Fix another verifier crash where a GC intrinsic would look at the internals of anothe...

This causes a crash if the referenced intrinsic was malformed.  In this case, we
would already have reported an error on the referenced intrinsic, but then
crashed on the second one when it tried to introspect the first without
error checking.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@231910 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/IR/Verifier.cpp b/lib/IR/Verifier.cpp
index 10f934bedac251151bdf41c7a60b0c2dc880684f..eaad5fb1b981cecc9c4477726299b976a14d8bf3 100644 (file)
--- a/lib/IR/Verifier.cpp
+++ b/lib/IR/Verifier.cpp
@@ -2971,10 +2971,15 @@ void Verifier::visitIntrinsicFunctionCall(Intrinsic::ID ID, CallInst &CI) {
     // section of the statepoint's argument
     Assert(StatepointCS.arg_size() > 0,
            "gc.statepoint: insufficient arguments");
+    Assert(isa<ConstantInt>(StatepointCS.getArgument(1)),
+           "gc.statement: number of call arguments must be constant integer");
     const unsigned NumCallArgs =
       cast<ConstantInt>(StatepointCS.getArgument(1))->getZExtValue();
     Assert(StatepointCS.arg_size() > NumCallArgs+3,
            "gc.statepoint: mismatch in number of call arguments");
+    Assert(isa<ConstantInt>(StatepointCS.getArgument(NumCallArgs+3)),
+           "gc.statepoint: number of deoptimization arguments must be "
+           "a constant integer");
     const int NumDeoptArgs =
       cast<ConstantInt>(StatepointCS.getArgument(NumCallArgs + 3))->getZExtValue();
     const int GCParamArgsStart = NumCallArgs + NumDeoptArgs + 4;

diff --git a/test/Verifier/invalid-statepoint2.ll b/test/Verifier/invalid-statepoint2.ll
new file mode 100644 (file)
index 0000000..0d8b2a8
--- /dev/null
+++ b/test/Verifier/invalid-statepoint2.ll
@@ -0,0 +1,19 @@
+; RUN: not opt -S < %s -verify 2>&1 | FileCheck %s
+
+; CHECK: gc.statepoint: number of deoptimization arguments must be a constant integer
+
+declare void @use(...)
+declare i8 addrspace(1)* @llvm.experimental.gc.relocate.p1i8(i32, i32, i32)
+declare i64 addrspace(1)* @llvm.experimental.gc.relocate.p1i64(i32, i32, i32)
+declare i32 @llvm.experimental.gc.statepoint.p0f_isVoidf(void ()*, i32, i32, ...)
+declare i32 @"personality_function"()
+
+;; Basic usage
+define i64 addrspace(1)* @test1(i8 addrspace(1)* %arg, i32 %val) gc "statepoint-example" {
+entry:
+  %cast = bitcast i8 addrspace(1)* %arg to i64 addrspace(1)*
+  %safepoint_token = call i32 (void ()*, i32, i32, ...)* @llvm.experimental.gc.statepoint.p0f_isVoidf(void ()* undef, i32 0, i32 0, i32 %val, i32 0, i32 0, i32 0, i32 10, i32 0, i8 addrspace(1)* %arg, i64 addrspace(1)* %cast, i8 addrspace(1)* %arg, i8 addrspace(1)* %arg)
+  %reloc = call i64 addrspace(1)* @llvm.experimental.gc.relocate.p1i64(i32 %safepoint_token, i32 9, i32 10)
+  ret i64 addrspace(1)* %reloc
+}
+