[llvm] [MemoryBuiltins] Consider index type size when aggregating gep offsets (PR #132365)
Björn Pettersson via llvm-commits
llvm-commits at lists.llvm.org
Wed Mar 26 06:03:51 PDT 2025
https://github.com/bjope updated https://github.com/llvm/llvm-project/pull/132365
>From cf21352178ebbf57fa31b0c371e21429af205436 Mon Sep 17 00:00:00 2001
From: Bjorn Pettersson <bjorn.a.pettersson at ericsson.com>
Date: Tue, 18 Mar 2025 14:12:41 +0100
Subject: [PATCH 1/3] [LowerConstantIntrinsics] Improve tests related to
llvm.objectsize. NFC
Adding some new test cases (including FIXME:s) to highlight some
bugs related to lowering of llvm.objectsize.
One special case is when there are getelementptr instruction with
index types that are larger than the index type size for the
pointer being analysed. This will add a couple of tests to show
what happens both when using a smaller and larger index type,
and when having out-of-bounds indices (both too large and negative).
---
.../builtin-object-size-idxsize.ll | 256 ++++++++++++++++++
.../builtin-object-size-phi.ll | 57 +++-
2 files changed, 309 insertions(+), 4 deletions(-)
create mode 100644 llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll
diff --git a/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll b/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll
new file mode 100644
index 0000000000000..202946412edba
--- /dev/null
+++ b/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll
@@ -0,0 +1,256 @@
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py UTC_ARGS: --version 5
+; RUN: opt -passes='sroa,instcombine,lower-constant-intrinsics,dce' -S < %s | FileCheck --check-prefixes CHECK,CHECK-REF %s
+; RUN: opt -passes=lower-constant-intrinsics,dce -S < %s | FileCheck --check-prefixes CHECK,CHECK-TST %s
+
+; Some extra tests using 16-bit pointers and 16-bit index type size. This
+; allows us to for example test what happens when the index type used in a
+; getelementptr does not match with the index type size (e.g. when not running
+; full opt pipeline before the lower-constant-intrinsics pass).
+
+target datalayout = "e-p:16:16:16"
+
+
+define i32 @possible_out_of_bounds_gep_i8(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i8(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
+; CHECK-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %offset = select i1 %c0, i8 2, i8 10
+ %ptr.slide = getelementptr i8, ptr %obj, i8 %offset
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+define i32 @possible_out_of_bounds_gep_i16(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i16(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
+; CHECK-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %offset = select i1 %c0, i16 2, i16 10
+ %ptr.slide = getelementptr i8, ptr %obj, i16 %offset
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+define i32 @possible_out_of_bounds_gep_i32(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i32(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
+; CHECK-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %offset = select i1 %c0, i32 2, i32 10
+ %ptr.slide = getelementptr i8, ptr %obj, i32 %offset
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+; SROA would produce IR like this if applied to @possible_out_of_bounds_gep_i16.
+; FIXME: The %objsize_min result here looks wrong.
+define i32 @possible_out_of_bounds_gep_i16_sroa(i1 %c0, i1 %c1) {
+; CHECK-REF-LABEL: define i32 @possible_out_of_bounds_gep_i16_sroa(
+; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-REF-NEXT: [[ENTRY:.*:]]
+; CHECK-REF-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
+; CHECK-REF-NEXT: ret i32 [[RES]]
+;
+; CHECK-TST-LABEL: define i32 @possible_out_of_bounds_gep_i16_sroa(
+; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-TST-NEXT: [[ENTRY:.*:]]
+; CHECK-TST-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 65531
+; CHECK-TST-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8], align 1
+ %.sroa.gep = getelementptr i8, ptr %obj, i16 2
+ %.sroa.gep1 = getelementptr i8, ptr %obj, i16 10
+ %offset.sroa.sel = select i1 %c0, ptr %.sroa.gep, ptr %.sroa.gep1
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %offset.sroa.sel, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %offset.sroa.sel, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+; Indices are truncated to the pointer size in a gep. So "i32 -65526" should
+; be truncated to "i16 10".
+; FIXME: The TST result here is incorrect!
