[LowerConstantIntrinsics] Improve tests related to llvm.objectsize. NFC

bjope · bjope · commit fb76d24c63f0 · 2025-03-21T10:43:52.000+01:00
Adding some new test cases (including FIXME:s) to highlight some
bugs related to lowering of llvm.objectsize.

One special case is when there are getelementptr instruction with
index types that are larger than the index type size for the
pointer being analysed. This will add a couple of tests to show
what happens both when using a smaller and larger index type,
and when having out-of-bounds indices (both too large and negative).
diff --git a/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll b/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-idxsize.ll
@@ -0,0 +1,256 @@
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py UTC_ARGS: --version 5
+; RUN: opt -passes='sroa,instcombine,lower-constant-intrinsics,dce' -S < %s | FileCheck --check-prefixes CHECK,CHECK-REF %s
+; RUN: opt -passes=lower-constant-intrinsics,dce -S < %s | FileCheck --check-prefixes CHECK,CHECK-TST %s
+
+; Some extra tests using 16-bit pointers and 16-bit index type size. This
+; allows us to for example test what happens when the index type used in a
+; getelementptr does not match with the index type size (e.g. when not running
+; full opt pipeline before the lower-constant-intrinsics pass).
+
+target datalayout = "e-p:16:16:16"
+
+
+define i32 @possible_out_of_bounds_gep_i8(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i8(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT:  [[ENTRY:.*:]]
+; CHECK-NEXT:    [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
+; CHECK-NEXT:    ret i32 [[RES]]
+;
+entry:
+  %obj = alloca [5 x i8]
+  %offset = select i1 %c0, i8 2, i8 10
+  %ptr.slide = getelementptr i8, ptr %obj, i8 %offset
+  %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+  %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+  %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+  ret i32 %res
+}
+
+define i32 @possible_out_of_bounds_gep_i16(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i16(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT:  [[ENTRY:.*:]]
+; CHECK-NEXT:    [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
+; CHECK-NEXT:    ret i32 [[RES]]
+;
+entry:
+  %obj = alloca [5 x i8]
+  %offset = select i1 %c0, i16 2, i16 10
+  %ptr.slide = getelementptr i8, ptr %obj, i16 %offset
+  %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+  %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+  %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+  ret i32 %res
+}
+
+define i32 @possible_out_of_bounds_gep_i32(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i32(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT:  [[ENTRY:.*:]]
+; CHECK-NEXT:    [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
+; CHECK-NEXT:    ret i32 [[RES]]
+;
+entry:
+  %obj = alloca [5 x i8]
+  %offset = select i1 %c0, i32 2, i32 10
+  %ptr.slide = getelementptr i8, ptr %obj, i32 %offset
+  %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+  %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+  %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+  ret i32 %res
+}
+
+; SROA would produce IR like this if applied to @possible_out_of_bounds_gep_i16.
+; FIXME: The %objsize_min result here looks wrong.
+define i32 @possible_out_of_bounds_gep_i16_sroa(i1 %c0, i1 %c1) {
+; CHECK-REF-LABEL: define i32 @possible_out_of_bounds_gep_i16_sroa(
+; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-REF-NEXT:  [[ENTRY:.*:]]
+; CHECK-REF-NEXT:    [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
+; CHECK-REF-NEXT:    ret i32 [[RES]]
+;
+; CHECK-TST-LABEL: define i32 @possible_out_of_bounds_gep_i16_sroa(
+; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-TST-NEXT:  [[ENTRY:.*:]]
+; CHECK-TST-NEXT:    [[RES:%.*]] = select i1 [[C1]], i32 3, i32 65531
+; CHECK-TST-NEXT:    ret i32 [[RES]]
+;
+entry:
+  %obj = alloca [5 x i8], align 1
+  %.sroa.gep = getelementptr i8, ptr %obj, i16 2
+  %.sroa.gep1 = getelementptr i8, ptr %obj, i16 10
+  %offset.sroa.sel = select i1 %c0, ptr %.sroa.gep, ptr %.sroa.gep1
+  %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %offset.sroa.sel, i1 false, i1 true, i1 false)
+  %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %offset.sroa.sel, i1 true, i1 true, i1 false)
+  %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+  ret i32 %res
+}
+
+; Indices are truncated to the pointer size in a gep. So "i32 -65526" should
+; be truncated to "i16 10".
