[llvm] 829b29b - [MemoryLocation] strcat/strncat/strcpy read/write after their args.

Florian Hahn via llvm-commits llvm-commits at lists.llvm.org
Fri Dec 3 00:48:41 PST 2021 

Author: Florian Hahn
Date: 2021-12-03T08:48:23Z
New Revision: 829b29b619f3dbbf767833867d027bba23dabb26

URL: https://github.com/llvm/llvm-project/commit/829b29b619f3dbbf767833867d027bba23dabb26
DIFF: https://github.com/llvm/llvm-project/commit/829b29b619f3dbbf767833867d027bba23dabb26.diff

LOG: [MemoryLocation] strcat/strncat/strcpy read/write after their args.

strcpy/strcat/strncat access memory starting from the passed in
pointers. Construct memory locations for their args using getAfter.

Discussed in D114872.

Reviewed By: reames

Differential Revision: https://reviews.llvm.org/D114969

Added: 
    

Modified: 
    llvm/lib/Analysis/MemoryLocation.cpp
    llvm/test/Analysis/BasicAA/libfuncs.ll
    llvm/test/Transforms/DeadStoreElimination/libcalls.ll

Removed: 
    


################################################################################
diff  --git a/llvm/lib/Analysis/MemoryLocation.cpp b/llvm/lib/Analysis/MemoryLocation.cpp
index 854ba83bd34a5..baf70565e9c41 100644
--- a/llvm/lib/Analysis/MemoryLocation.cpp
+++ b/llvm/lib/Analysis/MemoryLocation.cpp
@@ -213,6 +213,12 @@ MemoryLocation MemoryLocation::getForArgument(const CallBase *Call,
   LibFunc F;
   if (TLI && TLI->getLibFunc(*Call, F) && TLI->has(F)) {
     switch (F) {
+    case LibFunc_strcpy:
+    case LibFunc_strcat:
+    case LibFunc_strncat:
+      assert((ArgIdx == 0 || ArgIdx == 1) && "Invalid argument index for str function");
+      return MemoryLocation::getAfter(Arg, AATags);
+
     case LibFunc_memset_chk: {
       assert(ArgIdx == 0 && "Invalid argument index for memset_chk");
       LocationSize Size = LocationSize::afterPointer();

diff  --git a/llvm/test/Analysis/BasicAA/libfuncs.ll b/llvm/test/Analysis/BasicAA/libfuncs.ll
index c9c457c7a4cfa..fc8d5b50b8726 100644
--- a/llvm/test/Analysis/BasicAA/libfuncs.ll
+++ b/llvm/test/Analysis/BasicAA/libfuncs.ll
@@ -132,8 +132,8 @@ declare i8* @strcat(i8*, i8*)
 
 define i8* @test_strcat_read_write_after(i8* noalias %a, i8* noalias %b) {
 ; CHECK-LABEL: Function: test_strcat_read_write_after
-; CHECK:       Both ModRef:  Ptr: i8* %a	<->  %res = tail call i8* @strcat(i8* %a.gep.1, i8* %b.gep.1)
-; CHECK-NEXT:  Just Ref:  Ptr: i8* %b	<->  %res = tail call i8* @strcat(i8* %a.gep.1, i8* %b.gep.1)
+; CHECK:       NoModRef:  Ptr: i8* %a	<->  %res = tail call i8* @strcat(i8* %a.gep.1, i8* %b.gep.1)
+; CHECK-NEXT:  NoModRef:  Ptr: i8* %b	<->  %res = tail call i8* @strcat(i8* %a.gep.1, i8* %b.gep.1)
 ; CHECK-NEXT:  Both ModRef:  Ptr: i8* %a.gep.1	<->  %res = tail call i8* @strcat(i8* %a.gep.1, i8* %b.gep.1)
 ; CHECK-NEXT:  Just Ref:  Ptr: i8* %b.gep.1	<->  %res = tail call i8* @strcat(i8* %a.gep.1, i8* %b.gep.1)
 ; CHECK-NEXT:  Both ModRef:  Ptr: i8* %res	<->  %res = tail call i8* @strcat(i8* %a.gep.1, i8* %b.gep.1)
@@ -157,8 +157,8 @@ declare i8* @strncat(i8*, i8*, i64)
 
