[llvm] [StackSafetyAnalysis] Bail out if memset size is -1 (PR #77837)
Fangrui Song via llvm-commits
llvm-commits at lists.llvm.org
Thu Jan 11 13:32:32 PST 2024
https://github.com/MaskRay created https://github.com/llvm/llvm-project/pull/77837
Clang generates llvm.memset.p0.i64 with size of -1 for following code in
`-stdlib=libc++ -std=c++20` mode
(https://github.com/llvm/llvm-project/pull/77210#issuecomment-1887650010)
```cpp
bool strtof_clamp(const std::string &str);
void floatsuffix_check(char *yytext_r) {
std::string text = yytext_r;
text.resize(text.size() - 1);
strtof_clamp(text);
}
```
`Sizes = [0xffffffffffffffff, 0)`. `SizeRange` is `[0, 0-1)`, leading to
`assert(!isUnsafe(SizeRange));` failure. Bail out if memset size is -1.
>From 00795ec695561d5274ddf6ad30725a7f08654665 Mon Sep 17 00:00:00 2001
From: Fangrui Song <i at maskray.me>
Date: Thu, 11 Jan 2024 13:00:47 -0800
Subject: [PATCH] [StackSafetyAnalysis] Bail out if memset size is -1
Clang generates llvm.memset.p0.i64 with size of -1 for following code in
`-stdlib=libc++ -std=c++20` mode
(https://github.com/llvm/llvm-project/pull/77210#issuecomment-1887650010)
```cpp
bool strtof_clamp(const std::string &str);
void floatsuffix_check(char *yytext_r) {
std::string text = yytext_r;
text.resize(text.size() - 1);
strtof_clamp(text);
}
```
`Sizes = [0xffffffffffffffff, 0)`. `SizeRange` is `[0, 0-1)`, leading to
`assert(!isUnsafe(SizeRange));` failure. Bail out if memset size is -1.
---
llvm/lib/Analysis/StackSafetyAnalysis.cpp | 2 +-
.../Analysis/StackSafetyAnalysis/memintrin.ll | 34 +++++++++++++++++++
2 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/llvm/lib/Analysis/StackSafetyAnalysis.cpp b/llvm/lib/Analysis/StackSafetyAnalysis.cpp
index da21e3f28e7899..19991c1a7baee6 100644
--- a/llvm/lib/Analysis/StackSafetyAnalysis.cpp
+++ b/llvm/lib/Analysis/StackSafetyAnalysis.cpp
@@ -331,7 +331,7 @@ ConstantRange StackSafetyLocalAnalysis::getMemIntrinsicAccessRange(
const SCEV *Expr =
SE.getTruncateOrZeroExtend(SE.getSCEV(MI->getLength()), CalculationTy);
ConstantRange Sizes = SE.getSignedRange(Expr);
- if (Sizes.getUpper().isNegative() || isUnsafe(Sizes))
+ if (!Sizes.getUpper().isStrictlyPositive() || isUnsafe(Sizes))
return UnknownRange;
Sizes = Sizes.sextOrTrunc(PointerSize);
ConstantRange SizeRange(APInt::getZero(PointerSize), Sizes.getUpper() - 1);
diff --git a/llvm/test/Analysis/StackSafetyAnalysis/memintrin.ll b/llvm/test/Analysis/StackSafetyAnalysis/memintrin.ll
index 791fb35ce2b759..6913816cc8fe7a 100644
--- a/llvm/test/Analysis/StackSafetyAnalysis/memintrin.ll
+++ b/llvm/test/Analysis/StackSafetyAnalysis/memintrin.ll
@@ -98,6 +98,40 @@ entry:
ret void
}
+define void @MemsetHugeUpper_m1(i1 %bool) {
+; CHECK-LABEL: MemsetHugeUpper_m1 dso_preemptable{{$}}
+; CHECK-NEXT: args uses:
+; CHECK-NEXT: allocas uses:
+; CHECK-NEXT: x[4]: full-set
+entry:
+ %x = alloca i32, align 4
+ br i1 %bool, label %if.then, label %if.end
+
+if.then:
+ call void @llvm.memset.p0.i64(ptr %x, i8 0, i64 -1, i1 false)
+ br label %if.end
+
+if.end:
+ ret void
+}
+
+define void @MemsetHugeUpper_m2(i1 %bool) {
+; CHECK-LABEL: MemsetHugeUpper_m2 dso_preemptable{{$}}
+; CHECK-NEXT: args uses:
+; CHECK-NEXT: allocas uses:
+; CHECK-NEXT: x[4]: full-set
+entry:
+ %x = alloca i32, align 4
+ br i1 %bool, label %if.then, label %if.end
+
+if.then:
+ call void @llvm.memset.p0.i64(ptr %x, i8 0, i64 -2, i1 false)
+ br label %if.end
+
+if.end:
+ ret void
+}
+
define void @MemcpyInBounds() {
; CHECK-LABEL: MemcpyInBounds dso_preemptable{{$}}
; CHECK-NEXT: args uses:
More information about the llvm-commits
mailing list