+define i32 @possible_out_of_bounds_gep_i32_trunc(i1 %c0, i1 %c1) {
+; CHECK-REF-LABEL: define i32 @possible_out_of_bounds_gep_i32_trunc(
+; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-REF-NEXT: [[ENTRY:.*:]]
+; CHECK-REF-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
+; CHECK-REF-NEXT: ret i32 [[RES]]
+;
+; CHECK-TST-LABEL: define i32 @possible_out_of_bounds_gep_i32_trunc(
+; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-TST-NEXT: [[ENTRY:.*:]]
+; CHECK-TST-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 0, i32 3
+; CHECK-TST-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %offset = select i1 %c0, i32 2, i32 -65526 ; 0xffff000a
+ %ptr.slide = getelementptr i8, ptr %obj, i32 %offset
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+define i32 @out_of_bounds_gep_i8(i1 %c0, i1 %c1) {
+; CHECK-REF-LABEL: define i32 @out_of_bounds_gep_i8(
+; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-REF-NEXT: [[ENTRY:.*:]]
+; CHECK-REF-NEXT: [[RES:%.*]] = sext i1 [[C1]] to i32
+; CHECK-REF-NEXT: ret i32 [[RES]]
+;
+; CHECK-TST-LABEL: define i32 @out_of_bounds_gep_i8(
+; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-TST-NEXT: [[ENTRY:.*:]]
+; CHECK-TST-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 0
+; CHECK-TST-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %ptr.slide = getelementptr i8, ptr %obj, i8 -128
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+define i32 @out_of_bounds_gep_i32(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @out_of_bounds_gep_i32(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: ret i32 0
+;
+entry:
+ %obj = alloca [5 x i8]
+ %ptr.slide = getelementptr i8, ptr %obj, i32 10
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+define i32 @out_of_bounds_gep_i32_trunc(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @out_of_bounds_gep_i32_trunc(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: ret i32 0
+;
+entry:
+ %obj = alloca [5 x i8]
+ %ptr.slide = getelementptr i8, ptr %obj, i32 -65526
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+; In this test the index will be out-of-bounds, but the current analysis won't
+; detect that. The analysis will find out that %offset is in the range [-2,
+; 10] which includes valid offsets that aren't out-of-bounds. Therefore we can
+; expect the result -1 for %objsize_max.
+define i32 @out_of_bounds_gep_i16_pos_neg(i1 %c0, i1 %c1) {
+; CHECK-REF-LABEL: define i32 @out_of_bounds_gep_i16_pos_neg(
+; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-REF-NEXT: [[ENTRY:.*:]]
+; CHECK-REF-NEXT: [[RES:%.*]] = sext i1 [[C1]] to i32
+; CHECK-REF-NEXT: ret i32 [[RES]]
+;
+; CHECK-TST-LABEL: define i32 @out_of_bounds_gep_i16_pos_neg(
+; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-TST-NEXT: [[ENTRY:.*:]]
+; CHECK-TST-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 0
+; CHECK-TST-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %offset = select i1 %c0, i32 10, i32 -2
+ %ptr.slide = getelementptr i8, ptr %obj, i32 %offset
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+; With 16-bit index size %offset is either 32767 or -32768. Thus, when
+; aggregating the possible offsets it we know that it is in the range [-32768,
+; 32767], which includes valid offsets that aren't out-of-bounds. This is
+; similar to the out_of_bounds_gep_i16_pos_neg test above, and we can expect
+; the result -1 for %objsize_max.
+define i32 @out_of_bounds_gep_i32_trunc_select(i1 %c0, i1 %c1) {
+; CHECK-REF-LABEL: define i32 @out_of_bounds_gep_i32_trunc_select(
+; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-REF-NEXT: [[ENTRY:.*:]]
+; CHECK-REF-NEXT: [[RES:%.*]] = sext i1 [[C1]] to i32
+; CHECK-REF-NEXT: ret i32 [[RES]]
+;
+; CHECK-TST-LABEL: define i32 @out_of_bounds_gep_i32_trunc_select(
+; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-TST-NEXT: [[ENTRY:.*:]]
+; CHECK-TST-NEXT: ret i32 0
+;
+entry:
+ %obj = alloca [5 x i8]
+ %offset = select i1 %c0, i32 32767, i32 32768
+ %ptr.slide = getelementptr i8, ptr %obj, i32 %offset
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+; FIXME: Is 3 really correct for %objsize_min here?
+define i32 @possible_out_of_bounds_gep_i8_neg(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i8_neg(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 3
+; CHECK-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %offset = select i1 %c0, i8 2, i8 -10
+ %ptr.slide = getelementptr i8, ptr %obj, i8 %offset
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
+
+; FIXME: Is 3 really correct for %objsize_min here?
