This is an archive of the discontinued LLVM Phabricator instance.

Differential D84733

[Attributor] Check nonnull attribute violation in AAUndefinedBehavior
ClosedPublic

Authored by okura on Jul 28 2020, 1:40 AM.

Details

Reviewers
jdoerfert
uenoku
homerdin
sstefan1
baziotis
Commits
rG434cf2ded383: [Attributor] Check nonnull attribute violation in AAUndefinedBehavior
Summary

This patch makes it possible to handle nonnull attribute violation at callsites in AAUndefinedBehavior.
If null pointer is passed to callee at a callsite and the corresponding argument of callee has nonnull attribute, the behavior of the callee is undefined.
In this patch, violations of argument nonnull attributes is only handled.
But violations of returned nonnull attributes can be handled and I will implement that in a follow-up patch.

Diff Detail

Event Timeline

okura created this revision.Jul 28 2020, 1:40 AM
Herald added a reviewer: uenoku. · View Herald TranscriptJul 28 2020, 1:40 AM
Herald added a reviewer: homerdin. · View Herald Transcript
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: llvm-commits, kuter, uenoku, hiraditya. · View Herald Transcript
okura requested review of this revision.Jul 28 2020, 1:40 AM
Herald added a reviewer: sstefan1. · View Herald TranscriptJul 28 2020, 1:40 AM
Herald added a reviewer: baziotis. · View Herald Transcript
Herald added a subscriber: bbn. · View Herald Transcript
okura edited the summary of this revision. (Show Details)Jul 28 2020, 3:35 AM
baziotis added inline comments.Jul 28 2020, 6:55 AM
llvm/lib/Transforms/IPO/AttributorAttributes.cpp
2048

Please add a third argument specifying the instructions to check, i.e. {Instruction::CallSite}. Also, a fourth argument true as a value, like the other too above.

llvm/test/Transforms/Attributor/value-simplify.ll
409 ↗(On Diff #281140)

Hmm.. We probably need to fix the undefined behavior in this testcase.

jdoerfert added a comment.Jul 28 2020, 7:12 AM

This is cool :)

I thought about this again and I think it will expose the problematic case I mentioned on the call. The Attributor derives attributes, then replaces the value with undef because it is dead, then the thing might be folded to UB/unreachable. Let's directly require the noundef attribute as well. We need to split the AAUB behavior accordingly soon but I'm fine with checking it explicitly here first. That will require tests with and without noundef.

llvm/lib/Transforms/IPO/AttributorAttributes.cpp
1991
1996

You don't need a callee, just use the call base.

1998

I somehow feel checking the attribute first is better.

2005

Move this to the beginning to describe what is happening. Maybe elaborate a bit.

2018

Provide a comment before or at the beginning of this lambda explaining it a bit.

2048

No need to specify call site (which is not an opcode) because this is a specialized version of checkForAllInstructions. The CheckBBLivenessOnly can be provided I guess.

baziotis added inline comments.Jul 28 2020, 7:35 AM
llvm/lib/Transforms/IPO/AttributorAttributes.cpp
2048

Oh my bad. The names are big and I missed completely that it is not checkForAllInstructions.

okura updated this revision to Diff 282501.Aug 2 2020, 10:02 PM
  • fix comments
  • check noundef attribute explicitly
  • modify and add tests with noundef attribute
okura marked 4 inline comments as done.Aug 2 2020, 10:24 PM
okura added inline comments.
llvm/lib/Transforms/IPO/AttributorAttributes.cpp
1996

Do you mean that I don't have to be aware of Callee->arg_size() anywhere?
In the case of callbacks, CB.getNumArgOperands() > Callee->arg_size() holds and I got segfault when getArg is called.
Can I get the callee argument position directly from CallBase?

jdoerfert accepted this revision.Aug 3 2020, 12:02 AM

LGTM. Some minor nits below. I guess this doesn't affect other tests because of the noundef restriction. We should really derive that one as well.

llvm/lib/Transforms/IPO/AttributorAttributes.cpp
1996

Oh, OK. For any variadic function the call can have more operands than the callee arguments. I guess what you really want are the abstract call sites you can get from the call base. Let's keep it like this for now.

