[PATCH] D34311: [InstCombine] Don't replace allocas with globals if we can't prove that it's large enough.

Vitaly Buka via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Tue Jun 20 17:46:32 PDT 2017


vitalybuka added a comment.

In https://reviews.llvm.org/D34311#785988, @efriedma wrote:

> > If we get to "memcpy(z, y, 10);" without "memcpy(y, x, 10);" I'd expect we don't care if "y" is uninitialized bytes or global constant. We will have no buffer overflow which I am trying to fix.
>
> If "this_is_false" is true, the function has undefined behavior, if it's false, it overwrites z with uninitialized memory, which is fine (in IR). But it incorrectly passes the isCompletelyOverwritten() check, so instcombine will transform it to "memcpy(z, x, 10);", which is reading past the end of the global.


Oh, I see now, I didn't noticed that "if" already had overflow.

>> 1. Prove that the constant pointer points to at least sizeof(alloca type) bytes of memory. The loads in the rewritten code are out-of-bounds only if they were out-of-bounds in the original code.

I will try to look into this. Any pointers on how to find available size in the constant? I guess we need to handle the case when memcpy source points into a middle of the global.


https://reviews.llvm.org/D34311





More information about the llvm-commits mailing list