+define i32 @possible_out_of_bounds_gep_i16_neg(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i16_neg(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 3
+; CHECK-NEXT: ret i32 [[RES]]
+;
+entry:
+ %obj = alloca [5 x i8]
+ %offset = select i1 %c0, i16 2, i16 -10
+ %ptr.slide = getelementptr i8, ptr %obj, i16 %offset
+ %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+ %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+ %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+ ret i32 %res
+}
diff --git a/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-phi.ll b/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-phi.ll
index 564311da64a81..d294650d7f3e2 100644
--- a/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-phi.ll
+++ b/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-phi.ll
@@ -200,8 +200,12 @@ if.end:
ret i64 %size
}
-define i64 @pick_negative_offset_different_width(i32 %n) {
-; CHECK-LABEL: @pick_negative_offset_different_width(
+; FIXME: The result here looks weird. Either we reference into buffer0 with an
+; oob offset. Or we reference buffer1 (8 bytes) with a 4 byte
+; offset. The result 5 is wrong in both cases. Probably better to
+; return -1 here since we do not know if we have an oob pointer.
+define i64 @pick_negative_offset_different_width_index_maybe_too_small(i32 %n, i1 %c) {
+; CHECK-LABEL: @pick_negative_offset_different_width_index_maybe_too_small(
; CHECK-NEXT: entry:
; CHECK-NEXT: [[BUFFER0:%.*]] = alloca i8, i64 4, align 1
; CHECK-NEXT: [[BUFFER1:%.*]] = alloca i8, i64 8, align 1
@@ -216,7 +220,8 @@ define i64 @pick_negative_offset_different_width(i32 %n) {
; CHECK: if.end:
; CHECK-NEXT: [[P:%.*]] = phi ptr [ [[OFFSETED0]], [[IF_ELSE]] ], [ [[OFFSETED1]], [[IF_END]] ]
; CHECK-NEXT: [[POFFSETED:%.*]] = getelementptr i8, ptr [[P]], i64 -2
-; CHECK-NEXT: ret i64 5
+; CHECK-NEXT: [[SIZE:%.*]] = select i1 [[C:%.*]], i64 5, i64 0
+; CHECK-NEXT: ret i64 [[SIZE]]
;
entry:
%buffer0 = alloca i8, i64 4
@@ -235,7 +240,51 @@ if.else:
if.end:
%p = phi ptr [ %offseted0, %if.then ], [ %offseted1, %if.else ]
%poffseted = getelementptr i8, ptr %p, i64 -2
- %size = call i64 @llvm.objectsize.i64.p0(ptr %poffseted, i1 false, i1 false, i1 false)
+ %sizemax = call i64 @llvm.objectsize.i64.p0(ptr %poffseted, i1 false, i1 false, i1 false)
+ %sizemin = call i64 @llvm.objectsize.i64.p0(ptr %poffseted, i1 true, i1 false, i1 false)
+ %size = select i1 %c, i64 %sizemax, i64 %sizemin
+ ret i64 %size
+}
+
+define i64 @pick_negative_offset_different_width_index_maybe_too_large(i32 %n, i1 %c) {
+; CHECK-LABEL: @pick_negative_offset_different_width_index_maybe_too_large(
+; CHECK-NEXT: entry:
+; CHECK-NEXT: [[BUFFER0:%.*]] = alloca i8, i64 4, align 1
+; CHECK-NEXT: [[BUFFER1:%.*]] = alloca i8, i64 8, align 1
+; CHECK-NEXT: [[COND:%.*]] = icmp eq i32 [[N:%.*]], 0
+; CHECK-NEXT: br i1 [[COND]], label [[IF_THEN:%.*]], label [[IF_ELSE:%.*]]
+; CHECK: if.then:
+; CHECK-NEXT: [[OFFSETED0:%.*]] = getelementptr i8, ptr [[BUFFER0]], i64 1
+; CHECK-NEXT: br label [[IF_END:%.*]]
+; CHECK: if.else:
+; CHECK-NEXT: [[OFFSETED1:%.*]] = getelementptr i8, ptr [[BUFFER1]], i64 6
+; CHECK-NEXT: br label [[IF_END]]
+; CHECK: if.end:
+; CHECK-NEXT: [[P:%.*]] = phi ptr [ [[OFFSETED0]], [[IF_THEN]] ], [ [[OFFSETED1]], [[IF_ELSE]] ]
+; CHECK-NEXT: [[POFFSETED:%.*]] = getelementptr i8, ptr [[P]], i64 2
+; CHECK-NEXT: [[SIZE:%.*]] = select i1 [[C:%.*]], i64 1, i64 0
+; CHECK-NEXT: ret i64 [[SIZE]]
+;
+entry:
+ %buffer0 = alloca i8, i64 4
+ %buffer1 = alloca i8, i64 8
+ %cond = icmp eq i32 %n, 0
+ br i1 %cond, label %if.then, label %if.else
+
+if.then:
+ %offseted0 = getelementptr i8, ptr %buffer0, i64 1
+ br label %if.end
+
+if.else:
+ %offseted1 = getelementptr i8, ptr %buffer1, i64 6
+ br label %if.end
+
+if.end:
+ %p = phi ptr [ %offseted0, %if.then ], [ %offseted1, %if.else ]
+ %poffseted = getelementptr i8, ptr %p, i64 2
+ %sizemax = call i64 @llvm.objectsize.i64.p0(ptr %poffseted, i1 false, i1 false, i1 false)
+ %sizemin = call i64 @llvm.objectsize.i64.p0(ptr %poffseted, i1 true, i1 false, i1 false)
+ %size = select i1 %c, i64 %sizemax, i64 %sizemin
ret i64 %size
}
>From 984a3f81577dcfae2975d475a3b3a5cfb02bd4b6 Mon Sep 17 00:00:00 2001
From: Bjorn Pettersson <bjorn.a.pettersson at ericsson.com>
Date: Wed, 26 Mar 2025 13:27:26 +0100
Subject: [PATCH 2/3] Update new lit test to run a single pass.
