[Mem2Reg] Generate non-terminator unreachable for !noundef undef #96639
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When performing a load from uninitialized memory using !noundef, insert a non-terminator unreachable instruction, which will be converted to a proper unreachable by SimplifyCFG. This way we retain the fact that UB occurred on this code path.
|
@llvm/pr-subscribers-llvm-transforms Author: Nikita Popov (nikic) ChangesWhen performing a load from uninitialized memory using !noundef, insert a non-terminator unreachable instruction, which will be converted to a proper unreachable by SimplifyCFG. This way we retain the fact that UB occurred on this code path. Full diff: https://github.com/llvm/llvm-project/pull/96639.diff 2 Files Affected:
diff --git a/llvm/lib/Transforms/Utils/PromoteMemoryToRegister.cpp b/llvm/lib/Transforms/Utils/PromoteMemoryToRegister.cpp
index 40d0f6b75d69b..a1210ac0f88ac 100644
--- a/llvm/lib/Transforms/Utils/PromoteMemoryToRegister.cpp
+++ b/llvm/lib/Transforms/Utils/PromoteMemoryToRegister.cpp
@@ -453,6 +453,15 @@ static void addAssumeNonNull(AssumptionCache *AC, LoadInst *LI) {
static void convertMetadataToAssumes(LoadInst *LI, Value *Val,
const DataLayout &DL, AssumptionCache *AC,
const DominatorTree *DT) {
+ if (isa<UndefValue>(Val) && LI->hasMetadata(LLVMContext::MD_noundef)) {
+ // Insert non-terminator unreachable.
+ LLVMContext &Ctx = LI->getContext();
+ new StoreInst(ConstantInt::getTrue(Ctx),
+ PoisonValue::get(PointerType::getUnqual(Ctx)),
+ /*isVolatile=*/false, Align(1), LI);
+ return;
+ }
+
// If the load was marked as nonnull we don't want to lose that information
// when we erase this Load. So we preserve it with an assume. As !nonnull
// returns poison while assume violations are immediate undefined behavior,
diff --git a/llvm/test/Transforms/Mem2Reg/preserve-nonnull-load-metadata.ll b/llvm/test/Transforms/Mem2Reg/preserve-nonnull-load-metadata.ll
index e3c14cc662e2a..edc07864795e8 100644
--- a/llvm/test/Transforms/Mem2Reg/preserve-nonnull-load-metadata.ll
+++ b/llvm/test/Transforms/Mem2Reg/preserve-nonnull-load-metadata.ll
@@ -143,6 +143,7 @@ fin:
define ptr @no_store_single_load_noundef() {
; CHECK-LABEL: @no_store_single_load_noundef(
; CHECK-NEXT: entry:
+; CHECK-NEXT: store i1 true, ptr poison, align 1
; CHECK-NEXT: ret ptr undef
;
entry:
@@ -156,8 +157,10 @@ define ptr @no_store_multiple_loads_noundef(i1 %c) {
; CHECK-NEXT: entry:
; CHECK-NEXT: br i1 [[C:%.*]], label [[IF:%.*]], label [[ELSE:%.*]]
; CHECK: if:
+; CHECK-NEXT: store i1 true, ptr poison, align 1
; CHECK-NEXT: ret ptr undef
; CHECK: else:
+; CHECK-NEXT: store i1 true, ptr poison, align 1
; CHECK-NEXT: ret ptr undef
;
entry:
@@ -176,8 +179,7 @@ if:
define ptr @no_store_single_load_nonnull_noundef() {
; CHECK-LABEL: @no_store_single_load_nonnull_noundef(
; CHECK-NEXT: entry:
-; CHECK-NEXT: [[TMP0:%.*]] = icmp ne ptr undef, null
-; CHECK-NEXT: call void @llvm.assume(i1 [[TMP0]])
+; CHECK-NEXT: store i1 true, ptr poison, align 1
; CHECK-NEXT: ret ptr undef
;
entry:
@@ -191,12 +193,10 @@ define ptr @no_store_multiple_loads_nonnull_noundef(i1 %c) {
; CHECK-NEXT: entry:
; CHECK-NEXT: br i1 [[C:%.*]], label [[IF:%.*]], label [[ELSE:%.*]]
; CHECK: if:
-; CHECK-NEXT: [[TMP0:%.*]] = icmp ne ptr undef, null
-; CHECK-NEXT: call void @llvm.assume(i1 [[TMP0]])
+; CHECK-NEXT: store i1 true, ptr poison, align 1
; CHECK-NEXT: ret ptr undef
; CHECK: else:
-; CHECK-NEXT: [[TMP1:%.*]] = icmp ne ptr undef, null
-; CHECK-NEXT: call void @llvm.assume(i1 [[TMP1]])
+; CHECK-NEXT: store i1 true, ptr poison, align 1
; CHECK-NEXT: ret ptr undef
;
entry:
|
dtcxzyw
approved these changes
Jun 25, 2024
Do we have to, out of curiosity? Thought this was only being done here, exactly to relieve SROA from carrying that out. |
SROA uses mem2reg internally, so this mostly also covers SROA as well (apart from one edge case...) |
|
Why not use |
Store to poison is the canonical form for non-terminator unreachable. In fact, InstCombine will convert assume(false) to it: https://llvm.godbolt.org/z/rsfd7hzja |
nikic
added a commit
to nikic/llvm-project
that referenced
this pull request
Jun 25, 2024
This extends llvm#96639 for mem2reg to earlycse. If we try to replace a load with !noundef metadata by undef, insert a non-terminator unreachable. I've added a handleLoadOfUndef() helper for this purpose, which is shared between mem2reg and earlycse (and in the future also gvn etc). This also provides a place to experiment with replacing uninit loads with freeze poison.
AlexisPerry
pushed a commit
to llvm-project-tlp/llvm-project
that referenced
this pull request
Jul 9, 2024
…m#96639) When performing a load from uninitialized memory using !noundef, insert a non-terminator unreachable instruction, which will be converted to a proper unreachable by SimplifyCFG. This way we retain the fact that UB occurred on this code path.
This was referenced Jul 15, 2024
dianqk
added a commit
that referenced
this pull request
Jul 15, 2024
…chable (#98910) Add the content from #96639 (comment).
yuxuanchen1997
pushed a commit
that referenced
this pull request
Jul 25, 2024
…chable (#98910) Summary: Add the content from #96639 (comment). Test Plan: Reviewers: Subscribers: Tasks: Tags: Differential Revision: https://phabricator.intern.facebook.com/D60251667
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When performing a load from uninitialized memory using !noundef, insert a non-terminator unreachable instruction, which will be converted to a proper unreachable by SimplifyCFG. This way we retain the fact that UB occurred on this code path.