified.
2216 break;
2217 }
2218 }
2219
2220 if (src->object() != NULL)
2221 this->flows(dst, src);
2222 else if (src->is_indirect())
2223 this->flows(dst, src);
2224 else if (src->expr() != NULL)
2225 {
2226 Expression* e = src->expr();
2227 switch (e->classification())
2228 {
2229 case Expression::EXPRESSION_VAR_REFERENCE:
2230 case Expression::EXPRESSION_ENCLOSED_VAR_REFERENCE:
2231 // DST = var
2232 case Expression::EXPRESSION_HEAP:
2233 // DST = &T{...}.
2234 case Expression::EXPRESSION_FIXED_ARRAY_CONSTRUCTION:
2235 case Expression::EXPRESSION_SLICE_CONSTRUCTION:
2236 // DST = [...]T{...}.
2237 case Expression::EXPRESSION_MAP_CONSTRUCTION:
2238 // DST = map[T]V{...}.
2239 case Expression::EXPRESSION_STRUCT_CONSTRUCTION:
2240 // DST = T{...}.
2241 case Expression::EXPRESSION_ALLOCATION:
2242 // DST = new(T).
2243 case Expression::EXPRESSION_BOUND_METHOD:
2244 // DST = x.M.
2245 case Expression::EXPRESSION_STRING_CONCAT:
2246 // DST = str1 + str2
2247 this->flows(dst, src);
2248 break;
2249
2250 case Expression::EXPRESSION_UNSAFE_CONVERSION:
2251 {
2252 Expression* underlying = e->unsafe_conversion_expression()->expr();
2253 Node* underlying_node = Node::make_node(underlying);
2254 this->assign(dst, underlying_node);
2255 }
2256 break;
2257
2258 case Expression::EXPRESSION_CALL:
2259 {
2260 Call_expression* call = e->call_expression();
2261 if (call->is_builtin())
2262 {
2263 Builtin_call_expression* bce = call->builtin_call_expression();
2264 if (bce->code() == Builtin_call_expression::BUILTIN_APPEND)
2265 {
2266 // Append returns the first argument.
2267 // The subsequent arguments are already leaked because
2268 // they are operands to append.
2269 Node* appendee = Node::make_node(call->args()->front());
2270 this->assign(dst, appendee);
2271 }
2272 break;
2273 }
2274 Func_expression* fe = call->fn()->func_expression();
2275 if (fe != NULL && fe->is_runtime_function())
2276 {
2277 switch (fe->runtime_code())
2278 {
2279 case Runtime::MAKECHAN:
2280 case Runtime::MAKECHAN64:
2281 case Runtime::MAKEMAP:
2282 case Runtime::MAKESLICE:
2283 case Runtime::MAKESLICE64:
2284 // DST = make(...).
2285 this->flows(dst, src);
2286 break;
2287
2288 default:
2289 break;
2290 }
2291 break;
2292 }
2293 else if (fe != NULL
2294 && fe->named_object()->is_function()
2295 && fe->named_object()->func_value()->is_method()
2296 && (call->is_deferred()
2297 || call->is_concurrent()))
2298 {
2299 // For a method call thunk, lose track of the call and treat it
2300 // as if DST = RECEIVER.
2301 Node* rcvr_node = Node::make_node(call->args()->front());
2302 this->assign(dst, rcvr_node);
2303 break;
2304 }
2305
2306 // Result flows to dst.
2307 Node* call_node = Node::make_node(e);
2308 Node::Escape_state* call_state = call_node->state(this->context_, NULL);
2309 std::vector<Node*> retvals = call_state->retvals;
2310 for (std::vector<Node*>::const_iterator p = retvals.begin();
2311 p != retvals.end();
2312 ++p)
2313 this->flows(dst, *p);
2314 }
2315 break;
2316
2317 case Expression::EXPRESSION_CALL_RESULT:
2318 {
2319 Call_result_expression* cre = e->call_result_expression();
2320 Call_expression* call = cre->call()->call_expression();
2321 if (call->is_builtin())
2322 break;
2323 if (call->fn()->func_expression() != NULL
2324 && call->fn()->func_expression()->is_runtime_function())
2325 {
2326 switch (call->fn()->func_expression()->runtime_code())
2327 {
2328 case Runtime::IFACEE2E2:
2329 case Runtime::IFACEI2E2:
2330 case Runtime::IFACEE2I2:
2331 case Runtime::IFACEI2I2:
2332 case Runtime::IFACEE2T2P:
2333 case Runtime::IFACEI2T2P:
2334 {
2335 // x, ok = v.(T), where T is a pointer or interface,
2336 // is lowered to
2337 // x, ok = IFACEI2E2(v), or
2338 // x, ok = IFACEI2I2(type, v)
2339 // The last arg flows to the first result.
2340 // Note: IFACEX2T2 has different signature, handled by
2341 // ::expression.
2342 if (cre->index() != 0)
2343 break;
2344 Node* arg_node = Node::make_node(call->args()->back());
2345 this->assign(dst, arg_node);
2346 }
2347 break;
2348
2349 default:
2350 break;
2351 }
2352 break;
2353 }
2354
2355 Node* call_node = Node::make_node(call);
2356 Node* ret_node = call_node->state(context_, NULL)->retvals[cre->index()];
2357 this->assign(dst, ret_node);
2358 }
2359 break;
2360
2361 case Expression::EXPRESSION_FUNC_REFERENCE:
2362 if (e->func_expression()->closure() != NULL)
2363 this->flows(dst, src);
2364 break;
2365
2366 case Expression::EXPRESSION_CONVERSION:
2367 {
2368 Type_conversion_expression* tce = e->conversion_expression();
2369 Type* ft = tce->expr()->type();
2370 Type* tt = tce->type();
2371 if ((ft->is_string_type() && tt->is_slice_type())
2372 || (ft->is_slice_type() && tt->is_string_type())
2373 || (ft->integer_type() != NULL && tt->is_string_type()))
2374 {
2375 // string([]byte), string([]rune), []byte(string), []rune(string), string(rune)
2376 this->flows(dst, src);
2377 break;
2378 }
2379 // Conversion preserves input value.
