[PATCH] D123628: [InstCombine] Fold memrchr calls with an excessive size to null.
Martin Sebor via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Apr 12 16:07:41 PDT 2022
msebor updated this revision to Diff 422356.
msebor added a comment.
Add context.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D123628/new/
https://reviews.llvm.org/D123628
Files:
llvm/lib/Transforms/Utils/SimplifyLibCalls.cpp
llvm/test/Transforms/InstCombine/memrchr-2.ll
Index: llvm/test/Transforms/InstCombine/memrchr-2.ll
===================================================================
--- llvm/test/Transforms/InstCombine/memrchr-2.ll
+++ llvm/test/Transforms/InstCombine/memrchr-2.ll
@@ -15,8 +15,8 @@
define i8* @fold_memrchr_a12345_1_ui32max_p1(i32 %0) {
; CHECK-LABEL: @fold_memrchr_a12345_1_ui32max_p1(
-; CHECK-NEXT: [[RET:%.*]] = call i8* @memrchr(i8* noundef nonnull dereferenceable(4294967296) getelementptr inbounds ([5 x i8], [5 x i8]* @a12345, i64 0, i64 0), i32 [[TMP0:%.*]], i64 4294967296)
-; CHECK-NEXT: ret i8* [[RET]]
+; CHECK-NEXT: ret i8* null
+;
%ptr = getelementptr [5 x i8], [5 x i8]* @a12345, i64 0, i64 0
%ret = call i8* @memrchr(i8* %ptr, i32 %0, i64 4294967296)
@@ -30,6 +30,7 @@
; CHECK-LABEL: @fold_memrchr_ax1_1_ui32max_p2(
; CHECK-NEXT: [[RET:%.*]] = call i8* @memrchr(i8* noundef nonnull dereferenceable(4294967297) getelementptr inbounds ([1 x i8], [1 x i8]* @ax1, i64 0, i64 0), i32 [[TMP0:%.*]], i64 4294967297)
; CHECK-NEXT: ret i8* [[RET]]
+;
%ptr = getelementptr [1 x i8], [1 x i8]* @ax1, i64 0, i64 0
%ret = call i8* @memrchr(i8* %ptr, i32 %0, i64 4294967297)
@@ -41,8 +42,7 @@
define i8* @fold_memrchr_ax_1_ui32max_p2(i32 %0) {
; CHECK-LABEL: @fold_memrchr_ax_1_ui32max_p2(
-; CHECK-NEXT: [[RET:%.*]] = call i8* @memrchr(i8* noundef nonnull dereferenceable(4294967297) getelementptr inbounds ([5 x i8], [5 x i8]* @a12345, i64 0, i64 0), i32 [[TMP0:%.*]], i64 4294967297)
-; CHECK-NEXT: ret i8* [[RET]]
+; CHECK-NEXT: ret i8* null
;
%ptr = getelementptr [5 x i8], [5 x i8]* @a12345, i64 0, i64 0
@@ -55,8 +55,8 @@
define i8* @fold_memrchr_a12345_c_6(i32 %0) {
; CHECK-LABEL: @fold_memrchr_a12345_c_6(
-; CHECK-NEXT: [[RET:%.*]] = call i8* @memrchr(i8* noundef nonnull dereferenceable(6) getelementptr inbounds ([5 x i8], [5 x i8]* @a12345, i64 0, i64 0), i32 [[TMP0:%.*]], i64 6)
-; CHECK-NEXT: ret i8* [[RET]]
+; CHECK-NEXT: ret i8* null
+;
%ptr = getelementptr [5 x i8], [5 x i8]* @a12345, i64 0, i64 0
%ret = call i8* @memrchr(i8* %ptr, i32 %0, i64 6)
@@ -68,8 +68,8 @@
define i8* @fold_memrchr_a12345_c_szmax(i32 %0) {
; CHECK-LABEL: @fold_memrchr_a12345_c_szmax(
-; CHECK-NEXT: [[RET:%.*]] = call i8* @memrchr(i8* noundef nonnull dereferenceable(18446744073709551615) getelementptr inbounds ([5 x i8], [5 x i8]* @a12345, i64 0, i64 0), i32 [[TMP0:%.*]], i64 -1)
-; CHECK-NEXT: ret i8* [[RET]]
+; CHECK-NEXT: ret i8* null
+;
%ptr = getelementptr [5 x i8], [5 x i8]* @a12345, i64 0, i64 0
%ret = call i8* @memrchr(i8* %ptr, i32 %0, i64 18446744073709551615)
Index: llvm/lib/Transforms/Utils/SimplifyLibCalls.cpp
===================================================================
--- llvm/lib/Transforms/Utils/SimplifyLibCalls.cpp
+++ llvm/lib/Transforms/Utils/SimplifyLibCalls.cpp
@@ -891,6 +891,18 @@
}
}
+ StringRef Str;
+ if (!getConstantStringInfo(SrcStr, Str, 0, /*TrimAtNul=*/false))
+ return nullptr;
+
+ uint64_t EndOff = UINT64_MAX;
+ if (LenC) {
+ EndOff = LenC->getZExtValue();
+ if (Str.size() < EndOff)
+ // Fold out-of-bounds accesses to null.
+ return Constant::getNullValue(CI->getType());
+ }
+
return nullptr;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D123628.422356.patch
Type: text/x-patch
Size: 3248 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220412/4f116675/attachment.bin>
More information about the llvm-commits
mailing list