[llvm] [llvm] Fix __builtin_object_size interaction between Negative Offset … (PR #111827)
Harald van Dijk via llvm-commits
llvm-commits at lists.llvm.org
Mon Oct 21 14:47:37 PDT 2024
hvdijk wrote:
The problem is not limited to the case where remaining object sizes are equal though, it's just that those are easiest to come up with test cases for. Consider:
```c++
#include <stdio.h>
int x;
int main(void) {
int array1[4];
int array2[8];
int *ptr;
if (x) {
printf("hello\n");
ptr = array1 + 1;
} else {
ptr = array2 + 6;
}
printf("%zu\n", __builtin_object_size(ptr - 2, 0));
}
```
This must print 16 or higher, but prints 0 (when optimisations are enabled). During InstCombine `__builtin_object_size` cannot be resolved yet, so instead it is saved for LowerConstantIntrinsics. During LowerConstantIntrinsics, it evaluates with `ObjectSizeOpts::Mode::Max`, sees incoming PHI values {16, 4} and {32, 24}. The former says 12 bytes are available, the latter 8, so it picks the former. Then it applies the negative offset of -8 bytes to it, and because it thinks it knows it's 4 bytes past the start of an object, it wrongly concludes the pointer arithmetic produces an out of bounds value.
https://github.com/llvm/llvm-project/pull/111827
More information about the llvm-commits
mailing list