[llvm] [MemoryBuiltins] Consider index type size when aggregating gep offsets (PR #132365)
via llvm-commits
llvm-commits at lists.llvm.org
Fri Mar 21 02:58:32 PDT 2025
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-llvm-analysis
Author: Björn Pettersson (bjope)
<details>
<summary>Changes</summary>
[MemoryBuiltins] Consider index type size when aggregating gep offsets
Main goal here is to fix some bugs seen with LowerConstantIntrinsics
pass and the lowering of llvm.objectsize.
In ObjectSizeOffsetVisitor::computeImpl we are using an external
analysis together with stripAndAccumulateConstantOffsets. The idea
is to compute the Min/Max value of individual offsets within a GEP.
The bug solved here is that when doing the Min/Max comparisons the
external analysis wasn't considering the index type size (given by
the data layout), it was simply using the type from the IR. Since a
GEP is defined as sext/truncating indices we need to consider the
index type size in the external analysis.
This solves a regression (false ubsan warnings) seen after commit
https://github.com/llvm/llvm-project/commit/02b8ee281947f6cb39c7eb3c4bbba59322e9015b (https://github.com/llvm/llvm-project/pull/117849).
---
Full diff: https://github.com/llvm/llvm-project/pull/132365.diff
3 Files Affected:
- (modified) llvm/lib/Analysis/MemoryBuiltins.cpp (+23-15)
- (added) llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll (+250)
- (modified) llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-phi.ll (+53-4)
``````````diff
diff --git a/llvm/lib/Analysis/MemoryBuiltins.cpp b/llvm/lib/Analysis/MemoryBuiltins.cpp
index 6b7a3e1ffe347..1c20b33b8bae1 100644
--- a/llvm/lib/Analysis/MemoryBuiltins.cpp
+++ b/llvm/lib/Analysis/MemoryBuiltins.cpp
@@ -683,29 +683,30 @@ combinePossibleConstantValues(std::optional<APInt> LHS,
}
static std::optional<APInt> aggregatePossibleConstantValuesImpl(
- const Value *V, ObjectSizeOpts::Mode EvalMode, unsigned recursionDepth) {
+ const Value *V, ObjectSizeOpts::Mode EvalMode, unsigned BitWidth,
+ unsigned recursionDepth) {
constexpr unsigned maxRecursionDepth = 4;
if (recursionDepth == maxRecursionDepth)
return std::nullopt;
if (const auto *CI = dyn_cast<ConstantInt>(V)) {
- return CI->getValue();
+ return CI->getValue().sextOrTrunc(BitWidth);
} else if (const auto *SI = dyn_cast<SelectInst>(V)) {
return combinePossibleConstantValues(
aggregatePossibleConstantValuesImpl(SI->getTrueValue(), EvalMode,
- recursionDepth + 1),
+ BitWidth, recursionDepth + 1),
aggregatePossibleConstantValuesImpl(SI->getFalseValue(), EvalMode,
- recursionDepth + 1),
+ BitWidth, recursionDepth + 1),
EvalMode);
} else if (const auto *PN = dyn_cast<PHINode>(V)) {
unsigned Count = PN->getNumIncomingValues();
if (Count == 0)
return std::nullopt;
auto Acc = aggregatePossibleConstantValuesImpl(
- PN->getIncomingValue(0), EvalMode, recursionDepth + 1);
+ PN->getIncomingValue(0), EvalMode, BitWidth, recursionDepth + 1);
for (unsigned I = 1; Acc && I < Count; ++I) {
auto Tmp = aggregatePossibleConstantValuesImpl(
- PN->getIncomingValue(I), EvalMode, recursionDepth + 1);
+ PN->getIncomingValue(I), EvalMode, BitWidth, recursionDepth + 1);
Acc = combinePossibleConstantValues(Acc, Tmp, EvalMode);
}
return Acc;
@@ -715,9 +716,10 @@ static std::optional<APInt> aggregatePossibleConstantValuesImpl(
}
static std::optional<APInt>
-aggregatePossibleConstantValues(const Value *V, ObjectSizeOpts::Mode EvalMode) {
+aggregatePossibleConstantValues(const Value *V, ObjectSizeOpts::Mode EvalMode,
+ unsigned BitWidth) {
if (auto *CI = dyn_cast<ConstantInt>(V))
- return CI->getValue();
+ return CI->getValue().sextOrTrunc(BitWidth);
if (EvalMode != ObjectSizeOpts::Mode::Min &&
EvalMode != ObjectSizeOpts::Mode::Max)
@@ -726,7 +728,7 @@ aggregatePossibleConstantValues(const Value *V, ObjectSizeOpts::Mode EvalMode) {
// Not using computeConstantRange here because we cannot guarantee it's not
// doing optimization based on UB which we want to avoid when expanding
// __builtin_object_size.
