As suggested on D105733, this adds a verifier rule that calls to
intrinsics must match the signature of the intrinsic.
Without opaque pointers this is automatically enforced for all
calls, because the pointer types need to match. If the signatures
don't match, a pointer bitcast has to be inserted. For intrinsics
in particular, such bitcasts are not legal, because the address of
intrinsics cannot be taken.
With opaque pointers, there are no more pointer bitcasts, so it's
generally possible for the call and the callee signature to differ.
However, for intrinsics we still want to enforce that the signatures
must match, the same as was done before through the address taken
check.
We can't enforce this more generally for non-intrinsics, because
calls with mismatched signatures at the very least can legally
occur in unreachable code, and might also be valid in some other
cases, depending on how exactly the signatures differ.
Differential Revision: https://reviews.llvm.org/D106013
Assert(verifyAttributeCount(Attrs, Call.arg_size()),
"Attribute after last parameter!", Call);
- bool IsIntrinsic = Call.getCalledFunction() &&
- Call.getCalledFunction()->isIntrinsic();
-
Function *Callee =
dyn_cast<Function>(Call.getCalledOperand()->stripPointerCasts());
+ bool IsIntrinsic = Callee && Callee->isIntrinsic();
+ if (IsIntrinsic)
+ Assert(Callee->getValueType() == FTy,
+ "Intrinsic called with incompatible signature", Call);
if (Attrs.hasFnAttribute(Attribute::Speculatable)) {
// Don't allow speculatable on call sites, unless the underlying function
--- /dev/null
+; RUN: not opt -passes=verify -force-opaque-pointers -S < %s 2>&1 | FileCheck %s
+
+declare i32 @llvm.umax.i32(i32, i32)
+
+define void @intrinsic_signature_mismatch() {
+; CHECK: Intrinsic called with incompatible signature
+ call i32 @llvm.umax.i32(i32 0)
+ ret void
+}
projects / platform / upstream / llvm.git / commitdiff