 define i8* @test_strncat_read_write_after(i8* noalias %a, i8* noalias %b, i64 %n) {
 ; CHECK-LABEL: Function: test_strncat_read_write_after
-; CHECK:       Both ModRef:  Ptr: i8* %a	<->  %res = tail call i8* @strncat(i8* %a.gep.1, i8* %b.gep.1, i64 %n)
-; CHECK-NEXT:  Just Ref:  Ptr: i8* %b	<->  %res = tail call i8* @strncat(i8* %a.gep.1, i8* %b.gep.1, i64 %n)
+; CHECK:       NoModRef:  Ptr: i8* %a	<->  %res = tail call i8* @strncat(i8* %a.gep.1, i8* %b.gep.1, i64 %n)
+; CHECK-NEXT:  NoModRef:  Ptr: i8* %b	<->  %res = tail call i8* @strncat(i8* %a.gep.1, i8* %b.gep.1, i64 %n)
 ; CHECK-NEXT:  Both ModRef:  Ptr: i8* %a.gep.1	<->  %res = tail call i8* @strncat(i8* %a.gep.1, i8* %b.gep.1, i64 %n)
 ; CHECK-NEXT:  Just Ref:  Ptr: i8* %b.gep.1	<->  %res = tail call i8* @strncat(i8* %a.gep.1, i8* %b.gep.1, i64 %n)
 ; CHECK-NEXT:  Both ModRef:  Ptr: i8* %res	<->  %res = tail call i8* @strncat(i8* %a.gep.1, i8* %b.gep.1, i64 %n)
@@ -182,8 +182,8 @@ declare i8* @strcpy(i8*, i8*)
 
 define i8* @test_strcpy_read_write_after(i8* noalias %a, i8* noalias %b) {
 ; CHECK-LABEL: Function: test_strcpy_read_write_after
-; CHECK:       Just Mod:  Ptr: i8* %a	<->  %res = tail call i8* @strcpy(i8* %a.gep.1, i8* %b.gep.1)
-; CHECK-NEXT:  Just Ref:  Ptr: i8* %b	<->  %res = tail call i8* @strcpy(i8* %a.gep.1, i8* %b.gep.1)
+; CHECK:       NoModRef:  Ptr: i8* %a	<->  %res = tail call i8* @strcpy(i8* %a.gep.1, i8* %b.gep.1)
+; CHECK-NEXT:  NoModRef:  Ptr: i8* %b	<->  %res = tail call i8* @strcpy(i8* %a.gep.1, i8* %b.gep.1)
 ; CHECK-NEXT:  Just Mod:  Ptr: i8* %a.gep.1	<->  %res = tail call i8* @strcpy(i8* %a.gep.1, i8* %b.gep.1)
 ; CHECK-NEXT:  Just Ref:  Ptr: i8* %b.gep.1	<->  %res = tail call i8* @strcpy(i8* %a.gep.1, i8* %b.gep.1)
 ; CHECK-NEXT:  Just Mod:  Ptr: i8* %res	<->  %res = tail call i8* @strcpy(i8* %a.gep.1, i8* %b.gep.1)

diff  --git a/llvm/test/Transforms/DeadStoreElimination/libcalls.ll b/llvm/test/Transforms/DeadStoreElimination/libcalls.ll
index 06ae9d04ad199..c0aa4c14fc1b4 100644
--- a/llvm/test/Transforms/DeadStoreElimination/libcalls.ll
+++ b/llvm/test/Transforms/DeadStoreElimination/libcalls.ll
@@ -18,7 +18,6 @@ define void @test1(i8* %src) {
 define void @strcpy_reads_after(i8* noalias %dest, i8* %src) {
 ; CHECK-LABEL: @strcpy_reads_after(
 ; CHECK-NEXT:    [[SRC_2:%.*]] = getelementptr inbounds i8, i8* [[SRC:%.*]], i64 1
-; CHECK-NEXT:    store i8 1, i8* [[SRC]], align 1
 ; CHECK-NEXT:    store i8 99, i8* [[SRC_2]], align 1
 ; CHECK-NEXT:    [[SRC_1:%.*]] = getelementptr inbounds i8, i8* [[SRC]], i64 1
 ; CHECK-NEXT:    [[CALL:%.*]] = call i8* @strcpy(i8* [[DEST:%.*]], i8* [[SRC_1]])

More information about the llvm-commits mailing list