---
.../builtin-object-size-idxsize.ll | 130 +++++++++---------
1 file changed, 68 insertions(+), 62 deletions(-)
diff --git a/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll b/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll
index 202946412edba..3fb2789ce0e49 100644
--- a/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll
+++ b/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll
@@ -1,6 +1,5 @@
; NOTE: Assertions have been autogenerated by utils/update_test_checks.py UTC_ARGS: --version 5
-; RUN: opt -passes='sroa,instcombine,lower-constant-intrinsics,dce' -S < %s | FileCheck --check-prefixes CHECK,CHECK-REF %s
-; RUN: opt -passes=lower-constant-intrinsics,dce -S < %s | FileCheck --check-prefixes CHECK,CHECK-TST %s
+; RUN: opt -passes=lower-constant-intrinsics -S < %s | FileCheck %s
; Some extra tests using 16-bit pointers and 16-bit index type size. This
; allows us to for example test what happens when the index type used in a
@@ -14,6 +13,9 @@ define i32 @possible_out_of_bounds_gep_i8(i1 %c0, i1 %c1) {
; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i8(
; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[OBJ:%.*]] = alloca [5 x i8], align 1
+; CHECK-NEXT: [[OFFSET:%.*]] = select i1 [[C0]], i8 2, i8 10
+; CHECK-NEXT: [[PTR_SLIDE:%.*]] = getelementptr i8, ptr [[OBJ]], i8 [[OFFSET]]
; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
; CHECK-NEXT: ret i32 [[RES]]
;
@@ -31,6 +33,9 @@ define i32 @possible_out_of_bounds_gep_i16(i1 %c0, i1 %c1) {
; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i16(
; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[OBJ:%.*]] = alloca [5 x i8], align 1
+; CHECK-NEXT: [[OFFSET:%.*]] = select i1 [[C0]], i16 2, i16 10
+; CHECK-NEXT: [[PTR_SLIDE:%.*]] = getelementptr i8, ptr [[OBJ]], i16 [[OFFSET]]
; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
; CHECK-NEXT: ret i32 [[RES]]
;
@@ -48,6 +53,9 @@ define i32 @possible_out_of_bounds_gep_i32(i1 %c0, i1 %c1) {
; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i32(
; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[OBJ:%.*]] = alloca [5 x i8], align 1
+; CHECK-NEXT: [[OFFSET:%.*]] = select i1 [[C0]], i32 2, i32 10
+; CHECK-NEXT: [[PTR_SLIDE:%.*]] = getelementptr i8, ptr [[OBJ]], i32 [[OFFSET]]
; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
; CHECK-NEXT: ret i32 [[RES]]
;
@@ -62,19 +70,17 @@ entry:
}
; SROA would produce IR like this if applied to @possible_out_of_bounds_gep_i16.
-; FIXME: The %objsize_min result here looks wrong.
