[PATCH] D36236: [SelectionDAG] Resolve PR33978.

Simon Dardis via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Wed Aug 2 12:56:45 PDT 2017 

sdardis created this revision.

https://reviews.llvm.org/rL306209 taught SelectionDAG how to add the dereferenceable flag when
expanding memcpy and memmove. The fix however contained a nit where
the offset + size was constructed as an APInt of PointerSize rather
than PointerSizeInBits.

This lead to isDereferenceableAndAlignedPointer() get truncated values or
values which would be sign extended within that function leading to
incorrect results.

Thanks to Alex Crichton for reporting the issue!

This resolves PR33978.


Repository:
  rL LLVM

https://reviews.llvm.org/D36236

Files:
  lib/CodeGen/MachineInstr.cpp
  test/CodeGen/Mips/pr33978.ll


Index: test/CodeGen/Mips/pr33978.ll
===================================================================
--- /dev/null
+++ test/CodeGen/Mips/pr33978.ll
@@ -0,0 +1,20 @@
+; RUN: llc -march=mips -mcpu=mips32r2 < %s -o /dev/null
+
+; Test that SelectionDAG does not crash during DAGCombine when two pointers
+; to the stack match with differing bases and offsets when expanding memcpy.
+; This could result in one of the pointers being considered dereferenceable
+; and other not.
+
+define void @foo(i8*) {
+start:
+  %a = alloca [22 x i8]
+  %b = alloca [22 x i8]
+  %c = bitcast [22 x i8]* %a to i8*
+  %d = getelementptr inbounds [22 x i8], [22 x i8]* %b, i32 0, i32 2
+  call void @llvm.memcpy.p0i8.p0i8.i32(i8* %c, i8* %d, i32 20, i32 1, i1 false)
+  %e = getelementptr inbounds [22 x i8], [22 x i8]* %b, i32 0, i32 6
+  call void @llvm.memcpy.p0i8.p0i8.i32(i8* %0, i8* %e, i32 12, i32 1, i1 false)
+  ret void
+}
+
+declare void @llvm.memcpy.p0i8.p0i8.i32(i8*, i8*, i32, i32, i1)
Index: lib/CodeGen/MachineInstr.cpp
===================================================================
--- lib/CodeGen/MachineInstr.cpp
+++ lib/CodeGen/MachineInstr.cpp
@@ -581,10 +581,8 @@
   if (BasePtr == nullptr)
     return false;
 
-  return isDereferenceableAndAlignedPointer(BasePtr, 1,
-                                            APInt(DL.getPointerSize(),
-                                                  Offset + Size),
-                                            DL);
+  return isDereferenceableAndAlignedPointer(
+      BasePtr, 1, APInt(DL.getPointerSizeInBits(), Offset + Size), DL);
 }
 
 /// getConstantPool - Return a MachinePointerInfo record that refers to the


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D36236.109398.patch
Type: text/x-patch
Size: 1669 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20170802/69e99afe/attachment.bin>

More information about the llvm-commits mailing list