[PATCH] D39125: [inlineasm] Fix crash when number of matched input constraint operands overflows signed char

Daniil Fukalov via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Sat Oct 21 14:28:54 PDT 2017


dfukalov updated this revision to Diff 119770.

https://reviews.llvm.org/D39125

Files:
  include/llvm/IR/InlineAsm.h
  lib/IR/InlineAsm.cpp
  test/CodeGen/AMDGPU/InlineAsmCrash.ll


Index: test/CodeGen/AMDGPU/InlineAsmCrash.ll
===================================================================
--- /dev/null
+++ test/CodeGen/AMDGPU/InlineAsmCrash.ll
@@ -0,0 +1,8 @@
+; RUN: llc -march=amdgcn -verify-machineinstrs < %s
+
+define void @foo(i32* %ptr) {
+  %tmp = tail call { i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32 } asm "nop", "=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,=v,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65"(i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2, i32 2)
+  %tmp2 = extractvalue { i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32, i32 } %tmp, 0
+  store i32 %tmp2, i32* %ptr, align 4
+  ret void
+}
Index: lib/IR/InlineAsm.cpp
===================================================================
--- lib/IR/InlineAsm.cpp
+++ lib/IR/InlineAsm.cpp
@@ -163,6 +163,7 @@
           return true;
         // Note that operand #n has a matching input.
         scInfo.MatchingInput = ConstraintsSoFar.size();
+        assert(scInfo.MatchingInput>=0);
       } else {
         if (ConstraintsSoFar[N].hasMatchingInput() &&
             (size_t)ConstraintsSoFar[N].MatchingInput !=
@@ -170,6 +171,7 @@
           return true;
         // Note that operand #n has a matching input.
         ConstraintsSoFar[N].MatchingInput = ConstraintsSoFar.size();
+        assert(ConstraintsSoFar[N].MatchingInput>=0);
         }
     } else if (*I == '|') {
       multipleAlternativeIndex++;
Index: include/llvm/IR/InlineAsm.h
===================================================================
--- include/llvm/IR/InlineAsm.h
+++ include/llvm/IR/InlineAsm.h
@@ -101,7 +101,7 @@
     /// input constraint is required to match it (e.g. "0").  The value is the
     /// constraint number that matches this one (for example, if this is
     /// constraint #0 and constraint #4 has the value "0", this will be 4).
-    signed char MatchingInput = -1;
+    int MatchingInput = -1;

     /// Code - The constraint code, either the register name (in braces) or the
     /// constraint letter/number.
@@ -128,7 +128,7 @@
     /// input constraint is required to match it (e.g. "0").  The value is the
     /// constraint number that matches this one (for example, if this is
     /// constraint #0 and constraint #4 has the value "0", this will be 4).
-    signed char MatchingInput = -1;
+    int MatchingInput = -1;

     /// hasMatchingInput - Return true if this is an output constraint that has
     /// a matching input constraint.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D39125.119770.patch
Type: text/x-patch
Size: 3751 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20171021/08cadd78/attachment.bin>


More information about the llvm-commits mailing list