+; FIXME: The %objsize_min result here is invalid.
define i32 @possible_out_of_bounds_gep_i16_sroa(i1 %c0, i1 %c1) {
-; CHECK-REF-LABEL: define i32 @possible_out_of_bounds_gep_i16_sroa(
-; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
-; CHECK-REF-NEXT: [[ENTRY:.*:]]
-; CHECK-REF-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
-; CHECK-REF-NEXT: ret i32 [[RES]]
-;
-; CHECK-TST-LABEL: define i32 @possible_out_of_bounds_gep_i16_sroa(
-; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
-; CHECK-TST-NEXT: [[ENTRY:.*:]]
-; CHECK-TST-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 65531
-; CHECK-TST-NEXT: ret i32 [[RES]]
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i16_sroa(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[OBJ:%.*]] = alloca [5 x i8], align 1
+; CHECK-NEXT: [[DOTSROA_GEP:%.*]] = getelementptr i8, ptr [[OBJ]], i16 2
+; CHECK-NEXT: [[DOTSROA_GEP1:%.*]] = getelementptr i8, ptr [[OBJ]], i16 10
+; CHECK-NEXT: [[OFFSET_SROA_SEL:%.*]] = select i1 [[C0]], ptr [[DOTSROA_GEP]], ptr [[DOTSROA_GEP1]]
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 65531
+; CHECK-NEXT: ret i32 [[RES]]
;
entry:
%obj = alloca [5 x i8], align 1
@@ -88,20 +94,18 @@ entry:
}
; Indices are truncated to the pointer size in a gep. So "i32 -65526" should
-; be truncated to "i16 10".
-; FIXME: The TST result here is incorrect!
+; be treated as "i16 10" and we expect same result as for
+; @possible_out_of_bounds_gep_i16 above.
+; FIXME: The result here is incorrect (max/min is swapped).
define i32 @possible_out_of_bounds_gep_i32_trunc(i1 %c0, i1 %c1) {
-; CHECK-REF-LABEL: define i32 @possible_out_of_bounds_gep_i32_trunc(
-; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
-; CHECK-REF-NEXT: [[ENTRY:.*:]]
-; CHECK-REF-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
-; CHECK-REF-NEXT: ret i32 [[RES]]
-;
-; CHECK-TST-LABEL: define i32 @possible_out_of_bounds_gep_i32_trunc(
-; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
-; CHECK-TST-NEXT: [[ENTRY:.*:]]
-; CHECK-TST-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 0, i32 3
-; CHECK-TST-NEXT: ret i32 [[RES]]
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i32_trunc(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[OBJ:%.*]] = alloca [5 x i8], align 1
+; CHECK-NEXT: [[OFFSET:%.*]] = select i1 [[C0]], i32 2, i32 -65526
+; CHECK-NEXT: [[PTR_SLIDE:%.*]] = getelementptr i8, ptr [[OBJ]], i32 [[OFFSET]]
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 0, i32 3
+; CHECK-NEXT: ret i32 [[RES]]
;
entry:
%obj = alloca [5 x i8]
@@ -114,17 +118,13 @@ entry:
}
define i32 @out_of_bounds_gep_i8(i1 %c0, i1 %c1) {
-; CHECK-REF-LABEL: define i32 @out_of_bounds_gep_i8(
-; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
-; CHECK-REF-NEXT: [[ENTRY:.*:]]
-; CHECK-REF-NEXT: [[RES:%.*]] = sext i1 [[C1]] to i32
-; CHECK-REF-NEXT: ret i32 [[RES]]
-;
-; CHECK-TST-LABEL: define i32 @out_of_bounds_gep_i8(
-; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
-; CHECK-TST-NEXT: [[ENTRY:.*:]]
-; CHECK-TST-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 0
-; CHECK-TST-NEXT: ret i32 [[RES]]
+; CHECK-LABEL: define i32 @out_of_bounds_gep_i8(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[OBJ:%.*]] = alloca [5 x i8], align 1
+; CHECK-NEXT: [[PTR_SLIDE:%.*]] = getelementptr i8, ptr [[OBJ]], i8 -128
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 0
+; CHECK-NEXT: ret i32 [[RES]]
;
entry:
%obj = alloca [5 x i8]
@@ -139,6 +139,8 @@ define i32 @out_of_bounds_gep_i32(i1 %c0, i1 %c1) {
; CHECK-LABEL: define i32 @out_of_bounds_gep_i32(
; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[OBJ:%.*]] = alloca [5 x i8], align 1
+; CHECK-NEXT: [[PTR_SLIDE:%.*]] = getelementptr i8, ptr [[OBJ]], i32 10
; CHECK-NEXT: ret i32 0
;
entry:
@@ -154,6 +156,8 @@ define i32 @out_of_bounds_gep_i32_trunc(i1 %c0, i1 %c1) {
; CHECK-LABEL: define i32 @out_of_bounds_gep_i32_trunc(
; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[OBJ:%.*]] = alloca [5 x i8], align 1
+; CHECK-NEXT: [[PTR_SLIDE:%.*]] = getelementptr i8, ptr [[OBJ]], i32 -65526
; CHECK-NEXT: ret i32 0
;
entry:
@@ -168,19 +172,18 @@ entry:
; In this test the index will be out-of-bounds, but the current analysis won't
; detect that. The analysis will find out that %offset is in the range [-2,
; 10] which includes valid offsets that aren't out-of-bounds. Therefore we can
-; expect the result -1 for %objsize_max.
