Google Git
Sign in
chromium / external / llvm.org / llvm / 06b38392dd60537b5d5732362f0ea8ec8dcea3d5
commit06b38392dd60537b5d5732362f0ea8ec8dcea3d5[log] [tgz]
authorMax Kazantsev <max.kazantsev@azul.com>Sat May 19 13:06:37 2018
committerMax Kazantsev <max.kazantsev@azul.com>Sat May 19 13:06:37 2018
tree8cc0f40c87848637b2bf958daaebc96ea786e58a
parent9174d3e272dfbc1f3788cd91db294561803a2ed0 [diff]
[IRCE] Fix miscompile with range checks against negative values

In the patch rL329547, we have lifted the over-restrictive limitation on collected range
checks, allowing to work with range checks with the end of their range not being
provably non-negative. However it appeared that the non-negativity of this value was
assumed in the utility function `ClampedSubtract`. In particular, its reasoning is based
on the fact that `0 <= SINT_MAX - X`, which is not true if `X` is negative.

The function `ClampedSubtract` is only called twice, once with `X = 0` (which is OK)
and the second time with `X = IRC.getEnd()`, where we may now see the problem if
the end is actually a negative value. In this case, we may sometimes miscompile.

This patch is the conservative fix of the miscompile problem. Rather than rejecting
non-provably non-negative `getEnd()` values, we will check it for non-negativity in
runtime. For this, we use function `smax(smin(X, 0), -1) + 1` that is equal to `1` if `X`
is non-negative and is equal to 0 if `X` is negative. If we multiply `Begin, End` of safe
iteration space by this function calculated for `X = IRC.getEnd()`, we will get the original
`[Begin, End)` if `IRC.getEnd()` was non-negative (and, thus, `ClampedSubtract` worked
correctly) and the empty range `[0, 0)` in case if ` IRC.getEnd()` was negative.

So we in fact prohibit execution of the main loop if at least one of range checks was
made against a negative value (and we figured it out in runtime). It is still better than
what we have before (non-negativity had to be proved in compile time) and prevents
us from miscompile, however it is sometiles too restrictive for unsigned range checks
against a negative value (which in fact can be eliminated).

Once we re-implement `ClampedSubtract` in a way that it handles negative `X` correctly,
this limitation can be lifted, too.

Differential Revision: https://reviews.llvm.org/D46860
Reviewed By: samparker


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@332809 91177308-0d34-0410-b5e6-96231b3b80d8
2 files changed
tree: 8cc0f40c87848637b2bf958daaebc96ea786e58a
  1. bindings/
  2. cmake/
  3. docs/
  4. examples/
  5. include/
  6. lib/
  7. projects/
  8. resources/
  9. runtimes/
  10. test/
  11. tools/
  12. unittests/
  13. utils/
  14. .arcconfig
  15. .clang-format
  16. .clang-tidy
  17. .gitattributes
  18. .gitignore
  19. CMakeLists.txt
  20. CODE_OWNERS.TXT
  21. configure
  22. CREDITS.TXT
  23. LICENSE.TXT
  24. llvm.spec.in
  25. LLVMBuild.txt
  26. README.txt
  27. RELEASE_TESTERS.TXT