diff options
| -rw-r--r-- | lib/Transforms/Scalar/BoundsChecking.cpp | 26 | ||||
| -rw-r--r-- | test/Transforms/BoundsChecking/simple.ll | 78 |
2 files changed, 97 insertions, 7 deletions
diff --git a/lib/Transforms/Scalar/BoundsChecking.cpp b/lib/Transforms/Scalar/BoundsChecking.cpp index 004f34f3bd..85c5e111e0 100644 --- a/lib/Transforms/Scalar/BoundsChecking.cpp +++ b/lib/Transforms/Scalar/BoundsChecking.cpp @@ -62,6 +62,7 @@ namespace { unsigned Penalty; BasicBlock *getTrapBB(); + void emitBranchToTrap(Value *Cmp = 0); ConstTriState computeAllocSize(Value *Alloc, uint64_t &Size, Value* &SizeValue); bool instrument(Value *Ptr, Value *Val); @@ -94,6 +95,22 @@ BasicBlock *BoundsChecking::getTrapBB() { } +/// emitBranchToTrap - emit a branch instruction to a trap block. +/// If Cmp is non-null, perform a jump only if its value evaluates to true. +void BoundsChecking::emitBranchToTrap(Value *Cmp) { + Instruction *Inst = Builder->GetInsertPoint(); + BasicBlock *OldBB = Inst->getParent(); + BasicBlock *Cont = OldBB->splitBasicBlock(Inst); + OldBB->getTerminator()->eraseFromParent(); + + // FIXME: add unlikely branch taken metadata? + if (Cmp) + BranchInst::Create(getTrapBB(), Cont, Cmp, OldBB); + else + BranchInst::Create(getTrapBB(), OldBB); +} + + /// computeAllocSize - compute the object size allocated by an allocation /// site. Returns NotConst if the size is not constant (in SizeValue), Const if /// the size is constant (in Size), and Dunno if the size could not be @@ -254,7 +271,7 @@ bool BoundsChecking::instrument(Value *Ptr, Value *InstVal) { if (!OffsetValue && ConstAlloc == Const) { if (Size < Offset || (Size - Offset) < NeededSize) { // Out of bounds - Builder->CreateBr(getTrapBB()); + emitBranchToTrap(); ++ChecksAdded; return true; } @@ -278,13 +295,8 @@ bool BoundsChecking::instrument(Value *Ptr, Value *InstVal) { Value *Cmp1 = Builder->CreateICmpULT(SizeValue, OffsetValue); Value *Cmp2 = Builder->CreateICmpULT(ObjSize, NeededSizeVal); Value *Or = Builder->CreateOr(Cmp1, Cmp2); + emitBranchToTrap(Or); - // FIXME: add unlikely branch taken metadata? - Instruction *Inst = Builder->GetInsertPoint(); - BasicBlock *OldBB = Inst->getParent(); - BasicBlock *Cont = OldBB->splitBasicBlock(Inst); - OldBB->getTerminator()->eraseFromParent(); - BranchInst::Create(getTrapBB(), Cont, Or, OldBB); ++ChecksAdded; return true; } diff --git a/test/Transforms/BoundsChecking/simple.ll b/test/Transforms/BoundsChecking/simple.ll new file mode 100644 index 0000000000..8f4aa5935a --- /dev/null +++ b/test/Transforms/BoundsChecking/simple.ll @@ -0,0 +1,78 @@ +; RUN: opt < %s -boundschecking -S | FileCheck %s +target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128" + +@.str = private constant [8 x i8] c"abcdefg\00" ; <[8 x i8]*> + +declare noalias i8* @malloc(i64) nounwind +declare noalias i8* @calloc(i64, i64) nounwind +declare noalias i8* @realloc(i8* nocapture, i64) nounwind + +; CHECK: @f1 +define void @f1() nounwind { + %1 = tail call i8* @malloc(i64 32) + %2 = bitcast i8* %1 to i32* + %idx = getelementptr inbounds i32* %2, i64 2 +; CHECK-NOT: trap + store i32 3, i32* %idx, align 4 + ret void +} + +; CHECK: @f2 +define void @f2() nounwind { + %1 = tail call i8* @malloc(i64 32) + %2 = bitcast i8* %1 to i32* + %idx = getelementptr inbounds i32* %2, i64 8 +; CHECK: trap + store i32 3, i32* %idx, align 4 + ret void +} + +; CHECK: @f3 +define void @f3(i64 %x) nounwind { + %1 = tail call i8* @calloc(i64 4, i64 %x) + %2 = bitcast i8* %1 to i32* + %idx = getelementptr inbounds i32* %2, i64 8 +; CHECK-NEXT: mul i64 4, % +; CHECK-NEXT: sub i64 {{.*}}, 32 +; CHECK-NEXT: icmp ult i64 {{.*}}, 32 +; CHECK-NEXT: icmp ult i64 {{.*}}, 4 +; CHECK-NEXT: or i1 +; CHECK: trap + store i32 3, i32* %idx, align 4 + ret void +} + +; CHECK: @f4 +define void @f4(i64 %x) nounwind { + %1 = tail call i8* @realloc(i8* null, i64 %x) nounwind + %2 = bitcast i8* %1 to i32* + %idx = getelementptr inbounds i32* %2, i64 8 +; CHECK: trap + %3 = load i32* %idx, align 4 + ret void +} + +; CHECK: @f5 +define void @f5(i64 %x) nounwind { + %idx = getelementptr inbounds [8 x i8]* @.str, i64 0, i64 %x +; CHECK: trap + %1 = load i8* %idx, align 4 + ret void +} + +; CHECK: @f6 +define void @f6(i64 %x) nounwind { + %1 = alloca i128 +; CHECK-NOT: trap + %2 = load i128* %1, align 4 + ret void +} + +; CHECK: @f7 +define void @f7(i64 %x) nounwind { + %1 = alloca i128, i64 %x +; CHECK: mul i64 16, +; CHECK: trap + %2 = load i128* %1, align 4 + ret void +} |