+; expect to get -1 for %objsize_max even if an advanced analysis should be
+; able to derive that we are out-of-bounds (returning 0 also for
+; %objsize_max).
define i32 @out_of_bounds_gep_i16_pos_neg(i1 %c0, i1 %c1) {
-; CHECK-REF-LABEL: define i32 @out_of_bounds_gep_i16_pos_neg(
-; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
-; CHECK-REF-NEXT: [[ENTRY:.*:]]
-; CHECK-REF-NEXT: [[RES:%.*]] = sext i1 [[C1]] to i32
-; CHECK-REF-NEXT: ret i32 [[RES]]
-;
-; CHECK-TST-LABEL: define i32 @out_of_bounds_gep_i16_pos_neg(
-; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
-; CHECK-TST-NEXT: [[ENTRY:.*:]]
-; CHECK-TST-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 0
-; CHECK-TST-NEXT: ret i32 [[RES]]
+; CHECK-LABEL: define i32 @out_of_bounds_gep_i16_pos_neg(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[OBJ:%.*]] = alloca [5 x i8], align 1
+; CHECK-NEXT: [[OFFSET:%.*]] = select i1 [[C0]], i32 10, i32 -2
+; CHECK-NEXT: [[PTR_SLIDE:%.*]] = getelementptr i8, ptr [[OBJ]], i32 [[OFFSET]]
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 0
+; CHECK-NEXT: ret i32 [[RES]]
;
entry:
%obj = alloca [5 x i8]
@@ -195,19 +198,16 @@ entry:
; With 16-bit index size %offset is either 32767 or -32768. Thus, when
; aggregating the possible offsets it we know that it is in the range [-32768,
; 32767], which includes valid offsets that aren't out-of-bounds. This is
-; similar to the out_of_bounds_gep_i16_pos_neg test above, and we can expect
-; the result -1 for %objsize_max.
+; similar to the out_of_bounds_gep_i16_pos_neg test above, and the current
+; implementation is expected to derive the result -1 for %objsize_max.
define i32 @out_of_bounds_gep_i32_trunc_select(i1 %c0, i1 %c1) {
-; CHECK-REF-LABEL: define i32 @out_of_bounds_gep_i32_trunc_select(
-; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
-; CHECK-REF-NEXT: [[ENTRY:.*:]]
-; CHECK-REF-NEXT: [[RES:%.*]] = sext i1 [[C1]] to i32
-; CHECK-REF-NEXT: ret i32 [[RES]]
-;
-; CHECK-TST-LABEL: define i32 @out_of_bounds_gep_i32_trunc_select(
-; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
-; CHECK-TST-NEXT: [[ENTRY:.*:]]
-; CHECK-TST-NEXT: ret i32 0
+; CHECK-LABEL: define i32 @out_of_bounds_gep_i32_trunc_select(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[OBJ:%.*]] = alloca [5 x i8], align 1
+; CHECK-NEXT: [[OFFSET:%.*]] = select i1 [[C0]], i32 32767, i32 32768
+; CHECK-NEXT: [[PTR_SLIDE:%.*]] = getelementptr i8, ptr [[OBJ]], i32 [[OFFSET]]
+; CHECK-NEXT: ret i32 0
;
entry:
%obj = alloca [5 x i8]
@@ -224,6 +224,9 @@ define i32 @possible_out_of_bounds_gep_i8_neg(i1 %c0, i1 %c1) {
; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i8_neg(
; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[OBJ:%.*]] = alloca [5 x i8], align 1
+; CHECK-NEXT: [[OFFSET:%.*]] = select i1 [[C0]], i8 2, i8 -10
+; CHECK-NEXT: [[PTR_SLIDE:%.*]] = getelementptr i8, ptr [[OBJ]], i8 [[OFFSET]]
; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 3
; CHECK-NEXT: ret i32 [[RES]]
;
@@ -242,6 +245,9 @@ define i32 @possible_out_of_bounds_gep_i16_neg(i1 %c0, i1 %c1) {
; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i16_neg(
; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
; CHECK-NEXT: [[ENTRY:.*:]]
+; CHECK-NEXT: [[OBJ:%.*]] = alloca [5 x i8], align 1
+; CHECK-NEXT: [[OFFSET:%.*]] = select i1 [[C0]], i16 2, i16 -10
+; CHECK-NEXT: [[PTR_SLIDE:%.*]] = getelementptr i8, ptr [[OBJ]], i16 [[OFFSET]]
; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 3
; CHECK-NEXT: ret i32 [[RES]]
;
>From c20605be9d8e63dd38efeb8547abae90097ba493 Mon Sep 17 00:00:00 2001
From: Bjorn Pettersson <bjorn.a.pettersson at ericsson.com>
Date: Wed, 26 Mar 2025 14:01:16 +0100
Subject: [PATCH 3/3] [MemoryBuiltins] Consider index type size when
aggregating gep offsets
Main goal here is to fix some bugs seen with LowerConstantIntrinsics
pass and the lowering of llvm.objectsize.
