Allow adding no_preserve_tags if we can see the defining VarDecl

If we can see a non-pointer VarDecl, we know that the effective type that
is being copied to/from matches the type of the VarDecl. Previously the
following code: `int buf[16]; __builtin_memmove(cap, buf, sizeof(*cap));`
didn't set the no_preserve_tags attribute, but now we do.

There are a few more cases related to member expressions where we could add
the attribute but don't yet. For example, for &foo->member if we can see
the definition of foo and the entire struct does not contain capabilities.
See the no-tag-copy-member-expr.cpp test for more examples and rationale.

Author: arichardson

clang/lib/CodeGen/CodeGenTypes.cpp

@@ -1004,6 +1004,24 @@ CodeGenTypes::copyShouldPreserveTags(const Expr *DestPtr, const Expr *SrcPtr,
   return DstPreserve;
 }
 
+static const VarDecl *findUnderlyingVarDecl(const Expr *E) {
+  // Note: this is pretty similar to E->getReferencedDeclOfCallee(); and should
+  // possibly be moved to Expr.cpp
+  const Expr *UnderlyingExpr = E->IgnoreParenImpCasts();
+  if (auto *UO = dyn_cast<UnaryOperator>(UnderlyingExpr)) {
+    if (UO->getOpcode() == UO_AddrOf) {
+      return findUnderlyingVarDecl(UO->getSubExpr());
+    }
+  } else if (auto DRE = dyn_cast<DeclRefExpr>(UnderlyingExpr)) {
+    return dyn_cast<const VarDecl>(DRE->getDecl());
+  }
+  // TODO: We could improve analysis for MemberExpr, but only if the copy size
+  //  is <= the size of the member, since memcpy() accross multiple fields is
+  //  a something that exists (despite not being compatible with sub-object
+  //  bounds). For now we just look at the declaration of the entire struct
+  return nullptr;
+}
+
 llvm::PreserveCheriTags
 CodeGenTypes::copyShouldPreserveTags(const Expr *E, Optional<CharUnits> Size) {
   assert(E->getType()->isAnyPointerType());
@@ -1013,14 +1031,27 @@ CodeGenTypes::copyShouldPreserveTags(const Expr *E, Optional<CharUnits> Size) {
   QualType Ty = E->IgnoreParenImpCasts()->getType();
   if (Ty->isAnyPointerType())
     Ty = Ty->getPointeeType();
-  // TODO: Find the underlying VarDecl to improve diagnostics
-  const VarDecl *UnderlyingVar = nullptr;
-  // TODO: this assertion may be overly aggressive.
-  assert((!UnderlyingVar || UnderlyingVar->getType() == Ty) &&
-         "Passed wrong VarDecl?");
-  // If we have an underlying VarDecl, we can assume that the dynamic type of
-  // the object is known and can perform more detailed analysis.
-  return copyShouldPreserveTagsForPointee(Ty, UnderlyingVar != nullptr, Size);
+  bool EffectiveTypeKnown = false;
+  const VarDecl *UnderlyingVar = findUnderlyingVarDecl(E);
+  if (UnderlyingVar) {
+    QualType VarTy = UnderlyingVar->getType();
+    assert(!VarTy->isIncompleteType() && "Unexpected incomplete type");
+    if (VarTy->isReferenceType()) {
+      // If the variable declaration is a C++ reference we can assume that the
+      // effective type of the object matches the type of the reference since
+      // forming the reference would have been invalid otherwise.
+      Ty = VarTy->getPointeeType();
+      EffectiveTypeKnown = true;
+    } else if (!VarTy->isAnyPointerType()) {
+      // If we found a non-pointer declaration that we are copying to/from, use
+      // the type of the declaration for the analysis since that defines the
+      // effective type. For pointers we can't assume anything since they could
+      // be "allocated objects" without a declared type.
+      Ty = VarTy;
+      EffectiveTypeKnown = true;
+    }
+  }
+  return copyShouldPreserveTagsForPointee(Ty, EffectiveTypeKnown, Size);
 }
 
