[PATCH] D114969: [MemoryLocation] strcat/strncat/strcpy read/write after their args.

Florian Hahn via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Thu Dec 2 09:40:30 PST 2021 

fhahn created this revision.
fhahn added reviewers: fwolff, xbolva00, efriedma, reames, nikic.
Herald added a subscriber: hiraditya.
fhahn requested review of this revision.
Herald added a project: LLVM.

strcpy/strcat/strncat access memory starting from the passed in
pointers. Construct memory locations for their args using getAfter.

Discussed in D114872 <https://reviews.llvm.org/D114872>.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D114969

Files:
  llvm/lib/Analysis/MemoryLocation.cpp
  llvm/test/Analysis/BasicAA/libfuncs.ll
  llvm/test/Transforms/DeadStoreElimination/libcalls.ll


Index: llvm/test/Transforms/DeadStoreElimination/libcalls.ll
===================================================================
--- llvm/test/Transforms/DeadStoreElimination/libcalls.ll
+++ llvm/test/Transforms/DeadStoreElimination/libcalls.ll
@@ -18,7 +18,6 @@
 define void @strcpy_reads_after(i8* noalias %dest, i8* %src) {
 ; CHECK-LABEL: @strcpy_reads_after(
 ; CHECK-NEXT:    [[SRC_2:%.*]] = getelementptr inbounds i8, i8* [[SRC:%.*]], i64 1
-; CHECK-NEXT:    store i8 1, i8* [[SRC]], align 1
 ; CHECK-NEXT:    store i8 99, i8* [[SRC_2]], align 1
 ; CHECK-NEXT:    [[SRC_1:%.*]] = getelementptr inbounds i8, i8* [[SRC]], i64 1
 ; CHECK-NEXT:    [[CALL:%.*]] = call i8* @strcpy(i8* [[DEST:%.*]], i8* [[SRC_1]])
Index: llvm/test/Analysis/BasicAA/libfuncs.ll
===================================================================
--- llvm/test/Analysis/BasicAA/libfuncs.ll
+++ llvm/test/Analysis/BasicAA/libfuncs.ll
@@ -132,8 +132,8 @@
 
 define i8* @test_strcat_read_write_after(i8* noalias %a, i8* noalias %b) {
 ; CHECK-LABEL: Function: test_strcat_read_write_after
-; CHECK:       Both ModRef:  Ptr: i8* %a	<->  %res = tail call i8* @strcat(i8* %a.gep.1, i8* %b.gep.1)
-; CHECK-NEXT:  Just Ref:  Ptr: i8* %b	<->  %res = tail call i8* @strcat(i8* %a.gep.1, i8* %b.gep.1)
+; CHECK:       NoModRef:  Ptr: i8* %a	<->  %res = tail call i8* @strcat(i8* %a.gep.1, i8* %b.gep.1)
+; CHECK-NEXT:  NoModRef:  Ptr: i8* %b	<->  %res = tail call i8* @strcat(i8* %a.gep.1, i8* %b.gep.1)
 ; CHECK-NEXT:  Both ModRef:  Ptr: i8* %a.gep.1	<->  %res = tail call i8* @strcat(i8* %a.gep.1, i8* %b.gep.1)
 ; CHECK-NEXT:  Just Ref:  Ptr: i8* %b.gep.1	<->  %res = tail call i8* @strcat(i8* %a.gep.1, i8* %b.gep.1)
 ; CHECK-NEXT:  Both ModRef:  Ptr: i8* %res	<->  %res = tail call i8* @strcat(i8* %a.gep.1, i8* %b.gep.1)
@@ -157,8 +157,8 @@
 
 define i8* @test_strncat_read_write_after(i8* noalias %a, i8* noalias %b, i64 %n) {
 ; CHECK-LABEL: Function: test_strncat_read_write_after
-; CHECK:       Both ModRef:  Ptr: i8* %a	<->  %res = tail call i8* @strncat(i8* %a.gep.1, i8* %b.gep.1, i64 %n)
-; CHECK-NEXT:  Just Ref:  Ptr: i8* %b	<->  %res = tail call i8* @strncat(i8* %a.gep.1, i8* %b.gep.1, i64 %n)
+; CHECK:       NoModRef:  Ptr: i8* %a	<->  %res = tail call i8* @strncat(i8* %a.gep.1, i8* %b.gep.1, i64 %n)
+; CHECK-NEXT:  NoModRef:  Ptr: i8* %b	<->  %res = tail call i8* @strncat(i8* %a.gep.1, i8* %b.gep.1, i64 %n)
 ; CHECK-NEXT:  Both ModRef:  Ptr: i8* %a.gep.1	<->  %res = tail call i8* @strncat(i8* %a.gep.1, i8* %b.gep.1, i64 %n)
 ; CHECK-NEXT:  Just Ref:  Ptr: i8* %b.gep.1	<->  %res = tail call i8* @strncat(i8* %a.gep.1, i8* %b.gep.1, i64 %n)
 ; CHECK-NEXT:  Both ModRef:  Ptr: i8* %res	<->  %res = tail call i8* @strncat(i8* %a.gep.1, i8* %b.gep.1, i64 %n)
@@ -182,8 +182,8 @@
 
 define i8* @test_strcpy_read_write_after(i8* noalias %a, i8* noalias %b) {
 ; CHECK-LABEL: Function: test_strcpy_read_write_after
-; CHECK:       Just Mod:  Ptr: i8* %a	<->  %res = tail call i8* @strcpy(i8* %a.gep.1, i8* %b.gep.1)
-; CHECK-NEXT:  Just Ref:  Ptr: i8* %b	<->  %res = tail call i8* @strcpy(i8* %a.gep.1, i8* %b.gep.1)
+; CHECK:       NoModRef:  Ptr: i8* %a	<->  %res = tail call i8* @strcpy(i8* %a.gep.1, i8* %b.gep.1)
+; CHECK-NEXT:  NoModRef:  Ptr: i8* %b	<->  %res = tail call i8* @strcpy(i8* %a.gep.1, i8* %b.gep.1)
 ; CHECK-NEXT:  Just Mod:  Ptr: i8* %a.gep.1	<->  %res = tail call i8* @strcpy(i8* %a.gep.1, i8* %b.gep.1)
 ; CHECK-NEXT:  Just Ref:  Ptr: i8* %b.gep.1	<->  %res = tail call i8* @strcpy(i8* %a.gep.1, i8* %b.gep.1)
 ; CHECK-NEXT:  Just Mod:  Ptr: i8* %res	<->  %res = tail call i8* @strcpy(i8* %a.gep.1, i8* %b.gep.1)
Index: llvm/lib/Analysis/MemoryLocation.cpp
===================================================================
--- llvm/lib/Analysis/MemoryLocation.cpp
+++ llvm/lib/Analysis/MemoryLocation.cpp
@@ -213,6 +213,12 @@
   LibFunc F;
   if (TLI && TLI->getLibFunc(*Call, F) && TLI->has(F)) {
     switch (F) {
+    case LibFunc_strcpy:
+    case LibFunc_strcat:
+    case LibFunc_strncat:
+      assert((ArgIdx == 0 || ArgIdx == 1) && "Invalid argument index for str function");
+      return MemoryLocation::getAfter(Arg, AATags);
+
     case LibFunc_memset_chk: {
       assert(ArgIdx == 0 && "Invalid argument index for memset_chk");
       LocationSize Size = LocationSize::afterPointer();


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D114969.391363.patch
Type: text/x-patch
Size: 4318 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20211202/e82f7e0b/attachment.bin>

More information about the llvm-commits mailing list