2007

I guess the easiest is to check if it is a pointer early on. That should avoid running the code below in case it can never trigger.

2021

Not having a value and having the value undef are also all violations if you will. The former means it is dead anyway, and undef can degenerate to null whenever you want it to.

llvm/test/Transforms/Attributor/undefined_behavior.ll
598

Next up, we can derive noundef for this case (amongst others), given that we actually access the pointer for sure. An undef value would cause UB so %a cannot be undef. Basically the same way we should already derive nonnull for this case. Later ;)

This revision is now accepted and ready to land.Aug 3 2020, 12:02 AM
okura updated this revision to Diff 282517.Aug 3 2020, 12:59 AM
  • fix nits
  • add comment
Closed by commit rG434cf2ded383: [Attributor] Check nonnull attribute violation in AAUndefinedBehavior (authored by okura). · Explain WhyAug 3 2020, 1:13 AM
This revision was automatically updated to reflect the committed changes.
okura added a commit: rG434cf2ded383: [Attributor] Check nonnull attribute violation in AAUndefinedBehavior.
okura mentioned this in D85178: [Attributor] Check violation of returned position nonnull and noundef attribute in AAUndefinedBehavior.Aug 3 2020, 8:10 PM
okura mentioned this in rGf13f2e16f00e: [Attributor] Check violation of returned position nonnull and noundef attribute….Aug 6 2020, 8:03 PM

Revision Contents

PathSize
llvm/
lib/
Transforms/
IPO/
56 lines
test/
Transforms/
Attributor/
295 lines

Diff 282522

llvm/lib/Transforms/IPO/AttributorAttributes.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,977 Lines▼ Show 20 Lines auto InspectBrInstForUB = [&](Instruction &I) {
Optional<Value *> SimplifiedCond = Optional<Value *> SimplifiedCond =
stopOnUndefOrAssumed(A, BrInst->getCondition(), BrInst); stopOnUndefOrAssumed(A, BrInst->getCondition(), BrInst);
if (!SimplifiedCond.hasValue()) if (!SimplifiedCond.hasValue())
return true; return true;
AssumedNoUBInsts.insert(&I); AssumedNoUBInsts.insert(&I);
return true; return true;
}; };
auto InspectCallSiteForUB = [&](Instruction &I) {
// Check whether a callsite always cause UB or not
// Skip instructions that are already saved.
if (AssumedNoUBInsts.count(&I) || KnownUBInsts.count(&I))
return true;
jdoerfertUnsubmitted
Done
ReplyInline Actions
// Check nonnull argument attribute violation for each callsite.
- CallBase *CB = cast<CallBase>(&I);
+ CallBase &CB = cast<CallBase>(I);
const Function *Callee = CB->getCalledFunction();
jdoerfert:
// Check nonnull and noundef argument attribute violation for each
// callsite.
CallBase &CB = cast<CallBase>(I);
Function *Callee = CB.getCalledFunction();
jdoerfertUnsubmitted
Not Done
ReplyInline Actions

You don't need a callee, just use the call base.

jdoerfert: You don't need a callee, just use the call base.
okuraAuthorUnsubmitted
Not Done
ReplyInline Actions

Do you mean that I don't have to be aware of Callee->arg_size() anywhere?
In the case of callbacks, CB.getNumArgOperands() > Callee->arg_size() holds and I got segfault when getArg is called.
Can I get the callee argument position directly from CallBase?

okura: Do you mean that I don't have to be aware of `Callee->arg_size()` anywhere? In the case of…
jdoerfertUnsubmitted
Not Done
ReplyInline Actions

Oh, OK. For any variadic function the call can have more operands than the callee arguments. I guess what you really want are the abstract call sites you can get from the call base. Let's keep it like this for now.

jdoerfert: Oh, OK. For any variadic function the call can have more operands than the callee arguments. I…
if (!Callee)
return true;
jdoerfertUnsubmitted
Done
ReplyInline Actions

I somehow feel checking the attribute first is better.

