diff options
| author | hyeongyu kim <gusrb406@snu.ac.kr> | 2021-07-13 15:34:41 +0900 |
|---|---|---|
| committer | hyeongyu kim <gusrb406@snu.ac.kr> | 2021-07-13 15:35:18 +0900 |
| commit | e338d08ae609bf07b1f43ad15a6488e7c302800b (patch) | |
| tree | cecae0b1c634652a7451a8a1bf82a9754940f79d /llvm/lib/Transforms/Utils/SimplifyCFG.cpp | |
| parent | 816f12886bd0781a85d4736d9adc9b0ff7b4775c (diff) | |
| download | llvm-e338d08ae609bf07b1f43ad15a6488e7c302800b.zip llvm-e338d08ae609bf07b1f43ad15a6488e7c302800b.tar.gz llvm-e338d08ae609bf07b1f43ad15a6488e7c302800b.tar.bz2 | |
[SimplifyCFG] Fix SimplifyBranchOnICmpChain to be undef/poison safe.
This patch fixes the problem of SimplifyBranchOnICmpChain that occurs
when extra values are Undef or poison.
Suppose the %mode is 51 and the %Cond is poison, and let's look at the
case below.
```
%A = icmp ne i32 %mode, 0
%B = icmp ne i32 %mode, 51
%C = select i1 %A, i1 %B, i1 false
%D = select i1 %C, i1 %Cond, i1 false
br i1 %D, label %T, label %F
=>
br i1 %Cond, label %switch.early.test, label %F
switch.early.test:
switch i32 %mode, label %T [
i32 51, label %F
i32 0, label %F
]
```
incorrectness: https://alive2.llvm.org/ce/z/BWScX
Code before transformation will not raise UB because %C and %D is false,
and it will not use %Cond. But after transformation, %Cond is being used
immediately, and it will raise UB.
This problem can be solved by adding freeze instruction.
correctness: https://alive2.llvm.org/ce/z/x9x4oY
Reviewed By: nikic
Differential Revision: https://reviews.llvm.org/D104569
Diffstat (limited to 'llvm/lib/Transforms/Utils/SimplifyCFG.cpp')
| -rw-r--r-- | llvm/lib/Transforms/Utils/SimplifyCFG.cpp | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/llvm/lib/Transforms/Utils/SimplifyCFG.cpp b/llvm/lib/Transforms/Utils/SimplifyCFG.cpp index f08ab18..805bc32 100644 --- a/llvm/lib/Transforms/Utils/SimplifyCFG.cpp +++ b/llvm/lib/Transforms/Utils/SimplifyCFG.cpp @@ -4241,11 +4241,6 @@ bool SimplifyCFGOpt::SimplifyBranchOnICmpChain(BranchInst *BI, BasicBlock *BB = BI->getParent(); - // MSAN does not like undefs as branch condition which can be introduced - // with "explicit branch". - if (ExtraCase && BB->getParent()->hasFnAttribute(Attribute::SanitizeMemory)) - return false; - LLVM_DEBUG(dbgs() << "Converting 'icmp' chain with " << Values.size() << " cases into SWITCH. BB is:\n" << *BB); @@ -4263,6 +4258,16 @@ bool SimplifyCFGOpt::SimplifyBranchOnICmpChain(BranchInst *BI, Instruction *OldTI = BB->getTerminator(); Builder.SetInsertPoint(OldTI); + // There can be an unintended UB if extra values are Poison. Before the + // transformation, extra values may not be evaluated according to the + // condition, and it will not raise UB. But after transformation, we are + // evaluating extra values before checking the condition, and it will raise + // UB. It can be solved by adding freeze instruction to extra values. + AssumptionCache *AC = Options.AC; + + if (!isGuaranteedNotToBeUndefOrPoison(ExtraCase, AC, BI, nullptr)) + ExtraCase = Builder.CreateFreeze(ExtraCase); + if (TrueWhenEqual) Builder.CreateCondBr(ExtraCase, EdgeBB, NewBB); else |