+; FIXME: The TST result here is incorrect!
+define i32 @possible_out_of_bounds_gep_i32_trunc(i1 %c0, i1 %c1) {
+; CHECK-REF-LABEL: define i32 @possible_out_of_bounds_gep_i32_trunc(
+; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-REF-NEXT:  [[ENTRY:.*:]]
+; CHECK-REF-NEXT:    [[RES:%.*]] = select i1 [[C1]], i32 3, i32 0
+; CHECK-REF-NEXT:    ret i32 [[RES]]
+;
+; CHECK-TST-LABEL: define i32 @possible_out_of_bounds_gep_i32_trunc(
+; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-TST-NEXT:  [[ENTRY:.*:]]
+; CHECK-TST-NEXT:    [[RES:%.*]] = select i1 [[C1]], i32 0, i32 3
+; CHECK-TST-NEXT:    ret i32 [[RES]]
+;
+entry:
+  %obj = alloca [5 x i8]
+  %offset = select i1 %c0, i32 2, i32 -65526  ; 0xffff000a
+  %ptr.slide = getelementptr i8, ptr %obj, i32 %offset
+  %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+  %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+  %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+  ret i32 %res
+}
+
+define i32 @out_of_bounds_gep_i8(i1 %c0, i1 %c1) {
+; CHECK-REF-LABEL: define i32 @out_of_bounds_gep_i8(
+; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-REF-NEXT:  [[ENTRY:.*:]]
+; CHECK-REF-NEXT:    [[RES:%.*]] = sext i1 [[C1]] to i32
+; CHECK-REF-NEXT:    ret i32 [[RES]]
+;
+; CHECK-TST-LABEL: define i32 @out_of_bounds_gep_i8(
+; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-TST-NEXT:  [[ENTRY:.*:]]
+; CHECK-TST-NEXT:    [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 0
+; CHECK-TST-NEXT:    ret i32 [[RES]]
+;
+entry:
+  %obj = alloca [5 x i8]
+  %ptr.slide = getelementptr i8, ptr %obj, i8 -128
+  %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+  %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+  %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+  ret i32 %res
+}
+
+define i32 @out_of_bounds_gep_i32(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @out_of_bounds_gep_i32(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT:  [[ENTRY:.*:]]
+; CHECK-NEXT:    ret i32 0
+;
+entry:
+  %obj = alloca [5 x i8]
+  %ptr.slide = getelementptr i8, ptr %obj, i32 10
+  %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+  %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+  %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+  ret i32 %res
+}
+
+define i32 @out_of_bounds_gep_i32_trunc(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @out_of_bounds_gep_i32_trunc(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT:  [[ENTRY:.*:]]
+; CHECK-NEXT:    ret i32 0
+;
+entry:
+  %obj = alloca [5 x i8]
+  %ptr.slide = getelementptr i8, ptr %obj, i32 -65526
+  %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+  %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+  %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+  ret i32 %res
+}
+
+; In this test the index will be out-of-bounds, but the current analysis won't
+; detect that. The analysis will find out that %offset is in the range [-2,
+; 10] which includes valid offsets that aren't out-of-bounds. Therefore we can
+; expect the result -1 for %objsize_max.
+define i32 @out_of_bounds_gep_i16_pos_neg(i1 %c0, i1 %c1) {
+; CHECK-REF-LABEL: define i32 @out_of_bounds_gep_i16_pos_neg(
+; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-REF-NEXT:  [[ENTRY:.*:]]
+; CHECK-REF-NEXT:    [[RES:%.*]] = sext i1 [[C1]] to i32
+; CHECK-REF-NEXT:    ret i32 [[RES]]
+;
+; CHECK-TST-LABEL: define i32 @out_of_bounds_gep_i16_pos_neg(
+; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-TST-NEXT:  [[ENTRY:.*:]]
+; CHECK-TST-NEXT:    [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 0
+; CHECK-TST-NEXT:    ret i32 [[RES]]
+;
+entry:
+  %obj = alloca [5 x i8]
+  %offset = select i1 %c0, i32 10, i32 -2
+  %ptr.slide = getelementptr i8, ptr %obj, i32 %offset
+  %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+  %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+  %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+  ret i32 %res
+}
+
+; With 16-bit index size %offset is either 32767 or -32768. Thus, when
+; aggregating the possible offsets it we know that it is in the range [-32768,
+; 32767], which includes valid offsets that aren't out-of-bounds. This is
+; similar to the out_of_bounds_gep_i16_pos_neg test above, and we can expect
+; the result -1 for %objsize_max.