jdoerfert: I somehow feel checking the attribute first is better.
for (unsigned idx = 0; idx < CB.getNumArgOperands(); idx++) {
// If current argument is known to be simplified to null pointer and the
// corresponding argument position is known to have nonnull attribute,
// the argument is poison. Furthermore, if the argument is poison and
// the position is known to have noundef attriubte, this callsite is
// considered UB.
// TODO: Check also nopoison attribute if it is introduced.
jdoerfertUnsubmitted
Done
ReplyInline Actions

Move this to the beginning to describe what is happening. Maybe elaborate a bit.

jdoerfert: Move this to the beginning to describe what is happening. Maybe elaborate a bit.
if (idx >= Callee->arg_size())
break;
jdoerfertUnsubmitted
Not Done
ReplyInline Actions

I guess the easiest is to check if it is a pointer early on. That should avoid running the code below in case it can never trigger.

jdoerfert: I guess the easiest is to check if it is a pointer early on. That should avoid running the code…
Value *ArgVal = CB.getArgOperand(idx);
if(!ArgVal)
continue;
IRPosition CalleeArgumentIRP =
IRPosition::argument(*Callee->getArg(idx));
if (!CalleeArgumentIRP.hasAttr({Attribute::NoUndef}))
continue;
auto &NonNullAA = A.getAAFor<AANonNull>(*this, CalleeArgumentIRP);
if (!NonNullAA.isKnownNonNull())
continue;
const auto &ValueSimplifyAA =
jdoerfertUnsubmitted
Done
ReplyInline Actions

Provide a comment before or at the beginning of this lambda explaining it a bit.

jdoerfert: Provide a comment before or at the beginning of this lambda explaining it a bit.
A.getAAFor<AAValueSimplify>(*this, IRPosition::value(*ArgVal));
Optional<Value *> SimplifiedVal =
ValueSimplifyAA.getAssumedSimplifiedValue(A);
jdoerfertUnsubmitted
Not Done
ReplyInline Actions

Not having a value and having the value undef are also all violations if you will. The former means it is dead anyway, and undef can degenerate to null whenever you want it to.

jdoerfert: Not having a value and having the value `undef` are also all violations if you will. The former…
if (!ValueSimplifyAA.isKnown())
continue;
// Here, we handle three cases.
// (1) Not having a value means it is dead. (we can replace the value
// with undef)
// (2) Simplified to null pointer. The argument is a poison value and
// violate noundef attribute.
// (3) Simplified to undef. The argument violate noundef attriubte.
if (!SimplifiedVal.hasValue() ||
isa<ConstantPointerNull>(*SimplifiedVal.getValue()) ||
isa<UndefValue>(*SimplifiedVal.getValue())) {
KnownUBInsts.insert(&I);
return true;
}
}
return true;
};
A.checkForAllInstructions(InspectMemAccessInstForUB, *this, A.checkForAllInstructions(InspectMemAccessInstForUB, *this,
{Instruction::Load, Instruction::Store, {Instruction::Load, Instruction::Store,
Instruction::AtomicCmpXchg, Instruction::AtomicCmpXchg,
Instruction::AtomicRMW}, Instruction::AtomicRMW},
/* CheckBBLivenessOnly */ true); /* CheckBBLivenessOnly */ true);
A.checkForAllInstructions(InspectBrInstForUB, *this, {Instruction::Br}, A.checkForAllInstructions(InspectBrInstForUB, *this, {Instruction::Br},
/* CheckBBLivenessOnly */ true); /* CheckBBLivenessOnly */ true);
A.checkForAllCallLikeInstructions(InspectCallSiteForUB, *this);
baziotisUnsubmitted
Not Done
ReplyInline Actions

Please add a third argument specifying the instructions to check, i.e. {Instruction::CallSite}. Also, a fourth argument true as a value, like the other too above.

baziotis: Please add a third argument specifying the instructions to check, i.e. `{Instruction…
jdoerfertUnsubmitted
Not Done
ReplyInline Actions

No need to specify call site (which is not an opcode) because this is a specialized version of checkForAllInstructions. The CheckBBLivenessOnly can be provided I guess.

jdoerfert: No need to specify call site (which is not an opcode) because this is a specialized version of…
baziotisUnsubmitted
Not Done
ReplyInline Actions

Oh my bad. The names are big and I missed completely that it is not checkForAllInstructions.

