[flang-commits] [flang] [flang][TBAA] fix unsafe optional deref after #170908 (PR #172033)

via flang-commits flang-commits at lists.llvm.org
Fri Dec 12 08:22:52 PST 2025 

https://github.com/jeanPerier updated https://github.com/llvm/llvm-project/pull/172033

>From 042eadb8e4c89db6d21027e7ea32f99721d7be2e Mon Sep 17 00:00:00 2001
From: Jean Perier <jperier at nvidia.com>
Date: Fri, 12 Dec 2025 06:44:13 -0800
Subject: [PATCH 1/3] [flang][TBAA] fix unsafe optional deref after #170908

---
 .../lib/Optimizer/Transforms/AddAliasTags.cpp |  7 +++-
 .../tbaa-target-inlined-results.fir           | 40 +++++++++++++++++++
 2 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 flang/test/Transforms/tbaa-target-inlined-results.fir

diff --git a/flang/lib/Optimizer/Transforms/AddAliasTags.cpp b/flang/lib/Optimizer/Transforms/AddAliasTags.cpp
index 558ffa1a80bcf..3718848c05775 100644
--- a/flang/lib/Optimizer/Transforms/AddAliasTags.cpp
+++ b/flang/lib/Optimizer/Transforms/AddAliasTags.cpp
@@ -847,11 +847,16 @@ void AddAliasTagsPass::runOnAliasInterface(fir::FirAliasTagOpInterface op,
       LLVM_DEBUG(llvm::dbgs().indent(2)
                  << "Found reference to POINTER allocation at " << *op << "\n");
       tag = state.getFuncTreeWithScope(func, scopeOp).targetDataTree.getTag();
-    } else if (source.isTarget() && state.attachLocalAllocTag()) {
+    } else if (name && source.isTarget() && state.attachLocalAllocTag()) {
       LLVM_DEBUG(llvm::dbgs().indent(2)
                  << "Found reference to TARGET allocation at " << *op << "\n");
       tag = state.getFuncTreeWithScope(func, scopeOp)
                 .targetDataTree.getTag(*name);
+    } else if (source.isTarget() && state.attachLocalAllocTag()) {
+      LLVM_DEBUG(llvm::dbgs().indent(2)
+                 << "WARN: couldn't find a name for TARGET allocation " << *op
+                 << "\n");
+      tag = state.getFuncTreeWithScope(func, scopeOp).targetDataTree.getTag();
     } else if (name && state.attachLocalAllocTag()) {
       LLVM_DEBUG(llvm::dbgs().indent(2) << "Found reference to allocation "
                                         << name << " at " << *op << "\n");
diff --git a/flang/test/Transforms/tbaa-target-inlined-results.fir b/flang/test/Transforms/tbaa-target-inlined-results.fir
new file mode 100644
index 0000000000000..b654a0ba6497d
--- /dev/null
+++ b/flang/test/Transforms/tbaa-target-inlined-results.fir
@@ -0,0 +1,40 @@
+// Test that add alias does not crash when it cannot find a name for a local
+// target allocation. This can happen after compiling code with TARGET
+// character results with -mllvm -inline-all where the allocation for the
+// result is an unamed temp that is given the target attribute inside the
+// function being called.
+
+// RUN: fir-opt --fir-add-alias-tags %s | FileCheck %s
+