2380 Expression* underlying = tce->expr();
2381 this->assign(dst, Node::make_node(underlying));
2382 }
2383 break;
2384
2385 case Expression::EXPRESSION_FIELD_REFERENCE:
2386 {
2387 // A non-pointer can't escape from a struct.
2388 if (!e->type()->has_pointer())
2389 break;
2390 }
2391 // Fall through.
2392
2393 case Expression::EXPRESSION_TYPE_GUARD:
2394 case Expression::EXPRESSION_ARRAY_INDEX:
2395 case Expression::EXPRESSION_STRING_INDEX:
2396 {
2397 Expression* left = NULL;
2398 if (e->field_reference_expression() != NULL)
2399 {
2400 left = e->field_reference_expression()->expr();
2401 if (left->unary_expression() != NULL
2402 && left->unary_expression()->op() == OPERATOR_MULT)
2403 {
2404 // DST = (*x).f
2405 this->flows(dst, src);
2406 break;
2407 }
2408 }
2409 else if (e->type_guard_expression() != NULL)
2410 left = e->type_guard_expression()->expr();
2411 else if (e->array_index_expression() != NULL)
2412 {
2413 Array_index_expression* aie = e->array_index_expression();
2414 if (aie->end() != NULL)
2415 // slicing
2416 if (aie->array()->type()->is_slice_type())
2417 left = aie->array();
2418 else
2419 {
2420 // slicing an array
2421 // The gc compiler has an implicit address operator.
2422 go_assert(src->child() != NULL);
2423 this->assign(dst, src->child());
2424 break;
2425 }
2426 else if (!aie->array()->type()->is_slice_type())
2427 {
2428 // Indexing an array preserves the input value.
2429 Node* array_node = Node::make_node(aie->array());
2430 this->assign(dst, array_node);
2431 break;
2432 }
2433 else
2434 {
2435 this->flows(dst, src);
2436 break;
2437 }
2438 }
2439 else if (e->string_index_expression() != NULL)
2440 {
2441 String_index_expression* sie = e->string_index_expression();
2442 if (e->type()->is_string_type())
2443 // slicing
2444 left = sie->string();
2445 else
2446 {
2447 this->flows(dst, src);
2448 break;
2449 }
2450 }
2451 go_assert(left != NULL);
2452
2453 // Conversions, field access, and slicing all preserve the input
2454 // value.
2455 Node* left_node = Node::make_node(left);
2456 this->assign(dst, left_node);
2457 }
2458 break;
2459
2460 case Expression::EXPRESSION_BINARY:
2461 {
2462 switch (e->binary_expression()->op())
2463 {
2464 case OPERATOR_PLUS:
2465 case OPERATOR_MINUS:
2466 case OPERATOR_XOR:
2467 case OPERATOR_OR:
2468 case OPERATOR_MULT:
2469 case OPERATOR_DIV:
2470 case OPERATOR_MOD:
2471 case OPERATOR_LSHIFT:
2472 case OPERATOR_RSHIFT:
2473 case OPERATOR_AND:
2474 case OPERATOR_BITCLEAR:
2475 {
2476 Node* left = Node::make_node(e->binary_expression()->left());
2477 this->assign(dst, left);
2478 Node* right = Node::make_node(e->binary_expression()->right());
2479 this->assign(dst, right);
2480 }
2481 break;
2482
2483 default:
2484 break;
2485 }
2486 }
2487 break;
2488
2489 case Expression::EXPRESSION_UNARY:
2490 {
2491 switch (e->unary_expression()->op())
2492 {
2493 case OPERATOR_PLUS:
2494 case OPERATOR_MINUS:
2495 case OPERATOR_XOR:
2496 {
2497 Node* op_node =
2498 Node::make_node(e->unary_expression()->operand());
2499 this->assign(dst, op_node);
2500 }
2501 break;
2502
2503 case OPERATOR_MULT:
2504 // DST = *x
2505 case OPERATOR_AND:
2506 // DST = &x
2507 this->flows(dst, src);
2508 break;
2509
2510 default:
2511 break;
2512 }
2513 }
2514 break;
2515
2516 case Expression::EXPRESSION_TEMPORARY_REFERENCE:
2517 {
2518 Statement* temp = e->temporary_reference_expression()->statement();
2519 this->assign(dst, Node::make_node(temp));
2520 }
2521 break;
2522
2523 default:
2524 // TODO(cmang): Add debug info here; this should not be reachable.
2525 // For now, just to be conservative, we'll just say dst flows to src.
2526 break;
2527 }
2528 }
2529 else if (src->statement() != NULL && src->statement()->temporary_statement() != NULL)
2530 this->flows(dst, src);
2531 }
2532
2533 // Model the assignment of DST to an indirection of SRC.
2534
2535 void
assign_deref(Node * dst,Node * src)2536 Escape_analysis_assign::assign_deref(Node* dst, Node* src)
2537 {
2538 if (src->expr() != NULL)
2539 {
2540 switch (src->expr()->classification())
2541 {
2542 case Expression::EXPRESSION_BOOLEAN:
2543 case Expression::EXPRESSION_STRING:
2544 case Expression::EXPRESSION_INTEGER:
2545 case Expression::EXPRESSION_FLOAT:
2546 case Expression::EXPRESSION_COMPLEX:
2547 case Expression::EXPRESSION_NIL:
2548 case Expression::EXPRESSION_IOTA:
2549 // No need to try indirections on literal values
2550 // or numeric constants.