baziotis: Oh my bad. The names are big and I missed completely that it is not `checkForAllInstructions`.
if (NoUBPrevSize != AssumedNoUBInsts.size() || if (NoUBPrevSize != AssumedNoUBInsts.size() ||
UBPrevSize != KnownUBInsts.size()) UBPrevSize != KnownUBInsts.size())
return ChangeStatus::CHANGED; return ChangeStatus::CHANGED;
return ChangeStatus::UNCHANGED; return ChangeStatus::UNCHANGED;
} }
bool isKnownToCauseUB(Instruction *I) const override { bool isKnownToCauseUB(Instruction *I) const override {
return KnownUBInsts.count(I); return KnownUBInsts.count(I);
▲ Show 20 LinesShow All 5,227 LinesShow Last 20 Lines

llvm/test/Transforms/Attributor/undefined_behavior.ll

Show First 20 LinesShow All 573 Lines▼ Show 20 Lines
; ;
; IS__CGSCC____: Function Attrs: nofree norecurse nosync nounwind readnone willreturn ; IS__CGSCC____: Function Attrs: nofree norecurse nosync nounwind readnone willreturn
; IS__CGSCC____-LABEL: define {{[^@]+}}@foo() ; IS__CGSCC____-LABEL: define {{[^@]+}}@foo()
; IS__CGSCC____-NEXT: ret i32 1 ; IS__CGSCC____-NEXT: ret i32 1
; ;
%X = call i32 @callee(i1 false, i32* null) %X = call i32 @callee(i1 false, i32* null)
ret i32 %X ret i32 %X
} }
; Tests for nonnull attribute violation.
define void @arg_nonnull_1(i32* nonnull %a) {
; IS__TUNIT____: Function Attrs: argmemonly nofree nosync nounwind willreturn writeonly
; IS__TUNIT____-LABEL: define {{[^@]+}}@arg_nonnull_1
; IS__TUNIT____-SAME: (i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[A:%.*]])
; IS__TUNIT____-NEXT: store i32 0, i32* [[A]], align 4
; IS__TUNIT____-NEXT: ret void
;
; IS__CGSCC____: Function Attrs: argmemonly nofree norecurse nosync nounwind willreturn writeonly
; IS__CGSCC____-LABEL: define {{[^@]+}}@arg_nonnull_1
; IS__CGSCC____-SAME: (i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[A:%.*]])
; IS__CGSCC____-NEXT: store i32 0, i32* [[A]], align 4
; IS__CGSCC____-NEXT: ret void
;
store i32 0, i32* %a
jdoerfertUnsubmitted
Not Done
ReplyInline Actions

Next up, we can derive noundef for this case (amongst others), given that we actually access the pointer for sure. An undef value would cause UB so %a cannot be undef. Basically the same way we should already derive nonnull for this case. Later ;)

