fix #971 (asm mode): improve ptr2int type punning through loads

AliveToolkit · Nov 26, 2023 · 2a4274c · 2a4274c
1 parent 8499328
commit 2a4274c
Show file tree

Hide file tree

Showing 5 changed files with 56 additions and 17 deletions.
diff --git a/ir/memory.cpp b/ir/memory.cpp
@@ -297,6 +297,13 @@ expr Byte::isZero() const {
   return expr::mkIf(isPtr(), ptr().isNull(), nonptrValue() == 0);
 }
 
+expr Byte::forceCastToInt() const {
+  auto offset = ptrByteoffset().zextOrTrunc(bits_ptr_address);
+       offset = offset * expr::mkUInt(bits_byte, offset);
+  auto addr   = ptr().getAddress().lshr(offset);
+  return expr::mkIf(isPtr(), addr.trunc(bits_byte), nonptrValue());
+}
+
 expr Byte::refined(const Byte &other) const {
   if (eq(other))
     return true;
@@ -361,7 +368,7 @@ ostream& operator<<(ostream &os, const Byte &byte) {
   if (byte.isPtr().isTrue()) {
     if (byte.ptrNonpoison().isTrue()) {
       os << byte.ptr() << ", byte offset=";
-      byte.ptrByteoffset().printSigned(os);
+      byte.ptrByteoffset().printUnsigned(os);
     } else {
       os << "poison";
     }
@@ -530,32 +537,21 @@ static StateValue bytesToValue(const Memory &m, const vector<Byte> &bytes,
     assert(!toType.isAggregateType() || isNonPtrVector(toType));
     auto bitsize = toType.bits();
     assert(divide_up(bitsize, bits_byte) == bytes.size());
+    bool is_asm = m.getState().getFn().getFnAttrs().has(FnAttrs::Asm);
 
     StateValue val;
     bool first = true;
     IntType ibyteTy("", bits_byte);
 
     for (auto &b: bytes) {
       expr isptr = ub_pre(!b.isPtr());
-      StateValue v(b.nonptrValue(),
-                   ibyteTy.combine_poison(isptr, b.nonptrNonpoison()));
+      StateValue v(is_asm ? b.forceCastToInt() : b.nonptrValue(),
+                   is_asm ? !b.isPoison()
+                          : ibyteTy.combine_poison(isptr, b.nonptrNonpoison()));
       val = first ? std::move(v) : v.concat(val);
       first = false;
     }
-    val = toType.fromInt(val.trunc(bitsize, toType.np_bits(true)));
-
-    // allow ptr->int type punning in Assembly mode
-    if (bitsize == bits_program_pointer &&
-        has_null_block && // a ptr load in src sets this to true
-        does_ptr_mem_access &&
-        m.getState().getFn().getFnAttrs().has(FnAttrs::Asm)) {
-      StateValue ptr_val = bytesToValue(m, bytes, PtrType(0));
-      ptr_val.value = Pointer(m, ptr_val.value).getAddress();
-      expr is_ptr = bytes[0].isPtr();
-      val = StateValue::mkIf(is_ptr, ptr_val.subst(is_ptr, true),
-                             val.subst(is_ptr, false)).simplify();
-    }
-    return val;
+    return toType.fromInt(val.trunc(bitsize, toType.np_bits(true)));
   }
 }
 

diff --git a/ir/memory.h b/ir/memory.h
@@ -64,6 +64,7 @@ class Byte {
   smt::expr nonptrValue() const;
   smt::expr isPoison() const;
   smt::expr isZero() const; // zero or null
+  smt::expr forceCastToInt() const;
 
   smt::expr&& operator()() && { return std::move(p); }
 

diff --git a/tests/alive-tv/asm/load-ptr2int-be.srctgt.ll b/tests/alive-tv/asm/load-ptr2int-be.srctgt.ll
@@ -0,0 +1,15 @@
+; TEST-ARGS: -tgt-is-asm
+
+target datalayout = "E"
+
+define i8 @src(ptr %p) {
+  %q = load ptr, ptr %p
+  load i8, ptr %q, align 512
+  ret i8 0
+}
+
+define i8 @tgt(ptr %p) {
+  %p2 = getelementptr i8, ptr %p, i32 7
+  %v = load i8, ptr %p2
+  ret i8 %v
+}
diff --git a/tests/alive-tv/asm/load-ptr2int.srctgt.ll b/tests/alive-tv/asm/load-ptr2int.srctgt.ll
@@ -0,0 +1,13 @@
+; TEST-ARGS: -tgt-is-asm
+
+define i8 @src(ptr %p) {
+  %q = load ptr, ptr %p
+  load i8, ptr %q, align 512
+  ret i8 0
+}
+
+define i8 @tgt(ptr %p) {
+  %p2 = getelementptr i8, ptr %p, i32 0
+  %v = load i8, ptr %p2
+  ret i8 %v
+}
diff --git a/tests/alive-tv/asm/load-ptr2int2.srctgt.ll b/tests/alive-tv/asm/load-ptr2int2.srctgt.ll
@@ -0,0 +1,14 @@
+define i8 @src(ptr %p) {
+  %v = load i8, ptr %p
+  ret i8 %v
+}
+
+define i8 @tgt(ptr %p) {
+  %v = load i8, ptr %p
+  %c = icmp eq i8 %v, 0
+  br i1 %c, label %then, label %else
+then:
+  ret i8 0
+else:
+  ret i8 %v
+}