Skip to content

Commit da959c9

Browse files
vzakharivzakhari
authored
[flang] Fixed out-of-bounds access in SimplifyIntrinsics. (#136171)
When the mask is scalar, it is incorrect to cast it to !fir.box<!fir.array<1xlogical<>>>, because the coordinate operation will try to read the dim-1 stride from the box to get the address of the first element. Even though the stride value will be multiplied by 0, and does not matter, it is still a read past the allocated box object. Instead, we should just use box_addr to get the address of the scalar mask.
1 parent 0906908 commit da959c9

File tree

2 files changed

+5
-17
lines changed

2 files changed

+5
-17
lines changed

Diff for: flang/lib/Optimizer/Transforms/SimplifyIntrinsics.cpp

+1-9
Original file line numberDiff line numberDiff line change
@@ -823,17 +823,9 @@ static void genRuntimeMinMaxlocBody(fir::FirOpBuilder &builder,
823823
if (maskRank == 0) {
824824
mlir::Type i1Type = builder.getI1Type();
825825
mlir::Type logical = maskElemType;
826-
mlir::IndexType idxTy = builder.getIndexType();
827-
828-
fir::SequenceType::Shape singleElement(1, 1);
829-
mlir::Type arrTy = fir::SequenceType::get(singleElement, logical);
830-
mlir::Type boxArrTy = fir::BoxType::get(arrTy);
831-
mlir::Value array = builder.create<fir::ConvertOp>(loc, boxArrTy, mask);
832-
833-
mlir::Value indx = builder.createIntegerConstant(loc, idxTy, 0);
834826
mlir::Type logicalRefTy = builder.getRefType(logical);
835827
mlir::Value condAddr =
836-
builder.create<fir::CoordinateOp>(loc, logicalRefTy, array, indx);
828+
builder.create<fir::BoxAddrOp>(loc, logicalRefTy, mask);
837829
mlir::Value cond = builder.create<fir::LoadOp>(loc, condAddr);
838830
mlir::Value condI1 = builder.create<fir::ConvertOp>(loc, i1Type, cond);
839831

Diff for: flang/test/Transforms/simplifyintrinsics.fir

+4-8
Original file line numberDiff line numberDiff line change
@@ -1996,10 +1996,8 @@ func.func @_QPtestminloc_works1d_scalarmask_f64(%arg0: !fir.ref<!fir.array<10xf6
19961996
// CHECK: %[[OUTARR_IDX0:.*]] = arith.constant 0 : index
19971997
// CHECK: %[[OUTARR_ITEM0:.*]] = fir.coordinate_of %[[BOX_OUTARR]], %[[OUTARR_IDX0]] : (!fir.box<!fir.heap<!fir.array<1xi32>>>, index) -> !fir.ref<i32>
19981998
// CHECK: fir.store %[[INIT_OUT_IDX]] to %[[OUTARR_ITEM0]] : !fir.ref<i32>
1999-
// CHECK: %[[BOX_MASK:.*]] = fir.convert %[[BOX_MASK_NONE]] : (!fir.box<none>) -> !fir.box<!fir.array<1x!fir.logical<4>>>
2000-
// CHECK: %[[MASK_IDX0:.*]] = arith.constant 0 : index
2001-
// CHECK: %[[MASK_ITEM:.*]] = fir.coordinate_of %[[BOX_MASK]], %[[MASK_IDX0]] : (!fir.box<!fir.array<1x!fir.logical<4>>>, index) -> !fir.ref<!fir.logical<4>>
2002-
// CHECK: %[[MASK_LOGICAL:.*]] = fir.load %[[MASK_ITEM]] : !fir.ref<!fir.logical<4>>
1999+
// CHECK: %[[MASK_ADDR:.*]] = fir.box_addr %[[BOX_MASK_NONE]] : (!fir.box<none>) -> !fir.ref<!fir.logical<4>>
2000+
// CHECK: %[[MASK_LOGICAL:.*]] = fir.load %[[MASK_ADDR]] : !fir.ref<!fir.logical<4>>
20032001
// CHECK: %[[MASK:.*]] = fir.convert %[[MASK_LOGICAL]] : (!fir.logical<4>) -> i1
20042002
// CHECK: %[[INIT_RES:.*]] = fir.if %[[MASK]] -> (f64) {
20052003
// CHECK: %[[C_INDEX0:.*]] = arith.constant 0 : index
@@ -2574,10 +2572,8 @@ func.func @_QPtestmaxloc_works1d_scalarmask_f64(%arg0: !fir.ref<!fir.array<10xf6
25742572
// CHECK: %[[OUTARR_IDX0:.*]] = arith.constant 0 : index
25752573
// CHECK: %[[OUTARR_ITEM0:.*]] = fir.coordinate_of %[[BOX_OUTARR]], %[[OUTARR_IDX0]] : (!fir.box<!fir.heap<!fir.array<1xi32>>>, index) -> !fir.ref<i32>
25762574
// CHECK: fir.store %[[INIT_OUT_IDX]] to %[[OUTARR_ITEM0]] : !fir.ref<i32>
2577-
// CHECK: %[[BOX_MASK:.*]] = fir.convert %[[BOX_MASK_NONE]] : (!fir.box<none>) -> !fir.box<!fir.array<1x!fir.logical<4>>>
2578-
// CHECK: %[[MASK_IDX0:.*]] = arith.constant 0 : index
2579-
// CHECK: %[[MASK_ITEM:.*]] = fir.coordinate_of %[[BOX_MASK]], %[[MASK_IDX0]] : (!fir.box<!fir.array<1x!fir.logical<4>>>, index) -> !fir.ref<!fir.logical<4>>
2580-
// CHECK: %[[MASK_LOGICAL:.*]] = fir.load %[[MASK_ITEM]] : !fir.ref<!fir.logical<4>>
2575+
// CHECK: %[[MASK_ADDR:.*]] = fir.box_addr %[[BOX_MASK_NONE]] : (!fir.box<none>) -> !fir.ref<!fir.logical<4>>
2576+
// CHECK: %[[MASK_LOGICAL:.*]] = fir.load %[[MASK_ADDR]] : !fir.ref<!fir.logical<4>>
25812577
// CHECK: %[[MASK:.*]] = fir.convert %[[MASK_LOGICAL]] : (!fir.logical<4>) -> i1
25822578
// CHECK: %[[INIT_RES:.*]] = fir.if %[[MASK]] -> (f64) {
25832579
// CHECK: %[[C_INDEX0:.*]] = arith.constant 0 : index

0 commit comments

Comments
 (0)