In ObjectSizeOffsetVisitor::computeImpl we are using an external
analysis together with stripAndAccumulateConstantOffsets. The idea
is to compute the Min/Max value of individual offsets within a GEP.
The bug solved here is that when doing the Min/Max comparisons the
external analysis wasn't considering the index type size (given by
the data layout), it was simply using the type from the IR. Since a
GEP is defined as sext/truncating indices we need to consider the
index type size in the external analysis.
This solves a regression (false ubsan warnings) seen after commit
02b8ee281947f (https://github.com/llvm/llvm-project/pull/117849).
---
llvm/lib/Analysis/MemoryBuiltins.cpp | 38 +++++++++++--------
.../builtin-object-size-idxsize.ll | 6 +--
2 files changed, 26 insertions(+), 18 deletions(-)
diff --git a/llvm/lib/Analysis/MemoryBuiltins.cpp b/llvm/lib/Analysis/MemoryBuiltins.cpp
index 6b7a3e1ffe347..1c20b33b8bae1 100644
--- a/llvm/lib/Analysis/MemoryBuiltins.cpp
+++ b/llvm/lib/Analysis/MemoryBuiltins.cpp
@@ -683,29 +683,30 @@ combinePossibleConstantValues(std::optional<APInt> LHS,
}
static std::optional<APInt> aggregatePossibleConstantValuesImpl(
- const Value *V, ObjectSizeOpts::Mode EvalMode, unsigned recursionDepth) {
+ const Value *V, ObjectSizeOpts::Mode EvalMode, unsigned BitWidth,
+ unsigned recursionDepth) {
constexpr unsigned maxRecursionDepth = 4;
if (recursionDepth == maxRecursionDepth)
return std::nullopt;
if (const auto *CI = dyn_cast<ConstantInt>(V)) {
- return CI->getValue();
+ return CI->getValue().sextOrTrunc(BitWidth);
} else if (const auto *SI = dyn_cast<SelectInst>(V)) {
return combinePossibleConstantValues(
aggregatePossibleConstantValuesImpl(SI->getTrueValue(), EvalMode,
- recursionDepth + 1),
+ BitWidth, recursionDepth + 1),
aggregatePossibleConstantValuesImpl(SI->getFalseValue(), EvalMode,
- recursionDepth + 1),
+ BitWidth, recursionDepth + 1),
EvalMode);
} else if (const auto *PN = dyn_cast<PHINode>(V)) {
unsigned Count = PN->getNumIncomingValues();
if (Count == 0)
return std::nullopt;
auto Acc = aggregatePossibleConstantValuesImpl(
- PN->getIncomingValue(0), EvalMode, recursionDepth + 1);
+ PN->getIncomingValue(0), EvalMode, BitWidth, recursionDepth + 1);
for (unsigned I = 1; Acc && I < Count; ++I) {
auto Tmp = aggregatePossibleConstantValuesImpl(
- PN->getIncomingValue(I), EvalMode, recursionDepth + 1);
+ PN->getIncomingValue(I), EvalMode, BitWidth, recursionDepth + 1);
Acc = combinePossibleConstantValues(Acc, Tmp, EvalMode);
}
return Acc;
@@ -715,9 +716,10 @@ static std::optional<APInt> aggregatePossibleConstantValuesImpl(
}
static std::optional<APInt>
-aggregatePossibleConstantValues(const Value *V, ObjectSizeOpts::Mode EvalMode) {
+aggregatePossibleConstantValues(const Value *V, ObjectSizeOpts::Mode EvalMode,
+ unsigned BitWidth) {
if (auto *CI = dyn_cast<ConstantInt>(V))
- return CI->getValue();
+ return CI->getValue().sextOrTrunc(BitWidth);
if (EvalMode != ObjectSizeOpts::Mode::Min &&
EvalMode != ObjectSizeOpts::Mode::Max)
@@ -726,7 +728,7 @@ aggregatePossibleConstantValues(const Value *V, ObjectSizeOpts::Mode EvalMode) {
// Not using computeConstantRange here because we cannot guarantee it's not
// doing optimization based on UB which we want to avoid when expanding
// __builtin_object_size.
