This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
llvm/trunk/
-
trunk/
-
include/llvm/Analysis/
-
llvm/
-
Analysis/
-
MemoryBuiltins.h
-
lib/Analysis/
-
Analysis/
-
MemoryBuiltins.cpp

Differential D35003

[MemoryBuiltins] Allow truncation in visitAllocaInst()
ClosedPublic

Authored by uabelho on Jul 5 2017, 3:57 AM.

Download Raw Diff

Details

Reviewers

craig.topper
rnk
george.burgess.iv

Commits

rGad7e718307a2: [MemoryBuiltins] Allow truncation in visitAllocaInst()
rL307754: [MemoryBuiltins] Allow truncation in visitAllocaInst()

Summary

Solves PR33689.

If the pointer size is less than the size of the type used for the array
size in an alloca (the <ty> type below) then we could trigger the assert in
the PR. In that example we have pointer size i16 and <ty> is i32.

<result> = alloca [inalloca] <type> [, <ty> <NumElements>] [, align <alignment>]

Handle the situation by allowing truncation as well as zero extension in
ObjectSizeOffsetVisitor::visitAllocaInst().

Also, we now detect overflow in visitAllocaInst(), similar to how it was
already done in visitCallSite().

Diff Detail

Repository: rL LLVM

Event Timeline

uabelho created this revision.Jul 5 2017, 3:57 AM

If the truncation actually truncates something (and not just changes e.g. an i32 1 to an i16 1)
then we are not in a good spot, but then I suppose we have already messed up since then we
would have something like

%foo = alloca i16 , i32 1000000

with pointers being 16b wide so the allocated temporary wouldn't fit in memory
anyway.

I don't know this code very well though so if you think there is a more reasonable fix for this
please let me know.

davide added a subscriber: davide.Jul 5 2017, 8:41 AM

Thanks for this! One nit, and I think it looks good.

lib/Analysis/MemoryBuiltins.cpp
518 ↗	(On Diff #105241)	Addressing your comment: I realize that this is an existing inconsistency, but we try to return `unknown()` if an overflow happens (e.g. on line 597). While we're in the area, can we make this test for overflow too, please?

Thanks for the comments!

lib/Analysis/MemoryBuiltins.cpp
518 ↗	(On Diff #105241)	So you want me to detect if overflow actually happens and if so return unknown(), and add a testcase for the overflow case as well? If so, yes I'll try.

george.burgess.iv added inline comments.Jul 7 2017, 6:10 AM

lib/Analysis/MemoryBuiltins.cpp
518 ↗	(On Diff #105241)	Yes, please. I'm not 100% sure if testing this will be straightforward, though. If it seems nontrivial, just let me know. Since it's my nit, I'm happy to try to make a test for overflow and commit it after this lands. :)

uabelho added inline comments.Jul 7 2017, 6:19 AM

lib/Analysis/MemoryBuiltins.cpp
518 ↗	(On Diff #105241)	Ok I will! Yes the testing I don't know since I think the test case I have already is pretty non-straightforward.. The i64 is being converted to a [2 x i32] and I think it's that "2" that I will truncate. So for overflow to happen with just small modifications of my existing test I'll need my %i64_t to be something huge. I'll give it a try though.

Added overflow checks to visitAllocaInst.

To avoid some code duplication I pulled out the CheckedZextOrTrunc lambda from visitCallSite
and made a member function of it.

uabelho added inline comments.Jul 10 2017, 12:06 AM

lib/Analysis/MemoryBuiltins.cpp
518 ↗	(On Diff #105241)	Added overflow checks. Something like this is what you had in mind? For the testcase, if I change %i64_t = type i64 to %i64_t = type i6488888 then the overflow checks trigger, but the end result from instcombine is still the same as without overflow checks so I don't have any nice output change to check for. If you know this code then I suppose you'll be able to make a testcase for it.

