mirror of
https://github.com/c64scene-ar/llvm-6502.git
synced 2025-01-19 04:32:19 +00:00
Fix PR14132 and handle OOB loads speculated throuh PHI nodes.
The issue is that we may end up with newly OOB loads when speculating a load into the predecessors of a PHI node, and this confuses the new integer splitting logic in some cases, triggering an assertion failure. In fact, the branch in question must be dead code as it loads from a too-narrow alloca. Add code to handle this gracefully and leave the requisite FIXMEs for both optimizing more aggressively and doing more to aid sanitizing invalid code which triggers these patterns. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@168361 91177308-0d34-0410-b5e6-96231b3b80d8
This commit is contained in:
parent
310f248c22
commit
176792990e
@ -568,6 +568,10 @@ private:
|
|||||||
|
|
||||||
// Clamp the end offset to the end of the allocation. Note that this is
|
// Clamp the end offset to the end of the allocation. Note that this is
|
||||||
// formulated to handle even the case where "BeginOffset + Size" overflows.
|
// formulated to handle even the case where "BeginOffset + Size" overflows.
|
||||||
|
// NOTE! This may appear superficially to be something we could ignore
|
||||||
|
// entirely, but that is not so! There may be PHI-node uses where some
|
||||||
|
// instructions are dead but not others. We can't completely ignore the
|
||||||
|
// PHI node, and so have to record at least the information here.
|
||||||
assert(AllocSize >= BeginOffset); // Established above.
|
assert(AllocSize >= BeginOffset); // Established above.
|
||||||
if (Size > AllocSize - BeginOffset) {
|
if (Size > AllocSize - BeginOffset) {
|
||||||
DEBUG(dbgs() << "WARNING: Clamping a " << Size << " byte use @" << Offset
|
DEBUG(dbgs() << "WARNING: Clamping a " << Size << " byte use @" << Offset
|
||||||
@ -2492,6 +2496,23 @@ private:
|
|||||||
|
|
||||||
uint64_t Size = EndOffset - BeginOffset;
|
uint64_t Size = EndOffset - BeginOffset;
|
||||||
bool IsSplitIntLoad = Size < TD.getTypeStoreSize(LI.getType());
|
bool IsSplitIntLoad = Size < TD.getTypeStoreSize(LI.getType());
|
||||||
|
|
||||||
|
// If this memory access can be shown to *statically* extend outside the
|
||||||
|
// bounds of the original allocation it's behavior is undefined. Rather
|
||||||
|
// than trying to transform it, just replace it with undef.
|
||||||
|
// FIXME: We should do something more clever for functions being
|
||||||
|
// instrumented by asan.
|
||||||
|
// FIXME: Eventually, once ASan and friends can flush out bugs here, this
|
||||||
|
// should be transformed to a load of null making it unreachable.
|
||||||
|
uint64_t OldAllocSize = TD.getTypeAllocSize(OldAI.getAllocatedType());
|
||||||
|
if (TD.getTypeStoreSize(LI.getType()) > OldAllocSize) {
|
||||||
|
LI.replaceAllUsesWith(UndefValue::get(LI.getType()));
|
||||||
|
Pass.DeadInsts.insert(&LI);
|
||||||
|
deleteIfTriviallyDead(OldOp);
|
||||||
|
DEBUG(dbgs() << " to: undef!!\n");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
Type *TargetTy = IsSplitIntLoad ? Type::getIntNTy(LI.getContext(), Size * 8)
|
Type *TargetTy = IsSplitIntLoad ? Type::getIntNTy(LI.getContext(), Size * 8)
|
||||||
: LI.getType();
|
: LI.getType();
|
||||||
bool IsPtrAdjusted = false;
|
bool IsPtrAdjusted = false;
|
||||||
|
@ -390,3 +390,38 @@ if.then:
|
|||||||
%tmpcast.d.0 = select i1 undef, i32* %c, i32* %d.0
|
%tmpcast.d.0 = select i1 undef, i32* %c, i32* %d.0
|
||||||
br label %for.cond
|
br label %for.cond
|
||||||
}
|
}
|
||||||
|
|
||||||
|
define i64 @PR14132(i1 %flag) {
|
||||||
|
; CHECK: @PR14132
|
||||||
|
; Here we form a PHI-node by promoting the pointer alloca first, and then in
|
||||||
|
; order to promote the other two allocas, we speculate the load of the
|
||||||
|
; now-phi-node-pointer. In doing so we end up loading a 64-bit value from an i8
|
||||||
|
; alloca, which is completely bogus. However, we were asserting on trying to
|
||||||
|
; rewrite it. Now it is replaced with undef. Eventually we may replace it with
|
||||||
|
; unrechable and even the CFG will go away here.
|
||||||
|
entry:
|
||||||
|
%a = alloca i64
|
||||||
|
%b = alloca i8
|
||||||
|
%ptr = alloca i64*
|
||||||
|
; CHECK-NOT: alloca
|
||||||
|
|
||||||
|
%ptr.cast = bitcast i64** %ptr to i8**
|
||||||
|
store i64 0, i64* %a
|
||||||
|
store i8 1, i8* %b
|
||||||
|
store i64* %a, i64** %ptr
|
||||||
|
br i1 %flag, label %if.then, label %if.end
|
||||||
|
|
||||||
|
if.then:
|
||||||
|
store i8* %b, i8** %ptr.cast
|
||||||
|
br label %if.end
|
||||||
|
|
||||||
|
if.end:
|
||||||
|
%tmp = load i64** %ptr
|
||||||
|
%result = load i64* %tmp
|
||||||
|
; CHECK-NOT: store
|
||||||
|
; CHECK-NOT: load
|
||||||
|
; CHECK: %[[result:.*]] = phi i64 [ undef, %if.then ], [ 0, %entry ]
|
||||||
|
|
||||||
|
ret i64 %result
|
||||||
|
; CHECK-NEXT: ret i64 %[[result]]
|
||||||
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user