From 789db09cde5f0cb2a0a5fc175c1141c760a3e807 Mon Sep 17 00:00:00 2001
From: Chris Lattner <sabre@nondot.org>
Date: Tue, 27 Nov 2007 22:14:42 +0000
Subject: [PATCH] Fix a crash on invalid code due to memcpy lowering.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@44378 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Target/PowerPC/PPCRegisterInfo.cpp | 57 ++++++++++++++------------
 test/CodeGen/Generic/invalid-memcpy.ll | 19 +++++++++
 test/CodeGen/PowerPC/invalid-memcpy.ll | 20 +++++++++
 3 files changed, 70 insertions(+), 26 deletions(-)
 create mode 100644 test/CodeGen/Generic/invalid-memcpy.ll
 create mode 100644 test/CodeGen/PowerPC/invalid-memcpy.ll

diff --git a/lib/Target/PowerPC/PPCRegisterInfo.cpp b/lib/Target/PowerPC/PPCRegisterInfo.cpp
index 950d4408fb9..28c1fcba29b 100644
--- a/lib/Target/PowerPC/PPCRegisterInfo.cpp
+++ b/lib/Target/PowerPC/PPCRegisterInfo.cpp
@@ -779,35 +779,40 @@ void PPCRegisterInfo::eliminateFrameIndex(MachineBasicBlock::iterator II,
   // to Offset to get the correct offset.
   Offset += MFI->getStackSize();
 
-  if (isInt16(Offset)) {
-    if (isIXAddr) {
-      assert((Offset & 3) == 0 && "Invalid frame offset!");
+  // If we can, encode the offset directly into the instruction.  If this is a
+  // normal PPC "ri" instruction, any 16-bit value can be safely encoded.  If
+  // this is a PPC64 "ix" instruction, only a 16-bit value with the low two bits
+  // clear can be encoded.  This is extremely uncommon, because normally you
+  // only "std" to a stack slot that is at least 4-byte aligned, but it can
+  // happen in invalid code.
+  if (isInt16(Offset) && (!isIXAddr || (isIXAddr & 3) == 0)) {
+    if (isIXAddr)
       Offset >>= 2;    // The actual encoded value has the low two bits zero.
-    }
     MI.getOperand(OffsetOperandNo).ChangeToImmediate(Offset);
-  } else {
-    // Insert a set of r0 with the full offset value before the ld, st, or add
-    BuildMI(MBB, II, TII.get(PPC::LIS), PPC::R0).addImm(Offset >> 16);
-    BuildMI(MBB, II, TII.get(PPC::ORI), PPC::R0).addReg(PPC::R0).addImm(Offset);
-    
-    // Convert into indexed form of the instruction
-    // sth 0:rA, 1:imm 2:(rB) ==> sthx 0:rA, 2:rB, 1:r0
-    // addi 0:rA 1:rB, 2, imm ==> add 0:rA, 1:rB, 2:r0
-    unsigned OperandBase;
-    if (OpC != TargetInstrInfo::INLINEASM) {
-      assert(ImmToIdxMap.count(OpC) &&
-             "No indexed form of load or store available!");
-      unsigned NewOpcode = ImmToIdxMap.find(OpC)->second;
-      MI.setInstrDescriptor(TII.get(NewOpcode));
-      OperandBase = 1;
-    } else {
-      OperandBase = OffsetOperandNo;
-    }
-      
-    unsigned StackReg = MI.getOperand(FIOperandNo).getReg();
-    MI.getOperand(OperandBase).ChangeToRegister(StackReg, false);
-    MI.getOperand(OperandBase+1).ChangeToRegister(PPC::R0, false);
+    return;
   }
+  
+  // Insert a set of r0 with the full offset value before the ld, st, or add
+  BuildMI(MBB, II, TII.get(PPC::LIS), PPC::R0).addImm(Offset >> 16);
+  BuildMI(MBB, II, TII.get(PPC::ORI), PPC::R0).addReg(PPC::R0).addImm(Offset);
+  
+  // Convert into indexed form of the instruction
+  // sth 0:rA, 1:imm 2:(rB) ==> sthx 0:rA, 2:rB, 1:r0
+  // addi 0:rA 1:rB, 2, imm ==> add 0:rA, 1:rB, 2:r0
+  unsigned OperandBase;
+  if (OpC != TargetInstrInfo::INLINEASM) {
+    assert(ImmToIdxMap.count(OpC) &&
+           "No indexed form of load or store available!");
+    unsigned NewOpcode = ImmToIdxMap.find(OpC)->second;
+    MI.setInstrDescriptor(TII.get(NewOpcode));
+    OperandBase = 1;
+  } else {
+    OperandBase = OffsetOperandNo;
+  }
+    
+  unsigned StackReg = MI.getOperand(FIOperandNo).getReg();
+  MI.getOperand(OperandBase).ChangeToRegister(StackReg, false);
+  MI.getOperand(OperandBase+1).ChangeToRegister(PPC::R0, false);
 }
 
 /// VRRegNo - Map from a numbered VR register to its enum value.
diff --git a/test/CodeGen/Generic/invalid-memcpy.ll b/test/CodeGen/Generic/invalid-memcpy.ll
new file mode 100644
index 00000000000..e3acf0c2be1
--- /dev/null
+++ b/test/CodeGen/Generic/invalid-memcpy.ll
@@ -0,0 +1,19 @@
+; RUN: llvm-as < %s | llc 
+
+; This testcase is invalid (the alignment specified for memcpy is 
+; greater than the alignment guaranteed for Qux or C.0.1173), but it
+; should compile, not crash the code generator.
+
+@C.0.1173 = external constant [33 x i8]         ; <[33 x i8]*> [#uses=1]
+
+define void @Bork() {
+entry:
+        %Qux = alloca [33 x i8]         ; <[33 x i8]*> [#uses=1]
+        %Qux1 = bitcast [33 x i8]* %Qux to i8*          ; <i8*> [#uses=1]
+        call void @llvm.memcpy.i64( i8* %Qux1, i8* getelementptr ([33 x i8]* @C.0.1173, i32 0, i32 0), i64 33, i32 8 )
+        ret void
+}
+
+declare void @llvm.memcpy.i64(i8*, i8*, i64, i32)
+
+
diff --git a/test/CodeGen/PowerPC/invalid-memcpy.ll b/test/CodeGen/PowerPC/invalid-memcpy.ll
new file mode 100644
index 00000000000..6df968dddae
--- /dev/null
+++ b/test/CodeGen/PowerPC/invalid-memcpy.ll
@@ -0,0 +1,20 @@
+; RUN: llvm-as < %s | llc -march=ppc32
+; RUN: llvm-as < %s | llc -march=ppc64
+
+; This testcase is invalid (the alignment specified for memcpy is 
+; greater than the alignment guaranteed for Qux or C.0.1173, but it
+; should compile, not crash the code generator.
+
+@C.0.1173 = external constant [33 x i8]         ; <[33 x i8]*> [#uses=1]
+
+define void @Bork() {
+entry:
+        %Qux = alloca [33 x i8]         ; <[33 x i8]*> [#uses=1]
+        %Qux1 = bitcast [33 x i8]* %Qux to i8*          ; <i8*> [#uses=1]
+        call void @llvm.memcpy.i64( i8* %Qux1, i8* getelementptr ([33 x i8]* @C.0.1173, i32 0, i32 0), i64 33, i32 8 )
+        ret void
+}
+
+declare void @llvm.memcpy.i64(i8*, i8*, i64, i32)
+
+