+define i32 @out_of_bounds_gep_i32_trunc_select(i1 %c0, i1 %c1) {
+; CHECK-REF-LABEL: define i32 @out_of_bounds_gep_i32_trunc_select(
+; CHECK-REF-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-REF-NEXT:  [[ENTRY:.*:]]
+; CHECK-REF-NEXT:    [[RES:%.*]] = sext i1 [[C1]] to i32
+; CHECK-REF-NEXT:    ret i32 [[RES]]
+;
+; CHECK-TST-LABEL: define i32 @out_of_bounds_gep_i32_trunc_select(
+; CHECK-TST-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-TST-NEXT:  [[ENTRY:.*:]]
+; CHECK-TST-NEXT:    ret i32 0
+;
+entry:
+  %obj = alloca [5 x i8]
+  %offset = select i1 %c0, i32 32767, i32 32768
+  %ptr.slide = getelementptr i8, ptr %obj, i32 %offset
+  %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+  %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+  %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+  ret i32 %res
+}
+
+; FIXME: Is 3 really correct for %objsize_min here?
+define i32 @possible_out_of_bounds_gep_i8_neg(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i8_neg(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT:  [[ENTRY:.*:]]
+; CHECK-NEXT:    [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 3
+; CHECK-NEXT:    ret i32 [[RES]]
+;
+entry:
+  %obj = alloca [5 x i8]
+  %offset = select i1 %c0, i8 2, i8 -10
+  %ptr.slide = getelementptr i8, ptr %obj, i8 %offset
+  %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+  %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+  %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+  ret i32 %res
+}
+
+; FIXME: Is 3 really correct for %objsize_min here?
+define i32 @possible_out_of_bounds_gep_i16_neg(i1 %c0, i1 %c1) {
+; CHECK-LABEL: define i32 @possible_out_of_bounds_gep_i16_neg(
+; CHECK-SAME: i1 [[C0:%.*]], i1 [[C1:%.*]]) {
+; CHECK-NEXT:  [[ENTRY:.*:]]
+; CHECK-NEXT:    [[RES:%.*]] = select i1 [[C1]], i32 -1, i32 3
+; CHECK-NEXT:    ret i32 [[RES]]
+;
+entry:
+  %obj = alloca [5 x i8]
+  %offset = select i1 %c0, i16 2, i16 -10
+  %ptr.slide = getelementptr i8, ptr %obj, i16 %offset
+  %objsize_max = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 false, i1 true, i1 false)
+  %objsize_min = call i32 @llvm.objectsize.i32.p0(ptr %ptr.slide, i1 true, i1 true, i1 false)
+  %res = select i1 %c1, i32 %objsize_max, i32 %objsize_min
+  ret i32 %res
+}
diff --git a/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-phi.ll b/llvm/test/Transforms/LowerConstantIntrinsics/builtin-object-size-phi.ll
@@ -200,8 +200,12 @@ if.end:
   ret i64 %size
 }
 
-define i64 @pick_negative_offset_different_width(i32 %n) {
-; CHECK-LABEL: @pick_negative_offset_different_width(
+; FIXME: The result here looks weird. Either we reference into buffer0 with an
+;        oob offset. Or we reference buffer1 (8 bytes) with a 4 byte
+;        offset. The result 5 is wrong in both cases. Probably better to
+;        return -1 here since we do not know if we have an oob pointer.