2551 return;
2552
2553 default:
2554 break;
2555 }
2556 }
2557
2558 this->assign(dst, this->context_->add_dereference(src));
2559 }
2560
2561 // Model the input-to-output assignment flow of one of a function call's
2562 // arguments, where the flow is encoded in NOTE.
2563
2564 int
assign_from_note(std::string * note,const std::vector<Node * > & dsts,Node * src)2565 Escape_analysis_assign::assign_from_note(std::string* note,
2566 const std::vector<Node*>& dsts,
2567 Node* src)
2568 {
2569 int enc = Escape_note::parse_tag(note);
2570 if (src->expr() != NULL)
2571 {
2572 switch (src->expr()->classification())
2573 {
2574 case Expression::EXPRESSION_BOOLEAN:
2575 case Expression::EXPRESSION_STRING:
2576 case Expression::EXPRESSION_INTEGER:
2577 case Expression::EXPRESSION_FLOAT:
2578 case Expression::EXPRESSION_COMPLEX:
2579 case Expression::EXPRESSION_NIL:
2580 case Expression::EXPRESSION_IOTA:
2581 // There probably isn't a note for a literal value. Literal values
2582 // usually don't escape unless we lost track of the value some how.
2583 return enc;
2584
2585 default:
2586 break;
2587 }
2588 }
2589
2590 if (this->context_->gogo()->debug_escape_level() > 2)
2591 go_inform(src->location(), "assignfromtag:: src=%s em=%s",
2592 src->ast_format(context_->gogo()).c_str(),
2593 Escape_note::make_tag(enc).c_str());
2594
2595 if (enc == Node::ESCAPE_UNKNOWN)
2596 {
2597 // Lost track of the value.
2598 this->assign(this->context_->sink(), src);
2599 return enc;
2600 }
2601 else if (enc == Node::ESCAPE_NONE)
2602 return enc;
2603
2604 // If the content inside a parameter (reached via indirection) escapes to
2605 // the heap, mark it.
2606 if ((enc & ESCAPE_CONTENT_ESCAPES) != 0)
2607 this->assign(this->context_->sink(), this->context_->add_dereference(src));
2608
2609 int save_enc = enc;
2610 enc >>= ESCAPE_RETURN_BITS;
2611 for (std::vector<Node*>::const_iterator p = dsts.begin();
2612 enc != 0 && p != dsts.end();
2613 ++p)
2614 {
2615 // Prefer the lowest-level path to the reference (for escape purposes).
2616 // Two-bit encoding (for example. 1, 3, and 4 bits are other options)
2617 // 01 = 0-level
2618 // 10 = 1-level, (content escapes),
2619 // 11 = 2-level, (content of content escapes).
2620 int bits = enc & ESCAPE_BITS_MASK_FOR_TAG;
2621 if (bits > 0)
2622 {
2623 Node* n = src;
2624 for (int i = 0; i < bits - 1; ++i)
2625 {
2626 // Encode level > 0 as indirections.
2627 n = this->context_->add_dereference(n);
2628 }
2629 this->assign(*p, n);
2630 }
2631 enc >>= ESCAPE_BITS_PER_OUTPUT_IN_TAG;
2632 }
2633
2634 // If there are too many outputs to fit in the tag, that is handled on the
2635 // encoding end as ESCAPE_HEAP, so there is no need to check here.
2636 return save_enc;
2637 }
2638
2639 // Record the flow of SRC to DST in DST.
2640
2641 void
flows(Node * dst,Node * src)2642 Escape_analysis_assign::flows(Node* dst, Node* src)
2643 {
2644 // Don't bother capturing the flow from scalars.
2645 if (src->type() != NULL && !src->type()->has_pointer())
2646 return;
2647
2648 // Don't confuse a blank identifier with the sink.
2649 if (dst->is_sink() && dst != this->context_->sink())
2650 return;
2651
2652 Node::Escape_state* dst_state = dst->state(this->context_, NULL);
2653 Node::Escape_state* src_state = src->state(this->context_, NULL);
2654 if (dst == src
2655 || dst_state == src_state
2656 || dst_state->flows.find(src) != dst_state->flows.end())
2657 return;
2658
2659 Gogo* gogo = this->context_->gogo();
2660 if (gogo->debug_escape_level() > 2)
2661 go_inform(Linemap::unknown_location(), "flows:: %s <- %s",
2662 dst->ast_format(gogo).c_str(), src->ast_format(gogo).c_str());
2663
2664 if (dst_state->flows.empty())
2665 this->context_->add_dst(dst);
2666
2667 dst_state->flows.insert(src);
2668 }
2669
2670 // Build a connectivity graph between nodes in the function being analyzed.
2671
2672 void
assign_connectivity(Escape_context * context,Named_object * fn)2673 Gogo::assign_connectivity(Escape_context* context, Named_object* fn)
2674 {
2675 // Must be defined outside of this package.
2676 if (!fn->is_function())
2677 return;
2678
2679 int save_depth = context->loop_depth();
2680 context->set_loop_depth(1);
2681
2682 Escape_analysis_assign ea(context, fn);
2683 Function::Results* res = fn->func_value()->result_variables();
2684 if (res != NULL)
2685 {
2686 for (Function::Results::const_iterator p = res->begin();
2687 p != res->end();
2688 ++p)
2689 {
2690 Node* res_node = Node::make_node(*p);
2691 Node::Escape_state* res_state = res_node->state(context, fn);
2692 res_state->fn = fn;
2693 res_state->loop_depth = 0;
2694
2695 // If this set of functions is recursive, we lose track of the return values.