jdoerfert: Next up, we can derive `noundef` for this case (amongst others), given that we actually access…
ret void
}
define void @arg_nonnull_1_noundef_1(i32* nonnull noundef %a) {
; IS__TUNIT____: Function Attrs: argmemonly nofree nosync nounwind willreturn writeonly
; IS__TUNIT____-LABEL: define {{[^@]+}}@arg_nonnull_1_noundef_1
; IS__TUNIT____-SAME: (i32* nocapture nofree noundef nonnull writeonly align 4 dereferenceable(4) [[A:%.*]])
; IS__TUNIT____-NEXT: store i32 0, i32* [[A]], align 4
; IS__TUNIT____-NEXT: ret void
;
; IS__CGSCC____: Function Attrs: argmemonly nofree norecurse nosync nounwind willreturn writeonly
; IS__CGSCC____-LABEL: define {{[^@]+}}@arg_nonnull_1_noundef_1
; IS__CGSCC____-SAME: (i32* nocapture nofree noundef nonnull writeonly align 4 dereferenceable(4) [[A:%.*]])
; IS__CGSCC____-NEXT: store i32 0, i32* [[A]], align 4
; IS__CGSCC____-NEXT: ret void
;
store i32 0, i32* %a
ret void
}
define void @arg_nonnull_12(i32* nonnull %a, i32* nonnull %b, i32* %c) {
; IS__TUNIT____: Function Attrs: argmemonly nofree nosync nounwind willreturn writeonly
; IS__TUNIT____-LABEL: define {{[^@]+}}@arg_nonnull_12
; IS__TUNIT____-SAME: (i32* nocapture nofree nonnull writeonly [[A:%.*]], i32* nocapture nofree nonnull writeonly [[B:%.*]], i32* nofree writeonly [[C:%.*]])
; IS__TUNIT____-NEXT: [[D:%.*]] = icmp eq i32* [[C]], null
; IS__TUNIT____-NEXT: br i1 [[D]], label [[T:%.*]], label [[F:%.*]]
; IS__TUNIT____: t:
; IS__TUNIT____-NEXT: store i32 0, i32* [[A]], align 4
; IS__TUNIT____-NEXT: br label [[RET:%.*]]
; IS__TUNIT____: f:
; IS__TUNIT____-NEXT: store i32 1, i32* [[B]], align 4
; IS__TUNIT____-NEXT: br label [[RET]]
; IS__TUNIT____: ret:
; IS__TUNIT____-NEXT: ret void
;
; IS__CGSCC____: Function Attrs: argmemonly nofree norecurse nosync nounwind willreturn writeonly
; IS__CGSCC____-LABEL: define {{[^@]+}}@arg_nonnull_12
; IS__CGSCC____-SAME: (i32* nocapture nofree nonnull writeonly [[A:%.*]], i32* nocapture nofree nonnull writeonly [[B:%.*]], i32* nofree writeonly [[C:%.*]])
; IS__CGSCC____-NEXT: [[D:%.*]] = icmp eq i32* [[C]], null
; IS__CGSCC____-NEXT: br i1 [[D]], label [[T:%.*]], label [[F:%.*]]
; IS__CGSCC____: t:
; IS__CGSCC____-NEXT: store i32 0, i32* [[A]], align 4
; IS__CGSCC____-NEXT: br label [[RET:%.*]]
; IS__CGSCC____: f:
; IS__CGSCC____-NEXT: store i32 1, i32* [[B]], align 4
; IS__CGSCC____-NEXT: br label [[RET]]
; IS__CGSCC____: ret:
; IS__CGSCC____-NEXT: ret void
;
%d = icmp eq i32* %c, null
br i1 %d, label %t, label %f
t:
store i32 0, i32* %a
br label %ret
f:
store i32 1, i32* %b
br label %ret
ret:
ret void
}
define void @arg_nonnull_12_noundef_2(i32* nonnull %a, i32* noundef nonnull %b, i32* %c) {
; IS__TUNIT____: Function Attrs: argmemonly nofree nosync nounwind willreturn writeonly
; IS__TUNIT____-LABEL: define {{[^@]+}}@arg_nonnull_12_noundef_2
; IS__TUNIT____-SAME: (i32* nocapture nofree nonnull writeonly [[A:%.*]], i32* nocapture nofree noundef nonnull writeonly [[B:%.*]], i32* nofree writeonly [[C:%.*]])
; IS__TUNIT____-NEXT: [[D:%.*]] = icmp eq i32* [[C]], null
; IS__TUNIT____-NEXT: br i1 [[D]], label [[T:%.*]], label [[F:%.*]]
; IS__TUNIT____: t:
; IS__TUNIT____-NEXT: store i32 0, i32* [[A]], align 4
; IS__TUNIT____-NEXT: br label [[RET:%.*]]
; IS__TUNIT____: f:
; IS__TUNIT____-NEXT: store i32 1, i32* [[B]], align 4
; IS__TUNIT____-NEXT: br label [[RET]]
; IS__TUNIT____: ret:
; IS__TUNIT____-NEXT: ret void
;