+define i64 @pick_negative_offset_different_width_index_maybe_too_small(i32 %n, i1 %c) {
+; CHECK-LABEL: @pick_negative_offset_different_width_index_maybe_too_small(
 ; CHECK-NEXT:  entry:
 ; CHECK-NEXT:    [[BUFFER0:%.*]] = alloca i8, i64 4, align 1
 ; CHECK-NEXT:    [[BUFFER1:%.*]] = alloca i8, i64 8, align 1
@@ -216,7 +220,8 @@ define i64 @pick_negative_offset_different_width(i32 %n) {
 ; CHECK:       if.end:
 ; CHECK-NEXT:    [[P:%.*]] = phi ptr [ [[OFFSETED0]], [[IF_ELSE]] ], [ [[OFFSETED1]], [[IF_END]] ]
 ; CHECK-NEXT:    [[POFFSETED:%.*]] = getelementptr i8, ptr [[P]], i64 -2
-; CHECK-NEXT:    ret i64 5
+; CHECK-NEXT:    [[SIZE:%.*]] = select i1 [[C:%.*]], i64 5, i64 0
+; CHECK-NEXT:    ret i64 [[SIZE]]
 ;
 entry:
   %buffer0 = alloca i8, i64 4
@@ -235,7 +240,51 @@ if.else:
 if.end:
   %p = phi ptr [ %offseted0, %if.then ], [ %offseted1, %if.else ]
   %poffseted = getelementptr i8, ptr %p, i64 -2
-  %size = call i64 @llvm.objectsize.i64.p0(ptr %poffseted, i1 false, i1 false, i1 false)
+  %sizemax = call i64 @llvm.objectsize.i64.p0(ptr %poffseted, i1 false, i1 false, i1 false)
+  %sizemin = call i64 @llvm.objectsize.i64.p0(ptr %poffseted, i1 true, i1 false, i1 false)
+  %size = select i1 %c, i64 %sizemax, i64 %sizemin
+  ret i64 %size
+}
+
+define i64 @pick_negative_offset_different_width_index_maybe_too_large(i32 %n, i1 %c) {
+; CHECK-LABEL: @pick_negative_offset_different_width_index_maybe_too_large(
+; CHECK-NEXT:  entry:
+; CHECK-NEXT:    [[BUFFER0:%.*]] = alloca i8, i64 4, align 1
+; CHECK-NEXT:    [[BUFFER1:%.*]] = alloca i8, i64 8, align 1
+; CHECK-NEXT:    [[COND:%.*]] = icmp eq i32 [[N:%.*]], 0
+; CHECK-NEXT:    br i1 [[COND]], label [[IF_THEN:%.*]], label [[IF_ELSE:%.*]]
+; CHECK:       if.then:
+; CHECK-NEXT:    [[OFFSETED0:%.*]] = getelementptr i8, ptr [[BUFFER0]], i64 1
+; CHECK-NEXT:    br label [[IF_END:%.*]]
+; CHECK:       if.else:
+; CHECK-NEXT:    [[OFFSETED1:%.*]] = getelementptr i8, ptr [[BUFFER1]], i64 6
+; CHECK-NEXT:    br label [[IF_END]]
+; CHECK:       if.end:
+; CHECK-NEXT:    [[P:%.*]] = phi ptr [ [[OFFSETED0]], [[IF_THEN]] ], [ [[OFFSETED1]], [[IF_ELSE]] ]
+; CHECK-NEXT:    [[POFFSETED:%.*]] = getelementptr i8, ptr [[P]], i64 2
+; CHECK-NEXT:    [[SIZE:%.*]] = select i1 [[C:%.*]], i64 1, i64 0
+; CHECK-NEXT:    ret i64 [[SIZE]]
+;
+entry:
+  %buffer0 = alloca i8, i64 4
+  %buffer1 = alloca i8, i64 8
+  %cond = icmp eq i32 %n, 0
+  br i1 %cond, label %if.then, label %if.else
+
+if.then:
+  %offseted0 = getelementptr i8, ptr %buffer0, i64 1
+  br label %if.end
+
+if.else:
+  %offseted1 = getelementptr i8, ptr %buffer1, i64 6
+  br label %if.end
+
+if.end:
+  %p = phi ptr [ %offseted0, %if.then ], [ %offseted1, %if.else ]
+  %poffseted = getelementptr i8, ptr %p, i64 2
+  %sizemax = call i64 @llvm.objectsize.i64.p0(ptr %poffseted, i1 false, i1 false, i1 false)
+  %sizemin = call i64 @llvm.objectsize.i64.p0(ptr %poffseted, i1 true, i1 false, i1 false)
+  %size = select i1 %c, i64 %sizemax, i64 %sizemin
   ret i64 %size
 }
 