2696 // Just say that the result flows to the sink.
2697 if (context->recursive())
2698 ea.flows(context->sink(), res_node);
2699 }
2700 }
2701
2702 const Bindings* callee_bindings = fn->func_value()->block()->bindings();
2703 Function_type* fntype = fn->func_value()->type();
2704 Typed_identifier_list* params = (fntype->parameters() != NULL
2705 ? fntype->parameters()->copy()
2706 : new Typed_identifier_list);
2707 if (fntype->receiver() != NULL)
2708 params->push_back(*fntype->receiver());
2709
2710 for (Typed_identifier_list::const_iterator p = params->begin();
2711 p != params->end();
2712 ++p)
2713 {
2714 if (p->name().empty() || Gogo::is_sink_name(p->name()))
2715 continue;
2716
2717 Named_object* param_no = callee_bindings->lookup_local(p->name());
2718 go_assert(param_no != NULL);
2719 Node* param_node = Node::make_node(param_no);
2720 Node::Escape_state* param_state = param_node->state(context, fn);
2721 param_state->fn = fn;
2722 param_state->loop_depth = 1;
2723
2724 if (!p->type()->has_pointer())
2725 continue;
2726
2727 // External function? Parameters must escape unless //go:noescape is set.
2728 // TODO(cmang): Implement //go:noescape directive.
2729 if (fn->package() != NULL)
2730 param_node->set_encoding(Node::ESCAPE_HEAP);
2731 else
2732 {
2733 param_node->set_encoding(Node::ESCAPE_NONE);
2734 context->track(param_node);
2735 }
2736 }
2737
2738 Escape_analysis_loop el;
2739 fn->func_value()->traverse(&el);
2740
2741 fn->func_value()->traverse(&ea);
2742 context->set_loop_depth(save_depth);
2743 }
2744
2745 class Escape_analysis_flood
2746 {
2747 public:
Escape_analysis_flood(Escape_context * context)2748 Escape_analysis_flood(Escape_context* context)
2749 : context_(context)
2750 { }
2751
2752 // Use the escape information in dst to update the escape information in src
2753 // and src's upstream.
2754 void
2755 flood(Level, Node* dst, Node* src, int);
2756
2757 private:
2758 // The escape context for the group of functions being flooded.
2759 Escape_context* context_;
2760 };
2761
2762 // Whenever we hit a dereference node, the level goes up by one, and whenever
2763 // we hit an address-of, the level goes down by one. as long as we're on a
2764 // level > 0 finding an address-of just means we're following the upstream
2765 // of a dereference, so this address doesn't leak (yet).
2766 // If level == 0, it means the /value/ of this node can reach the root of this
2767 // flood so if this node is an address-of, its argument should be marked as
2768 // escaping iff its current function and loop depth are different from the
2769 // flood's root.
2770 // Once an object has been moved to the heap, all of its upstream should be
2771 // considered escaping to the global scope.
2772 // This is an implementation of gc/esc.go:escwalkBody.
2773
2774 void
flood(Level level,Node * dst,Node * src,int extra_loop_depth)2775 Escape_analysis_flood::flood(Level level, Node* dst, Node* src,
2776 int extra_loop_depth)
2777 {
2778 // No need to flood src if it is a literal.
2779 if (src->expr() != NULL)
2780 {
2781 switch (src->expr()->classification())
2782 {
2783 case Expression::EXPRESSION_BOOLEAN:
2784 case Expression::EXPRESSION_STRING:
2785 case Expression::EXPRESSION_INTEGER:
2786 case Expression::EXPRESSION_FLOAT:
2787 case Expression::EXPRESSION_COMPLEX:
2788 case Expression::EXPRESSION_NIL:
2789 case Expression::EXPRESSION_IOTA:
2790 return;
2791
2792 default:
2793 break;
2794 }
2795 }
2796
2797 Node::Escape_state* src_state = src->state(this->context_, NULL);
2798 if (src_state->flood_id == this->context_->flood_id())
2799 {
2800 // Esclevels are vectors, do not compare as integers,
2801 // and must use "min" of old and new to guarantee
2802 // convergence.
2803 level = level.min(src_state->level);
2804 if (level == src_state->level)
2805 {
2806 // Have we been here already with an extraloopdepth,
2807 // or is the extraloopdepth provided no improvement on
2808 // what's already been seen?
2809 if (src_state->max_extra_loop_depth >= extra_loop_depth
2810 || src_state->loop_depth >= extra_loop_depth)
2811 return;
2812 src_state->max_extra_loop_depth = extra_loop_depth;
2813 }
2814 }
2815 else
2816 src_state->max_extra_loop_depth = -1;
2817
2818 src_state->flood_id = this->context_->flood_id();
2819 src_state->level = level;
2820 int mod_loop_depth = std::max(extra_loop_depth, src_state->loop_depth);
2821
2822 Gogo* gogo = this->context_->gogo();
2823 int debug_level = gogo->debug_escape_level();
2824 if (debug_level > 1)
2825 go_inform(Linemap::unknown_location(),
2826 "escwalk: level:{%d %d} depth:%d "
2827 "op=%s %s(%s) "
2828 "scope:%s[%d] "
2829 "extraloopdepth=%d",
2830 level.value(), level.suffix_value(), this->context_->pdepth(),
2831 src->op_format().c_str(),
2832 src->ast_format(gogo).c_str(),
2833 src->details().c_str(),
2834 debug_function_name(src_state->fn).c_str(),
2835 src_state->loop_depth,
2836 extra_loop_depth);
2837
2838 this->context_->increase_pdepth();
2839
2840 // Input parameter flowing into output parameter?