LGTM after a few stylistic nits are addressed. Thanks again!

lib/Analysis/MemoryBuiltins.cpp
511 ↗	(On Diff #105810)	I think it's `\p I`, though I'm admittedly not great with doxygen.
522 ↗	(On Diff #105810)	Please remove the trailing `;`
535 ↗	(On Diff #105810)	Please remove the brackets, since this is a single-statement `if`
518 ↗	(On Diff #105241)	Something like this is what you had in mind? Yup! If you know this code then I suppose you'll be able to make a testcase for it Will do. :)

Addressed the few remaining issues.

(Totally idiotic to not see them myself to begin with. Sorry and thanks!)

Updated the summary so it now has a few words about the new overflow
checks in visitAllocaInst().

Thanks!

LGTM!

Totally idiotic to not see them myself to begin with. Sorry and thanks!

Not a problem :)

This revision is now accepted and ready to land.Jul 11 2017, 11:26 AM

Closed by commit rL307754: [MemoryBuiltins] Allow truncation in visitAllocaInst() (authored by uabelho). · Explain WhyJul 11 2017, 11:19 PM

This revision was automatically updated to reflect the committed changes.

• gbiv mentioned this in rL307811: Add a test for r307754.Jul 12 2017, 9:31 AM

Apparently I accidentally dropped the test case between two revisions of this patch so I submitted it
now in https://reviews.llvm.org/rL307887

Revision Contents

Path

Size

llvm/

trunk/

include/

llvm/

Analysis/

MemoryBuiltins.h

3 lines

lib/

Analysis/

MemoryBuiltins.cpp

41 lines

Diff 106142

llvm/trunk/include/llvm/Analysis/MemoryBuiltins.h

Show First 20 Lines • Show All 218 Lines • ▼ Show 20 Lines	public:
SizeOffsetType visitGlobalAlias(GlobalAlias &GA);		SizeOffsetType visitGlobalAlias(GlobalAlias &GA);
SizeOffsetType visitGlobalVariable(GlobalVariable &GV);		SizeOffsetType visitGlobalVariable(GlobalVariable &GV);
SizeOffsetType visitIntToPtrInst(IntToPtrInst&);		SizeOffsetType visitIntToPtrInst(IntToPtrInst&);
SizeOffsetType visitLoadInst(LoadInst &I);		SizeOffsetType visitLoadInst(LoadInst &I);
SizeOffsetType visitPHINode(PHINode&);		SizeOffsetType visitPHINode(PHINode&);
SizeOffsetType visitSelectInst(SelectInst &I);		SizeOffsetType visitSelectInst(SelectInst &I);
SizeOffsetType visitUndefValue(UndefValue&);		SizeOffsetType visitUndefValue(UndefValue&);
SizeOffsetType visitInstruction(Instruction &I);		SizeOffsetType visitInstruction(Instruction &I);

		private:
		bool CheckedZextOrTrunc(APInt &I);
};		};

typedef std::pair<Value, Value> SizeOffsetEvalType;		typedef std::pair<Value, Value> SizeOffsetEvalType;


/// \brief Evaluate the size and offset of an object pointed to by a Value*.		/// \brief Evaluate the size and offset of an object pointed to by a Value*.
/// May create code to compute the result at run-time.		/// May create code to compute the result at run-time.
class ObjectSizeOffsetEvaluator		class ObjectSizeOffsetEvaluator
▲ Show 20 Lines • Show All 59 Lines • Show Last 20 Lines

llvm/trunk/lib/Analysis/MemoryBuiltins.cpp

Show First 20 Lines • Show All 499 Lines • ▼ Show 20 Lines	if (CE->getOpcode() == Instruction::GetElementPtr)
return visitGEPOperator(cast<GEPOperator>(*CE));		return visitGEPOperator(cast<GEPOperator>(*CE));
}		}

DEBUG(dbgs() << "ObjectSizeOffsetVisitor::compute() unhandled value: " << *V		DEBUG(dbgs() << "ObjectSizeOffsetVisitor::compute() unhandled value: " << *V
<< '\n');		<< '\n');
return unknown();		return unknown();
}		}

