diff options
| author | Nikita Popov <npopov@redhat.com> | 2022-04-07 15:20:21 +0200 |
|---|---|---|
| committer | Nikita Popov <npopov@redhat.com> | 2022-04-08 09:44:00 +0200 |
| commit | a5a272a491406874e5147ba474182d30098ddfd4 (patch) | |
| tree | 48196e21912f37d1575a1c6fcaf633ac6d5bf8c6 /llvm/lib/CodeGen/SafeStack.cpp | |
| parent | 088d38890ccee92d5ef6ae13ec1c50f9b0083866 (diff) | |
| download | llvm-a5a272a491406874e5147ba474182d30098ddfd4.zip llvm-a5a272a491406874e5147ba474182d30098ddfd4.tar.gz llvm-a5a272a491406874e5147ba474182d30098ddfd4.tar.bz2 | |
[SafeStack] Don't create SCEV min between pointer and integer (PR54784)
Rather than rewriting the alloca pointer to zero, use
removePointerBase() to drop the base pointer. This will simply bail
if the base pointer is not the alloca. We could try doing something
more fancy here (like dropping the sources not based on the alloca
on the premise that they aren't SafeStack-relevant), but I don't
think that's worthwhile.
Fixes https://github.com/llvm/llvm-project/issues/54784.
Differential Revision: https://reviews.llvm.org/D123309
Diffstat (limited to 'llvm/lib/CodeGen/SafeStack.cpp')
| -rw-r--r-- | llvm/lib/CodeGen/SafeStack.cpp | 31 |
1 files changed, 11 insertions, 20 deletions
diff --git a/llvm/lib/CodeGen/SafeStack.cpp b/llvm/lib/CodeGen/SafeStack.cpp index 868fba3..1f7eac4 100644 --- a/llvm/lib/CodeGen/SafeStack.cpp +++ b/llvm/lib/CodeGen/SafeStack.cpp @@ -101,24 +101,6 @@ static cl::opt<bool> ClColoring("safe-stack-coloring", namespace { -/// Rewrite an SCEV expression for a memory access address to an expression that -/// represents offset from the given alloca. -/// -/// The implementation simply replaces all mentions of the alloca with zero. -class AllocaOffsetRewriter : public SCEVRewriteVisitor<AllocaOffsetRewriter> { - const Value *AllocaPtr; - -public: - AllocaOffsetRewriter(ScalarEvolution &SE, const Value *AllocaPtr) - : SCEVRewriteVisitor(SE), AllocaPtr(AllocaPtr) {} - - const SCEV *visitUnknown(const SCEVUnknown *Expr) { - if (Expr->getValue() == AllocaPtr) - return SE.getZero(Expr->getType()); - return Expr; - } -}; - /// The SafeStack pass splits the stack of each function into the safe /// stack, which is only accessed through memory safe dereferences (as /// determined statically), and the unsafe stack, which contains all @@ -233,9 +215,18 @@ uint64_t SafeStack::getStaticAllocaAllocationSize(const AllocaInst* AI) { bool SafeStack::IsAccessSafe(Value *Addr, uint64_t AccessSize, const Value *AllocaPtr, uint64_t AllocaSize) { - AllocaOffsetRewriter Rewriter(SE, AllocaPtr); - const SCEV *Expr = Rewriter.visit(SE.getSCEV(Addr)); + const SCEV *AddrExpr = SE.getSCEV(Addr); + const auto *Base = dyn_cast<SCEVUnknown>(SE.getPointerBase(AddrExpr)); + if (!Base || Base->getValue() != AllocaPtr) { + LLVM_DEBUG( + dbgs() << "[SafeStack] " + << (isa<AllocaInst>(AllocaPtr) ? "Alloca " : "ByValArgument ") + << *AllocaPtr << "\n" + << "SCEV " << *AddrExpr << " not directly based on alloca\n"); + return false; + } + const SCEV *Expr = SE.removePointerBase(AddrExpr); uint64_t BitWidth = SE.getTypeSizeInBits(Expr->getType()); ConstantRange AccessStartRange = SE.getUnsignedRange(Expr); ConstantRange SizeRange = |