| Issue |
156435
|
| Summary |
InstCombine/lowerObjectSizeCall introducing an assume about allocation sizes
|
| Labels |
miscompilation,
llvm:instcombine
|
| Assignees |
|
| Reporter |
nunoplopes
|
This test case is mysterious to me:
```llvm
; llvm/test/Transforms/InstCombine/builtin-dynamic-object-size.ll
define i64 @weird_identity_but_ok(i64 %sz) {
%call = tail call ptr @malloc(i64 %sz)
%calc_size = tail call i64 @llvm.objectsize.i64.p0(ptr %call, i1 false, i1 true, i1 true)
tail call void @free(ptr %call)
ret i64 %calc_size
}
```
Gets transformed by InstCombine (via MemoryBuiltin's lowerObjectSizeCall) to:
```llvm
define i64 @weird_identity_but_ok(i64 %sz) {
entry:
%0 = icmp ne i64 %sz, -1
call void @llvm.assume(i1 %0)
ret i64 %sz
}
```
When malloc() is given a huge size it just returns null. So the assume() here seems wrong. There's no constraint on the %sz variable AFAICT.
cc @siddhesh @serge-sans-paille
![]()
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