- return aggregatePossibleConstantValuesImpl(V, EvalMode, 0u);
+ return aggregatePossibleConstantValuesImpl(V, EvalMode, BitWidth, 0u);
}
/// Align \p Size according to \p Alignment. If \p Size is greater than
@@ -788,9 +790,14 @@ OffsetSpan ObjectSizeOffsetVisitor::computeImpl(Value *V) {
Options.EvalMode == ObjectSizeOpts::Mode::Min
? ObjectSizeOpts::Mode::Max
: ObjectSizeOpts::Mode::Min;
- auto OffsetRangeAnalysis = [EvalMode](Value &VOffset, APInt &Offset) {
+ // For a GEPOperator the indices are first converted to offsets in the
+ // pointer’s index type, so we need to provide the index type to make sure
+ // the min/max operations are performed in correct type.
+ unsigned IdxTyBits = DL.getIndexTypeSizeInBits(V->getType());
+ auto OffsetRangeAnalysis = [EvalMode, IdxTyBits](Value &VOffset,
+ APInt &Offset) {
if (auto PossibleOffset =
- aggregatePossibleConstantValues(&VOffset, EvalMode)) {
+ aggregatePossibleConstantValues(&VOffset, EvalMode, IdxTyBits)) {
Offset = *PossibleOffset;
return true;
}
@@ -900,8 +907,9 @@ OffsetSpan ObjectSizeOffsetVisitor::visitAllocaInst(AllocaInst &I) {
return OffsetSpan(Zero, align(Size, I.getAlign()));
Value *ArraySize = I.getArraySize();
- if (auto PossibleSize =
- aggregatePossibleConstantValues(ArraySize, Options.EvalMode)) {
+ if (auto PossibleSize = aggregatePossibleConstantValues(
+ ArraySize, Options.EvalMode,
+ ArraySize->getType()->getScalarSizeInBits())) {
APInt NumElems = *PossibleSize;
if (!CheckedZextOrTrunc(NumElems))
return ObjectSizeOffsetVisitor::unknown();
@@ -932,8 +940,8 @@ OffsetSpan ObjectSizeOffsetVisitor::visitCallBase(CallBase &CB) {
if (!V->getType()->isIntegerTy())
return V;
- if (auto PossibleBound =
- aggregatePossibleConstantValues(V, Options.EvalMode))
+ if (auto PossibleBound = aggregatePossibleConstantValues(
+ V, Options.EvalMode, V->getType()->getScalarSizeInBits()))
return ConstantInt::get(V->getType(), *PossibleBound);
return V;
diff --git a/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll b/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll
index 3fb2789ce0e49..c65fe664d6ac5 100644
--- a/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll
+++ b/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll
@@ -96,7 +96,6 @@ entry:
; Indices are truncated to the pointer size in a gep. So "i32 -65526" should
; be treated as "i16 10" and we expect same result as for
; @possible_out_of_bounds_gep_i16 above.
-; FIXME: The result here is incorrect (max/min is swapped).
define i32 @possible_out_of_bounds_gep_i32_trunc(i1 %c0, i1 %c1) {
; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i32_trunc(
; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
@@ -104,7 +103,7 @@ define i32 @possible_out_of_bounds_gep_i32_trunc(i1 %c0, i1 %c1) {
; CHECK-NEXT: [[OBJ:%.*]] = alloca [5 x i8], align 1
; CHECK-NEXT: [[OFFSET:%.*]] = select i1 [[C0]], i32 2, i32 -65526
; CHECK-NEXT: [[PTR_SLIDE:%.*]] = getelementptr i8, ptr [[OBJ]], i32 [[OFFSET]]
-; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 0, i32 3
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
; CHECK-NEXT: ret i32 [[RES]]
;
entry:
@@ -207,7 +206,8 @@ define i32 @out_of_bounds_gep_i32_trunc_select(i1 %c0, i1 %c1) {
; CHECK-NEXT: [[OBJ:%.*]] = alloca [5 x i8], align 1
; CHECK-NEXT: [[OFFSET:%.*]] = select i1 [[C0]], i32 32767, i32 32768
; CHECK-NEXT: [[PTR_SLIDE:%.*]] = getelementptr i8, ptr [[OBJ]], i32 [[OFFSET]]
-; CHECK-NEXT: ret i32 0
+; CHECK-NEXT: [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 0
+; CHECK-NEXT: ret i32 [[RES]]
;
entry:
%obj = alloca [5 x i8]
More information about the llvm-commits
mailing list