 llvm::PreserveCheriTags CodeGenTypes::copyShouldPreserveTagsForPointee(

clang/test/CodeGen/cheri/no-tag-copy-attribute-with-caps.c

@@ -22,22 +22,18 @@ void test_addrof_char(struct OneCap *cap, char c, __uint128_t u) {
   // uint128_t cannot not hold tags -> no need to preserve them since we can see the underlying allocation.
   __builtin_memmove(cap, &u, sizeof(u));
   // CHECK: call void @llvm.memmove.p200i8.p200i8.i64(i8 addrspace(200)* align 16 {{%[a-z0-9]+}}, i8 addrspace(200)* align 16 {{%[a-z0-9]+}}
-  // FIXME: We can see the underlying decl, this should not need to preserve tags
-  // CHECK-SAME: , i64 16, i1 false) [[MUST_PRESERVE_ATTR:#[0-9]+]]{{$}}
-  // FIXME-SAME: , i64 16, i1 false) [[NO_PRESERVE_ATTR:#[0-9]+]]{{$}}
+  // CHECK-SAME: , i64 16, i1 false) [[NO_PRESERVE_ATTR]]{{$}}
   __builtin_memmove(&u, cap, sizeof(u));
   // CHECK: call void @llvm.memmove.p200i8.p200i8.i64(i8 addrspace(200)* align 16 {{%[a-z0-9]+}}, i8 addrspace(200)* align 16 {{%[a-z0-9]+}}
-  // FIXME: We can see the underlying decl, this should not need to preserve tags
-  // FIXME-SAME: , i64 16, i1 false) [[NO_PRESERVE_ATTR]]{{$}}
-  // CHECK-SAME: , i64 16, i1 false) [[MUST_PRESERVE_WITH_TYPE_ATTR:#[0-9]+]]{{$}}
+  // CHECK-SAME: , i64 16, i1 false) [[NO_PRESERVE_ATTR]]{{$}}
 }
 
 void test_small_copy(struct OneCap *cap1, struct OneCap *cap2) {
   // CHECK-LABEL: void @test_small_copy(
   __builtin_memmove(cap1, cap2, sizeof(*cap1));
   // This copy preserves tags
   // CHECK: call void @llvm.memmove.p200i8.p200i8.i64(i8 addrspace(200)* align 16 {{%[a-z0-9]+}}, i8 addrspace(200)* align 16 {{%[a-z0-9]+}}
-  // CHECK-SAME: , i64 16, i1 false) [[MUST_PRESERVE_WITH_TYPE_ATTR]]{{$}}
+  // CHECK-SAME: , i64 16, i1 false) [[MUST_PRESERVE_WITH_TYPE_ATTR:#[0-9]+]]{{$}}
   __builtin_memmove(cap1, cap2, 2);
   // This copy is too small -> no need to preserve tags
   // CHECK: call void @llvm.memmove.p200i8.p200i8.i64(i8 addrspace(200)* align 16 {{%[a-z0-9]+}}, i8 addrspace(200)* align 16 {{%[a-z0-9]+}}
@@ -57,14 +53,10 @@ void test_addrof_char_buf(struct OneCap *cap, struct strbuf s) {
   // FIXME: can we add no_preserve_tags if the programmer didn't add an _Alignas()?
   __builtin_memmove(cap, &s, sizeof(s));
   // CHECK: call void @llvm.memmove.p200i8.p200i8.i64(i8 addrspace(200)* align 16 {{%[a-z0-9]+}}, i8 addrspace(200)* align 1 {{%[a-z0-9]+}}
-  // FIXME: We can see the underlying decl, this should not need to preserve tags
-  // CHECK-SAME: , i64 16, i1 false) [[MUST_PRESERVE_ATTR]]{{$}}
-  // FIXME-SAME: , i64 16, i1 false) [[NO_PRESERVE_ATTR]]{$}}
+  // CHECK-SAME: , i64 16, i1 false) [[NO_PRESERVE_ATTR]]{{$}}
   __builtin_memmove(&s, cap, sizeof(s));
   // CHECK: call void @llvm.memmove.p200i8.p200i8.i64(i8 addrspace(200)* align 1 {{%[a-z0-9]+}}, i8 addrspace(200)* align 16 {{%[a-z0-9]+}}
-  // FIXME: We can see the underlying decl, this should not need to preserve tags
-  // FIXME-SAME: , i64 16, i1 false) [[NO_PRESERVE_ATTR]]{{$}}
-  // CHECK-SAME: , i64 16, i1 false) [[MUST_PRESERVE_WITH_TYPE_ATTR]]{{$}}
+  // CHECK-SAME: , i64 16, i1 false) [[NO_PRESERVE_ATTR]]{{$}}
 }
 
