[StackSafetyAnalysis] Bail out if MemIntrinsic length is -1 #77837
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Clang generates llvm.memset.p0.i64 with size of -1 for following code in `-stdlib=libc++ -std=c++20` mode (llvm#77210 (comment)) ```cpp bool strtof_clamp(const std::string &str); void floatsuffix_check(char *yytext_r) { std::string text = yytext_r; text.resize(text.size() - 1); strtof_clamp(text); } ``` `Sizes = [0xffffffffffffffff, 0)`. `SizeRange` is `[0, 0-1)`, leading to `assert(!isUnsafe(SizeRange));` failure. Bail out if memset size is -1.
llvmbot
added
the
llvm:analysis
|
@llvm/pr-subscribers-llvm-analysis Author: Fangrui Song (MaskRay) ChangesClang generates llvm.memset.p0.i64 with size of -1 for following code in bool strtof_clamp(const std::string &str);
void floatsuffix_check(char *yytext_r) {
std::string text = yytext_r;
text.resize(text.size() - 1);
strtof_clamp(text);
}
Full diff: https://github.com/llvm/llvm-project/pull/77837.diff 2 Files Affected:
diff --git a/llvm/lib/Analysis/StackSafetyAnalysis.cpp b/llvm/lib/Analysis/StackSafetyAnalysis.cpp
index da21e3f28e7899..19991c1a7baee6 100644
--- a/llvm/lib/Analysis/StackSafetyAnalysis.cpp
+++ b/llvm/lib/Analysis/StackSafetyAnalysis.cpp
@@ -331,7 +331,7 @@ ConstantRange StackSafetyLocalAnalysis::getMemIntrinsicAccessRange(
const SCEV *Expr =
SE.getTruncateOrZeroExtend(SE.getSCEV(MI->getLength()), CalculationTy);
ConstantRange Sizes = SE.getSignedRange(Expr);
- if (Sizes.getUpper().isNegative() || isUnsafe(Sizes))
+ if (!Sizes.getUpper().isStrictlyPositive() || isUnsafe(Sizes))
return UnknownRange;
Sizes = Sizes.sextOrTrunc(PointerSize);
ConstantRange SizeRange(APInt::getZero(PointerSize), Sizes.getUpper() - 1);
diff --git a/llvm/test/Analysis/StackSafetyAnalysis/memintrin.ll b/llvm/test/Analysis/StackSafetyAnalysis/memintrin.ll
index 791fb35ce2b759..6913816cc8fe7a 100644
--- a/llvm/test/Analysis/StackSafetyAnalysis/memintrin.ll
+++ b/llvm/test/Analysis/StackSafetyAnalysis/memintrin.ll
@@ -98,6 +98,40 @@ entry:
ret void
}
+define void @MemsetHugeUpper_m1(i1 %bool) {
+; CHECK-LABEL: MemsetHugeUpper_m1 dso_preemptable{{$}}
+; CHECK-NEXT: args uses:
+; CHECK-NEXT: allocas uses:
+; CHECK-NEXT: x[4]: full-set
+entry:
+ %x = alloca i32, align 4
+ br i1 %bool, label %if.then, label %if.end
+
+if.then:
+ call void @llvm.memset.p0.i64(ptr %x, i8 0, i64 -1, i1 false)
+ br label %if.end
+
+if.end:
+ ret void
+}
+
+define void @MemsetHugeUpper_m2(i1 %bool) {
+; CHECK-LABEL: MemsetHugeUpper_m2 dso_preemptable{{$}}
+; CHECK-NEXT: args uses:
+; CHECK-NEXT: allocas uses:
+; CHECK-NEXT: x[4]: full-set
+entry:
+ %x = alloca i32, align 4
+ br i1 %bool, label %if.then, label %if.end
+
+if.then:
+ call void @llvm.memset.p0.i64(ptr %x, i8 0, i64 -2, i1 false)
+ br label %if.end
+
+if.end:
+ ret void
+}
+
define void @MemcpyInBounds() {
; CHECK-LABEL: MemcpyInBounds dso_preemptable{{$}}
; CHECK-NEXT: args uses:
|
vitalybuka
approved these changes
Jan 11, 2024
MaskRay
changed the title
justinfargnoli
pushed a commit
to justinfargnoli/llvm-project
that referenced
this pull request
Jan 28, 2024
Clang generates llvm.memset.p0.i64 with a length of -1 for the following code in `-stdlib=libc++ -std=c++20` mode (llvm#77210 (comment)) ```cpp bool strtof_clamp(const std::string &str); void floatsuffix_check(char *yytext_r) { std::string text = yytext_r; text.resize(text.size() - 1); strtof_clamp(text); } ``` `Sizes = [0xffffffffffffffff, 0)`. `SizeRange = [0, 0-1)`, leading to `assert(!isUnsafe(SizeRange));` failure. Bail out if the length is -1. Other negative values are handled by the existing condition.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Clang generates llvm.memset.p0.i64 with a length of -1 for the following code in
-stdlib=libc++ -std=c++20mode(#77210 (comment))
Sizes = [0xffffffffffffffff, 0).SizeRange = [0, 0-1), leading toassert(!isUnsafe(SizeRange));failure. Bail out if the length is -1.Other negative values are handled by the existing condition.