- return aggregatePossibleConstantValuesImpl(V, EvalMode, 0u);
+ return aggregatePossibleConstantValuesImpl(V, EvalMode, BitWidth, 0u);
}
/// Align \p Size according to \p Alignment. If \p Size is greater than
@@ -788,9 +790,14 @@ OffsetSpan ObjectSizeOffsetVisitor::computeImpl(Value *V) {
Options.EvalMode == ObjectSizeOpts::Mode::Min
? ObjectSizeOpts::Mode::Max
: ObjectSizeOpts::Mode::Min;
- auto OffsetRangeAnalysis = [EvalMode](Value &VOffset, APInt &Offset) {
+ // For a GEPOperator the indices are first converted to offsets in the
+ // pointer’s index type, so we need to provide the index type to make sure
+ // the min/max operations are performed in correct type.
+ unsigned IdxTyBits = DL.getIndexTypeSizeInBits(V->getType());
+ auto OffsetRangeAnalysis = [EvalMode, IdxTyBits](Value &VOffset,
+ APInt &Offset) {
if (auto PossibleOffset =
- aggregatePossibleConstantValues(&VOffset, EvalMode)) {
+ aggregatePossibleConstantValues(&VOffset, EvalMode, IdxTyBits)) {
Offset = *PossibleOffset;
return true;
}
@@ -900,8 +907,9 @@ OffsetSpan ObjectSizeOffsetVisitor::visitAllocaInst(AllocaInst &I) {
return OffsetSpan(Zero, align(Size, I.getAlign()));
Value *ArraySize = I.getArraySize();
- if (auto PossibleSize =
- aggregatePossibleConstantValues(ArraySize, Options.EvalMode)) {
+ if (auto PossibleSize = aggregatePossibleConstantValues(
+ ArraySize, Options.EvalMode,
+ ArraySize->getType()->getScalarSizeInBits())) {
APInt NumElems = *PossibleSize;
if (!CheckedZextOrTrunc(NumElems))
return ObjectSizeOffsetVisitor::unknown();
@@ -932,8 +940,8 @@ OffsetSpan ObjectSizeOffsetVisitor::visitCallBase(CallBase &CB) {
if (!V->getType()->isIntegerTy())
return V;
- if (auto PossibleBound =
- aggregatePossibleConstantValues(V, Options.EvalMode))
+ if (auto PossibleBound = aggregatePossibleConstantValues(
+ V, Options.EvalMode, V->getType()->getScalarSizeInBits()))
return ConstantInt::get(V->getType(), *PossibleBound);
return V;
diff --git a/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll b/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll
new file mode 100644
index 0000000000000..2e5ea37b7a7e2
--- /dev/null
+++ b/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll
@@ -0,0 +1,250 @@
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py UTC_ARGS: --version 5
+; RUN: opt -passes='sroa,instcombine,lower-constant-intrinsics,dce' -S < %s | FileCheck --check-prefixes CHECK,CHECK-REF %s
+; RUN: opt -passes=lower-constant-intrinsics,dce -S < %s | FileCheck --check-prefixes CHECK,CHECK-TST %s
+
+; Some extra tests using 16-bit pointers and 16-bit index type size. This
+; allows us to for example test what happens when the index type used in a
+; getelementptr does not match with the index type size (e.g. when not running
+; full opt pipeline before the lower-constant-intrinsics pass).