+module attributes {dlti.dl_spec = #dlti.dl_spec<!llvm.ptr<270> = dense<32> : vector<4xi64>, !llvm.ptr<271> = dense<32> : vector<4xi64>, !llvm.ptr<272> = dense<64> : vector<4xi64>, i8 = dense<[8, 32]> : vector<2xi64>, i16 = dense<[16, 32]> : vector<2xi64>, i64 = dense<64> : vector<2xi64>, i128 = dense<128> : vector<2xi64>, !llvm.ptr = dense<64> : vector<4xi64>, i1 = dense<8> : vector<2xi64>, i32 = dense<32> : vector<2xi64>, f16 = dense<16> : vector<2xi64>, f64 = dense<64> : vector<2xi64>, f128 = dense<128> : vector<2xi64>, "dlti.endianness" = "little", "dlti.mangling_mode" = "e", "dlti.legal_int_widths" = array<i32: 32, 64>, "dlti.stack_alignment" = 128 : i64, "dlti.function_pointer_alignment" = #dlti.function_pointer_alignment<32, function_dependent = true>>, fir.defaultkind = "a1c4d8i4l4r4", fir.kindmap = "", llvm.data_layout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128-Fn32"} {
+  func.func @_QMmPfoo(%arg0: !fir.boxchar<1> {fir.bindc_name = "x"}, %arg1: !fir.boxchar<1> {fir.bindc_name = "c"}) {
+    %c1 = arith.constant 1 : index
+    %0 = fir.alloca !fir.char<1> {bindc_name = ".result"}
+    %1 = fir.dummy_scope : !fir.dscope
+    %9 = fir.dummy_scope : !fir.dscope
+    %10 = fir.declare %0 typeparams %c1 {fortran_attrs = #fir.var_attrs<target>, uniq_name = "_QMmFbarEbar"} : (!fir.ref<!fir.char<1>>, index) -> !fir.ref<!fir.char<1>>
+    %11 = fir.address_of(@_QQclX61) : !fir.ref<!fir.char<1>>
+    %12 = fir.declare %11 typeparams %c1 {fortran_attrs = #fir.var_attrs<parameter>, uniq_name = "_QQclX61"} : (!fir.ref<!fir.char<1>>, index) -> !fir.ref<!fir.char<1>>
+    %13 = fir.load %12 : !fir.ref<!fir.char<1>>
+    fir.store %13 to %10 : !fir.ref<!fir.char<1>>
+    return
+  }
+  fir.global linkonce @_QQclX61 constant : !fir.char<1> {
+    %0 = fir.string_lit "a"(1) : !fir.char<1>
+    fir.has_value %0 : !fir.char<1>
+  }
+}
+
+
+// CHECK: #[[TBAA_ROOT:.*]] = #llvm.tbaa_root<id = "Flang function root _QMmPfoo - Scope 1">
+// CHECK: #[[TBAA_ROOT1:.*]] = #llvm.tbaa_root<id = "Flang function root _QMmPfoo">
+// CHECK: #[[TBAA_TYPE_DESC:.*]] = #llvm.tbaa_type_desc<id = "any access", members = {<#[[TBAA_ROOT]], 0>}>
+// CHECK: #[[TBAA_TYPE_DESC1:.*]] = #llvm.tbaa_type_desc<id = "any access", members = {<#[[TBAA_ROOT1]], 0>}>
+// CHECK: #[[TBAA_TYPE_DESC2:.*]] = #llvm.tbaa_type_desc<id = "any data access", members = {<#[[TBAA_TYPE_DESC]], 0>}>
+// CHECK: #[[TBAA_TYPE_DESC3:.*]] = #llvm.tbaa_type_desc<id = "any data access", members = {<#[[TBAA_TYPE_DESC1]], 0>}>
+// CHECK: #[[TBAA_TYPE_DESC4:.*]] = #llvm.tbaa_type_desc<id = "global data", members = {<#[[TBAA_TYPE_DESC2]], 0>}>
+// CHECK: #[[TBAA_TYPE_DESC5:.*]] = #llvm.tbaa_type_desc<id = "target data", members = {<#[[TBAA_TYPE_DESC3, 0>}>
+// CHECK: #[[TBAA_TAG:.*]] = #llvm.tbaa_tag<base_type = #[[TBAA_TYPE_DESC5]], access_type = #[[TBAA_TYPE_DESC5]], offset = 0>
+
+// CHECK-LABEL: func.func @_QMmPfoo
+// CHECK: fir.store %{{.*}} to %{{.*}} : !fir.ref<!fir.char<1>> {tbaa = [#[[TBAA_TAG]]]}

