llvm.org GIT mirror llvm / e4f573f
Merging r155466: ------------------------------------------------------------------------ r155466 | chandlerc | 2012-04-24 11:42:47 -0700 (Tue, 24 Apr 2012) | 17 lines Fix a crash on valid (if UB) bitcode that is produced for some global constants in C++11 mode. I have no idea why it required such particular circumstances to get here, the code seems clearly to rely upon unchecked assumptions. Specifically, when we decide to form an index into a struct type, we may have gone through (at least one) zero-length array indexing round, which would have left the offset un-adjusted, and thus not necessarily valid for use when indexing the struct type. This is just an canonicalization step, so the correct thing is to refuse to canonicalize nonsensical GEPs of this form. Implemented, and test case added. Fixes PR12642. Pair debugged and coded with Richard Smith. =] I credit him with most of the debugging, and preventing me from writing the wrong code. ------------------------------------------------------------------------ git-svn-id: https://llvm.org/svn/llvm-project/llvm/branches/release_31@155506 91177308-0d34-0410-b5e6-96231b3b80d8 Bill Wendling 7 years ago
2 changed file(s) with 16 addition(s) and 3 deletion(s). Raw diff Collapse all Expand all
680680 // This makes it easy to determine if the getelementptr is "inbounds".
681681 // Also, this helps GlobalOpt do SROA on GlobalVariables.
682682 Type *Ty = Ptr->getType();
683 assert(Ty->isPointerTy() && "Forming regular GEP of non-pointer type");
683684 SmallVector NewIdxs;
684685 do {
685686 if (SequentialType *ATy = dyn_cast(Ty)) {
710711 }
711712 Ty = ATy->getElementType();
712713 } else if (StructType *STy = dyn_cast(Ty)) {
714 // If we end up with an offset that isn't valid for this struct type, we
715 // can't re-form this GEP in a regular form, so bail out. The pointer
716 // operand likely went through casts that are necessary to make the GEP
717 // sensible.
718 const StructLayout &SL = *TD->getStructLayout(STy);
719 if (Offset.uge(SL.getSizeInBytes()))
720 break;
721
713722 // Determine which field of the struct the offset points into. The
714 // getZExtValue is at least as safe as the StructLayout API because we
715 // know the offset is within the struct at this point.
716 const StructLayout &SL = *TD->getStructLayout(STy);
723 // getZExtValue is fine as we've already ensured that the offset is
724 // within the range representable by the StructLayout API.
717725 unsigned ElIdx = SL.getElementContainingOffset(Offset.getZExtValue());
718726 NewIdxs.push_back(ConstantInt::get(Type::getInt32Ty(Ty->getContext()),
719727 ElIdx));
1010
1111 @xs = global [2 x i32] zeroinitializer, align 4
1212 ; CHECK: @xs = global [2 x i32] [i32 1, i32 1]
13
14 ; PR12642
15 %PR12642.struct = type { i8 }
16 @PR12642.s = global <{}> zeroinitializer, align 1
17 @PR12642.p = constant %PR12642.struct* bitcast (i8* getelementptr (i8* bitcast (<{}>* @PR12642.s to i8*), i64 1) to %PR12642.struct*), align 8
1318
1419 define internal void @test1() {
1520 entry: