From 1d8030053d46b89e3677986d059065c6a2e7a2e1 Mon Sep 17 00:00:00 2001 From: Jeroen Dobbelaere Date: Tue, 13 Jul 2021 10:16:41 +0200 Subject: [PATCH] [NFC] Do not track calls to inlined intrinsics in IFI. Just like intrinsics are not tracked for IFI.InlinedCalls, they should not be tracked for IFI.InlinedCallSites. In the current top-of-tree this change is a NFC, but the full restrict patches (D68484) potentially trigger an read-after-free if intrinsics are also added to the InlindeCallSites, due to a late optimization potentially removing some of the inlined intrinsics. Also see https://lists.llvm.org/pipermail/llvm-dev/2021-July/151722.html for a discussion about the problem. Reviewed By: aeubanks Differential Revision: https://reviews.llvm.org/D105805 --- llvm/lib/Transforms/IPO/Inliner.cpp | 2 ++ llvm/lib/Transforms/Utils/InlineFunction.cpp | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/llvm/lib/Transforms/IPO/Inliner.cpp b/llvm/lib/Transforms/IPO/Inliner.cpp index d0d4b9c..cd8916a 100644 --- a/llvm/lib/Transforms/IPO/Inliner.cpp +++ b/llvm/lib/Transforms/IPO/Inliner.cpp @@ -1007,6 +1007,8 @@ PreservedAnalyses InlinerPass::run(LazyCallGraph::SCC &InitialC, for (CallBase *ICB : reverse(IFI.InlinedCallSites)) { Function *NewCallee = ICB->getCalledFunction(); + assert(!(NewCallee && NewCallee->isIntrinsic()) && + "Intrinsic calls should not be tracked."); if (!NewCallee) { // Try to promote an indirect (virtual) call without waiting for // the post-inline cleanup and the next DevirtSCCRepeatedPass diff --git a/llvm/lib/Transforms/Utils/InlineFunction.cpp b/llvm/lib/Transforms/Utils/InlineFunction.cpp index bd9bd77..d613aab 100644 --- a/llvm/lib/Transforms/Utils/InlineFunction.cpp +++ b/llvm/lib/Transforms/Utils/InlineFunction.cpp @@ -2438,14 +2438,17 @@ llvm::InlineResult llvm::InlineFunction(CallBase &CB, InlineFunctionInfo &IFI, // before we splice the inlined code into the CFG and lose track of which // blocks were actually inlined, collect the call sites. We only do this if // call graph updates weren't requested, as those provide value handle based - // tracking of inlined call sites instead. + // tracking of inlined call sites instead. Calls to intrinsics are not + // collected because they are not inlineable. if (InlinedFunctionInfo.ContainsCalls && !IFI.CG) { // Otherwise just collect the raw call sites that were inlined. for (BasicBlock &NewBB : make_range(FirstNewBlock->getIterator(), Caller->end())) for (Instruction &I : NewBB) if (auto *CB = dyn_cast(&I)) - IFI.InlinedCallSites.push_back(CB); + if (!(CB->getCalledFunction() && + CB->getCalledFunction()->isIntrinsic())) + IFI.InlinedCallSites.push_back(CB); } // If we cloned in _exactly one_ basic block, and if that block ends in a -- 2.7.4