[PATCH] D123628: [InstCombine] Fold memrchr calls with an excessive size to null.

Martin Sebor via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Tue Apr 12 13:33:44 PDT 2022 

msebor created this revision.
Herald added a subscriber: hiraditya.
Herald added a project: All.
msebor requested review of this revision.
Herald added a project: LLVM.
Herald added a subscriber: llvm-commits.

This change implements folding of `memrchr` calls with constant bounds in excess of the size of the source array to null.  This is done in preparation for a subsequent change that assumes the bound is valid.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D123628

Files:
  llvm/lib/Transforms/Utils/SimplifyLibCalls.cpp
  llvm/test/Transforms/InstCombine/memrchr-2.ll


Index: llvm/test/Transforms/InstCombine/memrchr-2.ll
===================================================================
--- llvm/test/Transforms/InstCombine/memrchr-2.ll
+++ llvm/test/Transforms/InstCombine/memrchr-2.ll
@@ -15,8 +15,8 @@
 
 define i8* @fold_memrchr_a12345_1_ui32max_p1(i32 %0) {
 ; CHECK-LABEL: @fold_memrchr_a12345_1_ui32max_p1(
-; CHECK-NEXT:    [[RET:%.*]] = call i8* @memrchr(i8* noundef nonnull dereferenceable(4294967296) getelementptr inbounds ([5 x i8], [5 x i8]* @a12345, i64 0, i64 0), i32 [[TMP0:%.*]], i64 4294967296)
-; CHECK-NEXT:    ret i8* [[RET]]
+; CHECK-NEXT:    ret i8* null
+;
 
   %ptr = getelementptr [5 x i8], [5 x i8]* @a12345, i64 0, i64 0
   %ret = call i8* @memrchr(i8* %ptr, i32 %0, i64 4294967296)
@@ -30,6 +30,7 @@
 ; CHECK-LABEL: @fold_memrchr_ax1_1_ui32max_p2(
 ; CHECK-NEXT:    [[RET:%.*]] = call i8* @memrchr(i8* noundef nonnull dereferenceable(4294967297) getelementptr inbounds ([1 x i8], [1 x i8]* @ax1, i64 0, i64 0), i32 [[TMP0:%.*]], i64 4294967297)
 ; CHECK-NEXT:    ret i8* [[RET]]
+;
 
   %ptr = getelementptr [1 x i8], [1 x i8]* @ax1, i64 0, i64 0
   %ret = call i8* @memrchr(i8* %ptr, i32 %0, i64 4294967297)
@@ -41,8 +42,7 @@
 
 define i8* @fold_memrchr_ax_1_ui32max_p2(i32 %0) {
 ; CHECK-LABEL: @fold_memrchr_ax_1_ui32max_p2(
-; CHECK-NEXT:    [[RET:%.*]] = call i8* @memrchr(i8* noundef nonnull dereferenceable(4294967297) getelementptr inbounds ([5 x i8], [5 x i8]* @a12345, i64 0, i64 0), i32 [[TMP0:%.*]], i64 4294967297)
-; CHECK-NEXT:    ret i8* [[RET]]
+; CHECK-NEXT:    ret i8* null
 ;
 
   %ptr = getelementptr [5 x i8], [5 x i8]* @a12345, i64 0, i64 0
@@ -55,8 +55,8 @@
 
 define i8* @fold_memrchr_a12345_c_6(i32 %0) {
 ; CHECK-LABEL: @fold_memrchr_a12345_c_6(
-; CHECK-NEXT:    [[RET:%.*]] = call i8* @memrchr(i8* noundef nonnull dereferenceable(6) getelementptr inbounds ([5 x i8], [5 x i8]* @a12345, i64 0, i64 0), i32 [[TMP0:%.*]], i64 6)
-; CHECK-NEXT:    ret i8* [[RET]]
+; CHECK-NEXT:    ret i8* null
+;
 
   %ptr = getelementptr [5 x i8], [5 x i8]* @a12345, i64 0, i64 0
   %ret = call i8* @memrchr(i8* %ptr, i32 %0, i64 6)
@@ -68,8 +68,8 @@
 
 define i8* @fold_memrchr_a12345_c_szmax(i32 %0) {
 ; CHECK-LABEL: @fold_memrchr_a12345_c_szmax(
-; CHECK-NEXT:    [[RET:%.*]] = call i8* @memrchr(i8* noundef nonnull dereferenceable(18446744073709551615) getelementptr inbounds ([5 x i8], [5 x i8]* @a12345, i64 0, i64 0), i32 [[TMP0:%.*]], i64 -1)
-; CHECK-NEXT:    ret i8* [[RET]]
+; CHECK-NEXT:    ret i8* null
+;
 
   %ptr = getelementptr [5 x i8], [5 x i8]* @a12345, i64 0, i64 0
   %ret = call i8* @memrchr(i8* %ptr, i32 %0, i64 18446744073709551615)
Index: llvm/lib/Transforms/Utils/SimplifyLibCalls.cpp
===================================================================
--- llvm/lib/Transforms/Utils/SimplifyLibCalls.cpp
+++ llvm/lib/Transforms/Utils/SimplifyLibCalls.cpp
@@ -891,6 +891,18 @@
     }
   }
 
+  StringRef Str;
+  if (!getConstantStringInfo(SrcStr, Str, 0, /*TrimAtNul=*/false))
+    return nullptr;
+
+  uint64_t EndOff = UINT64_MAX;
+  if (LenC) {
+    EndOff = LenC->getZExtValue();
+    if (Str.size() < EndOff)
+      // Fold out-of-bounds accesses to null.
+      return Constant::getNullValue(CI->getType());
+  }
+
   return nullptr;
 }
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D123628.422322.patch
Type: text/x-patch
Size: 3248 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220412/8780e443/attachment.bin>

More information about the llvm-commits mailing list