[llvm-branch-commits] [llvm] release/22.x: [SafeStack] Fix crashing with scalable TypeSizes (#180547) (PR #203306)
via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Thu Jun 11 08:26:41 PDT 2026
https://github.com/llvmbot created https://github.com/llvm/llvm-project/pull/203306
Backport 537f3d3a7588d226b86590f97c4401107585e1ce
Requested by: @brad0
>From 914253bebf15d6e40d4f1e5a275bf89d3ce838dd Mon Sep 17 00:00:00 2001
From: Jakob Koschel <jakobkoschel at google.com>
Date: Thu, 5 Mar 2026 01:11:44 +0100
Subject: [PATCH] [SafeStack] Fix crashing with scalable TypeSizes (#180547)
On e.g. aarch64 the TypeSize of scalar types can have a size that is not
known at compile time.
Currently when safestack occurs those it simply crashes as described in
https://github.com/llvm/llvm-project/issues/175868.
Since we cannot verify the size at compile time we simply consider the
access to be unsafe (in regards to safestack).
Reproducer:
```
#include <arm_sve.h>
int main() {
svint32_t vec = svindex_s32(0, 1);
svint32_t res = svadd_s32_z(svptrue_b32(), vec, vec);
int32_t buffer[1024];
svst1_s32(svptrue_b32(), buffer, res);
return 0;
}
```
(cherry picked from commit 537f3d3a7588d226b86590f97c4401107585e1ce)
---
llvm/lib/CodeGen/SafeStack.cpp | 12 ++++++++++++
llvm/test/CodeGen/AArch64/safestack_scalar.ll | 17 +++++++++++++++++
2 files changed, 29 insertions(+)
create mode 100644 llvm/test/CodeGen/AArch64/safestack_scalar.ll
diff --git a/llvm/lib/CodeGen/SafeStack.cpp b/llvm/lib/CodeGen/SafeStack.cpp
index 1c109a1f9fed1..33ffd94e4f8f0 100644
--- a/llvm/lib/CodeGen/SafeStack.cpp
+++ b/llvm/lib/CodeGen/SafeStack.cpp
@@ -176,6 +176,8 @@ class SafeStack {
bool IsMemIntrinsicSafe(const MemIntrinsic *MI, const Use &U,
const Value *AllocaPtr, uint64_t AllocaSize);
+ bool IsAccessSafe(Value *Addr, TypeSize Size, const Value *AllocaPtr,
+ uint64_t AllocaSize);
bool IsAccessSafe(Value *Addr, uint64_t Size, const Value *AllocaPtr,
uint64_t AllocaSize);
@@ -206,6 +208,16 @@ uint64_t SafeStack::getStaticAllocaAllocationSize(const AllocaInst* AI) {
return Size;
}
+bool SafeStack::IsAccessSafe(Value *Addr, TypeSize AccessSize,
+ const Value *AllocaPtr, uint64_t AllocaSize) {
+ if (AccessSize.isScalable()) {
+ // In case we don't know the size at compile time we cannot verify if the
+ // access is safe.
+ return false;
+ }
+ return IsAccessSafe(Addr, AccessSize.getFixedValue(), AllocaPtr, AllocaSize);
+}
+
bool SafeStack::IsAccessSafe(Value *Addr, uint64_t AccessSize,
const Value *AllocaPtr, uint64_t AllocaSize) {
const SCEV *AddrExpr = SE.getSCEV(Addr);
diff --git a/llvm/test/CodeGen/AArch64/safestack_scalar.ll b/llvm/test/CodeGen/AArch64/safestack_scalar.ll
new file mode 100644
index 0000000000000..f8675e7a709d3
--- /dev/null
+++ b/llvm/test/CodeGen/AArch64/safestack_scalar.ll
@@ -0,0 +1,17 @@
+; RUN: llc -mtriple=aarch64-linux-gnu -stop-after=safe-stack < %s | FileCheck %s
+
+define void @test_sve() safestack {
+entry:
+ %v = alloca <vscale x 16 x i8>, align 16
+ %val = load <vscale x 16 x i8>, ptr %v
+ ret void
+}
+
+; CHECK-LABEL: define void @test_sve(
+; CHECK: [[USP:%.*]] = load ptr, ptr @__safestack_unsafe_stack_ptr
+; CHECK: [[USST:%.*]] = getelementptr i8, ptr [[USP]], i32 -16
+; CHECK: store ptr [[USST]], ptr @__safestack_unsafe_stack_ptr
+; CHECK: [[PTR:%.*]] = getelementptr i8, ptr [[USP]], i32 -16
+; CHECK: load <vscale x 16 x i8>, ptr [[PTR]]
+; CHECK: store ptr [[USP]], ptr @__safestack_unsafe_stack_ptr
+; CHECK: ret void
More information about the llvm-branch-commits
mailing list