From 88e6dc8bf14e8a98888f62173a6581386b8d29a0 Mon Sep 17 00:00:00 2001
From: Chris Lattner <sabre@nondot.org>
Date: Sat, 23 Aug 2008 05:21:06 +0000
Subject: [PATCH] Fix PR2423 by checking all indices for out of range access,
 not only indices that start with an array subscript.  x->field[10000] is just
 as bad as (*X)[14][10000].

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@55226 91177308-0d34-0410-b5e6-96231b3b80d8
---
 .../Scalar/ScalarReplAggregates.cpp           | 66 +++++++++----------
 .../2008-08-22-out-of-range-array-promote.ll  | 22 +++++++
 2 files changed, 53 insertions(+), 35 deletions(-)
 create mode 100644 test/Transforms/ScalarRepl/2008-08-22-out-of-range-array-promote.ll

diff --git a/lib/Transforms/Scalar/ScalarReplAggregates.cpp b/lib/Transforms/Scalar/ScalarReplAggregates.cpp
index 4e289e3d691..c5ca22145e3 100644
--- a/lib/Transforms/Scalar/ScalarReplAggregates.cpp
+++ b/lib/Transforms/Scalar/ScalarReplAggregates.cpp
@@ -511,42 +511,12 @@ void SROA::isSafeUseOfAllocation(Instruction *User, AllocationInst *AI,
 
   bool IsAllZeroIndices = true;
   
-  // If this is a use of an array allocation, do a bit more checking for sanity.
+  // If the first index is a non-constant index into an array, see if we can
+  // handle it as a special case.
   if (const ArrayType *AT = dyn_cast<ArrayType>(*I)) {
-    uint64_t NumElements = AT->getNumElements();
-
-    if (ConstantInt *Idx = dyn_cast<ConstantInt>(I.getOperand())) {
-      IsAllZeroIndices &= Idx->isZero();
-      
-      // Check to make sure that index falls within the array.  If not,
-      // something funny is going on, so we won't do the optimization.
-      //
-      if (Idx->getZExtValue() >= NumElements)
-        return MarkUnsafe(Info);
-
-      // We cannot scalar repl this level of the array unless any array
-      // sub-indices are in-range constants.  In particular, consider:
-      // A[0][i].  We cannot know that the user isn't doing invalid things like
-      // allowing i to index an out-of-range subscript that accesses A[1].
-      //
-      // Scalar replacing *just* the outer index of the array is probably not
-      // going to be a win anyway, so just give up.
-      for (++I; I != E && (isa<ArrayType>(*I) || isa<VectorType>(*I)); ++I) {
-        uint64_t NumElements;
-        if (const ArrayType *SubArrayTy = dyn_cast<ArrayType>(*I))
-          NumElements = SubArrayTy->getNumElements();
-        else
-          NumElements = cast<VectorType>(*I)->getNumElements();
-        
-        ConstantInt *IdxVal = dyn_cast<ConstantInt>(I.getOperand());
-        if (!IdxVal) return MarkUnsafe(Info);
-        if (IdxVal->getZExtValue() >= NumElements)
-          return MarkUnsafe(Info);
-        IsAllZeroIndices &= IdxVal->isZero();
-      }
-      
-    } else {
+    if (!isa<ConstantInt>(I.getOperand())) {
       IsAllZeroIndices = 0;
+      uint64_t NumElements = AT->getNumElements();
       
       // If this is an array index and the index is not constant, we cannot
       // promote... that is unless the array has exactly one or two elements in
@@ -560,7 +530,33 @@ void SROA::isSafeUseOfAllocation(Instruction *User, AllocationInst *AI,
       return MarkUnsafe(Info);
     }
   }
-
+  
+  
+  // Walk through the GEP type indices, checking the types that this indexes
+  // into.
+  for (; I != E; ++I) {
+    // Ignore struct elements, no extra checking needed for these.
+    if (isa<StructType>(*I))
+      continue;
+    
+    // Don't SROA pointers into vectors.
+    if (isa<VectorType>(*I))
+      return MarkUnsafe(Info);
+    
+    // Otherwise, we must have an index into an array type.  Verify that this is
+    // an in-range constant integer.  Specifically, consider A[0][i].  We
+    // cannot know that the user isn't doing invalid things like allowing i to
+    // index an out-of-range subscript that accesses A[1].  Because of this, we
+    // have to reject SROA of any accesses into structs where any of the
+    // components are variables.
+    ConstantInt *IdxVal = dyn_cast<ConstantInt>(I.getOperand());
+    if (!IdxVal) return MarkUnsafe(Info);
+    if (IdxVal->getZExtValue() >= cast<ArrayType>(*I)->getNumElements())
+      return MarkUnsafe(Info);
+    
+    IsAllZeroIndices &= IdxVal->isZero();
+  }
+  
   // If there are any non-simple uses of this getelementptr, make sure to reject
   // them.
   return isSafeElementUse(GEPI, IsAllZeroIndices, AI, Info);
diff --git a/test/Transforms/ScalarRepl/2008-08-22-out-of-range-array-promote.ll b/test/Transforms/ScalarRepl/2008-08-22-out-of-range-array-promote.ll
new file mode 100644
index 00000000000..a2386fdedcb
--- /dev/null
+++ b/test/Transforms/ScalarRepl/2008-08-22-out-of-range-array-promote.ll
@@ -0,0 +1,22 @@
+; RUN: llvm-as < %s | opt -scalarrepl | llvm-dis | grep {s = alloca .struct.x}
+; PR2423
+target datalayout = "e-p:32:32:32-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:32:64-f32:32:32-f64:32:64-v64:64:64-v128:128:128-a0:0:64-f80:128:128"
+target triple = "i386-apple-darwin8"
+	%struct.x = type { [1 x i32], i32, i32 }
+
+define i32 @b() nounwind {
+entry:
+	%s = alloca %struct.x		; <%struct.x*> [#uses=2]
+	%r = alloca %struct.x		; <%struct.x*> [#uses=2]
+	call i32 @a( %struct.x* %s ) nounwind		; <i32>:0 [#uses=0]
+	%r1 = bitcast %struct.x* %r to i8*		; <i8*> [#uses=1]
+	%s2 = bitcast %struct.x* %s to i8*		; <i8*> [#uses=1]
+	call void @llvm.memcpy.i32( i8* %r1, i8* %s2, i32 12, i32 8 )
+	getelementptr %struct.x* %r, i32 0, i32 0, i32 1		; <i32*>:1 [#uses=1]
+	load i32* %1, align 4		; <i32>:2 [#uses=1]
+	ret i32 %2
+}
+
+declare i32 @a(%struct.x*)
+
+declare void @llvm.memcpy.i32(i8*, i8*, i32, i32) nounwind
-- 
2.34.1