2841 Named_object* src_no = NULL;
2842 if (src->expr() != NULL && src->expr()->var_expression() != NULL)
2843 src_no = src->expr()->var_expression()->named_object();
2844 else
2845 src_no = src->object();
2846 bool src_is_param = (src_no != NULL
2847 && src_no->is_variable()
2848 && src_no->var_value()->is_parameter());
2849
2850 Named_object* dst_no = NULL;
2851 if (dst->expr() != NULL && dst->expr()->var_expression() != NULL)
2852 dst_no = dst->expr()->var_expression()->named_object();
2853 else
2854 dst_no = dst->object();
2855 bool dst_is_result = dst_no != NULL && dst_no->is_result_variable();
2856 Node::Escape_state* dst_state = dst->state(this->context_, NULL);
2857
2858 if (src_is_param
2859 && dst_is_result
2860 && src_state->fn == dst_state->fn
2861 && (src->encoding() & ESCAPE_MASK) < int(Node::ESCAPE_HEAP)
2862 && dst->encoding() != Node::ESCAPE_HEAP)
2863 {
2864 // This case handles:
2865 // 1. return in
2866 // 2. return &in
2867 // 3. tmp := in; return &tmp
2868 // 4. return *in
2869 if (debug_level != 0)
2870 {
2871 if (debug_level == 1)
2872 go_inform(src->definition_location(),
2873 "leaking param: %s to result %s level=%d",
2874 src->ast_format(gogo).c_str(),
2875 dst->ast_format(gogo).c_str(),
2876 level.value());
2877 else
2878 go_inform(src->definition_location(),
2879 "leaking param: %s to result %s level={%d %d}",
2880 src->ast_format(gogo).c_str(),
2881 dst->ast_format(gogo).c_str(),
2882 level.value(), level.suffix_value());
2883 }
2884
2885 if ((src->encoding() & ESCAPE_MASK) != Node::ESCAPE_RETURN)
2886 {
2887 int enc =
2888 Node::ESCAPE_RETURN | (src->encoding() & ESCAPE_CONTENT_ESCAPES);
2889 src->set_encoding(enc);
2890 }
2891
2892 int enc = Node::note_inout_flows(src->encoding(),
2893 dst_no->result_var_value()->index(),
2894 level);
2895 src->set_encoding(enc);
2896
2897 // In gc/esc.go:escwalkBody, this is a goto to the label for recursively
2898 // flooding the connection graph. Inlined here for convenience.
2899 level = level.copy();
2900 for (std::set<Node*>::const_iterator p = src_state->flows.begin();
2901 p != src_state->flows.end();
2902 ++p)
2903 this->flood(level, dst, *p, extra_loop_depth);
2904 return;
2905 }
2906
2907 // If parameter content escape to heap, set ESCAPE_CONTENT_ESCAPES.
2908 // Note minor confusion around escape from pointer-to-struct vs
2909 // escape from struct.
2910 if (src_is_param
2911 && dst->encoding() == Node::ESCAPE_HEAP
2912 && (src->encoding() & ESCAPE_MASK) < int(Node::ESCAPE_HEAP)
2913 && level.value() > 0)
2914 {
2915 int enc =
2916 Node::max_encoding((src->encoding() | ESCAPE_CONTENT_ESCAPES),
2917 Node::ESCAPE_NONE);
2918 src->set_encoding(enc);
2919 if (debug_level != 0)
2920 go_inform(src->definition_location(), "mark escaped content: %s",
2921 src->ast_format(gogo).c_str());
2922 }
2923
2924 // A src object leaks if its value or address is assigned to a dst object
2925 // in a different scope (at a different loop depth).
2926 bool src_leaks = (level.value() <= 0
2927 && level.suffix_value() <= 0
2928 && dst_state->loop_depth < mod_loop_depth);
2929 src_leaks = src_leaks || (level.value() <= 0
2930 && (dst->encoding() & ESCAPE_MASK) == Node::ESCAPE_HEAP);
2931 // old src encoding, used to prevent duplicate error messages
2932 int osrcesc = src->encoding();
2933
2934 if (src_is_param
2935 && (src_leaks || dst_state->loop_depth < 0)
2936 && (src->encoding() & ESCAPE_MASK) < int(Node::ESCAPE_HEAP))
2937 {
2938 if (level.suffix_value() > 0)
2939 {
2940 int enc =
2941 Node::max_encoding((src->encoding() | ESCAPE_CONTENT_ESCAPES),
2942 Node::ESCAPE_NONE);
2943 src->set_encoding(enc);
2944 if (debug_level != 0 && osrcesc != src->encoding())
2945 go_inform(src->definition_location(), "leaking param content: %s",
2946 src->ast_format(gogo).c_str());
2947 }
2948 else
2949 {
2950 if (debug_level != 0)
2951 go_inform(src->definition_location(), "leaking param: %s",
2952 src->ast_format(gogo).c_str());
2953 src->set_encoding(Node::ESCAPE_HEAP);
2954 }
2955 }
2956 else if (src->expr() != NULL)
2957 {
2958 Expression* e = src->expr();
2959 if (e->enclosed_var_expression() != NULL)
2960 {
2961 if (src_leaks && debug_level != 0)
2962 go_inform(src->location(), "leaking closure reference %s",
2963 src->ast_format(gogo).c_str());
2964
2965 Node* enclosed_node =
2966 Node::make_node(e->enclosed_var_expression()->variable());
2967 this->flood(level, dst, enclosed_node, -1);
2968 }
2969 else if (e->heap_expression() != NULL
2970 || (e->unary_expression() != NULL
2971 && e->unary_expression()->op() == OPERATOR_AND))
2972 {
2973 // Pointer literals and address-of expressions.