; IS__CGSCC____: Function Attrs: argmemonly nofree norecurse nosync nounwind willreturn writeonly
; IS__CGSCC____-LABEL: define {{[^@]+}}@arg_nonnull_12_noundef_2
; IS__CGSCC____-SAME: (i32* nocapture nofree nonnull writeonly [[A:%.*]], i32* nocapture nofree noundef nonnull writeonly [[B:%.*]], i32* nofree writeonly [[C:%.*]])
; IS__CGSCC____-NEXT: [[D:%.*]] = icmp eq i32* [[C]], null
; IS__CGSCC____-NEXT: br i1 [[D]], label [[T:%.*]], label [[F:%.*]]
; IS__CGSCC____: t:
; IS__CGSCC____-NEXT: store i32 0, i32* [[A]], align 4
; IS__CGSCC____-NEXT: br label [[RET:%.*]]
; IS__CGSCC____: f:
; IS__CGSCC____-NEXT: store i32 1, i32* [[B]], align 4
; IS__CGSCC____-NEXT: br label [[RET]]
; IS__CGSCC____: ret:
; IS__CGSCC____-NEXT: ret void
;
%d = icmp eq i32* %c, null
br i1 %d, label %t, label %f
t:
store i32 0, i32* %a
br label %ret
f:
store i32 1, i32* %b
br label %ret
ret:
ret void
}
; Pass null directly to argument with nonnull attribute
define void @arg_nonnull_violation1_1() {
; IS__TUNIT____: Function Attrs: nofree nosync nounwind readnone willreturn
; IS__TUNIT____-LABEL: define {{[^@]+}}@arg_nonnull_violation1_1()
; IS__TUNIT____-NEXT: call void @arg_nonnull_1(i32* noalias nocapture nofree nonnull writeonly align 536870912 null)
; IS__TUNIT____-NEXT: ret void
;
; IS__CGSCC____: Function Attrs: nofree norecurse nosync nounwind readnone willreturn
; IS__CGSCC____-LABEL: define {{[^@]+}}@arg_nonnull_violation1_1()
; IS__CGSCC____-NEXT: call void @arg_nonnull_1(i32* noalias nocapture nofree nonnull writeonly align 536870912 dereferenceable(4) null)
; IS__CGSCC____-NEXT: ret void
;
call void @arg_nonnull_1(i32* null)
ret void
}
define void @arg_nonnull_violation1_2() {
; IS__TUNIT____: Function Attrs: nofree nosync nounwind readnone willreturn
; IS__TUNIT____-LABEL: define {{[^@]+}}@arg_nonnull_violation1_2()
; IS__TUNIT____-NEXT: unreachable
;
; IS__CGSCC____: Function Attrs: nofree norecurse nosync nounwind readnone willreturn
; IS__CGSCC____-LABEL: define {{[^@]+}}@arg_nonnull_violation1_2()
; IS__CGSCC____-NEXT: unreachable
;
call void @arg_nonnull_1_noundef_1(i32* null)
ret void
}
; A case that depends on value simplification
define void @arg_nonnull_violation2_1(i1 %c) {
; IS__TUNIT____: Function Attrs: nofree nosync nounwind readnone willreturn
; IS__TUNIT____-LABEL: define {{[^@]+}}@arg_nonnull_violation2_1
; IS__TUNIT____-SAME: (i1 [[C:%.*]])
; IS__TUNIT____-NEXT: call void @arg_nonnull_1(i32* nocapture nofree nonnull writeonly align 536870912 null)
; IS__TUNIT____-NEXT: ret void
;
; IS__CGSCC____: Function Attrs: nofree norecurse nosync nounwind readnone willreturn
; IS__CGSCC____-LABEL: define {{[^@]+}}@arg_nonnull_violation2_1
; IS__CGSCC____-SAME: (i1 [[C:%.*]])
; IS__CGSCC____-NEXT: call void @arg_nonnull_1(i32* nocapture nofree nonnull writeonly align 536870912 dereferenceable(4) null)
; IS__CGSCC____-NEXT: ret void
;
%null = getelementptr i32, i32* null, i32 0
%mustnull = select i1 %c, i32* null, i32* %null
call void @arg_nonnull_1(i32* %mustnull)
ret void
}
define void @arg_nonnull_violation2_2(i1 %c) {
; IS__TUNIT____: Function Attrs: nofree nosync nounwind readnone willreturn
; IS__TUNIT____-LABEL: define {{[^@]+}}@arg_nonnull_violation2_2
; IS__TUNIT____-SAME: (i1 [[C:%.*]])
; IS__TUNIT____-NEXT: unreachable
;
; IS__CGSCC____: Function Attrs: nofree norecurse nosync nounwind readnone willreturn
; IS__CGSCC____-LABEL: define {{[^@]+}}@arg_nonnull_violation2_2
; IS__CGSCC____-SAME: (i1 [[C:%.*]])