 void test_array_decay(struct OneCap *cap) {
@@ -73,22 +65,18 @@ void test_array_decay(struct OneCap *cap) {
   int buf[16];
   __builtin_memmove(cap, buf, sizeof(*cap));
   // CHECK: call void @llvm.memmove.p200i8.p200i8.i64(i8 addrspace(200)* align 16 {{%[a-z0-9]+}}, i8 addrspace(200)* align 4 {{%[a-z0-9]+}}
-  // FIXME: We can see the underlying decl, this should not need to preserve tags
-  // CHECK-SAME: , i64 16, i1 false) [[MUST_PRESERVE_ATTR:#[0-9]+]]{{$}}
-  // FIXME-SAME: , i64 16, i1 false) [[NO_PRESERVE_ATTR]]{{$}}
+  // CHECK-SAME: , i64 16, i1 false) [[NO_PRESERVE_ATTR]]{{$}}
 
   __builtin_memmove(buf, cap, sizeof(*cap));
   // CHECK: call void @llvm.memmove.p200i8.p200i8.i64(i8 addrspace(200)* align 4 {{%[a-z0-9]+}}, i8 addrspace(200)* align 16 {{%[a-z0-9]+}}
-  // FIXME: We can see the underlying decl, this should not need to preserve tags
-  // CHECK-SAME: , i64 16, i1 false) [[MUST_PRESERVE_WITH_TYPE_ATTR]]{{$}}
-  // FIXME-SAME: , i64 16, i1 false) [[NO_PRESERVE_ATTR]]{{$}}
+  // CHECK-SAME: , i64 16, i1 false) [[NO_PRESERVE_ATTR]]{{$}}
 
   // char array aligned to one byte -> while it does not contain tags we conservatively assume it might.
   // TODO: should we only do this for aligned char arrays?
   char buf2[16];
   __builtin_memmove(cap, buf2, sizeof(*cap));
   // CHECK: call void @llvm.memmove.p200i8.p200i8.i64(i8 addrspace(200)* align 16 {{%[a-z0-9]+}}, i8 addrspace(200)* align 1 {{%[a-z0-9]+}}
-  // CHECK-SAME: , i64 16, i1 false) [[MUST_PRESERVE_ATTR]]{{$}}
+  // CHECK-SAME: , i64 16, i1 false) [[MUST_PRESERVE_ATTR:#[0-9]+]]{{$}}
   // TODO-SAME: , i64 16, i1 false) [[NO_PRESERVE_ATTR]]{{$}}
   __builtin_memmove(buf2, cap, sizeof(*cap));
   // CHECK: call void @llvm.memmove.p200i8.p200i8.i64(i8 addrspace(200)* align 1 {{%[a-z0-9]+}}, i8 addrspace(200)* align 16 {{%[a-z0-9]+}}

clang/test/CodeGen/cheri/no-tag-copy-strict-aliasing.c

@@ -40,8 +40,7 @@ void no_retain(long **q) {
   // probably be aligned so malloc will retain tags at run time).
   // CHECK: @no_retain(i64 addrspace(200)* addrspace(200)* [[Q:%.*]]) addrspace(200)
   // CHECK:    call void @llvm.memcpy.p200i8.p200i8.i64(i8 addrspace(200)* align 8 {{%[0-9]+}}, i8 addrspace(200)* align 8 {{%[0-9]+}}
-  // CHECK-SAME: , i64 32, i1 false){{$}}
-  // TODO-CHECK-SAME: , i64 32, i1 false) [[NO_TAGS_ATTR:#.*]]{{$}}
+  // CHECK-SAME: , i64 32, i1 false) [[NO_TAGS_ATTR:#.*]]{{$}}
   // CHECK-NEXT:    ret void
 }
 