2974 Expression* underlying;
2975 if (e->heap_expression())
2976 underlying = e->heap_expression()->expr();
2977 else
2978 underlying = e->unary_expression()->operand();
2979 Node* underlying_node = Node::make_node(underlying);
2980
2981 // If the address leaks, the underyling object must be moved
2982 // to the heap.
2983 underlying->address_taken(src_leaks);
2984 if (src_leaks)
2985 {
2986 src->set_encoding(Node::ESCAPE_HEAP);
2987 if (osrcesc != src->encoding())
2988 {
2989 move_to_heap(gogo, underlying);
2990 if (debug_level > 1)
2991 go_inform(src->location(),
2992 "%s escapes to heap, level={%d %d}, "
2993 "dst.eld=%d, src.eld=%d",
2994 src->ast_format(gogo).c_str(), level.value(),
2995 level.suffix_value(), dst_state->loop_depth,
2996 mod_loop_depth);
2997 else if (debug_level > 0)
2998 go_inform(src->location(), "%s escapes to heap",
2999 src->ast_format(gogo).c_str());
3000 }
3001
3002 this->flood(level.decrease(), dst,
3003 underlying_node, mod_loop_depth);
3004 extra_loop_depth = mod_loop_depth;
3005 }
3006 else
3007 {
3008 // Decrease the level each time we take the address of the object.
3009 this->flood(level.decrease(), dst, underlying_node, -1);
3010 }
3011 }
3012 else if (e->slice_literal() != NULL)
3013 {
3014 Slice_construction_expression* slice = e->slice_literal();
3015 if (slice->vals() != NULL)
3016 {
3017 for (Expression_list::const_iterator p = slice->vals()->begin();
3018 p != slice->vals()->end();
3019 ++p)
3020 {
3021 if ((*p) != NULL)
3022 this->flood(level.decrease(), dst, Node::make_node(*p), -1);
3023 }
3024 }
3025 if (src_leaks)
3026 {
3027 src->set_encoding(Node::ESCAPE_HEAP);
3028 if (debug_level != 0 && osrcesc != src->encoding())
3029 go_inform(src->location(), "%s escapes to heap",
3030 src->ast_format(gogo).c_str());
3031 extra_loop_depth = mod_loop_depth;
3032 }
3033 }
3034 else if (e->call_expression() != NULL)
3035 {
3036 Call_expression* call = e->call_expression();
3037 if (call->is_builtin())
3038 {
3039 Builtin_call_expression* bce = call->builtin_call_expression();
3040 if (bce->code() == Builtin_call_expression::BUILTIN_APPEND)
3041 {
3042 // Propagate escape information to appendee.
3043 Expression* appendee = call->args()->front();
3044 this->flood(level, dst, Node::make_node(appendee), -1);
3045 }
3046 }
3047 else if (call->fn()->func_expression() != NULL
3048 && call->fn()->func_expression()->is_runtime_function())
3049 {
3050 switch (call->fn()->func_expression()->runtime_code())
3051 {
3052 case Runtime::MAKECHAN:
3053 case Runtime::MAKECHAN64:
3054 case Runtime::MAKEMAP:
3055 case Runtime::MAKESLICE:
3056 case Runtime::MAKESLICE64:
3057 if (src_leaks)
3058 {
3059 src->set_encoding(Node::ESCAPE_HEAP);
3060 if (debug_level != 0 && osrcesc != src->encoding())
3061 go_inform(src->location(), "%s escapes to heap",
3062 src->ast_format(gogo).c_str());
3063 extra_loop_depth = mod_loop_depth;
3064 }
3065 break;
3066
3067 default:
3068 break;
3069 }
3070 }
3071 else if (src_state->retvals.size() > 0)
3072 {
3073 // In this case a link went directly to a call, but should really go
3074 // to the dummy .outN outputs that were created for the call that
3075 // themselves link to the inputs with levels adjusted.
3076 // See e.g. #10466.
3077 // This can only happen with functions returning a single result.
3078 go_assert(src_state->retvals.size() == 1);
3079 if (debug_level > 2)
3080 go_inform(src->location(), "[%d] dst %s escwalk replace src: %s with %s",
3081 this->context_->loop_depth(),
3082 dst->ast_format(gogo).c_str(),
3083 src->ast_format(gogo).c_str(),
3084 src_state->retvals[0]->ast_format(gogo).c_str());
3085 src = src_state->retvals[0];
3086 src_state = src->state(this->context_, NULL);
3087 }
3088 }
3089 else if (e->allocation_expression() != NULL && src_leaks)
3090 {
3091 // Calls to Runtime::NEW get lowered into an allocation expression.