+
+target datalayout = "e-p:16:16:16"
+
+
+define i32 @possible_out_of_bounds_gep_i8(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i8(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
+; CHECK-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %offset = select i1 %c0, i8 2, i8 10
+ %ptr.slide = getelementptr i8, ptr %obj, i8 %offset
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+define i32 @possible_out_of_bounds_gep_i16(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i16(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
+; CHECK-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %offset = select i1 %c0, i16 2, i16 10
+ %ptr.slide = getelementptr i8, ptr %obj, i16 %offset
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+define i32 @possible_out_of_bounds_gep_i32(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i32(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
+; CHECK-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %offset = select i1 %c0, i32 2, i32 10
+ %ptr.slide = getelementptr i8, ptr %obj, i32 %offset
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+; SROA would produce IR like this if applied to @possible_out_of_bounds_gep_i16.
+; FIXME: The %objsize_min result here looks wrong.
+define i32 @possible_out_of_bounds_gep_i16_sroa(i1 %c0, i1 %c1) {
+; CHECK-REF-LABEL: define i32 @possible_out_of_bounds_gep_i16_sroa(
+; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-REF-NEXT: [[ENTRY:.*:]]
+; CHECK-REF-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
+; CHECK-REF-NEXT: ret i32 [[RES]]
+;
+; CHECK-TST-LABEL: define i32 @possible_out_of_bounds_gep_i16_sroa(
+; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-TST-NEXT: [[ENTRY:.*:]]
+; CHECK-TST-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 65531
+; CHECK-TST-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8], align 1
+ %.sroa.gep = getelementptr i8, ptr %obj, i16 2
+ %.sroa.gep1 = getelementptr i8, ptr %obj, i16 10
+ %offset.sroa.sel = select i1 %c0, ptr %.sroa.gep, ptr %.sroa.gep1
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %offset.sroa.sel, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %offset.sroa.sel, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+; Indices are truncated to the pointer size in a gep. So "i32 -65526" should
+; be truncated to "i16 10".
+define i32 @possible_out_of_bounds_gep_i32_trunc(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i32_trunc(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
+; CHECK-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %offset = select i1 %c0, i32 2, i32 -65526 ; 0xffff000a
+ %ptr.slide = getelementptr i8, ptr %obj, i32 %offset
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+define i32 @out_of_bounds_gep_i8(i1 %c0, i1 %c1) {
+; CHECK-REF-LABEL: define i32 @out_of_bounds_gep_i8(
+; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-REF-NEXT: [[ENTRY:.*:]]
+; CHECK-REF-NEXT: [[RES:%.*]] = sext i1 [[C1]] to i32
+; CHECK-REF-NEXT: ret i32 [[RES]]
+;
+; CHECK-TST-LABEL: define i32 @out_of_bounds_gep_i8(
+; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-TST-NEXT: [[ENTRY:.*:]]
+; CHECK-TST-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 0
+; CHECK-TST-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %ptr.slide = getelementptr i8, ptr %obj, i8 -128
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+define i32 @out_of_bounds_gep_i32(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @out_of_bounds_gep_i32(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: ret i32 0
+;
+entry:
+ %obj = alloca [5 x i8]
+ %ptr.slide = getelementptr i8, ptr %obj, i32 10
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+define i32 @out_of_bounds_gep_i32_trunc(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @out_of_bounds_gep_i32_trunc(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: ret i32 0
+;
+entry:
+ %obj = alloca [5 x i8]
+ %ptr.slide = getelementptr i8, ptr %obj, i32 -65526
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+; In this test the index will be out-of-bounds, but the current analysis won't
+; detect that. The analysis will find out that %offset is in the range [-2,
+; 10] which includes valid offsets that aren't out-of-bounds. Therefore we can
+; expect the result -1 for %objsize_max.