@@ -61,4 +60,4 @@ void retain_char_array(long **q) {
   // CHECK-NEXT:    ret void
 }
 
-// TODO-CHECK: [[NO_TAGS_ATTR]] = { no_preserve_cheri_tags }
+// CHECK: [[NO_TAGS_ATTR]] = { no_preserve_cheri_tags }

clang/test/CodeGenCXX/cheri/no-tag-copy-member-expr.cpp

@@ -0,0 +1,228 @@
+// RUN: %riscv64_cheri_purecap_cc1 -xc %s -o - -emit-llvm -verify | FileCheck %s --check-prefixes=CHECK,CHECK-C --implicit-check-not=llvm.memcpy.
+// RUN: %riscv64_cheri_purecap_cc1 -xc++ %s -o - -emit-llvm -verify | FileCheck %s --check-prefixes=CHECK,CHECK-CXX --implicit-check-not=llvm.memcpy.
+// expected-no-diagnostics
+/// Check that we look at the entire structure when deciding whether to add the
+/// no_preserve_tags attribute for memcpy() calls on struct members: the memcpy
+/// could extend past this field and copy adjacent instances of the same struct.
+
+struct Nested {
+  int i;
+  long l;
+  float f;
+};
+
+struct TestWithCap {
+  char *ptr;
+  __uint128_t not_a_cap;
+  long array[4];
+  struct Nested n;
+  char *ptr2;
+};
+
+struct TestNoCap {
+  __uint128_t not_a_cap;
+  struct Nested n;
+  long array[4];
+  long pad;
+};
+
+void test_member_expr_byval(void *buf, struct TestWithCap t, struct TestNoCap t2) {
+  // CHECK-C-LABEL: void @test_member_expr_byval(
+  // CHECK-CXX-LABEL: void @_Z22test_member_expr_byvalPv11TestWithCap9TestNoCap(
+
+  // For now we can't add the attribute for calls with member access despite the
+  // address-of being on one of the non-cap fields, since we must conservatively
+  // assume that the memcpy extends across all fields of the struct (and possibly
+  // following instances of that struct for arrays).
+  // Note: we could look at constant sizes if we wanted to perform a more
+  // sophisticated analysis, but this is unlikely to be a big win for performance.
+  __builtin_memcpy(buf, &t, 32);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 32, i1 false) [[MUST_PRESERVE_STRUCT_WITHCAP:#[0-9]+]]{{$}}
+  __builtin_memcpy(buf, &t.ptr, 32);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 32, i1 false) [[MUST_PRESERVE_CHARPTR:#[0-9]+]]{{$}}
+  // No attribute for the following four cases:
+  __builtin_memcpy(buf, &t.not_a_cap, 32);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 32, i1 false){{$}}
+  __builtin_memcpy(buf, t.array, 32);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 32, i1 false){{$}}
+  __builtin_memcpy(buf, &t.n, 32);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 32, i1 false){{$}}
+  __builtin_memcpy(buf, (&t)->array, 32);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 32, i1 false){{$}}
+  __builtin_memcpy(buf, &(&t)->not_a_cap, 32);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 32, i1 false){{$}}
+
+  // However, for the struct without capabilities all of these should be safe:
+  // However, we don't know here that there is no subclass that could have
+  // capabilities following the current object.
+  // TODO: If we know the size of the copy <= sizeof(T), we should set the attribute.
+  __builtin_memcpy(buf, &t2, sizeof(t2));
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 80, i1 false) [[NO_PRESERVE_TAGS:#[0-9]+]]{{$}}
+  /// The following call could copy trailing caps:
+  __builtin_memcpy(buf, &t2, sizeof(t2) + sizeof(void *));
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 96, i1 false){{$}}
+  __builtin_memcpy(buf, &t2.not_a_cap, 40);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 40, i1 false){{$}}
+  // TODO-CHECK-SAME: , i64 40, i1 false) [[NO_PRESERVE_TAGS]]{{$}}