3092 src->set_encoding(Node::ESCAPE_HEAP);
3093 if (debug_level != 0 && osrcesc != src->encoding())
3094 go_inform(src->location(), "%s escapes to heap",
3095 src->ast_format(gogo).c_str());
3096 extra_loop_depth = mod_loop_depth;
3097 }
3098 else if ((e->map_literal() != NULL
3099 || e->string_concat_expression() != NULL
3100 || (e->func_expression() != NULL && e->func_expression()->closure() != NULL)
3101 || e->bound_method_expression() != NULL)
3102 && src_leaks)
3103 {
3104 src->set_encoding(Node::ESCAPE_HEAP);
3105 if (debug_level != 0 && osrcesc != src->encoding())
3106 go_inform(src->location(), "%s escapes to heap",
3107 src->ast_format(gogo).c_str());
3108 extra_loop_depth = mod_loop_depth;
3109 }
3110 else if (e->conversion_expression() != NULL && src_leaks)
3111 {
3112 Type_conversion_expression* tce = e->conversion_expression();
3113 Type* ft = tce->expr()->type();
3114 Type* tt = tce->type();
3115 if ((ft->is_string_type() && tt->is_slice_type())
3116 || (ft->is_slice_type() && tt->is_string_type())
3117 || (ft->integer_type() != NULL && tt->is_string_type()))
3118 {
3119 // string([]byte), string([]rune), []byte(string), []rune(string), string(rune)
3120 src->set_encoding(Node::ESCAPE_HEAP);
3121 if (debug_level != 0 && osrcesc != src->encoding())
3122 go_inform(src->location(), "%s escapes to heap",
3123 src->ast_format(gogo).c_str());
3124 extra_loop_depth = mod_loop_depth;
3125 }
3126 }
3127 else if (e->array_index_expression() != NULL
3128 && !e->array_index_expression()->array()->type()->is_slice_type())
3129 {
3130 Array_index_expression* aie = e->array_index_expression();
3131 if (aie->end() != NULL)
3132 {
3133 // Slicing an array.
3134 // Flow its implicit address-of node to DST.
3135 this->flood(level, dst, src->child(), -1);
3136 }
3137 else
3138 {
3139 // Indexing an array.
3140 // An array element flowing to DST behaves like the array
3141 // flowing to DST.
3142 Expression* underlying = e->array_index_expression()->array();
3143 Node* underlying_node = Node::make_node(underlying);
3144 this->flood(level, dst, underlying_node, -1);
3145 }
3146 }
3147 else if ((e->field_reference_expression() != NULL
3148 && e->field_reference_expression()->expr()->unary_expression() == NULL)
3149 || e->type_guard_expression() != NULL
3150 || (e->array_index_expression() != NULL
3151 && e->array_index_expression()->end() != NULL)
3152 || (e->string_index_expression() != NULL
3153 && e->type()->is_string_type()))
3154 {
3155 Expression* underlying;
3156 if (e->field_reference_expression() != NULL)
3157 underlying = e->field_reference_expression()->expr();
3158 else if (e->type_guard_expression() != NULL)
3159 underlying = e->type_guard_expression()->expr();
3160 else if (e->array_index_expression() != NULL)
3161 underlying = e->array_index_expression()->array();
3162 else
3163 underlying = e->string_index_expression()->string();
3164
3165 Node* underlying_node = Node::make_node(underlying);
3166 this->flood(level, dst, underlying_node, -1);
3167 }
3168 else if ((e->field_reference_expression() != NULL
3169 && e->field_reference_expression()->expr()->unary_expression() != NULL)
3170 || e->array_index_expression() != NULL
3171 || e->map_index_expression() != NULL
3172 || (e->unary_expression() != NULL
3173 && e->unary_expression()->op() == OPERATOR_MULT))
3174 {
3175 Expression* underlying;
3176 if (e->field_reference_expression() != NULL)
3177 {
3178 underlying = e->field_reference_expression()->expr();
3179 underlying = underlying->unary_expression()->operand();
3180 }
3181 else if (e->array_index_expression() != NULL)
3182 underlying = e->array_index_expression()->array();
3183 else if (e->map_index_expression() != NULL)
3184 underlying = e->map_index_expression()->map();
3185 else
3186 underlying = e->unary_expression()->operand();
3187
3188 // Increase the level for a dereference.
3189 Node* underlying_node = Node::make_node(underlying);
3190 this->flood(level.increase(), dst, underlying_node, -1);
3191 }
3192 else if (e->temporary_reference_expression() != NULL)
3193 {
3194 Statement* t = e->temporary_reference_expression()->statement();
3195 this->flood(level, dst, Node::make_node(t), -1);
3196 }
3197 }
3198 else if (src->is_indirect())
3199 // Increase the level for a dereference.
3200 this->flood(level.increase(), dst, src->child(), -1);
3201
3202 level = level.copy();
3203 for (std::set<Node*>::const_iterator p = src_state->flows.begin();
3204 p != src_state->flows.end();
3205 ++p)
3206 this->flood(level, dst, *p, extra_loop_depth);
3207
3208 this->context_->decrease_pdepth();
3209 }
3210
3211 // Propagate escape information across the nodes modeled in this Analysis_set.
3212 // This is an implementation of gc/esc.go:escflood.
3213
3214 void
propagate_escape(Escape_context * context,Node * dst)3215 Gogo::propagate_escape(Escape_context* context, Node* dst)
3216 {
3217 if (dst->object() == NULL
3218 && (dst->expr() == NULL
3219 || (dst->expr()->var_expression() == NULL
3220 && dst->expr()->enclosed_var_expression() == NULL
3221 && dst->expr()->func_expression() == NULL)))
3222 return;
3223
3224 Node::Escape_state* state = dst->state(context, NULL);
3225 Gogo* gogo = context->gogo();
3226 if (gogo->debug_escape_level() > 1)
3227 go_inform(Linemap::unknown_location(), "escflood:%d: dst %s scope:%s[%d]",
3228 context->flood_id(), dst->ast_format(gogo).c_str(),
3229 debug_function_name(state->fn).c_str(),
3230 state->loop_depth);
3231
3232 Escape_analysis_flood eaf(context);
3233 for (std::set<Node*>::const_iterator p = state->flows.begin();
3234 p != state->flows.end();
3235 ++p)
3236 {
3237 context->increase_flood_id();
3238 eaf.flood(Level::From(0), dst, *p, -1);
3239 }
3240 }
3241
3242 class Escape_analysis_tag
3243 {
3244 public:
Escape_analysis_tag(Escape_context * context)3245 Escape_analysis_tag(Escape_context* context)
3246 : context_(context)
3247 { }
3248
3249 // Add notes to the function's type about the escape information of its
3250 // input parameters.