; IS__CGSCC____-NEXT: unreachable
;
%null = getelementptr i32, i32* null, i32 0
%mustnull = select i1 %c, i32* null, i32* %null
call void @arg_nonnull_1_noundef_1(i32* %mustnull)
ret void
}
; Cases for single and multiple violation at a callsite
define void @arg_nonnull_violation3_1(i1 %c) {
; IS__TUNIT____: Function Attrs: nofree nosync nounwind readnone willreturn
; IS__TUNIT____-LABEL: define {{[^@]+}}@arg_nonnull_violation3_1
; IS__TUNIT____-SAME: (i1 [[C:%.*]])
; IS__TUNIT____-NEXT: [[PTR:%.*]] = alloca i32, align 4
; IS__TUNIT____-NEXT: br i1 [[C]], label [[T:%.*]], label [[F:%.*]]
; IS__TUNIT____: t:
; IS__TUNIT____-NEXT: call void @arg_nonnull_12(i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]])
; IS__TUNIT____-NEXT: call void @arg_nonnull_12(i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* noalias nocapture nofree writeonly align 536870912 null)
; IS__TUNIT____-NEXT: call void @arg_nonnull_12(i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]])
; IS__TUNIT____-NEXT: call void @arg_nonnull_12(i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* noalias nocapture nofree writeonly align 536870912 null)
; IS__TUNIT____-NEXT: br label [[RET:%.*]]
; IS__TUNIT____: f:
; IS__TUNIT____-NEXT: call void @arg_nonnull_12(i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]])
; IS__TUNIT____-NEXT: call void @arg_nonnull_12(i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* noalias nocapture nofree writeonly align 536870912 null)
; IS__TUNIT____-NEXT: call void @arg_nonnull_12(i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]])
; IS__TUNIT____-NEXT: call void @arg_nonnull_12(i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* noalias nocapture nofree writeonly align 536870912 null)
; IS__TUNIT____-NEXT: br label [[RET]]
; IS__TUNIT____: ret:
; IS__TUNIT____-NEXT: ret void
;
; IS__CGSCC____: Function Attrs: nofree norecurse nosync nounwind readnone willreturn
; IS__CGSCC____-LABEL: define {{[^@]+}}@arg_nonnull_violation3_1
; IS__CGSCC____-SAME: (i1 [[C:%.*]])
; IS__CGSCC____-NEXT: [[PTR:%.*]] = alloca i32, align 4
; IS__CGSCC____-NEXT: br i1 [[C]], label [[T:%.*]], label [[F:%.*]]
; IS__CGSCC____: t:
; IS__CGSCC____-NEXT: call void @arg_nonnull_12(i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]])
; IS__CGSCC____-NEXT: call void @arg_nonnull_12(i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* noalias nocapture nofree writeonly align 536870912 null)
; IS__CGSCC____-NEXT: call void @arg_nonnull_12(i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]])
; IS__CGSCC____-NEXT: call void @arg_nonnull_12(i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* noalias nocapture nofree writeonly align 536870912 null)
; IS__CGSCC____-NEXT: br label [[RET:%.*]]
; IS__CGSCC____: f:
; IS__CGSCC____-NEXT: call void @arg_nonnull_12(i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]])
; IS__CGSCC____-NEXT: call void @arg_nonnull_12(i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* noalias nocapture nofree writeonly align 536870912 null)
; IS__CGSCC____-NEXT: call void @arg_nonnull_12(i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]])
; IS__CGSCC____-NEXT: call void @arg_nonnull_12(i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* noalias nocapture nofree writeonly align 536870912 null)
; IS__CGSCC____-NEXT: br label [[RET]]
; IS__CGSCC____: ret:
; IS__CGSCC____-NEXT: ret void
;
%ptr = alloca i32
