[llvm] d065b1d - AutoUpgrade: Fix crash when tbaa has an empty argument

Matt Arsenault via llvm-commits llvm-commits at lists.llvm.org
Mon Jun 5 17:45:04 PDT 2023 

Author: Matt Arsenault
Date: 2023-06-05T20:44:58-04:00
New Revision: d065b1d65b11db9ecd92db5606327ee3bb3b9992

URL: https://github.com/llvm/llvm-project/commit/d065b1d65b11db9ecd92db5606327ee3bb3b9992
DIFF: https://github.com/llvm/llvm-project/commit/d065b1d65b11db9ecd92db5606327ee3bb3b9992.diff

LOG: AutoUpgrade: Fix crash when tbaa has an empty argument

Produce a verifier error instead.

Added: 
    

Modified: 
    llvm/lib/IR/AutoUpgrade.cpp
    llvm/lib/IR/Verifier.cpp
    llvm/test/Verifier/tbaa.ll

Removed: 
    


################################################################################
diff  --git a/llvm/lib/IR/AutoUpgrade.cpp b/llvm/lib/IR/AutoUpgrade.cpp
index f63815e7acd36..062569c7e62bd 100644
--- a/llvm/lib/IR/AutoUpgrade.cpp
+++ b/llvm/lib/IR/AutoUpgrade.cpp
@@ -4453,12 +4453,16 @@ void llvm::UpgradeCallsToIntrinsic(Function *F) {
 }
 
 MDNode *llvm::UpgradeTBAANode(MDNode &MD) {
+  const unsigned NumOperands = MD.getNumOperands();
+  if (NumOperands == 0)
+    return &MD; // Invalid, punt to a verifier error.
+
   // Check if the tag uses struct-path aware TBAA format.
-  if (isa<MDNode>(MD.getOperand(0)) && MD.getNumOperands() >= 3)
+  if (isa<MDNode>(MD.getOperand(0)) && NumOperands >= 3)
     return &MD;
 
   auto &Context = MD.getContext();
-  if (MD.getNumOperands() == 3) {
+  if (NumOperands == 3) {
     Metadata *Elts[] = {MD.getOperand(0), MD.getOperand(1)};
     MDNode *ScalarType = MDNode::get(Context, Elts);
     // Create a MDNode <ScalarType, ScalarType, offset 0, const>

diff  --git a/llvm/lib/IR/Verifier.cpp b/llvm/lib/IR/Verifier.cpp
index 4ec940f2a67ee..4c96bae04a673 100644
--- a/llvm/lib/IR/Verifier.cpp
+++ b/llvm/lib/IR/Verifier.cpp
@@ -6824,6 +6824,9 @@ static bool isNewFormatTBAATypeNode(llvm::MDNode *Type) {
 }
 
 bool TBAAVerifier::visitTBAAMetadata(Instruction &I, const MDNode *MD) {
+  CheckTBAA(MD->getNumOperands() > 0, "TBAA metadata cannot have 0 operands",
+            &I, MD);
+
   CheckTBAA(isa<LoadInst>(I) || isa<StoreInst>(I) || isa<CallInst>(I) ||
                 isa<VAArgInst>(I) || isa<AtomicRMWInst>(I) ||
                 isa<AtomicCmpXchgInst>(I),

diff  --git a/llvm/test/Verifier/tbaa.ll b/llvm/test/Verifier/tbaa.ll
index 2dfc6a333fa93..abaa415aed749 100644
--- a/llvm/test/Verifier/tbaa.ll
+++ b/llvm/test/Verifier/tbaa.ll
@@ -37,6 +37,9 @@ define void @f_0(ptr %ptr) {
 ; CHECK: Access type node must be a valid scalar type
 ; CHECK-NEXT:  store i32 9, ptr %ptr, align 4, !tbaa !{{[0-9]+}}
 
+; CHECK: TBAA metadata cannot have 0 operands
+; CHECK-NEXT:  store i32 10, ptr %ptr, align 4, !tbaa !{{[0-9]+}}
+
   store i32 0, ptr %ptr, !tbaa !{!3, !2, i64 40, i64 0, i64 1, i64 2}
   store i32 1, ptr %ptr, !tbaa !{!3, !2, i64 40, !"immutable"}
   store i32 2, ptr %ptr, !tbaa !{!3, !2, i64 40, i64 4}
@@ -47,6 +50,7 @@ define void @f_0(ptr %ptr) {
   store i32 7, ptr %ptr, !tbaa !{!3, !12, i32 40, i64 0}, !metadata !42
   store i32 8, ptr %ptr, !tbaa !{!13, !1, i64 0}
   store i32 9, ptr %ptr, !tbaa !{!14, !14, i64 0}
+  store i32 10, ptr %ptr, !tbaa !15
   ret void
 }
 !42 = !{!"Do no strip this!"}
@@ -121,3 +125,4 @@ define void @f_1(ptr %ptr) {
 !12 = !{!"bad-scalar-2", !3, i64 0}
 !13 = !{!1, !1, i64 0}
 !14 = !{!"bad-scalar-2", !13}
+!15 = !{}

More information about the llvm-commits mailing list