+define i32 @out_of_bounds_gep_i16_pos_neg(i1 %c0, i1 %c1) {
+; CHECK-REF-LABEL: define i32 @out_of_bounds_gep_i16_pos_neg(
+; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-REF-NEXT: [[ENTRY:.*:]]
+; CHECK-REF-NEXT: [[RES:%.*]] = sext i1 [[C1]] to i32
+; CHECK-REF-NEXT: ret i32 [[RES]]
+;
+; CHECK-TST-LABEL: define i32 @out_of_bounds_gep_i16_pos_neg(
+; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-TST-NEXT: [[ENTRY:.*:]]
+; CHECK-TST-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 0
+; CHECK-TST-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %offset = select i1 %c0, i32 10, i32 -2
+ %ptr.slide = getelementptr i8, ptr %obj, i32 %offset
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+; With 16-bit index size %offset is either 32767 or -32768. Thus, when
+; aggregating the possible offsets it we know that it is in the range [-32768,
+; 32767], which includes valid offsets that aren't out-of-bounds. This is
+; similar to the out_of_bounds_gep_i16_pos_neg test above, and we can expect
+; the result -1 for %objsize_max.
+define i32 @out_of_bounds_gep_i32_trunc_select(i1 %c0, i1 %c1) {
+; CHECK-REF-LABEL: define i32 @out_of_bounds_gep_i32_trunc_select(
+; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-REF-NEXT: [[ENTRY:.*:]]
+; CHECK-REF-NEXT: [[RES:%.*]] = sext i1 [[C1]] to i32
+; CHECK-REF-NEXT: ret i32 [[RES]]
+;
+; CHECK-TST-LABEL: define i32 @out_of_bounds_gep_i32_trunc_select(
+; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-TST-NEXT: [[ENTRY:.*:]]
+; CHECK-TST-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 0
+; CHECK-TST-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %offset = select i1 %c0, i32 32767, i32 32768
+ %ptr.slide = getelementptr i8, ptr %obj, i32 %offset
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+; FIXME: Is 3 really correct for %objsize_min here?
+define i32 @possible_out_of_bounds_gep_i8_neg(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i8_neg(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 3
+; CHECK-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %offset = select i1 %c0, i8 2, i8 -10
+ %ptr.slide = getelementptr i8, ptr %obj, i8 %offset
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+; FIXME: Is 3 really correct for %objsize_min here?
+define i32 @possible_out_of_bounds_gep_i16_neg(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i16_neg(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 3
+; CHECK-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %offset = select i1 %c0, i16 2, i16 -10
+ %ptr.slide = getelementptr i8, ptr %obj, i16 %offset
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
diff --git a/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-phi.ll b/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-phi.ll
index 564311da64a81..d294650d7f3e2 100644
--- a/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-phi.ll
+++ b/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-phi.ll
@@ -200,8 +200,12 @@ if.end:
ret i64 %size
}
-define i64 @pick_negative_offset_different_width(i32 %n) {
-; CHECK-LABEL: @pick_negative_offset_different_width(
+; FIXME: The result here looks weird. Either we reference into buffer0 with an
+; oob offset. Or we reference buffer1 (8 bytes) with a 4 byte
+; offset. The result 5 is wrong in both cases. Probably better to
+; return -1 here since we do not know if we have an oob pointer.