+  __builtin_memcpy(buf, t2.array, 40);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 40, i1 false){{$}}
+  // TODO-CHECK-SAME: , i64 40, i1 false) [[NO_PRESERVE_TAGS]]{{$}}
+  __builtin_memcpy(buf, &t2.n, 40);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 40, i1 false){{$}}
+  // TODO-CHECK-SAME: , i64 40, i1 false) [[NO_PRESERVE_TAGS]]{{$}}
+  __builtin_memcpy(buf, (&t2)->array, 40);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 40, i1 false){{$}}
+  // TODO-CHECK-SAME: , i64 40, i1 false) [[NO_PRESERVE_TAGS]]{{$}}
+  __builtin_memcpy(buf, &(&t2)->not_a_cap, 40);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 40, i1 false){{$}}
+  // TODO-CHECK-SAME: , i64 40, i1 false) [[NO_PRESERVE_TAGS]]{{$}}
+
+  // Direct assignment should always the no_preserve_tags attribute (the C2x
+  // 6.5 memcpy+"Allocated objects have no declared type." case does not apply):
+  t.n = t2.n;
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 24, i1 false) [[NO_PRESERVE_TAGS]]{{$}}
+}
+
+// To avoid --implicit-check-not error:
+// CHECK: declare void @llvm.memcpy.p200i8.p200i8.i64(
+
+void test_member_expr_ptr(void *buf, struct TestWithCap *t, struct TestNoCap *t2) {
+  // CHECK-C-LABEL: void @test_member_expr_ptr(
+  // CHECK-CXX-LABEL: void @_Z20test_member_expr_ptrPvP11TestWithCapP9TestNoCap(
+
+  // If the target VarDecl is a pointer, we can't assume that it matches the
+  // underlying effective object type (C2x 6.5) so we have to be conservative
+  // and not add the attribute (even for non-tag-bearing structs).
+  // However, we do add the must_preserve_tags metadata calls where we know
+  // that one of the types holds capabilities (as that is the most conservative
+  // behaviour).
+  __builtin_memcpy(buf, t, 32);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 32, i1 false) [[MUST_PRESERVE_STRUCT_WITHCAP]]{{$}}
+  __builtin_memcpy(buf, &t->ptr, 32);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 32, i1 false) [[MUST_PRESERVE_CHARPTR]]{{$}}
+  __builtin_memcpy(buf, &t->not_a_cap, 32);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 32, i1 false){{$}}
+  __builtin_memcpy(buf, &t->array, 32);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 32, i1 false){{$}}
+  __builtin_memcpy(buf, &t->n, 32);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 32, i1 false){{$}}
+  __builtin_memcpy(buf, (*t).array, 32);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 32, i1 false){{$}}
+  __builtin_memcpy(buf, &((*t).not_a_cap), 32);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 32, i1 false){{$}}
+
+  // We also can't add the attribute for the struct without caps since we don't
+  // know the type of the underlying memory.
+  __builtin_memcpy(buf, t2, 40);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 40, i1 false){{$}}
+  __builtin_memcpy(buf, &t2->not_a_cap, 40);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 40, i1 false){{$}}
+  __builtin_memcpy(buf, &t2->array, 40);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 40, i1 false){{$}}
+  __builtin_memcpy(buf, &t2->n, 40);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 40, i1 false){{$}}
+  __builtin_memcpy(buf, (*t2).array, 40);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 40, i1 false){{$}}
+  __builtin_memcpy(buf, &((*t2).not_a_cap), 40);
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 40, i1 false){{$}}
+
+  // Direct assignment should always the no_preserve_tags attribute (the C2x
+  // 6.5 memcpy+"Allocated objects have no declared type." case does not apply):
+  t->n = t2->n;
