[llvm-bugs] [Bug 32032] New: Combining instructions loses TBAA metadata.

via llvm-bugs llvm-bugs at lists.llvm.org
Tue Feb 21 11:22:29 PST 2017 

http://bugs.llvm.org/show_bug.cgi?id=32032

            Bug ID: 32032
           Summary: Combining instructions loses TBAA metadata.
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Transformation Utilities
          Assignee: unassignedbugs at nondot.org
          Reporter: hardekopf at google.com
                CC: llvm-bugs at lists.llvm.org

Created attachment 18012
  --> http://bugs.llvm.org/attachment.cgi?id=18012&action=edit
Complete LLVM bitcode for C++ source code.

We have encountered a case where we believe TBAA metadata is supposed to be
present, yet it is not there. We hypothesize, given the affected instructions,
that the reason is because two instructions (a load and getelementptr) were
merged and thus lost TBAA metadata. In particular, see
lib/Transforms/Utils/Local.cpp::combineMetadata(), which doesn't handle
MD_tbaa_struct. This is just a guess, though.

Below is the C++ source code and the relevant corresponding LLVM bitcode. The
variable names in the source code are meaningless, the key parts are the struct
accesses in main. The complete LLVM bitcode is attached.

C++ SOURCE:

extern "C" char *source(int label);
extern "C" void sink(char label, char *argument);

struct Foo {
  int fld;
  char *src1;
};

struct Bar {
  char *src2;
  Foo foo;
};

struct Baz {
  Bar bar[2];
};

char *tainted1 = source(1);
char *tainted2 = source(2);

Baz a{{{tainted2, {0, nullptr}}, {nullptr, {1, tainted1}}}};

int main() {
  Baz b = a;

  sink('A', b.bar[1].foo.src1);
  sink('B', b.bar[0].src2);

  return 0;
}

RELEVANT LLVM BITCODE:

define i32 @main() local_unnamed_addr #3 {
  %1 = load i8*, i8** getelementptr inbounds (%struct.Baz, %struct.Baz* @a, i64
0, i32 0, i64 0, i32 0), align 8
  %2 = load i8*, i8** getelementptr inbounds (%struct.Baz, %struct.Baz* @a, i64
0, i32 0, i64 1, i32 1, i32 1), align 8
  tail call void @sink(i8 signext 65, i8* %2)
  tail call void @sink(i8 signext 66, i8* %1)
  ret i32 0
}

We believe that the two load instructions in @main should have TBAA metadata.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170221/33366c24/attachment.html>

More information about the llvm-bugs mailing list