3251 void
3252 tag(Named_object* fn);
3253
3254 private:
3255 Escape_context* context_;
3256 };
3257
3258 void
tag(Named_object * fn)3259 Escape_analysis_tag::tag(Named_object* fn)
3260 {
3261 // External functions are assumed unsafe
3262 // unless //go:noescape is given before the declaration.
3263 if (fn->package() != NULL)
3264 return;
3265
3266 if (fn->is_function_declaration())
3267 {
3268 Function_declaration* fdcl = fn->func_declaration_value();
3269 if ((fdcl->pragmas() & GOPRAGMA_NOESCAPE) != 0)
3270 {
3271 Function_type* fntype = fdcl->type();
3272 if (fntype->parameters() != NULL)
3273 {
3274 const Typed_identifier_list* til = fntype->parameters();
3275 int i = 0;
3276 for (Typed_identifier_list::const_iterator p = til->begin();
3277 p != til->end();
3278 ++p, ++i)
3279 if (p->type()->has_pointer())
3280 fntype->add_parameter_note(i, Node::ESCAPE_NONE);
3281 }
3282 }
3283 }
3284
3285 if (!fn->is_function())
3286 return;
3287
3288 Function_type* fntype = fn->func_value()->type();
3289 Bindings* bindings = fn->func_value()->block()->bindings();
3290
3291 if (fntype->is_method()
3292 && !fntype->receiver()->name().empty()
3293 && !Gogo::is_sink_name(fntype->receiver()->name()))
3294 {
3295 Named_object* rcvr_no = bindings->lookup(fntype->receiver()->name());
3296 go_assert(rcvr_no != NULL);
3297 Node* rcvr_node = Node::make_node(rcvr_no);
3298 switch ((rcvr_node->encoding() & ESCAPE_MASK))
3299 {
3300 case Node::ESCAPE_NONE: // not touched by flood
3301 case Node::ESCAPE_RETURN:
3302 if (fntype->receiver()->type()->has_pointer())
3303 // Don't bother tagging for scalars.
3304 fntype->add_receiver_note(rcvr_node->encoding());
3305 break;
3306
3307 case Node::ESCAPE_HEAP: // flooded, moved to heap.
3308 break;
3309
3310 default:
3311 break;
3312 }
3313 }
3314
3315 int i = 0;
3316 if (fntype->parameters() != NULL)
3317 {
3318 const Typed_identifier_list* til = fntype->parameters();
3319 for (Typed_identifier_list::const_iterator p = til->begin();
3320 p != til->end();
3321 ++p, ++i)
3322 {
3323 if (p->name().empty() || Gogo::is_sink_name(p->name()))
3324 {
3325 // Parameter not used in the function body, does not escape.
3326 if (p->type()->has_pointer())
3327 fntype->add_parameter_note(i, Node::ESCAPE_NONE);
3328 continue;
3329 }
3330
3331 Named_object* param_no = bindings->lookup(p->name());
3332 go_assert(param_no != NULL);
3333 Node* param_node = Node::make_node(param_no);
3334 switch ((param_node->encoding() & ESCAPE_MASK))
3335 {
3336 case Node::ESCAPE_NONE: // not touched by flood
3337 case Node::ESCAPE_RETURN:
3338 if (p->type()->has_pointer())
3339 // Don't bother tagging for scalars.
3340 fntype->add_parameter_note(i, param_node->encoding());
3341 break;
3342
3343 case Node::ESCAPE_HEAP: // flooded, moved to heap.
3344 break;
3345
3346 default:
3347 break;
3348 }
3349 }
3350 }
3351 fntype->set_is_tagged();
3352 }
3353
3354 // Tag each top-level function with escape information that will be used to
3355 // retain analysis results across imports.
3356
3357 void
tag_function(Escape_context * context,Named_object * fn)3358 Gogo::tag_function(Escape_context* context, Named_object* fn)
3359 {
3360 Escape_analysis_tag eat(context);
3361 eat.tag(fn);
3362 }
3363
3364 // Reclaim memory of escape analysis Nodes.
3365
3366 void
reclaim_escape_nodes()3367 Gogo::reclaim_escape_nodes()
3368 {
3369 Node::reclaim_nodes();
3370 }
3371
3372 void
reclaim_nodes()3373 Node::reclaim_nodes()
3374 {
3375 for (std::map<Named_object*, Node*>::iterator p = Node::objects.begin();
3376 p != Node::objects.end();
3377 ++p)
3378 delete p->second;
3379 Node::objects.clear();
3380
3381 for (std::map<Expression*, Node*>::iterator p = Node::expressions.begin();
3382 p != Node::expressions.end();
3383 ++p)
3384 delete p->second;
3385 Node::expressions.clear();
3386
3387 for (std::map<Statement*, Node*>::iterator p = Node::statements.begin();
3388 p != Node::statements.end();
3389 ++p)
3390 delete p->second;
3391 Node::statements.clear();
3392
3393 for (std::vector<Node*>::iterator p = Node::indirects.begin();
3394 p != Node::indirects.end();
3395 ++p)
3396 delete *p;
3397 Node::indirects.clear();
3398 }
3399