r371206 - [NFC][CodeGen][UBSan] EmitCheckedInBoundsGEP(): add some comments to pointer-overflow check

Roman Lebedev via cfe-commits cfe-commits at lists.llvm.org
Fri Sep 6 07:18:49 PDT 2019 

Author: lebedevri
Date: Fri Sep  6 07:18:49 2019
New Revision: 371206

URL: http://llvm.org/viewvc/llvm-project?rev=371206&view=rev
Log:
[NFC][CodeGen][UBSan] EmitCheckedInBoundsGEP(): add some comments to pointer-overflow check

It's rather eye-twiching, some comments may help here..

This was originally part of https://reviews.llvm.org/D67122

Modified:
    cfe/trunk/lib/CodeGen/CGExprScalar.cpp

Modified: cfe/trunk/lib/CodeGen/CGExprScalar.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGExprScalar.cpp?rev=371206&r1=371205&r2=371206&view=diff
==============================================================================
--- cfe/trunk/lib/CodeGen/CGExprScalar.cpp (original)
+++ cfe/trunk/lib/CodeGen/CGExprScalar.cpp Fri Sep  6 07:18:49 2019
@@ -4643,19 +4643,29 @@ Value *CodeGenFunction::EmitCheckedInBou
   llvm::Value *ValidGEP;
   auto *NoOffsetOverflow = Builder.CreateNot(OffsetOverflows);
   if (SignedIndices) {
+    // GEP is computed as `unsigned base + signed offset`, therefore:
+    // * If offset was positive, then the computed pointer can not be
+    //   [unsigned] less than the base pointer, unless it overflowed.
+    // * If offset was negative, then the computed pointer can not be
+    //   [unsigned] greater than the bas pointere, unless it overflowed.
     auto *PosOrZeroValid = Builder.CreateICmpUGE(ComputedGEP, IntPtr);
     auto *PosOrZeroOffset = Builder.CreateICmpSGE(TotalOffset, Zero);
     llvm::Value *NegValid = Builder.CreateICmpULT(ComputedGEP, IntPtr);
-    ValidGEP = Builder.CreateAnd(
-        Builder.CreateSelect(PosOrZeroOffset, PosOrZeroValid, NegValid),
-        NoOffsetOverflow);
-  } else if (!SignedIndices && !IsSubtraction) {
-    auto *PosOrZeroValid = Builder.CreateICmpUGE(ComputedGEP, IntPtr);
-    ValidGEP = Builder.CreateAnd(PosOrZeroValid, NoOffsetOverflow);
+    ValidGEP = Builder.CreateSelect(PosOrZeroOffset, PosOrZeroValid, NegValid);
+  } else if (!IsSubtraction) {
+    // GEP is computed as `unsigned base + unsigned offset`,  therefore the
+    // computed pointer can not be [unsigned] less than base pointer,
+    // unless there was an overflow.
+    // Equivalent to `@llvm.uadd.with.overflow(%base, %offset)`.
+    ValidGEP = Builder.CreateICmpUGE(ComputedGEP, IntPtr);
   } else {
-    auto *NegOrZeroValid = Builder.CreateICmpULE(ComputedGEP, IntPtr);
-    ValidGEP = Builder.CreateAnd(NegOrZeroValid, NoOffsetOverflow);
+    // GEP is computed as `unsigned base - unsigned offset`, therefore the
+    // computed pointer can not be [unsigned] greater than base pointer,
+    // unless there was an overflow.
+    // Equivalent to `@llvm.usub.with.overflow(%base, sub(0, %offset))`.
+    ValidGEP = Builder.CreateICmpULE(ComputedGEP, IntPtr);
   }
+  ValidGEP = Builder.CreateAnd(ValidGEP, NoOffsetOverflow);
 
   llvm::Constant *StaticArgs[] = {EmitCheckSourceLocation(Loc)};
   // Pass the computed GEP to the runtime to avoid emitting poisoned arguments.

More information about the cfe-commits mailing list