<div dir="ltr"><div>I think the flags for nuw/nsw are stored in the subclass data in the Instruction base class so it shouldn't write any arbitrary data. It could corrupt the subclass data if it is used for another purpose, but the sanitizers wound't be able to catch that.</div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">~Craig</div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jun 7, 2022 at 1:31 PM Philip Reames via llvm-commits <<a href="mailto:llvm-commits@lists.llvm.org">llvm-commits@lists.llvm.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
Author: Philip Reames<br>
Date: 2022-06-07T13:27:13-07:00<br>
New Revision: 89c4b29e8d35ec352019d828e546bea3850403df<br>
<br>
URL: <a href="https://github.com/llvm/llvm-project/commit/89c4b29e8d35ec352019d828e546bea3850403df" rel="noreferrer" target="_blank">https://github.com/llvm/llvm-project/commit/89c4b29e8d35ec352019d828e546bea3850403df</a><br>
DIFF: <a href="https://github.com/llvm/llvm-project/commit/89c4b29e8d35ec352019d828e546bea3850403df.diff" rel="noreferrer" target="_blank">https://github.com/llvm/llvm-project/commit/89c4b29e8d35ec352019d828e546bea3850403df.diff</a><br>
<br>
LOG: [GuardWidening] Fix a nasty cast bug in c2eccc6<br>
<br>
c2eccc6 introduced a call to etHasNoUnsignedWrap which implicitly assumes that Inst is a OverflowingBinaryOperator.  This is frequently untrue, but was not caught because cast<Ty>(X) has been broken, see <a href="https://discourse.llvm.org/t/cast-x-is-broken-implications-and-proposal-to-address/63033" rel="noreferrer" target="_blank">https://discourse.llvm.org/t/cast-x-is-broken-implications-and-proposal-to-address/63033</a> for context.<br>
<br>
I considered reverting this, but since doing so re-introduces a nasty miscompile of its own, I decided to fix forward instead.<br>
<br>
I'll note that this is a particularly nasty form of the cast<Ty>(X) issue.  Because the cast was succeeding unexpected, we were writing data to instructions which weren't OBOs.  This could result in near arbitrary data or memory corruption.  I'm a bit shocked that the sanitizers didn't find this TBH.<br>
<br>
Added: <br>
<br>
<br>
Modified: <br>
    llvm/lib/Transforms/Scalar/GuardWidening.cpp<br>
<br>
Removed: <br>
<br>
<br>
<br>
################################################################################<br>
diff  --git a/llvm/lib/Transforms/Scalar/GuardWidening.cpp b/llvm/lib/Transforms/Scalar/GuardWidening.cpp<br>
index 5032f3106d50c..af6062d142f07 100644<br>
--- a/llvm/lib/Transforms/Scalar/GuardWidening.cpp<br>
+++ b/llvm/lib/Transforms/Scalar/GuardWidening.cpp<br>
@@ -495,9 +495,8 @@ void GuardWideningImpl::makeAvailableAt(Value *V, Instruction *Loc) const {<br>
     makeAvailableAt(Op, Loc);<br>
<br>
   Inst->moveBefore(Loc);<br>
-  // If we moved instruction before guard we must clean nuw, nsw flags.<br>
-  Inst->setHasNoUnsignedWrap(false);<br>
-  Inst->setHasNoSignedWrap(false);<br>
+  // If we moved instruction before guard we must clean poison generating flags.<br>
+  Inst->dropPoisonGeneratingFlags();<br>
 }<br>
<br>
 bool GuardWideningImpl::widenCondCommon(Value *Cond0, Value *Cond1,<br>
<br>
<br>
<br>
_______________________________________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a><br>
<a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" rel="noreferrer" target="_blank">https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits</a><br>
</blockquote></div>