		/// When we're compiling N-bit code, and the user uses parameters that are
		/// greater than N bits (e.g. uint64_t on a 32-bit build), we can run into
		/// trouble with APInt size issues. This function handles resizing + overflow
		/// checks for us. Check and zext or trunc \p I depending on IntTyBits and
		/// I's value.
		bool ObjectSizeOffsetVisitor::CheckedZextOrTrunc(APInt &I) {
		// More bits than we can handle. Checking the bit width isn't necessary, but
		// it's faster than checking active bits, and should give `false` in the
		// vast majority of cases.
		if (I.getBitWidth() > IntTyBits && I.getActiveBits() > IntTyBits)
		return false;
		if (I.getBitWidth() != IntTyBits)
		I = I.zextOrTrunc(IntTyBits);
		return true;
		}

SizeOffsetType ObjectSizeOffsetVisitor::visitAllocaInst(AllocaInst &I) {		SizeOffsetType ObjectSizeOffsetVisitor::visitAllocaInst(AllocaInst &I) {
if (!I.getAllocatedType()->isSized())		if (!I.getAllocatedType()->isSized())
return unknown();		return unknown();

APInt Size(IntTyBits, DL.getTypeAllocSize(I.getAllocatedType()));		APInt Size(IntTyBits, DL.getTypeAllocSize(I.getAllocatedType()));
if (!I.isArrayAllocation())		if (!I.isArrayAllocation())
return std::make_pair(align(Size, I.getAlignment()), Zero);		return std::make_pair(align(Size, I.getAlignment()), Zero);

Value *ArraySize = I.getArraySize();		Value *ArraySize = I.getArraySize();
if (const ConstantInt *C = dyn_cast<ConstantInt>(ArraySize)) {		if (const ConstantInt *C = dyn_cast<ConstantInt>(ArraySize)) {
Size *= C->getValue().zextOrSelf(IntTyBits);		APInt NumElems = C->getValue();
return std::make_pair(align(Size, I.getAlignment()), Zero);		if (!CheckedZextOrTrunc(NumElems))
		return unknown();

		bool Overflow;
		Size = Size.umul_ov(NumElems, Overflow);
		return Overflow ? unknown() : std::make_pair(align(Size, I.getAlignment()),
		Zero);
}		}
return unknown();		return unknown();
}		}

SizeOffsetType ObjectSizeOffsetVisitor::visitArgument(Argument &A) {		SizeOffsetType ObjectSizeOffsetVisitor::visitArgument(Argument &A) {
// No interprocedural analysis is done at the moment.		// No interprocedural analysis is done at the moment.
if (!A.hasByValOrInAllocaAttr()) {		if (!A.hasByValOrInAllocaAttr()) {
++ObjectVisitorArgument;		++ObjectVisitorArgument;
Show All 28 Lines	if (FnData->AllocTy == StrDupLike) {
}		}
return std::make_pair(Size, Zero);		return std::make_pair(Size, Zero);
}		}

ConstantInt *Arg = dyn_cast<ConstantInt>(CS.getArgument(FnData->FstParam));		ConstantInt *Arg = dyn_cast<ConstantInt>(CS.getArgument(FnData->FstParam));
if (!Arg)		if (!Arg)
return unknown();		return unknown();

// When we're compiling N-bit code, and the user uses parameters that are
// greater than N bits (e.g. uint64_t on a 32-bit build), we can run into
// trouble with APInt size issues. This function handles resizing + overflow
// checks for us.
auto CheckedZextOrTrunc = [&](APInt &I) {
// More bits than we can handle. Checking the bit width isn't necessary, but
// it's faster than checking active bits, and should give `false` in the
// vast majority of cases.
if (I.getBitWidth() > IntTyBits && I.getActiveBits() > IntTyBits)
return false;
if (I.getBitWidth() != IntTyBits)
I = I.zextOrTrunc(IntTyBits);
return true;
};

APInt Size = Arg->getValue();		APInt Size = Arg->getValue();
if (!CheckedZextOrTrunc(Size))		if (!CheckedZextOrTrunc(Size))
return unknown();		return unknown();

// Size is determined by just 1 parameter.		// Size is determined by just 1 parameter.
if (FnData->SndParam < 0)		if (FnData->SndParam < 0)
return std::make_pair(Size, Zero);		return std::make_pair(Size, Zero);

▲ Show 20 Lines • Show All 330 Lines • Show Last 20 Lines