From 59289a837b0080378ffd0c70b1aac6585ab21e15 Mon Sep 17 00:00:00 2001
From: Ricky Zhou <ricky@rzhou.org>
Date: Sat, 18 Dec 2021 18:49:17 +0100
Subject: [AA] Handle callbr instructions in alias analysis

Before this change, AAResults::getModRefInfo() was missing a case for
callbr instructions (asm goto), which may read/write memory. In PR52735,
this led to a miscompile where a load was incorrect eliminated.

Add this missing case, as well as an assert verifying that all
memory-accessing instructions are handled properly.

Fixes #52735.

Differential Revision: https://reviews.llvm.org/D115992

(cherry picked from commit 9927a06f74bb48e1e5a53fb686301c71f0dec46a)
---
 llvm/lib/Analysis/AliasAnalysis.cpp   |  6 ++++--
 llvm/test/Analysis/BasicAA/pr52735.ll | 29 +++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)
 create mode 100644 llvm/test/Analysis/BasicAA/pr52735.ll

diff --git a/llvm/lib/Analysis/AliasAnalysis.cpp b/llvm/lib/Analysis/AliasAnalysis.cpp
index e7445e225d52..1da712eb9d26 100644
--- a/llvm/lib/Analysis/AliasAnalysis.cpp
+++ b/llvm/lib/Analysis/AliasAnalysis.cpp
@@ -697,14 +697,16 @@ ModRefInfo AAResults::getModRefInfo(const Instruction *I,
   case Instruction::AtomicRMW:
     return getModRefInfo((const AtomicRMWInst *)I, Loc, AAQIP);
   case Instruction::Call:
-    return getModRefInfo((const CallInst *)I, Loc, AAQIP);
+  case Instruction::CallBr:
   case Instruction::Invoke:
-    return getModRefInfo((const InvokeInst *)I, Loc, AAQIP);
+    return getModRefInfo((const CallBase *)I, Loc, AAQIP);
   case Instruction::CatchPad:
     return getModRefInfo((const CatchPadInst *)I, Loc, AAQIP);
   case Instruction::CatchRet:
     return getModRefInfo((const CatchReturnInst *)I, Loc, AAQIP);
   default:
+    assert(!I->mayReadOrWriteMemory() &&
+           "Unhandled memory access instruction!");
     return ModRefInfo::NoModRef;
   }
 }
diff --git a/llvm/test/Analysis/BasicAA/pr52735.ll b/llvm/test/Analysis/BasicAA/pr52735.ll
new file mode 100644
index 000000000000..5b78ab595c50
--- /dev/null
+++ b/llvm/test/Analysis/BasicAA/pr52735.ll
@@ -0,0 +1,29 @@
+; RUN: opt %s -basic-aa -aa-eval -print-all-alias-modref-info -disable-output 2>&1 | FileCheck %s
+;
+; Generated from:
+;
+; int foo() {
+;   int v;
+;   asm goto("movl $1, %0" : "=m"(v)::: out);
+; out:
+;   return v;
+; }
+
+target triple = "x86_64-unknown-linux-gnu"
+
+; CHECK: MayAlias: i32* %v, void (i32*, i8*)* asm "movl $$1, $0", "=*m,X,~{dirflag},~{fpsr},~{flags}"
+
+define dso_local i32 @foo() {
+entry:
+  %v = alloca i32, align 4
+  %0 = bitcast i32* %v to i8*
+  callbr void asm "movl $$1, $0", "=*m,X,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %v, i8* blockaddress(@foo, %out))
+          to label %asm.fallthrough [label %out]
+
+asm.fallthrough:
+  br label %out
+
+out:
+  %1 = load i32, i32* %v, align 4
+  ret i32 %1
+}
-- 
cgit v1.2.1