+  // CHECK: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-SAME: , i64 24, i1 false) [[NO_PRESERVE_TAGS]]{{$}}
+}
+
+#ifdef __cplusplus
+void test_member_expr_ref(void *buf, struct TestWithCap &t, struct TestNoCap &t2) {
+  // CHECK-CXX-LABEL: void @_Z20test_member_expr_refPvR11TestWithCapR9TestNoCap(
+
+  // For C++ references we can assume that those point to a valid object of
+  // that type, since otherwise forming the reference would have been invalid.
+  // For the member references the same caveats apply as in test_member_expr_byval()
+  __builtin_memcpy(buf, &t, 32);
+  // CHECK-CXX: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-CXX-SAME: , i64 32, i1 false) [[MUST_PRESERVE_STRUCT_WITHCAP]]{{$}}
+  __builtin_memcpy(buf, &t.ptr, 32);
+  // CHECK-CXX: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-CXX-SAME: , i64 32, i1 false) [[MUST_PRESERVE_CHARPTR]]{{$}}
+  __builtin_memcpy(buf, &t.not_a_cap, 32);
+  // CHECK-CXX: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-CXX-SAME: , i64 32, i1 false){{$}}
+  __builtin_memcpy(buf, t.array, 32);
+  // CHECK-CXX: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-CXX-SAME: , i64 32, i1 false){{$}}
+  __builtin_memcpy(buf, &t.n, 32);
+  // CHECK-CXX: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-CXX-SAME: , i64 32, i1 false){{$}}
+  __builtin_memcpy(buf, (&t)->array, 32);
+  // CHECK-CXX: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-CXX-SAME: , i64 32, i1 false){{$}}
+  __builtin_memcpy(buf, &(&t)->not_a_cap, 32);
+  // CHECK-CXX: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-CXX-SAME: , i64 32, i1 false){{$}}
+
+  // However, for the struct without capabilities all of these should be safe:
+  __builtin_memcpy(buf, &t2, 40);
+  // CHECK-CXX: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-CXX-SAME: , i64 40, i1 false) [[NO_PRESERVE_TAGS]]{{$}}
+  __builtin_memcpy(buf, &t2.not_a_cap, 40);
+  // CHECK-CXX: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-CXX-SAME: , i64 40, i1 false){{$}}
+  // TODO-CHECK-CXX-SAME: , i64 40, i1 false) [[NO_PRESERVE_TAGS]]{{$}}
+  __builtin_memcpy(buf, t2.array, 40);
+  // CHECK-CXX: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-CXX-SAME: , i64 40, i1 false){{$}}
+  // TODO-CHECK-CXX-SAME: , i64 40, i1 false) [[NO_PRESERVE_TAGS]]{{$}}
+  __builtin_memcpy(buf, &t2.n, 40);
+  // CHECK-CXX: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-CXX-SAME: , i64 40, i1 false){{$}}
+  // TODO-CHECK-CXX-SAME: , i64 40, i1 false) [[NO_PRESERVE_TAGS]]{{$}}
+  __builtin_memcpy(buf, (&t2)->array, 40);
+  // CHECK-CXX: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-CXX-SAME: , i64 40, i1 false){{$}}
+  // TODO-CHECK-CXX-SAME: , i64 40, i1 false) [[NO_PRESERVE_TAGS]]{{$}}
+  __builtin_memcpy(buf, &(&t2)->not_a_cap, 40);
+  // CHECK-CXX: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-CXX-SAME: , i64 40, i1 false){{$}}
+  // TODO-CHECK-CXX-SAME: , i64 40, i1 false) [[NO_PRESERVE_TAGS]]{{$}}
+
+  // Direct assignment should always the no_preserve_tags attribute (the C2x
+  // 6.5 memcpy+"Allocated objects have no declared type." case does not apply):
+  t.n = t2.n;
+  // CHECK-CXX: call void @llvm.memcpy.p200i8.p200i8.i64(
+  // CHECK-CXX-SAME: , i64 24, i1 false) [[NO_PRESERVE_TAGS]]{{$}}
+}
+#endif
+
+// CHECK: attributes [[MUST_PRESERVE_STRUCT_WITHCAP]] = { must_preserve_cheri_tags "frontend-memtransfer-type"="'struct TestWithCap'" }
+// CHECK: attributes [[MUST_PRESERVE_CHARPTR]] = { must_preserve_cheri_tags "frontend-memtransfer-type"="'char * __capability'" }
+// CHECK-C: attributes [[NO_PRESERVE_TAGS]] = { no_preserve_cheri_tags }