+define i64 @pick_negative_offset_different_width_index_maybe_too_small(i32 %n, i1 %c) {
+; CHECK-LABEL: @pick_negative_offset_different_width_index_maybe_too_small(
; CHECK-NEXT: entry:
; CHECK-NEXT: [[BUFFER0:%.*]] = alloca i8, i64 4, align 1
; CHECK-NEXT: [[BUFFER1:%.*]] = alloca i8, i64 8, align 1
@@ -216,7 +220,8 @@ define i64 @pick_negative_offset_different_width(i32 %n) {
; CHECK: if.end:
; CHECK-NEXT: [[P:%.*]] = phi ptr [ [[OFFSETED0]], [[IF_ELSE]] ], [ [[OFFSETED1]], [[IF_END]] ]
; CHECK-NEXT: [[POFFSETED:%.*]] = getelementptr i8, ptr [[P]], i64 -2
-; CHECK-NEXT: ret i64 5
+; CHECK-NEXT: [[SIZE:%.*]] = select i1 [[C:%.*]], i64 5, i64 0
+; CHECK-NEXT: ret i64 [[SIZE]]
;
entry:
%buffer0 = alloca i8, i64 4
@@ -235,7 +240,51 @@ if.else:
if.end:
%p = phi ptr [ %offseted0, %if.then ], [ %offseted1, %if.else ]
%poffseted = getelementptr i8, ptr %p, i64 -2
- %size = call i64 @llvm.objectsize.i64.p0(ptr %poffseted, i1 false, i1 false, i1 false)
+ %sizemax = call i64 @llvm.objectsize.i64.p0(ptr %poffseted, i1 false, i1 false, i1 false)
+ %sizemin = call i64 @llvm.objectsize.i64.p0(ptr %poffseted, i1 true, i1 false, i1 false)
+ %size = select i1 %c, i64 %sizemax, i64 %sizemin
+ ret i64 %size
+}
+
+define i64 @pick_negative_offset_different_width_index_maybe_too_large(i32 %n, i1 %c) {
+; CHECK-LABEL: @pick_negative_offset_different_width_index_maybe_too_large(
+; CHECK-NEXT: entry:
+; CHECK-NEXT: [[BUFFER0:%.*]] = alloca i8, i64 4, align 1
+; CHECK-NEXT: [[BUFFER1:%.*]] = alloca i8, i64 8, align 1
+; CHECK-NEXT: [[COND:%.*]] = icmp eq i32 [[N:%.*]], 0
+; CHECK-NEXT: br i1 [[COND]], label [[IF_THEN:%.*]], label [[IF_ELSE:%.*]]
+; CHECK: if.then:
+; CHECK-NEXT: [[OFFSETED0:%.*]] = getelementptr i8, ptr [[BUFFER0]], i64 1
+; CHECK-NEXT: br label [[IF_END:%.*]]
+; CHECK: if.else:
+; CHECK-NEXT: [[OFFSETED1:%.*]] = getelementptr i8, ptr [[BUFFER1]], i64 6
+; CHECK-NEXT: br label [[IF_END]]
+; CHECK: if.end:
+; CHECK-NEXT: [[P:%.*]] = phi ptr [ [[OFFSETED0]], [[IF_THEN]] ], [ [[OFFSETED1]], [[IF_ELSE]] ]
+; CHECK-NEXT: [[POFFSETED:%.*]] = getelementptr i8, ptr [[P]], i64 2
+; CHECK-NEXT: [[SIZE:%.*]] = select i1 [[C:%.*]], i64 1, i64 0
+; CHECK-NEXT: ret i64 [[SIZE]]
+;
+entry:
+ %buffer0 = alloca i8, i64 4
+ %buffer1 = alloca i8, i64 8
+ %cond = icmp eq i32 %n, 0
+ br i1 %cond, label %if.then, label %if.else
+
+if.then:
+ %offseted0 = getelementptr i8, ptr %buffer0, i64 1
+ br label %if.end
+
+if.else:
+ %offseted1 = getelementptr i8, ptr %buffer1, i64 6
+ br label %if.end
+
+if.end:
+ %p = phi ptr [ %offseted0, %if.then ], [ %offseted1, %if.else ]
+ %poffseted = getelementptr i8, ptr %p, i64 2
+ %sizemax = call i64 @llvm.objectsize.i64.p0(ptr %poffseted, i1 false, i1 false, i1 false)
+ %sizemin = call i64 @llvm.objectsize.i64.p0(ptr %poffseted, i1 true, i1 false, i1 false)
+ %size = select i1 %c, i64 %sizemax, i64 %sizemin
ret i64 %size
}
``````````
</details>
https://github.com/llvm/llvm-project/pull/132365
More information about the llvm-commits
mailing list