br i1 %c, label %t, label %f
t:
call void @arg_nonnull_12(i32* %ptr, i32* %ptr, i32* %ptr)
call void @arg_nonnull_12(i32* %ptr, i32* %ptr, i32* null)
call void @arg_nonnull_12(i32* %ptr, i32* null, i32* %ptr)
call void @arg_nonnull_12(i32* %ptr, i32* null, i32* null)
br label %ret
f:
call void @arg_nonnull_12(i32* null, i32* %ptr, i32* %ptr)
call void @arg_nonnull_12(i32* null, i32* %ptr, i32* null)
call void @arg_nonnull_12(i32* null, i32* null, i32* %ptr)
call void @arg_nonnull_12(i32* null, i32* null, i32* null)
br label %ret
ret:
ret void
}
define void @arg_nonnull_violation3_2(i1 %c) {
; IS__TUNIT____: Function Attrs: nofree nosync nounwind readnone willreturn
; IS__TUNIT____-LABEL: define {{[^@]+}}@arg_nonnull_violation3_2
; IS__TUNIT____-SAME: (i1 [[C:%.*]])
; IS__TUNIT____-NEXT: [[PTR:%.*]] = alloca i32, align 4
; IS__TUNIT____-NEXT: br i1 [[C]], label [[T:%.*]], label [[F:%.*]]
; IS__TUNIT____: t:
; IS__TUNIT____-NEXT: call void @arg_nonnull_12_noundef_2(i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]])
; IS__TUNIT____-NEXT: call void @arg_nonnull_12_noundef_2(i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* noalias nocapture nofree writeonly align 536870912 null)
; IS__TUNIT____-NEXT: unreachable
; IS__TUNIT____: f:
; IS__TUNIT____-NEXT: call void @arg_nonnull_12_noundef_2(i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]])
; IS__TUNIT____-NEXT: call void @arg_nonnull_12_noundef_2(i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* noalias nocapture nofree writeonly align 536870912 null)
; IS__TUNIT____-NEXT: unreachable
; IS__TUNIT____: ret:
; IS__TUNIT____-NEXT: ret void
;
; IS__CGSCC____: Function Attrs: nofree norecurse nosync nounwind readnone willreturn
; IS__CGSCC____-LABEL: define {{[^@]+}}@arg_nonnull_violation3_2
; IS__CGSCC____-SAME: (i1 [[C:%.*]])
; IS__CGSCC____-NEXT: [[PTR:%.*]] = alloca i32, align 4
; IS__CGSCC____-NEXT: br i1 [[C]], label [[T:%.*]], label [[F:%.*]]
; IS__CGSCC____: t:
; IS__CGSCC____-NEXT: call void @arg_nonnull_12_noundef_2(i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]])
; IS__CGSCC____-NEXT: call void @arg_nonnull_12_noundef_2(i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* noalias nocapture nofree writeonly align 536870912 null)
; IS__CGSCC____-NEXT: unreachable
; IS__CGSCC____: f:
; IS__CGSCC____-NEXT: call void @arg_nonnull_12_noundef_2(i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]])
; IS__CGSCC____-NEXT: call void @arg_nonnull_12_noundef_2(i32* noalias nocapture nofree nonnull writeonly align 536870912 null, i32* nocapture nofree nonnull writeonly align 4 dereferenceable(4) [[PTR]], i32* noalias nocapture nofree writeonly align 536870912 null)
; IS__CGSCC____-NEXT: unreachable
; IS__CGSCC____: ret:
; IS__CGSCC____-NEXT: ret void
;
%ptr = alloca i32
br i1 %c, label %t, label %f
t:
call void @arg_nonnull_12_noundef_2(i32* %ptr, i32* %ptr, i32* %ptr)
call void @arg_nonnull_12_noundef_2(i32* %ptr, i32* %ptr, i32* null)
call void @arg_nonnull_12_noundef_2(i32* %ptr, i32* null, i32* %ptr)
call void @arg_nonnull_12_noundef_2(i32* %ptr, i32* null, i32* null)
br label %ret
f:
call void @arg_nonnull_12_noundef_2(i32* null, i32* %ptr, i32* %ptr)
call void @arg_nonnull_12_noundef_2(i32* null, i32* %ptr, i32* null)
call void @arg_nonnull_12_noundef_2(i32* null, i32* null, i32* %ptr)
call void @arg_nonnull_12_noundef_2(i32* null, i32* null, i32* null)
br label %ret
ret:
ret void
}