>From 17d3d79d7acf346b6b28e67c5c6060adaef0dfd6 Mon Sep 17 00:00:00 2001
From: Jean Perier <jperier at nvidia.com>
Date: Fri, 12 Dec 2025 08:19:42 -0800
Subject: [PATCH 2/3] push with correct test

---
 flang/test/Transforms/tbaa-target-inlined-results.fir | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/flang/test/Transforms/tbaa-target-inlined-results.fir b/flang/test/Transforms/tbaa-target-inlined-results.fir
index b654a0ba6497d..f7121012684b0 100644
--- a/flang/test/Transforms/tbaa-target-inlined-results.fir
+++ b/flang/test/Transforms/tbaa-target-inlined-results.fir
@@ -33,8 +33,8 @@ module attributes {dlti.dl_spec = #dlti.dl_spec<!llvm.ptr<270> = dense<32> : vec
 // CHECK: #[[TBAA_TYPE_DESC2:.*]] = #llvm.tbaa_type_desc<id = "any data access", members = {<#[[TBAA_TYPE_DESC]], 0>}>
 // CHECK: #[[TBAA_TYPE_DESC3:.*]] = #llvm.tbaa_type_desc<id = "any data access", members = {<#[[TBAA_TYPE_DESC1]], 0>}>
 // CHECK: #[[TBAA_TYPE_DESC4:.*]] = #llvm.tbaa_type_desc<id = "global data", members = {<#[[TBAA_TYPE_DESC2]], 0>}>
-// CHECK: #[[TBAA_TYPE_DESC5:.*]] = #llvm.tbaa_type_desc<id = "target data", members = {<#[[TBAA_TYPE_DESC3, 0>}>
+// CHECK: #[[TBAA_TYPE_DESC5:.*]] = #llvm.tbaa_type_desc<id = "target data", members = {<#[[TBAA_TYPE_DESC3]], 0>}>
 // CHECK: #[[TBAA_TAG:.*]] = #llvm.tbaa_tag<base_type = #[[TBAA_TYPE_DESC5]], access_type = #[[TBAA_TYPE_DESC5]], offset = 0>
 
 // CHECK-LABEL: func.func @_QMmPfoo
-// CHECK: fir.store %{{.*}} to %{{.*}} : !fir.ref<!fir.char<1>> {tbaa = [#[[TBAA_TAG]]]}
+// CHECK: fir.store %{{.*}} to %{{.*}} {tbaa = [#[[TBAA_TAG]]]} : !fir.ref<!fir.char<1>>

>From ef838001bfd613523bdc260f3dcf887db4026aff Mon Sep 17 00:00:00 2001
From: Jean Perier <jperier at nvidia.com>
Date: Fri, 12 Dec 2025 08:22:34 -0800
Subject: [PATCH 3/3] typo in test comment

---
 flang/test/Transforms/tbaa-target-inlined-results.fir | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/flang/test/Transforms/tbaa-target-inlined-results.fir b/flang/test/Transforms/tbaa-target-inlined-results.fir
index f7121012684b0..b2919804abdd6 100644
--- a/flang/test/Transforms/tbaa-target-inlined-results.fir
+++ b/flang/test/Transforms/tbaa-target-inlined-results.fir
@@ -1,7 +1,7 @@
-// Test that add alias does not crash when it cannot find a name for a local
-// target allocation. This can happen after compiling code with TARGET
-// character results with -mllvm -inline-all where the allocation for the
-// result is an unamed temp that is given the target attribute inside the
+// Test that fir-add-alias-tags pass does not crash when it cannot find a name
+// for a local target allocation. This can happen after compiling code with
+// TARGET character results with `-mllvm -inline-all` where the allocation for
+// the result is an unnamed temp that is given the target attribute inside the
 // function being called.
 
 // RUN: fir-opt --fir-add-alias-tags %s | FileCheck %s

More information about the flang-commits mailing list